Pregunta 1
Pregunta
Joe wants to test a program he suspects may contain malware. What
technology can he use to isolate the program while it runs?
Respuesta
-
A. ASLR
-
B. Sandboxing
-
C. Clipping
-
D. Process isolation
Pregunta 2
Pregunta
Which one of the following is an example of a manmade disaster?
Respuesta
-
A. Hurricane
-
B. Flood
-
C. Mudslide
-
D. Transformer failure
Pregunta 3
Pregunta
Which of the following is not true about the (ISC)2 code of ethics?
Respuesta
-
A. Adherence to the code is a condition of certification.
-
B. Failure to comply with the code may result in revocation of
certification.
-
C. The code applies to all members of the information security
profession.
-
D. Members who observe a breach of the code are required to report
the possible violation.
Pregunta 4
Pregunta
Javier is verifying that only IT system administrators have the ability
to log on to servers used for administrative purposes. What principle
of information security is he enforcing?
Respuesta
-
A. Need to know
-
B. Least privilege
-
C. Two-person control
-
D. Transitive trust
Pregunta 5
Pregunta
Which one of the following is not a basic preventative measure that
you can take to protect your systems and applications against attack?
Respuesta
-
A. Implement intrusion detection and prevention systems.
-
B. Maintain current patch levels on all operating systems and
applications.
-
C. Remove unnecessary accounts and services.
-
D. Conduct forensic imaging of all systems.
Pregunta 6
Pregunta
Tim is a forensic analyst who is attempting to retrieve information
from a hard drive. It appears that the user attempted to erase the data,
and Tim is trying to reconstruct it. What type of forensic analysis is
Tim performing?
Pregunta 7
Pregunta
Which one of the following is an example of a computer security
incident?
Respuesta
-
A. Completion of a backup schedule
-
B. System access recorded in a log
-
C. Unauthorized vulnerability scan of a file server
-
D. Update of antivirus signatures
Pregunta 8
Pregunta
Which one of the following technologies would provide the most
automation of an inventory control process in a cost-effective manner?
Respuesta
-
A. IPS
-
B. WiFi
-
C. RFID
-
D. Ethernet
Pregunta 9
Pregunta
Connor’s company recently experienced a denial of service attack that
Connor believes came from an inside source. If true, what type of
event has the company experienced?
Pregunta 10
Pregunta
What type of attack is shown in the following figure?
Respuesta
-
A. SYN flood
-
B. Ping flood
-
C. Smurf
-
D. Fraggle
Pregunta 11
Pregunta
Florian is building a disaster recovery plan for his organization and
would like to determine the amount of time that a particular IT service
may be down without causing serious damage to business operations.
What variable is Florian calculating?
Respuesta
-
A. RTO
-
B. MTD
-
C. RPO
-
D. SLA
Pregunta 12
Pregunta
Which one of the following statements best describes a zero-day
vulnerability?
Respuesta
-
A. An attacker who is new to the world of hacking
-
B. A database attack that places the date 00/00/0000 in data tables
in an attempt to exploit flaws in business logic
-
C. An attack previously unknown to the security community
-
D. An attack that sets the operating system date and time to
00/00/0000 and 00:00:00
Pregunta 13
Pregunta
Which one of the following is not a canon of the (ISC)2 code of ethics?
Respuesta
-
A. Protect society, the common good, necessary public trust and
confidence, and the infrastructure.
-
B. Promptly report security vulnerabilities to relevant authorities.
-
C. Act honorably, honestly, justly, responsibly, and legally.
-
D. Provide diligent and competent service to principals.
Pregunta 14
Pregunta
During an incident investigation, investigators meet with a system
administrator who may have information about the incident but is not
a suspect. What type of conversation is taking place during this
meeting?
Pregunta 15
Pregunta
What technique has been used to protect the intellectual property in
the following image?
Respuesta
-
A. Steganography
-
B. Clipping
-
C. Sampling
-
D. Watermarking
Pregunta 16
Pregunta
You are working to evaluate the risk of flood to an area and consult the
flood maps from the Federal Emergency Management Agency
(FEMA). According to those maps, the area lies within a 200-year
flood plain. What is the annualized rate of occurrence (ARO) of a flood
in that region?
