What type of detected incident allows the most time for an investigation?
1. C. The Managed phase of the SW-CMM involves the use of quantitative development metrics.
The Software Engineering Institute SEI defines the key process areas for this level as Quanti- tative Process Management and Software Quality Management. For more information, please see Chapter 7.2. A, C. Because your organization needs to ensure confidentiality, you should choose the Bell-
LaPadula model. To ensure the integrity of your data, you should also use the Clark-Wilson model, which addresses separation of duties. This feature offers better protection from internal and external attacks. For more information, please see Chapter 12. 3. A. The purpose of a military and intelligence attack is to acquire classified information. The det- rimental effect of using such information could be nearly unlimited in the hands of an enemy. Attacks of this type are launched by very sophisticated attackers. It is often very difficult to ascer- tain what documents were successfully obtained. So when a breach of this type occurs, you some- times cannot know the full extent of the damage. For more information, please see Chapter 18.4. B. The MD5 algorithm produces a 128-bit message digest for any input. For more information,
please see Chapter 10.5. B. Network-based IDSs are usually able to detect the initiation of an attack or the ongoing
attempts to perpetrate an attack including DoS. They are, however, unable to provide infor- mation about whether an attack was successful or which specific systems, user accounts, files, or applications were affected. Host-based IDSs have some difficulty with detecting and tracking down DoS attacks. Vulnerability scanners don’t detect DoS attacks; they test for possible vul- nerabilities. Penetration testing may cause a DoS or test for DoS vulnerabilities, but it is not a detection tool. For more information, please see Chapter 2.6. D. Annualized loss expectancy ALE is the possible yearly cost of all instances of a specific
realized threat against a specific asset. The ALE is calculated using the formula SLEARO. For more information, please see Chapter 6.7. C. A fence that is 8 feet high with 3 strands of barbed wire deters determined intruders. For
more information, please see Chapter 19.8. D. A VPN link can be established over any other network communication connection. This
could be a typical LAN cable connection, a wireless LAN connection, a remote access dial-up connection, a WAN link, or even an Internet connection used by a client for access to the office LAN. For more information, please see Chapter 4.9. D. Biba is also a state machine model based on a classification lattice with mandatory access
controls. For more information, please see Chapter 1.10. D. Remote mirroring maintains a live database server at the remote site and comes at the high-
est cost. For more information, please see Chapter 16.11. A. The
∨ symbol represents the OR function, which is true when one or both of the input bits are true. For more information, please see Chapter 9. 12. D. In multilevel security mode, some users do not have a valid security clearance for all infor- mation processed by the system. For more information, please see Chapter 11.13. B. ITSEC was developed in Europe for evaluating systems. Although TCSEC also called the
Orange Book would satisfy the evaluation criteria, only ITSEC evaluates functionality and assurance separately. For more information, please see Chapter 12. 14. B. The SYN packet is first sent from the initiating host to the destination host. The destination host then responds with a SYNACK packet. The initiating host sends an ACK packet and the connection is then established. For more information, please see Chapter 8.15. B. One of the requirements of change management is that all changes must be capable of being
rolled back. For more information, please see Chapter 5. 16. C. Penetration testing is the attempt to bypass security controls to test overall system security. For more information, please see Chapter 14.17. A. Network hardware devices, including routers, function at layer 3, the Network layer. For
more information, please see Chapter 3. 18. B. Not all instances of DoS are the result of a malicious attack. Errors in coding OSs, services, and applications have resulted in DoS conditions. Some examples of this include a process failing to release control of the CPU or a service consuming system resources out of proportion to the service requests it is handling. Social engineering and sniffing are typically not considered DoS attacks. For more information, please see Chapter 2.19. C. Examples of detective controls are audit trails, logs, CCTV, intrusion detection systems,
antivirus software, penetration testing, password crackers, performance monitoring, and CRCs. For more information, please see Chapter 13.20. B. Parameter checking is used to prevent the possibility of buffer overflow attacks. For more
information, please see Chapter 8.21. B. Multiprocessing computers use more than one processor, in either a symmetric multipro-
cessing SMP or massively parallel processing MPP scheme. For more information, please see Chapter 11. 22. D. Differential backups store all files that have been modified since the time of the most recent full or incremental backup. For more information, please see Chapter 16.23. C. The USA Patriot Act granted broad new powers to law enforcement, including the solicita-
tion of voluntary ISP cooperation. For more information, please see Chapter 17.24. D. Scanning incidents are generally reconnaissance attacks. The real damage to a system comes
in the subsequent attacks, so you may have some time to react if you detect the scanning attack early. For more information, please see Chapter 18.25. A. Auditing is a required factor to sustain and enforce accountability. For more information,
please see Chapter 14. 26. D. Dynamic packet-filtering firewalls enable real-time modification of the filtering rules based on traffic content. For more information, please see Chapter 3.Parts
» Directory UMM :Networking Manual:
» What type of detected incident allows the most time for an investigation?
