Quix14 - 125Q

Pregunta 1

Pregunta

What type of access control is intended to discover unwanted or unauthorized activity by providing information after the event has occurred?

Respuesta

A. Preventive
B. Corrective
C. Detective
D. Directive

Pregunta 2

Pregunta

Which one of the following presents the most complex decoy environment for an attacker to explore during an intrusion attempt?

Respuesta

A. Honeypot
B. Darknet
C. Honeynet
D. Pseudo flaw

Pregunta 3

Pregunta

Ben’s organization is adopting biometric authentication for their high-security building’s access control system. Ben’s company is considering configuring their systems to work at the level shown by point A on the diagram. What level are they setting the sensitivity to?

Image:

56 (binary/octet-stream)

Respuesta

A. The FRR crossover
B. The FAR point
C. The CER
D. The CFR

Pregunta 4

Pregunta

Ben’s organization is adopting biometric authentication for their high-security building’s access control system. At point B, what problem is likely to occur?

Image:

56 (binary/octet-stream)

Respuesta

A. False acceptance will be very high.
B. False rejection will be very high.
C. False rejection will be very low.
D. False acceptance will be very low.

Pregunta 5

Pregunta

Ben’s organization is adopting biometric authentication for their high-security building’s access control system. What should Ben do if the FAR and FRR shown in this diagram does not provide an acceptable performance level for his organization’s needs?

Image:

56 (binary/octet-stream)

Respuesta

A. Adjust the sensitivity of the biometric devices.
B. Assess other biometric systems to compare them.
C. Move the CER.
D. Adjust the FRR settings in software.

Pregunta 6

Pregunta

Ed is tasked with protecting information about his organization’s customers, including their name, Social Security number, birthdate, and place of birth, as well as a variety of other information. What is this information known as?

Respuesta

A. PHI
B. PII
C. Personal Protected Data
D. PID

Pregunta 7

Pregunta

What software development life-cycle model is shown in the following illustration?

Image:

57 (binary/octet-stream)

Respuesta

A. Spiral
B. Agile
C. Boehm
D. Waterfall

Pregunta 8

Pregunta

Encapsulation is the core concept that enables what type of protocol?

Respuesta

A. Bridging
B. Multilayer
C. Hashing
D. Storage

Pregunta 9

Pregunta

Which one of the following is not a key principle of the COBIT framework for IT security control objectives?

Respuesta

A. Meeting stakeholder needs
B. Performing exhaustive analysis
C. Covering the enterprise end-to-end
D. Separating governance from management

Pregunta 10

Pregunta

Roscommon Enterprises is an Irish company that handles personal information. They exchange information with many other countries. Which of the following countries would trigger the onward transfer provisions of the EU-U.S. Privacy Shield?

Respuesta

A. United States
B. France
C. Italy
D. Germany

Pregunta 11

Pregunta

Susan provides a public RESTful API for her organization’s data but wants to limit its use to trusted partners. She intends to use API keys. What other recommendation would you give Susan to limit the potential abuse of the service?

Respuesta

A. Limit request rates
B. Force HTTP-only requests
C. Avoid tokens due to bandwidth constraints
D. Blacklist HTTP methods such as GET, POST, and PUT

Pregunta 12

Pregunta

NIST Special Publication 800-53A describes four types of objects that can be assessed. If Ben is reviewing a password standard, which of the four types of objects is he assessing?

Respuesta

A. A mechanism
B. A specification
C. An activity
D. An individual

Pregunta 13

Pregunta

What process is typically used to ensure data security for workstations that are being removed from service but that will be resold or otherwise reused?

Respuesta

A. Destruction
B. Erasing
C. Sanitization
D. Clearing

Pregunta 14

Pregunta

Colleen is conducting a software test that is evaluating code for both security flaws and usability issues. She is working with the application from an end-user perspective and referencing the source code as she works her way through the product. What type of testing is Colleen conducting?

Respuesta

A. White box
B. Blue box
C. Gray box
D. Black box

Pregunta 15

Pregunta

Harold is looking for a software development methodology that will help with a major issue he is seeing in his organization. Currently, developers and operations staff do not work together and are often seen as taking problems and “throwing them over the fence” to the other team. What technology management approach is designed to alleviate this problem?

Respuesta

A. ITIL
B. Lean
C. ITSM
D. DevOps

Pregunta 16

Pregunta

NIST Special Publication 800-92, the Guide to Computer Security Log Management, describes four types of common challenges to log management: Many log sources Inconsistent log content Inconsistent timestamps Inconsistent log formats Which of the following solutions is best suited to solving these issues?

Respuesta

A. Implement SNMP for all logging devices.
B. Implement a SIEM.
C. Standardize on the Windows event log format for all devices and use NTP.
D. Ensure that logging is enabled on all endpoints using their native logging formats and set their local time correctly.