Respuesta
-
A. 200
-
B. 0.01
-
C. 0.02
-
D. 0.005
Pregunta 17
Pregunta
Which one of the following individuals poses the greatest risk to
security in most well-defended organizations?
Respuesta
-
A. Political activist
-
B. Malicious insider
-
C. Script kiddie
-
D. Thrill attacker
Pregunta 18
Pregunta
Veronica is considering the implementation of a database recovery
mechanism recommended by a consultant. In the recommended
approach, an automated process will move database backups from the
primary facility to an offsite location each night. What type of database
recovery technique is the consultant describing?
Respuesta
-
A. Remote journaling
-
B. Remote mirroring
-
C. Electronic vaulting
-
D. Transaction logging
Pregunta 19
Pregunta
When designing an access control scheme, Hilda set up roles so that
the same person does not have the ability to provision a new user
account and assign superuser privileges to an account. What
information security principle is Hilda following?
Pregunta 20
Pregunta
Reggie recently received a letter from his company’s internal auditors
scheduling the kickoff meeting for an assessment of his group. Which
of the following should Reggie not expect to learn during that
meeting?
Respuesta
-
A. Scope of the audit
-
B. Purpose of the audit
-
C. Expected timeframe
-
D. Expected findings
Pregunta 21
Pregunta
Which one of the following events marks the completion of a disaster
recovery process?
Respuesta
-
A. Securing property and life safety
-
B. Restoring operations in an alternate facility
-
C. Restoring operations in the primary facility
-
D. Standing down first responders
Pregunta 22
Pregunta
Melanie suspects that someone is using malicious software to steal
computing cycles from her company. Which one of the following
security tools would be in the best position to detect this type of
incident?
Respuesta
-
A. NIDS
-
B. Firewall
-
C. HIDS
-
D. DLP
Pregunta 23
Pregunta
Brandon observes that an authorized user of a system on his network
recently misused his account to exploit a system vulnerability against a
shared server that allowed him to gain root access to that server. What
type of attack took place?
Respuesta
-
A. Denial of service
-
B. Privilege escalation
-
C. Reconnaissance
-
D. Brute force
Pregunta 24
Pregunta
Carla has worked for her company for 15 years and has held a variety
of different positions. Each time she changed positions, she gained
new privileges associated with that position, but no privileges were
ever taken away. What concept describes the sets of privileges she has
accumulated?
Respuesta
-
A. Entitlement
-
B. Aggregation
-
C. Transitivity
-
D. Isolation
Pregunta 25
Pregunta
During what phase of the incident response process do administrators
take action to limit the effect or scope of an incident?
Respuesta
-
A. Detection
-
B. Response
-
C. Mitigation
-
D. Recovery
Pregunta 26
Pregunta
Ann is a security professional for a midsized business and typically
handles log analysis and security monitoring tasks for her
organization. One of her roles is to monitor alerts originating from
the organization’s intrusion detection system. The system typically
generates several dozen alerts each day, and many of those alerts
turn out to be false alarms after her investigation.
This morning, the intrusion detection system alerted because the
network began to receive an unusually high volume of inbound
traffic. Ann received this alert and began looking into the origin of
the traffic.
At this point in the incident response process, what term best
describes what has occurred in Ann’s organization?
Respuesta
-
A. Security occurrence
-
B. Security incident
-
C. Security event
-
D. Security intrusion
Pregunta 27
Pregunta
handles log analysis and security monitoring tasks for her
organization. One of her roles is to monitor alerts originating from
the organization’s intrusion detection system. The system typically
generates several dozen alerts each day, and many of those alerts
turn out to be false alarms after her investigation.
This morning, the intrusion detection system alerted because the
network began to receive an unusually high volume of inbound
traffic. Ann received this alert and began looking into the origin of
the traffic.
