How can we help?

You can also find more resources in our Help Center.

446 terms

dom1

dom1
STUDY
PLAY
Which of the following are denial of service attacks? (Select two.)

Salami

Smurf

Hijacking

Fraggle
Smurf and Fraggle
An attacker sets up 100 drone computers that flood a DNS server with invalid requests. This is an example of which kind of attack?

Replay

Backdoor

Denial of Service

Spamming
C
A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?

Teardrop attack

SYN flood

Ping of death

Land attack
D
Which of the following is a form of denial of service attack that subverts the TCP three-way handshake process by attempting to open numerous sessions on a victim server but intentionally failing to complete the session by not sending the final required packet?

Ping of death

Session hijacking

Teardrop

SYN attack
D
Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Session hijacking

Fingerprinting

Fraggle

Smurf
D
Which of the following is the most effective protection against IP packet spoofing on a private network?

Anti-virus scanners

Host-based IDS

Ingress and egress filters

Digital signatures
C
Which of the following is the most effective protection against IP packet spoofing on a private network?

Anti-virus scanners

Host-based IDS

Ingress and egress filters

Digital signatures
A
When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what?

Land attack

Fraggle attack

Analytic attack

Impersonation
A
A Smurf attack requires all but which of the following elements to be implemented?

Padded cell

Victim computer or network

Amplification or bounce network

Attacker system
A
Which of the following best describes the ping of death?

Sending multiple spoofed ICMP packets to the victim

Partial IP packets with overlapping sequencing numbers

An ICMP packet that is larger than 65,536 bytes

Redirecting echo responses from an ICMP communication
C
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?

Replay attack

Spam

Sniffing

Impersonation
B
Network-based intrusion detection is most suited to detect and prevent which types of attacks?

Bandwidth-based denial of service

Buffer overflow exploitation of software

Brute force password attack

Application implementation flaw
A
As the victim of a Smurf attack, what protection measure is the most effective during the attack?

Blocking all attack vectors with firewall filters

Turning off the connection to the ISP

Communicating with your upstream provider

Updating your anti-virus software
C
What is the primary purpose of penetration testing?

Evaluate newly deployed firewalls

Assess the skill level of new IT security staff

Test the effectiveness of your security perimeter

Infiltrate a competitor's network
C
What is the most important task to perform when implementing vulnerability scanning?

Develop an activity plan

Collect the attack tools

Fingerprint the target systems

Get senior management approval
D
Which of the following uses hacking techniques to proactively discover internal vulnerabilities?

Inbound scanning

Reverse engineering

Intrusion Detection System (IDS)

Penetration testing
D
Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack?

Split Knowledge team

Zero knowledge team

Full knowledge team

Partial knowledge team
B
Which phase or step of a security assessment is a passive activity?

Reconnaissance

Privilege escalation

Enumeration

Vulnerability mapping
A
When a penetration test is to be performed against an environment with senior management approval by a zero knowledge team, who needs to be informed of the impending attack?

Department managers

Senior staff

End users

Security staff
B
NetBus and Back Orifice are remote control tools. They allow you to connect to a remote system over a network and operate it as if you were sitting at its local keyboard. Unfortunately, these two programs are also examples of what type of security concern?

Packet sniffers

Viruses

IPSec filters

Backdoor trojans
D
What are the most common network traffic packets captured and used in a replay attack?

DNS query

File transfer

Authentication

Session termination
C
When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?

Spam

Denial of service

Bandwidth consumption

An unauthorized user gaining access to sensitive resources
D
When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream, what type of attack has occurred?

Replay

Spamming

Masquerading

Hijacking
D
What is the goal of a TCP/IP hijacking attack?

Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access

Destroying data

Preventing legitimate authorized access to a resource

Establishing an encryption tunnel between two remote systems over an otherwise secured network
A
Which of the following is an example of privilege escalation?

Separation of duties

Principle of least privilege

Mandatory vacations

Creeping privileges
D
A relatively new employee in the data entry cubical farm was assigned a user account similar to that of all of the other data entry employees. However, audit logs have shown that this user account has been used to change ACLs on several confidential files and has accessed data in restricted areas. This situation indicates which of the following has occurred?

Privilege escalation

Man-in-the-middle attack

Social engineering

Smurf attack
A
What is the primary difference between impersonation and masquerading?

One is used against administrator accounts, the other against end user accounts

One is easily detected, the other is subtle and stealthy

One is a real-time attack, the other is an asynchronous attack

One is more active, the other is more passive
D
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which security concern?

Passive logging

Distributed denial of service

Spamming

Man-in-the-middle attack
D
Which of the following is the best countermeasure against man-in-the middle attacks?

MIME e-mail

PPP

IPSec

UDP
C
Which of the following is not a countermeasure against dictionary attacks?

Using three or four different keyboard character types (i.e. lowercase, uppercase, numerals, and symbols)

Using short passwords

Avoiding industry acronyms

Avoiding common words
B
Which of the following attacks will typically take the longest amount of time to complete?

Brute force attack

Impersonation attack

Dictionary attack

Replay attack
A
Which of the following is most vulnerable to a brute force attack?

Two-factor authentication

Password authentication

Biometric authentication

Challenge-response token authentication
B
Which type of password attack employs a list of pre-defined passwords that it tries against a logon prompt or a local copy of a security accounts database?

Salami

Dictionary

Asynchronous

Brute force
B
Which of the following are denial of service attacks? (Select two.)

Salami

Fraggle

Smurf

Hijacking
FRAGGLE AND SMURF
Which of the following are denial of service attacks? (Select two.)

Salami

Fraggle

Smurf

Hijacking
A
Which of the following describes a man-in-the-middle attack?

A person over the phone convinces an employee to reveal their logon credentials.

An IP packet is constructed which is larger than the valid size.

A false server intercepts communications from a client by impersonating the intended server.

Malicious code is planted on a system where it waits for a triggering event before activating.
C
A router on the border of your network detects a packet with a source address that is from an internal client but the packet was received on the Internet-facing interface. This is an example of what form of attack?

Spoofing

Snooping

Spamming

Sniffing
A
A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?

Teardrop attack

Land attack

SYN flood

Ping of death
B
Which is a form of attack that either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?

Denial of service attack

Man-in-the-middle attack

Privilege escalation

Brute force attack
A
Which of the following is a form of denial of service attack that subverts the TCP three-way handshake process by attempting to open numerous sessions on a victim server but intentionally failing to complete the session by not sending the final required packet?

Ping of death

Teardrop

SYN attack

Session hijacking
C
Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?

Smurf

Session hijacking

Fraggle

Fingerprinting
A
In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of commonly used usernames and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?

3DES Encryption

AES Encryption

A strong password policy

VLANs
C
What is spoofing?

Sending a victim unwanted and unrequested e-mail messages

Capturing network packets in order to examine the contents of communications

Changing or falsifying information in order to mislead or re-direct traffic

Spying into private information or communications
C
Why are brute force attacks always successful?

They can be performed in a distributed parallel processing environment

They are fast

They are platform independent

They test every possible valid combination
D
Dictionary attacks are often more successful when performed after what reconnaissance action?

Cutting the network cable

Site survey

ARP flooding

Social engineering
D
When an unauthorized intruder wishes to impersonate a legitimate client on your private network, which of the following actions will take place first?

Recording of incident by an IDS

Access violation

Spoofing

Sniffing
D
Which access control model manages rights and permissions based on job descriptions and responsibilities?

Task Based Access Control (TBAC)

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Role Based Access Control (RBAC)
D
What does the Mandatory Access Control (MAC) method use to control access?

Sensitivity labels

Geographic location

Job descriptions

User accounts
A
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?

Age

Identity

Rules

Classification
B
Which of the following is an example of a single sign-on authentication solution?

Kerberos

Biometrics

RADIUS

Digital Certificates
A
Which of the following is not a characteristic of Kerberos?

End-to-end security

Symmetric key cryptography

Data Encryption Standard

Peer-to-peer relationships between entities
D
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?

DAC (Discretionary Access Control)

MAC (Mandatory Access Control)

RBAC (Role-based Access Control)

TBAC (Task-based Access Control)
A
What type of access control focuses on assigning privileges based on security clearance and data sensitivity?

TBAC (Task-based Access Control)

MAC (Mandatory Access Control)

RBAC (Role-based Access Control)

DAC (Discretionary Access Control)
B
What is another term for the type of logon credentials provided by a token device?

Biometric

One-time password

Two-factor authentication

Mutual authentication
B
Which of the following is the strongest form of multi-factor authentication?

A password and a biometric scan

Two-factor authentication

Two passwords

A password, a biometric scan, and a token device
D
What is mutual authentication?

A process by which each party in an online communication verifies the identity of the other party

The use of two or more authentication factors

Deploying CHAP and EAP on remote access connections

Using a CA (certificate authority) to issue certificates
A
Which of the following is not a form of biometric?

Retina scan

Token device

Face recognition

Fingerprint
B
What do biometrics use to perform authentication of identity?

Human characteristics

Ability to perform tasks

Possession of a device

Knowledge of passwords
A
Which of the following is a disadvantage of biometrics? (Choose two.)

They require time synchronization.

They can be circumvented using a brute force attack.

They have a potential for numerous false rejections.

Biometric factors for identical twins will be the same.

