Copy and Edit

Quix17 - 125Q

Description

Good Luck!
Requiemdust Sheena
Quiz by Requiemdust Sheena, updated more than 1 year ago
Requiemdust Sheena
Created by Requiemdust Sheena over 4 years ago
69
0
3

Resource summary

Question 1

Question
Jesse is looking at the /etc/passwd file on a system configured to use shadowed passwords. What should she expect to see in the password field of this file?
Answer
  • A. Plaintext passwords
  • B. Encrypted passwords
  • C. Hashed passwords
  • D. x

Question 2

Question
SYN floods rely on implementations of what protocol to cause denial of service conditions?
Answer
  • A. IGMP
  • B. UDP
  • C. TCP
  • D. ICMP

Question 3

Question
What principle states that an individual should make every effort to complete his or her responsibilities in an accurate and timely manner?
Answer
  • A. Least privilege
  • B. Separation of duties
  • C. Due care
  • D. Due diligence

Question 4

Question
Cable modems, ISDN, and DSL are all examples of what type of technology?
Answer
  • A. Baseband
  • B. Broadband
  • C. Digital
  • D. Broadcast

Question 5

Question
What penetration testing technique can best help assess training and awareness issues?
Answer
  • A. Port scanning
  • B. Discovery
  • C. Social engineering
  • D. Vulnerability scanning

Question 6

Question
Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many disks may fail without the loss of data?
Answer
  • A. 0
  • B. 1
  • C. 2
  • D. 3

Question 7

Question
Data is sent as bits at what layer of the OSI model?
Answer
  • A. Transport
  • B. Network
  • C. Data Link
  • D. Physical

Question 8

Question
Bert is considering the use of an infrastructure as a service cloud computing partner to provide virtual servers. Which one of the following would be a vendor responsibility in this scenario?
Answer
  • A. Maintaining the hypervisor
  • B. Managing operating system security settings
  • C. Maintaining the host firewall
  • D. Configuring server access control

Question 9

Question
When Ben records data and then replays it against his test website to verify how it performs based on a real production workload, what type of performance monitoring is he undertaking?
Answer
  • A. Passive
  • B. Proactive
  • C. Reactive
  • D. Replay

Question 10

Question
What technology ensures that an operating system allocates separate memory spaces used by each application on a system?
Answer
  • A. Abstraction
  • B. Layering
  • C. Data hiding
  • D. Process isolation

Question 11

Question
Alan is considering the use of new identification cards in his organization that will be used for physical access control. He comes across a sample card and is unsure of the technology. He breaks it open and sees the following internal construction. What type of card is this?
Image:
79 (binary/octet-stream)
Answer
  • A. Smart card
  • B. Proximity card
  • C. Magnetic stripe
  • D. Phase-two card

Question 12

Question
Mark is planning a disaster recovery test for his organization. He would like to perform a live test of the disaster recovery facility but does not want to disrupt operations at the primary facility. What type of test should Mark choose?
Answer
  • A. Full interruption test
  • B. Checklist review
  • C. Parallel test
  • D. Tabletop exercise

Question 13

Question
Which one of the following is not a principle of the Agile approach to software development?
Answer
  • A. The best architecture, requirements, and designs emerge from self-organizing teams.
  • B. Deliver working software infrequently, with an emphasis on creating accurate code over longer timelines.
  • C. Welcome changing requirements, even late in the development process.
  • D. Simplicity is essential.

Question 14

Question
During a security audit, Susan discovers that the organization is using hand geometry scanners as the access control mechanism for their secure data center. What recommendation should Susan make about the use of hand geometry scanners?
Answer
  • A. They have a high FRR and should be replaced.
  • B. A second factor should be added because they are not a good way to reliably distinguish individuals.
  • C. The hand geometry scanners provide appropriate security for the data center and should be considered for other high-security areas.
  • D. They may create accessibility concerns, and an alternate biometric system should be considered.

