CISSP All-In-One Exam Guide 6th Edition Passing Score: 700 Time Limit: 360 min File Version: 1.0 CISSP® - Certified Information Systems Security Professional For the Next Generation of Information Security Leaders http://www.gratisexam.com/ CISSP® certification is a globally recognized standard of achievement that confirms an individual's knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. This was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024. http://www.gratisexam.com/ Chapter 1 - Becoming a CISSP QUESTION 1 Which of the following provides an incorrect characteristic of a memory leak? A. B. C. D. Common programming error Common when languages that have no built-in automatic garbage collection are used Common in applications written in Java Common in applications written in C++ Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 2 Which of the following is the best description pertaining to the “Trusted Computing Base”? A. B. C. D. The term originated from the Orange Book and pertains to firmware. The term originated from the Orange Book and addresses the security mechanisms that are only implemented by the operating system. The term originated from the Orange Book and contains the protection mechanisms within a system. The term originated from the Rainbow Series and addressed the level of significance each mechanism of a system portrays in a secure environment. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 3 Which of the following is the best description of the security kernel and the reference monitor? A. The reference monitor is a piece of software that runs on top of the security kernel. The reference monitor is accessed by every security call of the security kernel. The security kernel is too large to test and verify. B. The reference monitor concept is a small program that is not related to the security kernel. It will enforce access rules upon subjects who attempt to access specific objects. This program is regularly used with modern operating systems. http://www.gratisexam.com/ C. The reference monitor concept is used strictly for database access control and is one of the key components in maintaining referential integrity within the system. It is impossible for the user to circumvent the reference monitor. D. The reference monitor and security kernel are core components of modern operating systems. They work together to mediate all access between subjects and objects. They should not be able to be circumvented and must be called upon for every access attempt. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 4 Which of the following models incorporates the idea of separation of duties and requires that all modifications to data and objects be done through programs? A. B. C. D. State machine model Bell-LaPadula model Clark-Wilson model Biba model Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 5 Which of the following best describes the hierarchical levels of privilege within the architecture of a computer system? http://www.gratisexam.com/ A. Computer system ring structure http://www.gratisexam.com/ B. Microcode abstraction levels of security C. Operating system user mode D. Operating system kernel mode Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 6 Which of the following is an untrue statement? i. Virtual machines can be used to provide secure, isolated sandboxes for running untrusted applications. ii. Virtual machines can be used to create execution environments with resource limits and, given the right schedulers, resource guarantees. iii. Virtualization can be used to simulate networks of independent computers. iv. Virtual machines can be used to run multiple operating systems simultaneously: different versions, or even entirely different systems, which can be on hot standby. A. B. C. D. All of them None of them i, ii ii, iii Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 7 Which of the following is the best means of transferring information when parties do not have a shared secret and large quantities of sensitive information must be transmitted? A. Use of public key encryption to secure a secret key, and message encryption using the secret key B. Use of the recipient’s public key for encryption, and decryption based on the recipient’s private key C. Use of software encryption assisted by a hardware encryption accelerator http://www.gratisexam.com/ D. Use of elliptic curve encryption Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 8 Which algorithm did NIST choose to become the Advanced Encryption Standard (AES) replacing the Data Encryption Standard (DES)? A. B. C. D. DEA Rijndael Twofish IDEA Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 9 Use the following scenario to answer questions 9–11. John is the security administrator for company X. He has been asked to oversee the installation of a fire suppression sprinkler system, as recent unusually dry weather has increased the likelihood of fire. Fire could potentially cause a great amount of damage to the organization’s assets. The sprinkler system is designed to reduce the impact of fire on the company. In this scenario, fire is considered which of the following? A. B. C. D. Vulnerability Threat Risk Countermeasure Correct Answer: B http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: QUESTION 10 Use the following scenario to answer questions 9–11. John is the security administrator for company X. He has been asked to oversee the installation of a fire suppression sprinkler system, as recent unusually dry weather has increased the likelihood of fire. Fire could potentially cause a great amount of damage to the organization’s assets. The sprinkler system is designed to reduce the impact of fire on the company. In this scenario, the sprinkler system is considered which of the following? A. B. C. D. Vulnerability Threat Risk Countermeasure Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 11 Use the following scenario to answer questions 9–11. John is the security administrator for company X. He has been asked to oversee the installation of a fire suppression sprinkler system, as recent unusually dry weather has increased the likelihood of fire. Fire could potentially cause a great amount of damage to the organization’s assets. The sprinkler system is designed to reduce the impact of fire on the company. In this scenario, the likelihood and damage potential of a fire is considered which of the following? A. B. C. D. Vulnerability Threat Risk Countermeasure http://www.gratisexam.com/ Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 12 Use the following scenario to answer questions 12–14. A small remote facility for a company is valued at $800,000. It is estimated, based on historical data and other predictors, that a fire is likely to occur once every ten years at a facility in this area. It is estimated that such a fire would destroy 60 percent of the facility under the current circumstances and with the current detective and preventative controls in place. What is the single loss expectancy (SLE) for the facility suffering from a fire? A. B. C. D. $80,000 $480,000 $320,000 60 percent Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 13 Use the following scenario to answer questions 12–14. A small remote facility for a company is valued at $800,000. It is estimated, based on historical data and other predictors, that a fire is likely to occur once every ten years at a facility in this area. It is estimated that such a fire would destroy 60 percent of the facility under the current circumstances and with the current detective and preventative controls in place. What is the annualized rate of occurrence (ARO)? A. 1 B. 10 http://www.gratisexam.com/ C. .1 D. .01 Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 14 Use the following scenario to answer questions 12–14. A small remote facility for a company is valued at $800,000. It is estimated, based on historical data and other predictors, that a fire is likely to occur once every ten years at a facility in this area. It is estimated that such a fire would destroy 60 percent of the facility under the current circumstances and with the current detective and preventative controls in place. What is the annualized loss expectancy (ALE)? A. B. C. D. $480,000 $32,000 $48,000 .6 Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 15 Which of the following is not a characteristic of Protected Extensible Authentication Protocol? A. B. C. D. Authentication protocol used in wireless networks and point-to-point connections Designed to provide improved secure authentication for 802.11 WLANs Designed to support 802.1x port access control and Transport Layer Security Designed to support password-protected connections http://www.gratisexam.com/ Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 16 Which of the following best describes the Temporal Key Integrity Protocol’s (TKIP) role in the 802.11i standard? A. B. C. D. It provides 802.1x and EAP to increase the authentication strength. It requires the access point and the wireless device to authenticate to each other. It sends the SSID and MAC value in ciphertext. It adds more keying material for the RC4 algorithm. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 17 Vendors have implemented various solutions to overcome the vulnerabilities of the wired equivalent protocol (WEP). Which of the following provides an incorrect mapping between these solutions and their characteristics? A. B. C. D. LEAP requires a PKI. PEAP only requires the server to authenticate using a digital certificate. EAP-TLS requires both the wireless device and server to authenticate using digital certificates. PEAP allows the user to provide a password. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 18 http://www.gratisexam.com/ Encapsulating Security Payload (ESP), which is one protocol within the IPSec protocol suite, is primarily designed to provide which of the following? A. B. C. D. Confidentiality Cryptography Digital signatures Access control Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 19 Which of the following redundant array of independent disks implementations uses interleave parity? A. B. C. D. Level 1 Level 2 Level 4 Level 5 Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 20 Which of the following is not one of the stages of the dynamic host configuration protocol (DHCP) lease process? i. Discover ii. Offer iii. Request iv. Acknowledgment A. All of them B. None of them http://www.gratisexam.com/ C. i D. ii Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 21 Which of the following has been deemed by the Internet Architecture Board as unethical behavior for Internet users? A. B. C. D. Creating computer viruses Monitoring data traffic Wasting computer resources Concealing unauthorized accesses Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 22 Most computer-related documents are categorized as which of the following types of evidence? A. B. C. D. Hearsay evidence Direct evidence Corroborative evidence Circumstantial evidence Correct Answer: A Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ QUESTION 23 During the examination and analysis process of a forensics investigation, it is critical that the investigator works from an image that contains all of the data from the original disk. The image must have all but which of the following characteristics? A. B. C. D. Byte-level copy Captured slack spaces Captured deleted files Captured unallocated clusters Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 24 __________ is a process of interactively producing more detailed versions of objects by populating variables with different values. It is often used to prevent inference attacks. A. B. C. D. Polyinstantiation Polymorphism Polyabsorbtion Polyobject Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 25 Tim is a software developer for a financial institution. He develops middleware software code that carries out his company’s business logic functions. One of the applications he works with is written in the C programming language and seems to be taking up too much memory as it runs over a period of time. Which of the following best describes what Tim needs to look at implementing to rid this software of this type of problem? A. Bounds checking http://www.gratisexam.com/ B. Garbage collection C. Parameter checking D. Compiling Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 26 __________ is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. A. B. C. D. Agile testing Structured testing Fuzzing EICAR Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 27 Which type of malware can change its own code, making it harder to detect with antivirus software? A. B. C. D. Stealth virus Polymorphic virus Trojan horse Logic bomb Correct Answer: B Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ QUESTION 28 What is derived from a passphrase? A. B. C. D. A personal password A virtual password A user ID A valid password Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 29 Which access control model is user-directed? A. B. C. D. Nondiscretionary Mandatory Identity-based Discretionary Correct Answer: D Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ http://www.gratisexam.com/ QUESTION 30 Which item is not part of a Kerberos authentication implementation? A. B. C. D. A message authentication code A ticket-granting ticket Authentication service Users, programs, and services Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 31 If a company has a high turnover rate, which access control structure is best? A. B. C. D. Role-based Decentralized Rule-based Discretionary Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 32 In discretionary access control, who/what has delegation authority to grant access to data? A. B. C. D. A user A security officer A security policy An owner http://www.gratisexam.com/ Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 33 Remote access security using a token one-time password generation is an example of which of the following? A. B. C. D. Something you have Something you know Something you are Two-factor authentication Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 34 What is a crossover error rate (CER)? A. B. C. D. A rating used as a performance metric for a biometric system The number of Type I errors The number of Type II errors The number reached when Type I errors exceed the number of Type II errors Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 35 What does a retina scan biometric system do? http://www.gratisexam.com/ A. B. C. D. Examines the pattern, color, and shading of the area around the cornea Examines the patterns and records the similarities between an individual’s eyes Examines the pattern of blood vessels at the back of the eye Examines the geometry of the eyeball Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 36 If you are using a synchronous token device, what does this mean? A. B. C. D. The device synchronizes with the authentication service by using internal time or events. The device synchronizes with the user’s workstation to ensure the credentials it sends to the authentication service are correct. The device synchronizes with the token to ensure the timestamp is valid and correct. The device synchronizes by using a challenge-response method with the authentication service. Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 37 What is a clipping level? A. B. C. D. The threshold for an activity The size of a control zone Explicit rules of authorization A physical security mechanism Correct Answer: A Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: QUESTION 38 Which intrusion detection system would monitor user and network behavior? A. B. C. D. Statistical/anomaly-based Signature-based Static Host-based Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 39 When should a Class C fire extinguisher be used instead of a Class A? A. B. C. D. When electrical equipment is on fire When wood and paper are on fire When a combustible liquid is on fire When the fire is in an open area Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 40 How does halon suppress fires? A. It reduces the fire’s fuel intake. http://www.gratisexam.com/ B. It reduces the temperature of the area. C. It disrupts the chemical reactions of a fire. D. It reduces the oxygen in the area. Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 41 What is the problem with high humidity in a data processing environment? A. B. C. D. Corrosion Fault tolerance Static electricity Contaminants Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 42 What is the definition of a power fault? A. B. C. D. Prolonged loss of power Momentary low voltage Prolonged high voltage Momentary power outage Correct Answer: D Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ QUESTION 43 Who has the primary responsibility of determining the classification level for information? A. B. C. D. The functional manager Middle management The owner The user Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 44 Which best describes the purpose of the ALE calculation? A. B. C. D. It quantifies the security level of the environment. It estimates the loss potential from a threat. It quantifies the cost/benefit result. It estimates the loss potential from a threat in a one-year time span. Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 45 How do you calculate residual risk? A. B. C. D. Threats × risks × asset value (Threats × asset value × vulnerability) × risks SLE × frequency (Threats × vulnerability × asset value) × control gap http://www.gratisexam.com/ Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 46 What is the Delphi method? A. B. C. D. A way of calculating the cost/benefit ratio for safeguards A way of allowing individuals to express their opinions anonymously Chapter 1: Becoming a CISSP A way of allowing groups to discuss and collaborate on the best security approaches A way of performing a quantitative risk analysis Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 47 What are the necessary components of a smurf attack? A. B. C. D. Web server, attacker, and fragment offset Fragment offset, amplifying network, and victim Victim, amplifying network, and attacker DNS server, attacker, and web server Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 48 http://www.gratisexam.com/ What do the reference monitor and security kernel do in an operating system? A. B. C. D. Intercept and mediate a subject attempting to access objects Point virtual memory addresses to real memory addresses House and protect the security kernel Monitor privileged memory usage by applications Correct Answer: A Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ Chapter 2 - Information Security Governance and Risk Management QUESTION 1 Who has the primary responsibility of determining the classification level for information? A. B. C. D. The functional manager Senior management The owner The user Correct Answer: C Section: (none) Explanation Explanation/Reference: A company can have one specific data owner or different data owners who have been delegated the responsibility of protecting specific sets of data. One of the responsibilities that goes into protecting this information is properly classifying it. QUESTION 2 If different user groups with different security access levels need to access the same information, which of the following actions should management take? A. B. C. D. Decrease the security level on the information to ensure accessibility and usability of the information. Require specific written approval each time an individual needs to access the information. Increase the security controls on the information. Decrease the classification label on the information. Correct Answer: C Section: (none) Explanation Explanation/Reference: If data is going to be available to a wide range of people, more granular security should be implemented to ensure that only the necessary people access the data and that the operations they carry out are controlled. The security implemented can come in the form of authentication and authorization technologies, encryption, and specific access control mechanisms. QUESTION 3 http://www.gratisexam.com/ What should management consider the most when classifying data? A. B. C. D. The type of employees, contractors, and customers who will be accessing the data Availability, integrity, and confidentiality Assessing the risk level and disabling countermeasures The access controls that will be protecting the data Correct Answer: B Section: (none) Explanation Explanation/Reference: The best answer to this question is B, because to properly classify data, the data owner must evaluate the availability, integrity, and confidentiality requirements of the data. Once this evaluation is done, it will dictate which employees, contractors, and users can access the data, which is expressed in answer A. This assessment will also help determine the controls that should be put into place. QUESTION 4 Who is ultimately responsible for making sure data is classified and protected? A. B. C. D. Data owners Users Administrators Management Correct Answer: D Section: (none) Explanation Explanation/Reference: The key to this question is the use of the word “ultimately.” Though management can delegate tasks to others, it is ultimately responsible for everything that takes place within a company. Therefore, it must continually ensure that data and resources are being properly protected. QUESTION 5 Which factor is the most important item when it comes to ensuring security is successful in an organization? http://www.gratisexam.com/ A. B. C. D. Senior management support Effective controls and implementation methods Updated and relevant security policies and procedures Security awareness by all employees Correct Answer: A Section: (none) Explanation Explanation/Reference: Without senior management’s support, a security program will not receive the necessary attention, funds, resources, and enforcement capabilities. QUESTION 6 When is it acceptable to not take action on an identified risk? A. B. C. D. Never. Good security addresses and reduces all risks. When political issues prevent this type of risk from being addressed. When the necessary countermeasure is complex. When the cost of the countermeasure outweighs the value of the asset and potential loss. Correct Answer: D Section: (none) Explanation Explanation/Reference: Companies may decide to live with specific risks they are faced with if the cost of trying to protect themselves would be greater than the potential loss if the threat were to become real. Countermeasures are usually complex to a degree, and there are almost always political issues surrounding different risks, but these are not reasons to not implement a countermeasure. QUESTION 7 Which is the most valuable technique when determining if a specific security control should be implemented? A. B. C. D. Risk analysis Cost/benefit analysis ALE results Identifying the vulnerabilities and threats causing the risk http://www.gratisexam.com/ Correct Answer: B Section: (none) Explanation Explanation/Reference: Although the other answers may seem correct, B is the best answer here. This is because a risk analysis is performed to identify risks and come up with suggested countermeasures. The ALE tells the company how much it could lose if a specific threat became real. The ALE value will go into the cost/benefit analysis, but the ALE does not address the cost of the countermeasure and the benefit of a countermeasure. All the data captured in answers A, C, and D are inserted into a cost/benefit analysis. QUESTION 8 Which best describes the purpose of the ALE calculation? A. B. C. D. Quantifies the security level of the environment Estimates the loss possible for a countermeasure Quantifies the cost/benefit result Estimates the loss potential of a threat in a span of a year Correct Answer: D Section: (none) Explanation Explanation/Reference: The ALE calculation estimates the potential loss that can affect one asset from a specific threat within a one-year time span. This value is used to figure out the amount of money that should be earmarked to protect this asset from this threat. QUESTION 9 The security functionality defines the expected activities of a security mechanism, and assurance defines which of the following? A. B. C. D. The controls the security mechanism will enforce The data classification after the security mechanism has been implemented The confidence of the security the mechanism is providing The cost/benefit relationship http://www.gratisexam.com/ Correct Answer: C Section: (none) Explanation Explanation/Reference: The functionality describes how a mechanism will work and behave. This may have nothing to do with the actual protection it provides. Assurance is the level of confidence in the protection level a mechanism will provide. When systems and mechanisms are evaluated, their functionality and assurance should be examined and tested individually. QUESTION 10 How do you calculate residual risk? A. B. C. D. Threats × risks × asset value (Threats × asset value × vulnerability) × risks SLE × frequency = ALE (Threats × vulnerability × asset value) × controls gap Correct Answer: D Section: (none) Explanation Explanation/Reference: The equation is more conceptual than practical. It is hard to assign a number to an individual vulnerability or threat. This equation enables you to look at the potential loss of a specific asset, as well as the controls gap (what the specific countermeasure cannot protect against). What remains is the residual risk, which is what is left over after a countermeasure is implemented. QUESTION 11 Why should the team that will perform and review the risk analysis information be made up of people in different departments? A. To make sure the process is fair and that no one is left out. B. It shouldn’t. It should be a small group brought in from outside the organization because otherwise the analysis is biased and unusable. C. Because people in different departments understand the risks of their department. Thus, it ensures the data going into the analysis is as close to reality as possible. D. Because the people in the different departments are the ones causing the risks, so they should be the ones held accountable. Correct Answer: C http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: An analysis is only as good as the data that go into it. Data pertaining to risks the company faces should be extracted from the people who understand best the business functions and environment of the company. Each department understands its own threats and resources, and may have possible solutions to specific threats that affect its part of the company. QUESTION 12 Which best describes a quantitative risk analysis? A. B. C. D. A scenario-based analysis to research different security threats A method used to apply severity levels to potential loss, probability of loss, and risks A method that assigns monetary values to components in the risk assessment A method that is based on gut feelings and opinions Correct Answer: C Section: (none) Explanation Explanation/Reference: A quantitative risk analysis assigns monetary values and percentages to the different components within the assessment. A qualitative analysis uses opinions of individuals and a rating system to gauge the severity level of different threats and the benefits of specific countermeasures. QUESTION 13 Why is a truly quantitative risk analysis not possible to achieve? A. B. C. D. It is possible, which is why it is used. It assigns severity levels. Thus, it is hard to translate into monetary values. It is dealing with purely quantitative elements. Quantitative measures must be applied to qualitative elements. Correct Answer: D Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: During a risk analysis, the team is trying to properly predict the future and all the risks that future may bring. It is somewhat of a subjective exercise and requires educated guessing. It is very hard to properly predict that a flood will take place once in ten years and cost a company up to $40,000 in damages, but this is what a quantitative analysis tries to accomplish. QUESTION 14 What is CobiT and where does it fit into the development of information security systems and security programs? A. B. C. D. Lists of standards, procedures, and policies for security program development Current version of ISO 17799 A framework that was developed to deter organizational internal fraud Open standards for control objectives Correct Answer: D Section: (none) Explanation Explanation/Reference: The Control Objectives for Information and related Technology (CobiT) is a framework developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and ensure IT maps to business needs. QUESTION 15 What are the four domains that make up CobiT? A. B. C. D. Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate Plan and Organize, Maintain and Implement, Deliver and Support, and Monitor and Evaluate Plan and Organize, Acquire and Implement, Support and Purchase, and Monitor and Evaluate Acquire and Implement, Deliver and Support, and Monitor and Evaluate Correct Answer: A Section: (none) Explanation Explanation/Reference: CobiT has four domains: Plan and Organize, Acquire and Implement, http://www.gratisexam.com/ Deliver and Support, and Monitor and Evaluate. Each category drills down into subcategories. For example, Acquire and Implement contains the following subcategories: • Acquire and Maintain Application Software • Acquire and Maintain Technology Infrastructure • Develop and Maintain Procedures • Install and Accredit Systems • Manage Changes QUESTION 16 What is the ISO/IEC 27799 standard? http://www.gratisexam.com/ A. B. C. D. A standard on how to protect personal health information The new version of BS 17799 Definitions for the new ISO 27000 series The new version of NIST 800-60 Correct Answer: A Section: (none) Explanation Explanation/Reference: It is referred to as the health informatics, and its purpose is to provide guidance to health organizations and other holders of personal health information on how to protect such information via implementation of ISO/IEC 27002. QUESTION 17 CobiT was developed from the COSO framework. What are COSO’s main objectives and purpose? A. COSO is a risk management approach that pertains to control objectives and IT business processes. B. Prevention of a corporate environment that allows for and promotes financial fraud. http://www.gratisexam.com/ C. COSO addresses corporate culture and policy development. D. COSO is risk management system used for the protection of federal systems. Correct Answer: B Section: (none) Explanation Explanation/Reference: COSO deals more at the strategic level, while CobiT focuses more at the operational level. CobiT is a way to meet many of the COSO objectives, but only from the IT perspective. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures. Its main purpose is to help ensure fraudulent financial reporting cannot take place in an organization. QUESTION 18 OCTAVE, NIST 800-30, and AS/NZS 4360 are different approaches to carrying out risk management within companies and organizations. What are the differences between these methods? A. B. C. D. NIST 800-30 and OCTAVE are corporate based, while AS/NZS is international. NIST 800-30 is IT based, while OCTAVE and AS/NZS 4360 are corporate based. AS/NZS is IT based, and OCTAVE and NIST 800-30 are assurance based. NIST 800-30 and AS/NZS are corporate based, while OCTAVE is international. Correct Answer: B Section: (none) Explanation Explanation/Reference: NIST 800-30 Risk Management Guide for Information Technology Systems is a U.S. federal standard that is focused on IT risks. OCTAVE is a methodology to set up a risk management program within an organizational structure. AS/NZS 4360 takes a much broader approach to risk management. This methodology can be used to understand a company’s financial, capital, human safety, and business decisions risks. Although it can be used to analyze security risks, it was not created specifically for this purpose. QUESTION 19 Use the following scenario to answer Questions 19–21. A server that houses sensitive data has been stored in an unlocked room for the last few years at Company http://www.gratisexam.com/ A. The door to the room has a sign on the door that reads “Room 1.” This sign was placed on the door with the hope that people would not look for important servers in this room. Realizing this is not optimum security, the company has decided to install a reinforced lock and server cage for the server and remove the sign. They have also hardened the server’s configuration and employed strict operating system access controls. The fact that the server has been in an unlocked room marked “Room 1” for the last few years means the company was practicing which of the following? A. B. C. D. Logical security Risk management Risk transference Security through obscurity Correct Answer: D Section: (none) Explanation Explanation/Reference: Security through obscurity is not implementing true security controls, but rather attempting to hide the fact that an asset is vulnerable in the hope that an attacker will not notice. Security through obscurity is an approach to try and fool a potential attacker, which is a poor way of practicing security. Vulnerabilities should be identified and fixed, not hidden. QUESTION 20 Use the following scenario to answer Questions 19–21. A server that houses sensitive data has been stored in an unlocked room for the last few years at Company A. The door to the room has a sign on the door that reads “Room 1.” This sign was placed on the door with the hope that people would not look for important servers in this room. Realizing this is not optimum security, the company has decided to install a reinforced lock and server cage for the server and remove the sign. They have also hardened the server’s configuration and employed strict operating system access controls. The new reinforced lock and cage serve as which of the following? A. B. C. D. Logical controls Physical controls Administrative controls Compensating controls Correct Answer: B Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ Physical controls are security mechanisms in the physical world, as in locks, fences, doors, computer cages, etc. There are three main control types, which are administrative, technical, and physical. QUESTION 21 Use the following scenario to answer Questions 19–21. A server that houses sensitive data has been stored in an unlocked room for the last few years at Company A. The door to the room has a sign on the door that reads “Room 1.” This sign was placed on the door with the hope that people would not look for important servers in this room. Realizing this is not optimum security, the company has decided to install a reinforced lock and server cage for the server and remove the sign. They have also hardened the server’s configuration and employed strict operating system access controls. The operating system access controls comprise which of the following? A. B. C. D. Logical controls Physical controls Administrative controls Compensating controls Correct Answer: A Section: (none) Explanation Explanation/Reference: Logical (or technical) controls are security mechanisms, as in firewalls, encryption, software permissions, and authentication devices. They are commonly used in tandem with physical and administrative controls to provide a defense-in-depth approach to security. QUESTION 22 Use the following scenario to answer Questions 22–24. A company has an e-commerce website that carries out 60 percent of its annual revenue. Under the current circumstances, the annualized loss expectancy for a website against the threat of attack is $92,000. After implementing a new application-layer firewall, the new annualized loss expectancy would be $30,000. The firewall costs $65,000 per year to implement and maintain. How much does the firewall save the company in loss expenses? A. B. C. D. $62,000 $3,000 $65,000 $30,000 Correct Answer: A http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: $62,000 is the correct answer. The firewall reduced the annualized loss expectancy (ALE) from $92,000 to $30,000 for a savings of $62,000. The formula for ALE is single loss expectancy × annualized rate of occurrence = ALE. Subtracting the ALE value after the firewall is implemented from the value before it was implemented results in the potential loss savings this type of control provides. QUESTION 23 Use the following scenario to answer Questions 22–24. A company has an e-commerce website that carries out 60 percent of its annual revenue. Under the current circumstances, the annualized loss expectancy for a website against the threat of attack is $92,000. After implementing a new application-layer firewall, the new annualized loss expectancy would be $30,000. The firewall costs $65,000 per year to implement and maintain. What is the value of the firewall to the company? A. B. C. D. $62,000 $3,000 –$62,000 –$3,000 Correct Answer: D Section: (none) Explanation Explanation/Reference: –$3,000 is the correct answer. The firewall saves $62,000, but costs $65,000 per year. 62,000 – 65,000 = –3,000. The firewall actually costs the company more than the original expected loss, and thus the value to the company is a negative number. The formula for this calculation is (ALE before the control is implemented) – (ALE after the control is implemented) – (annual cost of control) = value of control. QUESTION 24 Use the following scenario to answer Questions 22–24. A company has an e-commerce website that carries out 60 percent of its annual revenue. Under the current circumstances, the annualized loss expectancy for a website against the threat of attack is $92,000. After implementing a new application-layer firewall, the new annualized loss expectancy would be $30,000. The firewall costs $65,000 per year to implement and maintain. Which of the following describes the company’s approach to risk management? http://www.gratisexam.com/ A. B. C. D. Risk transference Risk avoidance Risk acceptance Risk mitigation Correct Answer: D Section: (none) Explanation Explanation/Reference: Risk mitigation involves employing controls in an attempt to reduce the either the likelihood or damage associated with an incident, or both. The four ways of dealing with risk are accept, avoid, transfer, and mitigate (reduce). A firewall is a countermeasure installed to reduce the risk of a threat. QUESTION 25 Use the following scenario to answer Questions 25–27. A small remote office for a company is valued at $800,000. It is estimated, based on historical data, that a fire is likely to occur once every ten years at a facility in this area. It is estimated that such a fire would destroy 60 percent of the facility under the current circumstances and with the current detective and preventative controls in place. What is the Single Loss Expectancy (SLE) for the facility suffering from a fire? A. B. C. D. $80,000 $480,000 $320,000 60% Correct Answer: B Section: (none) Explanation Explanation/Reference: $480,000 is the correct answer. The formula for single loss expectancy (SLE) is asset value × exposure factor (EF) = SLE. In this situation the formula would work out as asset value ($800,000) × exposure factor (60%) = $480,000. This means that the company has a potential loss value of $480,000 pertaining to this one asset (facility) and this one threat type (fire). QUESTION 26 http://www.gratisexam.com/ Use the following scenario to answer Questions 25–27. A small remote office for a company is valued at $800,000. It is estimated, based on historical data, that a fire is likely to occur once every ten years at a facility in this area. It is estimated that such a fire would destroy 60 percent of the facility under the current circumstances and with the current detective and preventative controls in place. What is the Annualized Rate of Occurrence (ARO)? A. B. C. D. 1 10 .1 .01 Correct Answer: C Section: (none) Explanation Explanation/Reference: The annualized rate occurrence (ARO) is the frequency that a threat will most likely occur within a 12-month period. It is a value used in the ALE formula, which is SLE × ARO = ALE. QUESTION 27 Use the following scenario to answer Questions 25–27. A small remote office for a company is valued at $800,000. It is estimated, based on historical data, that a fire is likely to occur once every ten years at a facility in this area. It is estimated that such a fire would destroy 60 percent of the facility under the current circumstances and with the current detective and preventative controls in place. What is the Annualized Loss Expectancy (ALE)? A. B. C. D. $480,000 $32,000 $48,000 .6 Correct Answer: C Section: (none) Explanation Explanation/Reference: $48,000 is the correct answer. The annualized loss expectancy formula (SLE × ARO = ALE) is used to calculate the loss potential for one asset experiencing one threat in a 12-month period. The resulting ALE value helps to determine http://www.gratisexam.com/ the amount that can be reasonably be spent in the protection of that asset. In this situation, the company should not spend over $48,000 on protecting this asset from the threat of fire. ALE values help organizations rank the severity level of the risks they face so they know which ones to deal with first and how much to spend on each. QUESTION 28 The international standards bodies ISO and IEC developed a series of standards that are used in organizations around the world to implement and maintain information security management systems. The standards were derived from the British Standard 7799, which was broken down into two main pieces. Organizations can use this series of standards as guidelines, but can also be certified against them by accredited third parties. Which of the following are incorrect mappings pertaining to the individual standards that make up the ISO/IEC 27000 series? i. ISO/IEC 27001 outlines ISMS implementation guidelines, and ISO/IEC 27003 outlines the ISMS program’s requirements. ii. ISO/IEC 27005 outlines the audit and certification guidance, and ISO/IEC 27002 outlines the metrics framework. iii. ISO/IEC 27006 outlines the program implementation guidelines, and ISO/IEC 27005 outlines risk management guidelines. iv. ISO/IEC 27001 outlines the code of practice, and ISO/IEC 27004 outlines the implementation framework. A. B. C. D. i, iii i, ii ii, iii, iv i, ii, iii, iv Correct Answer: D Section: (none) Explanation Explanation/Reference: Unfortunately, you will run into questions on the CISSP exam that will be this confusing, so you need to be ready for them. The proper mapping for the ISO/IEC standards are as follows: • ISO/IEC 27001 ISMS requirements • ISO/IEC 27002 Code of practice for information security management • ISO/IEC 27003 Guideline for ISMS implementation • ISO/IEC 27004 Guideline for information security management measurement and metrics framework • ISO/IEC 27005 Guideline for information security risk management • ISO/IEC 27006 Guidance for bodies providing audit and certification of information security management systems QUESTION 29 The information security industry is made up of various best practices, standards, models, and frameworks. Some were not developed first with security in mind, but http://www.gratisexam.com/ can be integrated into an organizational security program to help in its effectiveness and efficiency. It is important to know of all of these different approaches so that an organization can choose the ones that best fit its business needs and culture. Which of the following best describes the approach(es) that should be put into place if an organization wants to integrate a way to improve its security processes over a period of time? i. Information Technology Infrastructure Library should be integrated because it allows for the mapping of IT service process management, business drivers, and security improvement. ii. Six Sigma should be integrated because it allows for the defects of security processes to be identified and improved upon. iii. Capability Maturity Model should be integrated because it provides distinct maturity levels. iv. The Open Group Architecture Framework should be integrated because it provides a structure for process improvement. A. B. C. D. i, iii ii, iii, iv ii, iii ii, iv Correct Answer: C Section: (none) Explanation Explanation/Reference: The best process improvement approaches provided in this list are Six Sigma and the Capability Maturity Model. The following outlines the definitions for all items in this question: • TOGAF Model and methodology for the development of enterprise architectures developed by The Open Group • ITIL Processes to allow for IT service management developed by the United Kingdom’s Office of Government Commerce • Six Sigma Business management strategy that can be used to carry out process improvement • Capability Maturity Model Integration (CMMI) Organizational development for process improvement developed by Carnegie Mellon QUESTION 30 Use the following scenario to answer Questions 30–32. Todd is a new security manager and has the responsibility of implementing personnel security controls within the financial institution where he works. Todd knows that many employees do not fully understand how their actions can put the institution at risk; thus, an awareness program needs to be developed. He has determined that the bank tellers need to get a supervisory override when customers have checks over $3,500 that need to be cashed. He has also uncovered that some employees have stayed in their specific positions within the company for over three years. Todd would like to be able to investigate some of the bank’s personnel activities to see if any fraudulent activities have taken place. Todd is already ensuring that two people must use separate keys at the same time to open the bank vault. http://www.gratisexam.com/ Todd documents several fraud opportunities that the employees have at the financial institution so that management understands these risks and allocates the funds and resources for his suggested solutions. Which of the following best describes the control Todd should put into place to be able to carry out fraudulent investigation activity? A. B. C. D. Separation of duties Rotation of duties Mandatory vacations Split knowledge Correct Answer: C Section: (none) Explanation Explanation/Reference: Mandatory vacation is an administrative detective control that allows for an organization to investigate an employee’s daily business activities to uncover any potential fraud that may be taking place. The employee should be forced to be away from the organization for a two-week period and another person put into that role. The idea is that the person who was rotated into that position may be able to detect suspicious activities. QUESTION 31 Use the following scenario to answer Questions 30–32. Todd is a new security manager and has the responsibility of implementing personnel security controls within the financial institution where he works. Todd knows that many employees do not fully understand how their actions can put the institution at risk; thus, an awareness program needs to be developed. He has determined that the bank tellers need to get a supervisory override when customers have checks over $3,500 that need to be cashed. He has also uncovered that some employees have stayed in their specific positions within the company for over three years. Todd would like to be able to investigate some of the bank’s personnel activities to see if any fraudulent activities have taken place. Todd is already ensuring that two people must use separate keys at the same time to open the bank vault. If the financial institution wants to force collusion to take place for fraud to happen successfully in this situation, what should Todd put into place? A. B. C. D. Separation of duties Rotation of duties Social engineering Split knowledge Correct Answer: A http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: Separation of duties is an administrative control that is put into place to ensure that one person cannot carry out a critical task by himself. If a person were able to carry out a critical task alone, this could put the organization at risk. Collusion is when two or more people come together to carry out fraud. So if a task was split between two people, they would have to carry out collusion (working together) to complete that one task and carry out fraud. QUESTION 32 Use the following scenario to answer Questions 30–32. Todd is a new security manager and has the responsibility of implementing personnel security controls within the financial institution where he works. Todd knows that many employees do not fully understand how their actions can put the institution at risk; thus, an awareness program needs to be developed. He has determined that the bank tellers need to get a supervisory override when customers have checks over $3,500 that need to be cashed. He has also uncovered that some employees have stayed in their specific positions within the company for over three years. Todd would like to be able to investigate some of the bank’s personnel activities to see if any fraudulent activities have taken place. Todd is already ensuring that two people must use separate keys at the same time to open the bank vault. Todd wants to be able to prevent fraud from taking place, but he knows that some people may get around the types of controls he puts into place. In those situations he wants to be able to identify when an employee is doing something suspicious. Which of the following incorrectly describes what Todd is implementing in this scenario and what those specific controls provide? A. Separation of duties by ensuring that a supervisor must approve the cashing of a check over $3,500. This is an administrative control that provides preventative protection for Todd’s organization. B. Rotation of duties by ensuring that one employee only stays in one position for up to three months of a time. This is an administrative control that provides detective capabilities. C. Security awareness training, which is a preventive administrative control that can also emphasize enforcement. D. Dual control, which is an administrative detective control that can ensure that two employees must carry out a task simultaneously. Correct Answer: D Section: (none) Explanation Explanation/Reference: Dual control is an administrative preventative control. It ensures that two people must carry out a task at the same time, as in two people having separate keys when opening the vault. It is not a detective control. Notice that the question asks what Todd is not doing. Remember that on the exam http://www.gratisexam.com/ you need to choose the best answer. In many situations you will not like the question or the corresponding answers on the CISSP exam, so prepare yourself. The questions can be tricky, which is one reason why the exam itself is so difficult. QUESTION 33 Use the following scenario to answer Questions 33–35. Sam has just been hired as the new security officer for a pharmaceutical company. The company has experienced many data breaches and has charged Sam with ensuring that the company is better protected. The company currently has the following classifications in place: public, confidential, and secret. There is a data classification policy that outlines the classification scheme and the definitions for each classification, but there is no supporting documentation that the technical staff can follow to know how to meet these goals. The company has no data loss prevention controls in place and only conducts basic security awareness training once a year. Talking to the business unit managers, he finds out that only half of them even know where the company’s policies are located and none of them know their responsibilities pertaining to classifying data. Which of the following best describes what Sam should address first in this situation? A. B. C. D. Integrate data protection roles and responsibilities within the security awareness training and require everyone to attend it within the next 15 days. Review the current classification policies to ensure that they properly address the company’s risks. Meet with senior management and get permission to enforce data owner tasks for each business unit manager. Audit all of the current data protection controls in place to get a firm understanding of what vulnerabilities reside in the environment. Correct Answer: B Section: (none) Explanation Explanation/Reference: While each answer is a good thing for Sam to carry out, the first thing that needs to be done is to ensure that the policies properly address data classification and protection requirements for the company. Policies provide direction, and all other documents (standards, procedures, guidelines) and security controls are derived from the policies and support them. QUESTION 34 Use the following scenario to answer Questions 33–35. Sam has just been hired as the new security officer for a pharmaceutical company. The company has experienced many data breaches and has charged Sam with ensuring that the company is better protected. The company currently has the following classifications in place: public, confidential, and secret. There is a data classification policy that outlines the classification scheme and the definitions for each classification, but there is no supporting documentation that the technical staff can follow to know how to meet these goals. The company has no data loss prevention controls in place and only conducts basic security awareness training once a year. Talking to the business unit managers, he http://www.gratisexam.com/ finds out that only half of them even know where the company’s policies are located and none of them know their responsibilities pertaining to classifying data. Sam needs to get senior management to assign the responsibility of protecting specific data sets to the individual business unit managers, thus making them data owners. Which of the following would be the most important in the criteria the managers would follow in the process of actually classifying data once this responsibility has been assigned to them? A. B. C. D. Usefulness of the data Age of the data Value of the data Compliance requirements of the data Correct Answer: C Section: (none) Explanation Explanation/Reference: Data is one of the most critical assets to any organization. The value of the asset must be understood so that the organization knows which assets require the most protection. There are many components that go into calculating the value of an asset: cost of replacement, revenue generated from asset, amount adversaries would pay for the asset, cost that went into the development of the asset, productivity costs if asset was absent or destroyed, and liability costs of not properly protecting the asset. So the data owners need to be able to determine the value of the data to the organization for proper classification purposes. QUESTION 35 Use the following scenario to answer Questions 33–35. Sam has just been hired as the new security officer for a pharmaceutical company. The company has experienced many data breaches and has charged Sam with ensuring that the company is better protected. The company currently has the following classifications in place: public, confidential, and secret. There is a data classification policy that outlines the classification scheme and the definitions for each classification, but there is no supporting documentation that the technical staff can follow to know how to meet these goals. The company has no data loss prevention controls in place and only conducts basic security awareness training once a year. Talking to the business unit managers, he finds out that only half of them even know where the company’s policies are located and none of them know their responsibilities pertaining to classifying data. From this scenario, what has the company accomplished so far? A. Implementation of administrative controls B. Implementation of operational controls http://www.gratisexam.com/ C. Implementation of physical controls D. Implementation of logical controls Correct Answer: A Section: (none) Explanation Explanation/Reference: The company has developed a data classification policy, which is an administrative control. QUESTION 36 Use the following scenario to answer Questions 36–38. Susan has been told by her boss that she will be replacing the current security manager within her company. Her boss explained to her that operational security measures have not been carried out in a standard fashion, so some systems have proper security configurations and some do not. Her boss needs to understand how dangerous it is to have some of the systems misconfigured along with what to do in this situation. Which of the following best describes what Susan needs to ensure the operations staff creates for proper configuration standardization? A. B. C. D. Dual control Redundancy Training Baselines Correct Answer: D Section: (none) Explanation Explanation/Reference: The operations staff needs to know what minimum level of security is required per system within the network. This minimum level of security is referred to as a baseline. Once a baseline is set per system, then the staff has something to compare the system against to know if changes have not taken place properly, which could make the system vulnerable. QUESTION 37 Use the following scenario to answer Questions 36–38. Susan has been told by her boss that she will be replacing the current security manager within her company. Her boss explained to her that operational security http://www.gratisexam.com/ measures have not been carried out in a standard fashion, so some systems have proper