Pregunta 17

Pregunta

Mike has a flash memory card that he would like to reuse. The card contains sensitive information. What technique can he use to securely remove data from the card and allow its reuse?

Respuesta

A. Degaussing
B. Physical destruction
C. Overwriting
D. Reformatting

Pregunta 18

Pregunta

Carlos is investigating the compromise of sensitive information in his organization. He believes that attackers managed to retrieve personnel information on all employees from the database and finds the following user-supplied input in a log entry for a web-based personnel management system: Collins’&1=1;–– What type of attack took place?

Respuesta

A. SQL injection
B. Buffer overflow
C. Cross-site scripting
D. Cross-site request forgery

Pregunta 19

Pregunta

Which one of the following is a detailed, step-by-step document that describes the exact actions that individuals must complete?

Respuesta

A. Policy
B. Standard
C. Guideline
D. Procedure

Pregunta 20

Pregunta

What principle of relational databases ensures the permanency of transactions that have successfully completed?

Respuesta

A. Atomicity
B. Consistency
C. Isolation
D. Durability

Pregunta 21

Pregunta

Bryan has a set of sensitive documents that he would like to protect from public disclosure. He would like to use a control that, if the documents appear in a public forum, may be used to trace the leak back to the person who was originally given the document copy. What security control would best fulfill this purpose?

Respuesta

A. Digital signature
B. Document staining
C. Hashing
D. Watermarking

Pregunta 22

Pregunta

Carlos is planning a design for a data center that will be constructed within a new four-story corporate headquarters. The building consists of a basement and three above-ground floors. What is the best location for the data center?

Respuesta

A. Basement
B. First floor
C. Second floor
D. Third floor

Pregunta 23

Pregunta

Chris is an information security professional for a major corporation and, as he is walking into the building, he notices that the door to a secure area has been left ajar. Physical security does not fall under his responsibility, but he takes immediate action by closing the door and informing the physical security team of his action. What principle is Chris demonstrating?

Respuesta

A. Due care
B. Due diligence
C. Separation of duties
D. Informed consent

Pregunta 24

Pregunta

Which one of the following investigation types always uses the beyond-a-reasonable-doubt standard of proof?

Respuesta

A. Civil investigation
B. Criminal investigation
C. Operational investigation
D. Regulatory investigation

Pregunta 25

Pregunta

Which one of the following backup types does not alter the status of the archive bit on a file?

Respuesta

A. Full backup
B. Incremental backup
C. Partial backup
D. Differential backup

Pregunta 26

Pregunta

What type of alternate processing facility contains the hardware necessary to restore operations but does not have a current copy of data?

Respuesta

A. Hot site
B. Warm site
C. Cold site
D. Mobile site

Pregunta 27

Pregunta

Which one of the following terms describes a period of momentary high voltage?

Respuesta

A. Sag
B. Brownout
C. Spike
D. Surge

Pregunta 28

Pregunta

A web application accesses information in a database to retrieve user information. What is the web application acting as?

Respuesta

A. A subject
B. An object
C. A user
D. A token

Pregunta 29

Pregunta

The Open Shortest Path First (OSPF) protocol is a routing protocol that keeps a map of all connected remote networks and uses that map to select the shortest path to a remote destination. What type of routing protocol is OSPF?

Respuesta

A. Link state
B. Shortest path first
C. Link mapping
D. Distance vector

Pregunta 30

Pregunta

Which one of the following categories consists of first-generation programming languages?

Respuesta

A. Machine languages
B. Assembly languages
C. Compiled languages
D. Natural language

Pregunta 31

Pregunta

Concho Controls is a midsized business focusing on building automation systems. They host a set of local file servers in their onpremises data center that store customer proposals, building plans, product information, and other data that is critical to their business operations. Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization’s backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups. What backup should Tara apply to the server first?

Respuesta

A. Sunday’s full backup
B. Monday’s differential backup
C. Tuesday’s differential backup
D. Wednesday’s differential backup

Pregunta 32

Pregunta

Respuesta

A. 1
B. 2
C. 3
D. 4

Pregunta 33

Pregunta

Respuesta

A. 3 hours.
B. 5 hours.
C. 8 hours.
D. No data will be lost.

Pregunta 34

Pregunta

Respuesta

A. 1
B. 2
C. 3
D. 4

Pregunta 35

Pregunta

Respuesta

A. Monday’s incremental backup
B. Tuesday’s incremental backup
C. Wednesday’s incremental backup
D. All three will be the same size.

