689 IDEAL model, 240, 241 Directory UMM :Networking Manual:
Parts
» Directory UMM :Networking Manual:
» What type of detected incident allows the most time for an investigation?
» What type of physical security controls are access controls, intrusion detection, alarms, CCTV,
» What is the first step of the Business Impact Assessment process?
» The “something you are” authentication factor is also known as what?
» C. The Managed phase of the SW-CMM involves the use of quantitative development metrics.
» A, C. Because your organization needs to ensure confidentiality, you should choose the Bell-
» B. The MD5 algorithm produces a 128-bit message digest for any input. For more information,
» B. Network-based IDSs are usually able to detect the initiation of an attack or the ongoing
» D. Annualized loss expectancy ALE is the possible yearly cost of all instances of a specific
» C. A fence that is 8 feet high with 3 strands of barbed wire deters determined intruders. For
» D. A VPN link can be established over any other network communication connection. This
» D. Biba is also a state machine model based on a classification lattice with mandatory access
» D. Remote mirroring maintains a live database server at the remote site and comes at the high-
» A. The Directory UMM :Networking Manual:
» B. ITSEC was developed in Europe for evaluating systems. Although TCSEC also called the
» B. One of the requirements of change management is that all changes must be capable of being
» A. Network hardware devices, including routers, function at layer 3, the Network layer. For
» C. Examples of detective controls are audit trails, logs, CCTV, intrusion detection systems,
» B. Parameter checking is used to prevent the possibility of buffer overflow attacks. For more
» B. Multiprocessing computers use more than one processor, in either a symmetric multipro-
» C. The USA Patriot Act granted broad new powers to law enforcement, including the solicita-
» D. Scanning incidents are generally reconnaissance attacks. The real damage to a system comes
» A. Auditing is a required factor to sustain and enforce accountability. For more information,
» What is access? What are the elements of the CIA Triad?
» Which of the following is not a reason why using passwords alone is a poor security mechanism?
» Which of the following is the least acceptable form of biometric device?
» B. The transfer of information from an object to a subject is called access.
» C. The subject is always the entity that receives information about or data from the object. The
» A. The essential security principles of confidentiality, integrity, and availability are often
» A. A preventative access control is deployed to stop an unwanted or unauthorized activity from
» B. Logicaltechnical access controls are the hardware or software mechanisms used to manage
» A. A Type 2 authentication factor is something you have. This could include a smart card, ATM
» C. Brute force attacks can be used against password database files and system logon prompts.
» D. Preventing password reuse increases security by preventing the theft of older password data-
» C. The point at which the FRR and FAR are equal is known as the Crossover Error Rate CER.
» C. Kerberos, SESAME, and KryptoKnight are examples of SSO mechanisms. TACACS is a cen-
» C. Mandatory access controls rely upon the use of labels. A system that employs discretionary
» B. A discretionary access control environment controls access based on user identity. If a user
» A. The most important aspect of a biometric factor is its accuracy. If a biometric factor is not
» D. Antivirus software is an example of a recovery or corrective access control.
» B. Of the options listed, retina scan is the least accepted form of biometric device because it
» An intrusion detection system IDS is primarily designed to perform what function?
» Which of the following is true for a host-based IDS?
» Which type of IDS can be considered an expert system?
» When a padded cell is used by a network for protection from intruders, which of the following
» When using penetration testing to verify the strength of your security policy, which of the fol-
» Spamming attacks occur when numerous unsolicited messages are sent to a victim. Because
» D. In most cases, when sufficient logging and auditing is enabled to monitor a system, so much
» A. An IDS automates the inspection of audit logs and real-time system events to detect abnormal
» B. A host-based IDS watches for questionable activity on a single computer system. A network-
» C. A knowledge-based IDS is effective only against known attack methods, which is its primary
» D. A behavior-based IDS can be labeled an expert system or a pseudo artificial intelligence sys-
» B. Honey pots are individual computers or entire networks created to serve as a snare for intrud-
» C. When an intruder is detected by an IDS, they are transferred to a padded cell. The transfer
» C. Vulnerability scanners are used to test a system for known security vulnerabilities and weak-
» B. Penetration testing should be performed only with the knowledge and consent of the man-
» A. A brute force attack is an attempt to discover passwords for user accounts by systematically
» C. Strong password policies, physical access control, and two-factor authentication all improve
» D. Spoofing is the replacement of valid source and destination IP and port addresses with false
» C. A SYN flood attack is waged by breaking the standard three-way handshake used by TCPIP
» A. In a land attack, the attacker sends a victim numerous SYN packets that have been spoofed
» D. In a teardrop attack, an attacker exploits a bug in operating systems. The bug exists in the
» B. A spamming attack is a type of denial of service attack. Spam is the term describing unwanted
» C. In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is
» Which of the following is not true regarding firewalls?