security configurations and some do not. Her boss needs to understand how dangerous it is to have some of the systems misconfigured along with what to do in this situation. Which of the following is the best way to illustrate to her boss the dangers of the current configuration issues? A. B. C. D. Map the configurations to the compliancy requirements. Compromise a system to illustrate its vulnerability. Audit the systems. Carry out a risk assessment. Correct Answer: D Section: (none) Explanation Explanation/Reference: Susan needs to illustrate these vulnerabilities (misconfigured systems) in the context of risk to her boss. This means she needs to identify the specific vulnerabilities, associate threats to those vulnerabilities, and calculate their risks. This will allow her boss to understand how critical these issues are and what type of action needs to take place. QUESTION 38 Use the following scenario to answer Questions 36–38. Susan has been told by her boss that she will be replacing the current security manager within her company. Her boss explained to her that operational security measures have not been carried out in a standard fashion, so some systems have proper security configurations and some do not. Her boss needs to understand how dangerous it is to have some of the systems misconfigured along with what to do in this situation. Which of the following is one of the most likely solutions that Susan will come up with and present to her boss? A. B. C. D. Development of standards Development of training Development of monitoring Development of testing Correct Answer: A Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ Standards need to be developed that outline proper configuration management processes and approved baseline configuration settings. Once these standards are developed and put into place, then employees can be trained on these issues and how to implement and maintain what is outlined in the standards. Systems can be tested against what is laid out in the standards, and systems can be monitored to detect if there are configurations that do not meet the requirements outlined in the standards. You will find that some CISSP questions seem subjective and their answers hard to pin down. Questions that ask what is “best” or “more likely” are common. http://www.gratisexam.com/ Chapter 3 - Access Control QUESTION 1 Which of the following statements correctly describes biometric methods? A. B. C. D. They are the least expensive and provide the most protection. They are the most expensive and provide the least protection. They are the least expensive and provide the least protection. They are the most expensive and provide the most protection. Correct Answer: D Section: (none) Explanation Explanation/Reference: Compared with the other available authentication mechanisms, biometric methods provide the highest level of protection and are the most expensive. QUESTION 2 Which of the following statements correctly describes passwords? A. B. C. D. They are the least expensive and most secure. They are the most expensive and least secure. They are the least expensive and least secure. They are the most expensive and most secure. Correct Answer: C Section: (none) Explanation Explanation/Reference: Passwords provide the least amount of protection, but are the cheapest because they do not require extra readers (as with smart cards and memory cards), do not require devices (as do biometrics), and do not require a lot of overhead in processing (as in cryptography). Passwords are the most common type of authentication method used today. QUESTION 3 How is a challenge/response protocol utilized with token device implementations? http://www.gratisexam.com/ A. B. C. D. This protocol is not used; cryptography is used. An authentication service generates a challenge, and the smart token generates a response based on the challenge. The token challenges the user for a username and password. The token challenges the user’s password against a database of stored credentials. Correct Answer: B Section: (none) Explanation Explanation/Reference: An asynchronous token device is based on challenge/response mechanisms. The authentication service sends the user a challenge value, which the user enters into the token. The token encrypts or hashes this value, and the user uses this as her one-time password. QUESTION 4 Which access control method is considered user-directed? A. B. C. D. Nondiscretionary Mandatory Identity-based Discretionary Correct Answer: D Section: (none) Explanation Explanation/Reference: The DAC model allows users, or data owners, the discretion of letting other users access their resources. DAC is implemented by ACLs, which the data owner can configure. QUESTION 5 Which item is not part of a Kerberos authentication implementation? A. B. C. D. Message authentication code Ticket granting service Authentication service Users, programs, and services http://www.gratisexam.com/ Correct Answer: A Section: (none) Explanation Explanation/Reference: Message authentication code (MAC) is a cryptographic function and is not a key component of Kerberos. Kerberos is made up of a KDC, a realm of principals (users, services, applications, and devices), an authentication service, tickets, and a ticket granting service. QUESTION 6 If a company has a high turnover rate, which access control structure is best? A. B. C. D. Role-based Decentralized Rule-based Discretionary Correct Answer: A Section: (none) Explanation Explanation/Reference: It is easier on the administrator if she only has to create one role, assign all of the necessary rights and permissions to that role, and plug a user into that role when needed. Otherwise, she would need to assign and extract permissions and rights on all systems as each individual came and left the company. QUESTION 7 The process of mutual authentication involves _______________. A. B. C. D. A user authenticating to a system and the system authenticating to the user A user authenticating to two systems at the same time A user authenticating to a server and then to a process A user authenticating, receiving a ticket, and then authenticating to a service Correct Answer: A Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: Mutual authentication means it is happening in both directions. Instead of just the user having to authenticate to the server, the server also must authenticate to the user. QUESTION 8 In discretionary access control security, who has delegation authority to grant access to data? A. B. C. D. User Security officer Security policy Owner Correct Answer: D Section: (none) Explanation Explanation/Reference: This question may seem a little confusing if you were stuck between user and owner. Only the data owner can decide who can access the resources she owns. She may be a user and she may not. A user is not necessarily the owner of the resource. Only the actual owner of the resource can dictate what subjects can actually access the resource. QUESTION 9 Which could be considered a single point of failure within a single sign-on implementation? A. B. C. D. Authentication server User’s workstation Logon credentials RADIUS Correct Answer: A Section: (none) Explanation Explanation/Reference: In a single sign-on technology, all users are authenticating to one source. If http://www.gratisexam.com/ that source goes down, authentication requests cannot be processed. QUESTION 10 What role does biometrics play in access control? A. B. C. D. Authorization Authenticity Authentication Accountability Correct Answer: C Section: (none) Explanation Explanation/Reference: Biometrics is a technology that validates an individual’s identity by reading a physical attribute. In some cases, biometrics can be used for identification, but that was not listed as an answer choice. QUESTION 11 What determines if an organization is going to operate under a discretionary, mandatory, or nondiscretionary access control model? A. B. C. D. Administrator Security policy Culture Security levels Correct Answer: B Section: (none) Explanation Explanation/Reference: The security policy sets the tone for the whole security program. It dictates the level of risk that management and the company are willing to accept. This in turn dictates the type of controls and mechanisms to put in place to ensure this level of risk is not exceeded. QUESTION 12 Which of the following best describes what role-based access control offers companies in reducing administrative burdens? http://www.gratisexam.com/ A. B. C. D. It allows entities closer to the resources to make decisions about who can and cannot access resources. It provides a centralized approach for access control, which frees up department managers. User membership in roles can be easily revoked and new ones established as job assignments dictate. It enforces enterprise-wide security policies, standards, and guidelines. Correct Answer: C Section: (none) Explanation Explanation/Reference: An administrator does not need to revoke and reassign permissions to individual users as they change jobs. Instead, the administrator assigns permissions and rights to a role, and users are plugged into those roles. QUESTION 13 Which of the following is the best description of directories that are used in identity management technology? A. B. C. D. Most are hierarchical and follow the X.500 standard. Most have a flat architecture and follow the X.400 standard. Most have moved away from LDAP. Many use LDA. Correct Answer: A Section: (none) Explanation Explanation/Reference: Most enterprises have some type of directory that contains information pertaining to the company’s network resources and users. Most directories follow a hierarchical database format, based on the X.500 standard, and a type of protocol, as in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory. Applications can request information about a particular user by making an LDAP request to the directory, and users can request information about a specific resource by using a similar request. QUESTION 14 Which of the following is not part of user provisioning? http://www.gratisexam.com/ A. B. C. D. Creation and deactivation of user accounts Business process implementation Maintenance and deactivation of user objects and attributes Delegating user administration Correct Answer: B Section: (none) Explanation Explanation/Reference: User provisioning refers to the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. User provisioning software may include one or more of the following components: change propagation, self-service workflow, consolidated user administration, delegated user administration, and federated change control. User objects may represent employees, contractors, vendors, partners, customers, or other recipients of a service. Services may include electronic mail, access to a database, access to a file server or mainframe, and so on. QUESTION 15 What is the technology that allows a user to remember just one password? A. B. C. D. Password generation Password dictionaries Password rainbow tables Password synchronization Correct Answer: D Section: (none) Explanation Explanation/Reference: Password synchronization technologies can allow a user to maintain just one password across multiple systems. The product will synchronize the password to other systems and applications, which happens transparently to the user. QUESTION 16 Which of the following is not considered an anomaly-based intrusion protection system? http://www.gratisexam.com/ A. B. C. D. Statistical anomaly–based Protocol anomaly–based Temporal anomaly–based Traffic anomaly–based Correct Answer: C Section: (none) Explanation Explanation/Reference: Behavioral-based system that learns the “normal” activities of an environment. The three types are listed next: • Statistical anomaly–based Creates a profile of “normal” and compares activities to this profile • Protocol anomaly–based Identifies protocols used outside of their common bounds • Traffic anomaly–based Identifies unusual activity in network traffic QUESTION 17 The next graphic covers which of the following: http://www.gratisexam.com/ http://www.gratisexam.com/ A. B. C. D. Crossover error rate Identity verification Authorization rates Authentication error rates Correct Answer: B Section: (none) Explanation Explanation/Reference: These steps are taken to convert the biometric input for identity verification: i. A software application identifies specific points of data as match points. ii. An algorithm is used to process the match points and translate that information into a numeric value. iii. Authentication is approved or denied when the database value is compared with the end user input entered into the scanner. QUESTION 18 The diagram shown next explains which of the following concepts: http://www.gratisexam.com/ A. B. C. D. Crossover error rate. Type III errors. FAR equals FRR in systems that have a high crossover error rate. Biometrics is a high acceptance technology. Correct Answer: A Section: (none) Explanation Explanation/Reference: This rating is stated as a percentage and represents the point at which the http://www.gratisexam.com/ false rejection rate equals the false acceptance rate. This rating is the most important measurement when determining a biometric system’s accuracy. • (Type I error) rejects authorized individual • False Reject Rate (FRR) • (Type II error) accepts impostor • False Acceptance Rate (FAR) QUESTION 19 The graphic shown here illustrates how which of the following works: A. Rainbow tables B. Dictionary attack http://www.gratisexam.com/ C. One-time password D. Strong authentication Correct Answer: C Section: (none) Explanation Explanation/Reference: Different types of one-time passwords are used for authentication. This graphic illustrates a synchronous token device, which synchronizes with the authentication service by using time or a counter as the core piece of the authentication process. QUESTION 20 Which of the following has the correct definition mapping? i. Brute force attacks Performed with tools that cycle through many possible character, number, and symbol combinations to uncover a password. ii. Dictionary attacks Files of thousands of words are compared to the user’s password until a match is found. iii. Social engineering An attacker falsely convinces an individual that she has the necessary authorization to access specific resources. iv. Rainbow table An attacker uses a table that contains all possible passwords already in a hash format. A. B. C. D. i, ii i, ii, iv i, ii, iii, iv i, ii, iii Correct Answer: C Section: (none) Explanation Explanation/Reference: The list has all the correct terms to definition mappings. QUESTION 21 George is responsible for setting and tuning the thresholds for his company’s behavior-based IDS. Which of the following outlines the possibilities of not doing this activity properly? A. If the threshold is set too low, nonintrusive activities are considered attacks (false positives). If the threshold is set too high, then malicious activities are not identified (false negatives). B. If the threshold is set too low, nonintrusive activities are considered attacks (false negatives). If the threshold is set too high, then malicious activities are not http://www.gratisexam.com/ identified (false positives). C. If the threshold is set too high, nonintrusive activities are considered attacks (false positives). If the threshold is set too low, then malicious activities are not identified (false negatives). D. If the threshold is set too high, nonintrusive activities are considered attacks (false positives). If the threshold is set too high, then malicious activities are not identified (false negatives). Correct Answer: C Section: (none) Explanation Explanation/Reference: If the threshold is set too high, non-intrusive activities are considered attacks (false positives). If the threshold is set too low, then malicious activities are not identified (false negatives). QUESTION 22 Use the following scenario to answer Questions 22–24. Tom is a new security manager for a retail company, which currently has an identity management system (IdM) in place. The data within the various identity stores update more quickly than the current IDM software can keep up with, so some access decisions are made based upon obsolete information. While the IDM currently provides centralized access control of internal network assets, it is not tied into the web-based access control components that are embedded within the company’s partner portals. Tom also notices that help-desk technicians are spending too much time resetting passwords for internal employees. Which of the following changes would be best for Tom’s team to implement? A. B. C. D. Move from namespaces to distinguished names. Move from meta-directories to virtual directories. Move from RADIUS to TACACS+. Move from a centralized to a decentralized control model. Correct Answer: B Section: (none) Explanation Explanation/Reference: A meta-directory within an IDM physically contains the identity information within an identity store. It allows identity information to be pulled from various locations and be stored in one local system (identity store). The data within the identity store are updated through a replication process, which may take place weekly, daily, or hourly depending upon http://www.gratisexam.com/ configuration. Virtual directories use pointers to where the identity data reside on the original system; thus, no replication processes are necessary. Virtual directories usually provide the most up-to-date identity information since they point to the original source of the data. QUESTION 23 Use the following scenario to answer Questions 22–24. Tom is a new security manager for a retail company, which currently has an identity management system (IdM) in place. The data within the various identity stores update more quickly than the current IDM software can keep up with, so some access decisions are made based upon obsolete information. While the IDM currently provides centralized access control of internal network assets, it is not tied into the web-based access control components that are embedded within the company’s partner portals. Tom also notices that help-desk technicians are spending too much time resetting passwords for internal employees. Which of the following components should Tom make sure his team puts into place? A. B. C. D. Single sign-on module LDAP directory service synchronization Web access management X.500 database Correct Answer: C Section: (none) Explanation Explanation/Reference: Web access management (WAM) is a component of most IDM products that allows for identity management of web-based activities to be integrated and managed centrally. QUESTION 24 Use the following scenario to answer Questions 22–24. Tom is a new security manager for a retail company, which currently has an identity management system (IdM) in place. The data within the various identity stores update more quickly than the current IDM software can keep up with, so some access decisions are made based upon obsolete information. While the IDM currently provides centralized access control of internal network assets, it is not tied into the web-based access control components that are embedded within the company’s partner portals. Tom also notices that help-desk technicians are spending too much time resetting passwords for internal employees. Tom has been told that he has to reduce staff from the help-desk team. Which of the following technologies can help with the company’s help-desk budgetary issues? http://www.gratisexam.com/ A. B. C. D. Self-service password support RADIUS implementation Reduction of authoritative IdM sources Implement a role-based access control model Correct Answer: A Section: (none) Explanation Explanation/Reference: If help-desk staff is spending too much time with password resetting, then a technology should be implemented to reduce the amount of time paid staff is spending on this task. The more tasks that can be automated through technology, the less of the budget that has to be spent on staff. The following are password management functionalities that are included in most IDM products: • Password Synchronization Reduces the complexity of keeping up with different passwords for different systems. • Self-Service Password Reset Reduces help-desk call volumes by allowing users to reset their own passwords. • Assisted Password Reset Reduces the resolution process for password issues for the help desk. This may include authentication with other types of authentication mechanisms (biometrics, tokens). QUESTION 25 Use the following scenario to answer Questions 25–27. Lenny is a new security manager for a retail company that is expanding its functionality to its partners and customers. The company’s CEO wants to allow its partners’ customers to be able to purchase items through their web stores as easily as possible. The CEO also wants the company’s partners to be able to manage inventory across companies more easily. The CEO wants to be able to understand the network traffic and activities in a holistic manner, and he wants to know from Lenny what type of technology should be put into place to allow for a more proactive approach to stopping malicious traffic if it enters the network. The company is a high-profile entity constantly dealing with zero-day attacks. Which of the following is the best identity management technology that Lenny should consider implementing to accomplish some of the company’s need? A. B. C. D. LDAP directories for authoritative sources Digital identity provisioning Active Directory Federated identity http://www.gratisexam.com/ Correct Answer: D Section: (none) Explanation Explanation/Reference: Federation identification allows for the company and its partners to share customer authentication information. When a customer authenticates to a partner web site, that authentication information can be passed to the retail company, so when the customer visits the retail company’s web site, the user has less amount of user profile information she has to submit and the authentication steps she has to go through during the purchase process could potentially be reduced. If the companies have a set trust model and share the same or similar federated identity management software and settings, this type of structure and functionality is possible. QUESTION 26 Use the following scenario to answer Questions 25–27. Lenny is a new security manager for a retail company that is expanding its functionality to its partners and customers. The company’s CEO wants to allow its partners’ customers to be able to purchase items through their web stores as easily as possible. The CEO also wants the company’s partners to be able to manage inventory across companies more easily. The CEO wants to be able to understand the network traffic and activities in a holistic manner, and he wants to know from Lenny what type of technology should be put into place to allow for a more proactive approach to stopping malicious traffic if it enters the network. The company is a high-profile entity constantly dealing with zero-day attacks. Lenny has a meeting with the internal software developers who are responsible for implementing the necessary functionality within the web-based system. Which of the following best describes the two items that Lenny needs to be prepared to discuss with this team? A. B. C. D. Service Provisioning Markup Language and the eXtensible Access Control Markup Language Standard Generalized Markup Language and the Generalized Markup Language Extensible Markup Language and the HyperText Markup Language Service Provisioning Markup Language and the Generalized Markup Language Correct Answer: A Section: (none) Explanation Explanation/Reference: The Service Provisioning Markup Language (SPML) allows company interfaces to pass service requests, and the receiving company provisions (allows) access to these services. Both the sending and receiving companies http://www.gratisexam.com/ need to be following XML standard, which will allow this type of interoperability to take place. When using the eXtensible Access Control Markup Language (XACML), application security policies can be shared with other applications to ensure that both are following the same security rules. The developers need to integrate both of these language types to allow for their partner employees to interact with their inventory systems without having to conduct a second authentication step. The use of the languages can reduce the complexity of inventory control between the different companies. QUESTION 27 Use the following scenario to answer Questions 25–27. Lenny is a new security manager for a retail company that is expanding its functionality to its partners and customers. The company’s CEO wants to allow its partners’ customers to be able to purchase items through their web stores as easily as possible. The CEO also wants the company’s partners to be able to manage inventory across companies more easily. The CEO wants to be able to understand the network traffic and activities in a holistic manner, and he wants to know from Lenny what type of technology should be put into place to allow for a more proactive approach to stopping malicious traffic if it enters the network. The company is a high-profile entity constantly dealing with zero-day attacks. Pertaining to the CEO’s security concerns, what should Lenny suggest the company put into place? A. B. C. D. Security event management software, intrusion prevention system, and behavior-based intrusion detection Security information and event management software, intrusion detection system, and signature-based protection Intrusion prevention system, security event management software, and malware protection Intrusion prevention system, security event management software, and war dialing protection Correct Answer: A Section: (none) Explanation Explanation/Reference: Security event management software allows for network traffic to be viewed holistically by gathering log data centrally and analyzing them. The intrusion prevention system allows for proactive measures to be put into place to help in stopping malicious traffic from entering the network. Behavior-based intrusion detection can identify new types of attack (zero day) compared to signature-based intrusion detection. QUESTION 28 Use the following scenario to answer Questions 28–29. Robbie is the security administrator of a company that needs to extend its remote access functionality. Employees travel around the world, but still need to be able http://www.gratisexam.com/ to gain access to corporate assets as in databases, servers, and network-based devices. Also, while the company has had a VoIP Chapter 3: Access Control telephony solution in place for two years, it has not been integrated into a centralized access control solution. Currently the network administrators have to maintain access control separately for internal resources, external entities, and VoIP end systems. Robbie has also been asked to look into some specious e-mails that the CIO’s secretary has been receiving, and her boss has asked her to remove some old modems that are no longer being used for remote dial-in purposes. Which of the following is the best remote access technology for this situation? A. B. C. D. RADIUS TACAS+ Diameter Kerberos Correct Answer: C Section: (none) Explanation Explanation/Reference: The Diameter protocol extends the RADIUS protocol to allow for various types of authentication to take place with a variety of different technologies (PPP, VoIP, Ethernet, etc.). It has extensive flexibility and allows for the centralized administration of access control. QUESTION 29 Use the following scenario to answer Questions 28–29. Robbie is the security administrator of a company that needs to extend its remote access functionality. Employees travel around the world, but still need to be able to gain access to corporate assets as in databases, servers, and network-based devices. Also, while the company has had a VoIP Chapter 3: Access Control telephony solution in place for two years, it has not been integrated into a centralized access control solution. Currently the network administrators have to maintain access control separately for internal resources, external entities, and VoIP end systems. Robbie has also been asked to look into some specious e-mails that the CIO’s secretary has been receiving, and her boss has asked her to remove some old modems that are no longer being used for remote dial-in purposes. What are the two main security concerns Robbie is most likely being asked to identify and mitigate? A. B. C. D. Social engineering and spear-phishing War dialing and pharming Spear-phishing and war dialing Pharming and spear-phishing Correct Answer: C Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: Spear-phishing is a targeted social engineering attack, which is what the CIO’s secretary is most likely experiencing. War dialing is a brute force attack against devices that use phone numbers, as in modems. If the modems can be removed, the risk of war dialing attacks decreases. QUESTION 30 Use the following scenario to answer Questions 30–32. Tanya is working with the company’s internal software development team. Before a user of an application can access files located on the company’s centralized server, the user must present a valid one-time password, which is generated through a challenge-response mechanism. The company needs to tighten access control for these files and reduce the number of users who can access each and every file. The company is looking to Tanya and her team for solutions to better protect the data that have been classified and deemed critical to the company’s missions. Tanya has also been asked to implement a single sign-on technology for all internal users, but she does not have the budget to implement a public key infrastructure. Which of the following best describes what is currently in place? A. B. C. D. Capability-based access system Synchronous tokens that generate one-time passwords RADIUS Kerberos Correct Answer: A Section: (none) Explanation Explanation/Reference: A capability-based access control system means that the subject (user) has to present something, which outlines what it can access. The item can be a ticket, token, or key. A capability is tied to the subject for access control purposes. A synchronous token is not being used, because the scenario specifically states that a challenge\response mechanism is being used, which indicates an asynchronous token. QUESTION 31 Use the following scenario to answer Questions 30–32. Tanya is working with the company’s internal software development team. Before a user of an application can access files located on the company’s centralized http://www.gratisexam.com/ server, the user must present a valid one-time password, which is generated through a challenge-response mechanism. The company needs to tighten access control for these files and reduce the number of users who can access each and every file. The company is looking to Tanya and her team for solutions to better protect the data that have been classified and deemed critical to the company’s missions. Tanya has also been asked to implement a single sign-on technology for all internal users, but she does not have the budget to implement a public key infrastructure. Which of the following is one of the easiest and best items Tanya can look into for proper data protection? A. B. C. D. Implementation of mandatory access control Implementation of access control lists Implementation of digital signatures Implementation of multilevel security Correct Answer: B Section: (none) Explanation Explanation/Reference: Systems that provide mandatory access control (MAC) and multilevel security are very specialized, require extensive administration, are expensive, and reduce user functionality. Implementing these types of systems is not the easiest approach out of the list. Since there is no budget for a PKI, digital signatures cannot be used because they require a PKI. In most environments access control lists (ACLs) are in place and can be modified to provide tighter access control. ACLs are bound to objects and outline what operations specific subjects can carry out on them. QUESTION 32 Use the following scenario to answer Questions 30–32. Tanya is working with the company’s internal software development team. Before a user of an application can access files located on the company’s centralized server, the user must present a valid one-time password, which is generated through a challenge-response mechanism. The company needs to tighten access control for these files and reduce the number of users who can access each and every file. The company is looking to Tanya and her team for solutions to better protect the data that have been classified and deemed critical to the company’s missions. Tanya has also been asked to implement a single sign-on technology for all internal users, but she does not have the budget to implement a public key infrastructure. Which of the following is the best single sign-on technology for this situation? A. SESAME http://www.gratisexam.com/ B. Kerberos C. RADIUS D. TACACS+ Correct Answer: B Section: (none) Explanation Explanation/Reference: SESAME is a single sign-on technology that is based upon public key cryptography; thus, it requires a PKI. Kerberos is based upon symmetric cryptography; thus, it does not need a PKI. RADIUS and TACACS+ are remote centralized access control protocols. QUESTION 33 Use the following scenario to answer Questions 33–35. Harry is overseeing a team that has to integrate various business services provided by different company departments into one web portal for both internal employees and external partners. His company has a diverse and heterogeneous environment with different types of systems providing customer relationship management, inventory control, e-mail, and help-desk ticketing capabilities. His team needs to allow different users access to these different services in a secure manner. Which of the following best describes the type of environment Harry’s team needs to set up? A. B. C. D. RADIUS Service oriented architecture Public key infrastructure Web services Correct Answer: B Section: (none) Explanation Explanation/Reference: A service oriented architecture will allow Harry’s team to create a centralized web portal and offer the various services needed by internal and external entities. QUESTION 34 Use the following scenario to answer Questions 33–35. http://www.gratisexam.com/ Harry is overseeing a team that has to integrate various business services provided by different company departments into one web portal for both internal employees and external partners. His company has a diverse and heterogeneous environment with different types of systems providing customer relationship management, inventory control, e-mail, and help-desk ticketing capabilities. His team needs to allow different users access to these different services in a secure manner. Which of the following best describes the types of languages and/or protocols that Harry needs to ensure are implemented? A. B. C. D. Security Assertion Markup Language, Extensible Access Control Markup Language, Service Provisioning Markup Language Service Provisioning Markup Language, Simple Object Access Protocol, Extensible Access Control Markup Language Extensible Access Control Markup Language, Security Assertion Markup Language, Simple Object Access Protocol Service Provisioning Markup Language, Security Association Markup Language Correct Answer: C Section: (none) Explanation Explanation/Reference: The most appropriate languages and protocols for the purpose laid out in the scenario are Extensible Access Control Markup Language, Security Assertion Markup Language, and Simple Object Access Protocol. Harry’s group is not necessarily overseeing account provisioning, so the Service Provisioning Markup Language is not necessary, and there is no language called “Security Association Markup Language.” QUESTION 35 Use the following scenario to answer Questions 33–35. Harry is overseeing a team that has to integrate various business services provided by different company departments into one web portal for both internal employees and external partners. His company has a diverse and heterogeneous environment with different types of systems providing customer relationship management, inventory control, e-mail, and help-desk ticketing capabilities. His team needs to allow different users access to these different services in a secure manner. The company’s partners need to integrate compatible authentication functionality into their web portals to allow for interoperability across the different company boundaries. Which of the following will deal with this issue? A. B. C. D. Service Provisioning Markup Language Simple Object Access Protocol Extensible Access Control Markup Language Security Assertion Markup Language http://www.gratisexam.com/ Correct Answer: D Section: (none) Explanation Explanation/Reference: Security Assertion Markup Language allows the exchange of authentication and authorization data to be shared between security domains. It is one of the most used approaches to allow for single sign-on capabilities within a webbased environment. http://www.gratisexam.com/ Chapter 4 - Security Architecture and Design QUESTION 1 What is the final step in authorizing a system for use in an environment? A. B. C. D. Certification Security evaluation and rating Accreditation Verification Correct Answer: C Section: (none) Explanation Explanation/Reference: Certification is a technical review of a product, and accreditation is management’s formal approval of the findings of the certification process. This question asked you which step was the final step in authorizing a system before it is used in an environment, and that is what accreditation is all about. QUESTION 2 What feature enables code to be executed without the usual security checks? A. B. C. D. Temporal isolation Maintenance hook Race conditions Process multiplexing Correct Answer: B Section: (none) Explanation Explanation/Reference: Maintenance hooks get around the system’s or application’s security and access control checks by allowing whomever knows the key sequence to access the application and most likely its code. Maintenance hooks should be removed from any code before it gets into production. QUESTION 3 If a component fails, a system should be designed to do which of the following? http://www.gratisexam.com/ A. B. C. D. Change to a protected execution domain Change to a problem state Change to a more secure state Release all data held in volatile memory Correct Answer: C Section: (none) Explanation Explanation/Reference: The state machine model dictates that a system should start up securely, carry out secure state transitions, and even fail securely. This means that if the system encounters something it deems unsafe, it should change to a more secure state for self-preservation and protection. QUESTION 4 Which is the first level of the Orange Book that requires classification labeling of data? A. B. C. D. B3 B2 B1 C2 Correct Answer: C Section: (none) Explanation Explanation/Reference: These assurance ratings are from the Orange Book. B levels on up require security labels be used, but the question asks which is the first level to require this. B1 comes before B2 and B3, so it is the correct answer. QUESTION 5 The Information Technology Security Evaluation Criteria was developed for which of the following? A. International use B. U.S. use C. European use http://www.gratisexam.com/ D. Global use Correct Answer: C Section: (none) Explanation Explanation/Reference: In ITSEC, the I does not stand for international; it stands for information. This set of criteria was developed to be used by European countries to evaluate and rate their products. QUESTION 6 A guard is commonly used with a classified system. What is the main purpose of implementing and using a guard? A. B. C. D. To ensure that less trusted systems only receive acknowledgments and not messages To ensure proper information flow To ensure that less trusted and more trusted systems have open architectures and interoperability To allow multilevel and dedicated mode systems to communicate Correct Answer: B Section: (none) Explanation Explanation/Reference: The guard accepts requests from the less trusted entity, reviews the request to make sure it is allowed, and then submits the request on behalf of the less trusted system. The goal is to ensure that information does not flow from a high security level to a low security level in an unauthorized manner. QUESTION 7 The trusted computing base (TCB) contains which of the following? A. B. C. D. All trusted processes and software components All trusted security policies and implementation mechanisms All trusted software and design mechanisms All trusted software and hardware components Correct Answer: D Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: The TCB contains and controls all protection mechanisms within the system, whether they are software, hardware, or firmware. QUESTION 8 What is the imaginary boundary that separates components that maintain security from components that are not security related? A. B. C. D. Reference monitor Security kernel Security perimeter Security policy Correct Answer: C Section: (none) Explanation Explanation/Reference: The security perimeter is a boundary between items that are within the TCB and items that are outside the TCB. It is just a mark of delineation between these two groups of items. QUESTION 9 Which model deals only with confidentiality? A. B. C. D. Bell-LaPadula Clark-Wilson Biba Reference monitor Correct Answer: A Section: (none) Explanation Explanation/Reference: The Bell-LaPadula model was developed for the U.S. government with the main goal of keeping sensitive data unreachable to those who were not authorized to access and view it. This was the first mathematical model of a multilevel security policy used to define the concepts of a security state and http://www.gratisexam.com/ mode of access and to outline rules of access. The Biba and Clark-Wilson models do not deal with confidentiality, but with integrity instead. QUESTION 10 What is the best description of a security kernel from a security point of view? A. B. C. D. Reference monitor Resource manager Memory mapper Security perimeter Correct Answer: A Section: (none) Explanation Explanation/Reference: The security kernel is a portion of the operating system’s kernel and enforces the rules outlined in the reference monitor. It is the enforcer of the rules and is invoked each time a subject makes a request to access an object. QUESTION 11 In secure computing systems, why is there a logical form of separation used between processes? A. B. C. D. Processes are contained within their own security domains so each does not make unauthorized accesses to other processes or their resources. Processes are contained within their own security perimeter so they can only access protection levels above them. Processes are contained within their own security perimeter so they can only access protection levels equal to them. The separation is hardware and not logical in nature. Correct Answer: A Section: (none) Explanation Explanation/Reference: Processes are assigned their own variables, system resources, and memory segments, which make up their domain. This is done so they do not corrupt each other’s data or processing activities. QUESTION 12 What type of attack is taking place when a higher-level subject writes data to a storage area and a lower-level subject reads it? http://www.gratisexam.com/ A. B. C. D. TOC/TOU Covert storage attack Covert timing attack Buffer overflow Correct Answer: B Section: (none) Explanation Explanation/Reference: A covert channel is being used when something is using a resource for communication purposes, and that is not the reason this resource was created. A process can write to some type of shared media or storage place that another process will be able to access. The first process writes to this media, and the second process reads it. This action goes against the security policy of the system. QUESTION 13 What type of rating is used within the Common Criteria framework? A. B. C. D. PP EPL EAL A–D Correct Answer: C Section: (none) Explanation Explanation/Reference: The Common Criteria uses a different assurance rating system than the previously used criteria. It has packages of specifications that must be met for a product to obtain the corresponding rating. These ratings and packages are called Evaluation Assurance Levels (EALs). Once a product achieves any type of rating, customers can view this information on an Evaluated Products List (EPL). QUESTION 14 Which best describes the *-integrity axiom? http://www.gratisexam.com/ http://www.gratisexam.com/ A. B. C. D. No write up in the Biba model No read down in the Biba model No write down in the Bell-LaPadula model No read up in the Bell-LaPadula model Correct Answer: A Section: (none) Explanation Explanation/Reference: The *-integrity axiom (or star integrity axiom) indicates that a subject of a lower integrity level cannot write to an object of a higher integrity level. This rule is put into place to protect the integrity of the data that resides at the higher level. QUESTION 15 Which best describes the simple security rule? A. B. C. D. No write up in the Biba model No read down in the Biba model No write down in the Bell-LaPadula model No read up in the Bell-LaPadula model Correct Answer: D Section: (none) Explanation Explanation/Reference: The simple security rule is implemented to ensure that any subject at a lower security level cannot view data that resides at a higher level. The reason http://www.gratisexam.com/ this type of rule is put into place is to protect the confidentiality of the data that resides at the higher level. This rule is used in the Bell-LaPadula model. Remember that if you see “simple” in a rule, it pertains to reading, while * or “star” pertains to writing. QUESTION 16 Which of the following was the first mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access, and to outline rules of access? A. B. C. D. Biba Bell-LaPadula Clark-Wilson State machine Correct Answer: B Section: (none) Explanation Explanation/Reference: This is a formal definition of the Bell-LaPadula model, which was created and implemented to protect confidential government and military information. QUESTION 17 Which of the following is a true statement pertaining to memory addressing? A. The CPU uses absolute addresses. Applications use logical addresses. Relative addresses are based on a known address and an offset value. B. The CPU uses logical addresses. Applications use absolute addresses. Relative addresses are based on a known address and an offset value. C. The CPU uses absolute addresses. Applications use relative addresses. Logical addresses are based on a known address and an offset value. D. The CPU uses absolute addresses. Applications use logical addresses. Absolute addresses are based on a known address and an offset value. Correct Answer: A Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ The physical memory addresses that the CPU uses are called absolute addresses. The indexed memory addresses that software uses are referred to as logical addresses. A relative address is a logical address which incorporates the correct offset value. QUESTION 18 Pete is a new security manager at a financial institution that develops its own internal software for specific proprietary functionality. The financial institution has several locations distributed throughout the world and has bought several individual companies over the last ten years, each with its own heterogeneous environment. Since each purchased company had its own unique environment, it has been difficult to develop and deploy internally developed software in an effective manner that meets all the necessary business unit requirements. Which of the following best describes a standard that Pete should ensure the software development team starts to implement so that various business needs can be met? A. B. C. D. ISO/IEC 42010:2007 Common Criteria ISO/IEC 43010:2007 ISO/IEC 15408 Correct Answer: A Section: (none) Explanation Explanation/Reference: ISO/IEC 42010:2007 is an international standard that outlines specifications for system architecture frameworks and architecture languages. It allows for systems to be developed in a manner that addresses all of the stakeholder’s concerns. QUESTION 19 Which of the following is an incorrect description pertaining to the common components that make up computer systems? i. General registers are commonly used to hold temporary processing data, while special registers are used to hold process characteristic data as in condition bits. ii. A processer sends a memory address and a “read” request down an address bus and a memory address and “write” request down an I/O bus. iii. Process-to-process communication commonly takes place through memory stacks, which are made up of individually addressed buffer locations. iv. A CPU uses a stack return pointer to keep track of the next instruction sets it needs to process. A. B. C. D. i i, ii ii, iii ii, iv http://www.gratisexam.com/ Correct Answer: D Section: (none) Explanation Explanation/Reference: A processer sends a memory address and a “read” request down an address bus. The system reads data from that memory address and puts the requested data on the data bus. A CPU uses a program counter to keep track of the memory addresses containing the instruction sets it needs to process in sequence. A stack pointer is a component used within memory stack communication processes. An I/O bus is used by a peripheral device. QUESTION 20 Mark is a security administrator who is responsible for purchasing new computer systems for a co-location facility his company is starting up. The company has several time-sensitive applications that require extensive processing capabilities. The co-location facility is not as large as the main facility, so it can only fit a smaller number of computers, which still must carry the same processing load as the systems in the main building. Which of the following best describes the most important aspects of the products Mark needs to purchase for these purposes? A. B. C. D. Systems must provide symmetric multiprocessing capabilities and virtualized environments. Systems must provide asymmetric multiprocessing capabilities and virtualized environments. Systems must provide multiprogramming multiprocessing capabilities and virtualized environments. Systems must provide multiprogramming multiprocessing capabilities and symmetric multiprocessing environments. Correct Answer: B Section: (none) Explanation Explanation/Reference: When systems provide asymmetric multiprocessing, this means multiple CPUs can be used for processing. Asymmetric indicates the capability of assigning specific applications to one CPU so that they do not have to share computing capabilities with other competing processes, which increases performance. Since a smaller number of computers can fit in the new location, virtualization should be deployed to allow for several different systems to share the same physical computer platforms. QUESTION 21 Use the following scenario to answer Questions 21–23. Tom is a new security manager who is responsible for reviewing the current software that the company has developed internally. He finds that some of the software is outdated, which causes performance and functionality issues. During his testing procedures he sees that when one program stops functioning, it negatively affects other programs on the same system. He also finds out that as systems run over a period of a month, they start to perform http://www.gratisexam.com/ more slowly, but by rebooting the systems this issue goes away. He also notices that the identification, authentication, and authorization steps built into one software package are carried out by individual and distinct software procedures. Which of the following best describes a characteristic of the software that may be causing issues? A. B. C. D. Cooperative multitasking Preemptive multitasking Maskable interrupt use Nonmaskable interrupt use Correct Answer: A Section: (none) Explanation Explanation/Reference: Cooperative multitasking means that a developer of an application has to properly code his software to release system resources when the application is finished using them, or the other software running on the system could be negatively affected. In this type of situation an application could be poorly coded and not release system resources, which would negatively affect other software running on the system. In a preemptive multitasking environment, the operating system would have more control of system resource allocation and provide more protection for these types of situations. QUESTION 22 Use the following scenario to answer Questions 21–23. Tom is a new security manager who is responsible for reviewing the current software that the company has developed internally. He finds that some of the software is outdated, which causes performance and functionality issues. During his testing procedures he sees that when one program stops functioning, it negatively affects other programs on the same system. He also finds out that as systems run over a period of a month, they start to perform more slowly, but by rebooting the systems this issue goes away. He also notices that the identification, authentication, and authorization steps built into one software package are carried out by individual and distinct software procedures. Which of the following best describes why rebooting helps with system performance in the situation described in this scenario? A. B. C. D. Software is not using cache memory properly. Software is carrying out too many mode transitions. Software is working in ring 0. Software is not releasing unused memory. Correct Answer: D http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: When software is poorly written, it could be allocating memory and not properly releasing it. This can affect the performance of the whole system, since all software processes have to share a limited supply of memory. When a system is rebooted, the memory allocation constructs are reset. QUESTION 23 Use the following scenario to answer Questions 21–23. Tom is a new security manager who is responsible for reviewing the current software that the company has developed internally. He finds that some of the software is outdated, which causes performance and functionality issues. During his testing procedures he sees that when one program stops functioning, it negatively affects other programs on the same system. He also finds out that as systems run over a period of a month, they start to perform more slowly, but by rebooting the systems this issue goes away. He also notices that the identification, authentication, and authorization steps built into one software package are carried out by individual and distinct software procedures. What security issue is Tom most likely concerned with in this situation? A. B. C. D. Time of check\time of use Maintenance hooks Input validation errors Unauthorized loaded kernel modules Correct Answer: A Section: (none) Explanation Explanation/Reference: A time-of-check\time-of-use attack takes place when an attacker is able to change an important parameter while the software is carrying out a sequence of steps. If an attacker could manipulate the authentication steps, she could potentially gain access to resources in an unauthorized manner before being properly identified and authenticated. QUESTION 24 Use the following scenario to answer Questions 24–27. Sarah’s team must build a new operating system for her company’s internal functionality requirements. The system must be able to process data at different classifications levels and allow users of different clearances to be able to interact with only the data that maps to their profile. She is told that the system must provide data hiding, and her boss suggests that her team implement a hybrid microkernel design. Sarah knows that the resulting system must be able to achieve a rating of EAL 6 once it goes through the Common Criteria evaluation process. http://www.gratisexam.com/ Which of the following is a required characteristic of the system Sarah’s team must build? A. B. C. D. Multilevel security Dedicated mode capability Simple security rule Clark-Wilson constructs Correct Answer: A Section: (none) Explanation Explanation/Reference: A multilevel security system allows for data at different classification levels to be processed and allows users with different clearance levels to interact with the system securely. QUESTION 25 Use the following scenario to answer Questions 24–27. Sarah’s team must build a new operating system for her company’s internal functionality requirements. The system must be able to process data at different classifications levels and allow users of different clearances to be able to interact with only the data that maps to their profile. She is told that the system must provide data hiding, and her boss suggests that her team implement a hybrid microkernel design. Sarah knows that the resulting system must be able to achieve a rating of EAL 6 once it goes through the Common Criteria evaluation process. Which of the following reasons best describes her boss’s suggestion on the kernel design of the new system? A. B. C. D. Hardware layer abstraction for portability capability Layered functionality structure Reduced mode transition requirements Central location of all critical operating system processes Correct Answer: C Section: (none) Explanation Explanation/Reference: A hybrid microkernel architecture means that all kernel processes work within kernel mode, which reduces the amount of mode transitions. The reduction of mode transitions reduces performance issues because the CPU does not have to change from user mode to kernel mode as many times during its operation. http://www.gratisexam.com/ QUESTION 26 Use the following scenario to answer Questions 24–27. Sarah’s team must build a new operating system for her company’s internal functionality requirements. The system must be able to process data at different classifications levels and allow users of different clearances to be able to interact with only the data that maps to their profile. She is told that the system must provide data hiding, and her boss suggests that her team implement a hybrid microkernel design. Sarah knows that the resulting system must be able to achieve a rating of EAL 6 once it goes through the Common Criteria evaluation process. Which of the following is a characteristic that this new system will need to implement? A. B. C. D. Multiprogramming Simple integrity axiom Mandatory access control Formal verification Correct Answer: C Section: (none) Explanation Explanation/Reference: Since the new system must achieve a rating of EAL 6, it must implement mandatory access control capabilities. This is an access control model that allows users with different clearances to be able to interact with a system that processes data of different classification levels in a secure manner. The rating of EAL 6 requires semiformally verified design and testing, whereas EAL 7 requires verified design and testing. QUESTION 27 Use the following scenario to answer Questions 24–27. Sarah’s team must build a new operating system for her company’s internal functionality requirements. The system must be able to process data at different classifications levels and allow users of different clearances to be able to interact with only the data that maps to their profile. She is told that the system must provide data hiding, and her boss suggests that her team implement a hybrid microkernel design. Sarah knows that the resulting system must be able to achieve a rating of EAL 6 once it goes through the Common Criteria evaluation process. Which of the following best describes one of the system requirements outlined in this scenario and how it should be implemented? A. B. C. D. Data hiding should be implemented through memory deallocation. Data hiding should be implemented through properly developed interfaces. Data hiding should be implemented through a monolithic architecture. Data hiding should be implemented through multiprogramming. Correct Answer: B Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: Data hiding means that certain functionality and/or data is “hidden,” or not available to specific processes. For processes to be able to interact with other processes and system services, they need to be developed with the necessary interfaces that restrict communication flows between processes. Data hiding is a protection mechanism that segregates trusted and untrusted processes from each other through the use of strict software interface design. QUESTION 28 Use the following scenario to answer Questions 28–30. Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. Which of the following best describes Steve’s confusion? A. B. C. D. Certification must happen first before the evaluation process can begin. Accreditation is the acceptance from management, which must take place before the evaluation process. Evaluation, certification, and accreditation are carried out by different groups with different purposes. Evaluation requirements include certification and accreditation components. Correct Answer: C Section: (none) Explanation Explanation/Reference: Evaluation, certification, and accreditation are carried out by different groups with different purposes. Evaluations are carried out by qualified third parties who use specific evaluation criteria (Orange Book, ITSEC, Common Criteria) to assign an assurance rating to a tested product. A certification process is a technical review commonly carried out internally to an organization, and accreditation is management’s formal acceptance that is carried out after the certification process. A system can be certified internally by a company and not pass an evaluation testing process because they are completely different things. QUESTION 29 Use the following scenario to answer Questions 28–30. Steve has found out that the software product that his team submitted for evaluation did not achieve the http://www.gratisexam.com/ actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. Which of the following best describes an item the software development team needs to address to ensure that drivers cannot be loaded in an unauthorized manner? A. B. C. D. Improved security kernel processes Improved security perimeter processes Improved application programming interface processes Improved garbage collection processes Correct Answer: A Section: (none) Explanation Explanation/Reference: If device drivers can be loaded improperly, then either the access control rules outlined within the reference monitor need to be improved upon or the current rules need to be better enforced through the security kernel processes. Only authorized subjects should be able to install sensitive software components that run within ring 0 of a system. QUESTION 30 Use the following scenario to answer Questions 28–30. Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection. Which of the following best describes some of the issues that the evaluation testers most likely ran into while testing the submitted product? A. B. C. D. Non-protected ROM sections Vulnerabilities that allowed malicious code to execute in protected memory sections Lack of a predefined and implemented trusted computing base Lack of a predefined and implemented security kernel Correct Answer: B Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: If testers suggested to the team that address space layout randomization and data execution protection should be integrated, this is most likely because the system allows for malicious code to easily execute in memory sections that would be dangerous to the system. These are both memory protection approaches. QUESTION 31 John has been told that one of the applications installed on a web server within the DMZ accepts any length of information that a customer using a web browser inputs into the form the web server provides to collect new customer data. Which of the following describes an issue that John should be aware of pertaining to this type of issue? A. B. C. D. Application is written in the C programming language. Application is not carrying out enforcement of the trusted computing base. Application is running in ring 3 of a ring-based architecture. Application is not interacting with the memory manager properly. Correct Answer: A Section: (none) Explanation Explanation/Reference: The C language is susceptible to buffer overflow attacks because it allows for direct pointer manipulations to take place. Specific commands can provide access to low-level memory addresses without carrying out bounds checking. http://www.gratisexam.com/ Chapter 5 - Physical and Environmental Security QUESTION 1 What is the first step that should be taken when a fire has been detected? A. B. C. D. Turn off the HVAC system and activate fire door releases. Determine which type of fire it is. Advise individuals within the building to leave. Activate the fire suppression system. Correct Answer: C Section: (none) Explanation Explanation/Reference: Human life takes precedence. Although the other answers are important steps in this type of situation, the first step is to warn others and save as many lives as possible. QUESTION 2 A company needs to implement a CCTV system that will monitor a large area outside the facility. Which of the following is the correct lens combination for this? A. B. C. D. A wide-angle lens and a small lens opening A wide-angle lens and a large lens opening Chapter 5: Physical and Environmental Security A wide-angle lens and a large lens opening with a small focal length A wide-angle lens and a large lens opening with a large focal length Correct Answer: A Section: (none) Explanation Explanation/Reference: The depth of field refers to the portion of the environment that is in focus when shown on the monitor. The depth of field varies depending upon the size of the lens opening, the distance of the object being focused on, and the focal length of the lens. The depth of field increases as the size of the lens opening decreases, the subject distance increases, or the focal length of the lens decreases. So if you want to cover a large area and not focus on specific items, it is best to use a wide-angle lens and a small lens opening. http://www.gratisexam.com/ QUESTION 3 When should a Class C fire extinguisher be used instead of a Class A fire extinguisher? A. B. C. D. When electrical equipment is on fire When wood and paper are on fire When a combustible liquid is on fire When the fire is in an open area Correct Answer: A Section: (none) Explanation Explanation/Reference: A Class C fire is an electrical fire. Thus, an extinguisher with the proper suppression agent should be used. The following table shows the fire types, their attributes, and suppression methods: QUESTION 4 Which of the following is not a true statement about CCTV lenses? A. B. C. D. Lenses that have a manual iris should be used in outside monitoring. Zoom lenses will carry out focus functionality automatically. Depth of field increases as the size of the lens opening decreases. Depth of field increases as the focal length of the lens decreases. http://www.gratisexam.com/ Correct Answer: A Section: (none) Explanation Explanation/Reference: Manual iris lenses have a ring around the CCTV lens that can be manually turned and controlled. A lens that has a manual iris would be used in an area that has fixed lighting, since the iris cannot self-adjust to changes of light. An auto iris lens should be used in environments where the light changes, such as an outdoor setting. As the environment brightens, this is sensed by the iris, which automatically adjusts itself. Security personnel will configure the CCTV to have a specific fixed exposure value, which the iris is responsible for maintaining. The other answers are true. QUESTION 5 How does halon fight fires? A. B. C. D. It reduces the fire’s fuel intake. It reduces the temperature of the area and cools the fire out. It disrupts the chemical reactions of a fire. It reduces the oxygen in the area. Correct Answer: C Section: (none) Explanation Explanation/Reference: Halon is a type of gas used to interfere with the chemical reactions between the elements of a fire. A fire requires fuel, oxygen, high temperatures, and chemical reactions to burn properly. Different suppressant agents have been developed to attack each aspect of a fire: CO2 displaces the oxygen, water reduces the temperature, and soda acid removes the fuel. QUESTION 6 What is a mantrap? A. A trusted security domain B. A logical access control mechanism C. A double-door room used for physical access control http://www.gratisexam.com/ D. A fire suppression device Correct Answer: C Section: (none) Explanation Explanation/Reference: A mantrap is a small room with two doors. The first door is locked; a person is identified and authenticated by a security guard, biometric system, smart card reader, or swipe card reader. Once the person is authenticated and access is authorized, the first door opens and allows the person into the mantrap. The first door locks and the person is trapped. The person must be authenticated again before the second door unlocks and allows him into the facility. QUESTION 7 What is true about a transponder? A. B. C. D. It is a card that can be read without sliding it through a card reader. It is a biometric proximity device. It is a card that a user swipes through a card reader to gain access to a facility. It exchanges tokens with an authentication server. Correct Answer: A Section: (none) Explanation Explanation/Reference: A transponder is a type of physical access control device that does not require the user to slide a card through a reader. The reader and card communicate directly. The card and reader have a receiver, transmitter, and battery. The reader sends signals to the card to request information. The card sends the reader an access code. QUESTION 8 When is a security guard the best choice for a physical access control mechanism? A. When discriminating judgment is required B. When intrusion detection is required C. When the security budget is low http://www.gratisexam.com/ D. When access controls are in place Correct Answer: A Section: (none) Explanation Explanation/Reference: Although many effective physical security mechanisms are on the market today, none can look at a situation, make a judgment about it, and decide what the next step should be. A security guard is employed when a company needs to have a countermeasure that can think and make decisions in different scenarios. QUESTION 9 Which of the following is not a characteristic of an electrostatic intrusion detection system? A. B. C. D. It creates an electrostatic field and monitors for a capacitance change. It can be used as an intrusion detection system for large areas. It produces a balance between the electric capacitance and inductance of an object. It can detect if an intruder comes within a certain range of an object. Correct Answer: B Section: (none) Explanation Explanation/Reference: An electrostatic IDS creates an electrostatic field, which is just an electric field associated with static electric charges. The IDS creates a balanced electrostatic field between itself and the object being monitored. If an intruder comes within a certain range of the monitored object, there is capacitance change. The IDS can detect this change and sound an alarm. QUESTION 10 What is a common problem with vibration-detection devices used for perimeter security? A. B. C. D. They can be defeated by emitting the right electrical signals in the protected area. The power source is easily disabled. They cause false alarms. They interfere with computing devices. http://www.gratisexam.com/ Correct Answer: C Section: (none) Explanation Explanation/Reference: This type of system is sensitive to sounds and vibrations and detects the changes in the noise level of an area it is placed within. This level of sensitivity can cause many false alarms. These devices do not emit any waves; they only listen for sounds within an area and are considered passive devices. QUESTION 11 Which of the following is an example of glare protection? A. B. C. D. Using automated iris lenses with short focal lengths Using standby lighting, which is produced by a CCTV camera Directing light toward entry points and away from a security force post Ensuring that the lighting system uses positive pressure Correct Answer: C Section: (none) Explanation Explanation/Reference: When lighting is installed, it should be directed toward areas where potential intruders would most likely be coming from, and directed away from the security force posts. For example, lighting should be pointed at gates or exterior access points, and the guard locations should be in the shadows, or under a lower amount of illumination. This is referred to as “glare protection” for the security force. QUESTION 12 Which of the following is not a main component of CPTED? A. B. C. D. Natural access control Natural surveillance Territorial reinforcement Target hardening Correct Answer: D Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: Natural access control is the use of the environment to control access to entry points, such as using landscaping and bollards. An example of natural surveillance is the construction of pedestrian walkways so there is a clear line of sight of all the activities in the surroundings. Territorial reinforcement gives people a sense of ownership of a property, giving them a greater tendency to protect it. These concepts are all parts of CPTED. Target hardening has to do with implementing locks, security guards, and proximity devices. QUESTION 13 Which problems may be caused by humidity in an area with electrical devices? A. B. C. D. High humidity causes excess electricity, and low humidity causes corrosion. High humidity causes corrosion, and low humidity causes static electricity. High humidity causes power fluctuations, and low humidity causes static electricity. High humidity causes corrosion, and low humidity causes power fluctuations. Correct Answer: B Section: (none) Explanation Explanation/Reference: High humidity can cause corrosion, and low humidity can cause excessive static electricity. Static electricity can short-out devices or cause loss of information. QUESTION 14 What does positive pressurization pertaining to ventilation mean? A. B. C. D. When a door opens, the air comes in. When a fire takes place, the power supply is disabled. When a fire takes place, the smoke is diverted to one room. When a door opens, the air goes out. Correct Answer: D Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Positive pressurization means that when someone opens a door, the air goes out, and outside air does not come in. If a facility were on fire and the doors were opened, positive pressure would cause the smoke to go out instead of being pushed back into the building. QUESTION 15 Which of the following answers contains a category of controls that does not belong in a physical security program? A. B. C. D. Deterrence and delaying Response and detection Assessment and detection Delaying and lighting Correct Answer: D Section: (none) Explanation Explanation/Reference: The categories of controls that should make up any physical security program are deterrence, delaying, detection, assessment, and response. Lighting is a control itself, not a category of controls. QUESTION 16 Which is not an administrative control pertaining to emergency procedures? A. B. C. D. Intrusion detection systems Awareness and training Drills and inspections Delegation of duties Correct Answer: A Section: (none) Explanation Explanation/Reference: Awareness and training, drills and inspections, and delegation of duties are all items that have a direct correlation to proper emergency procedures. It is management’s responsibility to ensure that these items are in place, properly tested, and carried out. Intrusion detection systems are technical or physical http://www.gratisexam.com/ controls—not administrative. QUESTION 17 If an access control has a fail-safe characteristic but not a fail-secure characteristic, what does that mean? A. B. C. D. It defaults to no access. It defaults to being unlocked. It defaults to being locked. It defaults to sounding a remote alarm instead of a local alarm. Correct Answer: B Section: (none) Explanation Explanation/Reference: A fail-safe setting means that if a power disruption were to affect the automated locking system, the doors would default to being unlocked. A failsecure configuration means a door would default to being locked if there were any problems with the power. QUESTION 18 Which of the following is not considered a delaying mechanism? A. B. C. D. Locks Defense-in-depth measures Warning signs Access controls Correct Answer: C Section: (none) Explanation Explanation/Reference: Every physical security program should have delaying mechanisms, which have the purpose of slowing down an intruder so security personnel can be alerted and arrive at the scene. A warning sign is a deterrence control, not a delaying control. QUESTION 19 What are the two general types of proximity identification devices? http://www.gratisexam.com/ A. B. C. D. Biometric devices and access control devices Swipe card devices and passive devices Preset code devices and wireless devices User-activated devices and system sensing devices Correct Answer: D Section: (none) Explanation Explanation/Reference: A user-activated system requires the user to do something: swipe the card through the reader and/or enter a code. A system sensing device recognizes the presence of the card and communicates with it without the user needing to carry out any activity. QUESTION 20 Which of the following answers best describes the relationship between a risk analysis, acceptable risk level, baselines, countermeasures, and metrics? A. The risk analysis output is used to determine the proper countermeasures required. Baselines are derived to measure these countermeasures. Metrics are used to track countermeasure performance to ensure baselines are being met. B. The risk analysis output is used to help management understand and set an acceptable risk level. Baselines are derived from this level. Metrics are used to track countermeasure performance to ensure baselines are being met. C. The risk analysis output is used to help management understand and set baselines. An acceptable risk level is derived from these baselines. Metrics are used to track countermeasure performance to ensure baselines are being met. D. The risk analysis output is used to help management understand and set an acceptable risk level. Baselines are derived from the metrics. Metrics are used to track countermeasure performance to ensure baselines are being met. Correct Answer: B Section: (none) Explanation Explanation/Reference: The physical security team needs to carry out a risk analysis, which will identify the organization’s vulnerabilities, threats, and business impacts. The team should present these findings to management and work with them to define an acceptable risk level for the physical security program. From there, the team should develop baselines (minimum levels of security) and metrics to properly evaluate and determine whether the baselines are being met by the implemented countermeasures. Once the team identifies and implements the countermeasures, the countermeasures’ performance should be continually http://www.gratisexam.com/ evaluated and expressed in the previously created metrics. These performance values are compared against the set baselines. If the baselines are continually maintained, then the security program is successful because the company’s acceptable risk level is not being exceeded. QUESTION 21 Most of today’s CCTV systems use charged-coupled devices. Which of the following is not a characteristic of these devices? A. B. C. D. Receives input through the lenses and converts it into an electronic signal Captures signals in the infrared range Provides better-quality images Records data on hard drives instead of tapes Correct Answer: D Section: (none) Explanation Explanation/Reference: The CCD is an electrical circuit that receives input light from the lens and converts it into an electronic signal, which is then displayed on the monitor. Images are focused through a lens onto the CCD chip surface, which forms the electrical representation of the optical image. This technology allows the capture of extraordinary details of objects and precise representation because it has sensors that work in the infrared range, which extends beyond human perception. The CCD sensor picks up this extra “data” and integrates it into the images shown on the monitor, to allow for better granularity and quality in the video. CCD does not record data. QUESTION 22 Which is not a drawback to installing intrusion detection and monitoring systems? A. B. C. D. It’s expensive to install. It cannot be penetrated. It requires human response. It’s subject to false alarms. Correct Answer: B Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Monitoring and intrusion detection systems are expensive, require someone to respond when they set off an alarm, and, because of their level of sensitivity, can cause several false alarms. Like any other type of technology or device, they have their own vulnerabilities that can be exploited and penetrated. QUESTION 23 What is a cipher lock? A. B. C. D. A lock that uses cryptographic keys A lock that uses a type of key that cannot be reproduced A lock that uses a token and perimeter reader A lock that uses a keypad Correct Answer: D Section: (none) Explanation Explanation/Reference: Cipher locks, also known as programmable locks, use keypads to control access into an area or facility. The lock can require a swipe card and a specific combination that’s entered into the keypad. QUESTION 24 If a cipher lock has a door delay option, what does that mean? A. B. C. D. After a door is open for a specific period, the alarm goes off. It can only be opened during emergency situations. It has a hostage alarm capability. It has supervisory override capability. Correct Answer: A Section: (none) Explanation Explanation/Reference: A security guard would want to be alerted when a door has been open for an extended period. It may be an indication that something is taking place other than a person entering or exiting the door. A security system can have a threshold set so that if the door is open past the defined time period, an http://www.gratisexam.com/ alarm sounds. QUESTION 25 Which of the following best describes the difference between a warded lock and a tumbler lock? A. B. C. D. A tumbler lock is more simplistic and easier to circumvent than a warded lock. A tumbler lock uses an internal bolt, and a warded lock uses internal cylinders. A tumbler lock has more components than a warded lock. A warded lock is mainly used externally, and a tumbler lock is used internally. Correct Answer: C Section: (none) Explanation Explanation/Reference: The tumbler lock has more pieces and parts than a warded lock. The key fits into a cylinder, which raises the lock metal pieces to the correct height so the bolt can slide to the locked or unlocked position. A warded lock is easier to circumvent than a tumbler lock. QUESTION 26 During the construction of her company’s facility, Mary has been told that light frame construction material has been used to build the internal walls. Which of the following best describes why Mary is concerned about this issue? i. It provides the least amount of protection against fire. ii. It provides the least amount of protection against forcible entry attempts. iii. It is noncombustible. iv. It provides the least amount of protection for mounting walls and windows. A. B. C. D. i, iii i, ii ii, iii ii, iii, iv Correct Answer: B Section: (none) Explanation Explanation/Reference: Light frame construction material provides the least amount of protection http://www.gratisexam.com/ against fire and forcible entry attempts. It is composed of untreated lumber that would be combustible during a fire. Light frame construction material is usually used to build homes, primarily because it is cheap, but also because homes typically are not under the same types of fire and intrusion threats that office buildings are. QUESTION 27 Which of the following is not true pertaining to facility construction characteristics? i. Calculations of approximate penetration times for different types of explosives and attacks are based on the thickness of the concrete walls and the gauge of rebar used. ii. Using thicker rebar and properly placing it within the concrete provides increased protection. iii. Reinforced walls, rebar, and the use of double walls can be used as delaying mechanisms. iv. Steel rods encased in concrete are referred to as rebar. A. B. C. D. All of them None of them iii i, ii Correct Answer: B Section: (none) Explanation Explanation/Reference: Calculations of approximate penetration times for different types of explosives and attacks are based on the thickness of the concrete walls and the gauge of rebar used. (Rebar refers to the steel rods encased within the concrete.) So even if the concrete were damaged, it would take longer to actually cut or break through the rebar. Using thicker rebar and properly placing it within the concrete provides even more protection. Reinforced walls, rebar, and the use of double walls can be used as delaying mechanisms. The idea is that it will take the bad guy longer to get through two reinforced walls, which gives the response force sufficient time to arrive at the scene and stop the attacker. QUESTION 28 It is important to choose the correct type of windows when building a facility. Each type of window provides a different level of protection. Which of the following is a correct description of window glass types? i. Standard glass is made by heating the glass and then suddenly cooling it. http://www.gratisexam.com/ ii. Tempered glass windows are commonly used in residential homes and are easily broken. iii. Acrylic glass has two sheets of glass with a plastic film in between. iv. Laminated glass can be made out of polycarbonate acrylic, which is stronger than standard glass but produces toxic fumes if burned. A. B. C. D. ii, iii ii, iii, iv None of them All of them Correct Answer: C Section: (none) Explanation Explanation/Reference: Standard glass windows are commonly used in residential homes and are easily broken. Tempered glass is made by heating the glass and then suddenly cooling it. This increases its mechanical strength, which means it can handle more stress and is harder to break. It is usually five to seven times stronger than standard glass. Acrylic glass can be made out of polycarbonate acrylic, which is stronger than standard glass but produces toxic fumes if burned. Laminated glass has two sheets of glass with a plastic film in between. This added plastic makes it much more difficult to break the window. QUESTION 29 Sandy needs to implement the right type of fencing in an area where there is no foot traffic or observation capabilities. Sandy has decided to implement a Perimeter Intrusion Detection and Assessment System. Which of the following is not a characteristic of this type of fence? i. It has sensors located on the wire mesh and at the base of the fence. ii. It cannot detect if someone attempts to cut or climb the fence. iii. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. iv. It can cause many false alarms. A. B. C. D. i ii iii, iv i, ii, iv Correct Answer: B Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Perimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. PIDAS is very sensitive and can cause many false alarms. QUESTION 30 CCTV lenses have irises, which control the amount of light that enters the lens. Which of the following has an incorrect characteristic of the types of CCTV irises that are available? i. Automated iris lenses have a ring around the CCTV lens that can be manually turned and controlled. ii. A lens with a manual iris would be used in areas that have fixed lighting, since the iris cannot self-adjust to changes of light. iii. An auto iris lens should be used in environments where the light changes, as in an outdoor setting. iv. As the environment brightens, this is sensed by the manual iris, which automatically adjusts itself. A. B. C. D. i, iv i, ii, iii i, ii i, ii, iv Correct Answer: A Section: (none) Explanation Explanation/Reference: CCTV lenses have irises, which control the amount of light that enters the lens. Manual iris lenses have a ring around the CCTV lens that can be manually turned and controlled. A lens with a manual iris would be used in areas that have fixed lighting, since the iris cannot self-adjust to changes of light. An auto iris lens should be used in environments where the light changes, as in an outdoor setting. As the environment brightens, this is sensed by the iris, which automatically adjusts itself. Security personnel will configure the CCTV to have a specific fixed exposure value, which the iris is responsible for maintaining. On a sunny day, the iris lens closes to reduce the amount of light entering the camera, while at night, the iris opens to capture more light—just like our eyes. http://www.gratisexam.com/ Chapter 6 - Telecommunications and Network Security QUESTION 1 What does it mean if someone says they were a victim of a Bluejacking attack? A. B. C. D. An unsolicited message was sent. A cell phone was cloned. An IM channel introduced a worm. Traffic was analyzed. Correct Answer: A Section: (none) Explanation Explanation/Reference: Bluejacking occurs when someone sends an unsolicited message to a device that is Bluetooth-enabled. Bluejackers look for a receiving device (phone, PDA, tablet PC, laptop) and then send a message to it. Often, the Bluejacker is trying to send someone else their business card, which will be added to the victim’s contact list in their address book. QUESTION 2 How does TKIP provide more protection for WLAN environments? A. B. C. D. It uses the AES algorithm. It decreases the IV size and uses the AES algorithm. It adds more keying material. It uses MAC and IP filtering. Correct Answer: C Section: (none) Explanation Explanation/Reference: The TKIP protocol actually works with WEP by feeding it keying material, which is data to be used for generating random keystreams. TKIP increases the IV size, ensures it is random for each packet, and adds the sender’s MAC address to the keying material. QUESTION 3 http://www.gratisexam.com/ Which of the following is not a characteristic of the IEEE 802.11a standard? A. B. C. D. It works in the 5GHz range. It uses the OFDM spread spectrum technology. It provides 52 Mbps in bandwidth. It covers a smaller distance than 802.11b. Correct Answer: D Section: (none) Explanation Explanation/Reference: The IEEE standard 802.11a uses the OFDM spread spectrum technology, works in the 5GHz frequency band, and provides bandwidth of up to 54 Mbps. The operating range is smaller because it works at a higher frequency. QUESTION 4 Why are switched infrastructures safer environments than routed networks? A. B. C. D. It is more difficult to sniff traffic since the computers have virtual private connections. They are just as unsafe as nonswitched environments. The data link encryption does not permit wiretapping. Switches are more intelligent than bridges and implement security mechanisms. Correct Answer: A Section: (none) Explanation Explanation/Reference: Switched environments use switches to allow different network segments and/or systems to communicate. When this communication takes place, a virtual connection is set up between the communicating devices. Since it is a dedicated connection, broadcast and collision data are not available to other systems, as in an environment that uses purely bridges and routers. QUESTION 5 Which of the following protocols is considered connection-oriented? A. IP http://www.gratisexam.com/ B. ICMP C. UDP D. TCP Correct Answer: D Section: (none) Explanation Explanation/Reference: TCP is the only connection-oriented protocol listed. A connectionoriented protocol provides reliable connectivity and data transmission, while a connectionless protocol provides unreliable connections and does not promise or ensure data transmission. QUESTION 6 Which of the following can take place if an attacker can insert tagging values into network- and switch-based protocols with the goal of manipulating traffic at the data link layer? A. B. C. D. Open relay manipulation VLAN hopping attack Hypervisor denial-of-service attack Smurf attack Correct Answer: B Section: (none) Explanation Explanation/Reference: VLAN hopping attacks allow attackers to gain access to traffic in various VLAN segments. An attacker can have a system act as though it is a switch. The system understands the tagging values being used in the network and the trunking protocols, and can insert itself between other VLAN devices and gain access to the traffic going back and forth. Attackers can also insert tagging values to manipulate the control of traffic at this data link layer. QUESTION 7 Which of the following proxies cannot make access decisions based upon protocol commands? A. Application http://www.gratisexam.com/ B. Packet filtering C. Circuit D. Stateful Correct Answer: C Section: (none) Explanation Explanation/Reference: Application and circuit are the only types of proxy-based firewall solutions listed here. The others do not use proxies. Circuit-based proxy firewalls make decisions based on header information, not the protocol’s command structure. Application-based proxies are the only ones that understand this level of granularity about the individual protocols. QUESTION 8 Which of the following is a bridge-mode technology that can monitor individual traffic links between virtual machines or can be integrated within a hypervisor component? A. B. C. D. Orthogonal frequency division Unified threat management modem Virtual firewall Internet Security Association and Key Management Protocol Correct Answer: C Section: (none) Explanation Explanation/Reference: Virtual firewalls can be bridge-mode products, which monitor individual traffic links between virtual machines, or they can be integrated within the hypervisor. The hypervisor is the software component that carries out virtual machine management and oversees guest system software execution. If the firewall is embedded within the hypervisor, then it can “see” and monitor all the activities taking place within the one system. QUESTION 9 Which of the following shows the layer sequence as layers 2, 5, 7, 4, and 3? A. Data link, session, application, transport, and network http://www.gratisexam.com/ B. Data link, transport, application, session, and network C. Network, session, application, network, and transport D. Network, transport, application, session, and presentation CISSP All-in-One Exam Guide Correct Answer: A Section: (none) Explanation Explanation/Reference: The OSI model is made up of seven layers: application (layer 7), presentation (layer 6), session (layer 5), transport (layer 4), network (layer 3), data link (layer 2), and physical (layer 1). QUESTION 10 Which of the following technologies integrates previously independent security solutions with the goal of providing simplicity, centralized control, and streamlined processes? A. B. C. D. Network convergence Security as a service Unified Threat Management Integrated convergence management Correct Answer: C Section: (none) Explanation Explanation/Reference: It has become very challenging to manage the long laundry list of security solutions almost every network needs to have in place. The list includes, but is not limited to, firewalls, antimalware, antispam, IDS\IPS, content filtering, data leak prevention, VPN capabilities, and continuous monitoring and reporting. Unified Threat Management (UTM) appliance products have been developed that provide all (or many) of these functionalities into a single network appliance. The goals of UTM are simplicity, streamlined installation and maintenance, centralized control, and the ability to understand a network’s security from a holistic point of view. QUESTION 11 Metro Ethernet is a MAN protocol that can work in network infrastructures made up of access, aggregation, metro, and core layers. Which of the following best describes these network infrastructure layers? http://www.gratisexam.com/ A. The access layer connects the customer’s equipment to a service provider’s aggregation network. Aggregation occurs on a core network. The metro layer is the metropolitan area network. The core connects different metro networks. B. The access layer connects the customer’s equipment to a service provider’s core network. Aggregation occurs on a distribution network at the core. The metro layer is the metropolitan area network. C. The access layer connects the customer’s equipment to a service provider’s aggregation network. Aggregation occurs on a distribution network. The metro layer is the metropolitan area network. The core connects different access layers. D. The access layer connects the customer’s equipment to a service provider’s aggregation network. Aggregation occurs on a distribution network. The metro layer is the metropolitan area network. The core connects different metro networks. Correct Answer: D Section: (none) Explanation Explanation/Reference: The access layer connects the customer’s equipment to a service provider’s aggregation network. Aggregation occurs on a distribution network. The metro layer is the metropolitan area network. The core connects different metro networks. QUESTION 12 Which of the following provides an incorrect definition of the specific component or protocol that makes up IPSec? A. B. C. D. Authentication header protocol provides data integrity, data origin authentication, and protection from replay attacks. Encapsulating security payloads protocol provides confidentiality, data origin authentication, and data integrity. Internet Security Association and Key Management Protocol provides a framework for security association creation and key exchange. Internet Key Exchange provides authenticated keying material for use with encryption algorithms. Correct Answer: D Section: (none) Explanation Explanation/Reference: Authentication header protocol provides data integrity, data origin authentication, and protection from replay attacks. Encapsulating security payloads protocol provides confidentiality, data origin authentication, and data integrity. Internet Security Association and Key Management Protocol provides a framework for security association creation and key exchange. Internet Key Exchange provides authenticated keying material for use with the Internet Security Association and Key Management Protocol. http://www.gratisexam.com/ QUESTION 13 Systems that are built on the OSI framework are considered open systems. What does this mean? A. B. C. D. They do not have authentication mechanisms configured by default. They have interoperability issues. They are built with internationally accepted protocols and standards so they can easily communicate with other systems. They are built with international protocols and standards so they can choose what types of systems they will communicate with. Correct Answer: C Section: (none) Explanation Explanation/Reference: An open system is a system that has been developed based on standardized protocols and interfaces. Following these standards allows the systems to interoperate more effectively with other systems that follow the same standards. QUESTION 14 Which of the following protocols work in the following layers: application, data link, network, and transport? A. B. C. D. FTP, ARP, TCP, and UDP FTP, ICMP, IP, and UDP TFTP, ARP, IP, and UDP TFTP, RARP, IP, and ICMP Correct Answer: C Section: (none) Explanation Explanation/Reference: Different protocols have different functionalities. The OSI model is an attempt to describe conceptually where these different functionalities take place in a networking stack. The model attempts to draw boxes around reality to help people better understand the stack. Each layer has a specific functionality and has several different protocols that can live at that layer and carry out that specific functionality. These listed protocols work at these associated layers: TFTP (application), ARP (data link), IP (network), and UDP (transport). http://www.gratisexam.com/ QUESTION 15 Which of the following allows for the ability to pool resources, automate resource provisioning, and increase and decrease processing capacity quickly to meet the needs of dynamic computing workloads? A. B. C. D. Software as a Service Network convergence IEEE 802.1x RAID Correct Answer: B Section: (none) Explanation Explanation/Reference: Network convergence means the combining of server, storage, and network capabilities into a single framework. This helps to decrease the costs and complexity of running data centers and has accelerated the evolution of cloud computing. Converged infrastructures provide the ability to pool resources, automate resource provisioning, and increase and decrease processing capacity quickly to meet the needs of dynamic computing workloads. QUESTION 16 What takes place at the data link layer? A. B. C. D. End-to-end connection Dialog control Framing Data syntax Correct Answer: C Section: (none) Explanation Explanation/Reference: The data link layer, in most cases, is the only layer that understands the environment in which the system is working, whether it be Ethernet, Token Ring, wireless, or a connection to a WAN link. This layer adds the necessary headers and trailers to the frame. Other systems on the same type of network using the same technology understand only the specific header and trailer http://www.gratisexam.com/ format used in their data link technology. QUESTION 17 What takes place at the session layer? A. B. C. D. Dialog control Routing Packet sequencing Addressing Correct Answer: A Section: (none) Explanation Explanation/Reference: The session layer is responsible for controlling how applications communicate, not how computers communicate. Not all applications use protocols that work at the session layer, so this layer is not always used in networking functions. A session layer protocol will set up the connection to the other application logically and control the dialog going back and forth. Session layer protocols allow applications to keep track of the dialog. QUESTION 18 Which best describes the IP protocol? A. B. C. D. A connectionless protocol that deals with dialog establishment, maintenance, and destruction A connectionless protocol that deals with the addressing and routing of packets A connection-oriented protocol that deals with the addressing and routing of packets A connection-oriented protocol that deals with sequencing, error detection, and flow control Correct Answer: B Section: (none) Explanation Explanation/Reference: The IP protocol is connectionless and works at the network layer. It adds source and destination addresses to a packet as it goes through its data encapsulation process. IP can also make routing decisions based on the destination address. http://www.gratisexam.com/ QUESTION 19 Which of the following is not a characteristic of the Protected Extensible Authentication Protocol? A. B. C. D. Authentication protocol used in wireless networks and point-to-point connections Designed to provide authentication for 802.11 WLANs Designed to support 802.1X port access control and transport layer security Designed to support password-protected connections Correct Answer: D Section: (none) Explanation Explanation/Reference: PEAP (Protected Extensible Authentication Protocol) is a version of EAP and is an authentication protocol used in wireless networks and point-topoint connections. PEAP is designed to provide authentication for 802.11 WLANs, which support 802.1X port access control and TLS. It is a protocol that encapsulates EAP within a potentially encrypted and authenticated TLS tunnel. QUESTION 20 The ______________ is an IETF-defined signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over IP. A. B. C. D. Session Initiation Protocol Real-time Transport Protocol SS7 VoIP Correct Answer: A Section: (none) Explanation Explanation/Reference: The Session Initiation Protocol (SIP) is an IETF-defined signaling protocol, widely used for controlling multimedia communication sessions such as voice and video calls over IP. The protocol can be used for creating, modifying, and terminating two-party (unicast) or multiparty (multicast) sessions consisting of one or several media streams. QUESTION 21 http://www.gratisexam.com/ Which of the following is not one of the stages of the DHCP lease process? i. Discover ii. Offer iii. Request iv. Acknowledgment A. B. C. D. All of them None of them i, ii ii, iii Correct Answer: B Section: (none) Explanation Explanation/Reference: The four-step DHCP lease process is: • DHCPDISCOVER message This message is used to request an IP address lease from a DHCP server. • DHCPOFFER message This message is a response to a DHCPDISCOVER message, and is sent by one or numerous DHCP servers. • DHCPREQUEST message The client sends the initial DHCP server that responded to its request a DHCP Request message. • DHCPACK message The DHCP Acknowledge message is sent by the DHCP server to the DHCP client and is the process whereby the DHCP server assigns the IP address lease to the DHCP client. QUESTION 22 An effective method to shield networks from unauthenticated DHCP clients is through the use of _______________ on network switches. A. B. C. D. DHCP snooping DHCP protection DHCP shielding DHCP caching Correct Answer: A Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: DHCP snooping ensures that DHCP servers can assign IP addresses to only selected systems, identified by their MAC addresses. Also, advance network switches now have the capability to direct clients toward legitimate DHCP servers to get IP addresses and to restrict rogue systems from becoming DHCP servers on the network. QUESTION 23 Use the following scenario to answer Questions 23–25. Don is a security manager of a large medical institution. One of his groups develops proprietary software that provides distributed computing through a client/server model. He has found out that some of the systems that maintain the proprietary software have been experiencing half-open denial- of-service attacks. Some of the software is antiquated and still uses basic remote procedure calls, which has allowed for masquerading attacks to take place. What type of client ports should Don make sure the institution’s software is using when client-to-server communication needs to take place? A. B. C. D. Well known Registered Dynamic Free Correct Answer: C Section: (none) Explanation Explanation/Reference: Well-known ports are mapped to commonly used services (HTTP, FTP, etc.). Registered ports are 1,024–49,151, and vendors register specific ports to map to their proprietary software. Dynamic ports (private ports) are available for use by any application. QUESTION 24 Use the following scenario to answer Questions 23–25. Don is a security manager of a large medical institution. One of his groups develops proprietary software that provides distributed computing through a client/server model. He has found out that some of the systems that maintain the proprietary software have been experiencing half-open denial- of-service attacks. Some of the software is antiquated and still uses basic remote procedure calls, which has allowed for masquerading attacks to take place. Which of the following is a cost-effective countermeasure that Don’s team should implement? A. Stateful firewall B. Network address translation http://www.gratisexam.com/ C. SYN proxy D. IPv6 Correct Answer: C Section: (none) Explanation Explanation/Reference: A half-open attack is a type of DoS that is also referred to as a SYN flood. To thwart this type of attack, you can use SYN proxies, which limit the number of open and abandoned network connections. The SYN proxy is a piece of software that resides between the sender and receiver, and only sends TCP traffic to the receiving system if the TCP handshake process completes successfully. QUESTION 25 Use the following scenario to answer Questions 23–25. Don is a security manager of a large medical institution. One of his groups develops proprietary software that provides distributed computing through a client/server model. He has found out that some of the systems that maintain the proprietary software have been experiencing half-open denial- of-service attacks. Some of the software is antiquated and still uses basic remote procedure calls, which has allowed for masquerading attacks to take place. What should Don’s team put into place to stop the masquerading attacks that have been taking place? A. B. C. D. Dynamic packet filter firewall ARP spoofing protection Disable unnecessary ICMP traffic at edge routers SRPC Correct Answer: D Section: (none) Explanation Explanation/Reference: Basic RPC does not have authentication capabilities, which allow for masquerading attacks to take place. Secure RPC (SRPC) can be implemented, which requires authentication to take place before remote systems can communicate with each other. Authentication can take place using shared secrets, public keys, or Kerberos tickets. QUESTION 26 http://www.gratisexam.com/ Use the following scenario to answer Questions 26–28. Grace is a security administrator for a medical institution and is responsible for many different teams. One team has reported that when their main FDDI connection failed, three critical systems went offline even though the connection was supposed to provide redundancy. Grace has to also advise her team on the type of fiber that should be implemented for campus buildingto- building connectivity. Since this is a training medical facility, many surgeries are video recorded and that data must continuously travel from one building to the next. One other thing that has been reported to Grace is that periodic DoS attacks take place against specific servers within the internal network. The attacker sends excessive ICMP ECHO REQUEST packets to all the hosts on a specific subnet, which is aimed at one specific server. Which of the following is most likely the issue that Grace’s team experienced when their systems went offline? A. B. C. D. Three critical systems were connected to a dual-attached station. Three critical systems were connected to a single-attached station. The secondary FDDI ring was overwhelmed with traffic and dropped the three critical systems. The FDDI ring is shared in a metropolitan environment and only allows each company to have a certain number of systems connected to both rings. Correct Answer: B Section: (none) Explanation Explanation/Reference: A single-attachment station (SAS) is attached to only one ring (the primary) through a concentrator. If the primary goes down, it is not connected to the backup secondary ring. A dual-attachment station (DAS) has two ports and each port provides a connection for both the primary and the secondary rings. QUESTION 27 Use the following scenario to answer Questions 26–28. Grace is a security administrator for a medical institution and is responsible for many different teams. One team has reported that when their main FDDI connection failed, three critical systems went offline even though the connection was supposed to provide redundancy. Grace has to also advise her team on the type of fiber that should be implemented for campus buildingto- building connectivity. Since this is a training medical facility, many surgeries are video recorded and that data must continuously travel from one building to the next. One other thing that has been reported to Grace is that periodic DoS attacks take place against specific servers within the internal network. The attacker sends excessive ICMP ECHO REQUEST packets to all the hosts on a specific subnet, which is aimed at one specific server. Which of the following is the best type of fiber that should be implemented in this scenario? A. B. C. D. Single mode Multimode Optical carrier SONET Correct Answer: B http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: In single mode, a small glass core is used for high-speed data transmission over long distances. This scenario specifies campus building-to-building connections, which are usually short distances. In multimode, a large glass core is used and is able to carry more data than single-mode fibers, though they are best for shorter distances because of their higher attenuation levels. QUESTION 28 Use the following scenario to answer Questions 26–28. Grace is a security administrator for a medical institution and is responsible for many different teams. One team has reported that when their main FDDI connection failed, three critical systems went offline even though the connection was supposed to provide redundancy. Grace has to also advise her team on the type of fiber that should be implemented for campus buildingto- building connectivity. Since this is a training medical facility, many surgeries are video recorded and that data must continuously travel from one building to the next. One other thing that has been reported to Grace is that periodic DoS attacks take place against specific servers within the internal network. The attacker sends excessive ICMP ECHO REQUEST packets to all the hosts on a specific subnet, which is aimed at one specific server. Which of the following is the best and most cost-effective countermeasure for Grace’s team to put into place? A. B. C. D. Network address translation Disallowing unnecessary ICMP traffic coming from untrusted networks Application-based proxy firewall Screened subnet using two firewalls from two different vendors. Correct Answer: B Section: (none) Explanation Explanation/Reference: The attack description is a Smurf attack. In this situation the attacker sends an ICMP Echo Request packet with a spoofed source address to a victim’s network broadcast address. This means that each system on the victim’s subnet receives an ICMP Echo Request packet. Each system then replies to that request with an ICMP Echo Response packet to the spoof address provided in the packets—which is the victim’s address. All of these response packets go to the victim system and overwhelm it because it is being bombarded with packets it does not necessarily know how to process. Filtering out unnecessary ICMP traffic is the cheapest solution. QUESTION 29 http://www.gratisexam.com/ Use the following scenario to answer Questions 29–31. John is the manager of the security team within his company. He has learned that attackers have installed sniffers throughout the network without the company’s knowledge. Along with this issue his team has also found out that two DNS servers had no record replication restrictions put into place and the servers have been caching suspicious name resolution data. Which of the following is the best countermeasure to put into place to help reduce the threat of network sniffers viewing