• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/326

Click to flip

326 Cards in this Set

  • Front
  • Back
What goals of information security are acheived via cryptography?
•Confidentiality
•Integrity
•Authentication

(Do not confuse this with the general C-I-A of Information Security)
What are the two classes of ciphers?
Block Ciphers
•Typically software implemented
•Reusable Keys
•Interoperability

Stream Ciphers
•Typically hardware implemented
What are some types of ciphers?
•Substitution
•Transposition (or permutation)
•Codes
•Running (or book)
•Vernam
•Concealment
What is "key clustering"?
When two different keys generate the same ciphertext using the same encryption algorithm.
Describe the dfiierences between
•Cryptanaysis
•Cryptography
•Cryptology
Cryptanalysis - science of deciphering ciphertext without the cryptographic key

Cryptography - science of enrypting and decrypting information

Cryptology - science the encompasses both cryptanalysis and cryptography
What does a cryptograhic system consist of?
A cryptographic algorithm and a cryptovariable (key)
What is the difference between end-to-end and link encryption?
In end to end encryption, messages are transported while encrypted. Only data is enrypted leaving routing information exposed.

In Link encryption, messsages are decrypted and re-encrypted at every node in the path. This requires that each node have different keys for its upstream and downstream neigbors. Link encryption introduces latency and is vulnerable if a node is compromised.
What is the major disadvantage of the one-time-pad?
One time pads typically use a key the same length as the message. This does not work well for large messages. One time pads are an example of a stream cipher.
What is the "work factor"?
Force x Effort = work. The purpose of encryption is to acheive a work factor sufficient to make it "not worth" breaking the encryption.
What is stenography?
The art of hiding the existence of a message.
What are the advantages of symmetric key cryptography?
Speed, Strength, Availability

Disadvantages include distribution of keys, scalability, limited functionality (no authentication or non-repudiation)
What kind of cipher is DES, and what is its key size?
DES (Data Encryption Standard) is a block cipher that uses a 56-bit key.
What does 3DES add to the original DES?
The message is encrypted three times with up to three keys.
What is assymetric cryptography and why would it be used?
In assymetric cryptography one key is used to encrypt the message and a second key is used to decrypt it (public and private key). It provides confidentiality and authenticity.
What is a key advantage os the Elliptic Curve (EC) model?
It is much more efficient than other asymmetric sytems because it can use a smaller key.
What two means are used for message authentication?
Digital Signatures
Message Digests
What is a "collision" in the context of message authentication?
When two messages produce the same digest or when a second message produces the same digest as a different message.
What are some examples of message authentication algorithms?
MD5
SHA-1
HMAC
What are the four basic components of a PKI?
Publik Key Infrastructure
Certification Authority
Registration Authority
Repository
Archive
What are the major functions associated with Key Management?
Key-
• Generation
• Distribution
• Installation
• Storage
• Change
• Control
• Disposal
What is PGP?
Pretty Good Protection - a freeware email security application that uses IDEA for encryption, and RSA for key distribution and digital signatures.
What internet security application was developed by Visa and Mastercard?
SET - Secure Electronic Transaction
What are the two main modes and two main protocols of IPSEC?
Modes
• Transport
• Tunnel
Protocols
• Authentication Header (AH)
• Encapsulating Security Payload (ESP)
What is the purpose of Secure Shell (SSH-2)?
Secure remote access
Name some methods of attack on encryption systems.
Cipher-only Attack
Known-Plaintext Attacks
Chosen-Plaintext Attacks
Chosen-Ciphertext Attacks
Differential Cryptanalysis
Linear Cryptanalysis
Side-Channel Attacks
Replay Attacks
Algebraic Attacks
Analytic Attacks
Brute Force Attacks
Implmentation Attacks
Statistical Attacks
What is the most famous encryption machine ever?
The Enigma machine used by Germany in WWII.
Q: The number one priority of disaster planning should always be:
TOPIC: Business Continuity Planning and Disaster Recovery Planning
A Preservation of capital
B Personnel evacuation and safety
C Resumption of core business functions
D Investor relations
RIGHT=B
See Chapter 10. People always come first!
Q: Which of the following is NOT a goal of a Business Impact Assessment (BIA)?
TOPIC: Business Continuity and Disaster Recovery Planning
A To inventory mutual aid agreements
B To identify and prioritize business critical functions
C To determine how much downtime the business can tolerate
D To identify resources required by critical processes
RIGHT=A
See Chapter 10. Mutual aid agreements are not a significant concern of a BIA.
Q: In the context of Data Processing Continuity Planning, “Subscription Services” refers to:
TOPIC: Business Continuity and Disaster Recovery Planning
A Contracts to have replacement computer hardware within 72 hours
B Contracts to have replacement computer hardware within 24 hours
C Commercial services providing hot sites, warm sites, and cold sites
D The quarterly journal “Continuity Planning”
RIGHT=C
See Chapter 10. Subscription services refers to hot sites, warm sites, and cold sites.
Q: The primary difference between a hot site and a warm site is:
TOPIC: Business Continuity and Disaster Recovery Planning
A A hot site is closer to the organization’s data centers than is the warm site.
B The warm site’s systems don’t have the organization software or data installed.
C The warm site doesn’t have computer systems in it.
D The warm site is powered down, but the hot site is powered up and ready to go.
RIGHT=B
See Chapter 10. Warm sites are mostly like hot sites except that the organization’s software and data aren’t on the warm site’s systems.
Q: Which of the following is NOT a concern for a hot site?
TOPIC: Business Continuity and Disaster Recovery Planning
A Programs and data at the hot site must be protected.
B A widespread disaster will strain the hot site’s resources.
C A hot site is expensive because of the controls and patches required.
D Computer equipment must be shipped quickly to the hot site for it to be effective.
RIGHT=D
See Chapter 10. The hot site already has computer equipment.
Q: The disaster recovery plan needs to be continuously maintained because:
TOPIC: Business Continuity and Disaster Recovery Planning
A The organization’s software versions are constantly changing.
B The organization’s business processes are constantly changing.
C The available software patches are constantly changing.
D The organization’s data is constantly changing.
RIGHT=B
See Chapter 10. The DRP must contain an up-to-date record of all critical business processes.
Q: How is the organization’s DRP best kept up-to-date?
TOPIC: Business Continuity and Disaster Recovery Planning
A With regular audits to ensure that changes in business processes are known
B By maintaining lists of current software versions, patches, and configurations
C By maintaining personnel contact lists
D By regularly testing the DRP
RIGHT=A
See Chapter 10. Audits will uncover changes that are needed in the DRP.
Q: Multiple versions of a DRP available in the organization will:
TOPIC: Business Continuity and Disaster Recovery Planning
A Allow older pass-along versions of the plan to circulated to some personnel
B Give involved personnel a choice of response procedures
C Cause confusion during a disaster
D Give critical personnel the best composite view of response procedures
RIGHT=C
See Chapter 10. There should be only one available version of the DRP available in order to avoid confusion.
Q: BCP stands for:
TOPIC: Business Continuity and Disaster Recovery Planning
A Basic Continuity Planning
B Basic Continuity Procedure
C Business Continuity Procedure
D Business Continuity Planning
RIGHT=D
BCP is an acronym for Business Continuity Planning. See Chapter 10.
Q: “Remote journaling” refers to:
TOPIC: Business Continuity and Disaster Recovery Planning
A A mechanism that transmits transactions to an alternate processing site
B A procedure for maintaining multiple copies of change control records
C A procedure for maintaining multiple copies of configuration management records
D A mechanism that ensures the survivability of written records
RIGHT=A
See Chapter 10. Remote journaling keeps data at an alternate site up-to-date at all times.
Q: Backing up data by sending it through a communications line to a remote location is known as:
TOPIC: Business Continuity and Disaster Recovery Planning
A Transaction journaling
B Off-site storage
C Electronic vaulting
D Electronic journaling
RIGHT=C
See Chapter 10. Electronic vaulting is the term that describes backing up data over a communications line to another location.
Q: Which of the following is NOT a method used to create an online redundant data set?
TOPIC: Business Continuity and Disaster Recovery Planning
A Remote journaling
B Off-site storage
C Electronic vaulting
D Database mirroring
RIGHT=B
See Chapter 10. Off-site storage is merely an alternate location for storing back-up media.
Q: One of the chief disadvantages of a Mutual Aid Agreement is:
TOPIC: Business Continuity and Disaster Recovery Planning
A There is no guarantee that the other organization will agree to help.
B A large disaster affecting both organizations renders the agreement worthless.
C It’s the most expensive way to acquire a warm site.
D The DRP isn’t tested until a disaster strikes.
RIGHT=B
See Chapter 10. A disaster large enough to affect both organizations will negate the plan.
Q: A hot site is the most expensive because:
TOPIC: Business Continuity and Disaster Recovery Planning
A Travel costs can be high.
B Duplicate staff salaries are high.
C HVAC systems are expensive to operate.
D It requires constant maintenance to keep systems in sync.
RIGHT=D
See Chapter 10. The hot site systems’ hardware, software, applications, and patches must be kept current with the organization’s main data center(s).
Q: The types of DRP tests are:
TOPIC: Business Continuity and Disaster Recovery Planning
A Checklist, walkthrough, simulation, parallel, and full interruption
B Checklist, simulation, parallel, and full interruption
C Checklist, walkthrough, simulation, and full interruption
D Walkthrough, simulation, and parallel
RIGHT=A
See Chapter 10. The five types of DRP tests are checklist, walkthrough, simulation, parallel, and full interruption.
Q: A parallel DRP test:
TOPIC: Business Continuity and Disaster Recovery Planning
A Is resource intensive and rarely used
B Tests the full responsiveness by shutting down production systems
C Runs in parallel with production processing
D Is a paper exercise to test theoretical response to a disaster
RIGHT=C
See Chapter 10. A parallel test utilizes parallel processing of the organization’s systems but without shutting down production systems.
Q: A DRP checklist test:
TOPIC: Business Continuity and Disaster Recovery Planning
A Is really only a review of the disaster recovery procedures
B Is a test of back-up system business resumption procedures
C Is a test of production system recovery procedures
D Is a test of business process failover procedures
RIGHT=A
See Chapter 10. A checklist test is nothing more than a review of disaster recovery procedures.
Q: What is the purpose of a Salvage Team?
TOPIC: Business Continuity and Disaster Recovery Planning
A To resume critical business operations at the alternate processing site
B To retrieve any needed items from off-site storage
C To return the primary processing site to normal business operations
D To salvage any usable or marketable assets after a disaster
RIGHT=C
See Chapter 10. The purpose of the Salvage Team is to resume normal business operations at the primary processing site(s).
Q: What is the purpose of a Recovery Team?
TOPIC: Business Continuity and Disaster Recovery Planning
A To resume critical business operations at the alternate processing site
B To retrieve any needed items from off-site storage
C To return the primary processing site to normal business operations
D To salvage any usable or marketable assets after a disaster
RIGHT=A
See Chapter 10. The Recovery Team’s purpose is to get critical business operations up and running as soon as possible at the alternate processing site.
Q: Why is communications with the media important during a disaster?
TOPIC: Business Continuity and Disaster Recovery Planning
A Emergency communications with personnel occur through the media.
B The media can report official status instead of relying upon rumors.
C It’s required by the Securities and Exchange Commission.
D It’s recommended by the Business Contingency Planning Association.
RIGHT=B
See Chapter 10. In the absence of communication with the media, inaccurate and usually pessimistic news about the disaster will spread.
Q: When is a disaster defined to be over?
TOPIC: Business Continuity and Disaster Recovery Planning
A One year after it began
B When the Recovery phase has begun
C When all business operations have resumed at alternate operations site(s)
D When all business operations have resumed at the primary operations site(s)
RIGHT=D
See Chapter 10. The disaster is said to be over when all business operations have resumed at their usual production sites.
Q: What new scenario did the 2001 World Trade Center disaster bring to business contingency planning?
TOPIC: Business Continuity and Disaster Recovery Planning
A The sudden loss of a significant portion of an organization’s workforce
B Airplanes being deliberately crashed into buildings
C The unprecedented cessation of securities trading for several consecutive days
D The restrictions of long-distance travel by air
RIGHT=A
See Chapter 10. Prior to 2001, business contingency planning didn’t adequately take into account the unlikely (but now proven possible) scenario of the loss of many or most of an organization’s personnel.
Q: A data processing facility on truck trailers or mobile homes is known as:
TOPIC: Business Continuity and Disaster Recovery Planning
A A Frozen Back-up Site
B A Migrant Back-up Site
C A Rolling Back-up Site
D In Itinerant Back-up Site
RIGHT=C
See Chapter 10. A Rolling Back-up Site (also known as a Mobile Back-up Site) is a portable site built onto a truck trailer or mobile home structure.
Q: What is the purpose of a Criticality Survey?
TOPIC: Business Continuity and Disaster Recovery Planning
A It identifies the funding paths required during a disaster.
B It identifies the critical personnel in the organization.
C It identifies the critical path to full disaster recovery.
D It identifies the processes and functions that are critical to business operations.
RIGHT=D
See Chapter 10. The Criticality Survey is used to identify all critical business processes and functions.
Q: Which is NOT a factor in Business Contingency Planning?
TOPIC: Business Continuity and Disaster Recovery Planning
A Making sure there are sufficient personnel to recover business operations.
B Identifying critical business processes and planning for their resumption
C Filing the Business Contingency Plan with local government authorities
D Identifying funding necessary during a disaster and for recovery of operations.