When used alone or solely, they are no more secure than a strong password.
C & E
Which form of authentication solution employs a hashed form of the user's password that has an added time stamp as a form of identity?

Certificates

Kerberos

Biometrics

Directory Service
B
What security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?

Hashing

User ACL

Kerberos

Mandatory access control
B
Which security mechanism describes valid pathways across a network that a packet can take and is used to juggle network traffic to provide the most efficient communications based upon current available knowledge of each path's status?

Firewall

Acceptable use policy

Network topology

Router ACL
D
Which of the following is a security mechanism that adds ACLs to individual ports?

TCP wrapper

IDS

Fingerprinting

Ping scanner
A
What is the most important aspect of a biometric device?

Accuracy

Throughput

Size of the reference profile

Enrollment time
A
What is the mandatory access control equivalent to the discretionary access control mechanism known as the principle of least privilege?

Separation of duties

Need to know

Clearance

Ownership
B
Need to know is required to access what types of resources?

High-security resources

Compartmentalized resources

Low-security resources

Resources with unique ownership
B
In what form of access control environment is access controlled by rules rather than by identity?

Most client-server environments

Discretionary access control (DAC)

Access control lists (ACLs)

Mandatory access control (MAC)
D
What form of access control is based on job descriptions?

Mandatory access control (MAC)

Role-based access control (RBAC)

Location-based access control (LBAC)

Discretionary access control (DAC)
B
Passwords submitted during logon can be encrypted using which of the following?

TCP Wrappers

L2TP (Layer Two Tunneling Protocol)

CHAP (Challenge Handshake Authentication Protocol)

Certificates
C
RADIUS (Remote Authentication Dial-In User Service) is primarily used for what purpose?

Managing RAID fault-tolerant drive configurations

Managing access to a network over a VPN

Pre-authenticating remote clients before access to the network is granted

Controlling entry gate access using proximity sensors
C
Which of the following remote access authentication technologies allows for the use of multi-factor authentication?

TACACS+ (Terminal Access Controller Access Control System Plus)

SLIP (Serial Line Interface Protocol)

L2F (Layer 2 Forwarding Protocol)

PPTP (Point to Point Tunneling Protocol)

RADIUS (Remote Authentication and Dial-In User Service )
A
Which of the following is most important to include in a security policy?

Callback must be caller defined

All dial-up connections must use PAP

Only 56K modems should be used

No active modems while connected directly to the LAN
D
The presence of unapproved modems on desktop systems gives rise to the LAN being vulnerable to which of the following?

Masquerading

Social engineering

Packet sniffing

War dialing
D
Which of the following methods can be used to secure modem-based remote access connections? (Select two.)

Callback

War dialing

Caller ID

Reverse PBX
A & C
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?

Certificates

PAP

CHAP

EAP
C
What is the RFC that modern day RADIUS was first based on?

RFC 1087

RFC 2138

RFC 1492

RFC 1918
B
A VPN (Virtual Private Network) is used primarily for what purpose?

Support the distribution of public Web documents

Allow remote systems to save on long distance charges

Allow the use of network-attached printers

Support secured communications over an untrusted network
D
CHAP (Challenge Handshake Authentication Protocol) performs which of the following security functions?

Links remote systems together

Protects usernames

Periodically verifies the identity of a peer using a three-way handshake

Allows the use of biometric devices
C
Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Spoofing

Sniffing

Spamming

Snooping
A
What is modified in the most common form of spoofing on a typical IP packet?

Protocol type field value

Destination address

Hash total

Source address
D
Which of the following is the most effective protection against IP packet spoofing on a private network?

Host-based IDS

Ingress and egress filters

Digital signatures

Anti-virus scanners
B
What is the most widely deployed VPN technology?

TCP/IP (Transmission Control Protocol/Internet Protocol)

IPSec (Internet Protocol Security)

RADIUS (Remote Authentication Dial-in User Service)

PPTP (Point to Point Tunneling Protocol)
B
Which VPN protocol typically employs IPSec as its data encryption mechanism?

L2F (Layer 2 Forwarding Protocol)

L2TP (Layer 2 Tunneling Protocol)

PPTP (Point to Point Tunneling Protocol)

PPP (Point to Point Tunneling Protocol)
B
PPTP (Point to Point Tunneling Protocol) is quickly becoming obsolete because of what VPN protocol?

L2F (Layer 2 Forwarding Protocol)

L2TP (Layer 2 Tunneling Protocol)

TACACS (Terminal Access Controller Access Control System)

SLIP (Serial Line Interface Protocol)
B
Telnet is inherently insecure because its communications is in plain text and easily intercepted. Which of the following is an acceptable alternative to Telnet?

SHTTP (Secure Hypertext Transfer Protocol)

SLIP (Serial Line Interface Protocol)

SSH (Secure Shell)

Remote Desktop
C
IPSec, unlike most security protocols, functions at what layer of the OSI model?

Application (Layer 7)

Session (Layer 5)

Network (Layer 3)

Data Link (Layer 2)
C
Which statement best describes IPSec when used in tunnel mode?

Packets are routed using the original headers, only the payload is encrypted

The identities of the communicating parties are not protected

The entire data packet, including headers, is encapsulated

IPSec in tunnel mode may not be used for WAN traffic
C
S/FTP (Secure FTP) uses which mechanism to provide security for authentication and data transfer?

SSL (Secure Sockets Layer)

Token devices

IPSec (Internet Protocol Security)

Multi-factor authentication
A
Which of the following is likely to be located in a DMZ (demilitarized zone) or a buffer subnet?

Domain controller

User workstations

Backup server

FTP server
D
FTP (File Transfer Protocol) and NNTP (Network News Transport Protocol) can both be secured using which of the following?

ICMP (Internet Control Message Protocol)

SLIP (Serial Line Interface Protocol)

SNMP (Simple Network Management Protocol)

SSL (Secure Sockets Layer)
D
Which of the following is the best device to deploy to protect your private network from a public untrusted network?

Hub

Router

Firewall

Gateway
C
A multi-homed firewall offers what advantage?

Protecting your trusted network even if the DMZ is compromised

Providing adequate bandwidth even when attacked by a Denial of Service attack

Supporting your company's e-commerce traffic

Providing an efficient system to distribute files to external users
A
Routers operate at what level of the Open System Interconnect model?

Layer 2

Network layer

Transport layer

Layer 5
B
Which of the following is a type of coaxial cable?

10Base5

10BaseT

UTP

STP
A
What category (CAT) level of UTP cable is rated to support 100 Mbps of throughput at a maximum distance of 100 meters?

CAT3

CAT4

CAT5

CAT7
C
The twisting of wire pairs within 10BaseT wiring is a countermeasure against?

Eavesdropping

Attenuation

Termination

Crosstalk
D
What is the primary difference between STP and UTP?

Number of wires within the cable

Number of twists per inch

Foil

Throughput capability
C
Which type of cable is most resistant to tapping and eavesdropping?

10Base2

10BaseT

Fiber optic

ThickNet
C
A virtual LAN can be created using which of the following?

Router

Gateway

Switch

Hub
C
A virtual LAN can be created using which of the following?

Router

Gateway

Switch

Hub
C
Which of the following is not one of the ranges of IP addresses defined in RFC 1918 that are commonly used behind a NAT server?

176.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

10.0.0.0 - 10.255.255.255

169.254.0.0 - 169.254.255.255
D
Which of the following is not a benefit of NAT?

Improving the throughput rate of traffic

Hiding the network infrastructure from external entities

Using fewer public IP addresses

Preventing traffic initiations from outside the private network
A
Which of the following drive configurations is fault-tolerant?

RAID 5

Expanded volume set

RAID 0

Disk striping
A
Which of the following is considered a backdoor?

An unattended active workstation

An entry gate with a broken lock

The CON port on the back of a router

A weak password
C
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted Internet?

Extranet

Intranet

Padded Cell

DMZ
D
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?

Intranet

Extranet

Internet

MAN
B
Which of the following protocols is most likely to be used when connecting into an extranet?

HTTP

IPSec

MPPP

NetBIOS
B
Which of the following can be defined as a WAN to support VPNs?

DMZ

Extranet

Internet

Intranet
C
A SYN attack or a SYN flood exploits or alters which element of the TCP three-way handshake?

ACK

FIN or RES

SYN

SYN/ACK
A
Which of the following is not an effective or reasonable safeguard to implement on network clients in order to reduce the risk of virus infection?

Scan e-mail attachments

System isolation

Disable removable drives

User behavior modification
B
Which IEEE standard defines the technologies used in wireless LAN networking?

802.11

802.3

802.8

802.5
A
In an organization that employs WEP (Wired Equivalent Privacy) to control access to WAP (Wireless Access Points), what is a significant vulnerability that must be repeatedly looked for?

Brute force login attacks

Unauthorized access points

Eavesdropping

War driving
B
On wireless networks, which technology is employed to provide the same type of protection that cables provide on a wired network?

WEP (Wired Equivalent Privacy)

SSL (Secure Sockets Layer)

L2TP (Layer 2 Tunneling Protocol)

TACACS (Terminal Access Controller Access Control System)

WPP (Wireless Protection Protocol)
A
WEP (Wired Equivalent Privacy) should be deployed for what purpose?

Prevent denial of service attacks by bandwidth consuming NICs

Restrict use of wireless access points

Extend the effective range of a wireless network

Managing network resource inventory
B
All of the 802.11x standards for wireless networking support which type of communication path sharing technology?