» What type of physical security controls are access controls, intrusion detection, alarms, CCTV,
» What is the first step of the Business Impact Assessment process?
» The “something you are” authentication factor is also known as what?
» C. The Managed phase of the SW-CMM involves the use of quantitative development metrics.
» A, C. Because your organization needs to ensure confidentiality, you should choose the Bell-
» B. The MD5 algorithm produces a 128-bit message digest for any input. For more information,
» B. Network-based IDSs are usually able to detect the initiation of an attack or the ongoing
» D. Annualized loss expectancy ALE is the possible yearly cost of all instances of a specific
» C. A fence that is 8 feet high with 3 strands of barbed wire deters determined intruders. For
» D. A VPN link can be established over any other network communication connection. This
» D. Biba is also a state machine model based on a classification lattice with mandatory access
» D. Remote mirroring maintains a live database server at the remote site and comes at the high-
» A. The Directory UMM :Networking Manual:
» B. ITSEC was developed in Europe for evaluating systems. Although TCSEC also called the
» B. One of the requirements of change management is that all changes must be capable of being
» A. Network hardware devices, including routers, function at layer 3, the Network layer. For
» C. Examples of detective controls are audit trails, logs, CCTV, intrusion detection systems,
» B. Parameter checking is used to prevent the possibility of buffer overflow attacks. For more
» B. Multiprocessing computers use more than one processor, in either a symmetric multipro-
» C. The USA Patriot Act granted broad new powers to law enforcement, including the solicita-
» D. Scanning incidents are generally reconnaissance attacks. The real damage to a system comes
» A. Auditing is a required factor to sustain and enforce accountability. For more information,
» What is access? What are the elements of the CIA Triad?
» Which of the following is not a reason why using passwords alone is a poor security mechanism?
» Which of the following is the least acceptable form of biometric device?
» B. The transfer of information from an object to a subject is called access.
» C. The subject is always the entity that receives information about or data from the object. The
» A. The essential security principles of confidentiality, integrity, and availability are often
» A. A preventative access control is deployed to stop an unwanted or unauthorized activity from
» B. Logicaltechnical access controls are the hardware or software mechanisms used to manage
» A. A Type 2 authentication factor is something you have. This could include a smart card, ATM
» C. Brute force attacks can be used against password database files and system logon prompts.
» D. Preventing password reuse increases security by preventing the theft of older password data-
» C. The point at which the FRR and FAR are equal is known as the Crossover Error Rate CER.
» C. Kerberos, SESAME, and KryptoKnight are examples of SSO mechanisms. TACACS is a cen-
» C. Mandatory access controls rely upon the use of labels. A system that employs discretionary
» B. A discretionary access control environment controls access based on user identity. If a user
» A. The most important aspect of a biometric factor is its accuracy. If a biometric factor is not
» D. Antivirus software is an example of a recovery or corrective access control.
» B. Of the options listed, retina scan is the least accepted form of biometric device because it
» An intrusion detection system IDS is primarily designed to perform what function?
» Which of the following is true for a host-based IDS?
» Which type of IDS can be considered an expert system?
» When a padded cell is used by a network for protection from intruders, which of the following
» When using penetration testing to verify the strength of your security policy, which of the fol-
» Spamming attacks occur when numerous unsolicited messages are sent to a victim. Because
» D. In most cases, when sufficient logging and auditing is enabled to monitor a system, so much
» A. An IDS automates the inspection of audit logs and real-time system events to detect abnormal
» B. A host-based IDS watches for questionable activity on a single computer system. A network-
» C. A knowledge-based IDS is effective only against known attack methods, which is its primary
» D. A behavior-based IDS can be labeled an expert system or a pseudo artificial intelligence sys-
» B. Honey pots are individual computers or entire networks created to serve as a snare for intrud-
» C. When an intruder is detected by an IDS, they are transferred to a padded cell. The transfer
» C. Vulnerability scanners are used to test a system for known security vulnerabilities and weak-
» B. Penetration testing should be performed only with the knowledge and consent of the man-
» A. A brute force attack is an attempt to discover passwords for user accounts by systematically
» C. Strong password policies, physical access control, and two-factor authentication all improve
» D. Spoofing is the replacement of valid source and destination IP and port addresses with false
» C. A SYN flood attack is waged by breaking the standard three-way handshake used by TCPIP
» A. In a land attack, the attacker sends a victim numerous SYN packets that have been spoofed
» D. In a teardrop attack, an attacker exploits a bug in operating systems. The bug exists in the
» B. A spamming attack is a type of denial of service attack. Spam is the term describing unwanted
» C. In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is
» Which of the following is not true regarding firewalls?