» Which public-private key security system was developed independently of industry standards
» B. Encapsulation is adding a header and footer to data as it moves through the Presentation layer
» B. Layer 5, Session, manages simplex one-direction, half-duplex two-way, but only one direc-
» B. 10Base-T UTP is the least resistant to EMI because it is unshielded. Thinnet 10Base2 and
» D. 1000Base-T offers 1000Mbps throughput and thus must have the greatest number of twists
» D. Fiber-optic cable is difficult to tap.
» B. Ethernet, Token Ring, and FDDI are common LAN technologies. ATM is more common in
» A. Ethernet is based on the IEEE 802.3 standard.
» B. A TCP wrapper is an application that can serve as a basic firewall by restricting access based
» B. UDP is a connectionless protocol.
» B. Stateful inspection firewalls are known as third-generation firewalls.
» C. There are numerous dynamic routing protocols, including RIP, OSPF, and BGP, but RPC is
» C. IPSec, or IP Security, is a standards-based mechanism for providing encryption for point-to-
» B. Pretty Good Privacy PGP is a public-private key system that uses the IDEA algorithm to
» A. PAP, or Password Authentication Protocol, is a standardized authentication protocol for
» B. Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to
» B. The 169.254.x.x. subnet is in the APIPA range, which is not part of RFC 1918. The addresses
» Which of the following VPN protocols do not offer encryption? Choose all that apply.
» Which of the following is not defined in RFC 1918 as one of the private IP address ranges that
» Which of the following is typically not an element that must be discussed with end users in
» Why is spam so difficult to stop?
» In addition to maintaining an updated system and controlling physical access, which of the fol-
» Which of the following is not a denial of service attack?
» B. Tunneling does not always use encryption. It does, however, employ encapsulation, is used to
» D. A stand-alone system has no need for tunneling because no communications between systems
» B. Most VPNs use encryption to protect transmitted data. In and of themselves, obscurity,
» D. Encryption is not necessary for the connection to be considered a VPN, but it is recom-
» D. An intermediary network connection is required for a VPN link to be established.
» C. SLIP is a dial-up connection protocol, a forerunner of PPP. It is not a VPN protocol.
» A, B. Layer 2 Forwarding L2F was developed by Cisco as a mutual authentication tunneling
» D. IPSec operates at the Network layer layer 3.
» A. The address range 16172.0.0–16191.255.255 is not listed in RFC 1918 as a public IP
» D. NAT does not protect against nor prevent brute force attacks.
» B. When transparency is a characteristic of a service, security control, or access mechanism, it
» D. The backup method is not an important factor to discuss with end users regarding e-mail
» B. Mailbombing is the use of e-mail as an attack mechanism. Flooding a system with messages
» B. It is often difficult to stop spam because the source of the messages is usually spoofed.
» C. Two types of messages can be formed using SMIME: signed messages and enveloped mes-
» B. Changing default passwords on PBX systems provides the most effective increase in security.
» C. A brute force attack is not considered a DoS.
» A. ISDN, or Integrated Services Digital Network, is a digital end-to-end communications mech-
» Which of the following contains the primary goals and objectives of security?
» Which of the following is a principle of the CIA Triad that means authorized subjects are granted
» Which of the following is not true?
» All but which of the following items require awareness for all individuals affected?
» What ensures that the subject of an activity or event cannot deny that the event occurred?
» Which of the following is not considered an example of data hiding?
» What is the primary objective of data classification schemes?
» What are the two common data classification schemes?