CSMA/CD (Carrier Sense Multiple Access with Collision Detection)

CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance)

Polling

Token passing
B
Which of the following is not an example of wireless networking communications?

2.4GHz radio waves

DSL

Infrared

802.1x
B
What is the primary use of tunneling?

Protecting passwords

Supporting private traffic through a public communication medium

Improving communication throughput

Deploying thin clients on a network
B
Which of the following is not a VPN tunnel protocol?

IPSec

RADIUS

L2TP

PPTP
B
Which of the following is not a VPN tunnel protocol?

IPSec

RADIUS

L2TP

PPTP
A
When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what?

Land attack

Analytic attack

Impersonation

Fraggle attack
A
The primary security feature that can be designed into a network's infrastructure to protect and support availability is?

Switches instead of hubs

Redundancy

Fiber optic cables

Periodic backups
B
What is the IEEE standard for Bluetooth?

802.5

802.11

802.16

802.15
D
From a corporate perspective, which of the following security services is usually the most important?

Redundancy

Confidentiality

Availability

Non-repudiation
C
A Smurf attack requires all but which of the following elements to be implemented?

Attacker system

Amplification or bounce network

Padded cell

Victim computer or network
C
Which of the following best describes the ping of death?

Sending multiple spoofed ICMP packets to the victim

An ICMP packet that is larger than 65,536 bytes

Partial IP packets with overlapping sequencing numbers

Redirecting echo responses from an ICMP communication
B
What is the primary security vulnerability of networking systems using 802.11 technology as opposed to non-802.11 networks?

Denial of service

Eavesdropping

Limited bandwidth

Replay attacks
B
The process of walking around an office building with an 802.11 signal detector is known as what?

War dialing

War driving

Driver signing

Daemon dialing
B
Which of the following could easily result in a denial of service attack if the victimized system had too little free storage capacity?

Impersonation

Sniffing

Replay attack

Spam
D
You've just received an e-mail message that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the /Windows/System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat.
What should your first action based on this message be?

Delete the indicated files if present

Distribute the message to everyone in your address book

Perform a complete system backup

Reboot the system

Verify the information on well-known malicious code threat management Web sites
E
What is the most common type of host-based intrusion detection system (IDS)?

Honey pots or padded cells

Anti-virus software

Firewalls

Penetration or vulnerability testing
B
Which of the following common network monitoring or diagnostic activity can be used as a passive malicious attack?

Sniffing

Logic bombs

Packet capture, edit, and re-transmission

Denial of service
A
Network-based intrusion detection is most suited to detect and prevent which types of attacks?

Bandwidth-based denial of service

Brute force password attack

Buffer overflow exploitation of software

Application implementation flaw
A
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database?

Signature-based

Anomaly analysis-based

Heuristics-based

Stateful inspection-based
A
What is the most common form of host-based IDS that employs signature or pattern matching detection methods?

Motion detectors

Anti-virus software

Firewalls

Honey pots
B
What do host-based intrusion detection systems often rely upon to perform their detection activities?

Remote monitoring tools

Host system auditing capabilities

External sensors

Network traffic
B
A honey pot is used for what purpose?

To entrap intruders

To disable an intruder's system

To prevent sensitive data from being accessed

To delay intruders in order to gather auditing data
D
What actions can a typical passive Intrusion Detection System (IDS) take when it detects an attack? (Select two.)

LAN-side clients are halted and removed from the domain

An alert is generated and delivered via e-mail, the console, or an SNMP trap

The IDS configuration is changed dynamically and the source IP address is banned

The IDS logs all pertinent data about the intrusion
B & D
Which of the following activities are considered passive in regards to the functioning of an intrusion detection system? (Choose two.)

Transmitting FIN or RES packets to an external host

Disconnecting a port being used by a zombie

Monitoring the audit trails on a server

Listening to network traffic
C & D
An active IDS system often performs which of the following actions? (Select two.)

Perform reverse lookups to identify an intruder

Trap and delay the intruder until the authorities arrive

Request a second logon test for users performing abnormal activities

Update filters to block suspect traffic
A & D
Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?

Switch

Padded cell

Firewall

IDS
D
What is the best and only means to provide security for Internet-based e-mail communications?

Strong ACLs on client systems

Message encryption

Auditing e-mail activity

Delivery receipts
B
Which of the following is the least effective protection against zero day malicious code?

User education

Blocking e-mail attachments

Anti-virus software

Using hashing to check file changes
C
What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?

Biometric system

Security alarm

IDS

Firewall
C
As the victim of a Smurf attack, what protection measure is the most effective during the attack?

Blocking all attack vectors with firewall filters

Communicating with your upstream provider

Updating your anti-virus software

Turning off the connection to the ISP
B
Which of the following is not a protection against session hijacking?

DHCP reservations

Anti IP spoofing

Time stamps

Packet sequencing
A
Which of the following is the best protection against security violations?

Fortress mentality

Bottom up decision making

Defense in depth

Monolithic security
C
Which of the following is the best protection against security violations?

Fortress mentality

Bottom up decision making

Defense in depth

Monolithic security
B
Which of the following is not a means to perform secure fax transmissions?

Always send a cover page with CONFIDENTIAL boldly displayed.

Use a fax machine that is capable of cryptographic transmission.

Only send faxes to organizations that do not automatically print received documents in a public location.

Employ an encrypted telephone line.
A
Which of the following is the least secure activity when performing voice communications?

Using a VOIP system

Using your cell phone while in a public place

Using an encrypted PBX

Using a cell phone with a PKI SID card
B
Which of the following fax machine types should be replaced due to security concerns?

Ribbon-based fax machine

Ink jet fax machine

Laser jet fax machine

Fax to PDF e-mail attachment system
A
Which of the following is not a valid security precaution for voice communications?

Classification of data and resources

Asking for proof of a caller's identity

Changing of passwords based upon voice only request

Prevention of communication of sensitive data over the phone
C
Which of the following is a protection against PBX fraud and abuse?

Limiting toll charge calls to business hours

Training personnel regarding secure phone procedures

Placing dial-in modems on non-PBX managed phone lines

Direct Inward System Access (DISA)
D
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?

Phishing

Scanning

CompSec

Auditing
D
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step must be taken to insure that the information is useful in maintaining a secure environment?

The accounting department must compress the logs on a quarterly basis.

All logs should be deleted and refreshed monthly.

All files must be verified with the IDS checksum.

Periodic reviews must be conducted to detect malicious activity or policy violations.
D
Which of the following is a collection of recorded data that may include details about logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?

CPS (certificate practice statement)

Chain of custody

Syslog

Audit trail
D
Why is security assessment important?

It supports the decisions made by senior management.

It supports the tenants of previous security expenditures.

It is a legal requirement.

Untested security is unreliable.
D
When a security assessment is being performed, what type of testing group is going to provide the most unbiased review?

Full-knowledge team

Partial-knowledge team

Zero-knowledge team

Blackhat-knowledge team
C
How often should a security assessment take place?

At least once a month

As often as necessary based on the sensitivity of your resources

No more than once a year

Only once after initial implementation
B
Who is generally in charge of assessing the state of security on a regular basis?

Senior management

Custodian

Auditor

InfoSec officer
C
A recreation of historical events is made possible through?

Penetration testing

Incident reports

Audit trails

Audits
C
Which is performed last (as opposed to earlier in the implementation process of a secure environment)?

Risk management

Security assessment

System implementation

Obtaining senior management approval
B
Which of the following is not provided by e-mail security based on encryption?

Confidentiality

Non-repudiation

Availability

Integrity
C
Which of the following can be an impedance to supporting high availability?

Clustered servers

Redundant high-speed communication links

A primary firewall

Switched networks
C
Which of the following is not a term associated with availability protection?

Adequate performance

Sufficient throughput

Changelessness

Timeliness
C
Which of the following is not a valid concept to associate with integrity?

Ensure your systems record the real information when collecting data

Protect your environment so it maintains the highest source of truth

Control access to resources to prevent unwanted access

Prevent the unauthorized change of data
C
Which of the following is a failure of confidentiality protection?

Unauthorized intruder is unable to delete a file

Authorized user is unable to access the home directory of another user

Authorized user is able to delete a system file

Unauthorized intruder is allowed to open no data files
C
Which of the following is a valid listing of the elements of the CIA triad?

Availability, Confidentiality, Integrity

Confidentiality, Integrity, Authenticity

Integrity, Access Control, Confidentiality

Authorization, Confidentiality, Integrity
A
Which of the following is a direct protection of integrity?

Digital envelope

Symmetric encryption

Asymmetric encryption

Digital signature
D
Who has the responsibility for the development of a security policy?

Senior management

Security administrator

Human resources supervisor

Site manager
A
A
What does the application of the prudent man rule provide?

Security expenditures equating to a specific percentage of company budget

Cutting edge security technology

Best business practices

Deployment of impenetrable security measures
C
What is the first step in developing a security plan?

Selecting countermeasures and safeguards

Deploying security measures

Performing a risk assessment

Getting senior management signoff
C
When designing a security plan, what is the best methodology to adopt in the early design phase?

Top down

Outside in

Bottom up

From mission-critical assets out
D
When developing the totality of security policy documentation, what type of policy document will contain instructions or information on remaining in compliance with regulations and industry standards?