network management traffic? A. B. C. D. SNMP v3 L2TP CHAP Dynamic packet filtering firewall Correct Answer: A Section: (none) Explanation Explanation/Reference: SNMP versions 1 and 2 send their community string values in cleartext, but with version 3, cryptographic functionality has been added, which provides encryption, message integrity, and authentication security. So the sniffers that are installed on the network cannot sniff SNMP traffic. QUESTION 30 Use the following scenario to answer Questions 29–31. John is the manager of the security team within his company. He has learned that attackers have installed sniffers throughout the network without the company’s knowledge. Along with this issue his team has also found out that two DNS servers had no record replication restrictions put into place and the servers have been caching suspicious name resolution data. Which of the following unauthorized activities have most likely been taking place in this situation? A. B. C. D. Domain kiting Phishing Fraggle Zone transfer Correct Answer: D Section: (none) Explanation Explanation/Reference: The primary and secondary DNS servers synchronize their information through a zone transfer. After changes take place to the primary DNS server, http://www.gratisexam.com/ those changes must be replicated to the secondary DNS server. It is important to configure the DNS server to allow zone transfers to take place only between the specific servers. Attackers can carry out zone transfers to gather very useful network information from victims’ DNS servers. Unauthorized zone transfers can take place if the DNS servers are not properly configured to restrict this type of activity. QUESTION 31 Use the following scenario to answer Questions 29–31. John is the manager of the security team within his company. He has learned that attackers have installed sniffers throughout the network without the company’s knowledge. Along with this issue his team has also found out that two DNS servers had no record replication restrictions put into place and the servers have been caching suspicious name resolution data. Which of the following is the best countermeasure that John’s team should implement to protect from improper caching issues? A. B. C. D. PKI DHCP snooping ARP protection DNSSEC Correct Answer: D Section: (none) Explanation Explanation/Reference: When a DNS server receives an improper (potentially malicious) name resolution response, it will cache it and provide it to all the hosts it serves unless DNSSEC is implemented. If DNSSEC were enabled on a DNS server, then the server would, upon receiving a response, validate the digital signature on the message before accepting the information to make sure that the response is from an authorized DNS server. QUESTION 32 Use the following scenario to answer Questions 32–34. Sean is the new security administrator for a large financial institution. There are several issues that Sean is made aware of the first week he is in his new position. First, spurious packets seem to arrive at critical servers even though each network has tightly configured firewalls at each gateway position to control traffic to and from these servers. One of Sean’s team members complains that the current firewall logs are excessively large with useless data. He also tells Sean that the team needs to be using less permissive rules instead of the current “anyany” rule type in place. Sean has also found out that some team members want to implement tarpits on some of the most commonly attacked systems. Which of the following is most likely taking place to allow spurious packets to gain unauthorized access to critical servers? A. TCP sequence hijacking is taking place. http://www.gratisexam.com/ B. Source routing is not restricted. C. Fragment attacks are underway. D. Attacker is tunneling communication through PPP. Correct Answer: B Section: (none) Explanation Explanation/Reference: Source routing means the packet decides how to get to its destination, not the routers in between the source and destination computer. Source routing moves a packet throughout a network on a predetermined path. To make sure none of this misrouting happens, many firewalls are configured to check for source routing information within the packet and deny it if it is present. QUESTION 33 Use the following scenario to answer Questions 32–34. Sean is the new security administrator for a large financial institution. There are several issues that Sean is made aware of the first week he is in his new position. First, spurious packets seem to arrive at critical servers even though each network has tightly configured firewalls at each gateway position to control traffic to and from these servers. One of Sean’s team members complains that the current firewall logs are excessively large with useless data. He also tells Sean that the team needs to be using less permissive rules instead of the current “anyany” rule type in place. Sean has also found out that some team members want to implement tarpits on some of the most commonly attacked systems. Which of the following best describes the firewall configuration issues Sean’s team member is describing? A. B. C. D. Clean-up rule, stealth rule Stealth rule, silent rule Silent rule, negate rule Stealth rule, silent rule Correct Answer: C Section: (none) Explanation Explanation/Reference: The following describes the different firewall rule types: • Silent rule Drop “noisy” traffic without logging it. This reduces log sizes by not responding to packets that are deemed unimportant. • Stealth rule Disallows access to firewall software from unauthorized systems. • Cleanup rule The last rule in the rule base, which drops and logs any http://www.gratisexam.com/ traffic that does not meet the preceding rules. • Negate rule Used instead of the broad and permissive “any rules.” Negate rules provide tighter permission rights by specifying what system can be accessed and how. QUESTION 34 Use the following scenario to answer Questions 32–34. Sean is the new security administrator for a large financial institution. There are several issues that Sean is made aware of the first week he is in his new position. First, spurious packets seem to arrive at critical servers even though each network has tightly configured firewalls at each gateway position to control traffic to and from these servers. One of Sean’s team members complains that the current firewall logs are excessively large with useless data. He also tells Sean that the team needs to be using less permissive rules instead of the current “anyany” rule type in place. Sean has also found out that some team members want to implement tarpits on some of the most commonly attacked systems. Which of the following best describes why Sean’s team wants to put in the mentioned countermeasure for the most commonly attacked systems? A. B. C. D. Prevent production system hijacking Reduce DoS attack effects Gather statistics during the process of an attack Increase forensic capabilities Correct Answer: B Section: (none) Explanation Explanation/Reference: A tarpit is commonly a piece of software configured to emulate a vulnerable, running service. Once the attackers start to send packets to this “service,” the connection to the victim system seems to be live and ongoing, but the response from the victim system is slow and the connection may time out. Most attacks and scanning activities take place through automated tools that require quick responses from their victim systems. If the victim systems do not reply or are very slow to reply, the automated tools may not be successful because the protocol connection times out. This can reduce the effects of a DoS attack. QUESTION 35 Use the following scenario to answer Questions 35–37. Tom’s company has been experiencing many issues with unauthorized sniffers being installed on the network. One reason is because employees can plug their laptops, smart phones, and other mobile devices into the network, which may be infected and have running sniffers that the owners are not aware of. Implementing VPNs will not work because all of the network devices would need to be configured for specific VPNs, and some devices, as in their switches, do not have this type of functionality available. Another issue Tom’s team is dealing with is how to secure internal wireless traffic. While the wireless access points can be configured with digital certificates for authentication, pushing out and maintaining certificates on each wireless user device is cost prohibitive and will cause too much of a burden on the network team. Tom’s boss has also told him that the company needs to move http://www.gratisexam.com/ from a landline metropolitan area network solution to a wireless solution. What should Tom’s team implement to provide source authentication and data encryption at the data link level? A. B. C. D. IEEE 802.1 AR IEEE 802.1 AE IEEE 802. 1 AF IEEE 802.1X Correct Answer: D Section: (none) Explanation Explanation/Reference: IEEE 802.1AR provides a unique ID for a device. IEEE 802.1AE provides data encryption, integrity, and origin authentication functionality. IEEE 802.1 AF carries out key agreement functions for the session keys used for data encryption. Each of these standards provides specific parameters to work within an IEEE 802.1X EAP-TLS framework. A recent version (802.1X2010) has integrated IEEE 802.1AE and IEEE 802.1AR to support service identification and optional point-to-point encryption. QUESTION 36 Use the following scenario to answer Questions 35–37. Tom’s company has been experiencing many issues with unauthorized sniffers being installed on the network. One reason is because employees can plug their laptops, smart phones, and other mobile devices into the network, which may be infected and have running sniffers that the owners are not aware of. Implementing VPNs will not work because all of the network devices would need to be configured for specific VPNs, and some devices, as in their switches, do not have this type of functionality available. Another issue Tom’s team is dealing with is how to secure internal wireless traffic. While the wireless access points can be configured with digital certificates for authentication, pushing out and maintaining certificates on each wireless user device is cost prohibitive and will cause too much of a burden on the network team. Tom’s boss has also told him that the company needs to move from a landline metropolitan area network solution to a wireless solution. Which of the following solutions is best to meet the company’s need to protect wireless traffic? A. B. C. D. EAP-TLS EAP-PEAP LEAP EAP-TTLS Correct Answer: D Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: EAP-Tunneled Transport Layer Security (EAP-TTLS) is an EAP protocol that extends TLS. EAP-TTLS is designed to provide authentication that is as strong as EAP-TLS, but it does not require that each wireless device be issued a certificate. Instead, only the authentication servers are issued certificates. User authentication is performed by password, but the password credentials are transported in a securely encrypted tunnel established based upon the server certificates. QUESTION 37 Use the following scenario to answer Questions 35–37. Tom’s company has been experiencing many issues with unauthorized sniffers being installed on the network. One reason is because employees can plug their laptops, smart phones, and other mobile devices into the network, which may be infected and have running sniffers that the owners are not aware of. Implementing VPNs will not work because all of the network devices would need to be configured for specific VPNs, and some devices, as in their switches, do not have this type of functionality available. Another issue Tom’s team is dealing with is how to secure internal wireless traffic. While the wireless access points can be configured with digital certificates for authentication, pushing out and maintaining certificates on each wireless user device is cost prohibitive and will cause too much of a burden on the network team. Tom’s boss has also told him that the company needs to move from a landline metropolitan area network solution to a wireless solution. Which of the following is the best solution to meet the company’s need for broadband wireless connectivity? A. B. C. D. WiMAX IEEE 802.12 WPA2 IEEE 802.15 Correct Answer: A Section: (none) Explanation Explanation/Reference: IEEE 802.16 is a MAN wireless standard that allows for wireless traffic to cover a wide geographical area. This technology is also referred to as broadband wireless access. The commercial name for 802.16 is WiMAX. QUESTION 38 Use the following scenario to answer Questions 38–40. Lance has been brought in as a new security officer for a large medical equipment company. He has been told that many of the firewalls and IDS products have not been configured to filter IPv6 traffic; thus, many attacks have been taking place without the knowledge of the security team. While the network team has attempted to implement an automated tunneling feature to take care of this issue, they have continually run into problems with the network’s NAT device. http://www.gratisexam.com/ Lance has also found out that caching attacks have been successful against the company’s public-facing DNS server. Lance has also identified that extra authentication is necessary for current LDAP requests, but the current technology only provides password- based authentication options. Based upon the information in the scenario, what should the network team implement as it pertains to IPv6 tunneling? A. B. C. D. Teredo should be configured on IPv6-aware hosts that reside behind the NAT device. 6to4 should be configured on IPv6-aware hosts that reside behind the NAT device. Intra-Site Automatic Tunnel Addressing Protocol should be configured on IPv6-aware hosts that reside behind the NAT device. IPv6 should be disabled on all systems. Correct Answer: A Section: (none) Explanation Explanation/Reference: Teredo encapsulates IPv6 packets within UDP datagrams with IPv4 addressing. IPv6-aware systems behind the NAT device can be used as Teredo tunnel end-points even if they do not have a dedicated public IPv4 address. QUESTION 39 Use the following scenario to answer Questions 38–40. Lance has been brought in as a new security officer for a large medical equipment company. He has been told that many of the firewalls and IDS products have not been configured to filter IPv6 traffic; thus, many attacks have been taking place without the knowledge of the security team. While the network team has attempted to implement an automated tunneling feature to take care of this issue, they have continually run into problems with the network’s NAT device. Lance has also found out that caching attacks have been successful against the company’s public-facing DNS server. Lance has also identified that extra authentication is necessary for current LDAP requests, but the current technology only provides password- based authentication options. Which of the following is the best countermeasure for the attack type addressed in the scenario? A. B. C. D. DNSSEC IPSec Split server configurations Disabling zone transfers Correct Answer: A Section: (none) Explanation Explanation/Reference: DNSSEC protects DNS servers from forged DNS information, which is http://www.gratisexam.com/ commonly used to carry out DNS cache poisoning attacks. If DNSSEC is implemented, then all responses that the server receives will be verified through digital signatures. This helps to ensure that an attacker cannot provide a DNS server with incorrect information, which would point the victim to a malicious web site. QUESTION 40 Use the following scenario to answer Questions 38–40. Lance has been brought in as a new security officer for a large medical equipment company. He has been told that many of the firewalls and IDS products have not been configured to filter IPv6 traffic; thus, many attacks have been taking place without the knowledge of the security team. While the network team has attempted to implement an automated tunneling feature to take care of this issue, they have continually run into problems with the network’s NAT device. Lance has also found out that caching attacks have been successful against the company’s public-facing DNS server. Lance has also identified that extra authentication is necessary for current LDAP requests, but the current technology only provides password- based authentication options. Which of the following technologies should Lance’s team investigate for increased authentication efforts? A. B. C. D. Challenge handshake protocol Simple Authentication and Security Layer IEEE 802.2 AB EAP-SSL Correct Answer: B Section: (none) Explanation Explanation/Reference: Simple Authentication and Security Layer is a protocol-independent authentication framework. This means that any protocol that knows how to interact with SASL can use its various authentication mechanisms without having to actually embed the authentication mechanisms within its code. QUESTION 41 Wireless LAN technologies have gone through different versions over the years to address some of the inherent security issues within the original IEEE 802.11 standard. Which of the following provides the correct characteristics of Wi-Fi Protected Access 2 (WPA2)? A. B. C. D. IEEE 802.1X, WEP, MAC IEEE 802.1X, EAP, TKIP IEEE 802.1X, EAP, WEP IEEE 802.1X, EAP, CCMP http://www.gratisexam.com/ Correct Answer: D Section: (none) Explanation Explanation/Reference: Wi-Fi Protected Access 2 requires IEEE 802.1X or preshared keys for access control, EAP or preshared keys for authentication, and AES in Counter-Mode/ CBC-MAC Protocol (CCMP) for encryption. http://www.gratisexam.com/ Chapter 7 - Cryptography QUESTION 1 What is the goal of cryptanalysis? A. B. C. D. To determine the strength of an algorithm To increase the substitution functions in a cryptographic algorithm To decrease the transposition functions in a cryptographic algorithm To determine the permutations used Correct Answer: A Section: (none) Explanation Explanation/Reference: Cryptanalysis is the process of trying to reverse-engineer a cryptosystem, with the possible goal of uncovering the key used. Once this key is uncovered, all other messages encrypted with this key can be accessed. Cryptanalysis is carried out by the white hats to test the strength of the algorithm. QUESTION 2 The frequency of successful brute force attacks has increased because A. B. C. D. The use of permutations and transpositions in algorithms has increased. As algorithms get stronger, they get less complex, and thus more susceptible to attacks. Processor speed and power have increased. Key length reduces over time. Correct Answer: C Section: (none) Explanation Explanation/Reference: A brute force attack is resource-intensive. It tries all values until the correct one is obtained. As computers have more powerful processors added to them, attackers can carry out more powerful brute force attacks. QUESTION 3 Which of the following is not a property or characteristic of a one-way hash function? http://www.gratisexam.com/ A. B. C. D. It converts a message of arbitrary length into a value of fixed length. Given the digest value, it should be computationally infeasible to find the corresponding message. It should be impossible or rare to derive the same digest from two different messages. It converts a message of fixed length to an arbitrary length value. Correct Answer: D Section: (none) Explanation Explanation/Reference: A hashing algorithm will take a string of variable length, the message can be any size, and compute a fixed-length value. The fixed-length value is the message digest. The MD family creates the fixed-length value of 128 bits, and SHA creates one of 160 bits. QUESTION 4 What would indicate that a message had been modified? A. B. C. D. The public key has been altered. The private key has been altered. The message digest has been altered. The message has been encrypted properly. Correct Answer: C Section: (none) Explanation Explanation/Reference: Hashing algorithms generate message digests to detect whether modification has taken place. The sender and receiver independently generate their own digests, and the receiver compares these values. If they differ, the receiver knows the message has been altered. QUESTION 5 Which of the following is a U.S. federal government algorithm developed for creating secure message digests? A. Data Encryption Algorithm B. Digital Signature Standard C. Secure Hash Algorithm http://www.gratisexam.com/ D. Data Signature Algorithm Correct Answer: C Section: (none) Explanation Explanation/Reference: SHA was created to generate secure message digests. Digital Signature Standard (DSS) is the standard to create digital signatures, which dictates that SHA must be used. DSS also outlines the digital signature algorithms that can be used with SHA: RSA, DSA, and ECDSA. QUESTION 6 Which of the following best describes the difference between HMAC and CBC-MAC? A. B. C. D. HMAC creates a message digest and is used for integrity; CBC-MAC is used to encrypt blocks of data for confidentiality. HMAC uses a symmetric key and a hashing algorithm; CBC-MAC uses the first block for the checksum. HMAC provides integrity and data origin authentication; CBC-MAC uses a block cipher for the process of creating a MAC. HMAC encrypts a message with a symmetric key and then puts the result through a hashing algorithm; CBC-MAC encrypts the whole message. Correct Answer: C Section: (none) Explanation Explanation/Reference: In an HMAC operation, a message is concatenated with a symmetric key and the result is put through a hashing algorithm. This provides integrity and system or data authentication. CBC-MAC uses a block cipher to create a MAC, which is the last block of ciphertext. http://www.gratisexam.com/ QUESTION 7 What is an advantage of RSA over DSA? http://www.gratisexam.com/ A. B. C. D. It can provide digital signature and encryption functionality. It uses fewer resources and encrypts faster because it uses symmetric keys. It is a block cipher rather than a stream cipher. It employs a one-time encryption pad. Correct Answer: A Section: (none) Explanation Explanation/Reference: RSA can be used for data encryption, key exchange, and digital signatures. DSA can be used only for digital signatures. QUESTION 8 Many countries restrict the use or exportation of cryptographic systems. What is the reason given when these types of restrictions are put into place? A. B. C. D. Without standards, there would be many interoperability issues when trying to employ different algorithms in different programs. The systems can be used by some countries against their local people. Criminals could use encryption to avoid detection and prosecution. Laws are way behind, so adding different types of encryption would confuse the laws more. Correct Answer: C Section: (none) Explanation Explanation/Reference: The U.S. government has greatly reduced its restrictions on cryptography exportation, but there are still some restrictions in place. Products that use encryption cannot be sold to any country the United States has declared is supporting terrorism. The fear is that the enemies of the country would use encryption to hide their communication, and the government would be unable to break this encryption and spy on their data transfers. QUESTION 9 What is used to create a digital signature? A. The receiver’s private key B. The sender’s public key http://www.gratisexam.com/ C. The sender’s private key D. The receiver’s public key Correct Answer: C Section: (none) Explanation Explanation/Reference: A digital signature is a message digest that has been encrypted with the sender’s private key. A sender, or anyone else, should never have access to the receiver’s private key. QUESTION 10 Which of the following best describes a digital signature? A. B. C. D. A method of transferring a handwritten signature to an electronic document A method to encrypt confidential information A method to provide an electronic signature and encryption A method to let the receiver of the message prove the source and integrity of a message Correct Answer: D Section: (none) Explanation Explanation/Reference: A digital signature provides authentication (knowing who really sent the message), integrity (because a hashing algorithm is involved), and nonrepudiation (the sender cannot deny sending the message). QUESTION 11 How many bits make up the effective length of the DES key? A. B. C. D. 56 64 32 16 Correct Answer: A Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: DES has a key size of 64 bits, but 8 bits are used for parity, so the true key size is 56 bits. Remember that DEA is the algorithm used for the DES standard, so DEA also has a true key size of 56 bits, because we are actually talking about the same algorithm here. DES is really the standard, and DEA is the algorithm. We just call it DES in the industry because it is easier. QUESTION 12 Why would a certificate authority revoke a certificate? A. B. C. D. If the user’s public key has become compromised If the user changed over to using the PEM model that uses a web of trust If the user’s private key has become compromised If the user moved to a new location Correct Answer: C Section: (none) Explanation Explanation/Reference: The reason a certificate is revoked is to warn others who use that person’s public key that they should no longer trust the public key because, for some reason, that public key is no longer bound to that particular individual’s identity. This could be because an employee left the company, or changed his name and needed a new certificate, but most likely it is because the person’s private key was compromised. QUESTION 13 What does DES stand for? A. B. C. D. Data Encryption System Data Encryption Standard Data Encoding Standard Data Encryption Signature Correct Answer: B Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Data Encryption Standard was developed by NIST and the NSA to encrypt sensitive but unclassified government data. QUESTION 14 Which of the following best describes a certificate authority? A. B. C. D. An organization that issues private keys and the corresponding algorithms An organization that validates encryption processes An organization that verifies encryption keys An organization that issues certificates Correct Answer: D Section: (none) Explanation Explanation/Reference: A registration authority (RA) accepts a person’s request for a certificate and verifies that person’s identity. Then the RA sends this request to a certificate authority (CA), which generates and maintains the certificate. QUESTION 15 What does DEA stand for? A. B. C. D. Data Encoding Algorithm Data Encoding Application Data Encryption Algorithm Digital Encryption Algorithm Correct Answer: C Section: (none) Explanation Explanation/Reference: DEA is the algorithm that fulfilled the DES standard. So DEA has all of the attributes of DES: a symmetric block cipher that uses 64-bit blocks, 16 rounds, and a 56-bit key. QUESTION 16 http://www.gratisexam.com/ Who was involved in developing the first public key algorithm? A. B. C. D. Adi Shamir Ross Anderson Bruce Schneier Martin Hellman Correct Answer: D Section: (none) Explanation Explanation/Reference: The first released public key cryptography algorithm was developed by Whitfield Diffie and Martin Hellman. QUESTION 17 What process usually takes place after creating a DES session key? A. B. C. D. Key signing Key escrow Key clustering Key exchange Correct Answer: D Section: (none) Explanation Explanation/Reference: After a session key has been created, it must be exchanged securely. In most cryptosystems, an asymmetric key (the receiver’s public key) is used to encrypt this session key, and it is sent to the receiver. QUESTION 18 DES performs how many rounds of permutation and substitution? A. B. C. D. 16 32 64 56 http://www.gratisexam.com/ Correct Answer: A Section: (none) Explanation Explanation/Reference: DES carries out 16 rounds of mathematical computation on each 64-bit block of data it is responsible for encrypting. A round is a set of mathematical formulas used for encryption and decryption processes. QUESTION 19 Which of the following is a true statement pertaining to data encryption when it is used to protect data? A. B. C. D. It verifies the integrity and accuracy of the data. It requires careful key management. It does not require much system overhead in resources. It requires keys to be escrowed. Correct Answer: B Section: (none) Explanation Explanation/Reference: Data encryption always requires careful key management. Most algorithms are so strong today it is much easier to go after key management rather than to launch a brute force attack. Hashing algorithms are used for data integrity, encryption does require a good amount of resources, and keys do not have to be escrowed for encryption. QUESTION 20 If different keys generate the same ciphertext for the same message, what is this called? A. B. C. D. Collision Secure hashing MAC Key clustering Correct Answer: D Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Message A was encrypted with key A and the result is ciphertext Y. If that same message A were encrypted with key B, the result should not be ciphertext Y. The ciphertext should be different since a different key was used. But if the ciphertext is the same, this occurrence is referred to as key clustering. QUESTION 21 What is the definition of an algorithm’s work factor? A. B. C. D. The time it takes to encrypt and decrypt the same plaintext The time it takes to break the encryption The time it takes to implement 16 rounds of computation The time it takes to apply substitution functions CISSP All-in-One Exam Guide Correct Answer: B Section: (none) Explanation Explanation/Reference: The work factor of a cryptosystem is the amount of time and resources necessary to break the cryptosystem or its encryption process. The goal is to make the work factor so high that an attacker could not be successful in breaking the algorithm or cryptosystem. QUESTION 22 What is the primary purpose of using one-way hashing on user passwords? A. B. C. D. It minimizes the amount of primary and secondary storage needed to store passwords. It prevents anyone from reading passwords in plaintext. It avoids excessive processing required by an asymmetric algorithm. It prevents replay attacks. Correct Answer: B Section: (none) Explanation Explanation/Reference: Passwords are usually run through a one-way hashing algorithm so the actual password is not transmitted across the network or stored on a system http://www.gratisexam.com/ in plaintext. This greatly reduces the risk of an attacker being able to obtain the actual password. QUESTION 23 Which of the following is based on the fact that it is hard to factor large numbers into two original prime numbers? A. B. C. D. ECC RSA DES Diffie-Hellman Correct Answer: B Section: (none) Explanation Explanation/Reference: The RSA algorithm’s security is based on the difficulty of factoring large numbers into their original prime numbers. This is a one-way function. It is easier to calculate the product than it is to identify the prime numbers used to generate that product. QUESTION 24 Which of the following describes the difference between the Data Encryption Standard and the Rivest-Shamir-Adleman algorithm? A. B. C. D. DES is symmetric, while RSA is asymmetric. DES is asymmetric, while RSA is symmetric. They are hashing algorithms, but RSA produces a 160-bit hashing value. DES creates public and private keys, while RSA encrypts messages. Correct Answer: A Section: (none) Explanation Explanation/Reference: DES is a symmetric algorithm. RSA is an asymmetric algorithm. DES is used to encrypt data, and RSA is used to create public/private key pairs. QUESTION 25 Which of the following uses a symmetric key and a hashing algorithm? http://www.gratisexam.com/ A. B. C. D. HMAC Triple-DES ISAKMP-OAKLEY RSA Correct Answer: A Section: (none) Explanation Explanation/Reference: When an HMAC function is used, a symmetric key is combined with the message, and then that result is put though a hashing algorithm. The result is an HMAC value. HMAC provides data origin authentication and data integrity. QUESTION 26 The generation of keys that are made up of random values is referred to as Key Derivation Functions (KDFs). What values are not commonly used in this key generation process? A. B. C. D. Hashing values Asymmetric values Salts Passwords Correct Answer: B Section: (none) Explanation Explanation/Reference: Different values can be used independently or together to play the role of random key material. The algorithm is created to use specific hash, passwords, and\or salt values, which will go through a certain number of rounds of mathematical functions dictated by the algorithm. QUESTION 27 Use the following scenario to answer Questions 27–29. Tim is a new manager for the software development team at his company. There are different types of data that the company’s software needs to protect. Credit card PIN values are stored within their proprietary retail credit card processing software. The same software also stores documents, which must be properly encrypted and protected. This software is used to transfer sensitive data over dedicated WAN connections between the company’s three branches. Tim also needs to ensure that every user that interacts with the software is properly authenticated before being allowed access, and once the authentication completes successfully, an SSL connection needs to be set up and maintained for each connection. http://www.gratisexam.com/ Which of the following symmetric block encryption mode(s) should be enabled in this company’s software? (Choose two.) A. B. C. D. Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Correct Answer: AB Section: (none) Explanation Explanation/Reference: A and B. The Electronic Code Book (ECB) mode should be used to encrypt credit card PIN values, and the Cipher Block Chaining (CBC) mode should be used to encrypt documents. QUESTION 28 Use the following scenario to answer Questions 27–29. Tim is a new manager for the software development team at his company. There are different types of data that the company’s software needs to protect. Credit card PIN values are stored within their proprietary retail credit card processing software. The same software also stores documents, which must be properly encrypted and protected. This software is used to transfer sensitive data over dedicated WAN connections between the company’s three branches. Tim also needs to ensure that every user that interacts with the software is properly authenticated before being allowed access, and once the authentication completes successfully, an SSL connection needs to be set up and maintained for each connection. Which of the following would be best to implement for this company’s connections? A. B. C. D. End-to-end encryption Link encryption Trusted Platform Modules Advanced Encryption Standard Correct Answer: B Section: (none) Explanation Explanation/Reference: Since data is transmitting over dedicated WAN links, link encryptors can be implemented to encrypt the sensitive data as it moves from branch to branch. QUESTION 29 Use the following scenario to answer Questions 27–29. Tim is a new manager for the software development team at his company. There are different types of data http://www.gratisexam.com/ that the company’s software needs to protect. Credit card PIN values are stored within their proprietary retail credit card processing software. The same software also stores documents, which must be properly encrypted and protected. This software is used to transfer sensitive data over dedicated WAN connections between the company’s three branches. Tim also needs to ensure that every user that interacts with the software is properly authenticated before being allowed access, and once the authentication completes successfully, an SSL connection needs to be set up and maintained for each connection. Which of the following is the best way for users to authenticate to this company’s proprietary software? A. B. C. D. Kerberos RADIUS Public Key Infrastructure IPSec Correct Answer: C Section: (none) Explanation Explanation/Reference: The users can be authenticated by providing digital certificates to the software within a PKI environment. This is the best authentication approach, since SSL requires a PKI environment. QUESTION 30 Use the following scenario to answer Questions 30–32. Sean is a security administrator for a financial company and has an array of security responsibilities. He needs to ensure that traffic flowing within the internal network can only travel from one authenticated system to another authenticated system. This traffic has to be visible to the company’s IDS sensors, so it cannot be encrypted. The data traffic that flows externally to and from the network must only travel to authenticated systems and must be encrypted. He needs to ensure that each employee laptop has full disk encryption capabilities and that each e-mail message that each employee sends is sent from an authenticated individual. Which of the following best describes the software settings that need to be implemented for internal and external traffic? A. B. C. D. IPSec with ESP enabled for internal traffic and IPSec with AH enabled for external traffic IPSec with AH enabled for internal traffic and IPSec with ESP enabled for external traffic IPSec with AH enabled for internal traffic and IPSec with AN and ESP enabled for external traffic IPSec with AH and ESP enabled for internal traffic and IPSec with ESP enabled for external traffic Correct Answer: B Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ IPSec can be configured using the AH protocol, which enables system authentication but does not provide encryption capabilities. IPSec can be configured with the ESP protocol, which provides authentication and encryption capabilities. QUESTION 31 Use the following scenario to answer Questions 30–32. Sean is a security administrator for a financial company and has an array of security responsibilities. He needs to ensure that traffic flowing within the internal network can only travel from one authenticated system to another authenticated system. This traffic has to be visible to the company’s IDS sensors, so it cannot be encrypted. The data traffic that flows externally to and from the network must only travel to authenticated systems and must be encrypted. He needs to ensure that each employee laptop has full disk encryption capabilities and that each e-mail message that each employee sends is sent from an authenticated individual. When Sean purchases laptops for his company, what does he need to ensure is provided by the laptop vendor? A. B. C. D. Public key cryptography Cryptography, hashing, and message authentication BIOS password protection Trusted Platform Module Correct Answer: D Section: (none) Explanation Explanation/Reference: Trusted Platform Module (TPM) is a microchip that is part of the motherboard of newer systems. It provides cryptographic functionality that allows for full disk encryption. The decryption key is wrapped and stored within the TPM chip. QUESTION 32 Use the following scenario to answer Questions 30–32. Sean is a security administrator for a financial company and has an array of security responsibilities. He needs to ensure that traffic flowing within the internal network can only travel from one authenticated system to another authenticated system. This traffic has to be visible to the company’s IDS sensors, so it cannot be encrypted. The data traffic that flows externally to and from the network must only travel to authenticated systems and must be encrypted. He needs to ensure that each employee laptop has full disk encryption capabilities and that each e-mail message that each employee sends is sent from an authenticated individual. What type of e-mail functionality is required for this type of scenario? A. Digital signature B. Hashing http://www.gratisexam.com/ C. Cryptography D. Message authentication code Correct Answer: A Section: (none) Explanation Explanation/Reference: A digital signature is a hash value that has been encrypted with the sender’s private key. A message can be digitally signed, which provides authentication, nonrepudiation, and integrity. When e-mail clients have this type of functionality, each sender is authenticated through digital certificates. http://www.gratisexam.com/ Chapter 8 - Business Continuity and Disaster Recovery QUESTION 1 What action should take place to restore a system and its data files after a system failure? A. B. C. D. Restore from storage media backup. Perform a parallel test. Implement recovery procedures. Perform a walk-through test. Correct Answer: C Section: (none) Explanation Explanation/Reference: In this and similar situations, recovery procedures should be followed, which most likely include recovering data from the backup media. Recovery procedures could include proper steps for rebuilding a system from the beginning, applying the necessary patches and configurations, and ensuring that what needs to take place to ensure productivity is not affected. Some type of redundant system may need to be put into place. QUESTION 2 What is one of the first steps in developing a business continuity plan? A. B. C. D. Identify a backup solution. Perform a simulation test. Perform a business impact analysis. Develop a business resumption plan. Correct Answer: C Section: (none) Explanation Explanation/Reference: A business impact analysis includes identifying critical systems and functions of a company and interviewing representatives from each department. Once management’s support is solidified, a business impact analysis needs to be performed to identify the threats the company faces and the potential costs of these threats. http://www.gratisexam.com/ QUESTION 3 How often should a business continuity plan be tested? A. B. C. D. At least every ten years Only when the infrastructure or environment changes At least every two years Whenever there are significant changes in the organization and annually Correct Answer: D Section: (none) Explanation Explanation/Reference: The plans should be tested if there have been substantial changes to the company or the environment. They should also be tested at least once a year. QUESTION 4 During a recovery procedure test, one important step is to maintain records of important events that happen during the test. What other step is just as important? A. B. C. D. Schedule another test to address issues that were identified during that procedure. Make sure someone is prepared to talk to the media with the appropriate responses. Report the events to management. Identify essential business functions. Correct Answer: C Section: (none) Explanation Explanation/Reference: When recovery procedures are carried out, the outcome of those procedures should be reported to the individuals who are responsible for this type of activity, which is usually some level of management. If the procedures worked properly, management should know it, and if problems were encountered, management should definitely be made aware of them. Members of management are the ones who are responsible overall for fixing the recovery system and will be the ones to delegate this work and provide the necessary funding and resources. QUESTION 5 http://www.gratisexam.com/ Which of the following actions is least important when quantifying risks associated with a potential disaster? Chapter 8: Business Continuity and Disaster Recovery A. B. C. D. Gathering information from agencies that report the probability of certain natural disasters taking place in that area Identifying the company’s key functions and business requirements Identifying critical systems that support the company’s operations Estimating the potential loss and impact the company would face based on how long the outage lasted Correct Answer: A Section: (none) Explanation Explanation/Reference: The question asked you about quantifying the risks, which means to calculate the potential business impact of specific disasters. The core components of a business impact analysis are • Identifying the company’s key functions and business requirements • Identifying critical systems that support the company’s operations • Estimating the potential loss and impact the company would face based on how long the outage lasted Gathering information from agencies that report the probability of certain natural disasters taking place in that area is an important piece in determining the probability of these threats, but it is considered least necessary when quantifying the potential damage that could be experienced. QUESTION 6 The purpose of initiating emergency procedures right after a disaster takes place is to prevent loss of life and injuries, and to _______________. A. B. C. D. Secure the area to ensure that no looting or fraud takes place Mitigate further damage Protect evidence and clues Investigate the extent of the damages Correct Answer: B Section: (none) Explanation Explanation/Reference: The main goal of disaster recovery and business continuity plans is to mitigate all risks that could be experienced by a company. Emergency http://www.gratisexam.com/ procedures first need to be carried out to protect human life, and then other procedures need to be executed to reduce the damage from further threats. QUESTION 7 Which of the following is the best way to ensure that the company’s backup tapes can be restored and used at a warm site? A. B. C. D. Retrieve the tapes from the offsite facility, and verify that the equipment at the original site can read them. Ask the offsite vendor to test them, and label the ones that were properly read. Test them on the vendor’s machine, which won’t be used during an emergency. Inventory each tape kept at the vendor’s site twice a month. Correct Answer: A Section: (none) Explanation Explanation/Reference: A warm site is a facility that will not be fully equipped with the company’s main systems. The goal of using a warm site is that, if a disaster takes place, the company will bring its systems with it to the warm site. If the company cannot bring the systems with it because they are damaged, the company must purchase new systems that are exactly like the original systems. So, to properly test backups, the company needs to test them by recovering the data on its original systems at its main site. QUESTION 8 Which best describes a hot-site facility versus a warm- or cold-site facility? A. B. C. D. A site that has disk drives, controllers, and tape drives A site that has all necessary PCs, servers, and telecommunications A site that has wiring, central air-conditioning, and raised flooring A mobile site that can be brought to the company’s parking lot Correct Answer: B Section: (none) Explanation Explanation/Reference: A hot site is a facility that is fully equipped and properly configured so that it can be up and running within hours to get a company back into production. Answer B gives the best definition of a fully functionally http://www.gratisexam.com/ environment. QUESTION 9 Which is the best description of remote journaling? A. B. C. D. Backing up bulk data to an offsite facility Backing up transaction logs to an offsite facility Capturing and saving transactions to two mirrored servers in-house Capturing and saving transactions to different media types Correct Answer: B Section: (none) Explanation Explanation/Reference: Remote journaling is a technology used to transmit data to an offsite facility, but this usually only includes moving the journal or transaction logs to the offsite facility, not the actual files. QUESTION 10 Which of the following is something that should be required of an offsite backup facility that stores backed-up media for companies? A. B. C. D. The facility should be within 10 to 15 minutes of the original facility to ensure easy access. The facility should contain all necessary PCs and servers and should have raised flooring. The facility should be protected by an armed guard. The facility should protect against unauthorized access and entry. Correct Answer: D Section: (none) Explanation Explanation/Reference: This question addresses a facility that is used to store backed-up data; it is not talking about an offsite facility used for disaster recovery purposes. The facility should not be only 10 to 15 minutes away, because some types of disasters could destroy both the company’s main facility and this facility if they are that close together, in which case the company would lose all of its information. The facility should have the same security standards as the company’s security, including protection against unauthorized access. http://www.gratisexam.com/ QUESTION 11 Which item will a business impact analysis not identify? A. B. C. D. Whether the company is best suited for a parallel or full-interrupt test What areas would suffer the greatest operational and financial loss in the event of a particular disaster or disruption What systems are critical for the company and must be highly protected What amount of outage time a company can endure before it is permanently crippled Correct Answer: A Section: (none) Explanation Explanation/Reference: All the other answers address the main components of a business impact analysis. Determining the best type of exercise or drill to carry out is not covered under this type of analysis. QUESTION 12 Which areas of a company are recovery plans recommended for? A. B. C. D. The most important operational and financial areas The areas that house the critical systems All areas The areas that the company cannot survive without Correct Answer: C Section: (none) Explanation Explanation/Reference: It is best if every department within the company has its own contingency plan and procedures in place. These individual plans would “roll up” into the overall enterprise BCP. QUESTION 13 Who has the final approval of the business continuity plan? A. The planning committee B. Each representative of each department http://www.gratisexam.com/ C. Management D. External authority Correct Answer: C Section: (none) Explanation Explanation/Reference: Management really has the final approval over everything within a company, including these plans. QUESTION 14 Which is the proper sequence of steps followed in business continuity management? A. B. C. D. Project initiation, strategy development, business impact analysis, plan development, implementation, testing, and maintenance Strategy development, project initiation, business impact analysis, plan development, implementation, testing, and maintenance Implementation and testing, project initiation, strategy development, business impact analysis, and plan development Plan development, project initiation, strategy development, business impact analysis, implementation, testing, and maintenance Correct Answer: A Section: (none) Explanation Explanation/Reference: These steps outline the processes that should take place in the correct order from beginning to end in business continuity management. QUESTION 15 What is the most crucial requirement in developing a business continuity plan? A. B. C. D. Business impact analysis Implementation, testing, and following through Participation from each and every department Management support Correct Answer: D Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Management’s support is the first thing to obtain before putting any real effort into developing these plans. Without management’s support, the effort will not receive the necessary attention, resources, funds, or enforcement. QUESTION 16 During development, testing, and maintenance of the continuity plan, a high degree of interaction and communications is crucial to the process. Why? A. B. C. D. This is a regulatory requirement of the process. The more people who talk about it and are involved, the more awareness will increase. This is not crucial to the plan and should not be interactive because it will most likely affect operations. Management will more likely support it. Correct Answer: B Section: (none) Explanation Explanation/Reference: Communication not only spreads awareness of these plans and their contents, but also allows more people to discuss the possible threats and solutions, which may lead to ideas that the original team did not consider. QUESTION 17 To get proper management support and approval of the plan, a business case must be made. Which of the following is least important to this business case? A. B. C. D. Regulatory and legal requirements Company vulnerabilities to disasters and disruptions How other companies are dealing with these issues The impact the company can endure if a disaster hits Correct Answer: C Section: (none) Explanation Explanation/Reference: The other three answers are key components when building a business case. Although it is a good idea to investigate and learn about how other companies are dealing with similar issues, it is the least important of the four items listed. QUESTION 18 http://www.gratisexam.com/ Which of the following describes a parallel test? A. B. C. D. It is performed to ensure that operations performed at the alternate site also give the same results as at the primary site. All departments receive a copy of the disaster recovery plan and walk through it. Representatives from each department come together and go through the test collectively. Normal operations are shut down. Correct Answer: A Section: (none) Explanation Explanation/Reference: In a parallel test, some systems are run at the alternate site, and the results are compared with how processing takes place at the primary site. This is to ensure that the systems work in that area and productivity is not affected. This also extends the previous test and allows the team to walk through the steps of setting up and configuring systems at the offsite facility. QUESTION 19 Which of the following describes a structured walk-through test? A. B. C. D. It is performed to ensure that critical systems will run at the alternate site. All departments receive a copy of the disaster recovery plan and walk through it. Representatives from each department come together and review the steps of the test collectively without actually performing those steps. Normal operations are shut down. Correct Answer: C Section: (none) Explanation Explanation/Reference: During a structured walk-through test, functional representatives review the plan to ensure its accuracy and that it correctly and accurately reflects the company’s recovery strategy. QUESTION 20 When is the emergency actually over for a company? A. When all people are safe and accounted for http://www.gratisexam.com/ B. When all operations and people are moved back into the primary site C. When operations are safely moved to the offsite facility D. When a civil official declares that all is safe Correct Answer: B Section: (none) Explanation Explanation/Reference: The emergency is not actually over until the company moves back into its primary site. The company is still vulnerable and at risk while it is operating in an altered or crippled state. This state of vulnerability is not over until the company is operating in the way it was prior to the disaster. Of course, this may mean that the primary site has to be totally rebuilt if it was destroyed. QUESTION 21 Which of the following does not describe a reciprocal agreement? A. B. C. D. The agreement is enforceable. It is a cheap solution. It may be able to be implemented right after a disaster. It could overwhelm a current data processing site. Correct Answer: A Section: (none) Explanation Explanation/Reference: A reciprocal agreement is not enforceable, meaning that the company that agreed to let the damaged company work out of its facility can decide not to allow this to take place. A reciprocal agreement is a better secondary backup option if the original plan falls through. QUESTION 22 Which of the following describes a cold site? A. Fully equipped and operational in a few hours B. Partially equipped with data processing equipment C. Expensive and fully configured http://www.gratisexam.com/ D. Provides environmental measures but no equipment Correct Answer: D Section: (none) Explanation Explanation/Reference: A cold site only provides environmental measures—wiring, air conditioning, raised floors—basically a shell of a building and no more. QUESTION 23 Which of the following best describes what a disaster recovery plan should contain? A. B. C. D. Hardware, software, people, emergency procedures, recovery procedures People, hardware, offsite facility Software, media interaction, people, hardware, management issues Hardware, emergency procedures, software, identified risk Correct Answer: A Section: (none) Explanation Explanation/Reference: The recovery plan should contain information about how to deal with people, hardware, software, emergency procedures, recovery procedures, facility issues, and supplies. QUESTION 24 Which of the following is not an advantage of a hot site? A. B. C. D. Offers many hardware and software choices. Is readily available. Can be up and running in hours. Annual testing is available. Correct Answer: A Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Because hot sites are fully equipped, they do not allow for a lot of different hardware and software choices. The subscription service offers basic software and hardware products, and does not usually offer a wide range of proprietary items. QUESTION 25 Disaster recovery plans can stay updated by doing any of the following except: A. B. C. D. Making disaster recovery a part of every business decision Making sure it is part of employees’ job descriptions Performing regular drills