» Which commercial businessprivate sector data classification is used to control information
» B. The primary goals and objectives of security are confidentiality, integrity, and availability,
» A. Vulnerabilities and risks are evaluated based on their threats against one or more of the CIA
» B. Availability means that authorized subjects are granted timely and uninterrupted access to
» C. Hardware destruction is a violation of availability and possibly integrity. Violations of con-
» C. Violations of confidentiality are not limited to direct intentional attacks. Many instances of
» D. Without integrity, confidentiality cannot be maintained.
» B. Privacy is freedom from being observed, monitored, or examined without consent or knowledge.
» D. Users should be aware that e-mail messages are retained, but the backup mechanism used to
» D. A challengeresponse token device is almost exclusively used as an authentication factor, not
» C. Nonrepudiation ensures that the subject of an activity or event cannot deny that the event
» A. Preventing an authorized reader of an object from deleting that object is just an access con-
» D. The prevention of security compromises is the primary goal of change management.
» B. The primary objective of data classification schemes is to formalize and stratify the process
» B. Size is not a criteria for establishing data classification. When classifying an object, you
» A. Military or government and private sector or commercial business are the two common
» B. Of the options listed, secret is the lowest classified military data classification.
» Which of the following is the weakest element in any security solution?
» What is the primary purpose of an exit interview?
» Who is liable for failing to perform prudent due care?
» Which of the following policies is required when industry or legal standards are applicable to
» Which of the following would not be considered an asset in a risk analysis?
» When a safeguard or a countermeasure is not present or is not sufficient, what is created?
» When evaluating safeguards, what is the rule that should be followed in most cases?
» How is the value of a safeguard to a company calculated?
» Which security role is responsible for assigning the sensitivity label to objects?
» D. If no detailed step-by-step instructions or procedures exist, then turn to the guidelines for
» D. A countermeasure directly affects the annualized rate of occurrence, primarily because the
» Which one of the following malicious code objects might be inserted in an application by a dis-
» Which form of DBMS primarily supports the establishment of one-to-many relationships?
» What programming languages can be used to develop ActiveX controls for use on an Internet site?
» What database technique can be used to prevent unauthorized users from determining classified
» Which of the following acts as a proxy between two different systems to support interaction and
» In systems utilizing a ring protection scheme, at what level does the security kernel reside?
» Which of the following programming languages is least prone to the insertion of malicious code
» What transaction management principle ensures that two transactions do not interfere with each
» D. Logic bombs are malicious code objects programmed to lie dormant until certain logical con-
» A. Intelligent agents are code objects programmed to perform certain operations on behalf of a
» B. Hierarchical DBMS supports one-to-many relationships. Relational DBMS supports one-to-
» B. The major difference between viruses and worms is that worms are self-replicating whereas
» D. Microsoft’s ActiveX technology supports a number of programming languages, including
» A. Content-dependent access control is focused on the internal data of each field.
» D. In this case, the process the database user is taking advantage of is aggregation. Aggregation
» C. Polyinstantiation allows the insertion of multiple records that appear to have the same pri-
» B. Random access memory RAM allows for the direct addressing of any point within the
» D. The Next-Generation Intrusion Detection Expert System NIDES system is an expert sys-
» B. ODBC acts as a proxy between applications and the back-end DBMS.
» D. The spiral model allows developers to repeat iterations of another life cycle model such as
» A. The security kernel and reference monitor reside at Level 0 in the ring protection scheme,
» C. Contamination is the mixing of data from a higher classification level andor need-to-know
» C. Of the languages listed, VBScript is the least prone to modification by third parties because
» C. Configuration audit is part of the configuration management process rather than the change
» C. The isolation principle states that two transactions operating on the same data must be tem-
» A. The Data Manipulation Language DML is used to make modifications to a relational data-
» What is the size of the Master Boot Record on a system installed with a typical configuration?
» Which one of the following types of attacks relies upon the difference between the timing of two
» What advanced virus technique modifies the malicious code of a virus on each system it infects?
» What is the best defensive action that system administrators can take against the threat posed by
» What file is instrumental in preventing dictionary attacks against Unix systems?
» Which one of the following network attacks takes advantages of weaknesses in the fragment
» A hacker located at IP address 12.8.0.1 wants to launch a Smurf attack on a victim machine
» What is the minimum size a packet can be to be used in a ping of death attack?
» What technology does the Java language use to minimize the threat posed by applets?