» Which public-private key security system was developed independently of industry standards
» B. Encapsulation is adding a header and footer to data as it moves through the Presentation layer
» B. Layer 5, Session, manages simplex one-direction, half-duplex two-way, but only one direc-
» B. 10Base-T UTP is the least resistant to EMI because it is unshielded. Thinnet 10Base2 and
» D. 1000Base-T offers 1000Mbps throughput and thus must have the greatest number of twists
» D. Fiber-optic cable is difficult to tap.
» B. Ethernet, Token Ring, and FDDI are common LAN technologies. ATM is more common in
» A. Ethernet is based on the IEEE 802.3 standard.
» B. A TCP wrapper is an application that can serve as a basic firewall by restricting access based
» B. UDP is a connectionless protocol.
» B. Stateful inspection firewalls are known as third-generation firewalls.
» C. There are numerous dynamic routing protocols, including RIP, OSPF, and BGP, but RPC is
» C. IPSec, or IP Security, is a standards-based mechanism for providing encryption for point-to-
» B. Pretty Good Privacy PGP is a public-private key system that uses the IDEA algorithm to
» A. PAP, or Password Authentication Protocol, is a standardized authentication protocol for
» B. Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to
» B. The 169.254.x.x. subnet is in the APIPA range, which is not part of RFC 1918. The addresses
» Which of the following VPN protocols do not offer encryption? Choose all that apply.
» Which of the following is not defined in RFC 1918 as one of the private IP address ranges that
» Which of the following is typically not an element that must be discussed with end users in
» Why is spam so difficult to stop?
» In addition to maintaining an updated system and controlling physical access, which of the fol-
» Which of the following is not a denial of service attack?
» B. Tunneling does not always use encryption. It does, however, employ encapsulation, is used to
» D. A stand-alone system has no need for tunneling because no communications between systems
» B. Most VPNs use encryption to protect transmitted data. In and of themselves, obscurity,
» D. Encryption is not necessary for the connection to be considered a VPN, but it is recom-
» D. An intermediary network connection is required for a VPN link to be established.
» C. SLIP is a dial-up connection protocol, a forerunner of PPP. It is not a VPN protocol.
» A, B. Layer 2 Forwarding L2F was developed by Cisco as a mutual authentication tunneling
» D. IPSec operates at the Network layer layer 3.
» A. The address range 16172.0.0–16191.255.255 is not listed in RFC 1918 as a public IP
» D. NAT does not protect against nor prevent brute force attacks.
» B. When transparency is a characteristic of a service, security control, or access mechanism, it
» D. The backup method is not an important factor to discuss with end users regarding e-mail
» B. Mailbombing is the use of e-mail as an attack mechanism. Flooding a system with messages
» B. It is often difficult to stop spam because the source of the messages is usually spoofed.
» C. Two types of messages can be formed using SMIME: signed messages and enveloped mes-
» B. Changing default passwords on PBX systems provides the most effective increase in security.
» C. A brute force attack is not considered a DoS.
» A. ISDN, or Integrated Services Digital Network, is a digital end-to-end communications mech-
» Which of the following contains the primary goals and objectives of security?
» Which of the following is a principle of the CIA Triad that means authorized subjects are granted
» Which of the following is not true?
» All but which of the following items require awareness for all individuals affected?
» What ensures that the subject of an activity or event cannot deny that the event occurred?
» Which of the following is not considered an example of data hiding?
» What is the primary objective of data classification schemes?
» What are the two common data classification schemes?
» Which commercial businessprivate sector data classification is used to control information
» B. The primary goals and objectives of security are confidentiality, integrity, and availability,
» A. Vulnerabilities and risks are evaluated based on their threats against one or more of the CIA
» B. Availability means that authorized subjects are granted timely and uninterrupted access to
» C. Hardware destruction is a violation of availability and possibly integrity. Violations of con-
» C. Violations of confidentiality are not limited to direct intentional attacks. Many instances of
» D. Without integrity, confidentiality cannot be maintained.
» B. Privacy is freedom from being observed, monitored, or examined without consent or knowledge.
» D. Users should be aware that e-mail messages are retained, but the backup mechanism used to
» D. A challengeresponse token device is almost exclusively used as an authentication factor, not
» C. Nonrepudiation ensures that the subject of an activity or event cannot deny that the event
» A. Preventing an authorized reader of an object from deleting that object is just an access con-
» D. The prevention of security compromises is the primary goal of change management.
» B. The primary objective of data classification schemes is to formalize and stratify the process
» B. Size is not a criteria for establishing data classification. When classifying an object, you
» A. Military or government and private sector or commercial business are the two common
» B. Of the options listed, secret is the lowest classified military data classification.
» Which of the following is the weakest element in any security solution?
» What is the primary purpose of an exit interview?
» Who is liable for failing to perform prudent due care?
» Which of the following policies is required when industry or legal standards are applicable to
» Which of the following would not be considered an asset in a risk analysis?