that use the plan Making copies of the plan and storing them in an offsite facility Chapter 8: Business Continuity and Disaster Recovery Correct Answer: D Section: (none) Explanation Explanation/Reference: The plan should be part of normal business activities. A lot of time and resources go into creating disaster recovery plans, after which they are usually stored away and forgotten. They need to be updated continuously as the environment changes to ensure that the company can properly react to any type of disaster or disruption. QUESTION 26 What is the second step that is missing in the following graphic? http://www.gratisexam.com/ http://www.gratisexam.com/ A. B. C. D. Business impact analysis NIST standard Management approval and resource allocation Change control Correct Answer: A Section: (none) Explanation Explanation/Reference: The missing step is the BIA. The steps of the BIA are as follows: • Identify the company’s critical business functions. • Decide on information-gathering techniques: interviews, surveys, qualitative or quantitative questionnaires. • Identify resources these functions depend upon. • Calculate how long these functions can be without these resources. • Identify vulnerabilities and threats to these functions. • Calculate the risk for each different business function. • Develop backup solutions for resources based on tolerable outage times. • Develop recovery solutions for the company’s individual departments and for the company as a whole. QUESTION 27 What would the items in the following graphic best be collectively called? http://www.gratisexam.com/ A. B. C. D. Business impact values Activation phase values Maximum tolerable downtime values Reconstitution impact times and values Correct Answer: C Section: (none) Explanation Explanation/Reference: Maximum tolerable downtime values. This is the timeframe between an unplanned interruption of business operations and the resumption of business at a reduced level of service. The BIA identifies which of the company’s critical systems are needed for survival and estimates the outage time that can be tolerated by the company as a result of various unfortunate events. The outage time that can be endured by a company is referred to as the maximum tolerable downtime. http://www.gratisexam.com/ QUESTION 28 Business continuity planning needs to provide several types of functionalities and protection types for an organization. Which of the following is not one of these items? i. Provide an immediate and appropriate response to emergency situations ii. Protect lives and ensure safety iii. Reduce business conflicts iv. Resume critical business functions v. Work with outside vendors during the recovery period vi. Reduce confusion during a crisis vii. Ensure survivability of the business viii. Get “up and running” quickly after a disaster A. B. C. D. ii, iii, vii ii, iii, v, vi iii i, ii Correct Answer: C Section: (none) Explanation Explanation/Reference: Preplanned procedures allow an organization to i. Provide an immediate and appropriate response to emergency situations ii. Protect lives and ensure safety iii. Reduce business impact iv. Resume critical business functions v. Work with outside vendors during the recovery period vi. Reduce confusion during a crisis vii. Ensure survivability of the business viii. Get “up and running” quickly after a disaster QUESTION 29 Which of the following have incorrect definition mapping when it comes to disaster recovery steps? i. Develop the continuity planning policy statement. Write a policy that provides the guidance necessary to develop a BCP and that assigns authority to the necessary roles to carry out these tasks. ii. Conduct the BIA. Identify critical functions and systems, and allow the organization to prioritize them based on necessity. Identify vulnerabilities and threats, and calculate risks. iii. Identify preventive controls. Once threats are recognized, identify and implement controls and countermeasures to reduce the organization’s risk level in an economical manner. iv. Develop recovery strategies. Write procedures and guidelines for how the organization can still stay functional in a crippled state. http://www.gratisexam.com/ v. Develop the contingency plan. Formulate methods to ensure systems and critical functions can be brought online quickly. vi. Test the plan and conduct training and exercises. Test the plan to identify deficiencies in the BCP, and conduct training to properly prepare individuals on their expected tasks. vii. Maintain the plan. Put in place steps to ensure the BCP is a living document that is updated regularly. A. B. C. D. iii, iv, v ii, vii iv, v iii, iv, v Correct Answer: C Section: (none) Explanation Explanation/Reference: The correct disaster recovery steps and their associated definition mappings are laid out as follows: i. Develop the continuity planning policy statement. Write a policy that provides the guidance necessary to develop a BCP and that assigns authority to the necessary roles to carry out these tasks. ii. Conduct the BIA. Identify critical functions and systems, and allow the organization to prioritize them based on necessity. Identify vulnerabilities and threats, and calculate risks. iii. Identify preventive controls. Once threats are recognized, identify and implement controls and countermeasures to reduce the organization’s risk level in an economical manner. iv. Develop recovery strategies. Formulate methods to ensure systems and critical functions can be brought online quickly. v. Develop the contingency plan. Write procedures and guidelines for how the organization can still stay functional in a crippled state. vi. Test the plan and conduct training and exercises. Test the plan to identify deficiencies in the BCP, and conduct training to properly prepare individuals on their expected tasks. vii. Maintain the plan. Put in place steps to ensure the BCP is a living document that is updated regularly. QUESTION 30 Sam is a manager who is responsible for overseeing the development and the approval of the business continuity plan. He needs to make sure that his team is creating correct and all-inclusive loss criteria when it comes to potential business impacts. Which of the following is not a negative characteristic or value that is commonly included in the criteria? http://www.gratisexam.com/ i. Loss in reputation and public confidence ii. Loss of competitive advantages iii. Decrease in operational expenses iv. Violations of contract agreements v. Violations of legal and regulatory requirements vi. Delayed income costs vii. Loss in revenue viii. Loss in productivity A. B. C. D. i, vii, viii iii, v, vi iii vi Correct Answer: C Section: (none) Explanation Explanation/Reference: Loss criteria must be applied to the individual threats that were identified. The criteria should include at least the following: • Loss in reputation and public confidence • Loss of competitive advantages • Increase in operational expenses • Violations of contract agreements • Violations of legal and regulatory requirements • Delayed income costs • Loss in revenue • Loss in productivity QUESTION 31 Which of the following best describes the relationship between highavailability and disaster recovery techniques and technologies? A. High-availability technologies and processes are commonly put into place so that if a disaster does take place, either availability of the critical functions continues or the delay of getting them back online and running is low. B. High availability deals with asynchronous replication and recovery time objective requirements, which increases disaster recovery performance. C. High availability deals with synchronous replication and recovery point objective requirements, which increases disaster recovery performance. D. Disaster recovery technologies and processes are put into place to provide high-availability service levels. Correct Answer: A Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: High availability and disaster recovery are not the same, but they have a relationship. High-availability technologies and processes are commonly put into place so that if a disaster does take place, either availability of the critical functions continues or the delay of getting them back online and running is low. QUESTION 32 Susan is the new BCM coordinator and needs to identify various preventive and recovery solutions her company should implement for BCP\DRP efforts. She and her team have carried out an impact analysis and found out that the company’s order processing functionality cannot be out of operation for more than 15 hours. She has calculated that the order processing systems and applications must be brought back online within eight hours after a disruption. The analysis efforts have also indicated that the data that are restored cannot be older than five minutes of current real-time data. Which of the following best describes the metrics and their corresponding values that Susan’s team has derived? A. B. C. D. MTD of the order processing functionality is 15 hours. RPO value is 8 hours. WRT value is 7 hours. RTO value is 5 minutes. MTD of the order processing functionality is 15 hours. RTO value is 8 hours. WRT value is 7 hours. RPO value is 5 minutes. MTD of the order processing functionality is 15 hours. RTO value is 7 hours. WRT value is 8 hours. RPO value is 5 minutes. MTD of the order processing functionality is 8 hours. RTO value is 15 hours. WRT value is 7 hours. RPO value is 5 minutes. Correct Answer: B Section: (none) Explanation Explanation/Reference: The order processing functionality as a whole has to be up and running within 15 hours, which is the maximum tolerable downtime (MTD). The systems and applications have to be up and running in eight hours, which is the Recovery Time Objective (RTO). RTO deals with technology, but we still need processes and people in place to run the technology. Work Recovery Time (WRT) is the remainder of the overall MTD value. RTO usually deals with getting the infrastructure and systems back up and running, and WRT deals with restoring data, testing processes, and then making everything “live” for production purposes. The data that are restored for this function can only be five minutes old; thus, the Recovery Point Objective (RPO) has the value of five minutes. http://www.gratisexam.com/ Chapter 9 - Legal, Regulations, Investigations and Compliance QUESTION 1 Which of the following does the Internet Architecture Board consider unethical? A. B. C. D. Creating a computer virus Entering information into a web page Performing a penetration test on a host on the Internet Disrupting Internet communications Correct Answer: D Section: (none) Explanation Explanation/Reference: The Internet Architecture Board (IAB) is a committee for Internet design, engineering, and management. It considers the use of the Internet to be a privilege that should be treated as such. The IAB considers the following acts unethical and unacceptable behavior: • Purposely seeking to gain unauthorized access to Internet resources • Disrupting the intended use of the Internet • Wasting resources (people, capacity, and computers) through purposeful actions • Destroying the integrity of computer-based information • Compromising the privacy of others • Negligence in the conduct of Internet-wide experiments QUESTION 2 What is the study of computers and surrounding technologies and how they relate to crime? A. B. C. D. Computer forensics Computer vulnerability analysis Incident handling Computer information criteria Correct Answer: A Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ Computer forensics is a field that specializes in understanding and properly extracting evidence from computers and peripheral devices for the purpose of prosecution. Collecting this type of evidence requires a skill set and understanding of several relative laws. QUESTION 3 Which of the following does the Internet Architecture Board consider unethical behavior? A. B. C. D. Internet users who conceal unauthorized accesses Internet users who waste computer resources Internet users who write viruses Internet users who monitor traffic Correct Answer: B Section: (none) Explanation Explanation/Reference: This question is similar to Question 1. The IAB has declared wasting computer resources through purposeful activities unethical because it sees these resources as assets that are to be available for the computing society. QUESTION 4 After a computer forensics investigator seizes a computer during a crime investigation, what is the next step? A. B. C. D. Label and put it into a container, and then label the container. Dust the evidence for fingerprints. Make an image copy of the disks. Lock the evidence in the safe. Correct Answer: C Section: (none) Explanation Explanation/Reference: Several steps need to be followed when gathering and extracting evidence from a scene. Once a computer has been confiscated, the first thing the computer forensics team should do is make an image of the hard drive. The team will work from this image instead of the original hard drive so it stays in a pristine state and the evidence on the drive is not accidentally corrupted or http://www.gratisexam.com/ modified. QUESTION 5 A CISSP candidate signs an ethics statement prior to taking the CISSP examination. Which of the following would be a violation of the (ISC)2 Code of Ethics that could cause the candidate to lose his or her certification? A. B. C. D. E-mailing information or comments about the exam to other CISSP candidates Submitting comments on the questions of the exam to (ISC)2 Submitting comments to the board of directors regarding the test and content of the class Conducting a presentation about the CISSP certification and what the certification means Correct Answer: A Section: (none) Explanation Explanation/Reference: A CISSP candidate and a CISSP holder should never discuss with others what was on the exam. This degrades the usefulness of the exam to be used as a tool to test someone’s true security knowledge. If this type of activity is uncovered, the person could be stripped of their CISSP certification. QUESTION 6 If your company gives you a new PC and you find residual information about confidential company issues, what should you do based on the (ISC)2 Code of Ethics? A. B. C. D. Contact the owner of the file and inform him about it. Copy it to a disk, give it to him, and delete your copy. Delete the document because it was not meant for you. Inform management of your findings so it can make sure this type of thing does not happen again. E-mail it to both the author and management so everyone is aware of what is going on. Correct Answer: C Section: (none) Explanation Explanation/Reference: When dealing with the possible compromise of confidential company information or intellectual property, management should be informed and be involved as soon as possible. Management members are the ones who are ultimately responsible for this data and who understand the damage its leakage can cause. An employee should not attempt to address and deal with these issues on his own. http://www.gratisexam.com/ QUESTION 7 Why is it difficult to investigate computer crime and track down the criminal? A. B. C. D. Privacy laws are written to protect people from being investigated for these types of crimes. Special equipment and tools are necessary to detect these types of criminals. Criminals can hide their identity and hop from one network to the next. The police have no jurisdiction over the Internet. Correct Answer: C Section: (none) Explanation Explanation/Reference: Spoofing one’s identity and being able to traverse anonymously through different networks and the Internet increase the complexity and difficulty of tracking down criminals who carry out computer crimes. It is very easy to commit many damaging crimes from across the country or world, and this type of activity can be difficult for law enforcement to track down. QUESTION 8 Protecting evidence and providing accountability for who handled it at different steps during the investigation is referred to as what? A. B. C. D. The rule of best evidence Hearsay Evidence safety Chain of custody Correct Answer: D Section: (none) Explanation Explanation/Reference: Properly following the chain of custody for evidence is crucial for it to be admissible in court. A chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to establish that it is sufficiently trustworthy to be presented as evidence in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy. http://www.gratisexam.com/ QUESTION 9 If an investigator needs to communicate with another investigator but does not want the criminal to be able to eavesdrop on this conversation, what type of communication should be used? A. B. C. D. Digitally signed messages Out-of-band messages Forensics frequency Authentication and access control Correct Answer: B Section: (none) Explanation Explanation/Reference: Out-of-band communication means to communicate through some other type of communication channel. For example, if law enforcement agents are investigating a crime on a network, they should not share information through e-mail that passes along this network. The criminal may still have sniffers installed and thus be able to access this data. QUESTION 10 Why is it challenging to collect and identify computer evidence to be used in a court of law? A. B. C. D. The evidence is mostly intangible. The evidence is mostly corrupted. The evidence is mostly encrypted. The evidence is mostly tangible. Correct Answer: A Section: (none) Explanation Explanation/Reference: The evidence in computer crimes usually comes straight from computers themselves. This means the data are held as electronic voltages, which are represented as binary bits. Some data can be held on hard drives and peripheral devices, and some data may be held in the memory of the system itself. This type of evidence is intangible in that it is not made up of objects one can hold, see, and easily understand. Other types of crimes usually have evidence that is more tangible in nature, and that is easier to handle and control. http://www.gratisexam.com/ QUESTION 11 The chain of custody of evidence describes who obtained the evidence and __________. A. B. C. D. Who secured it and stole it Who controlled it and broke it Who secured it and validated it Who controlled it and duplicated it Correct Answer: C Section: (none) Explanation Explanation/Reference: The chain of custody outlines a process to ensure that under no circumstance was there a possibility for the evidence to be tampered with. If the chain of custody is broken, there is a high probability that the evidence will not be admissible in court. If it is admitted, it will not carry as much weight. QUESTION 12 Why is computer-generated documentation usually considered unreliable evidence? A. B. C. D. It is primary evidence. It is too difficult to detect prior modifications. It is corroborative evidence. It is not covered under criminal law, but it is covered under civil law. Correct Answer: B Section: (none) Explanation Explanation/Reference: It can be very difficult to determine if computer-generated material has been modified before it is presented in court. Since this type of evidence can be altered without being detected, the court cannot put a lot of weight on this evidence. Many times, computer-generated evidence is considered hearsay in that there is no firsthand proof backing it up. QUESTION 13 Which of the following is a necessary characteristic of evidence for it to be admissible? http://www.gratisexam.com/ A. B. C. D. It must be real. It must be noteworthy. It must be reliable. It must be important. Correct Answer: C Section: (none) Explanation Explanation/Reference: For evidence to be admissible, it must be sufficient, reliable, and relevant to the case. For evidence to be reliable, it must be consistent with fact and must not be based on opinion or be circumstantial. QUESTION 14 If a company deliberately planted a flaw in one of its systems in the hope of detecting an attempted penetration and exploitation of this flaw, what would this be called? A. B. C. D. Incident recovery response Entrapment Illegal Enticement Correct Answer: D Section: (none) Explanation Explanation/Reference: Companies need to be very careful about the items they use to entice intruders and attackers, because this may be seen as entrapment by the court. It is best to get the legal department involved before implementing these items. Putting a honeypot in place is usually seen as the use of enticement tools. QUESTION 15 If an employee is suspected of wrongdoing in a computer crime, what department must be involved? A. Human resources http://www.gratisexam.com/ B. Legal C. Audit D. Payroll Correct Answer: A Section: (none) Explanation Explanation/Reference: It is imperative that the company gets human resources involved if an employee is considered a suspect in a computer crime. This department knows the laws and regulations pertaining to employee treatment and can work to protect the employee and the company at the same time. QUESTION 16 When would an investigator’s notebook be admissible in court? A. B. C. D. When he uses it to refresh memory When he cannot be present for testimony When requested by the judge to learn the original issues of the investigations When no other physical evidence is available Correct Answer: A Section: (none) Explanation Explanation/Reference: Notes that are taken by an investigator will, in most cases, not be admissible in court as evidence. This is not seen as reliable information and can only be used by the investigator to help him remember activities during the investigation. QUESTION 17 Disks and other media that are copies of the original evidence are considered what? A. B. C. D. Primary evidence Reliable and sufficient evidence Hearsay evidence Conclusive evidence http://www.gratisexam.com/ Correct Answer: C Section: (none) Explanation Explanation/Reference: In most cases, computer-related evidence falls under the hearsay category, because it is seen as copies of the original data that are held in the computer itself and can be modified without any indication. Evidence is considered hearsay when there is no firsthand proof in place to validate it. QUESTION 18 If a company does not inform employees that they may be monitored and does not have a policy stating how monitoring should take place, what should a company do? A. B. C. D. Don’t monitor employees in any fashion. Monitor during off-hours and slow times. Obtain a search warrant before monitoring an employee. Monitor anyway—they are covered by two laws allowing them to do this. Correct Answer: A Section: (none) Explanation Explanation/Reference: Before a company can monitor its employees, it is supposed to inform them that this type of activity can take place. If a company monitors an employee without telling him, this could be seen as an invasion of privacy. The employee had an expected level of privacy that was invaded. The company should implement monitoring capabilities into its security policy and employee security-awareness programs. QUESTION 19 What is one reason why successfully prosecuting computer crimes is so challenging? A. B. C. D. There is no way to capture electrical data reliably. The evidence in computer cases does not follow best evidence directives. These crimes do not always fall into the traditional criminal activity categories. Wiretapping is hard to do legally. http://www.gratisexam.com/ Correct Answer: C Section: (none) Explanation Explanation/Reference: We have an infrastructure set up to investigate and prosecute crimes: law enforcement, laws, lawyers, courts, juries, judges, and so on. This infrastructure has a long history of prosecuting “traditional” crimes. Only in the last ten years or so have computer crimes been prosecuted more regularly; thus, these types of crimes are not fully rooted in the legal system with all of the necessary and useful precedents. QUESTION 20 When can executives be charged with negligence? A. B. C. D. If they follow the transborder laws If they do not properly report and prosecute attackers If they properly inform users that they may be monitored If they do not practice due care when protecting resources Correct Answer: D Section: (none) Explanation Explanation/Reference: Executives are held to a certain standard and are expected to act responsibly when running and protecting a company. These standards and expectations equate to the due care concept under the law. Due care means to carry out activities that a reasonable person would be expected to carry out in the same situation. If an executive acts irresponsibly in any way, she can be seen as not practicing due care and be held negligent. QUESTION 21 To better deal with computer crime, several legislative bodies have taken what steps in their strategy? A. B. C. D. Expanded several privacy laws Broadened the definition of property to include data Required corporations to have computer crime insurance Redefined transborder issues http://www.gratisexam.com/ Correct Answer: B Section: (none) Explanation Explanation/Reference: Many times, what is corrupted, compromised, or taken from a computer is data, so current laws have been updated to include the protection of intangible assets, as in data. Over the years, data and information have become many companies’ most valuable asset, which must be protected by the laws. QUESTION 22 Many privacy laws dictate which of the following rules? A. B. C. D. Individuals have a right to remove any data they do not want others to know. Agencies do not need to ensure that the data are accurate. Agencies need to allow all government agencies access to the data. Agencies cannot use collected data for a purpose different from what they were collected for. Correct Answer: D Section: (none) Explanation Explanation/Reference: The Federal Privacy Act of 1974 and the European Union Principles on Privacy were created to protect citizens from government agencies that collect personal data. These acts have many stipulations, including that the information can only be used for the reason for which it was collected. QUESTION 23 Which of the following is not true about dumpster diving? A. B. C. D. It is legal. It is illegal. It is a breach of physical security. It is gathering data from places people would not expect to be raided. Correct Answer: B Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Dumpster diving is the act of going through someone’s trash with the hope of uncovering useful information. Dumpster diving is legal if it does not involve trespassing, but it is unethical. QUESTION 24 Use the following scenario to answer Questions 24–26. Ron is a new security manager and needs to help ensure that his company can easily work with international entities in the case of cybercrime activities. His company is expanding their offerings to include cloud computing to their customers, which are from all over the world. Ron knows that several of their partners work in Europe, who would like to take advantage of his company’s cloud computing offerings. Which of the following should Ron ensure that his company’s legal team is aware of pertaining to cybercrime issues? A. B. C. D. Business exemption rule of evidence Council of Europe (CoE) Convention on Cybercrime Digital Millennium Copyright Act Personal Information Protection and Electronic Documents Act Correct Answer: B Section: (none) Explanation Explanation/Reference: Council of Europe (CoE) Convention on Cybercrime is the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation. QUESTION 25 Use the following scenario to answer Questions 24–26. Ron is a new security manager and needs to help ensure that his company can easily work with international entities in the case of cybercrime activities. His company is expanding their offerings to include cloud computing to their customers, which are from all over the world. Ron knows that several of their partners work in Europe, who would like to take advantage of his company’s cloud computing offerings. Ron needs to make sure the executives of his company are aware of issues pertaining to transmitting privacy data over international boundaries. Which of the following should Ron be prepared to brief his bosses on pertaining to this issue? A. B. C. D. OECD Guidelines Exigent circumstances Australian Computer Emergency Response Team’s General Guidelines International Organization on Computer Evidence http://www.gratisexam.com/ Correct Answer: A Section: (none) Explanation Explanation/Reference: Global organizations that move data across other countries’ boundaries must be aware of and follow the Organisation for Economic Co-operation and Development (OECD) Guidelines, which deal with the protection of privacy and transborder flows of personal data. QUESTION 26 Use the following scenario to answer Questions 24–26. Ron is a new security manager and needs to help ensure that his company can easily work with international entities in the case of cybercrime activities. His company is expanding their offerings to include cloud computing to their customers, which are from all over the world. Ron knows that several of their partners work in Europe, who would like to take advantage of his company’s cloud computing offerings. What does Ron need to ensure that the company follows to allow its European partners to use its clouding computing offering? A. B. C. D. Personal Information Protection and Electronic Documents Act Business exemption rule of evidence International Organization on Computer Evidence Safe Harbor requirements Correct Answer: D Section: (none) Explanation Explanation/Reference: If a non-European organization wants to do business with a European entity, it will need to adhere to the Safe Harbor requirements if certain types of data will be passed back and forth during business processes. QUESTION 27 Use the following scenario to answer Questions 27–29. Jan’s company develops software that provides cryptographic functionality. The software products provide functionality that allows companies to be compliant with its privacy regulations and laws. Which of the following issues does Jan’s team need to be aware of as it pertains to selling its products to companies that reside in different parts of the world? A. Convergent technologies advancements B. Wassenaar Arrangement http://www.gratisexam.com/ C. Digital Millennium Copyright Act D. Trademark laws Correct Answer: B Section: (none) Explanation Explanation/Reference: Wassenaar Arrangement implements export controls for “Conventional Arms and Dual-Use Goods and Technologies.” The main goal of this arrangement is to prevent the buildup of military capabilities that could threaten regional and international security and stability. Cryptography is a technology that is considered a dual-use good under these export rules. QUESTION 28 Use the following scenario to answer Questions 27–29. Jan’s company develops software that provides cryptographic functionality. The software products provide functionality that allows companies to be compliant with its privacy regulations and laws. Which of the following groups should Jan suggest that her company join for software piracy issues? A. B. C. D. Software Protection Association Federation Against Software Theft Business Software Association Piracy International Group Correct Answer: A Section: (none) Explanation Explanation/Reference: Software Protection Association (SPA) has been formed by major companies to enforce proprietary rights of software. The association was created to protect the founding companies’ software developments, but it also helps others ensure that their software is properly licensed. These are huge issues for companies that develop and produce software, because a majority of their revenue comes from licensing fees. QUESTION 29 Use the following scenario to answer Questions 27–29. Jan’s company develops software that provides cryptographic functionality. The software products provide functionality that allows companies to be compliant with its privacy regulations and laws. http://www.gratisexam.com/ Which of the following is the most important functionality the software should provide to meet its customers’ needs? A. B. C. D. Provide Safe Harbor protection Protect personally identifiable information Provide transborder flow protection Provide live forensics capabilities Correct Answer: B Section: (none) Explanation Explanation/Reference: Personally identifiable information (PII) is data that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. This type of data commonly falls under privacy laws and regulation protection requirements. QUESTION 30 Which of the following has an incorrect definition mapping? i. Best evidence is the primary evidence used in a trial because it provides the most reliability. ii. Secondary evidence is not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases) when compared to best evidence. iii. Conclusive evidence is refutable and cannot be contradicted. iv. Circumstantial evidence can prove an intermediate fact that can then be used to deduce or assume the existence of another fact. v. Hearsay evidence pertains to oral or written evidence presented in court that is secondhand and has no firsthand proof of accuracy or reliability. A. B. C. D. i ii iii v Correct Answer: C Section: (none) Explanation Explanation/Reference: The following has the proper definition mappings: i. Best evidence is the primary evidence used in a trial because it provides the most reliability. http://www.gratisexam.com/ ii. Secondary evidence is not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases) when compared to best evidence. iii. Conclusive evidence is irrefutable and cannot be contradicted. iv. Circumstantial evidence can prove an intermediate fact that can then be used to deduce or assume the existence of another fact. v. Hearsay evidence pertains to oral or written evidence presented in court that is secondhand and has no firsthand proof of accuracy or reliability. QUESTION 31 Which of the following has an incorrect definition mapping? i. Civil (code) law - Based on previous interpretations of laws ii. Common law - Rule-based law, not precedence-based iii. Customary law - Deals mainly with personal conduct and patterns of behavior iv. Religious law - Based on religious beliefs of the region A. B. C. D. i, iii i, ii, iii i, ii iv Correct Answer: C Section: (none) Explanation Explanation/Reference: The following has the proper definition mappings: i. Civil (code) law Civil law is rule-based law, not precedence-based ii. Common law Based on previous interpretations of laws iii. Customary law Deals mainly with personal conduct and patterns of behavior iv. Religious law Based on religious beliefs of the region http://www.gratisexam.com/ Chapter 10 - Software Development Security QUESTION 1 An application is downloaded from the Internet to perform disk cleanup and to delete unnecessary temporary files. The application is also recording network login data and sending them to another party. This application is best described as which of the following? A. B. C. D. A virus A Trojan horse A worm A logic bomb Correct Answer: B Section: (none) Explanation Explanation/Reference: A Trojan horse looks like an innocent and helpful program, but in the background it is carrying out some type of malicious activity unknown to the user. The Trojan horse could be corrupting files, sending the user’s password to an attacker, or attacking another computer. QUESTION 2 What is the importance of inference in an expert system? A. B. C. D. The knowledge base contains facts, but must also be able to combine facts to derive new information and solutions. The inference machine is important to fight against multipart viruses. The knowledge base must work in units to mimic neurons in the brain. The access must be controlled to prevent unauthorized access. Correct Answer: A Section: (none) Explanation Explanation/Reference: The whole purpose of an expert system is to look at the data it has to work with and what the user presents to it and to come up with new or different solutions. It basically performs data-mining activities, identifies patterns and relationships the user can’t see, and provides solutions. This is the same reason you would go to a human expert. You would give her your information, and she would combine it with the information she knows and give you a solution http://www.gratisexam.com/ or advice, which is not necessarily the same data you gave her. QUESTION 3 A system has been patched many times and has recently become infected with a dangerous virus. If antivirus software indicates that disinfecting a file may damage it, what is the correct action? A. B. C. D. Disinfect the file and contact the vendor. Back up the data and disinfect the file. Replace the file with the file saved the day before. Restore an uninfected version of the patched file from backup media. Correct Answer: D Section: (none) Explanation Explanation/Reference: Some files cannot be properly sanitized by the antivirus software without destroying them or affecting their functionality. So, the administrator must replace such a file with a known uninfected file. Plus, the administrator needs to make sure he has the patched version of the file, or else he could be introducing other problems. Answer C is not the best answer because the administrator may not know the file was clean yesterday, so just restoring yesterday’s file may put him right back in the same boat. QUESTION 4 What is the purpose of polyinstantiation? A. B. C. D. To restrict lower-level subjects from accessing low-level information To make a copy of an object and modify the attributes of the second copy To create different objects that will react in different ways to the same input To create different objects that will take on inheritance attributes from their class Correct Answer: B Section: (none) Explanation Explanation/Reference: Instantiation is what happens when an object is created from a class. Polyinstantiation is when more than one object is made and the other copy is modified to have different attributes. This can be done for several reasons. The http://www.gratisexam.com/ example given in the chapter was a way to use polyinstantiation for security purposes to ensure that a lower-level subject could not access an object at a higher level. QUESTION 5 Database views provide what type of security control? A. B. C. D. Detective Corrective Preventive Administrative Correct Answer: C Section: (none) Explanation Explanation/Reference: A database view is put into place to prevent certain users from viewing specific data. This is a preventive measure, because the administrator is preventing the users from seeing data not meant for them. This is one control to prevent inference attacks. QUESTION 6 Which of the following is used to deter database inference attacks? A. B. C. D. Partitioning, cell suppression, and noise and perturbation Controlling access to the data dictionary Partitioning, cell suppression, and small query sets Partitioning, noise and perturbation, and small query sets Correct Answer: A Section: (none) Explanation Explanation/Reference: Partitioning means to logically split the database into parts. Views then dictate what users can view specific parts. Cell suppression means that specific cells are not viewable by certain users. And noise and perturbation is when bogus information is inserted into the database to try to give potential attackers incorrect information. http://www.gratisexam.com/ QUESTION 7 When should security first be addressed in a project? A. B. C. D. During requirements development During integration testing During design specifications During implementation Correct Answer: A Section: (none) Explanation Explanation/Reference: The trick to this question, and any one like it, is that security should be implemented at the first possible phase of a project. Requirements are gathered and developed at the beginning of a project, which is project initiation. The other answers are steps that follow this phase, and security should be integrated right from the beginning instead of in the middle or at the end. QUESTION 8 Online application systems that detect an invalid transaction should do which of the following? A. B. C. D. Roll back and rewrite over original data. Terminate all transactions until properly addressed. Write a report to be reviewed. Checkpoint each data entry. Correct Answer: C Section: (none) Explanation Explanation/Reference: This can seem like a tricky question. It is asking you if the system detected an invalid transaction, which is most likely a user error. This error should be logged so it can be reviewed. After the review, the supervisor, or whoever makes this type of decision, will decide whether or not it was a mistake and investigate it as needed. If the system had a glitch, power fluctuation, hang-up, or any other software- or hardware-related error, it would not be an invalid transaction, and in that case the system would carry out a rollback function. http://www.gratisexam.com/ QUESTION 9 Which of the following are rows and columns within relational databases? A. B. C. D. Rows and tuples Attributes and rows Keys and views Tuples and attributes Correct Answer: D Section: (none) Explanation Explanation/Reference: In a relational database, a row is referred to as a tuple, whereas a column is referred to as an attribute. QUESTION 10 Databases can record transactions in real time, which usually updates more than one database in a distributed environment. This type of complexity can introduce many integrity threats, so the database software should implement the characteristics of what’s known as the ACID test. Which of the following are incorrect characteristics of the ACID test? i. Atomicity Divides transactions into units of work and ensures that all modifications take effect or none take effect. ii. Consistency A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases. iii. Isolation Transactions execute in isolation until completed, without interacting with other transactions. iv. Durability Once the transaction is verified as inaccurate on all systems, it is committed and the databases cannot be rolled back. A. B. C. D. i, ii ii. iii ii, iv iv Correct Answer: D Section: (none) Explanation Explanation/Reference: The following are correct characteristics of the ACID test: • Atomicity Divides transactions into units of work and ensures that all modifications take effect or none take effect. Either the changes are http://www.gratisexam.com/ committed or the database is rolled back. • Consistency A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases. • Isolation Transactions execute in isolation until completed without interacting with other transactions. The results of the modification are not available until the transaction is completed. • Durability Once the transaction is verified as accurate on all systems, it is committed and the databases cannot be rolled back. QUESTION 11 The software development life cycle has several phases. Which of the following lists these phases in the correct order? A. Project initiation, system design specifications, functional design analysis and planning, software development, installation/implementation, operational/ maintenance, disposal B. Project initiation, functional design analysis and planning, system design specifications, software development, installation/implementation, operational/ maintenance, disposal C. Project initiation, functional design analysis and planning, software development, system design specifications, installation/implementation, operational/ maintenance, disposal D. Project initiation, system design specifications, functional design analysis and planning, software development, operational/maintenance Correct Answer: B Section: (none) Explanation Explanation/Reference: The following outlines the common phases of the software development life cycle: 1. Project initiation 2. Functional design analysis and planning 3. System design specifications 4. Software development 5. Testing 6. Installation/implementation 7. Operational/maintenance 8. Disposal QUESTION 12 John is a manager of the application development department within his company. He needs to make sure his team is carrying out all of the correct testing types and at the right times of the development stages. Which of the following have the best descriptions of the types of software testing that should be carried out? http://www.gratisexam.com/ i. Unit testing Individual component is in a controlled environment where programmers validate data structure, logic, and boundary conditions. ii. Integration testing Verifying that components work together as outlined in design specifications. iii. Acceptance testing Ensuring that the code meets customer requirements. iv. Regression testing After a change to a system takes place, retesting to ensure functionality, performance, and protection. A. B. C. D. i, ii ii, iii i, ii, iv i, ii, iii, iv Correct Answer: D Section: (none) Explanation Explanation/Reference: There are different types of tests the software should go through because there are different potential flaws we will be looking for. The following are some of the most common testing approaches: • Unit testing Individual component is in a controlled environment where programmers validate data structure, logic, and boundary conditions. • Integration testing Verifying that components work together as outlined in design specifications. • Acceptance testing Ensuring that the code meets customer requirements. • Regression testing After a change to a system takes place, retesting to ensure functionality, performance, and protection. QUESTION 13 Tim is a software developer for a financial institution. He develops middleware software code that carries out his company’s business logic functions. One of the applications he works with is written in the C programming language and seems to be taking up too much memory as it runs over a period of time. Which of the following best describes what Tim should implement to rid this software of this type of problem? A. Bounds checking Chapter 10: Software Development Security B. Garbage collector C. Parameter checking D. Compiling Correct Answer: B Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Garbage collection is an automated way for software to carry out part of its memory management tasks. A garbage collector identifies blocks of memory that were once allocated but are no longer in use and deallocates the blocks and marks them as free. It also gathers scattered blocks of free memory and combines them into larger blocks. It helps provide a more stable environment and does not waste precious memory. Some programming languages, such as Java, perform automatic garbage collection; others, such as C, require the developer to perform it manually, thus leaving opportunity for error. QUESTION 14 Marge has to choose a software development model that her team should follow. The application that her team is responsible for developing is a critical application that can have little to no errors. Which of the following best describes the type of model her team should follow? A. B. C. D. Cleanroom Joint Analysis Development (JAD) Rapid Application Development (RAD) Reuse Model Correct Answer: A Section: (none) Explanation Explanation/Reference: The software development models and their definitions are as follows: • Joint Analysis Development (JAD) A method that uses a team approach in application development in a workshop-oriented environment. • Rapid Application Development (RAD) A method of determining user requirements and developing systems quickly to satisfy immediate needs. • Reuse Model A model that approaches software development by using progressively developed models. Reusable programs are evolved by gradually modifying pre-existing prototypes to customer specifications. Since the Reuse model does not require programs to be built from scratch, it drastically reduces both development cost and time. • Cleanroom An approach that attempts to prevent errors or mistakes by following structured and formal methods of developing and testing. This approach is used for high-quality and critical applications that will be put through a strict certification process. QUESTION 15 http://www.gratisexam.com/ __________ is a software testing technique that provides invalid, unexpected, or random data to the input interfaces of a program. A. B. C. D. Agile testing Structured testing Fuzzing EICAR Correct Answer: C Section: (none) Explanation Explanation/Reference: Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the input interfaces of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted. QUESTION 16 Which of the following is the second level of the Capability Maturity Model Integration? A. Repeatable http://www.gratisexam.com/ B. Defined C. Managed D. Optimizing Correct Answer: A Section: (none) Explanation Explanation/Reference: The five levels of the Capability Maturity Integration Model are: http://www.gratisexam.com/ • Initial Development process is ad hoc or even chaotic. The company does not use effective management procedures and plans. There is no assurance of consistency, and quality is unpredictable. • Repeatable A formal management structure, change control, and quality assurance are in place. The company can properly repeat processes throughout each project. The company does not have formal process models defined. • Defined Formal procedures are in place that outline and define processes carried out in each project. The organization has a way to allow for quantitative process improvement. • Managed The company has formal processes in place to collect and analyze quantitative data, and metrics are defined and fed into the processimprovement program. • Optimizing The company has budgeted and integrated plans for continuous process improvement. QUESTION 17 One of the characteristics of object-oriented programming is deferred commitment. Which of the following is the best description for this characteristic? A. B. C. D. Autonomous objects, cooperation through exchanges of messages. The internal components of an object can be redefined without changing other parts of the system. Refining classes through inheritance. Object-oriented analysis, design, and modeling map to business needs and solutions. Correct Answer: B Section: (none) Explanation Explanation/Reference: The characteristics and their associated definitions are listed as follows: • Modularity Autonomous objects, cooperation through exchanges of messages. • Deferred commitment The internal components of an object can be redefined without changing other parts of the system. • Reusability Other programs using the same objects. • Naturalness Object-oriented analysis, design, and modeling map to business needs and solutions. QUESTION 18 Which of the following attack type best describes what commonly takes place to overwrite a return pointer memory segment? http://www.gratisexam.com/ A. B. C. D. Traversal attack UNICODE attack URL encoding attack Buffer overflow attack Correct Answer: D Section: (none) Explanation Explanation/Reference: The buffer overflow is probably the most notorious of input validation mistakes. A buffer is an area reserved by an application to store something in it, such as some user input. After the application receives the input, an instruction pointer points the application to do something with the input that’s been put in the buffer. A buffer overflow occurs when an application erroneously allows an invalid amount of input to be written into the buffer area, overwriting the instruction pointer in the code that tells the program what to do with the input. Once the instruction pointer is overwritten, whatever code has been placed in the buffer can then be executed, all under the security context of the application. QUESTION 19 Which of the following has an incorrect attack to definition mapping? A. B. C. D. EBJ XSS Content processing stages performed by the client, typically in client-side Java Nonpersistent XSS attack Improper sanitation of response from a web client Persistent XSS attack Data provided by attackers are saved on the server DOM-based XSS attack Content processing stages performed by the client, typically in client-side JavaScript Correct Answer: A Section: (none) Explanation Explanation/Reference: The nonpersistent cross-site scripting vulnerability is when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, are used immediately by server-side scripts to generate a page of results for that user without properly sanitizing the response. The persistent XSS vulnerability occurs when the data provided by the attacker are saved by the server and then permanently displayed on http://www.gratisexam.com/ “normal” pages returned to other users in the course of regular browsing without proper HTML escaping. DOM-based vulnerabilities occur in the content processing stages performed by the client, typically in client-side JavaScript. QUESTION 20 John is reviewing database products. He needs a product that can manipulate a standard set of data for his company’s business logic needs. Which of the following should the necessary product implement? A. B. C. D. Relational database Object-relational database Network database Dynamic-static Correct Answer: B Section: (none) Explanation Explanation/Reference: An object-relational database (ORD) or object-relational database management system (ORDBMS) is a relational database with a software front end that is written in an object-oriented programming language. Different companies will have different business logic that needs to be carried out on the stored data. Allowing programmers to develop this front-end software piece allows the business logic procedures to be used by requesting applications and the data within the database. QUESTION 21 ActiveX Data Objects (ADO) is an API that allows applications to access back-end database systems. It is a set of ODBC interfaces that exposes the functionality of data sources through accessible objects. Which of the following are incorrect characteristics of ADO? i. It’s a low-level data access programming interface to an underlying data access technology (such as OLE DB). ii. It’s a set of COM objects for accessing data sources, not just database access. iii. It allows a developer to write programs that access data without knowing how the database is implemented. iv. SQL commands are required to access a database when using ADO. A. B. C. D. i, iv ii, iii i, ii, iii i, ii, iii, iv http://www.gratisexam.com/ Correct Answer: A Section: (none) Explanation Explanation/Reference: The following are correct characteristics of ADO: • It’s a high-level data access programming interface to an underlying data access technology (such as OLE DB). • It’s a set of COM objects for accessing data sources, not just database access. • It allows a developer to write programs that access data without knowing how the database is implemented. • SQL commands are not required to access a database when using ADO. QUESTION 22 Database software performs three main types of integrity services: semantic, referential, and entity. Which of the following correctly describes one of these services? i. A semantic integrity mechanism makes sure structural and semantic rules are enforced. ii. A database has referential integrity if all foreign keys reference existing primary keys. iii. Entity integrity guarantees that the tuples are uniquely identified by primary key values. A. B. C. D. ii ii, iii i, ii, iii i, ii Correct Answer: C Section: (none) Explanation Explanation/Reference: A semantic integrity mechanism makes sure structural and semantic rules are enforced. These rules pertain to data types, logical values, uniqueness constraints, and operations that could adversely affect the structure of the database. A database has referential integrity if all foreign keys reference existing primary keys. There should be a mechanism in place that ensures no foreign key contains a reference to a primary key of a nonexisting record, or a null value. Entity integrity guarantees that the tuples are uniquely identified by primary key values. For the sake of entity integrity, every tuple must contain one primary key. If it does not have a primary key, it cannot be http://www.gratisexam.com/ referenced by the database. QUESTION 23 Which of the following is a field of study that focuses on ways of understanding and analyzing data in databases, with concentration on automation advancements? A. B. C. D. Artificial intelligence Knowledge discovery in databases Expert system development Artificial neural networking Correct Answer: B Section: (none) Explanation Explanation/Reference: Knowledge discovery in databases (KDD) is a field of study that works with metadata and attempts to put standards and conventions in place on the way that data are analyzed and interpreted. KDD is used to identify patterns and relationships between data. It is also called data mining. QUESTION 24 Use the following scenario to answer Questions 24–26. Sandy has just started as the manager of software development at a new company. There are a few things that Sandy is finding out as she interviews her new team members that may need to be approached differently. Programmers currently develop software code and upload it to a centralized server for backup purposes. The server software does not have versioning control capability, so sometimes the end software product contains outdated code elements. She has also discovered that many in-house business software packages follow the Common Object Request Broker Architecture, which does not necessarily allow for easy reuse of distributed web services available throughout the network. One