Question 15

Question
Colleen is conducting a business impact assessment for her organization. What metric provides important information about the amount of time that the organization may be without a service before causing irreparable harm?
Answer
  • A. MTD
  • B. ALE
  • C. RPO
  • D. RTO

Question 16

Question
An attack that changes a symlink on a Linux system between the time that an account’s rights to the file are verified and the file is accessed is an example of what type of attack?
Answer
  • A. Unlinking
  • B. Tick/tock
  • C. setuid
  • D. TOCTOU

Question 17

Question
An authentication factor that is “something you have,” and that typically includes a microprocessor and one or more certificates, is what type of authenticator?
Answer
  • A. A smart card
  • B. A token
  • C. A Type I validator
  • D. A Type III authenticator

Question 18

Question
What term best describes an attack that relies on stolen or falsified authentication credentials to bypass an authentication mechanism?
Answer
  • A. Spoofing
  • B. Replay
  • C. Masquerading
  • D. Modification

Question 19

Question
Lisa wants to integrate with a cloud identity provider that uses OAuth 2.0, and she wants to select an appropriate authentication framework. Which of the following best suits her needs?
Answer
  • A. OpenID Connect
  • B. SAML
  • C. RADIUS
  • D. Kerberos

Question 20

Question
Owen recently designed a security access control structure that prevents a single user from simultaneously holding the role required to create a new vendor and the role required to issue a check. What principle is Owen enforcing?
Answer
  • A. Two-person control
  • B. Least privilege
  • C. Separation of duties
  • D. Job rotation

Question 21

Question
Denise is preparing for a trial relating to a contract dispute between her company and a software vendor. The vendor is claiming that Denise made a verbal agreement that amended their written contract. What rule of evidence should Denise raise in her defense?
Answer
  • A. Real evidence rule
  • B. Best evidence rule
  • C. Parol evidence rule
  • D. Testimonial evidence rule

Question 22

Question
While Lauren is monitoring traffic on two ends of a network connection, she sees traffic that is inbound to a public IP address show up inside the production network bound for an internal host that uses an RFC 1918 reserved address. What technology should she expect is in use at the network border?
Answer
  • A. NAT
  • B. VLANs
  • C. S/NAT
  • D. BGP

Question 23

Question
Which of the following statements about SSAE-18 is not true?
Answer
  • A. It mandates a specific control set.
  • B. It is an attestation standard.
  • C. It is used for external audits.
  • D. It uses a framework, including SOC 1, SOC 2, and SOC 3 reports.

Question 24

Question
What does a constrained user interface do?
Answer
  • A. It prevents unauthorized users from logging in.
  • B. It limits the data visible in an interface based on the content.
  • C. It limits the access a user is provided based on what activity they are performing.
  • D. It limits what users can do or see based on privileges.

Question 25

Question
Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it should take to restore a particular IT service after an outage. What variable is Greg calculating?
Answer
  • A. MTD
  • B. RTO
  • C. RPO
  • D. SLA

Question 26

Question
What business process typically requires sign-off from a manager before modifications are made to a system?
Answer
  • A. SDN
  • B. Release management
  • C. Change management
  • D. Versioning

Question 27

Question
What type of fire extinguisher is useful against liquid-based fires?
Answer
  • A. Class A
  • B. Class B
  • C. Class C
  • D. Class D

Question 28

Question
The company Chris works for has notifications posted at each door reminding employees to be careful to not allow people to enter when they do. Which type of controls best describes this?
Answer
  • A. Detective
  • B. Physical
  • C. Preventive
  • D. Directive

Question 29

Question
Which one of the following principles is not included in the seven EUU. S. Privacy Shield provisions?
Answer
  • A. Access
  • B. Security
  • C. Recourse
  • D. Nonrepudiation

Question 30

Question
What group is eligible to receive safe harbor protection under the terms of the Digital Millennium Copyright Act (DMCA)?
Answer
  • A. Music producers
  • B. Book publishers
  • C. Internet service providers
  • D. Banks

Question 31

Question
Alex is the system owner for the HR system at a major university. According to NIST SP 800-18, what action should he take when a significant change occurs in the system?
Answer
  • A. He should develop a data confidentiality plan.
  • B. He should update the system security plan.
  • C. He should classify the data the system contains.
  • D. He should select custodians to handle day-to-day operational tasks.

Question 32

Question
Alex has been with the university he works at for over 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university’s help desk. He is now a manager for the team that runs the university’s web applications. Using the provisioning diagram shown here, answer the following questions. If Alex hires a new employee and the employee’s account is provisioned after HR manually inputs information into the provisioning system based on data Alex provides via a series of forms, what type of provisioning has occurred?
Image:
80 (binary/octet-stream)
Answer
  • A. Discretionary account provisioning
  • B. Workflow-based account provisioning
  • C. Automated account provisioning
  • D. Self-service account provisioning

Question 33

Question
Alex has been with the university he works at for over 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university’s help desk. He is now a manager for the team that runs the university’s web applications. Using the provisioning diagram shown here, answer the following questions. Alex has access to B, C, and D. What concern should he raise to the university’s identity management team?
Image:
80 (binary/octet-stream)
Answer
  • A. The provisioning process did not give him the rights he needs.
  • B. He has excessive privileges.
  • C. Privilege creep may be taking place.
  • D. Logging is not properly enabled.