» Which one of the following attacks uses a TCP packet with the SYN flag set and identical source
» B. The Master Boot Record is a single sector of a floppy disk or hard drive. Each sector is nor-
» C. The TCPIP handshake consists of three phases: SYN, SYNACK, and ACK. Attacks like the
» B. The time-of-check-to-time-of-use TOCTTOU attack relies upon the timing of the execution
» D. The Good Times virus is a famous hoax that does not actually exist.
» A. In an attempt to avoid detection by signature-based antivirus software packages, polymor-
» C. The vast majority of new malicious code objects exploit known vulnerabilities that were
» D. All of the other choices are forms of common words that might be found during a dictionary
» B. Shadow password files move encrypted password information from the publicly readable
» C. Trinoo and the Tribal Flood Network TFN are the two most commonly used distributed
» A. The teardrop attack uses overlapping packet fragments to confuse a target system and cause
» Which one of the following is not a goal of cryptographic systems?
» What is the length of the cryptographic key used in the Data Encryption Standard DES
» Which one of the following is not a possible key length for the Advanced Encryption Standard
» Which one of the following is a cryptographic goal that cannot be achieved by a secret key
» What is the output value of the mathematical function 16 mod 3?
» Which one of the following cipher types operates on large pieces of a message rather than indi-
» What is the minimum number of cryptographic keys required for secure two-way communica-
» What encryption algorithm is used by the Clipper chip, which supports the Escrowed Encryp-
» What approach to key escrow divides the secret key into several pieces that are distributed to
» What type of cryptosystem commonly makes use of a passage from a well-known book for the
» Matthew and Richard wish to communicate using symmetric cryptography but do not have a
» C. The four goals of cryptographic systems are confidentiality, integrity, authentication, and
» A. Nonrepudiation prevents the sender of a message from later denying that they sent it.
» A. DES uses a 56-bit key. This is considered one of the major weaknesses of this cryptosystem.
» B. Transposition ciphers use a variety of techniques to reorder the characters within a message.
» A. The Rijndael cipher allows users to select a key length of 128, 192, or 256 bits, depending
» A. Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely
» D. Assuming that it is used properly, the one-time pad is the only known cryptosystem that is
» B. Option B is correct because 16 divided by 3 equals 5, with a remainder value of 1.
» A. The cryptanalysts from the United States discovered a pattern in the method the Soviets used
» A. Symmetric key cryptography uses a shared secret key. All communicating parties utilize the
» D. In asymmetric public key cryptography, each communicating party must have a pair of
» D. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire
» C. The Skipjack algorithm implemented the key escrow standard supported by the U.S. government.
» B. To achieve added security over DES, 3DES must use at least two cryptographic keys.
» A. The Fair Cryptosystems approach would have independent third parties each store a portion of
» C. The Caesar cipher and other simple substitution ciphers are vulnerable to frequency attacks
» C. The Diffie-Hellman algorithm allows for the secure exchange of symmetric keys over an inse-
» Bob decrypts the message digest using Alice’s public key.
» Bob then compares the decrypted message digest he received from Alice with the message
» In the RSA public key cryptosystem, which one of the following numbers will always be largest?
» If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which
» Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company
» Which one of the following message digest algorithms is the current U.S. government standard
» Which International Telecommunications Union ITU standard governs the creation and
» What TCPIP communications port is utilized by Secure Sockets Layer traffic?
» Which of the following security systems was created to support the use of stored-value payment
» What is the major disadvantage of using certificate revocation lists?
» B. The number n is generated as the product of the two large prime numbers p and q. Therefore,
» B. The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange
» C. Richard must encrypt the message using Sue’s public key so that Sue can decrypt it using her
» C. The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any mes-
» A. The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that
» A. The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the
» C. The MD4 algorithm has documented flaws that produce collisions, rendering it useless as a
» A. SHA-1 is the current U.S. government standard, as defined in the Secure Hashing Standard SHS,
» B. Sue would have encrypted the message using Richard’s public key. Therefore, Richard needs
» B. Richard should encrypt the message digest with his own private key. When Sue receives the
» C. The Digital Signature Standard allows federal government use of the Digital Signature Algo-
» C. Secure Sockets Layer utilizes TCP port 443 for encrypted clientserver communications.