Ann continues her investigation and realizes that the traffic generating
the alert is abnormally high volumes of inbound UDP traffic on port
53. What service typically uses this port?
Respuesta
-
A. DNS
-
B. SSH/SCP
-
C. SSL/TLS
-
D. HTTP
Pregunta 28
Pregunta
Ann is a security professional for a midsized business and typically
handles log analysis and security monitoring tasks for her
organization. One of her roles is to monitor alerts originating from
the organization’s intrusion detection system. The system typically
generates several dozen alerts each day, and many of those alerts
turn out to be false alarms after her investigation.
This morning, the intrusion detection system alerted because the
network began to receive an unusually high volume of inbound
traffic. Ann received this alert and began looking into the origin of
the traffic.
As Ann analyzes the traffic further, she realizes that the traffic is
coming from many different sources and has overwhelmed the
network, preventing legitimate uses. The inbound packets are
responses to queries that she does not see in outbound traffic. The
responses are abnormally large for their type. What type of attack
should Ann suspect?
Respuesta
-
A. Reconnaissance
-
B. Malicious code
-
C. System penetration
-
D. Denial of service
Pregunta 29
Pregunta
Ann is a security professional for a midsized business and typically
handles log analysis and security monitoring tasks for her
organization. One of her roles is to monitor alerts originating from
the organization’s intrusion detection system. The system typically
generates several dozen alerts each day, and many of those alerts
turn out to be false alarms after her investigation.
This morning, the intrusion detection system alerted because the
network began to receive an unusually high volume of inbound
traffic. Ann received this alert and began looking into the origin of
the traffic.
Now that Ann understands that an attack has taken place that violates
her organization’s security policy, what term best describes what has
occurred in Ann’s organization?
Respuesta
-
A. Security occurrence
-
B. Security incident
-
C. Security event
-
D. Security intrusion
Pregunta 30
Pregunta
Gordon suspects that a hacker has penetrated a system belonging to
his company. The system does not contain any regulated information,
and Gordon wishes to conduct an investigation on behalf of his
company. He has permission from his supervisor to conduct the
investigation. Which of the following statements is true?
Respuesta
-
A. Gordon is legally required to contact law enforcement before
beginning the investigation.
-
B. Gordon may not conduct his own investigation.
-
C. Gordon’s investigation may include examining the contents of hard
disks, network traffic, and any other systems or information
belonging to the company.
-
D. Gordon may ethically perform “hack back” activities after
identifying the perpetrator.
Pregunta 31
Pregunta
Frank is seeking to introduce a hacker’s laptop in court as evidence
against the hacker. The laptop does contain logs that indicate the
hacker committed the crime, but the court ruled that the search of the
apartment that resulted in police finding the laptop was
unconstitutional. What admissibility criteria prevents Frank from
introducing the laptop as evidence?
Respuesta
-
A. Materiality
-
B. Relevance
-
C. Hearsay
-
D. Competence
Pregunta 32
Pregunta
Which one of the following tools provides an organization with the
greatest level of protection against a software vendor going out of
business?
Respuesta
-
A. Service level agreement
-
B. Escrow agreement
-
C. Mutual assistance agreement
-
D. PCI DSS compliance agreement
Pregunta 33
Pregunta
Fran is considering new human resources policies for her bank that
will deter fraud. She plans to implement a mandatory vacation policy.
What is typically considered the shortest effective length of a
mandatory vacation?
Respuesta
-
A. Two days
-
B. Four days
-
C. One week
-
D. One month
Pregunta 34
Pregunta
Which of the following events would constitute a security incident?
1. An attempted network intrusion
2. A successful database intrusion
3. A malware infection
4. A violation of a confidentiality policy
5. An unsuccessful attempt to remove information from a secured area
Respuesta
-
A. 2, 3, and 4
-
B. 1, 2, and 3
-
C. 4 and 5
-
D. All of the above
Pregunta 35
Pregunta
Which one of the following traffic types should not be blocked by an
organization’s egress filtering policy?
Respuesta
-
A. Traffic destined to a private IP address
-
B. Traffic with a broadcast destination
-
C. Traffic with a source address from an external network
-
D. Traffic with a destination address on an external network
Pregunta 36
Pregunta
Allie is responsible for reviewing authentication logs on her
organization’s network. She does not have the time to review all logs,
so she decides to choose only records where there have been four or
more invalid authentication attempts. What technique is Allie using to
reduce the size of the pool?