Pregunta 36

Pregunta

Susan is conducting a STRIDE threat assessment by placing threats into one or more of the following categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. As part of her assessment, she has discovered an issue that allows transactions to be modified between a web browser and the application server that it accesses. What STRIDE categorization(s) best fit this issue?

Respuesta

A. Tampering and Information Disclosure
B. Spoofing and Tampering
C. Tampering and Repudiation
D. Information Disclosure and Elevation of Privilege

Pregunta 37

Pregunta

Bob has been tasked with writing a policy that describes how long data should be kept and when it should be purged. What concept does this policy deal with?

Respuesta

A. Data remanence
B. Record retention
C. Data redaction
D. Audit logging

Pregunta 38

Pregunta

Which component of IPsec provides authentication, integrity, and nonrepudiation?

Respuesta

A. L2TP
B. Encapsulating Security Payload
C. Encryption Security Header
D. Authentication Header

Pregunta 39

Pregunta

Renee notices that a system on her network recently received connection attempts on all 65,536 TCP ports from a single system during a short period of time. What type of attack did Renee most likely experience?

Respuesta

A. Denial of service
B. Reconnaissance
C. Malicious insider
D. Compromise

Pregunta 40

Pregunta

What type of Windows audit record describes events like an OS shutdown or a service being stopped?

Respuesta

A. An application log
B. A security log
C. A system log
D. A setup log

Pregunta 41

Pregunta

In the ring protection model shown here, what ring does not run in privileged mode?

Image:

58 (binary/octet-stream)

Respuesta

A. Ring 0
B. Ring 1
C. Ring 2
D. Ring 3

Pregunta 42

Pregunta

What level of RAID is also known as disk striping?

Respuesta

A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10

Pregunta 43

Pregunta

Jacob executes an attack against a system using a valid but lowprivilege user account by accessing a file pointer that the account has access to. After the access check, but before the file is opened, he quickly switches the file pointer to point to a file that the user account does not have access to. What type of attack is this?

Respuesta

A. TOCTOU
B. Permissions creep
C. Impersonation
D. Link swap

Pregunta 44

Pregunta

What is the minimum number of disks required to implement RAID level 0?

Respuesta

A. 1
B. 2
C. 3
D. 5

Pregunta 45

Pregunta

Fred’s company wants to ensure the integrity of email messages sent via their central email servers. If the confidentiality of the messages is not critical, what solution should Fred suggest?

Respuesta

A. Digitally sign and encrypt all messages to ensure integrity.
B. Digitally sign but don’t encrypt all messages.
C. Use TLS to protect messages, ensuring their integrity.
D. Use a hashing algorithm to provide a hash in each message to prove that it hasn’t changed.

Pregunta 46

Pregunta

The leadership at Susan’s company has asked her to implement an access control system that can support rule declarations like “Only allow access to salespeople from managed devices on the wireless network between 8 a.m. and 6 p.m.” What type of access control system would be Susan’s best choice?

Respuesta

A. ABAC
B. RBAC
C. DAC
D. MAC

Pregunta 47

Pregunta

What type of communications rely on a timing mechanism using either an independent clock or a time stamp embedded in the communications?

Respuesta

A. Analog
B. Digital
C. Synchronous
D. Asynchronous

Pregunta 48

Pregunta

Chris is deploying a gigabit Ethernet network using Category 6 cable between two buildings. What is the maximum distance he can run the cable according to the Category 6 standard?

Respuesta

A. 50 meters
B. 100 meters
C. 200 meters
D. 300 meters

Pregunta 49

Pregunta

Howard is a security analyst working with an experienced computer forensics investigator. The investigator asks him to retrieve a forensic drive controller, but Howard cannot locate a device in the storage room with this name. What is another name for a forensic drive controller?

Respuesta

A. RAID controller
B. Write blocker
C. SCSI terminator
D. Forensic device analyzer

Pregunta 50

Pregunta

The web application that Saria’s development team is working on needs to provide secure session management that can prevent hijacking of sessions using the cookies that the application relies on. Which of the following techniques would be the best for her to recommend to prevent this?

Respuesta

A. Set the Secure attribute for the cookies, thus forcing TLS.
B. Set the Domain cookie attribute to example.com to limit cookie access to servers in the same domain.
C. Set the Expires cookie attribute to less than a week.
D. Set the HTTPOnly attribute to require only unencrypted sessions.

Pregunta 51

Pregunta

Ben’s company has recently retired their fleet of multifunction printers. Their information security team has expressed concerns that the printers contain hard drives and that they may still have data from scans and print jobs. What is the technical term for this issue?

Respuesta

A. Data pooling
B. Failed clearing
C. Data permanence
D. Data remanence

Pregunta 52

Pregunta

What access control scheme labels subjects and objects, and allows subjects to access objects when the labels match?

