Pregunta 1
Pregunta
Which one of the following actions is not normally part of the project
scope and planning phase of business continuity planning?
Respuesta
-
A. Structured analysis of the organization
-
B. Review of the legal and regulatory landscape
-
C. Creation of a BCP team
-
D. Documentation of the plan
Pregunta 2
Pregunta
Gary is implementing a new website architecture that uses multiple
small web servers behind a load balancer. What principle of
information security is Gary seeking to enforce?
Respuesta
-
A. Denial
-
B. Confidentiality
-
C. Integrity
-
D. Availability
Pregunta 3
Pregunta
Becka recently signed a contract with an alternate data processing
facility that will provide her company with space in the event of a
disaster. The facility includes HVAC, power, and communications
circuits but no hardware. What type of facility is Becka using?
Respuesta
-
A. Cold site
-
B. Warm site
-
C. Hot site
-
D. Mobile site
Pregunta 4
Pregunta
Ben is seeking a control objective framework that is widely accepted
around the world and focuses specifically on information security
controls. Which one of the following frameworks would best meet his
needs?
Respuesta
-
A. ITIL
-
B. ISO 27002
-
C. CMM
-
D. PMBOK Guide
Pregunta 5
Pregunta
Which one of the following agreements typically requires that a
vendor not disclose confidential information learned during the scope
of an engagement?
Respuesta
-
A. NCA
-
B. SLA
-
C. NDA
-
D. RTO
Pregunta 6
Pregunta
What issue is the validation portion of the NIST SP 800-88 sample
certificate of sanitization (shown here) intended to help prevent?
Respuesta
-
A. Destruction
-
B. Reuse
-
C. Data remanence
-
D. Attribution
Pregunta 7
Pregunta
Why is declassification rarely chosen as an option for media reuse?
Respuesta
-
A. Purging is sufficient for sensitive data.
-
B. Sanitization is the preferred method of data removal.
-
C. It is more expensive than new media and may still fail.
-
D. Clearing is required first.
Pregunta 8
Pregunta
Incineration, crushing, shredding, and disintegration all describe what
stage in the lifecycle of media?
Respuesta
-
A. Sanitization
-
B. Degaussing
-
C. Purging
-
D. Destruction
Pregunta 9
Pregunta
The European Union (EU) General Data Protection Regulation
(GDPR) does not include which of the following key elements?
Respuesta
-
A. The need to collect information for specified, explicit, and
legitimate purposes
-
B. The need to ensure that collection is limited to the information
necessary to achieve the stated purpose
-
C. The need to protect data against accidental destruction
-
D. The need to encrypt information at rest
Pregunta 10
Pregunta
Why might an organization use unique screen backgrounds or designs
on workstations that deal with data of different classification levels?
Respuesta
-
A. To indicate the software version in use
-
B. To promote a corporate message
-
C. To promote availability
-
D. To indicate the classification level of the data or system
Pregunta 11
Pregunta
Alice has read permissions on an object, and she would like Bob to
have those same rights. Which one of the rules in the Take-Grant
protection model would allow her to complete this operation?
Respuesta
-
A. Create rule
-
B. Remove rule
-
C. Grant rule
-
D. Take rule
Pregunta 12
Pregunta
As part of his incident response process, Charles securely wipes the
drive of a compromised machine and reinstalls the operating
system (OS) from original media. Once he is done, he patches the
machine fully and applies his organization’s security templates
before reconnecting the system to the network. Almost
immediately after the system is returned to service, he discovers
that it has reconnected to the same botnet it was part of before.
Where should Charles look for the malware that is causing this
behavior?
Respuesta
-
A. The operating system partition
-
B. The system BIOS or firmware
-
C. The system memory
-
D. The installation media
Pregunta 13
Pregunta
Which one of the following computing models allows the execution
of multiple concurrent tasks within a single process?