RIGHT=C
See Chapter 10. With rare exceptions, local governments aren’t involved in companies’ business contingency planning.
Q: What is the purpose of a Business Impact Assessment?
TOPIC: Business Continuity and Disaster Recovery Planning
A To identify critical processes and the resources required to resume them
B To identify the impact of a disaster on the organization’s value chain
C To identify the financial cost of any particular disaster scenario
D To identify a disaster’s impact on company market share
RIGHT=A
See Chapter 10. The main purpose of a Business Impact Assessment is the identification of critical business processes, the amount of downtime for those processes the business can tolerate, and the resources required to resume those critical processes.
Q: Typically the first step in the BCP process is:
TOPIC: Business Continuity and Disaster Recovery Planning
A To inventory all business critical processes
B Scope and Plan Initiation
C Business Impact Analysis
D Business Continuity Plan
RIGHT=B
See Chapter 10. The scope of the BCP program must first be determined.
Q: Civil and criminal penalties can be imposed upon public companies that fail to maintain adequate controls according to:
TOPIC: Business Continuity and Disaster Recovery Planning
A HIPAA
B The Graham-Leach-Bliley Act of 1999
C The Information Controls and Practices Act of 1997
D The Foreign Corrupt Practices Act of 1977
RIGHT=D
See Chapter 10. The Foreign Corrupt Practices Act of 1977 imposes civil and criminal penalties on publicly owned companies that fail to adequately control their information systems.
Q: The loss of competitive advantage and market share is known as:
TOPIC: Business Continuity and Disaster Recovery Planning
A A critical support area
B A qualitative loss
C A quantitative loss
D A nonproductive loss
RIGHT=B
Qualitative losses, such as loss of competitive advantage, are more difficult to measure. See Chapter 10.
Q: Acting with excellence, competence, and diligence is known as:
TOPIC: Business Continuity and Disaster Recovery Planning
A Due care
B Due diligence
C Due ignorance
D The Golden Principles
RIGHT=A
See Chapter 10. Executives and other managers must operate their companies with due care, which includes having adequate disaster recovery planning.
Q: An access control system that grants access to information based upon its classification and the clearance of the individual is known as:
TOPIC: Access Control Systems and Methodology
A Identity-based access control
B Mandatory access control
C Role-based access control
D Identity-based access control
RIGHT=B
See Chapter 3. Mandatory access control is based upon the user’s clearance level, the classification of the information, and the user’s need to know.
Q: An access control system that grants access to information based upon the identity of the user is known as:
TOPIC: Access Control Systems and Methodology
A Identity-based access control
B Mandatory access control
C Role-based access control
D Clearance-based access control
RIGHT=A
See Chapter 3. Identity-based access control is used to grant access to information based upon the identity of the person requesting access.
Q: An access control system that gives the user some control over who has access to information is known as:
TOPIC: Access Control Systems and Methodology
A Identity-based access control
B User-directed access control
C Role-based access control
D Clearance-based access control
RIGHT=B
See Chapter 3. User-directed access control, a form of discretionary access control, permits the user to grant access to information, based upon certain limitations.
Q: Encryption, tokens, access control lists, and smart cards are known as:
TOPIC: Access Control Systems and Methodology
A Discretionary access controls
B Physical controls
C Technical controls
D Administrative controls
RIGHT=C
See Chapter 3. These are examples of technical, or logical, controls.
Q: Supervision, audits, procedures, and assessments are known as:
TOPIC: Access Control Systems and Methodology
A Discretionary access controls
B Safeguards
C Physical controls
D Administrative controls
RIGHT=D
See Chapter 3. Administrative access controls consist of all the policies and procedures that are used to mitigate risk.
Q: Security guards, locked doors, and surveillance cameras are known as:
TOPIC: Access Control Systems and Methodology
A Site-access controls
B Safeguards
C Physical access controls
D Administrative controls
RIGHT=C
See Chapter 3. Physical access controls include these and others such as backups, protection of cabling, and card key access.
Q: Role-based access control and task-based access control are examples of:
TOPIC: Access Control Systems and Methodology
A Mandatory access controls
B Administrative controls
C Discretionary access controls
D Non-discretionary access controls
RIGHT=D
See Chapter 3. These are known as non-discretionary controls, which match information to roles or tasks and not individual users.
Q: Audits, background checks, video cameras, and listening devices are known as:
TOPIC: Access Control Systems and Methodology
A Discretionary controls
B Physical controls
C Preventive controls
D Detective controls
RIGHT=D
See Chapter 3. Detective controls are those controls that are designed to detect security events.
Q: Smart cards, fences, guard dogs, and card key access are known as:
TOPIC: Access Control Systems and Methodology
A Mandatory controls
B Physical controls
C Preventive controls
D Detective controls
RIGHT=C
See Chapter 3. Preventive controls are those that are used to prevent security events.
Q: Is identification weaker than authentication?
TOPIC: Access Control Systems and Methodology
A Yes: Identity is based only on the assertion of identity without providing proof.
B Yes: Identification uses ASCII data, whereas authentication uses binary data.
C No: Identification and authentication provide the same level of identity.
D No: They are used in different contexts and have nothing to do with each other.
RIGHT=A
See Chapter 3. Identification is only the assertion of identity, whereas authentication is the proof of identity.
Q: Two-factor authentication is so-called because:
TOPIC: Access Control Systems and Methodology
A It requires two of the three authentication types.
B Tokens use two-factor encryption to hide their secret algorithms.
C Authentication difficulty is increased by a factor of two.
D It uses a factor of two prime numbers algorithm for added strength.
RIGHT=A
See Chapter 3. Two-factor authentication requires any two of Type 1 (Something you know), Type 2 (Something you have), and Type 3 (Something you are).
Q: “Something you are” refers to:
TOPIC: Access Control Systems and Methodology
A A user’s security clearance
B A user’s role
C Type 2 authentication
D Type 3 authentication
RIGHT=D
See Chapter 3. “Something you are” refers to authentication that measures something physical such as a fingerprint, retina scan, or voiceprint.
Q: Two-factor authentication is stronger than single-factor authentication because:
TOPIC: Access Control Systems and Methodology
A It uses a factor of two prime numbers algorithm for added strength.
B It relies upon two factors, such as a password and a smart card.
C Authentication difficulty is increased by a factor of two.
D The user must be physically present to authenticate.
RIGHT=B
See Chapter 3. Two-factor authentication requires any two of Type 1 (Something you know), Type 2 (Something you have), and Type 3 (Something you are).
Q: Finger print, retina scan, and facial scans are examples of:
TOPIC: Access Control Systems and Methodology
A Biometric authentication
B Physical controls
C Type 2 authentication
D Three-factor authentication
RIGHT=A
See Chapter 3. These are all biometrics. Other examples include hand geometry scans, voice scans, and signature scans.
Q: Tokens, smart cards, and ATM cards are examples of:
TOPIC: Access Control Systems and Methodology
A Logical controls
B Identifiers
C Something you have
D Type 3 authentication
RIGHT=C
See Chapter 3. These are examples of “Something you have,” also known as Type 2 authentication.
Q: Single sign-on performs which of the following:
TOPIC: Access Control Systems and Methodology
A Stores the password locally using a “Save my password” feature.
B Permits authentication to applications without having to log in one by one.
C Stores the password and uses a cookie for subsequent authentication.
D Is no longer used because it is not secure.
RIGHT=B
See Chapter 3. Single sign-on permits a user’s authentication to be granted to all participating applications. This alleviates the problem of having to remember several different user-IDs and passwords.
Q: Which of the following is NOT a weakness in Kerberos?
TOPIC: Access Control Systems and Methodology
A The user’s secret key is transmitted over the network.
B Kerberos is vulnerable to replay attacks.
C The TGS and AS servers are vulnerable to physical attack.
D The user’s secret key is temporarily stored on the client system.
RIGHT=A
See Chapter 3. The user’s secret key is never transmitted over the network.
Q: The definition of TACACS is:
TOPIC: Access Control Systems and Methodology
A Technical Authentication Center Access Control Service
B Terminal Access Controller Authentication Control Service
C Technical Assistance Center Access Control System
D Terminal Access Controller Access Control System
RIGHT=D
TACACS is an authentication protocol that stands for Terminal Access Controller Access Control System .See Chapter 3.
Q: RADIUS is an example of:
TOPIC: Access Control Systems and Methodology
A Remote Authentication and Dial-In User Service
B Centralized access control
C Distributed access control
D Detective control
RIGHT=B
See Chapter 3. RADIUS is used for centralized access control.
Q: CHAP is used for:
TOPIC: Access Control Systems and Methodology
A Centralized access control
B Encrypting RADIUS authentication
C Ciphering RADIUS authentication
D Creating one-time passwords
RIGHT=A
See Chapter 3. CHAP is used for centralized access control.
Q: RACF is used for:
TOPIC: Access Control Systems and Methodology
A Providing Kerberos authentication
B Providing biometric authentication
C Providing access control in UNIX environments
D Providing access control services in IBM mainframe environments
RIGHT=D
See Chapter 3. RACF, or Resource Access Control Facility, is a mainstay in IBM mainframe environments for providing access control.
Q: A system used to identify anomalies on a network is known as a:
TOPIC: Access Control Systems and Methodology
A Signature-based intrusion detection system
B Network-based intrusion detection system
C Signature-based intrusion detection system
D Network-based intrusion control system
RIGHT=B
See Chapter 3. A network-based intrusion detection system (IDS) is used to detect possible intrusions by using either signature-based or anomaly-based methods.
Q: One disadvantage of host-based intrusion detection is that:
TOPIC: Access Control Systems and Methodology
A Event correlation is not possible.
B It cannot detect broadcast packets.
C It consumes resources on the host.
D It can only perform signature-based detection.
RIGHT=C
See Chapter 3. Host-based intrusion detection systems (IDS) consume resources on the host because it must analyze potentially voluminous network traffic.
Q: One disadvantage of signature-based intrusion detection is that:
TOPIC: Access Control Systems and Methodology
A It cannot recognize attacks that are not in the signature file.
B It detects intrusions only on hosts but not on networks.
C It detects intrusions only on networks but not on hosts.
D It can only detect mechanized attacks but not hacker attacks.
RIGHT=A
See Chapter 3. Signature-based intrusion detection systems (IDS) can only detect attacks that are defined in its signature file. It can be a major pain to update signature files on all IDSs in the organization.
Q: The most common relational database manipulation and definition language in use is:
TOPIC: Access Control Systems and Methodology
A DBML
B SQL Server
C SQL
D Oracle
RIGHT=C
See Chapter 3. SQL is used to build, manage, and update relational databases.
Q: What is the value of a database view?
TOPIC: Access Control Systems and Methodology
A It gives the DBA a top-down view of the schema.
B It defines which tables, records, and fields that a person may view.
C It is used to gather database security statistics.
D It gives the security administrator a graphic view of the permission tree.
RIGHT=B
See Chapter 3. A database view is a virtual window into a database that permits the DBA to define what tables, records, and fields a person can see.
Q: Object-oriented databases:
TOPIC: Access Control Systems and Methodology
A Are well suited to the storage and manipulation of complex data types.
B Use fewer system resources than relational databases.
C Are easier to learn than relational databases.
D Have severe restrictions on the types and sizes of data elements.
RIGHT=A
See Chapter 3. Object-oriented databases are well suited for complex and large data types but take far more system resources and have steep learning curves.
Q: Which of the following is NOT a characteristic of biometrics?
TOPIC: Access Control Systems and Methodology
A It can experience high false negatives.
B It can experience high false positives.
C Throughput rates are not an issue.
D Biometric databases can become very large.
RIGHT=C
See Chapter 3. Throughput rates ARE an issue with biometrics.
Q: One of the difficulties associated with network-based intrusion detection systems is:
TOPIC: Access Control Systems and Methodology
A Synchronizing the signature file with the firewall.
B The steep learning curve associated with IDS.
C The high number of false negatives that must be eliminated.
D The high number of false positives that must be eliminated.
RIGHT=D
See Chapter 3. IDS is known for a high number of false positives that must be eliminated one by one.
Q: Which of the following is NOT an obstacle to implementing two-factor authentication?
TOPIC: Access Control Systems and Methodology
A The need to integrate two-factor authentication into systems and applications.
B The high cost of implementation.
C Integrating two-factor authentication into the building’s badge entry system.
D The increased TCO over single-factor authentication.
RIGHT=C
See Chapter 3. Two-factor authentication is rarely (if ever) integrated with a badge entry system.
Q: A database containing the data structures used by an application is known as:
TOPIC: Development
A A data encyclopedia
B A data dictionary
C Metadata
D A schema
RIGHT=B
See Chapter 6. A data dictionary contains information about an application’s data structures, including table names, field names, indexes, and so on.
Q: The purpose of a Service Level Agreement is:
TOPIC: Development
A To guarantee a minimum quality of service for an application or function
B To guarantee the maximum quality of service for an application or function
C To identify gaps in availability of an application
D To correct issues identified in a security audit
RIGHT=A
See Chapter 6. A Service Level Agreement, or SLA, defines minimum performance metrics of an application or service.
Q: CRCs, parity checks, and checksums are examples of:
TOPIC: Development
A Corrective application controls
B Message digests
C Preventive application controls
D Detective application controls
RIGHT=D
See Chapter 6. They are examples of detective application controls because they are designed to help discover security breaches in a network.