Respuesta

A. DAC
B. MAC
C. Rule-based access control (RBAC)
D. Role-based access control (RBAC)

Pregunta 53

Pregunta

A cloud-based service that provides account provisioning, management, authentication, authorization, reporting, and monitoring capabilities is known as what type of service?

Respuesta

A. PaaS
B. IDaaS
C. IaaS
D. SaaS

Pregunta 54

Pregunta

Sally wants to secure her organization’s VoIP systems. Which of the following attacks is one that she shouldn’t have to worry about?

Respuesta

A. Eavesdropping
B. Denial of service
C. Blackboxing
D. Caller ID spoofing

Pregunta 55

Pregunta

Marty discovers that the access restrictions in his organization allow any user to log into the workstation assigned to any other user, even if they are from completely different departments. This type of access most directly violates which information security principle?

Respuesta

A. Separation of duties
B. Two-person control
C. Need to know
D. Least privilege

Pregunta 56

Pregunta

Fred needs to transfer files between two servers on an untrusted network. Since he knows the network isn’t trusted, he needs to select an encrypted protocol that can ensure that his data remains secure. What protocol should he choose?

Respuesta

A. SSH
B. TCP
C. SFTP
D. IPsec

Pregunta 57

Pregunta

Chris uses a packet sniffer to capture traffic from a TACACS+ server. What protocol should he monitor, and what data should he expect to be readable?

Respuesta

A. UDP; none—TACACS+ encrypts the full session
B. TCP; none—TACACS+ encrypts the full session
C. UDP; all but the username and password, which are encrypted
D. TCP; all but the username and password, which are encrypted

Pregunta 58

Pregunta

If the client has already authenticated to the KDC, what does the client workstation send to the KDC at point A when it wants to access a resource?

Image:

59 (binary/octet-stream)

Respuesta

A. It re-sends the password.
B. A TGR
C. Its TGT
D. A service ticket

Pregunta 59

Pregunta

What occurs between steps A and B?

Image:

59 (binary/octet-stream)

Respuesta

A. The KDC verifies the validity of the TGT and whether the user has the right privileges for the requested resource.
B. The KDC updates its access control list based on the data in the TGT.
C. The KDC checks its service listing and prepares an updated TGT based on the service request.
D. The KDC generates a service ticket to issue to the client.

Pregunta 60

Pregunta

What system or systems does the service that is being accessed use to validate the ticket?

Image:

59 (binary/octet-stream)

Respuesta

A. The KDC
B. The client workstation and the KDC
C. The client workstation supplies it in the form of a client-to-server ticket and an authenticator.
D. The KVS

Pregunta 61

Pregunta

What does a service ticket (ST) provide in Kerberos authentication?

Respuesta

A. It serves as the authentication host.
B. It provides proof that the subject is authorized to access an object.
C. It provides proof that a subject has authenticated through a KDC and can request tickets to access other objects.
D. It provides ticket granting services.

Pregunta 62

Pregunta

A password that requires users to answer a series of questions like “What is your mother’s maiden name?” or “What is your favorite color?” is known as what type of password?

Respuesta

A. A passphrase
B. Multifactor passwords
C. Cognitive passwords
D. Password reset questions

Pregunta 63

Pregunta

CDMA, GSM, and IDEN are all examples of what generation of cellular technology?

Respuesta

A. 1G
B. 2G
C. 3G
D. 4G

Pregunta 64

Pregunta

Which one of the following fire suppression systems poses the greatest risk of accidental discharge that damages equipment in a data center?

Respuesta

A. Closed head
B. Dry pipe
C. Deluge
D. Preaction

Pregunta 65

Pregunta

Lauren’s healthcare provider maintains such data as details about her health, treatments, and medical billing. What type of data is this?

Respuesta

A. Protected Health Information
B. Personally Identifiable Information
C. Protected Health Insurance
D. Individual Protected Data

Pregunta 66

Pregunta

What type of code review is best suited to identifying business logic flaws?

Respuesta

A. Mutational fuzzing
B. Manual
C. Generational fuzzing
D. Interface testing

Pregunta 67

Pregunta

Something you know is an example of what type of authentication factor?

Respuesta

A. Type 1
B. Type 2
C. Type 3
D. Type 4

Pregunta 68

Pregunta

Saria is the system owner for a healthcare organization. What responsibilities does she have related to the data that resides on or is processed by the systems she owns?

Respuesta

A. She has to classify the data.
B. She has to make sure that appropriate security controls are in place to protect the data.
C. She has to grant appropriate access to personnel.
D. She bears sole responsibility for ensuring that data is protected at rest, in transit, and in use.

Pregunta 69

Pregunta

During software testing, Jack diagrams how a hacker might approach the application he is reviewing and determines what requirements the hacker might have. He then tests how the system would respond to the attacker’s likely behavior. What type of testing is Jack conducting?