of the team members has combined several open API functionalities within a business-oriented software package. Which of the following is the best technology for Sandy’s team to implement as it pertains to the previous scenario? A. B. C. D. Computer-aided software engineering tools Software configuration management Software development life-cycle management Software engineering best practices Correct Answer: B Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ Software Configuration Management (SCM) identifies the attributes of software at various points in time, and performs a methodical control of changes for the purpose of maintaining software integrity and traceability throughout the software development life cycle. It defines the need to track changes and provides the ability to verify that the final delivered software has all of the approved changes that are supposed to be included in the release. QUESTION 25 Use the following scenario to answer Questions 24–26. Sandy has just started as the manager of software development at a new company. There are a few things that Sandy is finding out as she interviews her new team members that may need to be approached differently. Programmers currently develop software code and upload it to a centralized server for backup purposes. The server software does not have versioning control capability, so sometimes the end software product contains outdated code elements. She has also discovered that many in-house business software packages follow the Common Object Request Broker Architecture, which does not necessarily allow for easy reuse of distributed web services available throughout the network. One of the team members has combined several open API functionalities within a business-oriented software package. Which is the best software architecture that Sandy should introduce her team to for effective business application use? A. B. C. D. Distributed component object architecture Simple Object Access Protocol architecture Enterprise JavaBeans architecture Service-oriented architecture Correct Answer: D Section: (none) Explanation Explanation/Reference: A service-oriented architecture (SOA) provides standardized access to the most needed services to many different applications at one time. This approach allows for different business applications to access the current web services available within the environment. QUESTION 26 Use the following scenario to answer Questions 24–26. Sandy has just started as the manager of software development at a new company. There are a few things that Sandy is finding out as she interviews her new team members that may need to be approached differently. Programmers currently develop software code and upload it to a centralized server for backup purposes. The server software does not have versioning control capability, so sometimes the end software product contains outdated code elements. She has also discovered that many in-house business software packages follow the Common Object Request Broker Architecture, which does not necessarily allow for easy reuse of distributed web services available throughout the network. One of the team members has combined several open API functionalities within a business-oriented software package. Which best describes the approach Sandy’s team member took when creating the business-oriented software package mentioned within the scenario? http://www.gratisexam.com/ A. B. C. D. Software as a Service Cloud computing Web services Mashup Correct Answer: D Section: (none) Explanation Explanation/Reference: A mashup is the combination of functionality, data, and presentation capabilities of two or more sources to provide some type of new service or functionality. Open APIs and data sources are commonly aggregated and combined to provide a more useful and powerful resource. QUESTION 27 Karen wants her team to develop software that allows her company to take advantage of and use many of the web services currently available by other companies. Which of the following best describes the components that need to be in place and what their roles are? A. Web service provides the application functionality. Universal Description, Discovery, and Integration describes the web service’s specifications. The Web Services Description Language provides the mechanisms for web services to be posted and discovered. The Simple Object Access Protocol allows for the exchange of messages between a requester and provider of a web service. B. Web service provides the application functionality. The Web Services Description Language describes the web service’s specifications. Universal Description, Discovery, and Integration provides the mechanisms for web services to be posted and discovered. The Simple Object Access Protocol allows for the exchange of messages between a requester and provider of a web service. C. Web service provides the application functionality. The Web Services Description Language describes the web service’s specifications. Simple Object Access Protocol provides the mechanisms for web services to be posted and discovered. Universal Description, Discovery, and Integration allows for the exchange of messages between a requester and provider of a web service. D. Web service provides the application functionality. The Simple Object Access Protocol describes the web service’s specifications. Universal Description, Discovery, and Integration provides the mechanisms for web services to be posted and discovered. The Web Services Description Language allows for the exchange of messages between a requester and provider of a web service. Correct Answer: Section: (none) Explanation Explanation/Reference: Web service provides the application functionality. The Web Services Description Language describes the web service’s specifications. Universal http://www.gratisexam.com/ Description, Discovery, and Integration provides the mechanisms for web services to be posted and discovered. The Simple Object Access Protocol allows for the exchange of messages between a requester and provider of a web service. QUESTION 28 Use the following scenario to answer Questions 28–30. Brad is a new security administrator within a retail company. He is discovering several issues that his security team needs to address to better secure their organization overall. When reviewing different web server logs, he finds several HTTP server requests with the following characters “%20” and “../”. The web server software ensures that users input the correct information within the forms that are presented to them via their web browsers. Brad identifies that the organization has a two-tier network architecture in place, which allows the web servers to directly interact with the back-end database. Which of the following best describes attacks that could be taking place against this organization? A. B. C. D. Cross-site scripting and certification stealing URL encoding and directory transversal attacks Parameter validation manipulation and session management attacks Replay and password brute force attacks Correct Answer: B Section: (none) Explanation Explanation/Reference: The characters “%20” are encoding values that attackers commonly use in URL encoding attacks. These encoding values can be used to bypass web server filtering rules and can result in the attacker being able to gain unauthorized access to components of the web server. The characters “../” can be used by attackers in similar web server requests, which instruct the web server software to traverse directories that should be inaccessible. This is commonly referred to as a path or directory traversal attack. QUESTION 29 Use the following scenario to answer Questions 28–30. Brad is a new security administrator within a retail company. He is discovering several issues that his security team needs to address to better secure their organization overall. When reviewing different web server logs, he finds several HTTP server requests with the following characters “%20” and “../”. The web server software ensures that users input the correct information within the forms that are presented to them via their web browsers. Brad identifies that the organization has a two-tier network architecture in place, which allows the web servers to directly interact with the back-end database. The web server software is currently carrying out which of the following functions and what is an associated security concern Brad should address? http://www.gratisexam.com/ A. B. C. D. Client-side validation The web server should carry out a secondary set of input validation rules on the presented data before processing them. Server-side includes validation The web server should carry out a secondary set of input validation rules on the presented data before processing them. Data Source Name logical naming access The web server should be carrying out a second set of reference integrity rules. Data Source Name logical naming access The web server should carry out a secondary set of input validation rules on the presented data before processing them. Correct Answer: A Section: (none) Explanation Explanation/Reference: Client-side validation is being carried out. This procedure ensures that the data that are inserted into the form contain valid values before being sent to the web server for processing. The web server should not just rely upon clientside validation, but should also carry out a second set of procedures to ensure that the input values are not illegal and potentially malicious. QUESTION 30 Use the following scenario to answer Questions 28–30. Brad is a new security administrator within a retail company. He is discovering several issues that his security team needs to address to better secure their organization overall. When reviewing different web server logs, he finds several HTTP server requests with the following characters “%20” and “../”. The web server software ensures that users input the correct information within the forms that are presented to them via their web browsers. Brad identifies that the organization has a two-tier network architecture in place, which allows the web servers to directly interact with the back-end database. Pertaining to the network architecture described in the previous scenario, which of the following attack types should Brad be concerned with? A. B. C. D. Parameter validation attack Injection attack Cross-site scripting Database connector attack Correct Answer: B Section: (none) Explanation Explanation/Reference: The current architecture allows for web server software to directly communicate with a back-end database. Brad should ensure that proper database access authentication is taking place so that SQL injection attacks cannot be carried out. In a SQL injection attack the attacker sends over http://www.gratisexam.com/ input values that the database carries out as commands and can allow authentication to be successfully bypassed. http://www.gratisexam.com/ Chapter 11 - Security Operations QUESTION 1 Which of the following best describes operations security? A. B. C. D. Continual vigilance about hacker activity and possible vulnerabilities Enforcing access control and physical security Taking steps to make sure an environment, and the things within it, stay at a certain level of protection Doing strategy planning to develop a secure environment and then implementing it properly Correct Answer: C Section: (none) Explanation Explanation/Reference: All of these are necessary security activities and procedures—they just don’t all fall under the operations umbrella. Operations is about keeping production up and running in a healthy and secure manner. Operations is not usually the entity that carries out strategic planning. It works at an operational, day-to-day level, not at the higher strategic level. QUESTION 2 Which of the following describes why operations security is important? A. B. C. D. An environment continually changes and has the potential of lowering its level of protection. It helps an environment be functionally sound and productive. It ensures there will be no unauthorized access to the facility or its resources. It continually raises a company’s level of protection. Correct Answer: A Section: (none) Explanation Explanation/Reference: This is the best answer because operations has the goal of keeping everything running smoothly each and every day. Operations implements new software and hardware and carries out the necessary security tasks passed down to it. As the environment changes and security is kept in the loop with these changes, there is a smaller likelihood of opening up vulnerabilities. http://www.gratisexam.com/ QUESTION 3 What is the difference between due care and due diligence? A. B. C. D. Due care is the continual effort of ensuring that the right thing takes place, and due diligence is the continual effort to stay compliant with regulations. Due care and due diligence are in contrast to the “prudent person” concept. They mean the same thing. Due diligence involves investigating the risks, while due care involves carrying out the necessary steps to mitigate these risks. Correct Answer: D Section: (none) Explanation Explanation/Reference: Due care and due diligence are legal terms that do not just pertain to security. Due diligence involves going through the necessary steps to know what a company’s or individual’s actual risks are, while due care involves carrying out responsible actions to reduce those risks. These concepts correspond with the “prudent person” concept. QUESTION 4 Why should employers make sure employees take their vacations? A. B. C. D. They have a legal obligation. It is part of due diligence. It is a way for fraud to be uncovered. To ensure the employee does not get burnt out. Correct Answer: C Section: (none) Explanation Explanation/Reference: Many times, employees who are carrying out fraudulent activities do not take the vacation they have earned because they do not want anyone to find out what they have been doing. Forcing employees to take vacations means that someone else has to do that person’s job and can possibly uncover any misdeeds. QUESTION 5 Which of the following best describes separation of duties and job rotation? http://www.gratisexam.com/ A. Separation of duties ensures that more than one employee knows how to perform the tasks of a position, and job rotation ensures that one person cannot perform a high-risk task alone. B. Separation of duties ensures that one person cannot perform a high-risk task alone, and job rotation can uncover fraud and ensure that more than one person knows the tasks of a position. C. They are the same thing, but with different titles. D. They are administrative controls that enforce access control and protect the company’s resources. Correct Answer: B Section: (none) Explanation Explanation/Reference: Rotation of duties enables a company to have more than one person trained in a position and can uncover fraudulent activities. Separation of duties is put into place to ensure that one entity cannot carry out a critical task alone. QUESTION 6 If a programmer is restricted from updating and modifying production code, what is this an example of? A. B. C. D. Rotation of duties Due diligence Separation of duties Controlling input values Correct Answer: C Section: (none) Explanation Explanation/Reference: This is just one of several examples of separation of duties. A system must be set up for proper code maintenance to take place when necessary, instead of allowing a programmer to make changes arbitrarily. These types of changes should go through a change control process and should have more entities involved than just one programmer. QUESTION 7 Why is it important to control and audit input and output values? http://www.gratisexam.com/ A. B. C. D. Incorrect values can cause mistakes in data processing and be evidence of fraud. Incorrect values can be the fault of the programmer and do not comply with the due care clause. Incorrect values can be caused by brute force attacks. Incorrect values are not security issues. Correct Answer: A Section: (none) Explanation Explanation/Reference: There should be controls in place to make sure the data input into a system and the results generated are in the proper format and have expected values. Improper data being put into an application or system could cause bad output and security issues, such as buffer overflows. QUESTION 8 What is the difference between least privilege and need to know? A. A user should have least privilege that restricts her need to know. B. A user should have a security clearance to access resources, a need to know about those resources, and least privilege to give her full control of all resources. C. A user should have a need to know to access particular resources, and least privilege should be implemented to ensure she only accesses the resources she has a need to know. D. They are two different terms for the same issue. Correct Answer: C Section: (none) Explanation Explanation/Reference: Users should be able to access only the resources they need to fulfill the duties of their positions. They also should only have the level of permissions and rights for those resources that are required to carry out the exact operations they need for their jobs, and no more. This second concept is more granular than the first, but they have a symbiotic relationship. QUESTION 9 Which of the following would not require updated documentation? A. An antivirus signature update http://www.gratisexam.com/ B. Reconfiguration of a server C. A change in security policy D. The installation of a patch to a production server Correct Answer: A Section: (none) Explanation Explanation/Reference: Documentation is very important for data processing and networked environments. This task often gets pushed to the back burner or is totally ignored. If things are not properly documented, employees will forget what actually took place with each device. If the environment needs to be rebuilt, for example, it may be done incorrectly if the procedure was poorly or improperly documented. When new changes need to be implemented, the current infrastructure may not be totally understood. Continually documenting when virus signatures are updated would be overkill. The other answers contain events that certainly require documentation. QUESTION 10 If sensitive data are stored on a CD-ROM and are no longer needed, which would be the proper way of disposing of the data? A. B. C. D. Degaussing Erasing Purging Physical destruction Correct Answer: D Section: (none) Explanation Explanation/Reference: One cannot properly erase data held on a CD-ROM. If the data are sensitive and you need to ensure no one has access to the same, the media should be physically destroyed. QUESTION 11 If SSL is being used to encrypt messages that are transmitted over the network, what is a major concern of the security professional? A. The network segments have systems that use different versions of SSL. http://www.gratisexam.com/ B. The user may have encrypted the message with an application-layer product that is incompatible with SSL. C. Network tapping and wiretapping. D. The networks that the message will travel that the company does not control. Correct Answer: D Section: (none) Explanation Explanation/Reference: This is not a great question, but could be something that you run into on the exam. Let’s look at the answers. Different SSL versions are usually not a concern, because the two communicating systems will negotiate and agree upon the necessary version. There is no security violation issue here. SSL works at the transport layer; thus, it will not be affected by what the user does, as stated in answer B. SSL protects against network tapping and wiretapping. Answer D talks about the network segments the company does not own. You do not know at what point the other company will decrypt the SSL connection because you do not have control of that environment. Your data could be traveling unencrypted and unprotected on another network. QUESTION 12 What is the purpose of SMTP? A. B. C. D. To enable users to decrypt mail messages from a server To enable users to view and modify mail messages from a server To transmit mail messages from the client to the mail server To encrypt mail messages before being transmitted CISSP All-in-One Exam Guide Correct Answer: C Section: (none) Explanation Explanation/Reference: Simple Mail Transfer Protocol (SMTP) is the protocol used to allow clients to send e-mail messages to each other. It lets different mail servers exchange messages. QUESTION 13 If a company has been contacted because its mail server has been used to spread spam, what is most likely the problem? http://www.gratisexam.com/ A. B. C. D. The internal mail server has been compromised by an internal hacker. The mail server in the DMZ has private and public resource records. The mail server has e-mail relaying misconfigured. The mail server has SMTP enabled. Correct Answer: C Section: (none) Explanation Explanation/Reference: Spammers will identify the mail servers on the Internet that have relaying enabled and are “wide open,” meaning the servers will forward any e-mail messages they receive. These servers can be put on a black list, which means other mail servers will not accept mail from them. QUESTION 14 Which of the following is not a reason fax servers are used in many companies? A. B. C. D. They save money by not needing individual fax devices and the constant use of fax paper. They provide a secure way of faxing instead of having faxed papers sitting in bins waiting to be picked up. Faxes can be routed to employees’ electronic mailboxes. They increase the need for other communication security mechanisms. Correct Answer: D Section: (none) Explanation Explanation/Reference: The other three answers provide reasons why fax servers would be used instead of individual fax machines: ease of use, they provide more protection, and their supplies may be cheaper. QUESTION 15 If a company wants to protect fax data while it is in transmission, which of the following are valid mechanisms? A. B. C. D. PGP and MIME PEM and TSL Data link encryption or fax encryptor Data link encryption and MIME http://www.gratisexam.com/ Correct Answer: C Section: (none) Explanation Explanation/Reference: This is the best answer for this question. The other components could provide different levels of protection, but a fax encryptor (which is a data link encryptor) provides a higher level of protection across the board because everything is encrypted. Even if a user does not choose to encrypt something, it will be encrypted anyway before it is sent out the fax server. QUESTION 16 What is the purpose of TCP wrappers? http://www.gratisexam.com/ A. B. C. D. To monitor requests for certain ports and control access to sensitive files To monitor requests for certain services and control access to password files To monitor requests for certain services and control access to those services To monitor requests to system files and ensure they are not modified Correct Answer: C Section: (none) Explanation Explanation/Reference: This is a technology that wraps the different services available on a system. What this means is that if a remote user makes a request to access a service, this product will intercept this request and determine whether it is valid and legal before allowing the interaction to take place. QUESTION 17 How do network sniffers work? http://www.gratisexam.com/ A. B. C. D. They probe systems on a network segment. They listen for ARP requests and ICMP packets. They require an extra NIC to be installed and configured. They put the NIC into promiscuous mode. Correct Answer: D Section: (none) Explanation Explanation/Reference: A sniffer is a device or software component that puts the NIC in promiscuous mode, meaning the NIC will pick up all frames it “sees” instead of just the frames addressed to that individual computer. The sniffer then shows the output to the user. It can have capture and filtering capabilities. QUESTION 18 Which of the following is not an attack against operations? A. B. C. D. Brute force Denial-of-service Buffer overflow ICMP sting Correct Answer: D Section: (none) Explanation Explanation/Reference: The first three choices are attacks that can directly affect security operations. There is no such attack as an ICMP sting. QUESTION 19 Why should user IDs be included in data captured by auditing procedures? A. B. C. D. They show what files were attacked. They establish individual accountability. They are needed to detect a denial-of-service attack. They activate corrective measures. http://www.gratisexam.com/ Correct Answer: B Section: (none) Explanation Explanation/Reference: For auditing purposes, the procedure should capture the user ID, time of event, type of event, and the source workstation. Capturing the user ID allows the company to hold individuals accountable for their actions. QUESTION 20 Which of the following controls requires separate entities, operating together, to complete a task? A. B. C. D. Least privilege Data hiding Dual control Administrative Correct Answer: C Section: (none) Explanation Explanation/Reference: Dual control requires two or more entities working together to complete a task. An example is key recovery. If a key must be recovered, and key recovery requires two or more people to authenticate to a system, the act of them coming together and carrying out these activities is known as dual control. This reduces the possibility of fraud. QUESTION 21 Which of the following would not be considered an operations media control task? A. B. C. D. Compressing and decompressing storage materials Erasing data when its retention period is over Storing backup information in a protected area Controlling access to media and logging activities Correct Answer: A Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: The last three tasks fall under the job functions of an individual or department responsible for controlling access to media. Compressing and decompressing data does not. QUESTION 22 How is the use of clipping levels a way to track violations? A. They set a baseline for normal user errors, and any violations that exceed that threshold should be recorded and reviewed to understand why they are happening. B. They enable the administrator to view all reduction levels that have been made to user codes and that have incurred violations. C. They disallow the administrator to customize the audit trail to record only those violations deemed security related. D. They enable the administrator to customize the audit trail to capture only access violations and denial-of-service attacks. Correct Answer: A Section: (none) Explanation Explanation/Reference: Clipping levels are thresholds of acceptable user errors and suspicious activities. If the threshold is exceeded, it should be logged and the administrator should decide if malicious activities are taking place or if the user needs more training. QUESTION 23 Tape library management is an example of operations security through which of the following? A. B. C. D. Archival retention The review of clipping levels Resource protection Change management Correct Answer: C Section: (none) Explanation Explanation/Reference: The reason to have tape library management is to have a centralized and standard way of protecting how media is stored, accessed, and destroyed. http://www.gratisexam.com/ QUESTION 24 A device that generates coercive magnetic force for the purpose of reducing magnetic flux density to zero on media is called A. B. C. D. Magnetic saturation Magnetic field Physical destruction Degausser Correct Answer: D Section: (none) Explanation Explanation/Reference: A degausser is a device that generates a magnetic field (coercive magnetic force) that changes the orientation of the bits held on the media (reducing magnetic flux density to zero). QUESTION 25 Which of the following controls might force a person in operations into collusion with personnel assigned organizationally within a different function for the sole purpose of gaining access to data he is not authorized to access? A. B. C. D. Limiting the local access of operations personnel Enforcing auditing Enforcing job rotation Limiting control of management personnel Correct Answer: A Section: (none) Explanation Explanation/Reference: If operations personnel are limited in what they can access, they would need to collude with someone who actually has access to the resource. This question is not very clear, but it is very close to the way many CISSP exam questions are formatted. QUESTION 26 What does the following graphic represent and what is the technology’s importance? http://www.gratisexam.com/ A. Hierarchical storage management B. Storage access network http://www.gratisexam.com/ C. Network redundancy D. Single point of failure Correct Answer: C Section: (none) Explanation Explanation/Reference: Network redundancy is duplicated network equipment that can provide a backup in case of network failures. This technology protects the company from single points of failure. http://www.gratisexam.com/ Comprehensive Questions QUESTION 1 Based upon this scenario, what is most likely the biggest risk Josh’s company needs to be concerned with? A. B. C. D. Market share drop if the attackers are able to bring the specific product to market more quickly than Josh’s company. Confidentiality of e-mail messages. Attackers may post all captured e-mail messages to the Internet. Impact on reputation if the customer base finds out about the attack. Depth of infiltration of attackers. If attackers have compromised other systems, more confidential data could be at risk. Correct Answer: A Section: (none) Explanation Explanation/Reference: While they are all issues to be concerned with, risk is a combination of probability and business impact. The largest business impact out of this list and in this situation is the fact that intellectual property for product development has been lost. If a competitor can produce the product and bring it to market quickly, this can have a long-lasting financial impact on the company. QUESTION 2 The attackers in this situation would be seen as which of the following? A. B. C. D. Vulnerability Threat Risk Threat agent Correct Answer: D Section: (none) Explanation Explanation/Reference: The attackers are the entities that have exploited a vulnerability; thus, they are the threat agent. QUESTION 3 If Josh is correct in his assumptions, which of the following best describes the vulnerability, threat, and exposure, respectively? http://www.gratisexam.com/ A. B. C. D. E-mail server is hardened, an entity could exploit programming code flaw, server is compromised and leaking data. E-mail server is not patched, an entity could exploit a vulnerability, server is hardened. E-mail server misconfiguration, an entity could exploit misconfiguration, server is compromised and leaking data. DMZ firewall misconfiguration, an entity could exploit misconfiguration, internal e-mail server is compromised. CISSP All-in-One Exam Guide Correct Answer: C Section: (none) Explanation Explanation/Reference: In this situation the e-mail server most likely is misconfigured or has a programming flaw that can be exploited. Either of these would be considered a vulnerability. The threat is that someone would find out about this vulnerability and exploit it. In this scenario since the server is compromised, it is the item that is providing exposure to the company. This exposure is allowing sensitive data to be accessed in an unauthorized manner. QUESTION 4 Aaron is a security manager who needs to develop a solution to allow his company’s mobile devices to be authenticated in a standardized and centralized manner using digital certificates. The applications these mobile clients use require a TCP connection. Which of the following is the best solution for Aaron to implement? A. B. C. D. SESAME using PKI RADIUS using EAP Diameter using EAP RADIUS using TTLS Correct Answer: C Section: (none) Explanation Explanation/Reference: Diameter is a protocol that has been developed to build upon the functionality of RADIUS and to overcome many of its limitations. Diameter is an AAA protocol that provides the same type of functionality as RADIUS and TACACS+ but also provides more flexibility and capabilities, including working with EAP. RADIUS uses UDP, and cannot effectively deal well with remote access, IP mobility, and policy control. QUESTION 5 http://www.gratisexam.com/ Terry is a security manager for a credit card processing organization. His company uses internal DNS servers, which are placed within the LAN, and external DNS servers, which are placed in the DMZ. The company also relies upon DNS servers provided by their service provider. Terry has found out that attackers have been able to manipulate several DNS server caches, which point employee traffic to malicious websites. Which of the following best describes the solution this company should implement? A. B. C. D. IPSec PKI DNSSEC MAC-based security Correct Answer: C Section: (none) Explanation Explanation/Reference: DNSSEC (DNS security, which is part of the many current implementations of DNS server software) works within a PKI and uses digital signatures, which allows DNS servers to validate the origin of a message to ensure that it is not spoofed and potentially malicious. If DNSSEC were enabled on server A, then server A would, upon receiving a response, validate the digital signature on the message before accepting the information to make sure that the response is from an authorized DNS server. So even if an attacker sent a message to a DNS server, the DNS server would discard it because the message would not contain a valid digital signature. DNSSEC allows DNS servers to send and receive only authenticated and authorized messages between themselves, and thwarts the attacker’s goal of poisoning a DNS cache table. QUESTION 6 It is important to deal with the issue of “reasonable expectation of privacy” (REP) when it comes to employee monitoring. In the U.S. legal system the expectation of privacy is used when defining the scope of the privacy protections provided by _____________________. A. B. C. D. Federal Privacy Act PATRIOT Act The Fourth Amendment of the Constitution The Bill of Rights Correct Answer: C Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: It is important to deal with the issue of “reasonable expectation of privacy” (REP) when it comes to employee monitoring. In the U.S. legal system the expectation of privacy is used when defining the scope of the privacy protections provided by the Fourth Amendment of the Constitution. If it is not specifically explained to an employee that monitoring is possible and/ or probable, when the monitoring takes place he could claim that his privacy rights have been violated and launch a civil suit against a company. QUESTION 7 Jane is suspicious that an employee is sending sensitive data to one of the company’s competitors. The employee has to use these data for daily activities, thus it is difficult to properly restrict the employee’s access rights. In this scenario, which best describes the company’s vulnerability, threat, risk, and necessary control? A. Vulnerability is employee access rights, threat is internal entities misusing privileged access, risk is the business impact of data loss, and the necessary control is detailed network traffic monitoring. B. Vulnerability is lenient access rights, threat is internal entities misusing privileged access, risk is the business impact of data loss, and the necessary control is detailed user monitoring. C. Vulnerability is employee access rights, threat is internal employees misusing privileged access, risk is the business impact of confidentiality, and the necessary control is multifactor authentication. D. Vulnerability is employee access rights, threat is internal users misusing privileged access, risk is the business impact of confidentiality, and the necessary control is CCTV. Correct Answer: B Section: (none) Explanation Explanation/Reference: A vulnerability is a lack or weakness of a control. In this situation the access control may be weak in nature, thus exploitable. The vulnerability is that the user, who must be given access to the sensitive data, is not properly monitored to deter and detect a willful breach of security. The threat is that any internal entity might misuse given access. The risk is the business impact of losing sensitive data. One control that could be put into place is monitoring so that access activities can be closely watched. QUESTION 8 Which of the following best describes what role-based access control offers companies in reducing administrative burdens? A. It allows entities closer to the resources to make decisions about who can and cannot access resources. B. It provides a centralized approach for access control, which frees up department managers. C. User membership in roles can be easily revoked and new ones established as job assignments dictate. http://www.gratisexam.com/ D. It enforces an enterprise-wide security policy, standards, and guidelines. Correct Answer: C Section: (none) Explanation Explanation/Reference: An administrator does not need to revoke and reassign permissions to individual users as they change jobs. Instead, the administrator assigns permissions and rights to a role, and users are plugged into those roles. QUESTION 9 Mark needs to ensure that the physical security program he develops for his company increases performance, decreases risk in a cost-effective manner, and allows management to make informed decisions. Which of the following best describes what he needs to put into place? A. B. C. D. Performance-based program Defense-in-depth program Layered program Security through obscurity Correct Answer: A Section: (none) Explanation Explanation/Reference: It is possible to determine how beneficial and effective your physical security program is only if it is monitored through a performance-based approach. This means you should devise measurements and metrics to gauge the effectiveness of your countermeasures. This enables management to make informed business decisions when investing in the protection of the organization’s physical security. The goal is to increase the performance of the physical security program and decrease the risk to the company in a cost-effective manner. You should establish a baseline of performance and thereafter continually evaluate performance to make sure that the company’s protection objectives are being met. QUESTION 10 A software development company released a product that committed several errors that were not expected once deployed in their customers’ environments. All of the software code went through a long list of tests before being released. The team manager found out that after a small change was made to the code, the program was not tested before it was released. Which of the following tests was most likely not conducted? http://www.gratisexam.com/ A. B. C. D. Unit Compiled Integration Regression Correct Answer: D Section: (none) Explanation Explanation/Reference: Regression testing should take place after a change to a system takes place, retesting to ensure functionality, performance, and protection. QUESTION 11 It is important to choose the right risk analysis methodology to meet the goals of the organization’s needs. Which of the following best describes when the risk management standard AS/NZS 4360 should be used? A. B. C. D. When there is a need to assess items of an organization that are directly related to information security. When there is a need to assess items of an organization that are not just restricted to information security. When a qualitative method is needed to prove the compliance levels as they pertain to regulations. When a qualitative method is needed to prove the compliance levels as they pertain to laws. Correct Answer: B Section: (none) Explanation Explanation/Reference: AS/NZS 4360 takes a much broader approach to risk management than just information security. This Australian and New Zealand methodology can be used to understand a company’s financial, capital, human safety, and business decisions risks. Although it can be used to analyze security risks, it was not created specifically for this purpose. This risk management standard is more focused on the health of a company from a business point of view, not security. QUESTION 12 Companies should follow certain steps in selecting and implementing a new computer product. Which of the following sequences is ordered correctly? A. Evaluation, accreditation, certification http://www.gratisexam.com/ B. Evaluation, certification, accreditation C. Certification, evaluation, accreditation D. Certification, accreditation, evaluation Correct Answer: B Section: (none) Explanation Explanation/Reference: The first step is evaluation. Evaluation involves reviewing the product’s protection functionality and assurance ratings. The next phase is certification. Certification involves testing the newly purchased product within the company’s environment. The final stage is accreditation, which is management’s formal approval. QUESTION 13 Use the following scenario to answer Questions 13–15. Jack has just been hired as the security officer for a large hospital. The organization develops some of its own proprietary applications. The organization does not have as many layers of controls when it comes to the data processed by these applications, since external entities will not understand the internal logic of the applications. One of the first things that Jack wants to carry out is a risk assessment to determine the organization’s current risk profile. He also tells his boss that the hospital should become ISO certified to bolster its customers’ and partners’ confidence. Which of the following approaches has been implemented in this scenario? A. B. C. D. Defense-in-depth Security through obscurity Information security management system BS 17799 Correct Answer: B Section: (none) Explanation Explanation/Reference: Security through obscurity is depending upon complexity or secrecy as a protection method. Some organizations feel that since their proprietary code is not standards based, outsiders will not know how to compromise its components. This is an insecure approach. Defense-in-depth is a better approach with the assumption that anyone can figure out how something works. http://www.gratisexam.com/ QUESTION 14 Use the following scenario to answer Questions 13–15. Jack has just been hired as the security officer for a large hospital. The organization develops some of its own proprietary applications. The organization does not have as many layers of controls when it comes to the data processed by these applications, since external entities will not understand the internal logic of the applications. One of the first things that Jack wants to carry out is a risk assessment to determine the organization’s current risk profile. He also tells his boss that the hospital should become ISO certified to bolster its customers’ and partners’ confidence. Which ISO/IEC standard would be best for Jack to follow to meet his goals? A. B. C. D. ISO/IEC 27002 ISO/IEC 27004 ISO/IEC 27005 ISO/IEC 27006 Correct Answer: C Section: (none) Explanation Explanation/Reference: ISO/IEC 27005 is the international standard for risk assessments and analysis. QUESTION 15 Use the following scenario to answer Questions 13–15. Jack has just been hired as the security officer for a large hospital. The organization develops some of its own proprietary applications. The organization does not have as many layers of controls when it comes to the data processed by these applications, since external entities will not understand the internal logic of the applications. One of the first things that Jack wants to carry out is a risk assessment to determine the organization’s current risk profile. He also tells his boss that the hospital should become ISO certified to bolster its customers’ and partners’ confidence. Which standard should Jack suggest to his boss for compliance? A. B. C. D. BS 17799 ISO/IEC 27004 ISO/IEC 27799 BS 7799:2011 Correct Answer: C http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: The ISO/IEC 27799 is a guideline for information security management in health organizations. It deals with how organizations that store and process sensitive medical information should protect it. QUESTION 16 An operating system maintains several processes in memory at the same time. The processes can only interact with the CPU during its assigned time slice since there is only one CPU and many processes. Each process is assigned an interrupt value to allow for this type of time slicing to take place. Which of the following best describes the difference between maskable and nonmaskable interrupts? A. B. C. D. A maskable interrupt is assigned to a critical process, and a nonmaskable interrupt is assigned to a noncritical process. A maskable interrupt is assigned to a process in ring 0, and a nonmaskable interrupt is assigned to a process in ring 3. A maskable interrupt is assigned to a process in ring 3, and a nonmaskable interrupt is assigned to a process in ring 4. A maskable interrupt is assigned to a noncritical process, and a nonmaskable interrupt is assigned to a critical process. Correct Answer: D Section: (none) Explanation Explanation/Reference: A maskable interrupt is assigned to an event that may not be overly important, and the programmer can indicate that if that interrupt calls, the program does not stop what it is doing. This means the interrupt is ignored. Nonmaskable interrupts can never be overridden by an application because the event that has this type of interrupt assigned to it is critical. QUESTION 17 Cable telecommunication networks used to provide a security risk in that neighbors could commonly access each other’s Internet-based traffic because the traffic was not encrypted and protected. Which of the following is an international telecommunications standard that addresses these issues? A. B. C. D. Safe Harbor Encryption Requirements Data-Over-Cable Service Interface Specifications Privacy Service Requirements Telecommunication Privacy Protection Standard Correct Answer: B Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: Most cable providers comply with Data-Over-Cable Service Interface Specifications (DOCSIS), which is an international telecommunications standard that allows for the addition of high-speed data transfer to an existing cable TV (CATV) system. DOCSIS includes MAC-layer security services in its Baseline Privacy Interface/Security (BPI/SEC) specifications. This protects individual user traffic by encrypting the data as they travel over the provider’s infrastructure. Sharing the same medium brings up a slew of security concerns, because users with network sniffers can easily view their neighbors’ traffic and data as both travel to and from the Internet. Many cable companies are now encrypting the data that go back and forth over shared lines through a type of data link encryption. QUESTION 18 There are different categories for evidence depending upon what form it is in and possibly how it was collected. Which of the following is considered supporting evidence? A. B. C. D. Best evidence Corroborative evidence Conclusive evidence Direct evidence Correct Answer: B Section: (none) Explanation Explanation/Reference: Corroborative evidence cannot stand alone, but instead is used as supporting information in a trial. It is often testimony indirectly related to the case but offers enough correlation to supplement the lawyer’s argument. The other choices are all types of evidence that can stand alone. QUESTION 19 _____________ is the graphical representation of data commonly used on websites. It is a skewed representation of characteristics a person must enter to prove that the subject is a human and not an automated tool, as in a software robot. A. Anti-spoofing B. CAPTCHA http://www.gratisexam.com/ C. Spam anti-spoofing D. CAPCHAT CISSP All-in-One Exam Guide Correct Answer: B Section: (none) Explanation Explanation/Reference: A CAPTCHA is a skewed representation of characteristics a person must enter to prove that the subject is a human and not an automated tool, as in a software robot. It is the graphical representation of data. QUESTION 20 Mark has been asked to interview individuals to fulfill a new position in his company. The position is a chief privacy officer (CPO). What is the function of this type of position? A. B. C. D. Ensuring that company financial information is correct and secure Ensuring that customer, company, and employee data are protected Ensuring that security policies are defined and enforced Ensuring that partner information is kept safe Correct Answer: B Section: (none) Explanation Explanation/Reference: The CPO is a newer position, created mainly because of the increasing demands on organizations to protect a long laundry list of different types of data. This role is responsible for ensuring that customer, company, and employee data are secure and kept secret, which keeps the company out of criminal and civil courts and hopefully out of the headlines. QUESTION 21 A risk management program must be developed properly and in the right sequence. Which of the following provides the correct sequence for the steps listed? i. Developed a risk management team ii. Calculated the value of each asset iii. Identified the vulnerabilities and threats that can affect the identified assets iv. Identified company assets to be assessed http://www.gratisexam.com/ A. B. C. D. i, iii, ii, iv ii, i, iv, iii iii, i, iv, ii i, iv, ii, iii Correct Answer: D Section: (none) Explanation Explanation/Reference: The correct steps for setting up a risk management program are as follows: 1. Develop a risk management team 2. Identify company assets to be assessed 3. Calculate the value of each asset 4. Identify the vulnerabilities and threats that can affect the identified assets QUESTION 22 Jack needs to develop a security program for a medical organization. He has been instructed by the security steering committee to follow the ISO/IEC international standards when constructing and implementing this program so that certification can be accomplished. Which of the following best describes the phases Jack should follow? A. “Plan” by defining scope and policy. “Do” by managing identified risks. “Check” by carrying out monitoring procedures and audits. “Act” by implementing corrective actions. B. “Plan” by defining scope and policy. “Do” by creating an implementation risk mitigation plan and implementing controls. “Check” by carrying out monitoring procedures and audits. “Act” by implementing corrective actions. C. “Plan” by identifying controls. “Do” by creating an implementation risk mitigation plan. “Check” by carrying out monitoring procedures and audits. “Act” by implementing corrective actions. D. “Plan” by defining scope and policy. “Do” by creating an implementation risk mitigation plan and implementing controls. “Check” by carrying out monitoring procedures and audits. “Act” by implementing risk management. Correct Answer: B Section: (none) Explanation Explanation/Reference: When building an information security management system (ISMS) based upon the ISO/IEC standard, it is best to follow the Plan-Do-Check-Act approach. ISO/IEC 27001 defines the components of this approach as the following: http://www.gratisexam.com/ 1. Plan: Establish ISMS policy, objectives, processes, and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization’s overall policies and objectives. 2. Do: Implement and operate the ISMS policy, controls, processes, and procedures. 3. Check: Assess and, where applicable, measure process performance against ISMS policy, objectives, and practical experience and report the results to management for review. 4. Act: Take corrective and preventive actions, based on the results of the internal ISMS audit and management review or other relevant information, to achieve continual improvement of the ISMS. QUESTION 23 Which of the following best describes the core reasons the Department of Defense Architecture Framework and the British Ministry of Defense Architecture Framework were developed? A. Data need to be captured and properly presented so that decision makers understand complex issues quickly, which allows for fast and accurate decisions. B. Modern warfare is complex and insecure. Data need to be properly secured against enemy efforts to ensure decision makers can have access to it. C. Critical infrastructures are constantly under attack in warfare situations. These frameworks are used to secure these types of environments. D. Weapon systems are computerized and must be hardened and secured in a standardized manner. Correct Answer: A Section: (none) Explanation Explanation/Reference: Modern warfare is complex, and activities happen fast, which requires personnel and systems to be more adaptable than ever before. Data need to be captured and properly presented so that decision makers understand complex issues quickly, which allows for fast and accurate decisions. QUESTION 24 George is the security manager of a large bank, which provides online banking and other online services to its customers. George has recently found out that some of their customers have complained about changes to their bank accounts that they did not make. George worked with the security team and found out that all changes took place after proper authentication steps were completed. Which of the following describes what most likely took place in this situation? A. Web servers were compromised through cross-scripting attacks. B. SSL connections were decrypted through a man-in-the-middle attack. C. Personal computers were compromised with Trojan horses that installed keyloggers. http://www.gratisexam.com/ D. Web servers were compromised and masquerading attacks were carried out. Correct Answer: C Section: (none) Explanation Explanation/Reference: While all of these situations could have taken place, the most likely attack type in this scenario is the use of a keylogger. Attackers commonly compromise personal computers by tricking the users into installing Trojan horses that have the capability to install keystroke loggers. The keystroke logger can capture authentication data that the attacker can use to authenticate as a legitimate user and carry out malicious activities. QUESTION 25 Internet Protocol Security (IPSec) is actually a suite of protocols. Each protocol within the suite provides different functionality. Which of the following is not a function or characteristic of IPSec? A. B. C. D. Encryption Link layer protection Authentication Protection of packet payloads and the headers Correct Answer: B Section: (none) Explanation Explanation/Reference: IPSec is a protocol used to provide VPNs that use strong encryption and authentication functionality. It can work in two different modes: tunnel mode (payload and headers are protected) or transport mode (payload protection only). IPSec works at the network layer, not the data link layer. QUESTION 26 A typical PKI infrastructure would have which of the following transactions? 1. Receiver decrypts and obtains session key. 2. Sender requests receiver’s public key. 3. Public key is sent from a public directory. 