Respuesta
-
A. Sampling
-
B. Random selection
-
C. Clipping
-
D. Statistical analysis
Pregunta 37
Pregunta
You are performing an investigation into a potential bot infection on
your network and wish to perform a forensic analysis of the
information that passed between different systems on your network
and those on the Internet. You believe that the information was likely
encrypted. You are beginning your investigation after the activity
concluded. What would be the best and easiest way to obtain the
source of this information?
Pregunta 38
Pregunta
Which one of the following tools helps system administrators by
providing a standard, secure template of configuration settings for
operating systems and applications?
Pregunta 39
Pregunta
What type of disaster recovery test activates the alternate processing
facility and uses it to conduct transactions but leaves the primary site
up and running?
Pregunta 40
Pregunta
During which phase of the incident response process would an analyst
receive an intrusion detection system alert and verify its accuracy?
Respuesta
-
A. Response
-
B. Mitigation
-
C. Detection
-
D. Reporting
Pregunta 41
Pregunta
In what virtualization model do full guest operating systems run on
top of a virtualization platform?
Pregunta 42
Pregunta
What level of RAID is also known as disk mirroring?
Respuesta
-
A. RAID-0
-
B. RAID-1
-
C. RAID-5
-
D. RAID-10
Pregunta 43
Pregunta
Bruce is seeing quite a bit of suspicious activity on his network. It
appears that an outside entity is attempting to connect to all of his
systems using a TCP connection on port 22. What type of scanning is
the outsider likely engaging in?
Respuesta
-
A. FTP scanning
-
B. Telnet scanning
-
C. SSH scanning
-
D. HTTP scanning
Pregunta 44
Pregunta
The historic ping of death attack is most similar to which of the
following modern attack types?
Pregunta 45
Pregunta
Roger recently accepted a new position as a security professional at a
company that runs its entire IT infrastructure within an IaaS
environment. Which one of the following would most likely be the
responsibility of Roger’s firm?
Respuesta
-
A. Configuring the network firewall
-
B. Applying hypervisor updates
-
C. Patching operating systems
-
D. Wiping drives prior to disposal
Pregunta 46
Pregunta
What technique can application developers use to test applications in
an isolated virtualized environment before allowing them on a
production network?
Respuesta
-
A. Penetration testing
-
B. Sandboxing
-
C. White box testing
-
D. Black box testing
Pregunta 47
Pregunta
Gina is the firewall administrator for a small business and recently
installed a new firewall. After seeing signs of unusually heavy network
traffic, she checked the intrusion detection system, which reported
that a SYN flood attack was under way. What firewall configuration
change can Gina make to most effectively prevent this attack?
Respuesta
-
A. Block SYN from known IPs.
-
B. Block SYN from unknown IPs.
-
C. Enable SYN-ACK spoofing at the firewall.
-
D. Disable TCP.
Pregunta 48
Pregunta
Renee is a software developer who writes code in Node.js for her
organization. The company is considering moving from a self-hosted
Node.js environment to one where Renee will run her code on
application servers managed by a cloud vendor. What type of cloud
solution is Renee’s company considering?
Respuesta
-
A. IaaS
-
B. CaaS
-
C. PaaS
-
D. SaaS
Pregunta 49
Pregunta
What type of trust relationship extends beyond the two domains
participating in the trust to one or more of their subdomains?
Respuesta
-
A. Transitive trust
-
B. Inheritable trust
-
C. Nontransitive trust
-
D. Noninheritable trust
Pregunta 50
Pregunta
Timber Industries recently got into a dispute with a customer. During
a meeting with his account representative, the customer stood up and
declared, “There is no other solution. We will have to take this matter
to court.” He then left the room. When does Timber Industries have an
obligation to begin preserving evidence?
Respuesta
-
A. Immediately
-
B. Upon receipt of a notice of litigation from opposing attorneys
-
C. Upon receipt of a subpoena
-
D. Upon receipt of a court order