Respuesta
-
A. Multitasking
-
B. Multiprocessing
-
C. Multiprogramming
-
D. Multithreading
Pregunta 14
Pregunta
Alan intercepts an encrypted message and wants to determine
what type of algorithm was used to create the message. He first
performs a frequency analysis and notes that the frequency of
letters in the message closely matches the distribution of letters in
the English language. What type of cipher was most likely used to
create this message?
Respuesta
-
A. Substitution cipher
-
B. AES
-
C. Transposition cipher
-
D. 3DES
Pregunta 15
Pregunta
Lauren’s networking team has been asked to identify a technology that
will allow them to dynamically change the organization’s network by
treating the network like code. What type of architecture should she
recommend?
Respuesta
-
A. A network that follows the 5-4-3 rule
-
B. A converged network
-
C. A software-defined network
-
D. A hypervisor-based network
Pregunta 16
Pregunta
Cable modems, ISDN, and DSL are all examples of what type of
technology?
Respuesta
-
A. Baseband
-
B. Broadband
-
C. Digital
-
D. Broadcast
Pregunta 17
Pregunta
What type of firewall design is shown in the following image?
Respuesta
-
A. Single tier
-
B. Two tier
-
C. Three tier
-
D. Next generation
Pregunta 18
Pregunta
During a review of her organization’s network, Angela discovered that
it was suffering from broadcast storms and that contractors, guests,
and organizational administrative staff were on the same network
segment. What design change should Angela recommend?
Respuesta
-
A. Require encryption for all users.
-
B. Install a firewall at the network border.
-
C. Enable spanning tree loop detection.
-
D. Segment the network based on functional requirements.
Pregunta 19
Pregunta
ICMP, RIP, and network address translation all occur at what layer of
the OSI model?
Respuesta
-
A. Layer 1
-
B. Layer 2
-
C. Layer 3
-
D. Layer 4
Pregunta 20
Pregunta
Kathleen works for a data center hosting facility that provides physical
data center space for individuals and organizations. Until recently,
each client was given a magnetic-strip-based keycard to access the
section of the facility where their servers are located, and they were
also given a key to access the cage or rack where their servers reside.
In the past month, a number of servers have been stolen, but the logs
for the passcards show only valid IDs. What is Kathleen’s best option
to make sure that the users of the passcards are who they are supposed
to be?
Respuesta
-
A. Add a reader that requires a PIN for passcard users.
-
B. Add a camera system to the facility to observe who is accessing
servers.
-
C. Add a biometric factor.
-
D. Replace the magnetic stripe keycards with smartcards.
Pregunta 21
Pregunta
Which of the following is a ticket-based authentication protocol
designed to provide secure communication?
Respuesta
-
A. RADIUS
-
B. OAuth
-
C. SAML
-
D. Kerberos
Pregunta 22
Pregunta
What type of access control is composed of policies and procedures
that support regulations, requirements, and the organization’s own
policies?
Respuesta
-
A. Corrective
-
B. Logical
-
C. Compensating
-
D. Administrative
Pregunta 23
Pregunta
In a Kerberos environment, when a user needs to access a network
resource, what is sent to the TGS?
Respuesta
-
A. A TGT
-
B. An AS
-
C. The SS
-
D. A session key
Pregunta 24
Pregunta
Which objects and subjects have a label in a MAC model?
Respuesta
-
A. Objects and subjects that are classified as Confidential, Secret, or
Top Secret have a label.
-
B. All objects have a label, and all subjects have a compartment.
-
C. All objects and subjects have a label.
-
D. All subjects have a label and all objects have a compartment.
Pregunta 25
Pregunta
Emily builds a script that sends data to a web application that she is
testing. Each time the script runs, it sends a series of transactions with
data that fits the expected requirements of the web application to
verify that it responds to typical customer behavior. What type of
transactions is she using, and what type of test is this?