» C. The meet-in-the-middle attack demonstrated that it took relatively the same amount of com-
» C. The MONDEX payment system, owned by MasterCard International, provides the crypto-
» C. The Wired Equivalent Privacy protocol encrypts traffic passing between a mobile client and
» B. Certificate revocation lists CRLs introduce an inherent latency to the certificate expiration
» D. The Merkle-Hellman Knapsack algorithm, which relies upon the difficulty of factoring
» B. IPSec is a security protocol that defines a framework for setting up a secure channel to
» Many PC operating systems provide functionality that enables them to support the simultaneous
» You have three applications running on a single-processor system that supports multitasking.
» What term describes the processor mode used to run the system tools used by administrators
» What type of memory chip allows the end user to write information to the memory only one time
» Which one of the following types of memory might retain information after being removed from
» What type of electrical component serves as the primary building block for dynamic RAM chips?
» In which of the following security modes can you be assured that all users have access permis-
» What type of memory device is normally used to contain a computer’s BIOS?
» In what type of addressing scheme is the data actually supplied to the CPU as an argument to
» What security principle helps prevent users from accessing memory spaces assigned to applica-
» Which security principle takes the concept of process isolation and implements it using physical
» C. Multitasking is processing more than one task at the same time. In most cases, multitasking is
» B. Although all electronic devices emit some unwanted emanations, monitors are the devices
» A. A single-processor system can operate on only one thread at a time. There would be a total
» A. In a dedicated system, all users must have a valid security clearance for the highest level of
» A. All user applications, regardless of the security permissions assigned to the user, execute in
» B. Programmable read-only memory PROM chips may be written once by the end user but
» C. EPROMs may be erased through exposure to high-intensity ultraviolet light. ROM and
» C. Secondary memory is a term used to describe magnetic and optical media. These devices will
» C. RAM chips are highly pilferable items and the single greatest threat they pose is the economic
» A. Dynamic RAM chips are built from a large number of capacitors, each of which holds a single
» C. Floppy disks are easily removed and it is often not possible to apply operating system access
» C. In system high mode, all users have appropriate clearances and access permissions for all
» D. In a multilevel security mode system, there is no requirement that all users have appropriate
» B. BIOS and device firmware are often stored on EEPROM chips in order to facilitate future
» C. Registers are small memory locations that are located directly on the CPU chip itself. The
» B. In immediate addressing, the CPU does not need to actually retrieve any data from memory.
» D. In indirect addressing, the location provided to the CPU contains a memory address. The
» C. Process isolation provides separate memory spaces to each process running on a system. This
» D. The principle of least privilege states that only processes that absolutely need kernel-level
» A. Hardware segmentation achieves the same objectives as process isolation but takes them to
» What is system certification?
» For what type of information system security accreditation are the applications and systems at
» What is a trusted computing base TCB?
» What part of the TCB validates access to every resource prior to granting the requested access?
» Which security models are built on a state machine model?
» Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher
» What term describes an entry point that only the developer knows about into a system?
» How can electromagnetic radiation be used to compromise a system?
» B. A system certification is a technical evaluation. Option A describes system accreditation.
» A. Accreditation is the formal acceptance process. Option B is not an appropriate answer
» C. A closed system is one that uses largely proprietary or unpublished protocols and standards.
» C. A constrained process is one that can access only certain memory locations. Options A, B,
» D. A control limits access to an object to protect it from misuse from unauthorized users.
» B. The applications and systems at a specific, self-contained location are evaluated for DITSCAP
» C. The TCB is the part of your system you can trust to support and enforce your
» B. Option B is the only option that correctly defines a security model. Options A, C, and D
» D. The Bell-LaPadula and Biba models are built on the state machine model.
» A. Only the Bell-LaPadula model addresses data confidentiality. The other models address data
» A. An entry point that only the developer knows about into a system is a maintenance hook, or
» B. Option B defines the time-of-check TOC, which is the time at which a subject verifies the
» C. If a receiver is in close enough proximity to an electromagnetic radiation source, it can be
» B. By far, the buffer overflow is the most common, and most avoidable, programmer-generated
» Personnel management is a form of what type of control?
» Which of the following causes the vulnerability of being affected by viruses to increase?