4. Sender sends a session key encrypted with receiver’s public key. http://www.gratisexam.com/ A. B. C. D. 4, 3, 2, 1 2, 1, 3, 4 2, 3, 4, 1 2, 4, 3, 1 Correct Answer: C Section: (none) Explanation Explanation/Reference: The sender would need to first obtain the receiver’s public key, which could be from the receiver or a public directory. The sender needs to protect the symmetric session key as it is being sent, so she encrypts it with the receiver’s public key. The receiver decrypts the session key with his private key. QUESTION 27 Use the following scenario to answer Questions 27–28. Tim is the CISO for a large distributed financial investment organization. The company’s network is made up of different network devices and software applications, which generate their own proprietary logs and audit data. Tim and his security team have become overwhelmed with trying to review all of the log files when attempting to identify if anything suspicious is taking place within the network. Another issue Tim’s team needs to deal with is that many of the network devices have automated IPv6-to-IPv4 tunneling enabled by default. Which of the following is the best solution for this company to implement as it pertains to the first issue addressed in the scenario? A. B. C. D. Event correlation tools Intrusion detection systems Security information and event management Security event correlation management tools Correct Answer: C Section: (none) Explanation Explanation/Reference: Today, more organizations are implementing security event management (SEM) systems, also called security information and event management (SIEM) systems. These products gather logs from various devices (servers, firewalls, routers, etc.) and attempt to correlate the log data and provide http://www.gratisexam.com/ analysis capabilities. We also have different types of systems on a network (routers, firewalls, IDS, IPS, servers, gateways, proxies) collecting logs in various proprietary formats, which requires centralization, standardization, and normalization. Log formats are different per product type and vendor. QUESTION 28 Use the following scenario to answer Questions 27–28. Tim is the CISO for a large distributed financial investment organization. The company’s network is made up of different network devices and software applications, which generate their own proprietary logs and audit data. Tim and his security team have become overwhelmed with trying to review all of the log files when attempting to identify if anything suspicious is taking place within the network. Another issue Tim’s team needs to deal with is that many of the network devices have automated IPv6-to-IPv4 tunneling enabled by default. Which of the following best describes why Tim should be concerned about the second issue addressed in the scenario? A. B. C. D. Software and devices that are scanning traffic for suspicious activity may only be configured to evaluate one system type. Software and devices that are monitoring traffic for illegal activity may only be configured to evaluate one service type. Software and devices that are monitoring traffic for illegal activity may only be configured to evaluate two protocol types. Software and devices that are monitoring traffic for suspicious activity may only be configured to evaluate one traffic type. Correct Answer: D Section: (none) Explanation Explanation/Reference: While many of these automatic tunneling techniques reduce administration overhead because network administrators do not have to configure each and every system and network device with two different IP addresses, there are security risks that need to be understood. Many times users and network administrators do not know that automatic tunneling capabilities are enabled, thus they do not ensure that these different tunnels are secured and/or are being monitored. If you are an administrator of a network and have IDS, IPS, and firewalls that are only configured to monitor and restrict IPv4 traffic, then all IPv6 traffic could be traversing your network insecurely. Attackers use these protocol tunnels and misconfigurations to get past these types of security devices so that malicious activities can take place unnoticed. Products and software may need to be updated to address both traffic types, proxies may need to be deployed to manage traffic communication securely, IPv6 should be disabled if not needed, and security appliances need to be configured to monitor all traffic types. http://www.gratisexam.com/ QUESTION 29 Which of the following is not a characteristic of the Sherwood Applied Business Security Architecture framework? A. B. C. D. Model and methodology for the development of information security enterprise architectures Layered model, with its first layer defining business requirements from a security perspective Risk-driven enterprise security architecture that maps to business initiatives, similar to the Zachman framework Enterprise architecture framework used to define and understand a business environment Correct Answer: D Section: (none) Explanation Explanation/Reference: The Zachman framework is an enterprise architecture framework developed by John Zachman used to define and understand a business environment. QUESTION 30 What type of rating system is used within the Common Criteria structure? A. B. C. D. PP EPL EAL A–D Correct Answer: C Section: (none) Explanation Explanation/Reference: The Common Criteria uses a different assurance rating system than the previously used criteria. It has packages of specifications that must be met for a product to obtain the corresponding rating. These ratings and packages are called Evaluation Assurance Levels (EALs). Once a product achieves any type of rating, customers can view this information on an Evaluated Products List (EPL). QUESTION 31 ___________________ a declarative access control policy language implemented in XML and a processing model, describes how to interpret security policies. _________________ is an XML-based framework being developed by OASIS for exchanging user, resource, and service provisioning information between cooperating organizations. http://www.gratisexam.com/ A. B. C. D. Service Provisioning Markup Language (SPML), Extensible Access Control Markup Language (XACML) Extensible Access Control Markup Language (XACML), Service Provisioning Markup Language (SPML) Extensible Access Control Markup Language (XACML), Security Assertion Markup Language (SAML) Security Assertion Markup Language (SAML), Service Provisioning Markup Language (SPML) Correct Answer: B Section: (none) Explanation Explanation/Reference: Extensible Access Control Markup Language (XACML), a declarative access control policy language implemented in XML and a processing model, describes how to interpret security policies. Service Provisioning Markup Language (SPML) is an XML-based framework being developed by OASIS for exchanging user, resource, and service provisioning information between cooperating organizations. QUESTION 32 Doors configured in fail-safe mode assume what position in the event of a power failure? A. B. C. D. Open and locked Closed and locked Closed and unlocked Open Correct Answer: C Section: (none) Explanation Explanation/Reference: A company must decide how to handle physical access control in the event of a power failure. In fail-safe mode, doorways are automatically unlocked. This is usually dictated by fire codes to ensure that people do not get stuck inside of a burning building. Fail-secure means that the door will default to lock. QUESTION 33 Packet-filtering firewalls have limited capabilities. Which of the following is not a common characteristic of these firewall types? i. They cannot prevent attacks that employ application-specific http://www.gratisexam.com/ vulnerabilities or functions. ii. The logging functionality present in packet-filtering firewalls is limited. iii. Most packet-filtering firewalls do not support advanced user authentication schemes. iv. Many packet-filtering firewalls can detect spoofed addresses. v. May not be able to detect packet fragmentation attacks. A. B. C. D. ii iii iv v Correct Answer: C Section: (none) Explanation Explanation/Reference: Some of the weaknesses and characteristics of packet-filtering firewalls are as follows: • They cannot prevent attacks that employ application-specific vulnerabilities or functions. • The logging functionality present in packet-filtering firewalls is limited. • Most packet-filtering firewalls do not support advanced user authentication schemes. • Many packet-filtering firewalls cannot detect spoofed addresses. • They may not be able to detect packet fragmentation attacks. QUESTION 34 BS 25999 is the BSI (British Standards Institute’s) standard for Business Continuity Management (BCM). The BS standard has two main parts. Which of the following properly defines one of these parts correctly? A. BS 25999-1:2006 Business Continuity Management Code of Practice— General guidance that provides principles, processes, and requirements for BCM. B. BS 25999-2:2007 Specification for Business Continuity Management— Specifies objective, regulatory requirements for executing, operating, and enhancing a BCM system. C. BS 25999-1:2006 Business Continuity Management Code of Practice— General specifications that provide principles, deadlines, and terminology for BCM. D. BS 25999-2:2007 Specification for Business Continuity Management— Specifies objective, auditable requirements for executing, operating, and enhancing a BCM system. Correct Answer: D Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: The BS standard has two parts: BS 25999-1:2006 Business Continuity Management Code of Practice—General guidance that provides principles, processes, and terminology for BCM. BS 25999-2:2007 Specification for Business Continuity Management—Specifies objective, auditable requirements for executing, operating, and enhancing a BCM system. QUESTION 35 Use the following scenario to answer Questions 35–36. Zack is a security consultant who has been hired to help an accounting company improve some of their current e-mail security practices. The company wants to ensure that when their clients send the company accounting files and data, the clients cannot later deny sending these messages. The company also wants to integrate a more granular and secure authentication method for their current mail server and clients. Which of the following best describes how client messages can be dealt with and addresses the first issue outlined in the scenario? A. B. C. D. Company needs to integrate a public key infrastructure and the Diameter protocol. Clients must encrypt messages with their public key before sending them to the accounting company. Company needs to have all clients sign a formal document outlining nonrepudiation requirements. Client must digitally sign messages that contain financial information. Correct Answer: D Section: (none) Explanation Explanation/Reference: When clients digitally sign messages this is ensuring nonrepudiation. Since the client should be the only person who has his private key and only his public key can decrypt it, the e-mail must have been sent from the client. Digital signatures provide nonrepudiation protection, which is what this company needs. QUESTION 36 Use the following scenario to answer Questions 35–36. Zack is a security consultant who has been hired to help an accounting company improve some of their current e-mail security practices. The company wants to ensure that when their clients send the company accounting files and data, the clients cannot later deny sending these messages. The company also wants to integrate a more granular and secure authentication method for their current mail server and clients. http://www.gratisexam.com/ Which of the following would be the best solution to integrate to meet the authentication requirements outlined in the scenario? A. B. C. D. TLS IPSec 802.1x SASL Correct Answer: D Section: (none) Explanation Explanation/Reference: Simple Authentication and Security Layer (SASL) is a protocol-independent authentication framework. It is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, with the goal of allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. SASL’s design is intended to allow new protocols to reuse existing mechanisms without requiring redesign of the mechanisms, and allows existing protocols to make use of new mechanisms without redesign of protocols. QUESTION 37 Rennie needs to ensure that the BCP project will be successful. His manager has asked him to carry out a SWOT analysis to ensure that the defined objectives within the scope can be accomplished and to identify issues that could impede upon the necessary success and productivity required of the project as a whole. Which of the following is not considered to be a basic tenet of a SWOT analysis? A. B. C. D. Strengths: characteristics of the project team that give it an advantage over others Weaknesses: characteristics that place the team at a disadvantage relative to others Opportunities: elements that could contribute to the project’s success Trends: elements that could contribute to the project’s failure Correct Answer: D Section: (none) Explanation Explanation/Reference: The individual objectives of a project must be analyzed to ensure that each is actually attainable. A part of scope analysis that may prove useful is SWOT analysis. SWOT stands for Strengths/Weaknesses/Opportunities/Threats, and http://www.gratisexam.com/ its basic tenets are as follows: • Strengths: characteristics of the project team that give it an advantage over others. • Weaknesses: characteristics that place the team at a disadvantage relative to others. • Opportunities: elements that could contribute to the project’s success. • Threats: elements that could contribute to the project’s failure. QUESTION 38 A ___________________ is the amount of time it should take to recover from a disaster, and a ____________________ is the amount of data, measured in time, that can be lost and be tolerable from that same event. A. B. C. D. Recovery time objective, recovery point objective Recovery point objective, recovery time objective Maximum tolerable downtime, work recovery time Work recovery time, maximum tolerable downtime Correct Answer: A Section: (none) Explanation Explanation/Reference: A recovery time objective (RTO) is the amount of time it takes to recover from a disaster, and a recovery point objective (RPO) is the amount of data, measured in time, that can be lost from that same event. The RPO is the acceptable amount of data loss measured in time. This value represents the earliest point in time by which data must be recovered. The higher the value of data, the more funds or other resources that can be put into place to ensure a smaller amount of data is lost in the event of a disaster. RTO is the earliest time period and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in business continuity. QUESTION 39 Mary is playing around on her computer late at night and discovers a way to hack into a small company’s personnel files. She decides to take a look around, but does not steal any information. Is she still committing a crime even if she does not steal any of the information? A. No, since she does not steal any information, she is not committing a crime. B. Yes, she has gained unauthorized access. C. No, the system was easily hacked; therefore, entry is allowed. http://www.gratisexam.com/ D. Yes, she could jeopardize the system without knowing it. Correct Answer: B Section: (none) Explanation Explanation/Reference: Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access, illegal interception, data interference, systems interference, misuse of devices, forgery, and electronic fraud. QUESTION 40 In the structure of Extensible Access Control Markup Language (XACML) a Subject element is the ______________, a Resource element is the ___________, and an Action element is the ___________. A. B. C. D. Requesting entity, requested entity, types of access Requested entity, requesting entity, types of access Requesting entity, requested entity, access control Requested entity, requesting entity, access control Correct Answer: A Section: (none) Explanation Explanation/Reference: XACML uses a Subject element (requesting entity), a Resource element (requested entity), and an Action element (types of access). XACML defines a declarative access control policy language implemented in XML. QUESTION 41 The Mobile IP protocol allows location-independent routing of IP datagrams on the Internet. Each mobile node is identified by its ______________ disregarding its current location in the Internet. While away from its home network, a mobile node is associated with a ___________. A. B. C. D. Prime address, care-of address Home address, care-of address Home address, secondary address Prime address, secondary address http://www.gratisexam.com/ Correct Answer: B Section: (none) Explanation Explanation/Reference: The Mobile IP protocol allows location-independent routing of IP packets on web-based environments. Each mobile device is identified by its home address. While away from its home network, a mobile node is associated with a care-of address, which identifies its current location, and its home address is associated with the local endpoint of a tunnel to its home agent. Mobile IP specifies how a mobile device registers with its home agent and how the home agent routes packets to the mobile device. QUESTION 42 Instead of managing and maintaining many different types of security products and solutions, Joan wants to purchase a product that combines many technologies into one appliance. She would like to have centralized control, streamlined maintenance, and a reduction in stove pipe security solutions. Which of the following would best fit Joan’s needs? A. B. C. D. Dedicated appliance Centralized hybrid firewall applications Hybrid IDS\IPS integration Unified threat management Correct Answer: D Section: (none) Explanation Explanation/Reference: The list of security solutions most companies need includes, but is not limited to, firewalls, antimalware, antispam, IDS\IPS, content filtering, data leak prevention, VPN capabilities, continuous monitoring, and reporting. Unified Threat Management (UTM) appliance products have been developed that provide all (or many) of these functionalities into a single network appliance. The goals of UTM are simplicity, streamlined installation and maintenance, centralized control, and the ability to understand a network’s security from a holistic point of view. QUESTION 43 Why is it important to have a clearly defined incident-handling process in place? http://www.gratisexam.com/ A. B. C. D. To avoid dealing with a computer and network threat in an ad hoc, reactive, and confusing manner In order to provide a quick reaction to a threat so that a company can return to normal operations as soon as possible In order to provide a uniform approach with certain expectations of the results All of the above Correct Answer: D Section: (none) Explanation Explanation/Reference: A clearly defined incident-handling process can be more cost-effective, enable recovery to happen more quickly, and provide a uniform approach with certain expectations of the results. Incident handling should be closely related to disaster recovery planning and should be part of the company’s disaster recovery plan. QUESTION 44 Which of the following is an international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy and provides guidelines on the protection of privacy and transborder flows of personal data rules? A. B. C. D. Council of Global Convention on Cybercrime Council of Europe Convention on Cybercrime Organisation for Economic Co-operation and Development Organisation for Cybercrime Co-operation and Development Correct Answer: C Section: (none) Explanation Explanation/Reference: Global organizations that move data across other country boundaries must be aware of and follow the Organisation for Economic Co-operation and Development (OECD), which provides guidelines on the Protection of Privacy and Transborder Flows of Personal Data rules. Since most countries have a different set of laws pertaining to the definition of private data and how they should be protected, international trade and business get more convoluted and can negatively affect the economy of nations. The OECD is an international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy. Because of this, the OECD came up with guidelines for the various http://www.gratisexam.com/ countries to follow so that data are properly protected and everyone follows the same type of rules. QUESTION 45 System ports allow different computers to communicate with each other’s services and protocols. Internet Corporation for Assigned Names and Numbers has assigned registered ports to be ____________________ and dynamic ports to be ____________. A. B. C. D. 0–1024, 49152–65535 1024–49151, 49152–65535 1024–49152, 49153–65535 0–1024, 1025–49151 Correct Answer: B Section: (none) Explanation Explanation/Reference: Registered ports are 1024–49151, which can be registered with the Internet Corporation for Assigned Names and Numbers (ICANN) for a particular use. Vendors register specific ports to map to their proprietary software. Dynamic ports are 49152–65535 and are available to be used by any application on an “as needed” basis. QUESTION 46 When conducting a quantitative risk analysis, items are gathered and assigned numeric values so that cost/benefit analysis can be carried out. Which of the following provides the correct formula to understand the value of a safeguard? A. B. C. D. (ALE before implementing safeguard) – (ALE after implementing safeguard) – (annual cost of safeguard) = value of safeguard to the company (ALE before implementing safeguard) – (ALE during implementing safeguard) – (annual cost of safeguard) = value of safeguard to the company (ALE before implementing safeguard) – (ALE while implementing safeguard) – (annual cost of safeguard) = value of safeguard to the company (ALE before implementing safeguard) – (ALE after implementing safeguard) – (annual cost of asset) = value of safeguard to the company Correct Answer: A Section: (none) Explanation Explanation/Reference: The correct formula for cost/benefit analysis is (ALE before implementing safeguard) – (ALE after implementing safeguard) – (annual cost of safeguard) = value of safeguard to the company. http://www.gratisexam.com/ QUESTION 47 Patty is giving a presentation next week to the executive staff of her company. She wants to illustrate the benefits of the company using specific cloud computing solutions. Which of the following does not properly describe one of these benefits or advantages? i. Organizations have more flexibility and agility in IT growth and functionality. ii. Cost of computing can be increased since it is a shared delivery model. iii. Location independence can be achieved because the computing is not centralized and tied to a physical data center. iv. Applications and functionality can be more easily migrated from one physical server to another because environments are virtualized. v. Scalability and elasticity of resources can be accomplished in near realtime through automation. vi. Performance can increase as processing is shifted to available systems during peak loads. A. B. C. D. i ii iii v Correct Answer: B Section: (none) Explanation Explanation/Reference: Each of the listed items are correct benefits or characteristics of cloud computing except “Cost of computing can be increased since it is a shared delivery model.” The correct answer would be “Cost of computing can be decreased since it is a shared delivery model.” QUESTION 48 Use the following scenario to answer Questions 48–49. Frank is the new manager over inhouse software designers and programmers. He has been telling his team that before design and programming on a new product begins, a formal architecture needs to be developed. He also needs this team to understand security issues as they pertain to software design. Frank has shown the team how to follow a systematic approach, which allows them to understand how different compromises could take place with the software http://www.gratisexam.com/ products they develop. Which of the following best describes what an architecture is in the context of this scenario? A. B. C. D. Tool used to conceptually understand the structure and behavior of a complex entity through different views Formal description and representation of a system and the components that make it up Framework used to create individual architectures with specific views Framework that is necessary to identify needs and meet all of the stakeholder requirements Correct Answer: A Section: (none) Explanation Explanation/Reference: An architecture is a tool used to conceptually understand the structure and behavior of a complex entity through different views. An architecture provides different views of the system, based upon the needs of the stakeholders of that system. QUESTION 49 Use the following scenario to answer Questions 48–49. Frank is the new manager over inhouse software designers and programmers. He has been telling his team that before design and programming on a new product begins, a formal architecture needs to be developed. He also needs this team to understand security issues as they pertain to software design. Frank has shown the team how to follow a systematic approach, which allows them to understand how different compromises could take place with the software products they develop. Which of the following best describes the approach Frank has shown his team as outlined in the scenario? A. B. C. D. Attack surface analysis Threat modeling Penetration testing Double-blind penetration testing Correct Answer: B Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ Threat modeling is a systematic approach used to understand how different threats could be realized and how a successful compromise could take place. A threat model is a description of a set of security aspects that can help define a threat and a set of possible attacks to consider. It may be useful to define different threat models for one software product. Each model defines a narrow set of possible attacks to focus on. A threat model can help to assess the probability, the potential harm, and the priority of attacks, and thus help to minimize or eradicate the threats. QUESTION 50 Barry was told that the IDS product that is being used on the network has heuristic capabilities. Which of the following best describes this functionality? A. B. C. D. Gathers packets and reassembles the fragments before assigning anomaly values Gathers data to calculate the probability of an attack taking place Gathers packets and compares their payload values to a signature engine Gathers packet headers to determine if something suspicious is taking place within the network traffic Correct Answer: B Section: (none) Explanation Explanation/Reference: IDS and some antimalware products are said to have “heuristic” capabilities. The term heuristic means to create new information from different data sources. The IDS gathers different “clues” from the network or system and calculates the probability an attack is taking place. If the probability hits a set threshold, then the alarm sounds. QUESTION 51 System assurance evaluations have gone through many phases. First, TCSEC was used, but it was considered too narrow. Next, ITSEC was developed to be flexible, but in the process became extremely complicated. Now, products are evaluated through the use of a new list of requirements. What is this list of requirements called? A. B. C. D. International Evaluation Criteria System Universal Evaluation Standards Common Criteria National Security Standards Correct Answer: C Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: The Common Criteria was created by several organizations in different countries as a way of combining the best parts of TCSEC and ITSEC and other criteria into a more useful measure. The Common Criteria has been accepted globally. QUESTION 52 Don is a senior manager of an architectural firm. He has just found out that a key contract was renewed, allowing the company to continue developing an operating system that was idle for several months. Excited to get started, Don begins work on the operating system privately, but cannot tell his staff until the news is announced publicly in a few days. However, as Don begins making changes in the software, various staff members notice changes in their connected systems, even though they work in a lower security level. What kind of model could be used to ensure this does not happen? A. B. C. D. Biba Bell-LaPadula Noninterference Clark-Wilson Correct Answer: C Section: (none) Explanation Explanation/Reference: In this example, lower-ranked staffers could have deduced that the contract had been renewed by paying attention to the changes in their systems. The noninterference model addresses this specifically by dictating that no action or state in higher levels can impact or be visible to lower levels. In this example, the staff could learn something indirectly or infer something that they do not have a right to know yet. QUESTION 53 Betty has received several e-mail messages from unknown sources that try and entice her to click a specific link using a “Click Here” approach. Which of the following best describes what is most likely taking place in this situation? A. B. C. D. DNS pharming attack Embedded hyperlink is obfuscated Malware back-door installation Bidirectional injection attack http://www.gratisexam.com/ Correct Answer: B Section: (none) Explanation Explanation/Reference: HTML documents and e-mails allow users to attach or embed hyperlinks in any given text, such as the “Click Here” links you commonly see in e-mail messages or webpages. Attackers misuse hyperlinks to deceive unsuspecting users into clicking rogue links. The most common approach is known as URL hiding. QUESTION 54 Rebecca is the network administrator of a large retail company. The company has Ethernet-based distributed networks throughout the northwest region of the United States. Her company would like to move to an Ethernet-based multipoint communication architecture that can run over their service provider’s IP/MPLS network. Which of the following would be the best solution for these requirements? A. B. C. D. Metro-Ethernet L2TP/IPSec Virtual Private LAN Services SONET Correct Answer: C Section: (none) Explanation Explanation/Reference: Virtual Private LAN Services (VPLS) is a multipoint layer 2 virtual private network that connects two or more customer devices using Ethernet bridging techniques. In other words, VPLS emulates a LAN over a managed IP/MPLS network. VPLS is a way to provide Ethernet-based multipoint-to-multipoint communication over IP/MPLS networks. QUESTION 55 Which of the following multiplexing technologies analyzes statistics related to the typical workload of each input device and makes real-time decisions on how much time each device should be allocated for data transmission? A. B. C. D. Time-division multiplexing Wave-division multiplexing Frequency-division multiplexing Statistical time-division multiplexing http://www.gratisexam.com/ Correct Answer: D Section: (none) Explanation Explanation/Reference: Statistical time-division multiplexing (STDM) transmits several types of data simultaneously across a single transmission line. STDM technologies analyze statistics related to the typical workload of each input device and make real-time decisions on how much time each device should be allocated for data transmission. QUESTION 56 In a VoIP environment, the Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) are commonly used. Which of the following best describes the difference between these two protocols? A. RTCP provides a standardized packet format for delivering audio and video over IP networks. RTP provides out-of-band statistics and control information to provide feedback on QoS levels. B. RTP provides a standardized packet format for delivering data over IP networks. RTCP provides control information to provide feedback on QoS levels. C. RTP provides a standardized packet format for delivering audio and video over MPLS networks. RTCP provides control information to provide feedback on QoS levels. D. RTP provides a standardized packet format for delivering audio and video over IP networks. RTCP provides out-of-band statistics and control information to provide feedback on QoS levels. Correct Answer: D Section: (none) Explanation Explanation/Reference: The actual voice stream is carried on media protocols such as the Realtime Transport Protocol (RTP). RTP provides a standardized packet format for delivering audio and video over IP networks. RTP is a session layer protocol that carries data in media stream format, as in audio and video, and is used extensively in VoIP, telephony, video conferencing, and other multimedia streaming technologies. It provides end-to-end delivery services and is commonly run over the transport layer protocol UDP. RTP Control Protocol (RTCP) is used in conjunction with RTP and is also considered a session layer protocol. It provides out-of-band statistics and control information to provide feedback on QoS levels of individual streaming multimedia sessions. QUESTION 57 http://www.gratisexam.com/ ISO/IEC 27031:2011 is an international standard for business continuity that organizations can follow. Which of the following is a correct characteristic of this standard? A. B. C. D. Guidelines for information and communications technology readiness for business continuity ISO/IEC standard that is a component of the overall BS 7999 series Standard that was developed by NIST and evolved to be an international standard Component of the Safe Harbor requirements Correct Answer: A Section: (none) Explanation Explanation/Reference: ISO/IEC 27031:2011 is a set of guidelines for information and communications technology readiness for business continuity. This ISO/IEC standard is a component of the overall ISO/IEC 27000 series. QUESTION 58 Fran is the CSO of a new grocery and retail store. Her company paid for a physical security consultant to assess their current controls and security program that is in place to ensure that the company is carrying out due care efforts. The security consultant told Fran that the areas in front of the stores need to have two footcandle illumination. Which of the following best describes the consultant’s advice? A. B. C. D. Lights must be placed two feet apart. The area being lit must be illuminated two feet high and two feet out. This is an illumination metric used for lighting. Each lit area must be within two feet of the next lit area. Correct Answer: C Section: (none) Explanation Explanation/Reference: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, which is a unit that represents the illumination power of an individual light. QUESTION 59 IPSec’s main protocols are AH and ESP. Which of the following services does AH provide? http://www.gratisexam.com/ A. B. C. D. Confidentiality and authentication Confidentiality and availability Integrity and accessibility Integrity and authentication Correct Answer: D Section: (none) Explanation Explanation/Reference: IPSec is made up of two main protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP). AH provides system authentication and integrity, but not confidentiality or availability. ESP provides system authentication, integrity, and confidentiality, but not availability. Nothing within IPSec can ensure the availability of the system it is residing on. QUESTION 60 When multiple databases exchange transactions, each database is updated. This can happen many times and in many different ways. To protect the integrity of the data, databases should incorporate a concept known as an ACID test. What does this acronym stand for? A. B. C. D. Availability, confidentiality, integrity, durability Availability, consistency, integrity, durability Atomicity, confidentiality, isolation, durability Atomicity, consistency, isolation, durability Correct Answer: D Section: (none) Explanation Explanation/Reference: The ACID test concept should be incorporated into the software of a database. ACID stands for: • Atomicity Divides transactions into units of work and ensures that either all modifications take effect or none take effect. Either the changes are committed or the database is rolled back. • Consistency A transaction must follow the integrity policy developed for that particular database and ensure that all data are consistent in the different databases. • Isolation Transactions execute in isolation until completed, without http://www.gratisexam.com/ interacting with other transactions. The results of the modification are not available until the transaction is completed. • Durability Once the transaction is verified as accurate on all systems, it is committed and the databases cannot be rolled back. QUESTION 61 Use the following scenario to answer Questions 61–62. Jim works for a power plant, and senior management just conducted a meeting with Jim’s team explaining that the upgrades that will be made to the surrounding power grid and its components will allow for better self-healing, resistance to physical and cyberattacks, increased efficiency, and better integration of renewable energy sources. The senior management also expressed concerns about the security of these changes. Which of the following best describes the changes the organization in the scenario will be moving forward with? A. B. C. D. Integrating natural gas production with their current coal activities Integrating a smart grid Integrating the power grid with the existing SONET rings Integrating authentication technologies into power metering devices Correct Answer: B Section: (none) Explanation Explanation/Reference: Many parts of the world are moving to smart grids, which means that there is a lot more computing software and technology embedded into the grids to optimize and automate these functions. Some of the goals of a smart grid are self-healing, resistance to physical and cyberattacks, bidirectional communication capabilities, increased efficiency, and better integration of renewable energy sources. We want our grids to be more reliable, resilient, flexible, and efficient. QUESTION 62 Use the following scenario to answer Questions 61–62. Jim works for a power plant, and senior management just conducted a meeting with Jim’s team explaining that the upgrades that will be made to the surrounding power grid and its components will allow for better self-healing, resistance to physical and cyberattacks, increased efficiency, and better integration of renewable energy sources. The senior management also expressed concerns about the security of these changes. http://www.gratisexam.com/ Which of the following best describes the security concerns addressed in this scenario? A. B. C. D. Allows for direct attacks through Ethernet over Power Increased embedded software and computing capabilities Does not have proper protection against common web-based attacks Power fluctuation and outages directly affect computing systems Correct Answer: B Section: (none) Explanation Explanation/Reference: We are moving to smart grids, which means that there is a lot more computing software and technology embedded into the grids to optimize and automate these functions. This means that almost every component of the new power grid has to be computerized in some manner; thus, it can be vulnerable to digital-based attacks. QUESTION 63 Henry is the team leader of a group of software designers. They are at a stage in their software development project where they need to reduce the amount of code running, reduce entry points available to untrusted users, reduce privilege levels as much as possible, and eliminate unnecessary services. Which of the following best describes the first step they need to carry out to accomplish these tasks? A. B. C. D. Attack surface analysis Software development life cycle Risk assessment Unit testing Correct Answer: A Section: (none) Explanation Explanation/Reference: The aim of an attack surface analysis is to identify and reduce the amount of code accessible to untrusted users. The basic strategies of attack surface reduction are to reduce the amount of code running, reduce entry points available to untrusted users, reduce privilege levels as much as possible, and eliminate unnecessary services. Attack surface analysis is generally carried out through specialized tools to enumerate different parts of a product and aggregate their findings into a numerical value. Attack surface analyzers http://www.gratisexam.com/ scrutinize files, registry keys, memory data, session information, processes, and services details. QUESTION 64 Jenny needs to engage a new software development company to create her company’s internal banking software. It will need to be created specifically for her company’s environment, so it must be proprietary in nature. Which of the following would be useful for Jenny to use as a gauge to determine how advanced and mature the various software development companies are in their processes? A. B. C. D. SaS 70 Capability Maturity Model Integration level Auditing results Key performance metrics Correct Answer: B Section: (none) Explanation Explanation/Reference: The Capability Maturity Model Integration (CMMI) model outlines the necessary characteristics of an organization’s security engineering process. It addresses the different phases of a secure software development life cycle, including concept definition, requirements analysis, design, development, integration, installation, operations, and maintenance, and what should happen in each phase. It can be used to evaluate security engineering practices and identify ways to improve them. It can also be used by customers in the evaluation process of a software vendor. In the best of both worlds, software vendors would use the model to help improve their processes and customers would use the model to assess the vendor’s practices. QUESTION 65 Which of the following is a representation of the logical relationship between elements of data and dictates the degree of association among elements, methods of access, processing alternatives, and the organization of data elements? A. B. C. D. Data element Array Secular component Data structure Correct Answer: D Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: A data structure is a representation of the logical relationship between elements of data. It dictates the degree of association among elements, methods of access, processing alternatives, and the organization of data elements. The structure can be simple in nature, like the scalar item, which represents a single element that can be addressed by an identifier and accessed by a single address in storage. The scalar items can be grouped in arrays, which provide access by indexes. Other data structures include hierarchical structures by using multilinked lists that contain scalar items, vectors, and possibly arrays. The hierarchical structure provides categorization and association. QUESTION 66 Kerberos is a commonly used access control and authentication technology. It is important to understand what the technology can and cannot do and its potential downfalls. Which of the following is not a potential security issue that must be addressed when using Kerberos? i. The KDC can be a single point of failure. ii. The KDC must be scalable. iii. Secret keys are temporarily stored on the users’ workstations. iv. Kerberos is vulnerable to password guessing. A. B. C. D. i, iv iii All of them None of them Correct Answer: D Section: (none) Explanation Explanation/Reference: These are all issues that are directly related to Kerberos. These items are as follows: • The KDC can be a single point of failure. If the KDC goes down, no one can access needed resources. Redundancy is necessary for the KDC. • The KDC must be able to handle the number of requests it receives in a timely manner. It must be scalable. • Secret keys are temporarily stored on the users’ workstations, which means it is possible for an intruder to obtain these cryptographic keys. http://www.gratisexam.com/ • Session keys are decrypted and reside on the users’ workstations, either in a cache or in a key table. Again, an intruder can capture these keys. • Kerberos is vulnerable to password guessing. The KDC does not know if a dictionary attack is taking place. QUESTION 67 If the ALE for a specific asset is $100,000, and after implementation of the control the new ALE is $45,000 and the annual cost of the control is $30,000, should the company implement this control? A. B. C. D. Yes No Not enough information It depends on the ARO Correct Answer: A Section: (none) Explanation Explanation/Reference: Yes, the company should implement the control, as the value would be $25,000. QUESTION 68 ISO/IEC 27000 is a growing family of ISO/IEC Information Security Management Systems (ISMS) standards. It comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the following provides an incorrect mapping of the individual standards that make up this family of standards? A. B. C. D. ISO/IEC 27002 Code of practice for information security management. ISO/IEC 27003 Guideline for ISMS implementation. ISO/IEC 27004 Guideline for information security management measurement and metrics framework. ISO/IEC 27005 Guideline for bodies providing audit and certification of information security management systems. Correct Answer: D Section: (none) Explanation Explanation/Reference: The correct mappings for the individual standards are as follows: • ISO/IEC 27002 Code of practice for information security management. • ISO/IEC 27003 Guideline for ISMS implementation. http://www.gratisexam.com/ • ISO/IEC 27004 Guideline for information security management measurement and metrics framework. • ISO/IEC 27005 Guideline for information security risk management. • ISO/IEC 27006 Guideline for bodies providing audit and certification of information security management systems. QUESTION 69 When a CPU is passed an instruction set and data to be processed and the program status word (PSW) register contains a value indicating that execution should take place in privileged mode, which of the following would be considered true? A. B. C. D. Operating system is executing in supervisory mode Request came from a trusted process Functionality that is available in user mode is not available An untrusted process submitted the execution request Correct Answer: B Section: (none) Explanation Explanation/Reference: If the PSW has a bit value that indicates the instructions to be executed should be carried out in privileged mode, this means a trusted process (e.g., an operating system process) made the request and can have access to the functionality that is not available in user mode. QUESTION 70 Encryption and decryption can take place at different layers of an operating system, application, and network stack. End-to-end encryption happens within the _______. SSL encryption takes place at the _________ layer. PPTP encryption takes place at the ______ layer. Link encryption takes place at the _________ and ___________ layers. A. B. C. D. Applications, network, data link, data link and physical Applications, transport, network, data link and physical Applications, transport, data link, data link and physical Network, transport, data link, data link and physical Correct Answer: C Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ End-to-end encryption happens within the applications. SSL encryption takes place at the transport layer. PPTP encryption takes place at the data link layer. Link encryption takes place at the data link and physical layers. QUESTION 71 Which of the following best describes the difference between hierarchical storage management (HSM) and storage area network (SAN) technologies? A. B. C. D. HSM uses optical or tape jukeboxes, and SAN is a network of connected storage systems. SAN uses optical or tape jukeboxes, and HSM is a network of connected storage systems. HSM and SAN are one and the same. The difference is in the implementation. HSM uses optical or tape jukeboxes, and SAN is a standard of how to develop and implement this technology. Correct Answer: A Section: (none) Explanation Explanation/Reference: Hierarchical storage management (HSM) provides continuous online backup functionality. It combines hard disk technology with the cheaper and slower optical or tape jukeboxes. Storage area network (SAN) is made up of several storage systems that are connected together to form a single backup network. QUESTION 72 The Anticybersquatting Consumer Protection Act (ACPA) was enacted to protect which type of intellectual property? A. B. C. D. Trade secrets Copyrights Trademarks Patents Correct Answer: C Section: (none) Explanation Explanation/Reference: The ACPA was enacted for trademark owners to have legal recourse to protect the illegal registration of their domain names. It is only relevant under the following categories: domain name registrant has the intent to profit from registering the trademark domain name; the registrant registers or uses http://www.gratisexam.com/ a domain name that at the time of registration is identical or confusingly similar to an existing distinctive mark, or is identical or confusingly similar to a famous mark; or is a trademark, word, or name protected by certain sections of the U.S. Code. QUESTION 73 The International Organization on Computer Evidence (IOCE) was appointed to draw up international principles for procedures relating to what type of evidence? A. B. C. D. Information evidence Digital evidence Conclusive evidence Real evidence Correct Answer: B Section: (none) Explanation Explanation/Reference: In March 1998, the IOCE was appointed to draw up international principles for the procedures relating to digital evidence to ensure the harmonization of methods and practices among nations, and to guarantee the ability to use digital evidence collected by one national state in the courts of another state. QUESTION 74 A fraud analyst with a national insurance company uses database tools every day to help identify violations and identify relationships between the captured data through the uses of rule discovery. These tools help identify relationships among a wide variety of information types. What kind of knowledge discovery in database (KDD) is this considered? A. B. C. D. Probability Statistical Classification Behavioral Correct Answer: B Section: (none) Explanation Explanation/Reference: Data mining is also known as knowledge discovery in database (KDD), http://www.gratisexam.com/ which is a technique used to identify valid and useful patterns. Different types of data can have various interrelationships, and the method used depends on the type of data and patterns that are sought. The following are three approaches used in KDD systems to uncover these patterns: • Classification Data are grouped together according to shared similarities. • Probabilistic Data interdependencies are identified and probabilities are applied to their relationships. • Statistical Identifies relationships between data elements and uses rule discovery. QUESTION 75 Which of the following is an XML-based protocol that defines the schema of how web service communication takes place over HTTP transmissions? A. B. C. D. Service-Oriented Protocol Active X Protocol Simple Object Access Protocol JVEE Correct Answer: C Section: (none) Explanation Explanation/Reference: What if we need programs running on different operating systems and written in different programming languages to communicate over web-based communication methods? We would use Simple Object Access Protocol (SOAP). SOAP is an XML-based protocol that encodes messages in a web service environment. SOAP actually defines an XML schema or a structure of how communication is going to take place. The SOAP XML schema defines how objects communicate directly. QUESTION 76 Which of the following has an incorrect definition mapping? i. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Team-oriented approach that assesses organizational and IT risks through facilitated workshops. ii. AS/NZS 4360 Australia and New Zealand business risk management assessment approach. iii. ISO/IEC 27005 International standard for the implementation of a http://www.gratisexam.com/ risk management program that integrates into an information security management system (ISMS). iv. Failure Modes and Effect Analysis Approach that dissects a component into its basic functions to identify flaws and those flaws’ effects. v. Fault tree analysis Approach to map specific flaws to root causes in complex systems. A. B. C. D. None of them ii iii, iv v Correct Answer: A Section: (none) Explanation Explanation/Reference: Each answer lists the correct definition mapping. QUESTION 77 For an enterprise security architecture to be successful in its development and implementation, which of the following items must be understood and followed? i. Strategic alignment ii. Process enhancement iii. Business enablement iv. Security effectiveness A. B. C. D. i, ii ii, iii i, ii, iii, iv iii, iv Correct Answer: C Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ For an enterprise security architecture to be successful in its development and implementation, the following items must be understood and followed: strategic alignment, process enhancement, business enablement, and security effectiveness. QUESTION 78 Which of the following best describes the purpose of the Organisation for Economic Co-operation and Development (OECD)? A. An international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy. http://www.gratisexam.com/ B. A national organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy. C. An international organization that helps different organizations come together and tackle the economic, social, and governance challenges of a globalized economy. D. A national organization that helps different organizations come together and tackle the economic, social, and governance challenges of a globalized economy. Correct Answer: A Section: (none) Explanation Explanation/Reference: The OECD is an international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy. Thus, the OECD came up with guidelines for the various countries to follow so data are properly protected and everyone follows the same type of rules. QUESTION 79 There are many enterprise architecture models that have been developed over the years for specific purposes. Some of them can be used to provide structure for information security processes and technology to be integrated throughout an organization. Which of the following provides an incorrect mapping between the architect types and the associated definitions? A. Zachman framework Model and methodology for the development of information security enterprise architectures. http://www.gratisexam.com/ B. TOGAF Model and methodology for the development of enterprise architectures developed by The Open Group. C. DoDAF U.S. Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals. D. MODAF Architecture framework used mainly in military support missions developed by the British Ministry of Defence. Correct Answer: A Section: (none) Explanation Explanation/Reference: The Zachman model is for business enterprise architectures, not security enterprises. The proper definition mappings are as follows: • Zachman framework Model for the development of enterprise architectures developed by John Zachman. • TOGAF Model and methodology for the development of enterprise architectures developed by The Open Group. • DoDAF U.S. Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals. • MODAF Architecture framework used mainly in military support missions developed by the British Ministry of Defence. • SABSA model Model and methodology for the development of information security enterprise architectures. QUESTION 80 Which of the following best describes the difference between the role of the ISO/IEC 27000 series and CobiT? A. The CobiT provides a high-level overview of security program requirements, while the ISO/IEC 27000 series provides the objectives of the individual security controls. B. The ISO/IEC 27000 series provides a high-level overview of security program requirements, while CobiT provides the objectives of the individual security controls. C. CobiT is process oriented, and the ISO/IEC standard is solution oriented. D. The ISO/IEC standard is process oriented, and CobiT is solution oriented. Correct Answer: B Section: (none) Explanation Explanation/Reference: The ISO/IEC 27000 series provides a high-level overview of security program requirements, while CobiT provides the objectives of the individual security controls. CobiT provides the objectives that the real-world http://www.gratisexam.com/ implementations (controls) you chose to put into place need to meet. QUESTION 81 The Capability Maturity Model Integration (CMMI) approach is being used more frequently in security program and enterprise development. Which of the following provides an incorrect characteristic of this model? A. B. C. D. A model that provides a pathway for how incremental improvement can take place. Provides structured steps that can be followed so an organization can evolve from one level to the next and constantly improve its processes. It was created for process improvement and developed by Carnegie Mellon. It was built upon the SABSA model. Correct Answer: D Section: (none) Explanation Explanation/Reference: This model was not built upon the SABSA model. All other characteristics are true. QUESTION 82 If Joe wanted to use a risk assessment methodology that allows the various business owners to identify risks and know how to deal with them, what methodology would he use? A. B. C. D. Qualitative COSO FRAP OCTAVE Correct Answer: D Section: (none) Explanation Explanation/Reference: Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a methodology that is intended to be used in situations where people manage and direct the risk evaluation for information security within their company. This places the people who work inside the organization in the position of being able to make decisions regarding the best approach for evaluating the security of their organization. http://www.gratisexam.com/ QUESTION 83 Information security is a field that is maturing and becoming more organized and standardized. Organizational security models should be based upon a formal architecture framework. Which of the following best describes what a formal architecture framework is and why it would be used? A. B. C. D. Mathematical model that defines the secure states that various software components can enter and still provide the necessary protection. Conceptual model that is organized into multiple views addressing each of the stakeholder’s concerns. Business enterprise framework that is broken down into six conceptual levels to ensure security is deployed and managed in a controllable manner. Enterprise framework that allows for proper security governance. Correct Answer: B Section: (none) Explanation Explanation/Reference: A formal architecture framework is a conceptual model in which an architecture description is organized into multiple architecture views, where each view addresses specific concerns originating with the specific stakeholders. Individual stakeholders have a variety of system concerns, which the architecture must address. To express these concerns, each view applies the conventions of its architecture viewpoint. QUESTION 84 Which of the following provides a true characteristic of a fault tree analysis? A. B. C. D. Fault trees are assigned qualitative values to faults that can take place over a series of business processes. Fault trees are assigned failure mode values. Fault trees are labeled with actual numbers pertaining to failure probabilities. Fault trees are used in a stepwise approach to software debugging. Correct Answer: C Section: (none) Explanation Explanation/Reference: Fault tree analysis follows this general process. First, an undesired effect is taken as the root, or top, event of a tree of logic. Then, each situation that has the potential to cause that effect is added to the tree as a series of logic expressions. Fault trees are then labeled with actual numbers pertaining to failure probabilities. http://www.gratisexam.com/ QUESTION 85 Several models and frameworks have been developed by different organizations over the years to help businesses carry out processes in a more efficient and effective manner. Which of the following provides the correct definition mapping of one of these items? i. COSO A framework and methodology for Enterprise Security Architecture and Service Management. ii. ITIL Processes to allow for IT service management developed by the United Kingdom’s Office of Government Commerce. iii. Six Sigma Business management strategy that can be used to carry out process improvement. iv. Capability Maturity Model Integration (CMMI) Organizational development for process improvement developed by Carnegie Mellon. A. B. C. D. i i, iii ii, iv ii, iii, iv Correct Answer: D Section: (none) Explanation Explanation/Reference: Each of the listed answers in ii., iii., and iv. has the correct definition mapping. Answer i. is incorrect. COSO is an organization that provides leadership in the areas of organizational governance, internal control, enterprise risk management, fraud, business ethics, and financial reporting QUESTION 86 It is important that organizations ensure that their security efforts are effective and measurable. Which of the following is not a common method used to track the effectiveness of security efforts? A. B. C. D. Service level agreement Return on investment Balanced scorecard system Provisioning system Correct Answer: D http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: Security effectiveness deals with metrics, meeting service level agreement (SLA) requirements, achieving return on investment (ROI), meeting set baselines, and providing management with a dashboard or balanced scorecard system. These are ways to determine how useful the current security solutions and architecture as a whole are performing. QUESTION 87 Capability Maturity Model Integration (CMMI) is a process improvement approach that is used to help organizations improve their performance. The CMMI model may also be used as a framework for appraising the process maturity of the organization. Which of the following is an incorrect mapping of the levels that may be assigned to an organization based upon this model? i. Maturity Level 2 – Managed ii. Maturity Level 3 – Defined iii. Maturity Level 4 – Quantitatively Managed iv. Maturity Level 5 – Optimizing A. B. C. D. i i, ii All of them None of them Correct Answer: D Section: (none) Explanation Explanation/Reference: Each answer provides the correct definition of the four levels that can be assigned to an organization during its evaluation against the CMMI model. This model can be used to determine how well the organization’s processes compare to CMMI best practices, and to identify areas where improvement can be made. Maturity Level 1 is Initial. QUESTION 88 An organization’s information risk management policy should address many items to provide clear direction and structure. Which of the following is not a core item that should be covered in this type of policy? http://www.gratisexam.com/ i. The objectives of the IRM team ii. The level of risk the organization will accept and what is considered an acceptable level of risk iii. Formal processes of risk identification iv. The connection between the IRM policy and the organization’s strategic planning processes v. Responsibilities that fall under IRM and the roles to fulfill them vi. The mapping of risk to specific physical controls vii. The approach toward changing staff behaviors and resource allocation in response to risk analysis viii. The mapping of risks to performance targets and budgets ix. Key indicators to monitor the effectiveness of controls A. B. C. D. ii, v, ix vi v vii, ix Correct Answer: B Section: (none) Explanation Explanation/Reference: The information risk management (IRM) policy should map to all of the items listed except specific physical controls. Policies should not specify any type of controls, whether they are administrative, physical, or technical. QUESTION 89 More organizations are outsourcing business functions to allow them to focus on their core business functions. Companies use hosting companies to maintain websites and e-mail servers, service providers for various telecommunication connections, disaster recovery companies for co-location capabilities, cloud computing providers for infrastructure or application services, developers for software creation, and security companies to carry out vulnerability management. Which of the following items should be included during the analysis of an outsourced partner or vendor? i. Conduct onsite inspection and interviews ii. Review contracts to ensure security and protection levels are agreed upon iii. Ensure service level agreements are in place http://www.gratisexam.com/ iv. Review internal and external audit reports and third-party reviews v. Review references and communicate with former and existing customers vi. Review Better Business Bureau reports A. B. C. D. ii, iii, iv iv, v, vi All of them i, ii, iii Correct Answer: C Section: (none) Explanation Explanation/Reference: Each of these items should be considered before committing to an outsource partner or vendor. QUESTION 90 Privacy has become a very important component of information security over the last few years. Organizations should carry out security and privacy impact assessments to evaluate their processes. Which of the following contains an incorrect characteristic or definition of a privacy impact assessment? i. An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy. ii. An analysis of how information is handled to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system. iii. An analysis of how information is handled to examine and evaluate protections and alternative processes for handling information to increase potential privacy risks. A. B. C. D. None of them ii, iii i, ii iii Correct Answer: D Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Privacy impact assessment (PIA) is an analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks. QUESTION 91 A financial institution has developed their internal security program based upon the ISO/IEC 27000 series. The security officer has been told that metrics need to be developed and integrated into this program so that effectiveness can be gauged. Which of the following standards should be followed to provide this type of guidance and functionality? A. B. C. D. ISO/IEC 27002 ISO/IEC 27003 ISO/IEC 27004 ISO/IEC 27005 Correct Answer: C Section: (none) Explanation Explanation/Reference: ISO/IEC 27004:2009, which is used to assess the effectiveness of an ISMS and the controls that make up the security program as outlined in ISO/IEC 27001. ISO/IEC 27004 is the guideline for information security management measurement and metrics framework. QUESTION 92 Which of the following is not a requirement for a database based on the 500 standard? A. B. C. D. The directory has a tree structure to organize the entries using a parentchild configuration. Each entry has the same name made up of attributes of a specific object. The attributes used in the directory are dictated by the defined schema. The unique identifiers are called distinguished names. Correct Answer: B Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: The following are rules for object organization within a database based on the X.500 standard: • The directory has a tree structure to organize the entries using a parent-child configuration. • Each entry has a unique name. • The attributes used in the directory are dictated by the defined schema. • The unique identifiers are called distinguished names. QUESTION 93 Sue has been asked to install a web access management (WAM) product for her company’s environment. What is the best description for what WAMs are commonly used for? A. B. C. D. Control external entities requesting access to internal objects Control internal entities requesting access to external objects Control external entities requesting access through X.500 databases Control internal entities requesting access through X.500 databases Correct Answer: A Section: (none) Explanation Explanation/Reference: A WAM product allows an administrator to configure and control access to internal resources. This type of access control is commonly put in place to control external entities requesting access. The product may work on a single web server or a server farm. QUESTION 94 A user’s digital identity is commonly made up of more than just a user name. Which of the following is not a common item that makes up a user’s identity? A. B. C. D. Entitlements Traits Figures Attributes Correct Answer: C Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: A user’s identity is commonly a collection of her attributes (department, role in company, shift time, clearance, and others), her entitlements (resources available to her, authoritative rights in the company, and so on), and her traits (biometric information, height, sex, and so forth). QUESTION 95 Which of the following is a true statement pertaining to markup languages? A. HyperText Markup Language (HTML) came from Generalized Markup Language (GML), which came from the Standard Generalized Markup Language (SGML). B. HyperText Markup Language (HTML) came from Standard Generalized Markup Language (SGML), which came from the Generalized Markup Language (GML). C. Standard Generalized Markup Language (SGML) came from the HyperText Markup Language (HTML), which came from the Generalized Markup Language (GML). D. Standard Generalized Markup Language (SGML) came from the Generalized Markup Language (GML), which came from the HyperText Markup Language (HTML). Correct Answer: B Section: (none) Explanation Explanation/Reference: HTML came from Standard Generalized Markup Language (SGML), which came from the Generalized Markup Language (GML). A markup language is a way to structure text and how it will be presented. You can control how the text looks and some of the actual functionality the page provides. QUESTION 96 What is Extensible Markup Language (XML) and why was it created? A. B. C. D. A specification that is used to create various types of markup languages for specific industry requirements A specification that is used to create static and dynamic websites A specification that outlines a detailed markup language dictating all formats of all companies that use it A specification that does not allow for interoperability for the sake of security Correct Answer: A Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: Extensible Markup Language (XML) was created as a specification to create various markup languages. From this specification, more specific markup language standards were created to be able to provide individual industries with the functions they required. Individual industries use markup languages to meet different needs, but there is an interoperability issue in that the industries still need to be able to communicate with each other. QUESTION 97 Which access control policy is enforced in an environment that uses containers and implicit permission inheritance using a nondiscretionary model? A. B. C. D. Rule-based Role-based Identity-based Mandatory Correct Answer: B Section: (none) Explanation Explanation/Reference: Roles work as containers for users. The administrator or security professional creates the roles and assigns rights to them and then assigns users to the container. The users then inherit the permissions and rights from the containers (roles), which is how implicit permissions are obtained. QUESTION 98 Which of the following centralized access control protocols would a security professional choose if her network consisted of multiple protocols, including Mobile IP, and had users connecting via wireless and wired transmissions? A. B. C. D. RADIUS TACACS+ Diameter Kerberos Correct Answer: C Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: Diameter is a more diverse centralized access control administration technique than RADIUS and TACACS+ because it supports a wide range of protocols that often accompany wireless technologies. RADIUS supports PPP, SLIP, and traditional network connections. TACACS+ is a RADIUS-like protocol that is Cisco-proprietary. Kerberos is a single sign-on technology, not a centralized access control administration protocol that supports all stated technologies. QUESTION 99 Jay is the security administrator at a credit card processing company. The company has many identity stores, which are not properly synchronized. Jay is going to oversee the process of centralizing and synchronizing the identity data within the company. He has determined that the data in the HR database will be considered the most up-to-date data, which cannot be overwritten by the software in other identity stores during their synchronization processes. Which of the following best describes the role of this database in the identity management structure of the company? A. B. C. D. Authoritative system of record Infrastructure source server Primary identity store Hierarchical database primary Correct Answer: A Section: (none) Explanation Explanation/Reference: An “Authoritative System of Record” (ASOR) is a hierarchical tree-like structure system that tracks subjects and their authorization chains. The authoritative source is the “system of record,” or the location where identity information originates and is maintained. It should have the most up-to-date and reliable identity information. QUESTION 100 Proper access control requires a structured user provisioning process. Which of the following best describes user provisioning? A. The creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. B. The creation, maintenance, activation, and delegation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to compliance processes. C. The maintenance of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. http://www.gratisexam.com/ D. The creation and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. Correct Answer: A Section: (none) Explanation Explanation/Reference: User provisioning refers to the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications in response to business processes. QUESTION 101 A user’s identity can be a collection of her _________ (department, role in company, shift time, clearance); her __________ (resources available to her, authoritative rights in the company); and her ________ (biometric information, height, sex,). A. B. C. D. Attributes, access, traits Attributes, entitlements, access Attributes, characteristics, traits Attributes, entitlements, traits Correct Answer: D Section: (none) Explanation Explanation/Reference: A user’s identity can be a collection of her attributes (department, role in company, shift time, clearance, and others), her entitlements (resources available to her, authoritative rights in the company, and so on), and her traits (biometric information, height, sex, and so forth). QUESTION 102 John needs to ensure that his company’s application can accept provisioning data from their partner’s application in a standardized method. Which of the following best describes the technology that John should implement? A. B. C. D. Service Provisioning Markup Language Extensible Provisioning Markup Language Security Assertion Markup Language Security Provisioning Markup Language http://www.gratisexam.com/ Correct Answer: A Section: (none) Explanation Explanation/Reference: The Service Provisioning Markup Language (SPML) allows for the exchange of provisioning data between applications, which could reside in one organization or many. SPML allows for the automation of user management (account creation, amendments, revocation) and access entitlement configuration related to electronically published services across multiple provisioning systems. This markup language allows for the integration and interoperation of service provisioning requests across various platforms. QUESTION 103 Lynn logs into a website and purchases an airline ticket for her upcoming trip. The website also offers her pricing and package deals for hotel rooms and rental cars while she is completing her purchase. The airline, hotel, and rental companies are all separate and individual companies. Lynn decides to purchase her hotel room through the same website at the same time. The website is using Security Assertion Markup Language to allow for this type of federated identity management functionality. In this example which entity is the principal, which entity is the identity provider, and which entity is the service provider? A. B. C. D. Portal, Lynn, hotel company Lynn, airline company, hotel company Lynn, hotel company, airline company Portal, Lynn, airline company Correct Answer: B Section: (none) Explanation Explanation/Reference: In this scenario, Lynn is considered the principal, the airline company would be considered the identity provider, and the hotel company that receives the user’s authentication information from the airline company web server is considered the service provider. Security Assertion Markup Language (SAML) provides the authentication pieces to federated identity management systems to allow business-to-business (B2B) and business-to-consumer (B2C) transactions. QUESTION 104 John is the new director of software development within his company. Several proprietary applications offer individual services to the employees, but the employees have to log into each and every application independently to gain access to these discrete services. John would like to provide a way that allows each of the http://www.gratisexam.com/ services provided by the various applications to be centrally accessed and controlled. Which of the following best describes the architecture that John should deploy? A. B. C. D. Service-oriented architecture Web services architecture Single sign-on architecture Hierarchical service architecture Correct Answer: A Section: (none) Explanation Explanation/Reference: The use of web services in this manner also allows for organizations to provide service-oriented architecture environments (SOA). SOA is way to provide independent services residing on different systems in different business domains in one consistent manner. This architecture is a set of principles and methodologies for designing and developing software in the form of interoperable services. QUESTION 105 Which security model enforces the principle that the security levels of an object should never change and is known as the “strong tranquility” property? A. B. C. D. Biba Bell-LaPadula Brewer-Nash Noninterference Correct Answer: B Section: (none) Explanation Explanation/Reference: Bell-LaPadula models have rigid security policies that are built to ensure confidentiality. The “strong tranquility” property is an inflexible mechanism that enforces the consistent security classification of an object. QUESTION 106 In the system design phase, system requirement specifications are gathered and a modeling language is used. Which of the following best describes what a modeling language is and what it is used for? http://www.gratisexam.com/ A. A modeling language is commonly mathematical to allow for the verification of the system components. It is used to understand what the components need to accomplish individually and when they work together. B. A modeling language is commonly graphical to allow for threat modeling to be accomplished through the understanding of system components. It is used to understand what the components need to accomplish individually and when they work together. C. A modeling language is commonly graphical to allow for a system architecture to be built. D. A modeling language is commonly graphical to allow for visualization of the system components. It is used to understand what the components need to accomplish individually and when they work together. Correct Answer: D Section: (none) Explanation Explanation/Reference: In the system design phase we gather system requirement specifications and use modeling languages to establish how the system will accomplish design goals, such as required functionality, compatibility, fault tolerance, extensibility, security, usability, and maintainability. The modeling language is commonly graphical so that we can visualize the system from a static structural view and a dynamic behavioral view. We can understand what the components within the system need to accomplish individually and how they work together to accomplish the larger established architectural goals. QUESTION 107 There is a specific terminology taxonomy used in the discipline of formal architecture framework development and implementation. Which of the following terms has an incorrect definition? i. Architecture Fundamental organization of a system embodied in its components, their relationships to each other and to the environment, and the principles guiding its design and evolution. ii. Architectural description (AD) Representation of a whole system from the perspective of a related set of concerns. iii. Stakeholder Individual, team, or organization (or classes thereof) with interests in, or concerns relative to, a system. iv. View Collection of document types to convey an architecture in a formal manner. v. Viewpoint A specification of the conventions for constructing and using a view. A template from which to develop individual views by establishing the purposes and audience for a view and the techniques for its creation and analysis. http://www.gratisexam.com/ A. B. C. D. i, iii ii, iv iv, v ii Correct Answer: B Section: (none) Explanation Explanation/Reference: Formal enterprise architecture frameworks use the following terms: • Architecture Fundamental organization of a system embodied in its components, their relationships to each other and to the environment, and the principles guiding its design and evolution. • Architectural description (AD) Collection of document types to convey an architecture in a formal manner. • Stakeholder Individual, team, or organization (or classes thereof) with interests in, or concerns relative to, a system. • View Representation of a whole system from the perspective of a related set of concerns. • Viewpoint A specification of the conventions for constructing and using a view. A template from which to develop individual views by establishing the purposes and audience for a view and the techniques for its creation and analysis. QUESTION 108 Operating systems may not work on systems with specific processors. Which of the following best describes why one operating system may work on a Pentium Pro processor but not on an AMD processor? A. B. C. D. The operating system was not developed to work within the architecture of a specific processor and cannot use that specific processor instruction set. The operating system was developed before the new processor architecture was released, thus it is not backwards compatible. The operating system is programmed to use a different instruction set. The operating system is platform dependent, thus it can only work on one specific processor family. Correct Answer: A Section: (none) Explanation Explanation/Reference: http://www.gratisexam.com/ Each CPU type has a specific architecture and set of instructions that it can carry out. The operating system must be designed to work within this CPU architecture. This is why one operating system may work on a Pentium Pro processor (CISC) but not on an AMD processor (RISC). QUESTION 109 Which of the following best describes how an address and a data bus are used for instruction execution? A. B. C. D. CPU sends a “fetch” request on the data bus, and the data residing at the requested address are returned on the address bus. CPU sends a “get” request on the address bus, and the data residing at the requested address are returned on the data bus. CPU sends a “fetch” request on the address bus, and the data residing at the requested address are returned on the data bus. CPU sends a “get” request on the data bus, and the data residing at the requested address are returned on the address bus. Correct Answer: C Section: (none) Explanation Explanation/Reference: If the CPU needs to access some data, either from memory or from an I/O device, it sends a “fetch” request on the address bus. The fetch request contains the address of where the needed data are located. The circuitry associated with the memory or I/O device recognizes the address the CPU sent down the address bus and instructs the memory or device to read the requested data and put it on the data bus. So the address bus is used by the CPU to indicate the location of the needed information, and the memory or I/O device responds by sending the information that resides at that memory location through the data bus. QUESTION 110 An operating system has many different constructs to keep all of the different execution components in the necessary synchronization. One construct the operating system maintains is a process table. Which of the following best describes the role of a process table within an operating system? A. B. C. D. The table contains information about each process that the CPU uses during the execution of the individual processes’ instructions. The table contains memory boundary addresses to ensure that processes do not corrupt each other’s data. The table contains condition bits that the CPU uses during state transitions. The table contains I/O and memory addresses. Correct Answer: A Section: (none) Explanation http://www.gratisexam.com/ Explanation/Reference: The operating system keeps a process table, which has one entry per process. The table contains each individual process’s state, stack pointer, memory allocation, program counter, and status of open files in use. The reason the operating system documents all of this status information is that the CPU needs all of it loaded into its registers when it needs to interact with, for example, process 1. The CPU uses this information during the execution activities for specific processes. QUESTION 111 Hanna is a security manager of a company that relies heavily on one specific operating system. The operating system is used in the employee workstations and is embedded within devices that support the automated production line software. She has uncovered that the operating system has a vulnerability that could allow an attacker to force applications to not release memory segments after execution. Which of the following best describes the type of threat this vulnerability introduces? A. B. C. D. Injection attacks Memory corruption Denial of service Software locking Correct Answer: C Section: (none) Explanation Explanation/Reference: Attackers have identified programming errors in operating systems that allow them to “starve” the system of its own memory. This means the attackers exploit a software vulnerability that ensures that processes do not properly release their memory resources. Memory is continually committed and not released, and the system is depleted of this resource until it can no longer function. This is an example of a denial-of-service attack. QUESTION 112 Which of the following architecture frameworks has a focus on command, control, communications, computers, intelligence, surveillance, and reconnaissance systems and processes? A. B. C. D. DoDAF TOGAF CMMI MODAF http://www.gratisexam.com/ Correct Answer: A Section: (none) Explanation Explanation/Reference: The Department of Defense Architecture Framework (DoDAF) has a focus on command, control, communications, computers, intelligence, surveillance, and reconnaissance systems and processes. When the U.S. DoD purchases technology products and weapon systems, enterprise architecture documents must be created based upon DoDAF standards to illustrate how they will properly integrate into the current infrastructures. QUESTION 113 Many operating systems implement address space layout randomization (ASLR). Which of the following best describes this type of technology? A. B. C. D. Randomly arranging memory address values Restricting the types of processes that can execute instructions in privileged mode Running privileged instructions in virtual machines Randomizing return pointer values Correct Answer: A Section: (none) Explanation Explanation/Reference: Address space layout randomization (ASLR) is a control that involves randomly arranging processes’ address space and other memory segments. ASLR makes it more difficult for an attacker to predict target addresses for specific memory attacks. QUESTION 114 A company needs to implement a CCTV system that will monitor a large area of the facility. Which of the following is the correct lens combination for this? A. B. C. D. A wide-angle lens and a small lens opening A wide-angle lens and a large lens opening A wide-angle lens and a large lens opening with a small focal length A wide-angle lens and a large lens opening with a large focal length Correct Answer: A http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: The depth of field refers to the portion of the environment that is in focus when shown on the monitor. The depth of field varies, depending upon the size of the lens opening, the distance of the object being focused on, and the focal length of the lens. The depth of field increases as the size of the lens opening decreases, the subject distance increases, or the focal length of the lens decreases. So if you want to cover a large area and not focus on specific items, it is best to use a wide-angle lens and a small lens opening. QUESTION 115 What is the name of a water sprinkler system that keeps pipes empty and doesn’t release water until a certain temperature is met and a “delay mechanism” is instituted? A. B. C. D. Wet Preaction Delayed Dry Correct Answer: B Section: (none) Explanation Explanation/Reference: A link must melt before the water will pass through the sprinkler heads, which creates the delay in water release. This type of suppression system is best in data-processing environments because it allows time to deactivate the system if there is a false alarm. QUESTION 116 There are different types of fire suppression systems. Which of the following answers best describes the difference between a deluge and a preaction system? A. A deluge system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A preaction system provides similar functionality but has wide open sprinkler heads that allow a lot of water to be dispersed quickly. B. A preaction system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A deluge system has wide open sprinkler heads that allow a lot of water to be dispersed quickly. C. A dry pipe system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A deluge system has wide open sprinkler heads that allow a lot of water to be dispersed quickly. http://www.gratisexam.com/ D. A preaction system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A deluge system provides similar functionality but has wide open sprinkler heads that allow a lot of water to be dispersed quickly. Correct Answer: B Section: (none) Explanation Explanation/Reference: A preaction system has a link that must be burned through before water is released. This is the mechanism that provides the delay in water release. A deluge system has wide open sprinkler heads that allow a lot of water to be released quickly. It does not have a delaying component. QUESTION 117 Which of the following best describes why a Crime Prevention Through Environmental Design (CPTED) would integrate block parties and civic meetings? A. B. C. D. These activities are designed to get people to work together to increase the overall crime and criminal behavior in the area. These activities are designed to get corporations to work together to increase the overall awareness of acceptable and unacceptable activities in the area. These activities are designed to get people to work together to increase the three strategies of this design model. These activities are designed to get people to work together to increase the overall awareness of acceptable and unacceptable activities in the area. Correct Answer: D Section: (none) Explanation Explanation/Reference: CPTED encourages activity support, which is planned activities for the areas to be protected. These activities are designed to get people to work together to increase the overall awareness of acceptable and unacceptable activities in the area. The activities could be neighborhood watch groups, company barbeques, block parties, or civic meetings. This strategy is sometimes the reason for particular placement of basketball courts, soccer fields, or baseball fields in open parks. The increased activity will hopefully keep the bad guys from milling around doing things the community does not welcome. QUESTION 118 Which of the following frameworks is a two-dimensional model that uses six basic communication interrogatives intersecting with different viewpoints to give a holistic understanding of the enterprise? http://www.gratisexam.com/ A. B. C. D. SABSA TOGAF CMMI Zachman Correct Answer: D Section: (none) Explanation Explanation/Reference: The Zachman framework is a two-dimensional model that uses six basic communication interrogatives (What, How, Where, Who, When, and Why) intersecting with different viewpoints (Planner, Owner, Designer, Builder, Implementer, and Worker) to give a holistic understanding of the enterprise. This framework was developed in the 1980s and is based on the principles of classical business architecture that contain rules that govern an ordered set of relationships. QUESTION 119 Not every data transmission incorporates the session layer. Which of the following best describes the functionality of the session layer? A. B. C. D. End-to-end data transmission Application client/server communication mechanism in a distributed environment Application-to-computer physical communication Provides application with the proper syntax for transmission Correct Answer: B Section: (none) Explanation Explanation/Reference: The communication between two pieces of the same software product that reside on different computers needs to be controlled, which is why session layer protocols even exist. Session layer protocols take on the functionality of middleware, which allow software on two different computers to communicate. QUESTION 120 What is the purpose of the Logical Link Control (LLC) layer in the OSI model? http://www.gratisexam.com/ A. B. C. D. Provides a standard interface for the network layer protocol Provides the framing functionality of the data link layer Provides addressing of the packet during encapsulation Provides the functionality of converting bits into electrical signals Correct Answer: A Section: (none) Explanation Explanation/Reference: The data link layer has two sublayers: the Logical Link Control (LLC) and Media Access Control (MAC) layers. The LLC provides a standard interface for whatever network protocol is being used. This provides an abstraction layer so that the network protocol does not need to be programmed to communicate with all of the possible MAC level protocols (Ethernet, Token Ring, WLAN, FDDI, etc.). QUESTION 121 Which of the following best describes why classless interdomain routing (CIDR) was created? A. B. C. D. To allow IPv6 traffic to tunnel through IPv4 networks To allow IPSec to be integrated into IPv4 traffic To allow an address class size to meet an organization’s need To allow IPv6 to tunnel IPSec traffic Correct Answer: C Section: (none) Explanation Explanation/Reference: A Class B address range is usually too large for most companies, and a class C address range is too small, so CIDR provides the flexibility to increase or decrease the class sizes as necessary. CIDR is the method to specify more flexible IP address classes. QUESTION 122 John is a security engineer at a company that develops highly confidential products for various government agencies. While his company has VPNs set up to protect traffic that travels over the Internet and other nontrusted networks, he knows that internal traffic should also be protected. Which of the following is the best type of approach John’s company should take? http://www.gratisexam.com/ A. B. C. D. Implement a data link technology that provides 802.1AE security functionality. Implement a network-level technology that provides 802.1AE security functionality. Implement SSL over L2TP. Implement IPSec over L2TP. Correct Answer: A Section: (none) Explanation Explanation/Reference: 802.1AE is the IEEE MAC Security standard (MACSec), which defines a security infrastructure to provide data confidentiality, data integrity, and data origin authentication. Where a VPN connection provides protection at the higher networking layers, MACSec provides hop-by-hop protection at layer 2. 802.1AE is the IEEE MAC Security standard (also known as MACSec), which defines connectionless data confidentiality and integrity for media access– independent protocols. QUESTION 123 IEEE ________ provides a unique ID for a device. IEEE _________ provides data encryption, integrity, and origin authentication functionality. IEEE ________ carries out key agreement functions for the session keys used for data encryption. Each of these standards provides specific parameters to work within an IEEE ________ framework. A. B. C. D. 802.1AF, 802.1AE, 802.1AR, 802.1X EAP-TLS 802.1AT, 802.1AE, 802.1AM, 802.1X EAP-SSL 802.1AR, 802.1AE, 802.1AF, 802.1X EAP-SSL 802.1AR, 802.1AE, 802.1AF, 802.1X EAP-TLS Correct Answer: D Section: (none) Explanation Explanation/Reference: 802.1AR provides a unique ID for a device. 802.1AE provides data encryption, integrity, and origin authentication functionality. 802.1AF carries out key agreement functions for the session keys used for data encryption. Each of these standards provides specific parameters to work within an 802.1X EAP-TLS framework. QUESTION 124 http://www.gratisexam.com/ Bob has noticed that one of the network switches has been acting strangely over the last week. Bob installed a network protocol analyzer to monitor the traffic going to the specific switch. He has identified UDP traffic coming from an outside source using the destination port 161. Which of the following best describes what is most likely taking place? A. B. C. D. Attacker is modifying the switch SNMP MIB. Attacker is carrying out a selective DoS attack. Attacker is manipulating the ARP cache. Attacker is carrying out an injection attack. Correct Answer: A Section: (none) Explanation Explanation/Reference: If an attacker can uncover the read-write string she could change values held within the MIB, which could reconfigure the device. The usual default read-only community string is “public” and the read-write string is “private.” Many companies do not change these, so anyone who can connect to port 161 can read the status information of a device and potentially reconfigure it. The SNMP ports (161 and 162) should not be open to untrusted networks, like the Internet, and if needed they should be filtered to ensure only authorized individuals can connect to them. QUESTION 125 Larry is a seasoned security professional and knows the potential dangers associated with using an ISP’s DNS server for Internet connectivity. When Larry stays at a hotel or uses his laptop in any type of environment he does not fully trust, he updates values in his HOSTS file. Which of the following best describes why Larry carries out this type of task? A. B. C. D. Reduces the risk of an attacker sending his system a corrupt ARP address which points his system to a malicious website. Ensures his host-based IDS is properly updated. Reduces the risk of an attacker sending his system an incorrect IP address to host mapping that points his system to a malicious website. Ensures his network-based IDS is properly synchronized with his hostbased IDS. Correct Answer: C Section: (none) Explanation Explanation/Reference: The HOSTS file resides on the local computer and can contain static hostname-to-IP mapping information. If you do not want your system to http://www.gratisexam.com/ query a DNS server, you can add the necessary data in the HOSTS file, and your system will first check its contents before reaching out to a DNS server. Some people use these files to reduce the risk of an attacker sending their system a bogus IP address that points them to a malicious website. QUESTION 126 John has uncovered a rogue system on the company network that emulates a switch. The software on this system is being used by an attacker to modify frame tag values. Which of the following best describes the type of attack that has most likely been taking place? A. B. C. D. DHCP snooping VLAN hopping Network traffic shaping Network traffic hopping Correct Answer: B Section: (none) Explanation Explanation/Reference: An attacker can have a system act as though it is a switch. The system understands the tagging values being used in the network and the trunking protocols, and can insert itself between other VLAN devices and gain access to the traffic going back and forth. Attackers can also insert tagging values to manipulate the control of traffic at the data link layer. QUESTION 127 Frank is a new security manager for a large financial institution. He has been told that the organization needs to reduce the total cost of ownership for many components of the network and infrastructure. The organization currently maintains many distributed networks, software packages, and applications. Which of the following best describes the cloud services that are most likely provided by service providers for Frank to choose from? A. Infrastructure as a Service provides an environment similar to an operating system, Platform as a Service provides operating systems and other major processing platforms, and Software as a Service provides specific application-based functionality. B. Infrastructure as a Service provides an environment similar to a data center, Platform as a Service provides operating systems and other major processing platforms, and Software as a Service provides specific application-based functionality. C. Infrastructure as a Service provides an environment similar to a data center, Platform as a Service provides application-based functionality, and Software as a Service provides specific operating system functionality. D. Infrastructure as a Service provides an environment similar to a database, Platform as a Service provides operating systems and other major processing platforms, and Software as a Service provides specific application-based functionality. Correct Answer: B http://www.gratisexam.com/ Section: (none) Explanation Explanation/Reference: The most common cloud service models are: • Infrastructure as a Service (IaaS) Cloud providers offer the infrastructure environment of a traditional data center in an on-demand delivery method. • Platform as a Service (PaaS) Cloud providers deliver a computing platform, which can include an operating system, database, and web server as a holistic execution environment. • Software as a Service (SaaS) Provider gives users access to specific application software (CRM, e-mail, games). QUESTION 128 Terry is told by his boss that he needs to implement a networked-switched infrastructure that allows several systems to be connected to any storage device. What does Terry need to roll out? A. B. C. D. Electronic vaulting Hierarchical storage management Storage area network Remote journaling Correct Answer: C Section: (none) Explanation Explanation/Reference: Storage area network (SAN) is made up of several storage systems that are connected together to form a single backup network. A SAN is a networked infrastructure that allows several systems to be connected to any storage device. This is usually provided by using switches to create a switching fabric. The switching fabric allows for several devices to communicate with backend storage devices and provides redundancy and fault tolerance by not depending upon one specific line or connection. Private channels or storage controllers are implemented so hosts can access the different storage devices transparently. QUESTION 129 On a Tuesday morning, Jami is summoned to the office of the security director where she finds six of her peers from other departments. The security director gives them instructions about an event that will be taking place in two weeks. Each of the individuals will be responsible for removing specific systems from the facility, bringing them to the offsite facility, and implementing them. Each individual will need to test the installed systems and ensure the configurations are correct for http://www.gratisexam.com/ production activities. What event is Jami about to take part in? A. B. C. D. Parallel test Full-interruption test Simulation test Structured walk-through test Correct Answer: A Section: (none) Explanation Explanation/Reference: Parallel tests are similar to simulation tests, except that parallel tests include moving some of the systems to the offsite facility. Simulation tests stop just short of the move. Parallel tests are effective because they ensure that specific systems work at the new location, but the test itself does not interfere with business operations at the main facility. QUESTION 130 While DRP and BCP are directed at the development of “plans,” ______________ is the holistic management process that should cover both of them. It provides a framework for integrating resilience with the capability for effective responses that protects the interests of the organization’s key stakeholders. A. B. C. D. Continuity of operations Business continuity management Risk management Enterprise management architecture Correct Answer: B Section: (none) Explanation Explanation/Reference: While DRP and BCP are directed at the development of “plans,” business continuity management (BCM) is the holistic management process that should cover both of them. BCM provides a framework for integrating resilience with the capability for effective responses that protects the interests of the organization’s key stakeholders. The main objective of BCM is to allow the executive staff to continue to manage business operations under various conditions. BCM is the overarching approach to managing all aspects of BCP and DRP. http://www.gratisexam.com/ QUESTION 131 The “Safe Harbor” privacy framework was created to: A. B. C. D. Ensure that personal information should be collected only for a stated purpose by lawful and fair means and with the knowledge or consent of the subject Provide a streamlined means for U.S. organizations to comply with European privacy laws Require the federal government to release to citizens the procedures for how records are collected, maintained, used, and distributed None of the above Correct Answer: B Section: (none) Explanation Explanation/Reference: The U.S. approach to privacy protection relies on industry-specific legislation, regulation, and self-regulation, whereas the European Union relies on comprehensive privacy regulation. In order to bridge these different privacy approaches, the U.S. Department of Commerce and the European Commission developed a “Safe Harbor” framework. QUESTION 132 The European Union’s Directive on Data Protection forbids the transfer of individually identifiable information to a country outside the EU, unless: A. B. C. D. The receiving country grants individuals adequate privacy protection. The receiving country pays a fee to the EU. There are no exceptions; no information is ever transferred. The receiving country is a member of the Fair Trade Organization. Correct Answer: A Section: (none) Explanation Explanation/Reference: The European Union has restrictions on “transborder data flows” that would allow private data to flow to countries whose laws would not protect that data. The “Safe Harbor” privacy framework was developed between the United States and the EU to provide a streamlined means for U.S. organizations to comply with the European privacy laws. QUESTION 133 http://www.gratisexam.com/ The main goal of the Wassenaar Arrangement is to prevent the buildup of military capabilities that could threaten regional and international security and stability. How does this relate to technology? A. B. C. D. Cryptography is a dual-use tool. Technology is used in weaponry systems. Military actions directly relate to critical infrastructure systems. Critical infrastructure systems can be at risk under this agreement. Correct Answer: A Section: (none) Explanation Explanation/Reference: The Wassenaar Arrangement implements export controls for “Conventional Arms and Dual-Use Goods and Technologies.” The main goal of this arrangement is to prevent the buildup of military capabilities that could threaten regional and international security and stability. So everyone is keeping an eye on each other to make sure no one country’s weapons can take everyone else out. One item the agreement deals with is cryptography, which is seen as a dual-use good. It can be used for military and civilian uses. It is seen to be dangerous to export products with cryptographic functionality to countries that are in the “offensive” column, meaning that they are thought to have friendly ties with terrorist organizations and/or want to take over the world through the use of weapons of mass destruction. QUESTION 134 Which world legal system of law is used in continental European countries, such as France and Spain, and is rule-based law, not precedence based? A. B. C. D. Civil (code) law system Common law system Customary law system Mixed law system Correct Answer: A Section: (none) Explanation Explanation/Reference: The civil (code) law system is used in continental European countries such as France and Spain. It is a different legal system from the common law http://www.gratisexam.com/ system used in the United Kingdom and United States. A civil law system is rule-based law, not precedence based. For the most part, a civil law system is focused on codified law—or written laws. QUESTION 135 Which of the following is not a correct characteristic of the Failure Modes and Effect Analysis (FMEA) method? A. B. C. D. Determining functions and identifying functional failures Assessing the causes of failure and their failure effects through a structured process Structured process carried out by an identified team to address high-level security compromises Identify where something is most likely going to break and either fix the flaws that could cause this issue or implement controls to reduce the impact of the break Correct Answer: C Section: (none) Explanation Explanation/Reference: Failure Modes and Effect Analysis (FMEA) is a method for determining functions, identifying functional failures, and assessing the causes of failure and their failure effects through a structured process. It is commonly used in product development and operational environments. The goal is to identify where something is most likely going to break and either fix the flaws that could cause this issue or implement controls to reduce the impact of the break. QUESTION 136 A risk analysis can be carried out through qualitative or quantitative means. It is important to choose the right approach to meet the organization’s goals. In a quantitative analysis, which of the following items would not be assigned a numeric value? i. Asset value ii. Threat frequency iii. Severity of vulnerability iv. Impact damage v. Safeguard costs vi. Safeguard effectiveness vii. Probability A. All of them B. None of them http://www.gratisexam.com/ C. ii D. vii Correct Answer: B Section: (none) Explanation Explanation/Reference: Each of these items would be assigned a numeric value in a quantitative risk analysis. Each element is quantified and entered into equations to determine total and residual risks. It is more of a scientific or mathematical approach to risk analysis compared to qualitative. QUESTION 137 Uncovering restricted information by using permissible data is referred to as __________. A. B. C. D. Inference Data mining Perturbation Cell suppression Correct Answer: A Section: (none) Explanation Explanation/Reference: Aggregation and inference go hand in hand. For example, a user who uses data from a public database in order to figure out classified information is exercising aggregation (the collection of data) and can then infer the relationship between that data and the data he does not have access to. This is called an inference attack. QUESTION 138 Tim wants to deploy a server-side scripting language on his company’s web server that will allow him to provide common code that will be used throughout the site in a uniform manner. Which of the following best describes this type of technology? A. Sandbox B. Server-side includes C. Cross-site scripting http://www.gratisexam.com/ D. Java applets Correct Answer: B Section: (none) Explanation Explanation/Reference: Server-side includes (SSI) is an interpreted server-side scripting language used mainly on web servers. It allows web developers to reuse content by inserting the same content into multiple web documents. This typically involves use of an include statement in the code and a file (.inc) that is to be included. QUESTION 139 An attacker can modify the client-side JavaScript that provides structured layout and HTML representation. This commonly takes place through form fields within compromised web servers. Which of the following best describes this type of attack? A. B. C. D. Injection attack DOM-based XSS Persistent XSS Session hijacking Correct Answer: B Section: (none) Explanation Explanation/Reference: DOM (Document Object Model)–based XSS vulnerability is also referred to as local cross-site scripting. DOM is the standard structure layout to represent HTML and XML documents in the browser. In such attacks the document components such as form fields and cookies can be referenced through JavaScript. The attacker uses the DOM environment to modify the original client-side JavaScript. This causes the victim’s browser to execute the resulting abusive JavaScript code. QUESTION 140 CobiT and COSO can be used together, but have different goals and focuses. Which of the following is incorrect as it pertains to these two models? i. COSO is a model for corporate governance, and CobiT is a model for IT http://www.gratisexam.com/ governance. ii. COSO deals more at the strategic level, while CobiT focuses more at the operational level. iii. CobiT is a way to meet many of the COSO objectives, but only from the IT perspective. iv. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures. A. B. C. D. None All i, ii ii, iii Correct Answer: A Section: (none) Explanation Explanation/Reference: They are all correct. QUESTION 141 Use the following scenario to answer Questions 141–142. Ron is in charge of updating his company’s business continuity and disaster recovery plans and processes. After a business impact analysis his team has told him that if the company’s e-commerce payment gateway was unable to process payments for 24 hours or more, this could drastically affect the survivability of the company. The analysis indicates that after an outage the payment gateway and payment processing should be restored within 13 hours. Ron’s team needs to integrate solutions that provide redundancy, fault tolerance, and failover capability. In the scenario, what does the 24-hour time period represent and what does the 13-hour time period represent? A. B. C. D. Maximum tolerable downtime, recovery time objective Recovery time objective, maximum tolerable downtime Maximum tolerable downtime, recovery data period Recovery time objective, data recovery period Correct Answer: A Section: (none) http://www.gratisexam.com/ Explanation Explanation/Reference: RTO is an allowable amount of downtime, and the MTD is a time period that represents the inability to recover. The RTO value is smaller than the MTD value, because the MTD value represents the time after which an inability to recover significant operations will mean severe and perhaps irreparable damage to the organization’s reputation or bottom line. The RTO assumes that there is a period of acceptable downtime. This means that a company can be out of production for a certain period of time (RTO) and still get back on its feet. But if the company cannot get production up and running within the MTD window, the company is sinking too fast to properly recover. QUESTION 142 Use the following scenario to answer Questions 141–142. Ron is in charge of updating his company’s business continuity and disaster recovery plans and processes. After a business impact analysis his team has told him that if the company’s e-commerce payment gateway was unable to process payments for 24 hours or more, this could drastically affect the survivability of the company. The analysis indicates that after an outage the payment gateway and payment processing should be restored within 13 hours. Ron’s team needs to integrate solutions that provide redundancy, fault tolerance, and failover capability. Which of the following best describes the type of solution Ron’s team needs to implement? A. B. C. D. RAID and clustering Storage area networks High availability Grid computing and clustering Correct Answer: C Section: (none) Explanation Explanation/Reference: High availability (HA) is a combination of technologies and processes that work together to ensure that critical functions are always up and running at the necessary level. To provide this level of high availability, a company has to have a long list of technologies and processes that provide redundancy, fault tolerance, and failover capabilities. http://www.gratisexam.com/ http://www.gratisexam.com/ http://www.gratisexam.com/
© Copyright 2024 Paperzz