Procedures

Top-level policy

Standards

Guidelines
C
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?

Separation of duties

Principle of least privilege

Dual administrator accounts

Need to know
A
Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept?

Security policy authors may never fraternize with system administration personnel

The sysadmin configures remote access privileges and the CISO reviews and activates each account

Only the CISO can implement new border router rulesets

Every change to the default sysimage requires concurrent processing by multiple domain controllers
B
Who is responsible for identifying the value of resources?

Auditors

Senior management

Custodians

Owners
D
What is the primary purpose of separation of duties?

Prevent conflicts of interest

Inform managers that they are not trusted

Increase the difficulty in performing administration

Grant a greater range of control to senior management
A
Custodians are primarily responsible for?

Ensuring the protection of the CIA of assets

Verifying compliance with security policy

Designing security

Classifying resources
A
Custodians are primarily responsible for?

Ensuring the protection of the CIA of assets

Verifying compliance with security policy

Designing security

Classifying resources
A
Which of the following is not an example of a service level agreement?

Security policy design

Replacement of hardware within 24 hours

Internet connectivity services

Source code escrow
A
Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow to its client?

Mutual aid agreement

Certificate practice statement

Service level agreement

Final audit report
C
What is the primary purpose of source code escrow?

To obtain change rights over software after the vendor goes out of business

To obtain resale rights over software after the vendor goes out of business

To provide a backup copy of software to use for recovery in the event of a disaster

To hold funds in reserve for unpredicted costs before paying the fees of the programmer
A
Which document, that a user must read and sign, eliminates the false assumption of privacy on a secure network?

Business continuity plan

Acceptable use

Security guideline

Security template
B
Which of the following is an example of a standard?

Building code requirements

Detailed step-by-step of how to implement a solution

General instructions on how to install concepts of products

Visionary statement of the goals of company security
A
When a procedure does not exist, what should be used in a fully secure environment in order to accomplish a new task?

Guidelines

Personal knowledge

Best business practice

Open source handbook
A
What is the average number of times that a specific risk is likely to be realized?

Exposure factor

Annualized Rate of Occurrence

Annualized Loss Expectancy

Estimated Maximum Downtime
B
What is the estimated cost percentage to an organization if an important asset is compromised?

Annualized Rate of Occurrence

Exposure factor

Annualized Loss Expectancy

Single Loss Expectancy
B
Which of the following is not a valid form of qualitative risk analysis?

Cost/benefit analysis

Delphi technique

Checklists

Scenarios
A
When can a risk analysis not be only quantitative?

It is cost effective

It consumes too much time

It's a federal regulation

Some assets are intangible
D
What is the primary purpose or point in calculating the ALE (annualized loss expectancy) for every individual asset and every individual risk facing those assets?

Making budgetary plans

Prioritize focus of countermeasure selection

Designing media spin techniques to use in the event of a loss

Estimating insurance coverage needs
B
Which of the following is not a true statement about risk?

Quantitative risk analysis is often performed via software.

Outsourcing can be a valid risk response.

The difference between avoiding risk and accepting risk is a signed decision document.

All risks of an environment can be mitigated.
D
Which of the following is a valid formula for ALE (Annualized Loss Expectancy)?

EF x SLE (Exposure Factor x Single Loss Expectancy)

ARO x AV (Annualized Rate of Occurrence x Asset Value)

ARO x EF x AV (Annualized Rate of Occurrence x Exposure Factor x Asset Value)

EF X SLE x AV (Exposure Factor x Single Loss Expectancy x Asset Value)
C
Which of the following is the worst option for obtaining a value for EF (Exposure Factor) and/or ARO (Annualized Rate of Occurrence)?

Purchase from a risk management organization

Educated guess

Estimate from internal organizational historical records

Obtain from open source risk management groups who perform statistical analysis on public records about compromises
B
What is the weakest point in an organization's security infrastructure?

People

Technology

Physical structure

Procedures
A
Which of the following is not used to oversee and/or improve the security performance of employees?

Exit interviews

Annual supervisor reviews

Mandatory vacations

Awareness
A
Which of the following is not a protection against collusion?

Two-man control

Cross training

Principle of least privilege

Separation of duties
B
What job role has the task of verifying that personnel are performing their work tasks in compliance with security policies?

Owner

Auditor

InfoSec Officer

Custodian
B
In order to verify that an employee has the correct skills for a specific job, what is needed?

Annual awareness courses

Enforcement of the principle of least privilege

Detailed job description

Exhaustive system activity logging
C
What is the primary purpose of change control?

Increase security

Prevent unmanaged change

Keep senior management apprised of the organization's state of security

Create detailed documentation
B
In the event that a change unintentionally diminishes security, an effective change control process will allow which one of the following responses?

Patch implementation

Increased logging

Rollback

Reconstitution
C
Change control should be used to oversee and manage changes over what aspect of an organization?

IT hardware and software

Physical environment

Personnel and policies

Every aspect
D
What is the first step of managing a needed change under a change control process?

Thorough testing

Post-deployment verification and documentation

Implementation

Approval
D
Employees often pursue which form of knowledge obtaining process outside of the organization?

Training

Education

Awareness

Job skill improvement
B
What must be updated each time it is presented to the same employees in order to make it effective?

Awareness

Security policy

Emergency response training

Acceptable use policy
A
What is a form of learning that is designed for groups of employees with similar job roles and which is usually offered by the organization directly?

Awareness

Certification

Training

Education
C
What is the area of security that awareness is designed to address?

Proper performance of assigned job tasks

Creating strong passwords

Implementation of the principle of least privilege

The weakest link in an organization's security, namely people
D
How often should awareness be re-presented to the same employees?

Only after an incident

Once every three years

At least once a month

Once a year at a minimum
D
What is the primary purpose of data classification?

Assigning value

Justification of security expense

Defining needed security protections

Controlling user access
C
Which of the following is the correct order of a standard or basic government classification scheme?

Public, for official use only, confidential, sensitive, private, classified

Unclassified, sensitive, classified, secret, top secret

Top secret, secret, restricted, classified, sensitive, unclassified

Public, for internal use only, proprietary, private
B
In a government or military classification scheme, what is usually the most important factor in making a determination as to what level of classification to assign to a resource?

Level damage due to disclosure

Value loss due to destruction

Capability loss due to inaccessibility

Productivity loss due to alteration
A
Who is responsible for assigning a classification to resource and objects?

InfoSec officer

Custodian

Senior management

Owner
D
Who is responsible for placing objects in the correct security container/domain based upon the object's assigned classification?

Custodian

InfoSec officer

Senior management

Owner
A
Which of the following is not a reason to implement a classification system?

Prevent intrusions and malicious code infection

Justification and support for security solution expense

Regulatory requirements

Display of the importance of security to the organization
A
The security function of auditing the activities of user accounts on a secured system is considered what type of security control?

Recovery

Corrective

Preventative

Detective
C
Audit trails produced by auditing activities are considered what type of security control?

Directive

Detective

Deterrent

Preventative
B
The auditing feature of an operating system serves as what form of control when users are informed that their actions are being monitored?

Detective

Corrective

Preventative

Directive
C
When designing security, what is often the least important in terms of making a business decision about which security measure to implement?

Accuracy

Legal issues

Internal politics

Cost
A
Who is the best person to review a company's security status or condition?

Senior management

InfoSec officer

End users

External auditor
D
After an external auditor has submitted the final audit report back to the organization, who is responsible for implementing the recommendations in that report?

Internal auditors

InfoSec officers

Senior management

End users
C
Who is assigned the task of judging the security of a system or network and granting it an approval to operate?

InfoSec officer

Custodian

Designated Approving Authority

Senior management
C
What is needed to perform certification and/or accreditation?

Automated patch management system

Mandatory access controls

Evaluation criteria

Multi-factor authentication
C
What is the official department of defense accreditation process called?

National Information Assurance Certification and Accreditation Process

Trusted Computer System Evaluation Criteria

Defense Information Technology Security Certification and Accreditation Process

Common Criteria
C
What is the primary difference between provisional and full accreditation?

One is conditional on the nature of the mission or goals of the organization, one is independent of any such factors.

One is temporary and requires specific changes, the other is permanent and does not require additional changes.

One is based on low-end systems, the other is based on high-end systems.

One is focused on individual systems comprising an environment, while the other provides a site accreditation for all systems in a specific geographic location.
B
Once a DITSCAP accreditation is completed and an approval to operate is issued, what mandatory element must be maintained?

Job rotation and cross training

Role-based access controls

Change control management

Replacing hardware before reaching its MTTR
C
If a security vulnerability is discovered while a system is being processed through accreditation, what action is mandated?

Reconstitute the system, then restart the accreditation process from the current point

Restart the accreditation process from the beginning after correcting the discovered issue

Restart the accreditation process from the current point after correcting the discovered issue

Reconstitute the system, then restart the accreditation process from the beginning
B
A process performed in a controlled environment by a third-party which verifies that an IS meets a specific set of security standards before being granted the approval to operate is known as?

Perturbation

External auditing

Penetration testing

Accreditation
D
HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what?

Integrity

Availability

Privacy

Non-repudiation
C
When do typical employees have real privacy?

When performing personal tasks on a work computer

When performing work tasks on a work computer

When performing work tasks on a personal computer

When performing personal tasks on a personal computer
D
What informational element is always protected under privacy restrictions?