Question 34

Question
Alex has been with the university he works at for over 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university’s help desk. He is now a manager for the team that runs the university’s web applications. Using the provisioning diagram shown here, answer the following questions. When Alex changes roles, what should occur?
Image:
80 (binary/octet-stream)
Answer
  • A. He should be de-provisioned and a new account should be created.
  • B. He should have his new rights added to his existing account.
  • C. He should be provisioned for only the rights that match his role.
  • D. He should have his rights set to match those of the person he is replacing.

Question 35

Question
Robert is reviewing a system that has been assigned the EAL2 evaluation assurance level under the Common Criteria. What is the highest level of assurance that he may have about the system?
Answer
  • A. It has been functionally tested.
  • B. It has been structurally tested.
  • C. It has been formally verified, designed, and tested.
  • D. It has been semiformally designed and tested.

Question 36

Question
Adam is processing an access request for an end user. What two items should he verify before granting the access?
Answer
  • A. Separation and need to know
  • B. Clearance and endorsement
  • C. Clearance and need to know
  • D. Second factor and clearance

Question 37

Question
During what phase of the electronic discovery reference model does an organization ensure that potentially discoverable information is protected against alteration or deletion?
Answer
  • A. Identification
  • B. Preservation
  • C. Collection
  • D. Processing

Question 38

Question
Nessus, OpenVAS, and SAINT are all examples of what type of tool?
Answer
  • A. Port scanners
  • B. Patch management suites
  • C. Port mappers
  • D. Vulnerability scanners

Question 39

Question
Harry would like to access a document owned by Sally stored on a file server. Applying the subject/object model to this scenario, who or what is the object of the resource request?
Answer
  • A. Harry
  • B. Sally
  • C. File server
  • D. Document

Question 40

Question
What is the process that occurs when the Session layer removes the header from data sent by the Transport layer?
Answer
  • A. Encapsulation
  • B. Packet unwrapping
  • C. De-encapsulation
  • D. Payloading

Question 41

Question
Which of the following tools is best suited to testing known exploits against a system?
Answer
  • A. Nikto
  • B. Ettercap
  • C. Metasploit
  • D. THC Hydra

Question 42

Question
What markup language uses the concepts of a Requesting Authority, a Provisioning Service Point, and a Provisioning Service Target to handle its core functionality?
Answer
  • A. SAML
  • B. SAMPL
  • C. SPML
  • D. XACML

Question 43

Question
What type of risk assessment uses tools such as the one shown here?
Image:
81 (binary/octet-stream)
Answer
  • A. Quantitative
  • B. Loss expectancy
  • C. Financial
  • D. Qualitative

Question 44

Question
MAC models use three types of environments. Which of the following is not a mandatory access control design?
Answer
  • A. Hierarchical
  • B. Bracketed
  • C. Compartmentalized
  • D. Hybrid

Question 45

Question
What level of RAID is also called disk striping with parity?
Answer
  • A. RAID 0
  • B. RAID 1
  • C. RAID 5
  • D. RAID 10

Question 46

Question
Sally is wiring a gigabit Ethernet network. What cabling choices should she make to ensure she can use her network at the full 1000 Mbps she wants to provide to her users?
Answer
  • A. Cat 5 and Cat 6
  • B. Cat 5e and Cat 6
  • C. Cat 4e and Cat 5e
  • D. Cat 6 and Cat 7

Question 47

Question
Which one of the following is typically considered a business continuity task?
Answer
  • A. Business impact assessment
  • B. Alternate facility selection
  • C. Activation of cold sites
  • D. Restoration of data from backup

Question 48

Question
Robert is the network administrator for a small business and recently installed a new firewall. After seeing signs of unusually heavy network traffic, he checked his intrusion detection system, which reported that a smurf attack was under way. What firewall configuration change can Robert make to most effectively prevent this attack?
Answer
  • A. Block the source IP address of the attack.
  • B. Block inbound UDP traffic.
  • C. Block the destination IP address of the attack.
  • D. Block inbound ICMP traffic.