Respuesta
-
A. Synthetic, passive monitoring
-
B. Synthetic, use case testing
-
C. Actual, dynamic monitoring
-
D. Actual, fuzzing
Pregunta 26
Pregunta
What passive monitoring technique records all user interaction with
an application or website to ensure quality and performance?
Pregunta 27
Pregunta
Earlier this year, the information security team at Jim’s employer
identified a vulnerability in the web server that Jim is responsible for
maintaining. He immediately applied the patch and is sure that it
installed properly, but the vulnerability scanner has continued to
incorrectly flag the system as vulnerable due to the version number it
is finding even though Jim is sure the patch is installed. Which of the
following options is Jim’s best choice to deal with the issue?
Respuesta
-
A. Uninstall and reinstall the patch.
-
B. Ask the information security team to flag the system as patched
and not vulnerable.
-
C. Update the version information in the web server’s configuration.
-
D. Review the vulnerability report and use alternate remediation
options.
Pregunta 28
Pregunta
Angela wants to test a web browser’s handling of unexpected data
using an automated tool. What tool should she choose?
Respuesta
-
A. Nmap
-
B. zzuf
-
C. Nessus
-
D. Nikto
Pregunta 29
Pregunta
STRIDE, which stands for Spoofing, Tampering, Repudiation,
Information Disclosure, Denial of Service, Elevation of Privilege, is
useful in what part of application threat modeling?
Pregunta 30
Pregunta
Helen is implementing a new security mechanism for granting
employees administrative privileges in the accounting system. She
designs the process so that both the employee’s manager and the
accounting manager must approve the request before the access is
granted. What information security principle is Helen enforcing?
Respuesta
-
A. Least privilege
-
B. Two-person control
-
C. Job rotation
-
D. Separation of duties
Pregunta 31
Pregunta
Which one of the following is not a requirement for evidence to be
admissible in court?
Respuesta
-
A. The evidence must be relevant.
-
B. The evidence must be material.
-
C. The evidence must be tangible.
-
D. The evidence must be competent.
Pregunta 32
Pregunta
In which cloud computing model does a customer share computing
infrastructure with other customers of the cloud vendor where one
customer may not know the other’s identity?
Respuesta
-
A. Public cloud
-
B. Private cloud
-
C. Community cloud
-
D. Shared cloud
Pregunta 33
Pregunta
Which of the following organizations would be likely to have a
representative on a CSIRT?
I. Information security
II. Legal counsel
III. Senior management
IV. Engineering
Respuesta
-
A. I, III, and IV
-
B. I, II, and III
-
C. I, II, and IV
-
D. All of the above
Pregunta 34
Pregunta
Sam is responsible for backing up his company’s primary file server.
He configured a backup schedule that performs full backups every
Monday evening at 9 p.m. and differential backups on other days of
the week at that same time. Files change according to the information
shown in the following figure. How many files will be copied in
Wednesday’s backup?
Pregunta 35
Pregunta
Victor recently took a new position at an online dating website and is
responsible for leading a team of developers. He realized quickly that
the developers are having issues with production code because they
are working on different projects that result in conflicting
modifications to the production code. What process should Victor
invest in improving?
Respuesta
-
A. Request control
-
B. Release control
-
C. Change control
-
D. Configuration control
Pregunta 36
Pregunta
What type of database security issue exists when a collection of facts
has a higher classification than the classification of any of those facts
standing alone?
Respuesta
-
A. Inference
-
B. SQL injection
-
C. Multilevel security
-
D. Aggregation
Pregunta 37
Pregunta
What are the two types of covert channels that are commonly
exploited by attackers seeking to surreptitiously exfiltrate
information?
Respuesta
-
A. Timing and storage
-
B. Timing and firewall
-
C. Storage and memory
-
D. Firewall and storage
Pregunta 38
Pregunta
Vivian would like to hire a software tester to come in and evaluate a
new web application from a user’s perspective. Which of the following
tests best simulates that perspective?