Q: Data mining:
TOPIC: Development
A Can be performed by privileged users only
B Is generally performed after hours because it’s resource intensive
C Refers to searches for correlations in a data warehouse
D Is the term used to describe a hacker who has broken into a databas
RIGHT=C
See Chapter 6. Data mining is the term used to describe searches for correlations in a data warehouse.
Q: “Object-oriented” and “relational” are examples of:
TOPIC: Development
A Types of database tables
B Types of database records
C Types of database queries
D Types of databases
RIGHT=D
See Chapter 6. “Object-oriented” and “relational” are types of databases.
Q: Neural networking gets its name from:
TOPIC: Development
A The make and model of equipment in a network
B Patterns thought to exist in the brain
C Its inventor, Sigor Neura
D Observed patterns in neural telepathy
RIGHT=B
See Chapter 6. Neural networks are systems that can detect patterns after a period of training.
Q: The verification activity associated with coding is called:
TOPIC: Development
A Unit testing
B Design review
C System testing
D Architecture review
RIGHT=A
See Chapter 6. Unit testing is the testing of small modules of code, which is used to verify that the coding was done correctly.
Q: What is the primary input of a high-level product design?
TOPIC: Development
A Feasibility study
B Integration rules
C Unit testing
D Requirements
RIGHT=D
See Chapter 6. Requirements are the single largest input used in the high-level product design phase.
Q: The main improvement of the Waterfall software lifecycle model over earlier models was:
TOPIC: Development
A System and software requirements are combined into one step.
B Developers can back up one step in the process for rework.
C Coding and testing is combined into one step.
D The need for rework was eliminated.
RIGHT=B
See Chapter 6. Going back one step for rework was the main improvement of the Waterfall model. This is important because sometimes any of the steps may fail to consider something that the next step uncovers.
Q: The primary feature of the Spiral software development model is that:
TOPIC: Development
A It shows cumulative project cost over several development iterations.
B It includes Risk Analysis as a milestone.
C It includes Security Assessment as a milestone.
D It is only suitable for software integration, not software development.
RIGHT=A
See Chapter 6. Spiral software model depicts the accumulation of cost over the entire lifetime of a software product.
Q: Which of the following is NOT a value of change control in the software development lifecycle?
TOPIC: Development
A Changes are documented and subject to approval.
B Scope creep is controlled.
C It gives the customer veto power over proposed changes.
D The cost of changes is considered.
RIGHT=C
See Chapter 6. Veto power is unlikely, but the other choices listed are value-added features of change control.
Q: How does the Waterfall software development lifecycle help to assure that applications will be secure?
TOPIC: Development
A Security requirements can be included early on and verified later in testing.
B The testing phase includes penetration testing.
C The Risk Analysis phase will uncover flaws in the feasibility model.
D A list of valid users must be approved prior to production.
RIGHT=A
See Chapter 6. The greatest value in the development lifecycle is getting security requirements in at the beginning so that security will be “baked in.”
Q: The main purpose of configuration management is to:
TOPIC: Development
A Require cost justification for any change in a software product
B Require approval for any desired change in a software product
C Maintain a detailed record of changes for the lifetime of a software product.
D Provide the customer with a process for requesting configuration changes.
RIGHT=C
See Chapter 6. Configuration management produces a highly detailed record, including details of each and every copy of a software product that was created.
Q: Configuration management can include an approval-based check-in/check-out mechanism to ensure that:
TOPIC: Development
A Developers won’t make unapproved changes to software.
B All changes have been tested.
C All changes have been approved.
D All changes have been verified.
RIGHT=A
See Chapter 6. A check-in/check-out mechanism in configuration management keeps the developers from making unauthorized and undocumented “improvements.”
Q: The Software Capability Maturity Model is a measure of:
TOPIC: Development
A Advancements in software capabilities
B The technical capabilities of software
C The maturity of an organization’s software development processes
D The ability of a software product to remain accurate even after many years
RIGHT=C
See Chapter 6. The Software Capability Maturity Model (SCMM) is a measure of an organization’s software development process.
Q: The components of the SEI Process Improvement IDEAL Model are:
TOPIC: Development
A Initiate, Diagnose, Establish, Action, and Leverage
B Identify, Document, Establish, Annotate, and Learn
C Influence, Diagnose, Establish, Annotate, and Learn
D Identify, Document, Elucidate, Annotate, and Launch
RIGHT=A
SEI’s IDEAL stands for Initiate, Diagnose, Establish, Action, and Leverage. See Chapter 6.
Q: Which of the following is NOT a goal of the Software Capability Maturity Model?
TOPIC: Development
A Reduced development time
B Improved development tools
C Improved software quality
D Improved planning
RIGHT=B
See Chapter 6. The SCMM has little, if anything, to do with development tools, but the other answers are some of its objectives.
Q: The top-most level in the Software Capability Maturity Model has to do with:
TOPIC: Development
A Continuous and institutionalized process improvement
B Complete lack of processes and controls
C Fully normalized and optimized software
D Fully tested and validated software
RIGHT=A
See Chapter 6. The highest order of existence in the SCMM is a model of continuous process improvement.
Q: The purpose of a Build List is:
TOPIC: Development
A To obtain approval at the Detailed Design step of the software lifecycle
B To ensure that the compiler includes all necessary components during a build
C To ensure that all the necessary components are present during a build
D A record of the versions of all components of each copy of a product
RIGHT=D
See Chapter 6. The Build List is a part of Configuration Management that records all the component versions for each build of the product.
Q: In which steps are Security Specifications used in the software lifecycle?
TOPIC: Development
A Coding only
B Product Design only
C Product Design and Detailed Design
D Product Design, Detailed Design, and Coding
RIGHT=B
See Chapter 6. Security Specifications are used during Product and Detailed Design.
Q: What is the purpose of a Software Library?
TOPIC: Development
A It’s an official software source code repository.
B It’s a location where developers can store tools, code fragments, and utilities.
C It’s the location where unit test plans are developed.
D It’s the local copy of the Software Vault.
RIGHT=A
See Chapter 6. The Software Library is a Configuration Management term describing the controlled source code repository. Access to the Software Library is restricted.
Q: Objects in object-oriented systems communicate with other objects via:
TOPIC: Development
A Named pipes
B Queues
C Pipes
D Messages
RIGHT=D
See Chapter 6. “Message” is the term that describes object-to-object communication, which, by the way, is technology independent.
Q: The software code in an object-oriented environment is known as the:
TOPIC: Development
A Code
B Method
C Instance
D Behavior
RIGHT=B
See Chapter 6. A method is the code associated with an object.
Q: The maturity levels in the Software CMM are
TOPIC: Development
A Reactive, Proactive, Managed, and Optimizing
B Reactive, Responsive, Defined, Managed, and Optimizing
C Initiating, Defined, Repeatable, Managed, and Optimizing
D Initiating, Repeatable, Defined, Managed, and Optimizing
RIGHT=D
See Chapter 6. The five maturity levels are (from lowest to highest) Initiating, Repeatable, Defined, Managed, and Optimizing.
Q: Software products are the most secure when:
TOPIC: Development
A They’re run in B2 environments.
B They’re run in C2 environments.
C Security requirements and architectures are known as early as possible.
D Security is layered in as the last step of development.
RIGHT=C
See Chapter 6. The most secure software is that which is built knowing all the security requirements up front.
Q: The platform-independent mechanism developed by the OMG is:
TOPIC: Development
A CORBA
B COBRA
C VIPER
D DCOM
RIGHT=A
See Chapter 6. CORBA, or Common Object Request Broker Architecture, is the platform-independent mechanism developed by the Object Management Group (OMG).
Q: Fuzzification is most often used in:
TOPIC: Development
A Synaptic networks
B Magnetic media degaussers
C Expert systems
D Database caching algorithms
RIGHT=C
See Chapter 6. Fuzzification is used to determine the degree of truth in rule premises.
Q: The term “sandbox” is used to describe:
TOPIC: Development
A The portion of virtual memory that maps to physical memory
B The closed environment in which a Java applet runs
C The location where temporary compilation files are stored
D The location where developers write and test code
RIGHT=B
See Chapter 6. The sandbox is the space where a Java applet runs, thereby protecting the rest of the system.
Q: Which of the following is NOT a security concern about ActiveX?
TOPIC: Development
A ActiveX has a robust sandbox that protects the rest of the system.
B There is no way to prevent malicious ActiveX code from damaging a client.
C An ActiveX control has complete access to the entire client system.
D The digital signature on an ActiveX control only tells it is genuine.
RIGHT=A
See Chapter 6. ActiveX has no sandbox; the other concerns are legitimate.
Q: RAID is also known as:
TOPIC: Development
A Recoverable Array of Independent Disks
B Risk Analysis Initiation Detail
C Redundant Array of Independent Disks
D Robust Array of Inexpensive Disks
RIGHT=C
See Chapter 6. RAID is an acronym for Redundant Array of Independent Disks.
Q: The process of breaking the key and/or plaintext from an enciphered message is known as:
TOPIC: Cryptography
A Decryption
B Steganography
C Cryptanalysis
D Extraction
RIGHT=C
See Chapter 7. Cryptanalysis is the process of getting the key and/or the original message the hard way.
Q: The method of encryption in which both sender and recipient possess a common encryption key is known as:
TOPIC: Cryptography
A Message digest
B Hash function
C Public key cryptography
D Secret key cryptography
RIGHT=D
See Chapter 7. Secret key cryptography is used when all parties possess a common key.
Q: Why would a user’s public encryption key be widely distributed?
TOPIC: Cryptography
A So that cryptographers can attempt to break it.
B Because it’s encrypted.
C Because the user’s private key can’t be derived from their private key.
D So that the user can decrypt messages from any location.
RIGHT=C
See Chapter 7. In public-key cryptography, the value of the public key doesn’t in any way betray the value of the secret key.
Q: Reading down the columns of a message that has been written across is known as:
TOPIC: Cryptography
A A columnar transposition cipher
B Calculating the hash
C Calculating the checksum
D Calculating the modulo
RIGHT=A
See Chapter 7. In this cipher, the cryptographer writes across but reads down.
Q: An asymmetric cryptosystem is also known as:
TOPIC: Cryptography
A Message digest
B Hash function
C Public key cryptosystem
D Secret key cryptosystem
RIGHT=C
See Chapter 7. Asymmetric cryptosystems are also known as public key cryptosystems.
Q: The process of hiding a message inside of a larger dataset is known as:
TOPIC: Cryptography
A Decryption
B Steganography
C Cryptanalysis
D Extraction
RIGHT=B
See Chapter 7. Steganography is the science of inserting messages into larger datasets so that the existence of the message is unknown.
Q: Steganography is not easily noticed because:
TOPIC: Cryptography
A Monitor and picture quality are so good these days.
B Most PCs’ speakers are turned off or disabled.
C The human eye often can’t sense the noise that steganography introduces.
D Checksums can’t detect most steganographed images.
RIGHT=C
Steganography is difficult to detect visually in an image. See Chapter 7.
Q: What historic event was the backdrop for breakthroughs in strategic cryptography?
TOPIC: Cryptography
A The Gulf War
B World War I
C World War II
D The Six Day War
RIGHT=C
See Chapter 7. World War II saw a significant advancement in the science of cryptography. World War II became a war of cryptanalysis wherein each participant was sometimes able to break the code of the others, resulting in strategic advantage.
Q: Non-repudiation refers to:
TOPIC: Cryptography
A The technology that shoots down the “I didn’t send that message” excuse
B Re-verification of all CA certificate servers
C The annual competency review of system and network authentication mechanisms
D The annual competency review of system and network authentication mechanisms
RIGHT=A
See Chapter 7. Non-repudiation helps to prove that a specific individual did create or sign a document or transmit data to or from another.
Q: The amount of effort required to break a given ciphertext is known as the:
TOPIC: Cryptography
A Work function
B Effort function
C Cryptanalysis
D Extraction
RIGHT=A
See Chapter 7. Work function is the term used to describe the amount of time and/or money required to break a ciphertext.
Q: What is one disadvantage of an organization signing its own certificates?
TOPIC: Cryptography
A The certificate signing function is labor intensive.
B Anyone outside the organization will receive warning messages.
C The user identification process is labor intensive.
D It is much more expensive than having certificates signed by a CA.
RIGHT=B
See Chapter 7. The lack of a top-level signature on a certificate results in warning messages stating that the certificate lacks a top-level signature.
Q: The ability for a government agency to wiretap a data connection is implemented in the:
TOPIC: Cryptography
A Skipjack chip
B Magic lantern
C Cutty chip
D Clipper chip
RIGHT=D
See Chapter 7. The clipper chip is that which performs encryption but also provides a legal wiretap capability.
Q: The cipher device used by Germany in World War II is known as:
TOPIC: Cryptography
A M-922
B M-902
C Enigma
D Turing
RIGHT=C
See Chapter 7. The famous German device is the Enigma.
Q: The problem of WTLS-to-SSL transactions existing temporarily “in the clear” is called the:
TOPIC: Cryptography
A GATT GAP
B Knapsack problem
C WEP GAP
D WAP GAP
RIGHT=D
See Chapter 7. The WAP GAP refers to the place in the overall architecture where an encrypted message exists unencrypted.
Q: Why would a user’s public encryption key be widely distributed?
TOPIC: Cryptography
A So that cryptographers can attempt to break it.
B Because it’s encrypted.
C So that any person can send an encrypted message to the user.
D So that the user can decrypt messages from any location.