Respuesta

A. Misuse case testing
B. Use case testing
C. Hacker use case testing
D. Static code analysis

Pregunta 70

Pregunta

When a vendor develops a product that they wish to submit for Common Criteria evaluation, what do they complete to describe the claims of security for their product?

Respuesta

A. PP
B. ITSEC
C. TCSEC
D. ST

Pregunta 71

Pregunta

Chris has been assigned to scan a system on all of its possible TCP and UDP ports. How many ports of each type must he scan to complete his assignment?

Respuesta

A. 65,536 TCP ports and 32,768 UDP ports
B. 1024 common TCP ports and 32,768 ephemeral UDP ports
C. 65,536 TCP and 65,536 UDP ports
D. 16,384 TCP ports, and 16,384 UDP ports

Pregunta 72

Pregunta

CVE and the NVD both provide information about what?

Respuesta

A. Vulnerabilities
B. Markup languages
C. Vulnerability assessment tools
D. Penetration testing methodologies

Pregunta 73

Pregunta

What is the highest level of the military classification scheme?

Respuesta

A. Secret
B. Confidential
C. SBU
D. Top Secret

Pregunta 74

Pregunta

In what type of trusted recovery process does the system recover against one or more failure types without administrator intervention while protecting itself against data loss?

Respuesta

A. Automated recovery
B. Manual recovery
C. Function recovery
D. Automated recovery without undue data loss

Pregunta 75

Pregunta

What three important items should be considered if you are attempting to control the strength of signal for a wireless network as well as where it is accessible?

Respuesta

A. Antenna placement, antenna type, antenna power levels
B. Antenna design, power levels, use of a captive portal
C. Antenna placement, antenna design, use of a captive portal
D. Power levels, antenna placement, FCC minimum strength requirements

Pregunta 76

Pregunta

What is the best way to ensure that data is unrecoverable from a SSD?

Respuesta

A. Use the built-in erase commands
B. Use a random pattern wipe of 1s and 0s
C. Physically destroy the drive
D. Degauss the drive

Pregunta 77

Pregunta

Alice sends a message to Bob and wants to ensure that Mal, a third party, does not read the contents of the message while in transit. What goal of cryptography is Alice attempting to achieve?

Respuesta

A. Confidentiality
B. Integrity
C. Authentication
D. Nonrepudiation

Pregunta 78

Pregunta

Which one of the following metrics specifies the amount of time that business continuity planners find acceptable for the restoration of service after a disaster?

Respuesta

A. MTD
B. RTO
C. RPO
D. MTO

Pregunta 79

Pregunta

Gary would like to examine the text of a criminal law on computer fraud to determine whether it applies to a recent act of hacking against his company. Where should he go to read the text of the law?

Respuesta

A. Code of Federal Regulations
B. Supreme Court rulings
C. Compendium of Laws
D. United States Code

Pregunta 80

Pregunta

James has opted to implement a NAC solution that uses a postadmission philosophy for its control of network connectivity. What type of issues can’t a strictly post-admission policy handle?

Respuesta

A. Out-of-band monitoring
B. Preventing an unpatched laptop from being exploited immediately after connecting to the network
C. Denying access when user behavior doesn’t match an authorization matrix
D. Allowing user access when user behavior is allowed based on an authorization matrix

Pregunta 81

Pregunta

Ben has built an access control list that lists the objects that his users are allowed to access. When users attempt to access an object that they don’t have rights to, they are denied access, even though there isn’t a specific rule that prevents it. What access control principle is key to this behavior?

Respuesta

A. Least privilege
B. Implicit deny
C. Explicit deny
D. Final rule fall-through

Pregunta 82

Pregunta

Mary is a security risk analyst for an insurance company. She is currently examining a scenario where a hacker might use a SQL injection attack to deface a web server due to a missing patch in the company’s web application. In this scenario, what is the risk?

Respuesta

A. Unpatched web application
B. Web defacement
C. Hacker
D. Operating system

Pregunta 83

Pregunta

In the diagram shown here of security boundaries within a computer system, what component’s name has been replaced with XXX?

Image:

60 (binary/octet-stream)

Respuesta

A. Kernel
B. Privileged core
C. User monitor
D. Security perimeter

Pregunta 84

Pregunta

Val is attempting to review security logs but is overwhelmed by the sheer volume of records maintained in her organization’s central log repository. What technique can she use to select a representative set of records for further review?

Respuesta

A. Statistical sampling.
B. Clipping.
C. Choose the first 5% of records from each day.
D. Choose 5% of records from the middle of the day.

