Quix6 - D3 - 50Q

Grace would like to implement application control technology in
her organization. Users often need to install new applications for
research and testing purposes, and she does not want to interfere
with that process. At the same time, she would like to block the use
of known malicious software. What type of application control
would be appropriate in this situation?

Warren is designing a physical intrusion detection system for his
data center and wants to include technology that issues an alert if
the communications lines for the alarm system are unexpectedly
cut. What technology would meet this requirement?

Raj is selecting an encryption algorithm for use in his organization
and would like to be able to vary the strength of the encryption
with the sensitivity of the information. Which one of the following
algorithms allows the use of different key strengths?

Howard is choosing a cryptographic algorithm for his organization,
and he would like to choose an algorithm that supports the
creation of digital signatures. Which one of the following
algorithms would meet his requirement?

Laura is responsible for securing her company’s web-based
applications and wishes to conduct an educational program for
developers on common web application security vulnerabilities.
Where can she turn for a concise listing of the most common web
application issues?

The Bell-LaPadula and Biba models implement state machines in a
fashion that uses what specific state machine model?

The ___________ of a process consist(s) of the limits set on the
memory addresses and resources that the process may access.

What type of motion detector senses changes in the
electromagnetic fields in monitored areas?

Which one of the following fire suppression systems uses a
suppressant that is no longer manufactured due to environmental
concerns?

Which one of the following statements is correct about the Biba
model of access control?

In Transport Layer Security, what type of key is used to encrypt the
actual content of communications between a web server and a
client?

Beth would like to include technology in a secure area of her data
center to protect against unwanted electromagnetic emanations.
What technology would assist her with this goal?

In a virtualized computing environment, what component is
responsible for enforcing separation between guest machines?

Rick is an application developer who works primarily in Python.
He recently decided to evaluate a new service where he provides
his Python code to a vendor who then executes it on their server
environment. What type of cloud computing environment is this
service?

A software company developed two systems that share
information. System A provides information to the input of System
B, which then reciprocates by providing information back to
System A as input. What type of composition theory best describes
this practice?

Tommy is planning to implement a power conditioning UPS for a
rack of servers in his data center. Which one of the following
conditions will the UPS be unable to protect against if it persists for
an extended period of time?

Which one of the following humidity values is within the
acceptable range for a data center operation?

Chris is designing a cryptographic system for use within his
company. The company has 1,000 employees, and they plan to use
an asymmetric encryption system. How many total keys will they
need?

What term is used to describe the formal declaration by a
designated approving authority (DAA) that an information
technology (IT) system is approved to operate in a specific
environment?

Object-oriented programming languages use a black box approach
to development, where users of an object do not necessarily need to
know the object’s implementation details. What term is used to
describe this concept?

Todd wants to add a certificate to a certificate revocation list. What
element of the certificate goes on the list?

Alison is examining a digital certificate presented to her by her
bank’s website. Which one of the following requirements is not
necessary for her to trust the digital certificate?

Which one of the following is an example of a covert timing
channel when used to exfiltrate information from an organization?

Which one of the following would be a reasonable application for
the use of self-signed digital certificates?

Mike has been tasked with preventing an outbreak of malware like
Mirai. What type of systems should be protected in his
organization?

A component failure in the primary HVAC system leads to a high
temperature alarm in the data center that Kim manages. After
resolving the issue, what should Kim consider to prevent future
issues like this?

As part of his team’s forensic investigation process, Matt signs
drives and other evidence out of storage before working with them.
What type of documentation is he creating?

Lauren implements ASLR to help prevent system compromises.
What technique has she used to protect her system?

During a system audit, Casey notices that the private key for her
organization’s web server has been stored in a public Amazon S3
storage bucket for more than a year. What should she do?

Joanna wants to review the status of the industrial control systems
her organization uses for building control. What type of systems
should she inquire about access to?

After scanning all of the systems on his wireless network, Mike
notices that one system is identified as an iOS device running a
massively out-of-date version of Apple’s mobile operating system.
When he investigates further, he discovers that the device is an
original iPad and that it cannot be updated to a current secure
version of the operating system. What should Mike recommend?

During a third-party vulnerability scan and security test, Danielle’s
employer recently discovered that the embedded systems that were
installed to manage her company’s new buildings have a severe
remote access vulnerability. The manufacturer has gone out of
business, and there is no patch or update for the devices. What
should Danielle recommend that her employer do about the
hundreds of devices that are vulnerable?

Alex’s employer creates most of their work output as PDF files.
Alex is concerned about limiting the audience for the PDF files to
those individuals who have paid for them. What technology can he
use to most effectively control the access to and distribution of
these files?

Matthew is the security administrator for a consulting firm and
must enforce access controls that restrict users’ access based upon
their previous activity. For example, once a consultant accesses
data belonging to Acme Cola, a consulting client, they may no
longer access data belonging to any of Acme’s competitors. What
security model best fits Matthew’s needs?

Ralph is designing a physical security infrastructure for a new
computing facility that will remain largely unstaffed. He plans to
implement motion detectors in the facility but would also like to
include a secondary verification control for physical presence.
Which one of the following would best meet his needs?

Harry would like to retrieve a lost encryption key from a database
that uses m of n control, with m = 4 and n = 8. What is the
minimum number of escrow agents required to retrieve the key?

Fran’s company is considering purchasing a web-based email
service from a vendor and eliminating its own email server
environment as a cost-saving measure. What type of cloud
computing environment is Fran’s company considering?

Bob is a security administrator with the federal government and
wishes to choose a digital signature approach that is an approved
part of the federal Digital Signature Standard under FIPS 186-4.
Which one of the following encryption algorithms is not an
acceptable choice for use in digital signatures?

Harry would like to access a document owned by Sally and stored
on a file server. Applying the subject/object model to this scenario,
who or what is the subject of the resource request?

Michael is responsible for forensic investigations and is
investigating a medium-severity security incident that involved the
defacement of a corporate website. The web server in question ran
on a virtualization platform, and the marketing team would like to
get the website up and running as quickly as possible. What would
be the most reasonable next step for Michael to take?

Helen is a software engineer and is developing code that she would
like to restrict to running within an isolated sandbox for security
purposes. What software development technique is Helen using?

What concept describes the degree of confidence that an
organization has that its controls satisfy security requirements?

What type of security vulnerability are developers most likely to
introduce into code when they seek to facilitate their own access,
for testing purposes, to software they developed?

In the figure shown here, Sally is blocked from reading the file due
to the Biba integrity model. Sally has a Secret security clearance,
and the file has a Confidential classification. What principle of the
Biba model is being enforced?

Tom is responsible for maintaining the security of systems used to
control industrial processes located within a power plant. What
term is used to describe these systems?

Sonia recently removed an encrypted hard drive from a laptop and
moved it to a new device because of a hardware failure. She is
having difficulty accessing encrypted content on the drive despite
the fact that she knows the user’s password. What hardware
security feature is likely causing this problem?

Chris wants to verify that a software package that he downloaded
matches the original version. What hashing tool should he use if he
believes that technically sophisticated attackers may have replaced
the software package with a version containing a backdoor?