RIGHT=C
See Chapter 7. Wide distribution of a user’s public key permits anyone with the public key algorithm to encrypt a message intended for the user by using that person’s public key. Any such message can be decrypted only by someone possessing the user’s private key, which would presumably be only the user.
Q: Which of the following is NOT a solution for securing e-mail?
TOPIC: Cryptography
A MIME Object Security Services (MOSS)
B S/MIME
C SET
D PGP
RIGHT=C
See Chapter 7. SET is a financial transaction security tool and is not used for e-mail.
Q: An algorithm that is easy to compute in the “forward” direction but difficult to compute “backwards” is known as:
TOPIC: Cryptography
A A block grant
B A stream cipher
C A public key function
D A one-way function
RIGHT=D
See Chapter 7. A one-way function is easy to compute in the forward direction but very difficult to run backwards.
Q: What technology advancement led to the breaking of DES?
TOPIC: Cryptography
A VLSI chips
B Decrease in cost of computers
C Neural networks
D Expert systems
RIGHT=A
See Chapter 7. VLSI enables complex mathematical functions to be carried out in hardware at high speeds.
Q: Why does PGP not scale well in larger environments?
TOPIC: Cryptography
A Users certify each other, which can result in too large a web of trust.
B The system or security administrator must manually sign every new key.
C Storing the public keys will take more space than previously believed.
D Not enough computing power exists to encrypt and decrypt all the e-mail traffic.
RIGHT=A
See Chapter 7. The web of trust can become very large and potentially weak in places.
Q: What party in an organization signs a subscriber’s digital certificate?
TOPIC: Cryptography
A Repository
B Subscriber’s supervisor
C Subscriber
D Certificate Authority
RIGHT=D
See Chapter 7. The certificate authority, after receiving satisfactory proof of the identity of the individual, signs that individual’s certificate.
Q: The science of hiding the true meaning of messages from unintended recipients is known as:
TOPIC: Cryptography
A Cryptosystem
B Cryptology
C Cryptography.
D Enciphering
RIGHT=C
See Chapter 7. Cryptography is the art of hiding the meaning of messages so that unintended recipients can’t read them.
Q: Which protocol is most often used to access certificates in a PKI?
TOPIC: Cryptography
A SSL
B LDAP
C CA
D SSH
RIGHT=B
See Chapter 7. LDAP is the directory agent of choice for PKIs.
Q: One of the challenges facing participants in a symmetric key cryptosystem is:
TOPIC: Cryptography
A How to tell each user which algorithm to use
B How to safely transmit the secret key to each user
C How to transmit enciphered messages
D How to store deciphered messages
RIGHT=B
See Chapter 7. Getting the secret key to each user can be difficult because it must not be made available to any unauthorized party.
Q: The type of encryption used by Caesar is:
TOPIC: Cryptography
A One=Time Pad
B Transposition
C Transformation
D Substitution
RIGHT=D
See Chapter 7. Caesar used Substitution, specifically by shifting the alphabet by three letters.
Q: Which of the following is NOT a purpose of a digital signature?
TOPIC Encryption
A Authentication to a key server
B Detecting unauthorized changes of data
C Non-repudiation
D Identifying the person who signed the data
RIGHT=A
See Chapter 7. This is a totally bogus answer, but the other three ARE stated uses of digital signatures.
Q: A given symmetric cryptosystem uses a 64 bit key size. If an asymmetric cryptosystem is used instead, what key size is required that will give the equivalent strength of the symmetric cryptosystem?
TOPIC: Encryption
A 2048 bits
B 512 bits
C 64 bits
D 24 bits
RIGHT=B
An asymmetric cryptosystem must use a 512 bit key size to match the strength of a symmetric cryptosystem using a 64 bit key. See Chapter 7.
Q: How can symmetric key cryptosystems be made more secure?
TOPIC: Cryptography
A By periodically changing the secret key
B By periodically changing the length of the secret key
C By canceling and reissuing secret keys
D By periodically changing the encryption algorithm
RIGHT=A
See Chapter 7. By changing the secret key periodically, only a finite portion of the ciphertext can be broken by someone who has discovered the secret key.
Q: A cipher that rearranges the order of characters from the original message is a:
TOPIC: Cryptography
A Substitution
B Transfiguration
C Transubstantiation
D Transposition
RIGHT=D
See Chapter 7. Transposition is the process of changing the order of characters in a message.
Q: Which public key cryptosystems relies upon the difficulty of factoring the product of large prime numbers?
TOPIC: Cryptography
A El Gamal
B Elliptic Curve
C RSA
D Diffie-Hellman
RIGHT=C
See Chapter 7. RSA is the only one of these that works with the product of two prime numbers. The others mentioned here use discreet logarithms in finite fields.
Q: The substitution cipher used by UNIX systems that shifts characters by 13 positions is known as:
TOPIC: Cryptography
A Crypt
B ROOT 13
C ROT 13
D ROTOR 13
RIGHT=C
See Chapter 7. UNIX used the simple substitution cipher called ROT 13 to obfuscate messages. It was most often used in newsgroups to hide off-color jokes from those who were easily offended and didn’t wish to read them. ROT-13 was not meant to be difficult to decrypt -- only to make text unrecognizable on sight.
Q: The Internet Worm Incident of 1988 was perpetrated by:
TOPIC: Law, Investigations, and Ethics
A The 414 Gang
B Robert Morris
C Kevin Mitnick
D Gene Spafford
RIGHT=B
See Chapter 11. Robert Morris wrote and released what is now known as the Internet Worm in 1988. Gene Spafford wrote several papers on the topic.
Q: Forensics is the term that describes:
TOPIC: Law, Investigation, and Ethics
A Due process
B Tracking hackers from other countries
C Taking steps taken to preserve and record evidence
D Scrubbing a system in order to return it to service
RIGHT=C
See Chapter 11. Forensics is the study and activity of discovering, preserving, and recording evidence.
Q: An expert witness:
TOPIC: Law, Investigation, and Ethics
A Offers an opinion based upon the facts of a case and upon personal expertise
B Is someone who was present at the scene of the crime
C Has direct personal knowledge about the event in question
D Can testify in criminal proceedings only
RIGHT=A
See Chapter 11. An expert witness offers his opinion based upon the facts of the case and upon personal expertise.
Q: A witness:
TOPIC: Law, Investigation, and Ethics
A Offers an opinion based upon the facts of a case and upon personal expertise
B Is someone who was present at the scene of the crime
C Has direct personal knowledge about the event in question
D Can testify in criminal proceedings only
RIGHT=C
See Chapter 11. A witness testifies the facts as he understands them.
Q: “Entrapment” is defined as:
TOPIC: Law, Investigation, and Ethics
A Leading someone to commit a crime that they wouldn’t otherwise have committed.
B Monitoring with the intent of recording a crime
C Paying someone to commit a crime
D Being caught with criminal evidence in one’s possession
RIGHT=A
See Chapter 11. Entrapment refers to the activities that lure an individual into committing a crime that they wouldn’t have otherwise committed.
Q: “Enticement” is defined as:
TOPIC: Law, Investigation, and Ethics
A Being caught with criminal evidence in one’s possession
B Leading someone to commit a crime that they wouldn’t otherwise have committed.
C Monitoring with the intent of recording a crime
D Keeping the criminal at the scene of the crime long enough to gather evidence.
RIGHT=D
See Chapter 11. Enticement is used to keep a criminal at the scene of the crime. In the context of electronic crime, a honeypot is a great way to keep an intruder sniffing around while his origin is traced.
Q: The purpose of a honeypot is to:
TOPIC: Law, Investigation, and Ethics
A Log an intruder’s actions.
B Act as a decoy to keep the intruder interested while his origin and identity are traced.
C Deflect denial of service attacks away from production servers.
D Provide direct evidence of a break-in.
RIGHT=B
See Chapter 11. A honeypot is designed to keep an intruder sniffing around long enough for investigators to determine his origin and identity.
Q: Which of the following is NOT a precaution that needs to be taken before monitoring e-mail?
TOPIC: Law, Investigation, and Ethics
A Strict procedures that define under what circumstances e-mail may be searched.
B A visible notice stating that e-mail is company information subject to search.
C Issue monitoring tools to all e-mail administrators.
D Make sure that all employees know that it’s being monitored.
RIGHT=C
See Chapter 11. This is not a precaution at all – not even a step that would be considered. The other items DO need to be taken before any monitoring is performed.
Q: Intellectual property laws apply to:
TOPIC: Law, Investigation, and Ethics
A Trade secrets, trademarks, copyrights, and patents.
B Trademarks, copyrights, and patents.
C Trademarks only.
D Patents only.
RIGHT=A
See Chapter 11. Intellectual property laws apply to trade secrets, trademarks, copyrights, and patents.
Q: In order to be admissible, electronic evidence must:
TOPIC: Law, Investigation, and Ethics
A Be legally permissible
B Not be copied
C Have been in the custody of the investigator at all times
D Not contain viruses
RIGHT=A
See Chapter 11. Evidence gathered in violation of any laws can’t be admitted in court.
Q: Who has jurisdiction over computer crimes in the United States?
TOPIC: Law, Investigation, and Ethics
A The Department of Justice
B The Electronic Crimes Task Force
C Any state or local jurisdiction
D The FBI and the Secret Service
RIGHT=D
See Chapter 11. Believe it or not, the FBI and the Secret Service have jurisdiction over computer crimes.
Q: Under what circumstance may evidence be seized without a warrant?
TOPIC: Law, Investigation, and Ethics
A If it’s in the public domain
B If it’s believed that its destruction is imminent
C In international incidents
D If it’s on a computer
RIGHT=B
See Chapter 11. Evidence may only be seized if law enforcement believes that it’s about to be destroyed.
Q: Motive, means, and opportunity:
TOPIC: Law, Investigation, and Ethics
A Are required prior to the commission of a crime
B Are the required three pieces of evidence in any criminal trial
C Are the three factors that determine whether someone may have committed a crime.
D Are the usual ingredients in a sting operation
RIGHT=C
See Chapter 11. Motive, means, and opportunity are the standard criteria when considering a possible suspect in a crime.
Q: Using social skills to acquire critical information about computer systems is known as:
TOPIC: Law, Investigation, and Ethics
A Social espionage
B Social engineering
C Social racketeering
D Eavesdropping
RIGHT=B
See Chapter 11. Social engineering is the term used to describe the activity carried out by clever individuals who often claim to be someone that they are not in order to elicit information from unsuspecting individuals who are just trying to be helpful.
Q: It is difficult to determine that theft of information has occurred because:
TOPIC: Law, Investigation, and Ethics
A It’s not a crime unless someone posts the information on the Internet.
B Most sites have inadequate audit logs.
C More often than not, the information is still there.
D Most law enforcement personnel don’t understand information technology.
RIGHT=C
See Chapter 11. When information is stolen, it’s most often copied, which means that the original information is still there, unaltered.
Q: The illegal acquisition of funds through manipulation or falsification of financial information is known as:
TOPIC: Law, Investigation, and Ethics
A Embezzlement
B Conspiracy
C Blackmail
D Extortion
RIGHT=A
See Chapter 11. Embezzlement is basically stealing money from an organization by falsifying records.
Q: The illegal acquisition of funds through intimidation is known as:
TOPIC: Law, Investigation, and Ethics
A Embezzlement
B Conspiracy
C Blackmail
D Extortion
RIGHT=D
See Chapter 11. Unlike embezzlement (when the organization doesn’t know that it’s giving money away), extortion means that the organization is paying someone to do (or not do) something.
Q: The categories of common law that relate to information systems are:
TOPIC: Law, Investigation, and Ethics
A Patent, copyright, and trademark
B Misdemeanor and felony
C Criminal and civil
D Criminal, civil, regulatory, intellectual property, and privacy
RIGHT=D
See Chapter 11. Criminal, civil, and regulatory relate universally. Intellectual property and privacy are especially applicable to information systems.
Q: The primary goal of information privacy laws is:
TOPIC: Law, Investigation, and Ethics
A To require organizations to ask for permission each time they share information
B To discourage the abuse of individuals’ private information
C To require the use of government-operated databases instead of private databases
D To prevent individuals from falsifying information about themselves
RIGHT=B
See Chapter 11. Privacy laws seek to curb the abuses of private information by organizations wishing to misuse it.
Q: The chain of evidence ensures:
TOPIC: Law, Investigation, and Ethics
A That evidence links the alleged perpetrator to the crime
B That those who collected it will be available to testify in court
C That it’s relevant and reliable
D The integrity of evidence, from collection through safekeeping
RIGHT=D
See Chapter 11. The chain of evidence ensures its integrity from the place of collection through preservation and finally presentation in court.
Q: The only way to be absolutely sure that a hard disk has not been tampered with is to:
TOPIC: Law, Investigation, and Ethics
A Write-protect the hard disk
B Remove the hard disk from the computer
C Create a digital signature based upon its entire contents
D Back it up to tape and make comparisons later as needed
RIGHT=C
See Chapter 11. Although a tape backup could be used, a digital signature is by far the most reliable way of determining whether a hard disk has been tampered with.
Q: A set of values defining acceptable and unacceptable behavior is known as:
TOPIC: Law, Investigation, and Ethics
A Ethics
B Guiding principles
C Laws
D Requirements
RIGHT=A
See Chapter 11. Ethics defines right and wrong behavior. Various organizations have codes of ethics defining right and wrong in various contexts.