Question 49

Question
Which one of the following types of firewalls does not have the ability to track connection status between different packets?
Answer
  • A. Stateful inspection
  • B. Application proxy
  • C. Packet filter
  • D. Next generation

Question 50

Question
Which of the following is used only to encrypt data in transit over a network and cannot be used to encrypt data at rest?
Answer
  • A. TKIP
  • B. AES
  • C. 3DES
  • D. RSA

Question 51

Question
What type of fuzzing is known as intelligent fuzzing?
Answer
  • A. Zzuf
  • B. Mutation
  • C. Generational
  • D. Code based

Question 52

Question
Matthew is experiencing issues with the quality of network service on his organization’s network. The primary symptom is that packets are occasionally taking too long to travel from their source to their destination. The length of this delay changes for individual packets. What term describes the issue Matthew is facing?
Answer
  • A. Latency
  • B. Jitter
  • C. Packet loss
  • D. Interference

Question 53

Question
Which of the following multifactor authentication technologies provides both low management overhead and flexibility?
Answer
  • A. Biometrics
  • B. Software tokens
  • C. Synchronous hardware tokens
  • D. Asynchronous hardware tokens

Question 54

Question
What type of testing would validate support for all the web browsers that are supported by a web application?
Answer
  • A. Regression testing
  • B. Interface testing
  • C. Fuzzing
  • D. White box testing

Question 55

Question
Kathleen is implementing an access control system for her organization and builds the following array: Reviewers: update files, delete files Submitters: upload files Editors: upload files, update files Archivists: delete files What type of access control system has Kathleen implemented?
Answer
  • A. Role-based access control
  • B. Task-based access control
  • C. Rule-based access control
  • D. Discretionary access control

Question 56

Question
Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower?
Answer
  • A. Likelihood
  • B. RTO
  • C. RPO
  • D. Impact

Question 57

Question
Alan’s Wrenches recently developed a new manufacturing process for its product. They plan to use this technology internally and not share it with others. They would like it to remain protected for as long as possible. What type of intellectual property protection is best suited for this situation?
Answer
  • A. Patent
  • B. Copyright
  • C. Trademark
  • D. Trade secret

Question 58

Question
Ben wants to interface with the National Vulnerability Database using a standardized protocol. What option should he use to ensure that the tools he builds work with the data contained in the NVD?
Answer
  • A. XACML
  • B. SCML
  • C. VSML
  • D. SCAP

Question 59

Question
Which of the following is not one of the three components of the DevOps model?
Answer
  • A. Software development
  • B. Change management
  • C. Quality assurance
  • D. Operations

Question 60

Question
In the figure shown here, Harry’s request to read the data file is blocked. Harry has a Secret security clearance, and the data file has a Top Secret classification. What principle of the Bell-LaPadula model blocked this request?
Image:
82 (binary/octet-stream)
Answer
  • A. Simple Security Property
  • B. Simple Integrity Property
  • C. *-Security Property
  • D. Discretionary Security Property

Question 61

Question
Norm is starting a new software project with a vendor that uses an SDLC approach to development. When he arrives on the job, he receives a document that has the sections shown here. What type of planning document is this?
Image:
83 (binary/octet-stream)
Answer
  • A. Functional requirements
  • B. Work breakdown structure
  • C. Test analysis report
  • D. Project plan

Question 62

Question
Kolin is searching for a network security solution that will allow him to help reduce zero-day attacks while using identities to enforce a security policy on systems before they connect to the network. What type of solution should Kolin implement?
Answer
  • A. A firewall
  • B. A NAC system
  • C. An intrusion detection system
  • D. Port security

Question 63

Question
Gwen comes across an application that is running under a service account on a web server. The service account has full administrative rights to the server. What principle of information security does this violate?
Answer
  • A. Need to know
  • B. Separation of duties
  • C. Least privilege
  • D. Job rotation

Question 64

Question
Which of the following is not a type of structural coverage in a code review process?
Answer
  • A. Statement
  • B. Trace
  • C. Loop
  • D. Data flow

Question 65

Question
Which of the following tools is best suited to the information gathering phase of a penetration test?
Answer
  • A. Whois
  • B. zzuf
  • C. Nessus
  • D. Metasploit

Question 66

Question
During a web application vulnerability scanning test, Steve runs Nikto against a web server he believes may be vulnerable to attacks. Using the Nikto output shown here, answer the following questions. Why does Nikto flag the /test directory?
Image:
84 (binary/octet-stream)
Answer
  • A. The /test directory allows administrative access to PHP.
  • B. It is used to store sensitive data.
  • C. Test directories often contain scripts that can be misused.
  • D. It indicates a potential compromise.

Question 67

Question
During a web application vulnerability scanning test, Steve runs Nikto against a web server he believes may be vulnerable to attacks. Using the Nikto output shown here, answer the following questions. Why does Nikto identify directory indexing as an issue?
Image:
84 (binary/octet-stream)
Answer
  • A. It lists files in a directory.
  • B. It may allow for XDRF.
  • C. Directory indexing can result in a denial of service attack.
  • D. Directory indexing is off by default, potentially indicating compromise.