» Which of the following is not an illegal activity that can be performed over a computer network?
» What is the best form of antivirus protection?
» What is the requirement to have access to, knowledge about, or possession of data or a resource
» Which of the following requires that archives of audit logs be kept for long periods of time?
» Which operation is performed on media so it can be reused in a less-secure environment?
» Which security tool is used to guide the security implementation of an organization?
» What type of trusted recovery process requires the intervention of an administrator?
» A. Personnel management is a form of administrative control. Administrative controls also include
» B. E-mail is the most common distribution method for viruses.
» C. As more software is installed, more vulnerabilities are added to the system, thus adding more
» B. In areas where technical controls cannot prevent virus infections, users should be trained on
» B. Laws and regulations must be obeyed and security concerns must be adjusted accordingly.
» C. Although wasting resources is considered inappropriate activity, it is not actually a crime in
» D. Everyone should be informed when records about their activities on a network are being
» C. Concentric circles of different solutions is the best form of antivirus protection.
» A. Workstation change is an effective means of preventing and detecting the presence of unap-
» C. Need-to-know is the requirement to have access to, knowledge about, or possession of data
» D. Classification is the most important aspect of marking media because it determines the pre-
» C. Purging of media is erasing media so it can be reused in a less-secure environment. The purg-
» C. A detective control is a security mechanism used to verify whether the directive and preven-
» D. When possible, operations controls should be invisible, or transparent, to users. This keeps
» C. The goal of change management is to ensure that any change does not lead to reduced or com-
» What is a methodical examination or review of an environment to ensure compliance with reg-
» Monitoring can be used to perform all but which of the following?
» What is the frequency of an IT infrastructure security audit or security review based on?
» Audit trails are considered to be what type of security control?
» Why should access to audit reports be controlled and restricted?
» Which of the following focuses more on the patterns and trends of data rather than the actual
» The standard for study and control of electronic signals produced by various types of electronic
» Which of the following is not an effective countermeasure against inappropriate content being
» B. Auditing is a methodical examination or review of an environment to ensure compliance with
» D. Deployment of countermeasures is not considered a type of auditing activity; rather, it’s an
» A. Monitoring is not used to detect the availability of new software patches.
» C. The frequency of an IT infrastructure security audit or security review is based on risk. You
» A. Failing to perform periodic security audits can result in the perception that due care is not
» B. Audit trails are a passive form of detective security control. Administrative, corrective, and
» B. Recommendations of the auditor are not considered basic and essential concepts to be
» B. Audit reports should be secured because they contain information about the vulnerabilities of
» C. Warning banners are used to inform would-be intruders or those who attempt to violate the
» B. Traffic analysis focuses more on the patterns and trends of data rather than the actual con-
» D. War dialing is the act of searching for unauthorized modems that will accept inbound calls
» A. Users often install unauthorized modems because of restricted and monitored Internet access.
» B. TEMPEST is the standard that defines the study and control of electronic signals produced by
» C. An IDS is not a countermeasure against inappropriate content.
» A. One of the most common vulnerabilities and hardest to protect against is the occurrence of
» C. In most cases, you must simply wait until the emergency or condition expires and things
» What is the first step that individuals responsible for the development of a business continuity
» What unit of measurement should be used to assign quantitative values to assets in the priority
» Which one of the following BIA terms identifies the amount of money a business expects to lose
» You are concerned about the risk that an avalanche poses to your 3 million shipping facility.
» Your manager is concerned that the Business Impact Assessment recently completed by the BCP
» Which task of BCP bridges the gap between the Business Impact Assessment and the Continuity
» Which one of the following concerns is not suitable for quantitative measurement during the
» Referring to the scenario in question 13, what is the annualized loss expectancy?
» What type of mitigation provision is utilized when redundant communications links are
» What is the formula used to compute the single loss expectancy for a risk scenario?