Q: During an interrogation of a suspect, copies of any evidence should be used because:
TOPIC: Law, Investigation, and Ethics
A The suspect may ask for the evidence.
B The suspect may attempt to destroy the evidence.
C The original should be locked in the evidence room.
D The suspect be allowed to give a copy of the evidence to his attorney.
RIGHT=B
See Chapter 11. It would be a shame if a suspect destroyed evidence that investigators worked so hard to produce.
Q: Federal Sentencing Guidelines specify that a corporation’s senior officers can be:
TOPIC: Law, Investigation, and Ethics
A Imprisoned for failing to protect corporate information assets from harm
B Held personally liable for failing to protect information assets from harm.
C Sentenced to house arrest for failing to protect information assets from harm.
D Barred from management for failing to protect information assets from harm.
RIGHT=B
See Chapter 11. Senior officers can be personally liable for up to $290 million for failure to comply with the law.
Q: The owner of a patent is protected for how long in the United States?
TOPIC: Law, Investigation, and Ethics
A 17 years
B 7 years
C 10 years
D 27 years
RIGHT=A
See Chapter 11. Patents protect its owner for 17 years.
Q: Laws having to do with a wrong that one has inflicted upon another are called:
TOPIC: Law, Investigation, and Ethics
A Statutory laws
B Common laws
C Civil laws
D Liability laws
RIGHT=C
See Chapter 11. Laws having to do with one person or organization damaging another are civil laws.
Q: The US government program requiring shielding and other mechanisms designed to prevent the emanation of radio frequency (RF) signals generated by computer equipment is called:
TOPIC: Law, Investigation, and Ethics
A AURORA
B TEAPOT
C RIVEST
D TEMPEST
RIGHT=D
See Chapter 11. TEMPEST is the name of the program that developed standards for shielding facilities to prevent RF containing secret information from radiating from buildings.
Q: The deliberate misuse of information is prohibited by:
TOPIC: Law, Investigation, and Ethics
A The US Federal Trade Commission
B The Heisenberg Principle
C The Fourth Amendment of the United States Constitution
D The (ISC)2 Code of Ethics
RIGHT=D
The (ISC)2 Code of Ethics prohibits the deliberate misuse of information. See Chapter 11.
Q: The name of the law requiring protection of personal medical information is:
TOPIC: Law, Investigation, and Ethics
A UCITA
B HAPPY
C HIPAA
D HIIPA
RIGHT=C
See Chapter 11. HIPAA, the Health Insurance Portability and Accountability Act, addresses health care privacy.
Q: The primary drawback to the FBI’s Carnivore capability is:
TOPIC: Law, Investigation, and Ethics
A It’s useless if those observed encrypt their data.
B It takes too long to crack most encryption schemes.
C It noticeably degrades performance.
D It doesn’t work on Windows systems.
RIGHT=A
See Chapter 11. Carnivore is the FBI’s means for wiretapping data transmissions. It’s pretty much useless if the data being wiretapped is encrypted.
Q: Access controls and card key systems are examples of:
TOPIC: Operations Security
A Detective controls
B Preventative controls
C Corrective controls
D Trust controls
RIGHT=B
See Chapter 9. Preventative controls are those that are designed to prevent a security incident.
Q: Audit trails and security cameras are examples of:
TOPIC: Operations Security
A Detective controls
B Preventative controls
C Corrective controls
D Trust controls
RIGHT=A
See Chapter 9. Detective controls are designed to record security events.
Q: Reboot instructions and file restore procedures are examples of:
TOPIC: Operations Security
A Detective controls
B Preventative controls
C Corrective controls
D Trust controls
RIGHT=C
See Chapter 9. Corrective controls are used to resume business operations after a security incident.
Q: Covert channel analysis is used to:
TOPIC: Operations Security
A Detect and understand unauthorized communication
B Encipher unauthorized communications
C Decipher unauthorized communications
D Recover unauthorized communications
RIGHT=A
See Chapter 9. Covert channel analysis is used to detect, understand, and help security personnel to prevent covert channels.
Q: Least privilege means:
TOPIC: Operations Security
A Analysis that determines which privileges are required to complete a task.
B Persons with higher privileges delegate some of those privileges to others.
C The persons with the fewest access rights do all the work.
D Users should have the minimum privileges required to perform required tasks.
RIGHT=D
See Chapter 9. Least privilege is the principle that states that users should have access only to the data and functions required for their duties.
Q: The practice of “separation of duties”:
TOPIC: Operations Security
A Is used to provide variety by rotating personnel among various tasks.
B Helps to prevent any individual from compromising an information system.
C Is used to ensure that the most experienced persons get the best tasks.
D Is used in large 24x7 operations shops.
RIGHT=B
See Chapter 9. Separation of duties is used to ensure that no single individual has too much privilege, which could lead to a security incident.
Q: Which of the following tasks would NOT be performed by a security administrator?
TOPIC: Operations Security
A Changing file permissions
B Configuring user privileges
C Installing system software
D Reviewing audit data
RIGHT=C
See Chapter 9. Installing system software is a system administrator function; the rest are security administrator functions.
Q: What is the potential security benefit of “rotation of duties”?
TOPIC: Operations Security
A It reduces the risk that personnel will perform unauthorized activities.
B It ensures that all personnel are familiar with all security tasks.
C It is used to detect covert activities.
D It ensures security because personnel are not too familiar with their duties.
RIGHT=A
See Chapter 9. Separation of duties is used to keep “mixing up” the teams in order to prevent situations in which two or more individuals are tempted to perform unauthorized acts.
Q: The process of reviewing and approving changes in production systems is known as:
TOPIC: Operations Security
A Availability management
B Configuration management
C Change management
D Resource control
RIGHT=C
See Chapter 9. Change management is the complete management function that controls changes made to a production environment.
Q: The process of maintaining versions of software versions and settings is known as:
TOPIC: Operations Security
A Availability management
B Configuration management
C Change management
D Resource control
RIGHT=B
See Chapter 9. Configuration management is the support function that’s used to store version information.
Q: Configuration management is used to:
TOPIC: Operations Security
A Document the approval process for configuration changes
B Control the approval process for configuration changes
C Ensure that changes made to an information system don’t compromise its security.
D Preserve a complete history of the changes to software or data in a system.
RIGHT=D
See Chapter 9. Configuration management is used to preserve all prior settings or versions of software or hardware as well as to provide a “check out/check in” capability to avoid collisions.
Q: The traces of original data remaining after media erasure is known as:
TOPIC: Operations Security
A Data remanence
B Data traces
C Leakage
D Data particles
RIGHT=A
See Chapter 9. Erasure is seldom 100 percent effective. Despite complex and time-consuming methods, the slightest traces of data on media that’s been “erased” may always remain.
Q: Software controls are used to:
TOPIC: Operations Security
A Perform input checking to ensure that no buffer overflows occur
B Keep running programs from viewing or changing other programs’ memory.
C Perform configuration management-like functions on software
D Ensure the confidentiality and integrity of software
RIGHT=D
See Chapter 9. Software controls are used to protect software from unauthorized disclosure or tampering.
Q: Someone who is performing penetration testing is:
TOPIC: Operations Security
A Stress-testing access controls
B Looking for vulnerabilities in computer hardware or software
C Looking for unauthorized modems and wireless network base stations
D Attempting to decrypt encrypted data
RIGHT=B
See Chapter 9. Penetration testing is used to mimic an intruder’s activities by identifying potential weaknesses in hardware or software.
Q: Which of the following is NOT a purpose for audit trails?
TOPIC: Operations Security
A Determining why a transaction was performed
B Event reconstruction
C Tracing transaction history
D Determining what or who performed a transaction
RIGHT=A
See Chapter 9. Audit trails tell what happened and who did what but don’t say why.
Q: The primary reason for using an external auditor versus an internal auditor is:
TOPIC: Operations Security
A Prestige
B Expertise
C Objectivity
D Expense
RIGHT=C
See Chapter 9. The main benefit from external auditors is their objectivity. A conflict of interest is less likely to exist when external auditors examine an information system.
Q: Password cracking, port scanning, and network sniffing are known as:
TOPIC: Operations Security
A Covert channels
B Threats
C Vulnerabilities
D Weaknesses
RIGHT=B
See Chapter 9. These activities are threats. Threats describe any event that can damage or disclose information.
Q: Software bugs, configuration errors, and the absence of security processes are known as:
TOPIC: Operations Security
A Covert channels
B Threats
C Vulnerabilities
D Inverse channels
RIGHT=C
See Chapter 9. Vulnerabilities, also known as weaknesses, are the characteristics of information systems that can be exploited by threats.
Q: A port scanning tool is used to:
TOPIC: Operations Security
A Configure network ports on a system
B Discover files and directories with wide-open permissions
C Capture network traffic for subsequent analysis
D Discover weaknesses in systems
RIGHT=D
See Chapter 9. A port scanner is a tool that sends out network packets in an attempt to discover weaknesses on systems connected to the network.
Q: A sniffer is used to:
TOPIC: Operations Security
A Configure network ports on a system
B Discover files and directories with wide-open permissions
C Capture network traffic for subsequent analysis
D Discover weaknesses in systems
RIGHT=C
See Chapter 9. A sniffer captures packets on the network and can store those packets for subsequent analysis.
Q: A sniffer program is used by an intruder to:
TOPIC: Operations Security
A Diagnose network problems
B Remotely sniff a network that he doesn’t have physical access to
C Discover files and directories with wide-open permissions
D Discover weaknesses in systems
RIGHT=B
See Chapter 9. Sniffer programs perform all the same basic functions of a hardware sniffer except that they can be installed and controlled over the network.
Q: Which of the following is NOT a security issue regarding single-user mode?
TOPIC: Operations Security
A Authentication is disabled on all network services such as Telnet and FTP.
B The administrator has full root privileges and can make system changes.
C Security features are disabled in single-user mode.
D The administrator can transmit information off the system without a trace.
RIGHT=A
See Chapter 9. Network services such as Telnet and FTP are disabled, period, on a system in single user mode.
Q: Fraud is a term used to describe:
TOPIC: Operations Security
A Stealing of information to sell to a competitor or other person
B Activities such as denial of service, social engineering, or eavesdropping
C Siphoning money out of an organization via phony transactions
D Any activity that takes advantage of weaknesses and results in personal gain
RIGHT=D
See Chapter 9. Fraud is an activity that’s perpetrated in order to exact personal gain.
Q: Denial of service is:
TOPIC: Operations Security
A The result when an administrator disables unnecessary network services
B An attack that prevents legitimate users from being able to use a resource
C What happens when a user lacks sufficient security credentials
D What happens when you left your shoes off when ordering pizza over the Web.
RIGHT=B
See Chapter 9. Denial of service is a flood of network traffic that’s intended to clog a server or network so that it can’t service legitimate customers.
Q: The purpose of intrusion detection is:
TOPIC: Operations Security
A To detect attacks and other anomalies
B To make sure that people aren’t trying to “tailgate” through security entrances
C To verify that the honeypot or honeynet is working correctly
D To catch the hacking attempts that the firewall missed
RIGHT=A
See Chapter 9. Intrusion detection is used to detect intrusions, attacks, and other anomalies.
Q: The main disadvantage of signature-based intrusion detection is:
TOPIC: Operations Security
A It’s considerably more expensive than linguistic intrusion detection.
B Some hackers are good at forging other people’s signatures.
C Signatures must be constantly kept up-to-date.
D Handwriting tablets are still too expensive.
RIGHT=C
See Chapter 9. Like anti-virus software, signature-based intrusion detection systems must be frequently updated.
Q: “War driving” is the term used to describe:
TOPIC: Operations Security
A Looking for vulnerable client systems in order to build a list of DDOS zombies.
B Sniffing wireless networks to look for vulnerabilities
C Running multiple concurrent port scanning tools on a system
D Running DOOM™ on a Gigabit Ethernet
RIGHT=B
See Chapter 9. War driving is similar to war dialing, in which an individual with a laptop computer, wireless LAN adaptor, and special software, can literally drive around looking for vulnerable wireless LANs.
Q: Violation processing is used to:
TOPIC: Operations Security
A Quantify security risks
B Attempt to bypass intrusion detection systems
C Discover hard-to-guess passwords
D Detect individuals who are generating a high volume of errors.
RIGHT=D
See Chapter 9. Violation processing is used to identify high levels of anomalous activity, such as the number of unsuccessful login attempts, in order to point out possible security problems.
Q: Which of the following is NOT an environmental concern for long-term media storage?
TOPIC: Operations Security
A Temperature
B Humidity
C Lumens
D EMF
RIGHT=C
See Chapter 9. Lumens, or light level, is far less of a concern (if a concern at all) than the other factors for the longevity of media.
Q: Maintenance accounts shouldn’t be used by applications because:
TOPIC: Operations Security
A Applications would be operating in full privileged mode, bypassing all security.
B Too many people have the password to the maintenance account.
C Maintenance accounts utilize write-behind transactions, resulting in data loss.
D Maintenance accounts run at too low a priority.
RIGHT=A
See Chapter 9. Maintenance accounts run with privileges and features not intended for applications.
Q: Why should a data center’s walls go all the way to the ceiling and not just stop as high as the suspended ceiling?
TOPIC: Physical Security
A The walls will be stronger.
B The HVAC will run more efficiently.
C An intruder could otherwise enter the data center by climbing over the wall.
D The high wall will block more noise.
RIGHT=C
See Chapter 12. The primary concern here is to keep intruders out.