» When a safeguard or a countermeasure is not present or is not sufficient, what is created?
» When evaluating safeguards, what is the rule that should be followed in most cases?
» How is the value of a safeguard to a company calculated?
» Which security role is responsible for assigning the sensitivity label to objects?
» D. If no detailed step-by-step instructions or procedures exist, then turn to the guidelines for
» D. A countermeasure directly affects the annualized rate of occurrence, primarily because the
» Which one of the following malicious code objects might be inserted in an application by a dis-
» Which form of DBMS primarily supports the establishment of one-to-many relationships?
» What programming languages can be used to develop ActiveX controls for use on an Internet site?
» What database technique can be used to prevent unauthorized users from determining classified
» Which of the following acts as a proxy between two different systems to support interaction and
» In systems utilizing a ring protection scheme, at what level does the security kernel reside?
» Which of the following programming languages is least prone to the insertion of malicious code
» What transaction management principle ensures that two transactions do not interfere with each
» D. Logic bombs are malicious code objects programmed to lie dormant until certain logical con-
» A. Intelligent agents are code objects programmed to perform certain operations on behalf of a
» B. Hierarchical DBMS supports one-to-many relationships. Relational DBMS supports one-to-
» B. The major difference between viruses and worms is that worms are self-replicating whereas
» D. Microsoft’s ActiveX technology supports a number of programming languages, including
» A. Content-dependent access control is focused on the internal data of each field.
» D. In this case, the process the database user is taking advantage of is aggregation. Aggregation
» C. Polyinstantiation allows the insertion of multiple records that appear to have the same pri-
» B. Random access memory RAM allows for the direct addressing of any point within the
» D. The Next-Generation Intrusion Detection Expert System NIDES system is an expert sys-
» B. ODBC acts as a proxy between applications and the back-end DBMS.
» D. The spiral model allows developers to repeat iterations of another life cycle model such as
» A. The security kernel and reference monitor reside at Level 0 in the ring protection scheme,
» C. Contamination is the mixing of data from a higher classification level andor need-to-know
» C. Of the languages listed, VBScript is the least prone to modification by third parties because
» C. Configuration audit is part of the configuration management process rather than the change
» C. The isolation principle states that two transactions operating on the same data must be tem-
» A. The Data Manipulation Language DML is used to make modifications to a relational data-
» What is the size of the Master Boot Record on a system installed with a typical configuration?
» Which one of the following types of attacks relies upon the difference between the timing of two
» What advanced virus technique modifies the malicious code of a virus on each system it infects?
» What is the best defensive action that system administrators can take against the threat posed by
» What file is instrumental in preventing dictionary attacks against Unix systems?
» Which one of the following network attacks takes advantages of weaknesses in the fragment
» A hacker located at IP address 12.8.0.1 wants to launch a Smurf attack on a victim machine
» What is the minimum size a packet can be to be used in a ping of death attack?
» What technology does the Java language use to minimize the threat posed by applets?
» Which one of the following attacks uses a TCP packet with the SYN flag set and identical source
» B. The Master Boot Record is a single sector of a floppy disk or hard drive. Each sector is nor-
» C. The TCPIP handshake consists of three phases: SYN, SYNACK, and ACK. Attacks like the
» B. The time-of-check-to-time-of-use TOCTTOU attack relies upon the timing of the execution
» D. The Good Times virus is a famous hoax that does not actually exist.
» A. In an attempt to avoid detection by signature-based antivirus software packages, polymor-
» C. The vast majority of new malicious code objects exploit known vulnerabilities that were
» D. All of the other choices are forms of common words that might be found during a dictionary
» B. Shadow password files move encrypted password information from the publicly readable
» C. Trinoo and the Tribal Flood Network TFN are the two most commonly used distributed
» A. The teardrop attack uses overlapping packet fragments to confuse a target system and cause
» Which one of the following is not a goal of cryptographic systems?
» What is the length of the cryptographic key used in the Data Encryption Standard DES
» Which one of the following is not a possible key length for the Advanced Encryption Standard
» Which one of the following is a cryptographic goal that cannot be achieved by a secret key
» What is the output value of the mathematical function 16 mod 3?
» Which one of the following cipher types operates on large pieces of a message rather than indi-
» What is the minimum number of cryptographic keys required for secure two-way communica-
» What encryption algorithm is used by the Clipper chip, which supports the Escrowed Encryp-
» What approach to key escrow divides the secret key into several pieces that are distributed to
» What type of cryptosystem commonly makes use of a passage from a well-known book for the
» Matthew and Richard wish to communicate using symmetric cryptography but do not have a
» C. The four goals of cryptographic systems are confidentiality, integrity, authentication, and
» A. Nonrepudiation prevents the sender of a message from later denying that they sent it.