Pregunta 85

Pregunta

In Jen’s job as the network administrator for an industrial production facility, she is tasked with ensuring that the network is not susceptible to electromagnetic interference due to the large motors and other devices running on the production floor. What type of network cabling should she choose if this concern is more important than cost and difficulty of installation?

Respuesta

A. 10Base2
B. 100BaseT
C. 1000BaseT
D. Fiber-optic

Pregunta 86

Pregunta

Jasper Diamonds is a jewelry manufacturer that markets and sells custom jewelry through their website. Bethany is the manager of Jasper’s software development organization, and she is working to bring the company into line with industry standard practices. She is developing a new change management process for the organization and wishes to follow commonly accepted approaches. Bethany would like to put in place controls that provide an organized framework for company employees to suggest new website features that her team will develop. What change management process facilitates this?

Respuesta

A. Configuration control
B. Change control
C. Release control
D. Request control

Pregunta 87

Pregunta

Jasper Diamonds is a jewelry manufacturer that markets and sells custom jewelry through their website. Bethany is the manager of Jasper’s software development organization, and she is working to bring the company into line with industry standard practices. She is developing a new change management process for the organization and wishes to follow commonly accepted approaches. Bethany would also like to create a process that helps multiple developers work on code at the same time. What change management process facilitates this?

Respuesta

A. Configuration control
B. Change control
C. Release control
D. Request control

Pregunta 88

Pregunta

Jasper Diamonds is a jewelry manufacturer that markets and sells custom jewelry through their website. Bethany is the manager of Jasper’s software development organization, and she is working to bring the company into line with industry standard practices. She is developing a new change management process for the organization and wishes to follow commonly accepted approaches. Bethany is working with her colleagues to conduct user acceptance testing. What change management process includes this task?

Respuesta

A. Configuration control
B. Change control
C. Release control
D. Request control

Pregunta 89

Pregunta

Jasper Diamonds is a jewelry manufacturer that markets and sells custom jewelry through their website. Bethany is the manager of Jasper’s software development organization, and she is working to bring the company into line with industry standard practices. She is developing a new change management process for the organization and wishes to follow commonly accepted approaches. Bethany noticed that some problems arise when system administrators update libraries without informing developers. What change management process can assist with this problem?

Respuesta

A. Configuration control
B. Change control
C. Release control
D. Request control

Pregunta 90

Pregunta

Ben has written the password hashing system for the web application he is building. His hashing code function for passwords results in the following process for a series of passwords: hash (password1 + 07C98BFE4CF67B0BFE2643B5B22E2D7D) = 10B222970537B97919DB36EC757370D2 hash (password2 + 07C98BFE4CF67B0BFE2643B5B22E2D7D) = F1F16683F3E0208131B46D37A79C8921 What flaw has Ben introduced with his hashing implementation?

Respuesta

A. Plaintext salting
B. Salt reuse
C. Use of a short salt
D. Poor salt algorithm selection

Pregunta 91

Pregunta

Which one of the following is an example of risk transference?

Respuesta

A. Building a guard shack
B. Purchasing insurance
C. Erecting fences
D. Relocating facilities

Pregunta 92

Pregunta

What protocol takes the place of certificate revocation lists and adds real-time status verification?

Respuesta

A. RTCP
B. RTVP
C. OCSP
D. CSRTP

Pregunta 93

Pregunta

Jim performs lexical analysis on a program and produces control flow graphs. What type of software testing is he performing?

Respuesta

A. Dynamic
B. Fuzzing
C. Manual
D. Static

Pregunta 94

Pregunta

What process makes TCP a connection-oriented protocol?

Respuesta

A. It works via network connections.
B. It uses a handshake.
C. It monitors for dropped connections.
D. It uses a complex header.

Pregunta 95

Pregunta

What LDAP operation includes authentication to the LDAP server?

Respuesta

A. Bind
B. Auth
C. StartLDAP
D. AuthDN

Pregunta 96

Pregunta

You are conducting a qualitative risk assessment for your organization. The two important risk elements that should weigh most heavily in your analysis of risk are probability and ________________.

Respuesta

A. Likelihood
B. History
C. Impact
D. Cost

Pregunta 97

Pregunta

Using the OSI model, what format does the Data Link layer use to format messages received from higher up the stack?

Respuesta

A. A datastream
B. A frame
C. A segment
D. A datagram

Pregunta 98

Pregunta

What is the maximum penalty that may be imposed by an (ISC)2 peer review board when considering a potential ethics violation?

Respuesta

A. Revocation of certification
B. Termination of employment
C. Financial penalty
D. Suspension of certification

Pregunta 99

Pregunta

Which one of the following statements about the SDLC is correct?