Q: Why should a data center’s walls go all the way to the ceiling and not just stop as high as the suspended ceiling?
TOPIC: Physical Security
A The walls will serve as an effective fire break.
B The HVAC will run more efficiently.
C The walls will be stronger.
D The high wall will block more noise.
RIGHT=A
See Chapter 12. Walls that go all the way up to the ceiling do a better job of keeping fires from spreading into or out of the data center.
Q: Drain pipes that channel liquids away from a building are called:
TOPIC: Physical Security
A Positive drains
B Tight lines
C Storm drains
D Negative drains
RIGHT=A
See Chapter 12. Positive drains are those that carry liquids away from a building.
Q: Of what value is pre-employment screening?
TOPIC: Physical Security
A Undesirable medical or genetic conditions could diminish productivity.
B Only certain personality types work in some organizations.
C Employees need to have knowledge of security.
D Background checks and reference checks could uncover undesirable qualities.
RIGHT=D
See Chapter 12. It’s infinitely better to find undesirable qualities such as a criminal history prior to making an employment decision.
Q: Which of the following is NOT a part of a building’s automated access audit log?
TOPIC: Physical Security
A Time of the attempted entry
B The reason for the attempted entry
C Location of attempted entry
D Entry success or failure
RIGHT=B
See Chapter 12. Building access systems don’t know why people are coming and going.
Q: “Tailgating” is a term describing what activity?
TOPIC: Physical Security
A Logging in to a server from two or more locations.
B Causing a PBX to permit unauthorized long distance calls.
C Following an employee through an uncontrolled access
D Following an employee through a controlled access
RIGHT=D
See Chapter 12. Tailgating is a common method used by someone who wants to enter a controlled access but has no authorization for doing so.
Q: What does “fail open” mean in the context of controlled building entrances?
TOPIC: Physical Security
A Controlled entrances permit no one to pass.
B Controlled entrances permit people to pass without identification.
C A power outage won’t affect control of the entrance.
D A pass key is required to enter the building.
RIGHT=B
Fail open refers to any controlling mechanism that remains in the “unlocked” position upon failure. In the case of controlled building entrances, anyone will be able to enter the building. See Chapter 12.
Q: What does “fail closed” mean in the context of controlled building entrances?
TOPIC: Physical Security
A Controlled entrances permit no one to pass.
B Controlled entrances permit people to pass without identification.
C The access control computer is down.
D Everyone is permitted to enter the building.
RIGHT=A
See Chapter 12. Fail closed refers to any controlling mechanism that remains in the “locked” position upon failure. In the case of controlled building entrances, no one will be able to enter the building by normal means.
Q: A water sprinkler system characterized as always having water in the pipes is known as:
TOPIC: Physical Security
A Dry pipe
B Wet pipe
C Preaction
D Discharge
RIGHT=B
See Chapter 12. Wet pipe is the sprinkler system type where water is always in the pipe.
Q: A water sprinkler system that charges the pipes upon receiving a heat or smoke alarm and then discharges at a higher temperature is known as:
TOPIC: Physical Security
A Dry pipe
B Wet pipe
C Preaction
D Discharge
RIGHT=C
See Chapter 12. Preaction, a combination of dry pipe and wet pipe, is increasingly popular in data centers.
Q: Why would a dry pipe sprinkler be preferred over a wet pipe sprinkler?
TOPIC: Physical Security
A Dry pipe systems put out a fire more quickly.
B Dry pipe systems consume less water.
C There is a smaller likelihood of rust damage.
D There is a potentially useful time delay before water is discharged.
RIGHT=D
See Chapter 12. Dry pipe systems take a few moments (at least) before water discharge begins.
Q: How does water aid in fire suppression?
TOPIC: Physical Security
A It reduces the fire’s oxygen supply.
B It isolates the fire’s fuel supply.
C It lowers the temperature needed to sustain the fire.
D It extinguishes the fire through a chemical reaction.
RIGHT=C
See Chapter 12. Water cools the fuel to the point where the fire can’t continue.
Q: Which of the following are NOT fire detectors?
TOPIC: Physical Security
A Dial-up alarms
B Heat-sensing alarms
C Flame-sensing alarms
D Smoke-sensing alarms
RIGHT=A
See Chapter 12. Dial-up alarms don’t detect fire; they respond to a fire detector and call the fire department by using a telephone line to play a prerecorded message.
Q: Which of the following is NOT a physical site security measure?
TOPIC: Physical Security
A Guards
B Fencing
C Warning signs
D CCTV
RIGHT=C
See Chapter 12. Signs don’t keep intruders out.
Q: What physical control element is most useful in an emergency?
TOPIC: Physical Security
A Security camera
B Security guards
C Guard dogs
D Barricades
RIGHT=B
See Chapter 12. Guards are the most effective because they exercise judgment and make value decisions.
Q: How does CO2 aid in fire suppression?
TOPIC: Physical Security
A It reduces the fire’s oxygen supply.
B It isolates the fire’s fuel supply.
C It lowers the temperature needed to sustain the fire.
D It extinguishes the fire through a chemical reaction.
RIGHT=A
See Chapter 12. CO2 displaces oxygen long enough to stop the fire’s chemical reaction.
Q: Why should computer and office equipment be checked in and checked out at a building entrance?
TOPIC: Physical Security
A So that IT will know if it’s available in the event of a disaster.
B Fixed asset personnel can keep location records up-to-date.
C Accountability: To discourage employees from trying to sneak equipment out.
D To account for what would otherwise be metal detector alarms.
RIGHT=C
See Chapter 12. Corporations need to consider equipment removal an audit event. Having employees sign their names on a form that says they have removed thus-and-so helps to keep them honest.
Q: What is the principal feature of a mantrap?
TOPIC: Physical Security
A Its advanced metal detecting capability.
B Only one of its two doors can be opened at once.
C The high speed by which people can enter and exit a facility.
D Its biometric identifying capabilities.
RIGHT=B
See Chapter 12. The mantrap’s two doors are operated manually by a guard; only one door can be open at a time.
Q: To what height should critical building be illuminated at night?
TOPIC: Physical Security
A 4 feet
B 8 feet
C 12 feet
D 24 feet
RIGHT=B
See Chapter 12. Eight feet is enough, which is as high as a man can jump unassisted.
Q: What is considered sufficient fencing to keep out determined intruders?
TOPIC: Physical Security
A 12 feet
B 6 feet
C 12 feet with 1 strand of barbed wire
D 8 feet high with 3 strands of barbed wire
RIGHT=D
See Chapter 12. Eight feet is too hard to climb easily, let alone mess with all that barbed wire at the top!
Q: What is considered the most effective form of magnetic media erasure?
TOPIC: Physical Security
A Physical destruction
B Degaussing
C Overwriting
D Relabeling
RIGHT=A
See Chapter 12. Only physical destruction will positively guarantee that the data can’t be recovered by even the most resourceful and determined persons.
Q: Standards for magnetic media reuse specify what minimum for magnetic media reuse?
TOPIC: Physical Security
A Degauss the media 3 times
B Degauss the media 7 times
C Overwrite or format the media 7 times
D Overwrite or format the media 21 times
RIGHT=C
Magnetic media must be overwritten or formatted at least seven times to ensure complete erasure. See Chapter 12.
Q: How does soda acid aid in fire suppression?
TOPIC: Physical Security
A It reduces the fire’s oxygen supply.
B It isolates the fire’s fuel supply.
C It lowers the temperature needed to sustain the fire.
D It extinguishes the fire through a chemical reaction.
RIGHT=B
See Chapter 12. It coats the fuel so that it can no longer combine with oxygen.
Q: What is the purpose of off-site media storage?
TOPIC: Physical Security
A An alternate back-up media set in the event of a program bug
B An alternate back-up media set in the event of an operator error
C An alternate back-up media set in the event of a catastrophic hardware failure
D An alternate back-up media set in the event that the data center is destroyed
RIGHT=D
See Chapter 12. Although media stored off-site may be useful for the other stated purposes, the primary intention is to have a set of back-up media stored in an alternate location in the event that the data center is damaged or destroyed by a natural or man-made disaster. The back-up data stored on-site, which can be used for the other stated purposes, is of no value when the data center is destroyed.
Q: What is one possible weakness of a BIOS password intending to protect hard disk data?
TOPIC: Physical Security
A It may be possible to read the hard disk data by placing it in another computer.
B It might not be providing disk encryption, but only a login feature.
C The encryption used is generally weak.
D It can be defeated by connecting jumpers together on the system board.
RIGHT=A
See Chapter 12. Some disk lock passwords don’t actually protect the disk but only prevent that particular computer from accessing it.
Q: What is the greatest source of loss when a corporate laptop is lost or stolen?
TOPIC: Physical Security
A The gold that can be recovered by melting the system down
B The RAM chips
C The value of the information stored on it
D The black market value of the LCD screen
RIGHT=C
See Chapter 12. By far the data has the most potential value, possibly tens of millions of dollars or more. By comparison, the laptop costs only a few thousand dollars.
Q: What are the various types of motion detectors?
TOPIC: Physical Security
A Wave patterns and radar
B Audio, wave patterns, and capacitance
C Infrared and capacitance
D Audio and capacitance
RIGHT=B
See Chapter 12. Audio detectors are sensitive, passive microphones. Wave pattern motion detectors emit wave patterns and note any changes in return signals, indicating moving objects. Capacitance can only detect motion a few inches in front of the detector.
Q: Which of the following is NOT a characteristic of passive electronic access cards?
TOPIC: Physical Security
A They contain batteries that must be changed or charged.
B They are powered by the RF field transmitted by the reader.
C They transmit at a frequency different from the frequency emitted by the reader.
D They need not touch the reader but work by proximity.
RIGHT=A
See Chapter 12. Passive electronic cards have no batteries because they’re powered by the RF field emitted by the reader.
Q: Which of the following is NOT a characteristic of active electronic access cards?
TOPIC: Physical Security
A They contain batteries that must be changed or charged.
B They’re powered by the RF field transmitted by the reader.
C They transmit at a frequency different from the frequency emitted by the reader.
D They need not touch the reader, but work by proximity.
RIGHT=B
See Chapter 12. Active electronic access cards have a power supply and aren’t powered by the reader’s RF transmitter.
Q: Which of the following is NOT an advantage of cipher locks over access card locks?
TOPIC: Physical Security
A Cipher locks are independent and work even when centralized systems can’t.
B A cipher lock may be more cost-effective than an access card lock for one door.
C Cipher locks offer better centralized control than do access card locks.
D Cipher locks are self-contained, requiring no external power or wired.
RIGHT=C
See Chapter 12. Cipher locks usually offer no centralized control at all.
Q: Memory that is used to store computer instructions and data is known as:
TOPIC: Security Architecture and Models
A UART
B SIMM
C Cache
D ROM
RIGHT=C
See Chapter 8. Cache memory holds instructions and data that are likely to be frequently accessed. Cache memory is faster than RAM, so it can contribute to faster performance.
Q: Firmware is generally stored on:
TOPIC: Security Architecture and Models
A ROM or EPROM
B Tape
C RAM
D Any removable media
RIGHT=A
See Chapter 8. Firmware is software that seldom changes. Firmware is generally used to control lower-level functions in computer hardware.
Q: What is the purpose of memory protection?
TOPIC: Security Architecture and Models
A It protects memory from malicious code.
B It prevents a program from being able to access memory used by another program.
C Memory protection is another term used to describe virtual memory backing store.
D It assures that hardware refresh is frequent enough to maintain memory integrity.
RIGHT=B
See Chapter 8. Memory protection is a machine-level security feature that prevents one program from being able to read or alter memory assigned to another program.
Q: The mapping of existing physical memory into a larger, imaginary memory space is known as:
TOPIC: Security Architecture and Models
A Virtual memory
B Swapping
C Thrashing
D Spooling
RIGHT=A
See Chapter 8. The virtual memory model is used to create a memory space that’s larger than the available physical memory.
Q: Vendor-independent systems with published specifications are known as:
TOPIC: Security Architecture and Models
A Open source
B RFCs
C Freeware
D Open systems
RIGHT=D
See Chapter 8. Open systems are those in which specifications are published and freely available, permitting any vendor to develop components that can be used with it.
Q: Which of the following is NOT a security issue with distributed architectures?
TOPIC: Security Architecture and Models
A Lack of security awareness by some personnel
B Difficulty in controlling the distribution and use of software
C Protection of centrally stored information
D Backups might not be performed on some systems, risking loss of data
RIGHT=C
See Chapter 8. In a distributed architecture, information isn’t centrally stored but rather stored in a multitude of locations. The other answers ARE security issues in distributed architectures.
Q: TCB is an acronym for:
TOPIC: Security Architecture and Models
A Trusted Computing Baseline
B Trusted Computing Base
C Tertiary Computing Base
D Trusted Cache Base
RIGHT=B
See Chapter 8. TCB stands for Trusted Computing Base.
Q: The sum total of all protection mechanisms in a system is known as a:
TOPIC: Security Architecture and Models
A Trusted Computing Base
B Protection domain
C Trusted path
D SPM (Summation Protection Mechanism)
RIGHT=A
See Chapter 8. A Trusted Computing Base is the complete “big picture” of protection used in a computer system.
Q: The mechanism that overlaps hardware instructions to increase performance is known as:
TOPIC: Security Architecture and Models
A RISC
B Pipeline
C Pipe dream
D Multitasking
RIGHT=B
See Chapter 8. Pipelining is the mechanism used to overlap the steps in machine instructions in order to complete them faster.