Web surfing

Hard drive contents

Personal e-mail

Medical data
D
Usually when privacy is discussed, especially when privacy has been violated, what security issue is involved?

Revealing of incriminating evidence

Prevention of unauthorized knowledge of activities

Protection of embarrassing information

Hiding of unauthorized actions
B
When a claim is made that privacy has been violated, what security feature has usually been violated as well?

Availability

Integrity

Confidentiality

Authenticity
C
If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?

Liability

Asset loss

Negligence

Investigation
C
Which of the following best describes the concept of due care or due diligence?

Reasonable precautions, based on industry best practices, are utilized and documented.

Security through obscurity is best accomplished by port stealthing.

Availability supersedes security unless physical harm is likely.

Legal disclaimers are consistently and conspicuously displayed on all systems.
A
Where are the goals and mission of an organization defined?

Business continuity policy

Certificate practice statement

Statement of roles and responsibilities

Strategic security policy
D
Which of the following methodologies most closely reflects the goals and missions of a commercial organization while maintaining a secure operating environment?

Top-down approach

Incident reports that assign blame

Rigid data classification system

Negligence avoidance
A
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?

Buffer overflow

Data diddling

Smurf

Time of check/time of use (TOC/TOU)
A
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?

Privilege escalation

Buffer overflow

Session hijacking

Backdoor
B
What is the common name for a program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found?

Virus

Java applet

Windows Messenger

Trojan horse
A
What is the most common means of virus distribution?

Floppy disks

E-mail

Commercial software CDs

Downloading music files from the Internet
B
What is a program that appears to be a legitimate application, utility, game, or screensaver and that performs malicious activities surreptitiously?

Outlook Express

Worm

Trojan horse

ActiveX control
C
Which of the following describes a logic bomb?

A program that appears to be a legitimate application, utility, game, or screensaver which performs malicious activities surreptitiously

A program that has no useful purpose, but attempts to spread itself to other systems and often damages resources on the systems where it is found

A program that performs a malicious activity at a specific time or after a triggering event

A type of malicious code, similar to a virus, whose primary purpose is to duplicate itself and spread, while not necessarily intentionally damaging or destroying resources
C
What is the primary distinguishing characteristic between a worm and a logic bomb?

Spread via e-mail

Self-replication

Masquerades as a useful program

Incidental damage to resources
B
What is the best means to prevent a worm from infecting a system or spreading from your system to others?

System isolation

Anti-virus software

Pre-scanning all removable media

User behavior modification
A
Which of the following is not a primary characteristic of a worm?

It is able to self-replicate

It seeks out other systems to infect

It does not require a host file

It infects the MBR of a hard drive
D
What is the most common attack waged against Web servers?

Birthday

Brute force

Data diddling

Buffer overflow
D
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?

Buffer overflow

Dictionary

Superzapping

Denial of service
A
What vulnerability can allow for arbitrary code execution?

Allowing the source and destination address in a packet header to be the same

Lacking a stateful inspection firewall

Using short key lengths

Not performing input limit checks
D
What is another name for a logic bomb?

Pseudo flaw

Trojan horse

DNS poisoning

Asynchronous attack
D
What types of environments are often more vulnerable and susceptible to Trojan horse attacks?

Distributed environments

Mandatory environments

Centralized environments

Discretionary environments
D
Which of the following is typically not considered active content?

Java applets

ActiveX controls

JavaScript code

Perl scripts
D
Which of the following statements about ActiveX is true?

ActiveX is programming language dependant.

ActiveX is platform independent.

ActiveX controls are saved to the hard drive.

ActiveX operates within a security sandbox.
C
Which security context is used when an ActiveX control is downloaded from a Web site to a client system?

The system level security context

A restricted security context limited to the Web browser

The security contexts of the current user account

The original security context of the Web server process
C
Use of which of the following is a possible violation of privacy?

FTP

Java

VPNs

Cookies
D
Which of the following is not true regarding cookies?

They can aid a hacker in spoofing a user's identity

They can retain connection and session information

They operate within a security sandbox

They can collect user information
C
Which of the following can you be sure of when allowing a signed applet to execute on your system?

The applet will not cause a system crash

The applet was written efficiently

The applet is from its reputed source

The applet was developed using quality development processes
C
By what means do ActiveX controls indicate where they originated from?

Execution pathname

Source code

Digital signature

URL
C
What is the Web application mechanism that allows server-side scripts, such as Perl, to be used to accept user input, process that input, and return results to users via Web browsers?

Cookies

TLS (Transport Layer Security)

HTTPS (Hypertext Transfer Protocol over Secure Socket Layer)

CGI (Common Gateway Interface)
D
What is the most common programming language used to write CGI (Common Gateway Interface) scripts?

Java

ActiveX

JavaScript

Perl
D
Which of the following is a text file provided by a Web site to a client that is stored on a user's hard drive in order to track and record information about the user?

Cookie

Certificate

Digital signature

Mobile code
A
Which of the following is a common interface API to allow components written in different programming languages to interact as well as provides seamless interoperability between products from different vendors?

DCOM

COM

ORB

CORBA
D
Which of the following is the least effective protection against malicious mobile code?

Limiting the features of applet execution

Allowing only approved site applets

User education and awareness

Blocking non-signed applets
C
A data warehouse contains?

Normalized database copies

Offline database backups

Database meta data

Live database systems
A
What is the threat called when a user can learn information from a higher level of security than that which they are cleared to access based solely on extrapolation from a single database entry?

Contamination

Inferencing

Salami attack

Aggregation
B
One of the most significant database threats, even to modern DBMS solutions, is?

Dead lock

Integrity violations

Concurrency

Relational formula errors
B
What does perturbation protect against?

Aggregation

Authenticity attacks

Denial of service

Semantic integrity loss
A
What feature of database systems allows for two objects of the same type to be created, but with each being at a different sensitivity level in order to combat inferencing?

Polyinstantiation

Perturbation

Attribute domain validation

Tuple sorting
A
Which form of artificial intelligence system design employs the processing of degrees of uncertainty through the use of fuzzy logic?

Expert system

Directory service

Neural network

Intrusion detection system
A
If an expert system is used to determine if a given hypothesis is valid, such as when there are few inputs and many outputs, what process is used?

Experiential learning

Forward chaining

Deductive reasoning

Backward chaining
D
Which of the following is not an appropriate application of a neural network?

Weather prediction

Voice and face recognition

Exploration of models of consciousness and thinking

Route scheduling
D
Which is not a true statement in regards to a decision support system?

A decision support system assists with making business decisions.

A decision support system often presents information graphically.

A decision support system is based upon a neural network.

A decision support system is an operational application.
C
Which of the following statements is true in regards to highly secure and efficient object-oriented programming?

Objects which have high cohesion perform tasks alone and have low coupling

Objects which have high cohesion require lots of assistance from other objects to perform tasks and have high coupling

Objects which have low cohesion require lots of assistance from other objects to perform tasks and have high coupling

Objects which have low cohesion perform tasks alone and have low coupling
A
In which phase of the system life cycle is security integrated into the product?

Software Development

Installation

Project Initiation

Maintenance
C
In which phase of the system life cycle is software testing performed?

Functional Design Analysis and Planning

System Design Specifications

Installation

Software Development
D
In which phase of the system life cycle is accreditation performed?

System Design Specifications

Maintenance

Software Development

Installation
B
Which of the following is not an option to perform on software after the end of its Maintenance phase from the software life cycle?

Retire

Replace

Release

Revise
C
What is the primary purpose of imposing software life cycle management concepts?

Reduce product returns

Increase interoperability

Increase the quality of software

Decrease development overhead
C
What is the source of common laws?

Administrative agencies

Judicial branch of the government

Legislative branch of government

Grassroots efforts of the community
B
Which types of laws are based on precedent?

Statutory law

Common law

Civil law

Islamic law
B
When a civil law court finds a defendant guilty, what form of punishment cannot be assigned?

Imprisonment

Statutory

Punitive

Compensatory
A
Under regulatory law, who can be punished?

Both the officers and the stockholders

Only the officers

Both the organization and the officers

Only the organization
C
When the issue of "tort reform" is discussed, what form of law is being focused on for improvement or change?

Islamic

Administrative

Civil

Criminal
C
Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?

File directory listing

Serial number notation

Photographs

Hashing
D
What is the most important element related to evidence in addition to the evidence itself?

Photographs of the crime scene

Completeness

Chain of custody document

Witness testimony
C
Why it is important to inspect the slack space of a hard drive?

It contains a copy of every file ever stored on the drive

It could contain hidden or deleted data

It contains the master file directory

It is where all criminals hide their secret plans
B
When duplicating a drive for forensic investigative purposes, which of the following copying methods is most appropriate?

Drive mirroring

Bit-level cloning

Active sector cloning

File-by-file copying
B
Which of the following should not be performed when collecting evidence of a computer crime?

Photograph the images on monitors

Gracefully power down computers

Collect all printouts

Collect all removable media
B
A code of ethics provides for all but which of the following?

Establishes a baseline for managing complex situations

Clearly defines courses of action to take when a complex issue is encountered

Improves the professionalism of your organization as well as your profession

Serves as a reference for the creation of acceptable use policies
B
Your company is facing a deadline for a major project. You need one specific software application in order to complete the work, but if you order it through typical commercial options it will arrive one week late. You discover the application is available for download through a pirated software FTP site. If the deadline is missed, your company will loose 50% of the contract fee and you may loose your job. What should you do?