» A. DES uses a 56-bit key. This is considered one of the major weaknesses of this cryptosystem.
» B. Transposition ciphers use a variety of techniques to reorder the characters within a message.
» A. The Rijndael cipher allows users to select a key length of 128, 192, or 256 bits, depending
» A. Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely
» D. Assuming that it is used properly, the one-time pad is the only known cryptosystem that is
» B. Option B is correct because 16 divided by 3 equals 5, with a remainder value of 1.
» A. The cryptanalysts from the United States discovered a pattern in the method the Soviets used
» A. Symmetric key cryptography uses a shared secret key. All communicating parties utilize the
» D. In asymmetric public key cryptography, each communicating party must have a pair of
» D. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire
» C. The Skipjack algorithm implemented the key escrow standard supported by the U.S. government.
» B. To achieve added security over DES, 3DES must use at least two cryptographic keys.
» A. The Fair Cryptosystems approach would have independent third parties each store a portion of
» C. The Caesar cipher and other simple substitution ciphers are vulnerable to frequency attacks
» C. The Diffie-Hellman algorithm allows for the secure exchange of symmetric keys over an inse-
» Bob decrypts the message digest using Alice’s public key.
» Bob then compares the decrypted message digest he received from Alice with the message
» In the RSA public key cryptosystem, which one of the following numbers will always be largest?
» If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which
» Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company
» Which one of the following message digest algorithms is the current U.S. government standard
» Which International Telecommunications Union ITU standard governs the creation and
» What TCPIP communications port is utilized by Secure Sockets Layer traffic?
» Which of the following security systems was created to support the use of stored-value payment
» What is the major disadvantage of using certificate revocation lists?
» B. The number n is generated as the product of the two large prime numbers p and q. Therefore,
» B. The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange
» C. Richard must encrypt the message using Sue’s public key so that Sue can decrypt it using her
» C. The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any mes-
» A. The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that
» A. The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the
» C. The MD4 algorithm has documented flaws that produce collisions, rendering it useless as a
» A. SHA-1 is the current U.S. government standard, as defined in the Secure Hashing Standard SHS,
» B. Sue would have encrypted the message using Richard’s public key. Therefore, Richard needs
» B. Richard should encrypt the message digest with his own private key. When Sue receives the
» C. The Digital Signature Standard allows federal government use of the Digital Signature Algo-
» C. Secure Sockets Layer utilizes TCP port 443 for encrypted clientserver communications.
» C. The meet-in-the-middle attack demonstrated that it took relatively the same amount of com-
» C. The MONDEX payment system, owned by MasterCard International, provides the crypto-
» C. The Wired Equivalent Privacy protocol encrypts traffic passing between a mobile client and
» B. Certificate revocation lists CRLs introduce an inherent latency to the certificate expiration
» D. The Merkle-Hellman Knapsack algorithm, which relies upon the difficulty of factoring
» B. IPSec is a security protocol that defines a framework for setting up a secure channel to
» Many PC operating systems provide functionality that enables them to support the simultaneous
» You have three applications running on a single-processor system that supports multitasking.
» What term describes the processor mode used to run the system tools used by administrators
» What type of memory chip allows the end user to write information to the memory only one time
» Which one of the following types of memory might retain information after being removed from
» What type of electrical component serves as the primary building block for dynamic RAM chips?
» In which of the following security modes can you be assured that all users have access permis-
» What type of memory device is normally used to contain a computer’s BIOS?
» In what type of addressing scheme is the data actually supplied to the CPU as an argument to
» What security principle helps prevent users from accessing memory spaces assigned to applica-
» Which security principle takes the concept of process isolation and implements it using physical
» C. Multitasking is processing more than one task at the same time. In most cases, multitasking is
» B. Although all electronic devices emit some unwanted emanations, monitors are the devices
» A. A single-processor system can operate on only one thread at a time. There would be a total
» A. In a dedicated system, all users must have a valid security clearance for the highest level of
» A. All user applications, regardless of the security permissions assigned to the user, execute in
» B. Programmable read-only memory PROM chips may be written once by the end user but
» C. EPROMs may be erased through exposure to high-intensity ultraviolet light. ROM and
» C. Secondary memory is a term used to describe magnetic and optical media. These devices will
» C. RAM chips are highly pilferable items and the single greatest threat they pose is the economic
» A. Dynamic RAM chips are built from a large number of capacitors, each of which holds a single
» C. Floppy disks are easily removed and it is often not possible to apply operating system access
» C. In system high mode, all users have appropriate clearances and access permissions for all
» D. In a multilevel security mode system, there is no requirement that all users have appropriate
» B. BIOS and device firmware are often stored on EEPROM chips in order to facilitate future
» C. Registers are small memory locations that are located directly on the CPU chip itself. The
» B. In immediate addressing, the CPU does not need to actually retrieve any data from memory.