Respuesta

A. The SDLC requires the use of an iterative approach to software development.
B. The SDLC requires the use of a sequential approach to software development.
C. The SDLC does not include training for end users and support staff.
D. The waterfall methodology is compatible with the SDLC.

Pregunta 100

Pregunta

In the diagram shown here, Harry is prevented from reading a file at a higher classification level than his security clearance. What security model prevents this behavior?

Image:

61 (binary/octet-stream)

Respuesta

A. Bell-LaPadula
B. Biba
C. Clark-Wilson
D. Brewer-Nash

Pregunta 101

Pregunta

Susan is setting up the network for a local coffee house and wants to ensure that users have to authenticate using an email address and agree to the coffee house’s acceptable use policy before being allowed on the network. What technology should she use to do this?

Respuesta

A. 802.11
B. NAC
C. A captive portal
D. A wireless gateway

Pregunta 102

Pregunta

What is another term for active monitoring?

Respuesta

A. Synthetic
B. Passive
C. Reactive
D. Span-based

Pregunta 103

Pregunta

The TCP header is made up of elements such as the source port, destination port, sequence number, and others. How many bytes long is the TCP header?

Respuesta

A. 8 bytes
B. 20–60 bytes
C. 64 bytes
D. 64–128 bytes

Pregunta 104

Pregunta

The company that Fred works for is reviewing the security of their company-issued cell phones. They issue 4G-capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. The mobile device management software also allows the company to remotely wipe the phones if they are lost. What security considerations should Fred’s company require for sending sensitive data over the cellular network?

Respuesta

A. They should use the same requirements as data over any public network.
B. Cellular provider networks are private networks and should not require special consideration.
C. Encrypt all traffic to ensure confidentiality.
D. Require the use of WAP for all data sent from the phone.

Pregunta 105

Pregunta

The company that Fred works for is reviewing the security of their company-issued cell phones. They issue 4G-capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. The mobile device management software also allows the company to remotely wipe the phones if they are lost. Fred intends to attend a major hacker conference this year. What should he do when connecting to his cellular provider’s 4G network while at the conference?

Respuesta

A. Continue normal usage.
B. Discontinue all usage; towers can be spoofed.
C. Only use trusted Wi-Fi networks.
D. Connect to his company’s encrypted VPN service.

Pregunta 106

Pregunta

The company that Fred works for is reviewing the security of their company-issued cell phones. They issue 4G-capable smartphones running Android and iOS and use a mobile device management solution to deploy company software to the phones. The mobile device management software also allows the company to remotely wipe the phones if they are lost. What are the most likely circumstances that would cause a remote wipe of a mobile phone to fail?

Respuesta

A. The phone has a passcode on it.
B. The phone cannot contact a network.
C. The provider has not unlocked the phone.
D. The phone is in use.

Pregunta 107

Pregunta

Elaine is developing a business continuity plan for her organization. What value should she seek to minimize?

Respuesta

A. AV
B. SSL
C. RTO
D. MTO

Pregunta 108

Pregunta

NIST Special Publication 800-53, revision 4, describes two measures of assurance. Which measure of developmental assurance is best described as measuring “the rigor, level of detail, and formality of the artifacts produced during the design and development of the hardware, software, and firmware components of information systems (e.g., functional specifications, high-level design, low-level design, source code)”?

Respuesta

A. Coverage
B. Suitability
C. Affirmation
D. Depth

Pregunta 109

Pregunta

Kathleen is reviewing the Ruby code shown here. What security technique is this code using?

Image:

62 (binary/octet-stream)

Respuesta

A. Parameterization
B. Typecasting
C. Gem cutting
D. Stored procedures

Pregunta 110

Pregunta

Chris is experiencing issues with the quality of network service on his organization’s network. The primary symptom is that packets are becoming corrupted as they travel from their source to their destination. What term describes the issue Chris is facing?

Respuesta

A. Latency
B. Jitter
C. Interference
D. Packet loss

Pregunta 111

Pregunta

Kathleen has been asked to choose a highly formalized code review process for her software quality assurance team to use. Which of the following software testing processes is the most rigorous and formal?

Respuesta

A. Fagan
B. Fuzzing
C. Over the shoulder
D. Pair programming

Pregunta 112

Pregunta

Frank is attempting to protect his web application against cross-site scripting attacks. Users do not need to provide input containing scripts, so he decided the most effective way to filter would be to write a filter on the server that watches for the <SCRIPT> tag and removes it. What is the issue with Frank’s approach?

Respuesta

A. Validation should always be performed on the client side.
B. Attackers may use XSS filter evasion techniques against this approach.
C. Server-side validation requires removing all HTML tags, not just the <SCRIPT> tag.
D. There is no problem with Frank’s approach.

Pregunta 113

Pregunta

Which one of the following is not an object-oriented programming language?