Question 68

Question
During a web application vulnerability scanning test, Steve runs Nikto against a web server he believes may be vulnerable to attacks. Using the Nikto output shown here, answer the following questions. Nikto lists OSVDB-877, noting that the system may be vulnerable to XST. What would this type of attack allow an attacker to do?
Image:
84 (binary/octet-stream)
Answer
  • A. Use cross-site targeting.
  • B. Steal a user’s cookies.
  • C. Counter SQL tracing.
  • D. Modify a user’s TRACE information.

Question 69

Question
Which one of the following memory types is considered volatile memory?
Answer
  • A. Flash
  • B. EEPROM
  • C. EPROM
  • D. RAM

Question 70

Question
Ursula believes that many individuals in her organization are storing sensitive information on their laptops in a manner that is unsafe and potentially violates the organization’s security policy. What control can she use to identify the presence of these files?
Answer
  • A. Network DLP
  • B. Network IPS
  • C. Endpoint DLP
  • D. Endpoint IPS

Question 71

Question
In what cloud computing model does the customer build a cloud computing environment in his or her own data center or build an environment in another data center that is for the customer’s exclusive use?
Answer
  • A. Public cloud
  • B. Private cloud
  • C. Hybrid cloud
  • D. Shared cloud

Question 72

Question
Which one of the following technologies is designed to prevent a web server going offline from becoming a single point of failure in a web application architecture?
Answer
  • A. Load balancing
  • B. Dual-power supplies
  • C. IPS
  • D. RAID

Question 73

Question
Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What goal of cryptography is Alice trying to achieve?
Answer
  • A. Confidentiality
  • B. Nonrepudiation
  • C. Authentication
  • D. Integrity

Question 74

Question
What network topology is shown here?
Image:
85 (binary/octet-stream)
Answer
  • A. A ring
  • B. A bus
  • C. A star
  • D. A mesh

Question 75

Question
Monica is developing a software application that calculates an individual’s body mass index for use in medical planning. She would like to include a control on the field where the physician enters an individual’s weight to ensure that the weight falls within an expected range. What type of control should Monica use?
Answer
  • A. Fail open
  • B. Fail secure
  • C. Limit check
  • D. Buffer bounds

Question 76

Question
Your lab manager is preparing to buy all the equipment that has been budgeted for next year. While reviewing the specifications for several pieces of equipment, he notices that each device has a Mean Time To Repair (MTTR) rating. He asks you what this means. Which of the following is the best response?
Answer
  • ○ A. The MTTR is used to determine the expected time before the repair can be completed. Higher numbers are better.
  • ○ B. The MTTR is used to determine the expected time before the repair can be completed. Lower numbers are better.
  • ○ C. The MTTR is used to determine the expected time between failures. Higher numbers are better.
  • ○ D. The MTTR is used to determine the expected time between failures. Lower numbers are better.

Question 77

Question
Which of the following would you be least likely to find in a data center?
Answer
  • ○ A. Dry pipe fire control
  • ○ B. Smoke detectors
  • ○ C. Drop ceilings
  • ○ D. Surge protection

Question 78

Question
You are asked to serve as a consultant on the design of a new facility. Which of the following is the best location for the server room?
Answer
  • ○ A. Near the outside of the building
  • ○ B. Near the center of the building
  • ○ C. In an area that has plenty of traffic so that equipment can be observed by other employees and guests
  • ○ D. In an area that offers easy access

Question 79

Question
Which of the following is not one of the three types of access controls?
Answer
  • ○ A. Administrative
  • ○ B. Personnel
  • ○ C. Technical
  • ○ D. Physical

Question 80

Question
Your company has just opened a call center in India to handle nighttime operations, and you are asked to review the site’s security controls. Specifically, you are asked which of the following is the strongest form of authentication. What will your answer be?
Answer
  • ○ A. Something you know
  • ○ B. Something you are
  • ○ C. Passwords
  • ○ D. Tokens

Question 81

Question
Your organization has become worried about recent attempts to gain unauthorized access to the R&D facility. Therefore, you are asked to implement a system that will require individuals to present a password and enter a PIN at the security gate before gaining access. What is this type of system called?
Answer
  • ○ A. Authorization
  • ○ B. Two-factor authentication
  • ○ C. Authentication
  • ○ D. Three-factor authentication