» D. In indirect addressing, the location provided to the CPU contains a memory address. The
» C. Process isolation provides separate memory spaces to each process running on a system. This
» D. The principle of least privilege states that only processes that absolutely need kernel-level
» A. Hardware segmentation achieves the same objectives as process isolation but takes them to
» What is system certification?
» For what type of information system security accreditation are the applications and systems at
» What is a trusted computing base TCB?
» What part of the TCB validates access to every resource prior to granting the requested access?
» Which security models are built on a state machine model?
» Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher
» What term describes an entry point that only the developer knows about into a system?
» How can electromagnetic radiation be used to compromise a system?
» B. A system certification is a technical evaluation. Option A describes system accreditation.
» A. Accreditation is the formal acceptance process. Option B is not an appropriate answer
» C. A closed system is one that uses largely proprietary or unpublished protocols and standards.
» C. A constrained process is one that can access only certain memory locations. Options A, B,
» D. A control limits access to an object to protect it from misuse from unauthorized users.
» B. The applications and systems at a specific, self-contained location are evaluated for DITSCAP
» C. The TCB is the part of your system you can trust to support and enforce your
» B. Option B is the only option that correctly defines a security model. Options A, C, and D
» D. The Bell-LaPadula and Biba models are built on the state machine model.
» A. Only the Bell-LaPadula model addresses data confidentiality. The other models address data
» A. An entry point that only the developer knows about into a system is a maintenance hook, or
» B. Option B defines the time-of-check TOC, which is the time at which a subject verifies the
» C. If a receiver is in close enough proximity to an electromagnetic radiation source, it can be
» B. By far, the buffer overflow is the most common, and most avoidable, programmer-generated
» Personnel management is a form of what type of control?
» Which of the following causes the vulnerability of being affected by viruses to increase?
» Which of the following is not an illegal activity that can be performed over a computer network?
» What is the best form of antivirus protection?
» What is the requirement to have access to, knowledge about, or possession of data or a resource
» Which of the following requires that archives of audit logs be kept for long periods of time?
» Which operation is performed on media so it can be reused in a less-secure environment?
» Which security tool is used to guide the security implementation of an organization?
» What type of trusted recovery process requires the intervention of an administrator?
» A. Personnel management is a form of administrative control. Administrative controls also include
» B. E-mail is the most common distribution method for viruses.
» C. As more software is installed, more vulnerabilities are added to the system, thus adding more
» B. In areas where technical controls cannot prevent virus infections, users should be trained on
» B. Laws and regulations must be obeyed and security concerns must be adjusted accordingly.
» C. Although wasting resources is considered inappropriate activity, it is not actually a crime in
» D. Everyone should be informed when records about their activities on a network are being
» C. Concentric circles of different solutions is the best form of antivirus protection.
» A. Workstation change is an effective means of preventing and detecting the presence of unap-
» C. Need-to-know is the requirement to have access to, knowledge about, or possession of data
» D. Classification is the most important aspect of marking media because it determines the pre-
» C. Purging of media is erasing media so it can be reused in a less-secure environment. The purg-
» C. A detective control is a security mechanism used to verify whether the directive and preven-
» D. When possible, operations controls should be invisible, or transparent, to users. This keeps
» C. The goal of change management is to ensure that any change does not lead to reduced or com-
» What is a methodical examination or review of an environment to ensure compliance with reg-
» Monitoring can be used to perform all but which of the following?
» What is the frequency of an IT infrastructure security audit or security review based on?
» Audit trails are considered to be what type of security control?
» Why should access to audit reports be controlled and restricted?
» Which of the following focuses more on the patterns and trends of data rather than the actual
» The standard for study and control of electronic signals produced by various types of electronic
» Which of the following is not an effective countermeasure against inappropriate content being
» B. Auditing is a methodical examination or review of an environment to ensure compliance with
» D. Deployment of countermeasures is not considered a type of auditing activity; rather, it’s an
» A. Monitoring is not used to detect the availability of new software patches.
» C. The frequency of an IT infrastructure security audit or security review is based on risk. You
» A. Failing to perform periodic security audits can result in the perception that due care is not
» B. Audit trails are a passive form of detective security control. Administrative, corrective, and
» B. Recommendations of the auditor are not considered basic and essential concepts to be
» B. Audit reports should be secured because they contain information about the vulnerabilities of
» C. Warning banners are used to inform would-be intruders or those who attempt to violate the
» B. Traffic analysis focuses more on the patterns and trends of data rather than the actual con-
» D. War dialing is the act of searching for unauthorized modems that will accept inbound calls
» A. Users often install unauthorized modems because of restricted and monitored Internet access.
» B. TEMPEST is the standard that defines the study and control of electronic signals produced by
» C. An IDS is not a countermeasure against inappropriate content.