Respuesta

A. C++
B. Java
C. Fortran
D. C#

Pregunta 114

Pregunta

Uptown Records Management recently entered into a contract with a hospital for the secure storage of medical records. The hospital is a HIPAA-covered entity. What type of agreement must the two organizations sign to remain compliant with HIPAA?

Respuesta

A. NDA
B. NCA
C. BAA
D. SLA

Pregunta 115

Pregunta

Norm would like to conduct a disaster recovery test for his organization and wants to choose the most thorough type of test, recognizing that it may be quite disruptive. What type of test should Norm choose?

Respuesta

A. Full interruption test
B. Parallel test
C. Tabletop exercise
D. Checklist review

Pregunta 116

Pregunta

Ed is building a network that supports IPv6 but needs to connect it to an IPv4 network. What type of device should Ed place between the networks?

Respuesta

A. A switch
B. A router
C. A bridge
D. A gateway

Pregunta 117

Pregunta

What encryption standard won the competition for certification as the Advanced Encryption Standard?

Respuesta

A. Blowfish
B. Twofish
C. Rijndael
D. Skipjack

Pregunta 118

Pregunta

What application development method uses the cycle shown here?

Image:

63 (binary/octet-stream)

Respuesta

A. Waterfall
B. Spiral
C. Agile
D. RAD

Pregunta 119

Pregunta

Which one of the following actions is not required under the EU General Data Protection Regulation?

Respuesta

A. Organizations must allow individuals to opt out of information sharing.
B. Organizations must provide individuals with lists of employees with access to information.
C. Organizations must use proper mechanisms to protect data against unauthorized disclosure.
D. Organizations must have a dispute resolution process for privacy issues.

Pregunta 120

Pregunta

Tammy is selecting a disaster recovery facility for her organization. She would like to choose a facility that balances the time required to recover operations with the cost involved. What type of facility should she choose?

Respuesta

A. Hot site
B. Warm site
C. Cold site
D. Red site

Pregunta 121

Pregunta

What layer of the OSI model is associated with datagrams?

Respuesta

A. Session
B. Transport
C. Network
D. Data Link

Pregunta 122

Pregunta

Which one of the following is not a valid key length for the Advanced Encryption Standard?

Respuesta

A. 128 bits
B. 192 bits
C. 256 bits
D. 384 bits

Pregunta 123

Pregunta

Which one of the following technologies provides a function interface that allows developers to directly interact with systems without knowing the implementation details of that system?

Respuesta

A. Data dictionary
B. Object model
C. Source code
D. API

Pregunta 124

Pregunta

What email encryption technique is illustrated in this figure?

Image:

64 (binary/octet-stream)

Respuesta

A. MD5
B. Thunderbird
C. S/MIME
D. PGP

Pregunta 125

Pregunta

When Ben lists the files on a Linux system, he sees a set of attributes as shown in the following image. The letters rwx indicate different levels of what?

Image:

65 (binary/octet-stream)

Respuesta

A. Identification
B. Authorization
C. Authentication
D. Accountability

	Creado por Requiemdust Sheena hace alrededor de 4 años

Siguiente

Quix14 - 125Q

Descripción

Resumen del Recurso

Pregunta 1

Pregunta 2

Pregunta 3

Pregunta 4

Pregunta 5

Pregunta 6

Pregunta 7

Pregunta 8

Pregunta 9

Pregunta 10

Pregunta 11

Pregunta 12

Pregunta 13

Pregunta 14

Pregunta 15

Pregunta 16

Pregunta 17

Pregunta 18

Pregunta 19

Pregunta 20

Pregunta 21

Pregunta 22

Pregunta 23

Pregunta 24

Pregunta 25

Pregunta 26

Pregunta 27

Pregunta 28

Pregunta 29

Pregunta 30

Pregunta 31

Pregunta 32

Pregunta 33

Pregunta 34

Pregunta 35

Pregunta 36

Pregunta 37

Pregunta 38

Pregunta 39

Pregunta 40

Pregunta 41

Pregunta 42

Pregunta 43

Pregunta 44

Pregunta 45

Pregunta 46

Pregunta 47

Pregunta 48

Pregunta 49

Pregunta 50

Pregunta 51

Pregunta 52

Pregunta 53

Pregunta 54

Pregunta 55

Pregunta 56

Pregunta 57

Pregunta 58

Pregunta 59

Pregunta 60

Pregunta 61

Pregunta 62

Pregunta 63

Pregunta 64

Pregunta 65

Pregunta 66

Pregunta 67

Pregunta 68

Pregunta 69

Pregunta 70

Pregunta 71

Pregunta 72

Pregunta 73

Pregunta 74

Pregunta 75

Pregunta 76