» B. The business organization analysis helps the initial planners select appropriate BCP team
» B. The first task of the BCP team should be the review and validation of the business organiza-
» C. The annualized loss expectancy ALE represents the amount of money a business expects to
» C. The maximum tolerable downtime MTD represents the longest period a business function
» B. The SLE is the product of the AV and the EF. From the scenario, you know that the AV is
» D. This problem requires you to compute the ALE, which is the product of the SLE and the
» D. The qualitative analysis portion of the BIA allows you to introduce intangible concerns, such
» C. The strategy development task bridges the gap between Business Impact Assessment and
» D. The safety of human life must always be the paramount concern in Business Continuity Plan-
» B. The single loss expectancy SLE is the amount of damage that would be caused by a single
» C. The annualized loss expectancy ALE is computed by taking the product of the single loss
» C. In the provisions and processes phase, the BCP team actually designs the procedures and mech-
» D. Redundant communications links are a type of alternative system put in place to provide
» C. Disaster recovery plans pick up where business continuity plans leave off. After a disaster
» A. The single loss expectancy SLE is computed as the product of the asset value AV and the
» What is the end goal of Disaster Recovery Planning?
» According to the Federal Emergency Management Agency, approximately what percentage of
» In the wake of the September 11, 2001 terrorist attacks, what industry made drastic changes that
» Which one of the following statements about Business Continuity Planning and Disaster Recov-
» In which one of the following database recovery techniques is an exact, up-to-date copy of the
» What Business Continuity Planning technique can help you prepare the business unit prioritiza-
» What is the typical time estimate to activate a warm site from the time a disaster is declared?
» What Disaster Recovery Planning tool can be used to protect an organization against the failure
» What combination of backup strategies provides the fastest backup creation time?
» C. Disaster Recovery Planning picks up where Business Continuity Planning leaves off. Once a
» C. A power outage is an example of a man-made disaster. The other events listed—tsunamis,
» D. As shown in Table 16.1, 40 of the 50 U.S. states are considered to have a moderate, high, or
» B. Most general business insurance and homeowner’s insurance policies do not provide any pro-
» C. The opposite of this statement is true—Disaster Recovery Planning picks up where Business
» D. When you use remote mirroring, an exact copy of the database is maintained at an alternative
» C. Redundant systemscomponents provide protection against the failure of one particular piece
» B. During the Business Impact Assessment phase, you must identify the business priorities of
» D. Warm sites and hot sites both contain workstations, servers, and the communications circuits
» C. In an electronic vaulting scenario, bulk transfers of data occur between the primary site and
» D. Software escrow agreements place the application source code in the hands of an independent
» C. Any backup strategy must include full backups at some point in the process. Incremental
» A. Any backup strategy must include full backups at some point in the process. If a combination
» B. Parallel tests involve moving personnel to the recovery site and gearing up operations, but
» Which criminal law was the first to implement penalties for the creators of viruses, worms, and
» What type of law does not require an act of Congress to implement at the federal level but,
» What is the broadest category of computer systems protected by the Computer Fraud and Abuse
» Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her partner, Joe,
» What law prevents government agencies from disclosing personal information that an individual
» What law formalizes many licensing arrangements used by the software industry and attempts
» Which one of the following is not a requirement that Internet service providers must satisfy in
» Which one of the following types of licensing agreements is most well known because it does not
» What industry is most directly impacted by the provisions of the Gramm-Leach-Bliley Act?
» Which one of the following is not a valid legal reason for processing information about an indi-
» What evidentiary principle states that a written contract is assumed to contain all of the terms
» C. The Computer Fraud and Abuse Act, as amended, provides criminal and civil penalties for
» A. The Computer Security Act requires mandatory periodic training for all persons involved in the
» C. The National Institute of Standards and Technology NIST is charged with the security man-
» C. The original Computer Fraud and Abuse Act of 1984 covered only systems used by the gov-
» B. The Fourth Amendment to the U.S. Constitution sets the “probable cause” standard that law
» A. Copyright law is the only type of intellectual property protection available to Matthew. It
» D. Mary and Joe should treat their oil formula as a trade secret. As long as they do not publicly
» C. Richard’s product name should be protected under trademark law. Until his registration is
» A. The Privacy Act of 1974 limits the ways government agencies may use information that pri-
» B. The Uniform Computer Information Transactions Act UCITA attempts to implement a stan-
» A. The Children’s Online Privacy Protection Act COPPA provides severe penalties for compa-
» A. The Digital Millennium Copyright Act does not include any geographical location require-
» C. The USA Patriot Act was adopted in the wake of the 911 terrorist attacks. It broadens the
» B. Shrink-wrap license agreements become effective when the user opens a software package.