» A. One of the most common vulnerabilities and hardest to protect against is the occurrence of
» C. In most cases, you must simply wait until the emergency or condition expires and things
» What is the first step that individuals responsible for the development of a business continuity
» What unit of measurement should be used to assign quantitative values to assets in the priority
» Which one of the following BIA terms identifies the amount of money a business expects to lose
» You are concerned about the risk that an avalanche poses to your 3 million shipping facility.
» Your manager is concerned that the Business Impact Assessment recently completed by the BCP
» Which task of BCP bridges the gap between the Business Impact Assessment and the Continuity
» Which one of the following concerns is not suitable for quantitative measurement during the
» Referring to the scenario in question 13, what is the annualized loss expectancy?
» What type of mitigation provision is utilized when redundant communications links are
» What is the formula used to compute the single loss expectancy for a risk scenario?
» B. The business organization analysis helps the initial planners select appropriate BCP team
» B. The first task of the BCP team should be the review and validation of the business organiza-
» C. The annualized loss expectancy ALE represents the amount of money a business expects to
» C. The maximum tolerable downtime MTD represents the longest period a business function
» B. The SLE is the product of the AV and the EF. From the scenario, you know that the AV is
» D. This problem requires you to compute the ALE, which is the product of the SLE and the
» D. The qualitative analysis portion of the BIA allows you to introduce intangible concerns, such
» C. The strategy development task bridges the gap between Business Impact Assessment and
» D. The safety of human life must always be the paramount concern in Business Continuity Plan-
» B. The single loss expectancy SLE is the amount of damage that would be caused by a single
» C. The annualized loss expectancy ALE is computed by taking the product of the single loss
» C. In the provisions and processes phase, the BCP team actually designs the procedures and mech-
» D. Redundant communications links are a type of alternative system put in place to provide
» C. Disaster recovery plans pick up where business continuity plans leave off. After a disaster
» A. The single loss expectancy SLE is computed as the product of the asset value AV and the
» What is the end goal of Disaster Recovery Planning?
» According to the Federal Emergency Management Agency, approximately what percentage of
» In the wake of the September 11, 2001 terrorist attacks, what industry made drastic changes that
» Which one of the following statements about Business Continuity Planning and Disaster Recov-
» In which one of the following database recovery techniques is an exact, up-to-date copy of the
» What Business Continuity Planning technique can help you prepare the business unit prioritiza-
» What is the typical time estimate to activate a warm site from the time a disaster is declared?
» What Disaster Recovery Planning tool can be used to protect an organization against the failure
» What combination of backup strategies provides the fastest backup creation time?
» C. Disaster Recovery Planning picks up where Business Continuity Planning leaves off. Once a
» C. A power outage is an example of a man-made disaster. The other events listed—tsunamis,
» D. As shown in Table 16.1, 40 of the 50 U.S. states are considered to have a moderate, high, or
» B. Most general business insurance and homeowner’s insurance policies do not provide any pro-
» C. The opposite of this statement is true—Disaster Recovery Planning picks up where Business
» D. When you use remote mirroring, an exact copy of the database is maintained at an alternative
» C. Redundant systemscomponents provide protection against the failure of one particular piece
» B. During the Business Impact Assessment phase, you must identify the business priorities of
» D. Warm sites and hot sites both contain workstations, servers, and the communications circuits
» C. In an electronic vaulting scenario, bulk transfers of data occur between the primary site and
» D. Software escrow agreements place the application source code in the hands of an independent
» C. Any backup strategy must include full backups at some point in the process. Incremental
» A. Any backup strategy must include full backups at some point in the process. If a combination
» B. Parallel tests involve moving personnel to the recovery site and gearing up operations, but
» Which criminal law was the first to implement penalties for the creators of viruses, worms, and
» What type of law does not require an act of Congress to implement at the federal level but,
» What is the broadest category of computer systems protected by the Computer Fraud and Abuse
» Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her partner, Joe,
» What law prevents government agencies from disclosing personal information that an individual
» What law formalizes many licensing arrangements used by the software industry and attempts
» Which one of the following is not a requirement that Internet service providers must satisfy in
» Which one of the following types of licensing agreements is most well known because it does not
» What industry is most directly impacted by the provisions of the Gramm-Leach-Bliley Act?