Question 82

Question
Which of the following ciphers is/are symmetric?
Answer
  • ○ A. DES
  • ○ B. DES and Skytale
  • ○ C. DES, Skytale, and Caesar’s cipher
  • ○ D. DES, Skytale, Caesar’s cipher, and RSA

Question 83

Question
An employee is leaving your company. You debrief the individual and escort him to the door. After reviewing the materials in his office, you realize he left with the VPN router that had been configured for him to use when he worked from home. This router had a certificate issued to that employee, and it is not deemed worth the effort to retrieve it. What action should be taken in regards to the certificate?
Answer
  • ○ A. Suspend it.
  • ○ B. Destroy it.
  • ○ C. Revoke it.
  • ○ D. Transfer it.

Question 84

Question
Which algorithm provides for key distribution but does not provide encryption or nonrepudiation?
Answer
  • ○ A. Diffie-Hellman
  • ○ B. ElGamal
  • ○ C. RSA
  • ○ D. Elliptic Curve Cryptosystem (ECC)

Question 85

Question
TCSEC provides levels of security that are classified in a hierarchical manner. Each level has a corresponding set of security requirements that must be met. Which of the following does Level A correspond to?
Answer
  • ○ A. Mandatory protection
  • ○ B. Required protection
  • ○ C. Verified protection
  • ○ D. Validated protection

Question 86

Question
TCSEC offers numbered divisions of security that can occur in each category. With this in mind, which of the following represents the highest level of security?
Answer
  • ○ A. B2
  • ○ B. D2
  • ○ C. B1
  • ○ D. D1

Question 87

Question
Jim has been asked to assist with a security evaluation. He has heard other members of the teams speak of TCB. What does TCB stand for?
Answer
  • ○ A. Taking care of business
  • ○ B. Total computer base
  • ○ C. Trusted computer base
  • ○ D. Total communication bandwidth

Question 88

Question
Which of the following is considered a connection-oriented protocol?
Answer
  • ○ A. UDP
  • ○ B. TCP
  • ○ C. ICMP
  • ○ D. ARP

Question 89

Question
Which connectionless protocol is used for its low overhead and speed?
Answer
  • ○ A. UDP
  • ○ B. TCP
  • ○ C. ICMP
  • ○ D. ARP

Question 90

Question
Information security is not built on which of the following?
Answer
  • ○ A. Confidentiality
  • ○ B. Availability
  • ○ C. Accessibility
  • ○ D. Integrity

Question 91

Question
Place the following four elements of the Business Continuity Plan in the proper order.
Answer
  • ○ A. Scope and plan initiation, plan approval and implementation, business impact assessment, business continuity plan development
  • B. Scope and plan initiation, business impact assessment, business continuity plan development, plan approval and implementation
  • ○ C. Business impact assessment, scope and plan initiation, business continuity plan development, plan approval and implementation
  • ○ D. Plan approval and implementation, business impact assessment, scope and plan initiation, business continuity plan development

Question 92

Question
Risk assessment is a critical component of the BCP process. As such, which risk-assessment method is scenario-driven and does not assign numeric values to specific assets?
Answer
  • ○ A. Qualitative Risk Assessment
  • ○ B. Statistical Weighted Risk Assessment
  • ○ C. Quantitative Risk Assessment
  • ○ D. Asset-Based Risk Assessment

Question 93

Question
Which of the following best describes the concept and purpose of BCP?
Answer
  • ○ A. BCPs are used to reduce outage times.
  • ○ B. BCPs and procedures are put in place for the response to an emergency.
  • ○ C. BCPs guarantee the reliability of standby systems.
  • ○ D. BCPs are created to prevent interruptions to normal business activity.

Question 94

Question
What is not one of the three things that are needed to commit a computer crime?
Answer
  • ○ A. Means
  • ○ B. Skill
  • ○ C. Motive
  • ○ D. Opportunity

Question 95

Question
The IAB (Internet Architecture Board) considers which of the following acts unethical?
Answer
  • ○ A. Disrupting the intended use of the Internet
  • ○ B. Rerouting Internet traffic
  • ○ C. Writing articles about security exploits
  • ○ D. Developing security patches

Question 96

Question
What category of attack is characterized by the removal of small amounts of money over long periods of time?
Answer
  • ○ A. Slicing attack
  • ○ B. Skimming attack
  • ○ C. Bologna attack
  • ○ D. Salami attack

Question 97

Question
Which of the following is not a valid database management system model?
Answer
  • ○ A. The hierarchical database management system
  • ○ B. The structured database management system
  • ○ C. The network database management system
  • ○ D. The relational database management system