Demand an extension by lying about a personal family illness or death in order to buy time to obtain the legitimate commercial software

Download the pirated version of the software now, but go ahead and purchase the commercial version

Download the pirated version of the software now, since you will only need the software for this specific project

Purchase the commercial version and ask for an extension by explaining the situation
D
What document encourages IT professions to "provide diligent and competent service to principals"?

ISC2 Code of Ethics

Ten Commandments of Computer Ethics

Generally Accepted Systems Security Principles (GASSP)

Ethics and the Internet (RFC 1087)
A
Which of the following is not a part of the ISC2 Code of Ethics?

All CISSP candidates should protect society, the commonwealth, and the infrastructure

All CISSP candidates should adhere to the highest ethical standards of behavior

All CISSP candidates are required by law to uphold the ISC2 Code of Ethics

A condition of CISSP certification is adherence to the ISC2 Code of Ethics
C
A CISSP candidate who violates the ISC2 Code of Ethics is subject to?

Revocation of certification

Arrest and 1 year imprisonment

120 hours of community service

Statutory financial penalties
A
The chain of custody is used for what purposes?

Identifying the owner of evidence

Listing people coming into contact with evidence

Retaining evidence integrity

Detailing the timeline between creation and discovery of evidence
B
Which of the following should be performed in regards to evidence?

Store media in static proof bags

Store media in plastic bags

Write identification file tags to media

Defragment evidence media
A
Which of the following is an important aspect of evidence gathering?

Purging transaction logs

Restoring damaged data from backup media

Backing up all log files and audit trails

Monitoring user access to compromised systems
C
Although this type of evidence is generally inadmissible in court, it is allowed when the evidence is an audit report that is produced as a regular business activity. What type of evidence is this?

Best

Hearsay

Direct

Secondary
B
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?

Chain of custody

FIPS-140

Rules of evidence

CPS (certificate practice statement)
A
When conducting a forensic investigation, which of the following initial actions is appropriate for preserving evidence?

Turn off the system

Remove the hard drive

Stop all running processes

Document what's on the screen
D
The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence?

Copying the contents of memory to removable media

Rebooting the system

Restricting physical access to the system

Disconnecting the system from the network
B
When law enforcement is involved in a computer crime investigation, the victim organization's security officials have?

Increased constraints

Do not require search warrants

Complete control over the investigation

Greater ability to collect evidence
A
What standard discriminator is used to determine whether a subject may be the perpetrator of a crime?

Finding witnesses

Computer generated records

Circumstantial evidence

Establish the motive, opportunity, and means of the suspect
D
Data that is evidence of a computer crime may exist on the same system as corporate data. What is this condition known as?

Collusion

Polymorphism

Disclosure

Co-mingling
D
Which of the following is not a true statement about computer crime evidence?

It may require an expert to collect and protect

It never requires a search warrant

It is often easily destroyed or lost

It is often intangible
B
Which of the following is not a requirement to obtain a search warrant?

Probable cause that evidence exists at a specific location

Written permission of the accused to search their premises

Expectation that evidence of a crime exists

Probable cause that a crime has been committed
B
Over the last month you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment?

Improve and hold new awareness sessions

Reduce all employee permissions and privileges

Initiate stronger auditing

Terminate all offenders
A
Which of the following is not a means to reduce or stop piggybacking?

Have door-closed sensors with time-out alarms on secured doors

Locked screen savers launch in 5 minutes

Use a scale in mantraps

Perform covert channel analysis
D
What is the primary countermeasure to social engineering?

Heavy management oversight

Traffic filters

Awareness

A written security policy
C
What is another term to describe the attacks of impersonation or spoofing?

Session hijacking

Inferencing

Social engineering

Denial of service
C
In which of the following malicious activities or attacks is data disclosed unintentionally by internal personnel?

Fraud

Espionage

Embezzlement

Social engineering
D
Which of the following are examples of social engineering? (Select two.)

War dialing

Dumpster diving

Shoulder surfing

Port scanning
B & C
How can an organization help prevent social engineering attacks? (Select two.)

Educate employees on the risks and countermeasures

Implement IPSec on all critical systems

Utilize 3DES encryption for all user sessions

Publish and enforce clearly-written security policies
A & D
Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Create a strong password policy

Secure all terminals with screensaver passwords

Mandate the use of Integrated Windows Authentication

Establish and enforce a document destruction policy
D
Which of the following items is not considered an improvement to the security of a system?

Requiring multi-factor authentication

The presence of a removable hard drive

Use of encrypted communication protocols

Enforcing strong password policies
B
In a high security environment, what is the most important concern when a removable media is no longer needed?

Purging

Re-use

Destruction

Labeling
C
Flashcards and memory drives pose a security threat due to all but which of the following?

Ease of use

Physical size

Removable functionality

Storage capacity
D
At the end of the useful lifetime of a storage media which was used in a top secret mandatory access control environment, which of the following is not appropriate?

Physical crushing

Sanitization

Incineration

Acid dipping
B
Which of the following is not a form of social engineering?

Impersonating a user by logging on with stolen credentials

Impersonating a utility repair technician

A virus hoax e-mail message

Impersonating a manager over the phone
A
When a removable media device is brought into the office from any outside location, what is the first step in using that media on the secured company LAN?

Format the media before use

Directly connect it to a server, rather than a client

Get written permission from your supervisor

Process it on the sheep dip system
D
Backups and software originals should be stored in a media cabinet to prevent or protect against all but which of the following?

Availability

Damage

Theft

Corruption
A
Which of the following is the best complimentary product to a firewall?

IDS (Intrusion Detection System)

RAS (Remote Access Server)

PBX (Private Branch eXchange)

Switch
A
Which of the following is the biggest disadvantage to using a traditional signature-based Intrusion Detection System (IDS)?

Anomaly detection requires significant hardware resources

Excessive protocol analysis of inbound IMAP traffic

File integrity checks do not track changes in server configuration

False positives generated by poorly written signatures
D
What is an incident response policy designed to address?

Users who fail to adhere to an organization's acceptable use policy

The prevention of external intruders

Minor disasters that affect mission critical business operations

Security policy violations
D
If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?

Record audit trails about the intruder

Delay the intruder

Disconnect the intruder

Monitor the intruder's actions
C
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?

Restore and repair any damage

Back up all logs and audits regarding the incident

Update the security policy

Deploy new countermeasures
B
In violation analysis, at what point are errors recorded into a log file?

At specific periodic time intervals

When exceeding 20%

When above the clipping level

When below the defined threshold
C
When an incident is suspected, what is the best action to take as an end user?

Attempt to pinpoint the source of the session

Disconnect the affected system from the network

Turn on additional auditing features

Report the event
D
What is the best definition of a security incident?

Compromise of the CIA of resources

Violation of security policy

Interruption of productivity

Criminal activity
B
Who should not be informed when a significant security breach has occurred?

Recovery team

End users

Law enforcement

Senior management
B
Which of the following is not an important aspect of password management?

Prevent use of personal information in a password

Training users to create complex passwords that are easy to remember

Always store passwords in a secure medium

Enable account lockout
D
What is a service level agreement (SLA)?

A contract with an ISP for a specific level of bandwidth

A guarantee of a specific level of service

A contract with a legal entity to limit your asset loss liability

An agreement to support another company in the event of a disaster
B
If your organization relies on high-end customized software developed by an external company, what security precaution should be implemented to protect yourself against the software developer going out of business?

Code escrow

Biometric access control

Outsourcing

Service level agreement
A
When informing an employee that they are being terminated, what is the most important activity?

Disabling their network access

Allowing them to collect their personal items

Allowing them to complete their current work projects

Giving them two week's notice
A
When hiring new personnel, what must come first?

Resume review

Background check

Job description

Budgetary review
C
A Service Level Agreement (SLA) defines the relationship between, and the contractual responsibilities of, providers and recipients of services. Which of the following characteristics are most important when designing an SLA? (Select two.)

Industry standard templates are used, without deviation, for all SLAs to ensure corporate compliance

Employee vetting procedures are never applied to contract labor

Detailed provider responsibilities for all continuity and disaster recovery mechanisms

Clear and detailed descriptions of penalties if the level of service is not provided
C & D
The best way to initiate solid administrative control over an organization's employees is to have what element in place?

Mandatory vacations in one-week increments

Distinct job descriptions

An acceptable use policy

Rotation of duties
B
If an employee repeatedly performs risky behavior even after attending several security awareness sessions and having received several job action warnings, what is the next best step to take in order to maintain or improve the security of the organization?

Job rotation

Reduce permissions

Exit interview

Mandatory vacation
B
What is the primary means by which supervisors can determine whether or not employees are complying with the organization's security policy?

Keystroke logging

Awareness sessions

Auditing

Job action warnings
C
What is a security baseline?

A set of configuration settings that must be imposed on a system

A standard with which all systems in an organization must comply

The results of a penetration test

The list of vulnerabilities found in a system
B
When should security-related patches and upgrades be applied to a system?

As quickly as possible after testing

Only after other organizations have reported success or failure with the patch

Only during quarterly-scheduled maintenance periods

Only after experiencing the problem they address
A
What is the security concept that states that users should only have the access necessary to perform their work tasks and no more?