Q: FORTRAN, BASIC, and C are known as:
TOPIC: Security Architecture and Models
A Dead languages
B Living languages
C Second-generation languages
D Third-generation languages
RIGHT=D
FORTRAN, BASIC, and C are third-generation languages. See Chapter 8.
Q: The purpose of an operating system is to:
TOPIC: Security Architecture and Models
A Manage hardware resources
B Compile program code
C Decompile program code
D Present graphic display to users
RIGHT=A
See Chapter 8. An operating system (OS) manages computer hardware and presents a consistent interface to application programs and tools.
Q: Protection rings are used for:
TOPIC: Security Architecture and Models
A Implementing memory protection
B Creating nested protection domains
C Modeling layers of protection around an information object
D Shielding systems from EMF
RIGHT=B
See Chapter 8. Protection rings are layers of protection domains, with the most protected domain in the center.
Q: The TCSEC document is known as the Orange Book because:
TOPIC: Security Architecture and Models
A It’s orange in color.
B It covers the major classes of computing system security, D through A.
C Its coverage of security was likened to the defoliant Agent Orange.
D No adequate model of computing system security was available at the time.
RIGHT=A
See Chapter 8.
The Orange Book was one of several books in the Rainbow Series, each describing various levels and contexts of computer security, and each with its own unique color.
Q: A chart of capabilities and subjects is known as a(n):
TOPIC: Security Architecture and Models
A Protection ring
B Chart of accounts
C Access control list
D Access matrix
RIGHT=D
See Chapter 8. An access matrix is used to map subjects to capabilities.
Q: The model that assigns classification levels to materials and to individuals to determine who can view materials based upon their classification is known as:
TOPIC: Security Architecture and Models
A The DoD multilevel security model
B The Bell-LaPadula Model
C The Clark-Wilson Model
D The Information Flow Model
RIGHT=B
See Chapter 8. The Bell-LaPadula model is used to control access to materials, based upon their classification, and the classification of the individual who wishes to view them.
Q: The model that incorporates constrained data items and procedures for verifying and changing integrity states is known as:
TOPIC: Security Architecture and Models
A The Bell-LaPadula Integrity Model
B The Clark-Wilson Integrity Model
C The Wilson-Phillips Integrity Model
D The Information Flow Model
RIGHT=B
See Chapter 8. Clark-Wilson starts with a Constrained Data Item (CDI), confirms integrity state with the Integrity Verification Procedure (IVP), and changes integrity state with the Transformation Procedure (TP).
Q: The Bell-LaPadula model is an example of:
TOPIC: Security Architecture and Models
A An accreditation model
B A Take-Grant model
C An integrity model
D An access control model
RIGHT=D
See Chapter 8. Some access control models are Bell-LaPadula, Take-Grant, and Access Matrix.
Q: Information flow models are used to:
TOPIC: Security Architecture and Models
A Understand where information is flowing in a system
B Ensure that information can flow only in directions permitted by security policy
C Ensure that information can flow only from higher to lower integrity levels
D Verify that information is properly classified
RIGHT=B
See Chapter 8. Information flow models are used to ensure that information flows in conformance to security policy.
Q: The Biba Integrity Model is:
TOPIC: Security Architecture and Models
A An extension of the Bell-LaPadula Access Control Model
B A modern version of the Clark-Wilson Integrity Model
C The private industry version of the Clark-Wilson Integrity Model
D The de facto standard for modeling information flow
RIGHT=A
See Chapter 8. The Biba Integrity Model extends the Bell-LaPadula Access Control Model into the integrity domain.
Q: A evaluation of security features in an information system against a set of security requirements is known as a(n):
TOPIC: Security Architecture and Models
A Protection
B Certification
C Accreditation
D Verification
RIGHT=B
A Certification is the evaluation of security features according to a set of security requirements. See Chapter 8.
Q: A declaration that an information system is approved for a particular function is known as a(n):
TOPIC: Security Architecture and Models
A Protection
B Certification
C Accreditation
D Verification
RIGHT=C
An accreditation is a formal declaration of approval for a system to perform a particular function. See Chapter 8.
Q: Dedicated, compartmented, controlled, and multilevel mode are examples of:
TOPIC: Security Architecture and Models
A Security labels
B Security levels
C Security modes
D Rings
RIGHT=C
See Chapter 8. These are all security modes, which are used to control how users can access materials depending upon their classification.
Q: The security mode where all users have the required clearance to access information is known as:
TOPIC: Security Architecture and Models
A Dedicated
B Compartmented
C Trusted
D Labeled
RIGHT=B
See Chapter 8. In a compartmented mode information system, all users have the clearance but not necessarily the authorization to access materials.
Q: The security mode where all users have the required clearance and authorization to access information is known as:
TOPIC: Security Architecture and Models
A Dedicated
B Compartmented
C Trusted
D Labeled
RIGHT=A
See Chapter 8. In a dedicated mode information system, all users have both the clearance and authorization to access information.
Q: “Fail closed” is defined as:
TOPIC: Security Architecture and Models
A The state entered by the takover node in a fault-tolerant cluster.
B The state entered by a failed node in a fault-tolerant cluster.
C The failure of a component that results in information being available.
D The failure of a component that results in information being unavailable.
RIGHT=D
See Chapter 8. Fail closed is the property of a component that closes off all access when it fails.
Q: “Fail open” is defined as:
TOPIC: Security Architecture and Models
A The state entered by the takover node in a fault-tolerant cluster
B The state entered by a failed node in a fault-tolerant cluster
C The failure of a component that results in information being available
D The failure of a component that results in information being unavailable
RIGHT=C
See Chapter 8. Fail open is the property of a component that permits all access when it fails.
Q: An unintended and unauthorized communication path is known as a:
TOPIC: Security Architecture and Models
A Covert channel
B Back door
C Front door
D Side door
RIGHT=A
See Chapter 8. A covert channel is an unintended and unauthorized communication path.
Q: A component or feature of an information system that permits someone or something to bypass security controls is known as a:
TOPIC: Security Architecture and Models
A Trap door
B Back door
C Front door
D Side door
RIGHT=A
See Chapter 8. Trap door is the term most often used to describe a feature that bypasses security.
Q: A system consisting of proprietary components is known as:
TOPIC: Security Architecture and Models
A An open system
B A closed system
C A commercial system
D A for-profit system
RIGHT=B
See Chapter 8. A closed system is one that’s proprietary and for which few, if any, specifications are published.
Q: The communications channel that connects the various components of a computer system is known as a:
TOPIC: Security Architecture and Models
A Star
B Ring
C Bus
D Plane
RIGHT=C
See Chapter 8. Data that travels between the various components of a computer system take the bus.
Q: Of what value is separation of authority in an organization?
TOPIC: Security Management Practices
A It limits the capabilities of any single individual.
B It provides multiple paths for fulfilling critical tasks.
C It accommodates the requirement for parallel audit trails.
D It ensures that only one person is authorized to perform each task.
RIGHT=A
See Chapter 5. Separation of authority makes it difficult for an individual to steal an organization’s assets because it requires others to cooperate with the would-be criminal.
Q: The term “open view” refers to what activity?
TOPIC: Security Management Practices
A Reclassifying a document so that anyone may view it.
B Viewing the contents of one’s private encryption key.
C Leaving classified information where unauthorized persons can see them.
D Using a decryption key to view the contents of a message.
RIGHT=C
See Chapter 5. “Open view” is the act of leaving a classified document out in the open so that it can be viewed by anyone.
Q: Which individual is responsible for classifying information?
TOPIC: Security Management Practices
A Owner
B Custodian
C Creator
D User
RIGHT=A
See Chapter 5. The information owner is ultimately responsible for the information asset and for its initial classification.
Q: Which individual is responsible for protecting information?
TOPIC: Security Management Practices
A Owner
B Custodian
C Creator
D User
RIGHT=B
See Chapter 5. The custodian protects the information on behalf of its owner.
Q: Which of the following is NOT a criterion for classifying information?
TOPIC: Security Management Practices
A Marking
B Useful life
C Value
D Age
RIGHT=A
See Chapter 5. Useful life, value, and age are some of the criteria used to classify information.
Q: What is the purpose of a senior management statement of security policy?
TOPIC: Security Management Practices
A It defines who is responsible for carrying out a security policy.
B It states that senior management need not follow a security policy.
C It emphasizes the importance of security throughout an organization.
D It states that senior management must also follow a security policy.
RIGHT=C
See Chapter 5. A senior management statement of security policy underscores the importance of and support for security.
Q: What is the purpose of an “advisory policy”?
TOPIC: Security Management Practices
A This is an optional policy that can be followed.
B This is an informal offering of advice regarding security practices.
C This is a temporary policy good only for a certain period of time.
D This is a policy that must be followed but is not mandated by regulation.
RIGHT=D
See Chapter 5. An advisory policy is required by the organization but is not mandated by a local or national government.
Q: What is the definition of a “threat”?
TOPIC: Security Management Practices
A Any event that produces an undesirable outcome.
B A weakness present in a control or countermeasure.
C An act of aggression that causes harm.
D An individual likely to violate security policy.
RIGHT=A
A threat is a possible undesirable event that may cause harm or damage. See Chapter 5.
Q: A weakness in a security control is called a:
TOPIC: Security Management Practices
A Risk
B Vulnerability
C Threat
D Hole
RIGHT=B
See Chapter 5. A vulnerability is a weakness that can permit an undesirable event.
Q: A security control intended to reduce risk is called a:
TOPIC: Security Management Practices
A Safeguard
B Threat
C Countermeasure
D Partition
RIGHT=A
Safeguards exist to reduce risk in some way. See Chapter 5.
Q: The purpose of risk analysis is:
TOPIC: Security Management Practices
A To qualify the classification of a potential threat.
B To quantify the likelihood of a potential threat.
C To quantify the net present value of an asset.
D To quantify the impact of a potential threat.
RIGHT=D
See Chapter 5. The purpose of risk analysis is to quantify the impact of a potential threat; in other words, to put a monetary value on the loss of information or functionality.
Q: Annualized Rate of Occurrence refers to:
TOPIC: Security Management Practices
A The exact frequency of a threat.
B The estimated frequency of a threat.
C The estimated monetary value of a threat.
D The exact monetary value of a threat.
RIGHT=B
See Chapter 5. Annualized Rate of Occurrence (ARO) is a risk management term that describes the likelihood of the occurrence of a threat.
Q: Single Loss Expectancy refers to:
TOPIC: Security Management Practices
A The expectation of the occurrence of a single loss.
B The monetary loss realized from an individual threat.
C The likelihood that a single loss will occur.
D The annualized monetary loss from a single threat.
RIGHT=B
See Chapter 5. Single Loss Expectancy (SLE) is the monetary value associated with an individual threat.
Q: Annualized Loss Expectancy refers to:
TOPIC: Security Management Practices
A The expectation of the occurrence of losses throughout the year.
B The monetary loss expected from all occurrences of a single threat.
C The total monetary annual loss from all occurrences of a single threat.
D An industry-provided benchmark that serves as a prediction of a threat.
RIGHT=B
See Chapter 5. Annualized Loss Expectancy (ALE) is the product of Single Loss Expectancy (SLE) and Annualized Rate of Occurrence (ARO).
Q: Which of the following is NOT required when performing a Risk Analysis?
TOPIC: Security Management Practices
A Determine the monetary value of an asset.
B Identify all threats to an asset.
C Classify the asset’s security level.
D Calculate the Annualized Loss Expectancy.
RIGHT=C
See Chapter 5. A risk analysis calculates the Annualized Loss Expectancy (ALE), which is calculated from the value of the asset and the likelihood that one or more threats will occur.
Q: Which of the following is NOT a general remedy to risk?
TOPIC: Security Management Practices
A Risk mitigation
B Risk transference
C Risk acceptance
D Risk reduction
RIGHT=A
See Chapter 5. The three general remedies to risk are transference, acceptance, and reduction.
Q: What is meant by the term “risk reduction”?
TOPIC: Security Management Practices
A Factoring risk downward to match return on investment (ROI).
B Removal of threats from the Risk Analysis (RA).
C Reducing risk by lowering the Annualized Loss Expectancy (ALE).
D Measures that are taken to reduce the risk of loss to an asset.
RIGHT=D
See Chapter 5. Risk reduction refers to any measure that can be taken to reduce the risk to an asset.
Q: What factors are used to select a safeguard?
TOPIC: Security Management Practices
A Cost-benefit analysis, accuracy, and auditability.
B Net present value, accuracy, and auditability.
C Annualized Loss Expectancy, Exposure Factor, and the value of the asset.
D The monetary cost of the safeguard.
RIGHT=A
See Chapter 5. A safeguard must meet a cost-benefit analysis, as well as be accurate and auditable.
Q: What is the best reason for employees to be aware of an organization’s security policies?
TOPIC: Security Management Practices
A So they can socialize it with other employees.
B To receive reminders of best security practices.
C So they can perform the right actions needed to protect information.
D So they can avoid the consequences of not knowing the security policies.
RIGHT=C
Employees need to know about security policies so that they can do the right thing. See Chapter 5.
Q: What is the purpose of a “back door”?
TOPIC: Security Management Practices
A It is an alternate means of authentication.
B It is used to permit a function when the security officer is absent.
C It is used to bypass the guarded main entrance of a secure facility.
D It is used to bypass one or more security controls.