Question 98

Question
During which stage of the software development life cycle should security be implemented?
Answer
  • ○ A. Development
  • ○ B. Project initiation
  • ○ C. Deployment
  • ○ D. Installation

Question 99

Question
In which software development life cycle phase do the programmers and developers become deeply involved and do the majority of the work?
Answer
  • ○ A. System Design Specifications
  • ○ B. Software Development
  • ○ C. Operation and Maintenance
  • ○ D. Functional Design Analysis and Planning

Question 100

Question
You have just won a contract for a small software development firm, which has asked you to perform a risk analysis. The firm provided you information on previous incidents and has a list of the known environmental threats of the geographic area. The firm’s president believes that risk is something that can be eliminated. As a CISSP, how should you respond to this statement?
Answer
  • ○ A. Although it can be prohibitively expensive, risk can be eliminated.
  • ○ B. Risk can be reduced but cannot be eliminated.
  • ○ C. A qualitative risk analysis can eliminate risk.
  • ○ D. A quantitative risk assessment can eliminate risk.

Question 101

Question
Which term describes the method of identifying vulnerabilities and threats and assessing the possible damage to determine where to implement security safeguards?
Answer
  • ○ A. Information management
  • ○ B. Risk analysis
  • ○ C. Countermeasure selection
  • ○ D. Classification controls

Question 102

Question
Proper security management dictates separation of duties for all the following reasons except which one?
Answer
  • ○ A. It reduces the possibility of fraud.
  • ○ B. It reduces dependency on individual workers.
  • ○ C. It reduces the need for personnel.
  • ○ D. It provides integrity.

Question 103

Question
Attackers are always looking for ways to identify systems. One such method is to send a TCP SYN to a targeted port. What would an attacker expect to receive in response to indicate an open port?
Answer
  • ○ A. SYN
  • ○ B. SYN ACK
  • ○ C. ACK
  • ○ D. ACK FIN

Question 104

Question
Which of the following is an example of a directive control?
Answer
  • ○ A. Policies
  • ○ B. Data validation
  • ○ C. Job rotation
  • ○ D. Fault-tolerant systems

Question 105

Question
Brad uses Telnet to connect to several open ports on a victim computer and capture the banner information. What is the purpose of his activity?
Answer
  • ○ A. Scanning
  • ○ B. Fingerprinting
  • ○ C. Attempting a DoS
  • ○ D. Privilege escalation

Question 106

Question
A closed-circuit TV (CCTV) system has been installed to monitor a bank’s ATM. The lighting has been adjusted to prevent dark areas, and the depth of field and degree of focus are appropriate for proper monitoring. However, the guard has asked if it would be possible to provide greater width to the area being monitored to permit a subject to be captured for a longer stretch of time. Which adjustment is needed?
Answer
  • ○ A. Decrease the focal length
  • ○ B. Increase the focal length
  • ○ C. Decrease the iris
  • ○ D. Increase the iris

Question 107

Question
When you’re choosing the physical location for a new facility, which of the following should you not avoid?
Answer
  • ○ A. Airport flight paths
  • ○ B. Chemical refineries
  • ○ C. Railway freight lines
  • ○ D. Hospitals

Question 108

Question
Which of the following is not one of the three primary types of authentication?
Answer
  • ○ A. Something you remember
  • ○ B. Something you know
  • ○ C. Something you are
  • ○ D. Something you have

Question 109

Question
While working as a contractor for Widget, Inc., you are asked what the weakest form of authentication is. What will you say?
Answer
  • ○ A. Passwords
  • ○ B. Retina scans
  • ○ C. Facial recognition
  • ○ D. Tokens

Question 110

Question
A coworker reports that she has lost her public key ring. What does this mean?
Answer
  • ○ A. This is a security violation. You need to revoke her digital certificate.
  • ○ B. She can regenerate it.
  • ○ C. She will be unable to decrypt her stored files.
  • ○ D. The PKI is gone.

Question 111

Question
What is the risk to an organization when a cryptosystem fails to use the full keyspace available?
Answer
  • ○ A. Keys are too short.
  • ○ B. Keys cause a collision.
  • ○ C. Keys are clustered.
  • ○ D. Keys repeat.