Principle of least privilege

Separation of duties

Need to know

Two-man control
A
When first deploying a new system in a secure environment, which of the following is the best baseline to start from?

Pre-configured access controls based on a vendor-supplied template

Default no access to everyone

Default full access to everyone

Inherited access controls from a master system
B
When securing a workstation for use on a secured network, which of the following system hardening activities should be performed first?

Install OS-specific patches and updates

Configure auditing

Apply security templates

Install application patches and updates
A
How often should anti-virus scanning software be updated?

Daily

Weekly

Monthly

Quarterly
A
By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with?

Job rotation

Principle of least privilege

Need to know

Cross training
B
What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year?

To test their knowledge of security

To cut costs on travel

To prevent the build up of significant vacation time

To perform job reviews in their absence
D
Which of the following is not an element of an exit interview?

Disable all network access

Closed-door meeting

Return company property

Dissolution of the NDA
D
Who has the responsibility to return the organization back to normal operations after a disaster has occurred?

Salvage team

Recovery team

Security officers

Senior management
A
When returning to the rebuilt primary site, the salvage team will restore or return what processes first?

External communication

Mission-critical

Least business-critical

Financial services
C
When does the salvage team start their work?

Immediately after the disaster occurs

Within 48 hours after the disaster

Only when it is deemed safe to return to the primary site

Only after the recovery team's tasks are complete
C
The most important pre-disaster preparation step that makes or breaks the recovery efforts of both the recovery team and the salvage team is?

Maintaining electronic copies of the recovery plan

Establishing a hot site

Training personnel in CPR

Reliable offsite backups
D
What other security design activity is similar to business impact analysis (BIA)?

Violation analysis

Risk analysis

Intrusion detection

Availability protection implementation
B
What forms of analysis are used in a true business impact analysis?

Qualitative

Quantitative

Both quantitative and qualitative

Neither quantitative or qualitative
C
The business impact analysis phase of business continuity development should address all but which of the following activities?

Estimate the potential financial loss due to a disruption

Recommend recovery measures or responses

Identify all of the business units within the organization

Define critical support areas and dependencies
B
What aspect of business continuity planning addresses or calculates the potential losses to the organization due to a disruption of production?

Business impact analysis

Recovery plan maintenance

Data processing continuity planning

Scope and plan initiation
A
Which form of alternate site is the cheapest, but may not allow an organization to recover before reaching their maximum tolerable downtime?

Warm site

Hot site

Reciprocal agreement

Service bureau
C
If your mission critical services have a maximum tolerable downtime (MTD) (or a recovery time objective (RTO)) of 36 hours, what would be the optimum form of recovery site you should choose?

Cold

Warm

Mobile

Hot
B
Which of the following is a recovery site that may have electricity connected, but there are no servers installed and no high-speed data lines present?

Reciprocal agreement

Hot site

Warm site

Cold site
D
When a business continuity plan is triggered, what is one of the most commonly used recovery techniques?

Redesign topology and physical layout

Change WAN connection service providers

Restore files from backup

Reconfigure DNS
C
Who is responsible for initiating the business continuity plan or disaster recovery plan in the event of an emergency?

Salvage team

Recovery team

Security officers

Senior management
D
Who is responsible for performing the steps of the business continuity plan or disaster recovery plan in the event of an emergency?

Security officers

Salvage team

Recovery team

Senior management
C
What is the primary goal of business continuity planning?

Maintaining business operations with reduced or restricted infrastructure capabilities or resources

Minimizing the risk to the organization from delays and interruptions in providing services

Protecting an organization from major computer services failure

Minimize decision making during the development process
A
What is not a goal of disaster recovery planning?

Minimizing decision making during an emergency

Protecting an organization from major computer services failure

Minimizing the risk to the organization from delays and interruptions in providing services

Maintaining business operations with reduced or restricted infrastructure capabilities or resources
D
When recovery is being performed due to a disaster, what services are to be stabilized first?

Outside communications

Mission-critical

Least business-critical

Financial support
B
In order to maintain business continuity, which of the following activities is most important?

Physical barrier access logging

Vulnerability assessments

Service level agreements

Backups
D
When is a BCP or DRP design and development actually completed?

Once senior management approves

Only after implementation and distribution

Only after testing and drilling

Never
D
How many business continuity plans should exist for a large organization?

Separate plans for each geographic location

As many separate plans as needed

Separate plans for each logical department regardless of physical characteristics

One fully-integrated plan
D
Which statement is not true in regards to business continuity plan development?

The BCP defines and prescribes responsibilities, roles, awareness, drills, and prevention techniques

The BCP obtains decisions, responses, and instructions from senior management

The BCP is a procedural document (a type of security policy) that defines how to respond, perform, and act in the event of an emergency

The business impact assessment output is the actual BCP document
D
The backup solution imposed on this network is designed to provide protection for what security service?

Non-repudiation

Availability

Confidentiality

Integrity
B
What is the last phase of BCP/DRP design and development just before distribution and implementation?

Senior management approval

Downtime estimation

Drilling

Awareness
A
As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?

Collect and destroy all old plan copies

Obtain senior management approval

Redefine all roles and responsibilities

Perform new awareness sessions
A
Which of the following disaster recovery plan testing types could be performed at the same time as any of the others listed?

Full interruption

Simulation

Parallel

Structured walk-through
D
What is the absolute best way to verify that a disaster recovery plan is sufficient and has no significant deficiencies?

Full interruption test

Perform both quantitative- and qualitative-based business impact analysis

Use an external auditor

Obtain senior management approval
A
A disaster recovery plan should include all but which of the following?

Risk assessment

Criticality prioritization

Penetration testing

Documented resource dependencies
C
In business continuity planning, what is the primary focus of the scope?

Company assets

Human life and safety

Business processes

Recovery time objective
C
Once the scope of business continuity planning is defined, what is the next step?

Outline response options

Estimating downtime

Criticality prioritization

Identification of resource dependencies
C
What must be completed in order to move on from BCP scope definition to the prioritization of critical processes?

Outline response options

Estimate downtime

Assign recovery team roles to personnel

Senior management approval
D
What is the greatest threat to the confidentiality of data in most secure organizations?

Operator error

Portable devices

Malware

Hacker intrusion
B
When should a hardware device be replaced in order to minimize downtime?

Just before it's MTBF is reached

When its performance drops below 75% efficiency

Once every year

Only after its first failure
A
When a removable media is to be re-used in the same security environment, what action should be taken?

Sanitation

Purging

Destruction

Cleaning
D
Which of the following is the least reliable means to clean or purge media?

Degaussing

OS low-level formatting

Drive controller hardware level formatting

Overwriting every sector with alternating 1's and 0's
A
Which form of scavenging attacks can recover data from purged media?

Laboratory level

Dumpster diving

Keyboard level

Brute force scanning
A
What is the primary purpose of a library-based inventory control for removable media in a secured facility?

Keep media costs to a minimum

Thwart data confidentiality breaches

Prevent theft of media for personal use

Protect against users installing software
B
Which of the following is not a valid security practice for visitors to a secured facility?

Verify approval from senior management of the visitor's appointment

Notify security personnel of the visitor's presence and purpose

Allowed to roam the environment alone

Sign in with valid picture ID
C
When is an escort required?

When a visitor tours the computer room

When a stranger enters the visiting area

When a high-clearance level technician enters into the low-clearance level work area

When a temporary employee visits the HR department
A
Which of the following can be used to stop piggybacking that has been occurring at a front entrance where employees should swipe their smart cards to gain entry?

Use key locks rather than electronic locks

Deploy a mantrap

Use weight scales

Install security cameras
B
What can be used to actively prevent piggybacking in a mantrap?

Install a scale that evaluates current weight with that stored in the user's account profile

Post a warning sign stating that only one person is allowed in the mantrap at a time

Make the mantrap room the size of a telephone booth

Use a video camera
A
What is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment but which actively prevents re-entrance through the exit portal?

Turnstiles

Locked doors with interior unlock push-bars

Electronic access control doors

Egress mantraps
A
Which of the following is a benefit of security guards?

Require illness absence and vacation compensation

Offer incident adjusted responses

Can be a target of social engineering attacks

Do not fully understand nor support company wide security efforts
B
Which of the following statements is not true in regards to security guards?

They are a cost effective option to replace CCTV

Background screening of security guards is not foolproof

They cannot be used in all environments and situations

Security guards can recognize zero day physical attacks
A
An attacker monitors the habits of your facility's security guards over several weeks. The attacker learns that there are two security guards that walk around the perimeter of the facility in opposite directions. It takes both guards approximately 25 minutes to circumnavigate the property. There is a location near the right front corner of the building that is not viewable by either guard for 12 minutes during each round. Which attack method was used to discover this information?

War driving

Port scanning

Social engineering

Traffic analysis
D
When a photo ID is used, which of the following is not possible?

An appraisal of the general look and vibe of a visitor

Looking up of the person's name on an access roster

Automated identity verification

Comparison of the photo with the person
C
A smart card can be used to store all but which of the following items?

Cryptography keys

Identification codes

Biometric template original

Digital signature
C
Lock picking is legally classified under?

Loitering

Shimming

Theft

Trespassing
B
Which of the following is not a valid category of locks that use a physical key?

Conventional

Preset

Shimming-proof

Pick-resistant
C
Which of the following is not a standard component of an electronic access control lock?