» Which one of the following is not a valid legal reason for processing information about an indi-
» What evidentiary principle states that a written contract is assumed to contain all of the terms
» C. The Computer Fraud and Abuse Act, as amended, provides criminal and civil penalties for
» A. The Computer Security Act requires mandatory periodic training for all persons involved in the
» C. The National Institute of Standards and Technology NIST is charged with the security man-
» C. The original Computer Fraud and Abuse Act of 1984 covered only systems used by the gov-
» B. The Fourth Amendment to the U.S. Constitution sets the “probable cause” standard that law
» A. Copyright law is the only type of intellectual property protection available to Matthew. It
» D. Mary and Joe should treat their oil formula as a trade secret. As long as they do not publicly
» C. Richard’s product name should be protected under trademark law. Until his registration is
» A. The Privacy Act of 1974 limits the ways government agencies may use information that pri-
» B. The Uniform Computer Information Transactions Act UCITA attempts to implement a stan-
» A. The Children’s Online Privacy Protection Act COPPA provides severe penalties for compa-
» A. The Digital Millennium Copyright Act does not include any geographical location require-
» C. The USA Patriot Act was adopted in the wake of the 911 terrorist attacks. It broadens the
» B. Shrink-wrap license agreements become effective when the user opens a software package.
» B. The Gramm-Leach-Bliley Act provides, among other things, regulations regarding the way
» C. United States patent law provides for an exclusivity period of 20 years beginning at the time
» C. Marketing needs are not a valid reason for processing personal information, as defined by the
» C. Real evidence must be either uniquely identified by a witness or authenticated through a doc-
» C. The parol evidence rule states that a written contract is assumed to contain all of the terms
» What goal is not a purpose of a financial attack?
» What is one possible goal of a terrorist attack?
» What are the primary reasons attackers engage in “fun” attacks? Choose all that apply.
» What would be a valid argument for not immediately removing power from a machine when an
» What type of incident is characterized by obtaining an increased level of privilege?
» If you need to confiscate a PC from a suspected attacker who does not work for your organiza-
» B. A financial attack focuses primarily on obtaining services and funds illegally.
» D. Any action that can harm a person or organization, either directly or through embarrass-
» A, C. Fun attacks have no reward other than providing a boost to pride and ego. The thrill of
» C. Although the other options have some merit in individual cases, the most important rule is to
» D. The most compelling reason for not removing power from a machine is that you will lose the
» C. Although an organization would not want to report a large number of incidents unless
» B. Some port scans are normal. An unusually high volume of port scan activity can be a recon-
» A. Any time an attacker exceeds their authority, the incident is classified as a system compro-
» C. Although options A, B, and D are actions that can make you aware of what attacks look like
» B. In this case, you need a search warrant to confiscate equipment without giving the suspect
» A. Log files contain a large volume of generally useless information. However, when you are try-
» D. Ethics are simply rules of personal behavior. Many professional organizations establish for-
» B. The second canon of the ISC
» Which of the following is the most important aspect of security?
» What type of physical security controls focus on facility construction and selection, site man-
» Which of the following does not need to be true in order to maintain the most efficient and
» Which of the following is a double set of doors that is often protected by a guard and is used to
» Which of the following is not a disadvantage of using security guards?
» What is the most common and inexpensive form of physical access control device?
» What is the most important goal of all security solutions?
» At what voltage level can static electricity cause destruction of data stored on hard drives?
» What is the best type of water-based fire suppression system for a computer facility?
» A. Physical security is the most important aspect of overall security. Without physical security,
» B. Critical path analysis can be used to map out the needs of an organization for a new facility.
» D. Equal access to all locations within a facility is not a security-focused design element. Each
» A. A computer room does not need to be human compatible to be efficient and secure. Having
» C. A mantrap is a double set of doors that is often protected by a guard and used to contain a
» D. Lighting is the most common form of perimeter security devices or mechanisms. Your entire
» A. Security guards are usually unaware of the scope of the operations within a facility, which
» B. The most common cause of failure for a water-based system is human error. If you turn off
» C. Key locks are the most common and inexpensive form of physical access control device.
» D. A capacitance motion detector senses changes in the electrical or magnetic field surrounding
» A. There is no preventative alarm. Alarms are always triggered in response to a detected intru-
» B. No matter what form of physical access control is used, a security guard or other monitoring
» C. Human safety is the most important goal of all security solutions.
» B. The humidity in a computer room should ideally be from 40 to 60 percent.
» D. Destruction of data stored on hard drives can be caused by 1,500 volts of static electricity.
» A. Water is never the suppression medium in Type B fire extinguishers because they are used on
» C. A preaction system is the best type of water-based fire suppression system for a computer
» D. Light is usually not damaging to most computer equipment, but fire, smoke, and the sup-
» 612 Directory UMM :Networking Manual:
» 580–581, 676 Digital Signature Standard DSS, 345–346, 676
» 580–581, 676 Directory UMM :Networking Manual:
» 586, 679 Directory UMM :Networking Manual:
» 679 Directory UMM :Networking Manual:
» 679 elliptic curve cryptography, 339–340, 679 Directory UMM :Networking Manual:
» 685 hashing algorithms, 316 Directory UMM :Networking Manual:
» 685 hoaxes, 264 Directory UMM :Networking Manual:
» 689 IDEAL model, 240, 241 Directory UMM :Networking Manual:
» 687 Directory UMM :Networking Manual:
Show more