Question 112

Question
Which of the following is not one of the valid states in which a CPU can operate?
Answer
  • ○ A. Processor
  • ○ B. Supervisor
  • ○ C. Problem
  • ○ D. Wait

Question 113

Question
Which organization began developing the Common Criteria standard in 1990?
Answer
  • ○ A. IEEE
  • ○ B. ISC2
  • ○ C. ISO
  • ○ D. NIST

Question 114

Question
Which data communications solution transmits timing information to the receiver by using a “preamble” of alternating 1s and 0s?
Answer
  • ○ A. Modem communication
  • ○ B. Ethernet communication
  • ○ C. Instant messaging
  • ○ D. Serial communication

Question 115

Question
LAN data transmissions can take on several different forms. Which of the following can be both a source and a destination address?
Answer
  • ○ A. Unicast
  • ○ B. Multicast
  • ○ C. Broadcast
  • ○ D. Anycast

Question 116

Question
What are the three goals of a business impact analysis?
Answer
  • ○ A. Downtime estimation, resource requirements, defining the continuity strategy
  • ○ B. Defining the continuity strategy, criticality prioritization, resource requirements
  • ○ C. Criticality prioritization, downtime estimation, documenting the continuity strategy
  • ○ D. Criticality prioritization, downtime estimation, resource requirements

Question 117

Question
Which of the following is the number-one priority for all Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs)?
Answer
  • ○ A. The reduction of potential critical outages
  • ○ B. The minimization of potential outages
  • ○ C. The elimination of potential outages
  • ○ D. The protection and welfare of employees

Question 118

Question
You are assigned to a team that is investigating a computer crime. You are asked to make sure that the original data remains unchanged. Which of the following programs can be used to create a cryptographic checksum to verify the data’s integrity?
Answer
  • ○ A. PKZip
  • ○ B. MD5sum
  • ○ C. DES
  • ○ D. PGP

Question 119

Question
Paul is concerned about the proper disposal of old hard drives that contain propriety information. Which of the following techniques ensures that the data cannot be recovered?
Answer
  • ○ A. Formatting
  • ○ B. FDISK
  • ○ C. Drive wiping
  • ○ D. Data parsing

Question 120

Question
In the software development life cycle, what is used to maintain changes to development or production?
Answer
  • ○ A. Certification
  • ○ B. Audit control team
  • ○ C. Manufacturing review board
  • ○ D. Change control

Question 121

Question
What is the most-used type of database management system?
Answer
  • ○ A. The hierarchical database management system
  • ○ B. The structured database management system
  • ○ C. The network database management system
  • ○ D. The relational database management system

Question 122

Question
As a potential CISSP, you need to know common RFCs and NIST standards. One such RFC is 2196. This IETF document provides basic guidance on security in a networked environment. What is the title of this document?
Answer
  • ○ A. “Ethics and the Internet”
  • ○ B. “Site Security Handbook”
  • ○ C. “Cracking and Hacking TCP/IP”
  • ○ D. “Security Policies and Procedures”

Question 123

Question
Mr. Hunting, your former college math teacher, hears that you are studying for your CISSP exam and asks if you know the formula for total risk. What is the correct response?
Answer
  • ○ A. Annual Loss Expectancy * Vulnerability = Total Risk
  • ○ B. Threat * Vulnerability * Asset Value = Total Risk
  • ○ C. Residual Risk / Asset Value * Vulnerability = Total Risk
  • ○ D. Asset Value / Residual Risk = Total Risk

Question 124

Question
An access-control matrix can be used to associate permissions of a subject to an object. Permissions can be tied to a lattice of control. If the lattice of control for Cindy and Bob is read and read/write, which of the following is true?
Image:
86 (binary/octet-stream)
Answer
  • ○ A. Bob will be able to read File X.
  • ○ B. Bob has full control of File X.
  • ○ C. Bob cannot access File X.
  • ○ D. Alice has full access on File Y.

Question 125

Question
The attacker waits until his victim establishes a connection to the organization’s FTP server. Then, he executes a program that allows him to take over the established session. What type of attack has taken place?
Answer
  • ○ A. Password attack
  • ○ B. Spoofing
  • ○ C. Session hijack
  • ○ D. ARP redirection
Show full summary Hide full summary

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

A2 Level OCR: Communication & Homeostasis
Ollie O'Keeffe
BIOLOGY B1 3
x_clairey_x
GCSE Music revision 1
georgie.proctor
Animal Farm
010534
PHR SPHR Labor Union Terminology
Sandra Reed
Matematica para concursos
Luiz Ricardo Oliveira
Continents & Oceans
Thomas Yoachim
Denary, Binary and Hexadecimal
Samuel Leonard
ELU
Inga Kangur
Linking Rossetti and A Doll's House
Mrs Peacock
Examen nefrologie partea 2
Dan Croitoru
Browse Library