Credential reader

Door-closed sensor with timeout alarm

Video camera

Electromagnetic lock
C
Determining the site or location of your secured facility is important. Which of the following is the least important factor when selecting a new geographic site to build a secure facility?

Cost

Severe weather occurrences

Earthquakes

Proximity to emergency services
A
When designing a new secure facility, what is the most important?

Asset protection

Prevention of trespass

Sustaining availability

Safety of personnel
D
When building a new facility or selecting an existing building, in addition to prevention and protection against forcible entry, which is the second most important security concern?

Cost

Proper grounding

Location

Fire resistance
D
Which of the following is not a concern when selecting the location of a secured facility?

Visibility

Local crime rate

Accessibility

Window translucence
D
Which of these hazards is likely to have the least effect on the facility's physical security?

Activist protests

Earthquakes

Floods

Excessive snowfall
A
Which of the following is not a method of detecting an intruder as they gain access to your building?

Capacitance change detectors

Cable locks on portable devices

Dry contact switches

Laser tripwires
B
Which of the following is best suited to detect perimeter breach rather than interior motion detection?

Ultrasonic sensor

Photoelectric sensor

Heat sensing sensor

Wave pattern sensor
B
If an intrusion detection system is connected to a central station system, what is the recommended setting for the local alarm sound?

Must be heard up to 400 feet away

Silent local alarm, notification at monitoring station only

Triggered only upon interior intrusion detection, not perimeter breach detection

Must be heard up to 1200 feet away
B
What is the primary benefit of CCTV?

Expands the area visible by security guards

Increases security protection throughout an environment

Reduces the need for locks and sensors on doors

Provides a corrective control
A
What is the purpose of audit trails?

Prevent security breaches

Restore systems to normal operations

Problem correction

Detect security-violating events
D
Which form of intrusion detection system is best against zero day attacks?

Network-focused, anomaly detection

Network-focused, pattern matching

Host-focused, pattern matching

Host-focused, neural network based
A
Which of the following is stronger than any biometric authentication factor?

A USB device hosting PKI certificates

A 47-character password

A dynamic asynchronous token device without a PIN

A two-factor authentication
D
What is the process called when a new employee has a user account created when the secured environment uses fingerprint scanners as an authentication factor?

Polyinstantiation

Enrollment

Accreditation

Registration
B
What is the minimum number of people that can be processed by a biometric authentication entry device in order for it to be considered generally acceptable?

10 subjects per minute

6 subjects per 2 minutes

6 subjects per 10 minutes

1 subject per 2 minutes
A
What is the most essential element necessary to support and maintain your IT network?

Access to patches and updates

Electricity

A security template

Trained users
B
Which of the following is the least effective power loss protection for computer systems?

Uninterruptible power supply

Surge protector

Backup power generator

Secondary power source
B
At what level of power loss does the ANSI definition allow for the claim of a brownout?

3.5 percent drop between the power source and the voltage meter

8 percent drop between the power source and the voltage meter

5 percent drop between the voltage meter and the wall outlet

8 percent drop between the voltage meter and the wall outlet
B
What is the best level of humidity for the mission critical server vault?

10% - 30%

60% - 100%

0% - 40%

40% - 60%
D
If water lines run through the building near where the mission-critical server room is located, what security feature should be installed?

Emergency shutoff valves

Positive pressure systems

Flood alarms

Dry pipe sprinklers
A
What is the worst place to position mission-critical servers in areas with excessive snowfall?

Middle of the building

Ground floor

Basement

First floor
C
What form of water-based fire suppression system is most suitable for a data center where your mission critical servers are located?

Wet pipe

Dry pipe

Preaction

Deluge
C
At what stage of a fire is smoke not visible?

Flame

Heat

Smoldering

Incipient
D
Which of the elements of the fire triangle would be most beneficial to eliminate or remove in the event of a fire in the mission critical server room?

Chemical reaction of combustion

Fuel

Heat

Oxygen
D
Once a fire is detected, what is the best first response option that would cause the least amount of overall damage to the facility and personnel?

Instigating a fire department response

Spraying water

Releasing an oxygen-removing gas throughout the building

Using a hand-held fire extinguisher
D
What is the most common method of facility based fire detection systems?

Flame actuated

Fixed temperature

Ionization detection

Rate of rise
B
What is the most common method of facility based fire detection systems?

Flame actuated

Fixed temperature

Ionization detection

Rate of rise
B
Which of the following is the least appropriate response to protect your facility from natural disasters?

Earthquake proof the building

Install flood protection

Select a grandfathered facility

Purchase hazard insurance
C
In addition to natural disasters, what other serious threat should be considered when designing physical security?

Man-made issues

Eavesdropping

Espionage

Electronic intrusion
A
Even if you perform regular backups, what must be done to ensure that you are protected against data loss?

Restrict restoration privileges to system administrators

Write-protect all backup media

Regularly test restoration procedures

Store the backup media in an onsite fireproof vault
C
Why should backup media be stored offsite?

To reduce the possibility of theft

It is a government regulation

To prevent the same disaster from affecting the both network and the backup media

It improves the efficiency of the restoration process
C
A system failure has occurred. Which of the following restoration processes would result in the fastest restoration of all data to its most current state?

Restore the full backup and all differential backups

Restore the full backup and the last differential backup

Restore the full backup and all incremental backups

Restore the full backup and the last incremental backup
B
Which of the following are backed up during an incremental backup?

Only files that have changed since the last full backup.

Only files that have changed since the last full or differential backup.

Only files that are new since the last full or incremental backup.

Only files that have changed since the last full or incremental backup.
D
Which of the following are backed up during a differential backup?

Only files that have changed since the last full backup.

Only files that are new since the last full or incremental backup.

Only files that have changed since the last full or incremental backup.

Only files that have changed since the last full or differential backup.
A
Which of the following is not true in regards to the mission-critical server vault or data center room?

Can use an oxygen-removing fire suppression system

Needs 1-hour minimum fire rated walls

Can be maintained at a colder temperature than the rest of the facility

Can serve as an emergency shelter
D
Who should be allowed to enter into the mission-critical server room?

Any and all administrators

Only administrators with specific work tasks

Any user

Only senior management
B
Which of the following is not a threat to physical security?

Hybrid password attacks

Chlorine poured into A/C intake vents

Piggybacking

Sabotage
A
Which is an example of a direct physical threat to the integrity of stored data?

Theft of the access keyboards

Premature removal of power

Unauthorized disclosure

Loss of physical access control
D
When a building collapses, what security aspect of your environment and hosted data is lost?

Authenticity

Availability

Integrity

Confidentiality
B
Which is the most common cause of unplanned downtime?

Human error

Power loss

Equipment failure

Misconfiguration
C
Which of the following statements is not true?

Accidental release of a suppression medium can be more damaging than an actual fire.

Even without a major fire, smoke damage can be significant.

Paper products are only damaged at or above 451 degrees Fahrenheit.

Loss of cooling systems can result in server hardware damage.
C
Access control lists can be used as security mechanisms to manage all but which of the following activities?

Physical entry into a building

Use of a service protocol

Communications over a specific TCP port

Access to read the contents a file resource
A
Which of the following is not an example of a physical barrier access control mechanism?

Biometric locks

Fences

One-time passwords

Mantrap
C
If people are the last line of defense, then what is the first line of defense?

Logical protections

Physical boundary protections

Technical mechanisms

Administrative controls
B
What is the most common mechanism used for perimeter boundary protection?

Lighting

Fencing

Guard dogs

Security guards
A
Which of the following has the greatest affect on the level of physical boundary protections and defenses that can be erected around a facility?

Road accessibility

Need to blend in and obtain obscurity

Residential area proximity

Visibility and line-of-site issues caused by the terrain
C
What is the official NIST standard for using lighting as perimeter boundary protection?

Critical areas should be lighted by 5 candle feet of power from a height of 3.5 feet

Critical areas should be lighted by 3.5 candle feet of power from a height of 12 feet

Critical areas should be lighted by 8 candle feet of power from a height of 2 feet

Critical areas should be lighted by 2 candle feet of power from a height of 8 feet
D
What are the requirements for a fence in order for it to be considered an intruder deterrent?

8' high made of wire mesh with barbed wire

4' high made of wire mesh

10' high made of cement blocks

6' high made of wood planks
A
What is the biggest issue with guard dogs?

Lack of perimeter protection

Maintenance

Cost

Insurance and liability
D
When an unauthorized person enters into a mantrap, what is the desired result?

Automatic release back into the public area

Allowing the interior lock to be disabled in less than 15 minutes

Apprehension of the person by authorities

Valid authorization which unlocks the interior door
C
Your organization has three different levels of security classification for its workers. Which is the best method to prevent shoulder surfing between different classification levels.

Separate work areas by floor-to-ceiling walls with locked doors

Use cubicles with three different color-coded areas for the three classification levels

Have regular awareness meetings to discuss the problem of disclosure

Point all monitors away from doorways and entrances
A
Which area of a typical organization should be the most restricted area?

Administrative offices

Data server room

Human resource department

Cubical farm
B
If a worker sees someone in their secured work area whom they do not recognize, which of the following is the best action for them to take?

Report the issue to their supervisor or the security staff

Ignore it as the company is large and there are lots of unknown personnel

Talk to your work area neighbor to see if they know who the person is

Confront the unknown person and ask for identification
A