Respuesta
-
A. Black box
-
B. Gray box
-
C. Blue box
-
D. White box
Pregunta 39
Pregunta
Referring to the database transaction shown here, what would happen
if no account exists in the Accounts table with account number 1001?
Respuesta
-
A. The database would create a new account with this account
number and give it a $250 balance.
-
B. The database would ignore that command and still reduce the
balance of the second account by $250.
-
C. The database would roll back the transaction, ignoring the results
of both commands.
-
D. The database would generate an error message.
Pregunta 40
Pregunta
Which one of the following security tools is not capable of generating
an active response to a security event?
Respuesta
-
A. IPS
-
B. Firewall
-
C. IDS
-
D. Antivirus software
Pregunta 41
Pregunta
In virtualization platforms, what name is given to the module that is
responsible for controlling access to physical resources by virtual
resources?
Respuesta
-
A. Guest machine
-
B. SDN
-
C. Kernel
-
D. Hypervisor
Pregunta 42
Pregunta
What term is used to describe the default set of privileges assigned to a
user when a new account is created?
Respuesta
-
A. Aggregation
-
B. Transitivity
-
C. Baseline
-
D. Entitlement
Pregunta 43
Pregunta
Which one of the following types of agreements is the most formal
document that contains expectations about availability and other
performance parameters between a service provider and a customer?
Respuesta
-
A. Service-level agreement (SLA)
-
B. Operational-level agreement (OLA)
-
C. Memorandum of understanding (MOU)
-
D. Statement of work (SOW)
Pregunta 44
Pregunta
Which one of the following frameworks focuses on IT service
management and includes topics such as change management,
configuration management, and service level agreements?
Respuesta
-
A. ITIL
-
B. PMBOK
-
C. PCI DSS
-
D. TOGAF
Pregunta 45
Pregunta
What type of malware is characterized by spreading from system to
system under its own power by exploiting vulnerabilities that do not
require user intervention?
Respuesta
-
A. Trojan horse
-
B. Virus
-
C. Logic bomb
-
D. Worm
Pregunta 46
Pregunta
Kim is troubleshooting an application firewall that serves as a
supplement to the organization’s network and host firewalls and
intrusion prevention system, providing added protection against webbased
attacks. The issue the organization is experiencing is that
the firewall technology suffers somewhat frequent restarts that render
it unavailable for 10 minutes at a time. What configuration might Kim
consider to maintain availability during that period at the lowest cost
to the company?
Pregunta 47
Pregunta
What type of security issue arises when an attacker can deduce a
more sensitive piece of information by analyzing several pieces of
information classified at a lower level?
Respuesta
-
A. SQL injection
-
B. Multilevel security
-
C. Aggregation
-
D. Inference
Pregunta 48
Pregunta
Greg is battling a malware outbreak in his organization. He used
specialized malware analysis tools to capture samples of the malware
from three different systems and noticed that the code is changing
slightly from infection to infection. Greg believes that this is the
reason that antivirus software is having a tough time defeating the
outbreak. What type of malware should Greg suspect is responsible
for this security incident?
Respuesta
-
A. Stealth virus
-
B. Polymorphic virus
-
C. Multipartite virus
-
D. Encrypted virus
Pregunta 49
Pregunta
Richard is experiencing issues with the quality of network service on
his organization’s network. The primary symptom is that packets are
consistently taking too long to travel from their source to their
destination. What term describes the issue Richard is facing?
Respuesta
-
A. Jitter
-
B. Packet loss
-
C. Interference
-
D. Latency
Pregunta 50
Pregunta
Why should passive scanning be conducted in addition to
implementing wireless security technologies like wireless intrusion
detection systems?
Respuesta
-
A. It can help identify rogue devices.
-
B. It can test the security of the wireless network via scripted attacks.
-
C. Their short dwell time on each wireless channel can allow them to
capture more packets.
-
D. They can help test wireless IDS or IPS systems.