RIGHT=D
See Chapter 5. A “back door,” also known as a trap door, is used to circumvent security controls. Most often they are employed to facilitate software testing, but software developers occasionally fail to remove them.
Q: What is meant by the term “risk mitigation”?
TOPIC: Security Management Practices
A Elimination of risk.
B Reduction of risk to an acceptable level.
C Calculating vulnerabilities multiplied by threats.
D Ranking risks in order of likelihood.
RIGHT=B
See Chapter 5. Risk cannot be eliminated. “Risk mitigation” refers to the process of reducing risk to a level that is acceptable to the organization.
Q: What is the purpose of a security guideline?
TOPIC: Security Management Practices
A It provides suggested methods for following a security policy.
B It explains the purpose of a security policy.
C It explains why a security policy must be followed.
D It describes the consequences for violating a security policy.
RIGHT=A
See Chapter 5. A security guideline is a recommended action or procedure used to follow a security policy.
Q: A statement that specifies specific security technologies or products is known as a:
TOPIC: Security Management Practices
A Product guideline
B Informative policy
C Security standard
D Safeguard
RIGHT=C
See Chapter 5. Security standards refer to the specific products or technologies used to protect information.
Q: Information containing salaries of employees would most likely be classified as:
TOPIC: Security Management Practices
A Sensitive
B Private
C Confidential
D Top Secret
RIGHT=B
See Chapter 5. Private is the classification associated with personal information such as employee salaries.
Q: The purpose of a security control is to:
TOPIC: Security Management Practices
A Contain and deliver a specific security policy.
B Record recipients of classified documents.
C Properly release data to comply with a court order.
D Reduce threats and vulnerabilities to an acceptable level.
RIGHT=D
Security controls reduce threats and vulnerabilities. See Chapter 5.
Q: The most cost-effective way to make employees aware of security policies is to:
TOPIC: Security Management Practices
A Use e-mail and Web sites to communicate the importance of security.
B Enroll all employees in a security awareness class.
C Send a hardcopy set of security policies to each employee.
D Purchase a good book on security for each employee.
RIGHT=A
See Chapter 5. Cost effectiveness generally implies re-use. In this case, using existing means for communicating can be a cost-effective way of telling employees why security is important.
Q: Information warfare is BEST known as a:
TOPIC: Security Management Practices
A Potential loss
B Vulnerability
C Threat
D Risk
RIGHT=C
See Chapter 5. Information warfare is a threat that can result in undesirable actions against an organization.
Q: Which of the following is NOT a part of risk analysis?
TOPIC: Security Management Practices
A To determine value of assets
B To determine the location of assets
C To determine threats to assets
D To select safeguards
RIGHT=B
See Chapter 5. The three main steps to a risk analysis are the performance of quantitative and qualitative analysis, asset valuation, and safeguard selection.
Q: What is a PSE?
TOPIC: Security Management Practices
A Preferred Security Examination
B Preliminary Security Examination
C Potential Security Event
D Probably Security Event
RIGHT=B
See Chapter 5. The PSE, or Preliminary Security Examination, is an early step performed during a risk analysis.
Q: The term “unclassified” refers to:
TOPIC: Security Management Practices
A Documents that have yet to be classified.
B Secret information that has not received its permanent classification.
C Policies that refer to public concerns on privacy.
D Documents that are designated as not sensitive.
RIGHT=D
See Chapter 5. Unclassified documents lack the sensitivity and value that classified documents possess.
Q: UDP is sometimes called the “unreliable data protocol” because:
TOPIC: Telecommunications and Network Security
A It works only on low-speed wireless LANs.
B UDP packets rarely get through because they have a lower priority.
C Few know how to program UDP.
D UDP does not guarantee delivery.
RIGHT=D
See Chapter 4. UDP has no guarantee of delivery, nor sequencing or acknowledgement.
Q: TCP is a poor choice for streaming video because:
TOPIC: Telecommunications and Network Security
A It is too bursty for large networks.
B Acknowledgement and sequencing add significantly to its overhead.
C Checksums in video packets are meaningless.
D TCP address space is nearly exhausted.
RIGHT=B
See Chapter 4. TCP adds unnecessary overhead. Streaming video can afford to lose a packet or two.
Q: The purpose of Layer 1 in the OSI model is to:
TOPIC: Telecommunications and Network Security
A Transmit and receive bits.
B Sequence packets and calculate checksums.
C Perform application-to-application communications.
D Transmit and receive frames.
RIGHT=A
See Chapter 4. Layer 1 of the OSI model is concerned only with sending and receiving bits.
Q: How many layers does the TCP/IP protocol model have?
TOPIC: Telecommunications and Network Security
A 4
B 5
C 6
D 7
RIGHT=A
See Chapter 4. There are four layers in the TCP/IP model: Network Access, Internet, Transport, and Application.
Q: ARP is:
TOPIC: Telecommunications and Network Security
A Access Routing Protocol
B Address Resolution Protocol
C Access Resolution Protocol
D Address Recovery Protocol
RIGHT=B
ARP stands for Address Resolution Protocol, a method for determining which station on a LAN has a specific IP address. See Chapter 4.
Q: What is the purpose of ARP?
TOPIC: Telecommunications and Network Security
A When given an IP address, ARP returns a MAC address.
B When given a MAC address, ARP returns an IP address.
C It calculates the shortest path between two nodes on a network.
D It acquires the next IP address on a circular route.
RIGHT=A
See Chapter 4. ARP is used to translate an IP address into a MAC address.
Q: What is the purpose of RARP?
TOPIC: Telecommunications and Network Security
A When given an IP address, ARP returns a MAC address.
B When given a MAC address, ARP returns an IP address.
C It traces the source address of a spoofed packet.
D It determines the least cost route through a multipath network.
RIGHT=B
See Chapter 4. RARP is used to translate a MAC address into an IP address.
Q: 132.116.72.5 is a:
TOPIC: Telecommunications and Network Security
A MAC address
B IPv4 address
C Subnet mask
D Ipv6 address
RIGHT=B
See Chapter 4. This is an Ipv4 address.
Q: 04:c6:d1:45:87:E8 is a:
TOPIC: Telecommunications and Network Security
A MAC address
B IPv4 address
C Subnet mask
D Ipv6 address
RIGHT=A
See Chapter 4. This is a MAC address.
Q: The “ping” command sends:
TOPIC: Telecommunications and Network Security
A IGRP Echo Reply packets
B IGRP Echo Request packets
C ICMP Echo Request packets
D UDP Echo Request packets
RIGHT=C
See Chapter 4. Ping uses ICMP Echo Requests.
Q: SMTP is used to:
TOPIC: Telecommunications and Network Security
A Manage multiple telnet sessions.
B Tunnel private sessions through the Internet.
C Simulate modems.
D Transport e-mail.
RIGHT=D
See Chapter 4. SMTP, or Simple Mail Transport Protocol, is used to send and receive e-mail messages.
Q: Which of the following is a disadvantage of SSL?
TOPIC: Telecommunications and Network Security
A It requires a certificate on every client system.
B It is CPU intensive.
C All clients must be retrofitted with HTTP v3 browsers.
D An eavesdropper can record and later play back an SSL session.
RIGHT=B
See Chapter 4. Because it encrypts and decrypts packets over the network, SSL consumes a lot of CPU time.
Q: An access control list is NOT used by:
TOPIC: Telecommunications and Network Security
A A firewall or screening router to determine which packets should pass through.
B A router to determine which administrative nodes may access it.
C A bastion host to determine which network services should be permitted.
D A client system to record and save passwords.
RIGHT=D
See Chapter 4. Access control lists are used on firewalls, routers, and bastion hosts, but not on client systems (at least not for recording passwords!).
Q: Stateful inspection firewalls:
TOPIC: Telecommunications and Network Security
A Are no longer used because all network traffic is stateless.
B Record the state of each packet in their logs.
C Are slower than simple packet filtering firewalls.
D Are easier to manage because their rulesets are self-healing.
RIGHT=C
See Chapter 4. Stateful inspection firewalls must capture and remember the state of each packet; this can be very time consuming.
Q: The purpose of a bastion host is to:
TOPIC: Telecommunications and Network Security
A Be a backup firewall should the main firewall fail or become overloaded.
B Host internet-facing services.
C Serve as the security management server.
D Serve as the firewall management server.
RIGHT=B
See Chapter 4. A bastion host is used to host services (such as World Wide Web and Domain Name Services) that are accessible from the Internet.
Q: What is the purpose of NAT?
TOPIC: Telecommunications and Network Security
A It is used to convert a session’s private IP address to a public address.
B It is used to detect spoofed IP packets.
C It is used to counterattack hacking attempts.
D It is used to facilitate court-ordered wiretaps.
RIGHT=A
See Chapter 4. NAT, or Network Address Translation, is used to convert internal “private” addresses into public addresses.
Q: 10.20.30.40 is an example of:
TOPIC: Telecommunications and Network Security
A A Boolean operator on a complex firewall rule.
B A subnet mask.
C The default step function for VPN encryption.
D A private, non-routable IP address.
RIGHT=D
See Chapter 4. Private addresses occupy three distinct ranges: 10.0.0.0 - 10.255.255.255; 172.16.0.0 - 172.31.255.255; and 192.168.0.0 - 192.168.255.255.
Q: Which of the following is NOT a VPN protocol standard?
TOPIC: Telecommunications and Network Security
A L2TP
B IPSec
C P3P
D PPTP
RIGHT=C
See Chapter 4. L2TP, IPSec, and PPTP are common VPN protocol standards.
Q: Which of the following cable types is most easily tapped by eavesdroppers?
TOPIC: Telecommunications and Network Security
A RG11
B UTP
C Coax
D STP
RIGHT=B
See Chapter 4. UTP, or Unshielded Twisted Pair, is the most easily tapped type of network cable.
Q: Ethernet is an example of:
TOPIC: Telecommunications and Network Security
A A mesh topology network
B A BUS topology network
C A ring topology network
D A tree topology network
RIGHT=B
See Chapter 4. Ethernet is a BUS topology network. It is frequently wired as a star topology, however.
Q: The biggest disadvantage of callback security is:
TOPIC: Telecommunications and Network Security
A The caller can only call from a predetermined location.
B It only works in networks that support caller-ID.
C It is vulnerable to replay attack.
D It only works in networks that support *69 functionality.
RIGHT=A
See Chapter 4. Callback security associates a dial-in user with a callback phone number, which requires the caller to call from a predetermined location.
Q: X.25 is an example of:
TOPIC: Telecommunications and Network Security
A A remote device management technology.
B A circuit-switched technology.
C A packet-switched technology.
D A digital certificate technology.
RIGHT=C
See Chapter 4. X.25 is a packet-switched technology, as are ATM, LAPB, SMDS and VoIP.
Q: Which of the following is NOT a private circuit technology?
TOPIC: Telecommunications and Network Security
A xDSL
B T3
C E1
D FR
RIGHT=D
See Chapter 4. FR, or Frame Relay, is a packet-switched technology.
Q: PAP is considered a weak authentication protocol because:
TOPIC: Telecommunications and Network Security
A It uses a static password that is not encrypted.
B It uses a changing, but predictable, password that is not encrypted.
C Its session keys are easily guessed.
D Only the first four characters of the password are significant.
RIGHT=A
See Chapter 4. PAP, or Password Authentication Protocol, uses a static password, and it is not encrypted. It has largely been replaced by CHAP (Challenge Handshake Authentication Protocol).
Q: Most companies disallow POTS lines in offices because:
TOPIC: Telecommunications and Network Security
A Employees should not be running ISPs using company resources.
B EMF emanating from a POTS line can corrupt any nearby LANs.
C It would facilitate the installation of a rogue modem.
D It would facilitate the installation of an 802.11x APN.
RIGHT=C
See Chapter 4. POTS lines make it all to easy to install a rogue modem and provide an unprotected back door to the corporate network.
Q: Extending the corporate network to a remote location is a description of:
TOPIC: Telecommunications and Network Security
A Remote access
B Routing
C Layer 3 switching
D Bridging
RIGHT=A
See Chapter 4. Remote access by definition brings the corporate network to any remote location.
Q: Which of the following is NOT a remote access type?
TOPIC: Telecommunications and Network Security
A VDSL
B RADIUS
C Cable modem
D ISDN
RIGHT=B
See Chapter 4. RADIUS is a remote access authentication protocol.
Q: IPSsec, PPP, L2TP, and SLIP are examples of:
TOPIC: Telecommunications and Network Security
A Encapsulation protocols
B Authentication protocols
C Encryption algorithms
D Routing protocols
RIGHT=A
See Chapter 4. These are all encapsulation protocols, used to tunnel TCP/IP traffic.
Q: The primary security benefit of a switched LAN versus a shared-media LAN is:
TOPIC: Telecommunications and Network Security
A Switches do not transmit spoofed IP packets.
B Broadcast packets are sent only to nodes on the local switch.
C Unlike a shared-media LAN, a network sniffer cannot capture all LAN traffic.
D Switches are not vulnerable to broadcast storms.
RIGHT=C
See Chapter 4. Each port on a LAN switch contains traffic destined only to/from the node on that port. No other traffic on the LAN is seen on the port.
Q: Which of the following is NOT true of an Ethernet network?
TOPIC: Telecommunications and Network Security
A Ethernet is a broadcast medium.
B Ethernet is a switched medium.
C IP addresses can be forged on an Ethernet network.
D MAC addresses can be forged on an Ethernet network.
RIGHT=B
See Chapter 4. Ethernet is a broadcast medium.