» B. The Gramm-Leach-Bliley Act provides, among other things, regulations regarding the way
» C. United States patent law provides for an exclusivity period of 20 years beginning at the time
» C. Marketing needs are not a valid reason for processing personal information, as defined by the
» C. Real evidence must be either uniquely identified by a witness or authenticated through a doc-
» C. The parol evidence rule states that a written contract is assumed to contain all of the terms
» What goal is not a purpose of a financial attack?
» What is one possible goal of a terrorist attack?
» What are the primary reasons attackers engage in “fun” attacks? Choose all that apply.
» What would be a valid argument for not immediately removing power from a machine when an
» What type of incident is characterized by obtaining an increased level of privilege?
» If you need to confiscate a PC from a suspected attacker who does not work for your organiza-
» B. A financial attack focuses primarily on obtaining services and funds illegally.
» D. Any action that can harm a person or organization, either directly or through embarrass-
» A, C. Fun attacks have no reward other than providing a boost to pride and ego. The thrill of
» C. Although the other options have some merit in individual cases, the most important rule is to
» D. The most compelling reason for not removing power from a machine is that you will lose the
» C. Although an organization would not want to report a large number of incidents unless
» B. Some port scans are normal. An unusually high volume of port scan activity can be a recon-
» A. Any time an attacker exceeds their authority, the incident is classified as a system compro-
» C. Although options A, B, and D are actions that can make you aware of what attacks look like
» B. In this case, you need a search warrant to confiscate equipment without giving the suspect
» A. Log files contain a large volume of generally useless information. However, when you are try-
» D. Ethics are simply rules of personal behavior. Many professional organizations establish for-
» B. The second canon of the ISC
» Which of the following is the most important aspect of security?
» What type of physical security controls focus on facility construction and selection, site man-
» Which of the following does not need to be true in order to maintain the most efficient and
» Which of the following is a double set of doors that is often protected by a guard and is used to
» Which of the following is not a disadvantage of using security guards?
» What is the most common and inexpensive form of physical access control device?
» What is the most important goal of all security solutions?
» At what voltage level can static electricity cause destruction of data stored on hard drives?
» What is the best type of water-based fire suppression system for a computer facility?
» A. Physical security is the most important aspect of overall security. Without physical security,
» B. Critical path analysis can be used to map out the needs of an organization for a new facility.
» D. Equal access to all locations within a facility is not a security-focused design element. Each
» A. A computer room does not need to be human compatible to be efficient and secure. Having
» C. A mantrap is a double set of doors that is often protected by a guard and used to contain a
» D. Lighting is the most common form of perimeter security devices or mechanisms. Your entire
» A. Security guards are usually unaware of the scope of the operations within a facility, which
» B. The most common cause of failure for a water-based system is human error. If you turn off
» C. Key locks are the most common and inexpensive form of physical access control device.
» D. A capacitance motion detector senses changes in the electrical or magnetic field surrounding
» A. There is no preventative alarm. Alarms are always triggered in response to a detected intru-
» B. No matter what form of physical access control is used, a security guard or other monitoring
» C. Human safety is the most important goal of all security solutions.
» B. The humidity in a computer room should ideally be from 40 to 60 percent.
» D. Destruction of data stored on hard drives can be caused by 1,500 volts of static electricity.
» A. Water is never the suppression medium in Type B fire extinguishers because they are used on
» C. A preaction system is the best type of water-based fire suppression system for a computer
» D. Light is usually not damaging to most computer equipment, but fire, smoke, and the sup-
» 612 Directory UMM :Networking Manual:
» 580–581, 676 Digital Signature Standard DSS, 345–346, 676
» 580–581, 676 Directory UMM :Networking Manual:
» 586, 679 Directory UMM :Networking Manual:
» 679 Directory UMM :Networking Manual:
» 679 elliptic curve cryptography, 339–340, 679 Directory UMM :Networking Manual:
» 685 hashing algorithms, 316 Directory UMM :Networking Manual:
» 685 hoaxes, 264 Directory UMM :Networking Manual:
» 689 IDEAL model, 240, 241 Directory UMM :Networking Manual:
» 687 Directory UMM :Networking Manual:
Show more