Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
True or false, a computer security incident is the loss of data on any computer? |
False |
|
|
To reduce risk due to exposure- only external properties are revealed and rest of the details are concealed. This is the concept of: |
Data Hiding |
|
|
Which of the following can be included in a INITIAL phase of system development life cycle?A.Cost-benefit analysis B.Executive project approval C.All of the above D.System design review |
B.Executive project approval |
|
|
Which of the following would not be listed as a component of the implementation phase? A. Patch Installation B. Security Testing C. Install Controls D. Accreditation |
A. Patch MInstallation
Patch installation is not a component of the implementation phase. Implementation involves installing controls, security testing, and accreditation. |
|
|
A technique used by inserting bogus information by misdirecting an attacker or confusing enough that the actual attack will not be fruitful is called_______________. A. Noise and perturbation B. Bogus rollback C. Bogus commit D. Cell suppression |
A. Noise and perturbation |
|
|
Which of the following is not a security consideration during the disposal phase of the SDLC? A Information preservation B. System integration C. Media sanitization D. Hardware and software disposal |
B. System integration |
|
|
What is the 'main' purpose of polyinstantiation? |
To make a copy of one object and modify the attributes of the second copy |
|
|
Kyle is developing a document that describes the expected impact of a disaster on the operations of the organization. This document is called |
The Business Impact Analysis (BIA) |
|
|
How much data a company is willing to lose during any disaster should be defined in RPO. True or false? |
True |
|
|
Which of the following is not the goal of business impact analysis? A. Downtime estimation B. Resource requirement C. Criticality prioritization D. Define continuity strategy |
D. Define continuity strategy |
|
|
Mike is calculating the earliest time period and service level at which his business process must be restored after a disaster to avoid consequences that are unacceptable as a break in business continuity. What is he calculating |
Recovery Time Objective (RTO) |
|
|
COBIT 5 principles and enablers is which of the following? A. Specific B. Proprietary C. Focused D. Generic |
D. Generic |
|
|
Which act or law provides for the "prudent man rule"? |
Federal sentencing guidelines of 1991 |
|
|
The term/terms used to show that an organization took reasonable steps to do everything it could reasonably do to prevent security breaches is called _________ |
Due Care |
|
|
The total number of domains in ISO27001 is which of the following? A. 27 B. 42 C. 11 D. 8 E. 14 |
C. 11 E. 14 Explanation: There are now 114 controls in 14 groups and 35 control objectives; the old standard had 133 controls in 11 groups. 27001:2013 |
|
|
COBIT is a framework for implementing the best information security governance within an organization. It consists of four domains. What are they? (Select all that apply. Each possible answer has two domains.) |
- PO: Plan and Organise - AI: Acquire and Implement - DS: Deliver and Support (DS) - ME: Monitor and Evaluate |
|
|
Which of the following are true regarding the “Insider Threat”; select all that apply. A. MICE (Money, Ideology, Coercion, Ego) motives applies to “insiders” as well as spying. B. The “insider threat” suspect list is also known as the authorized user (normal and administrator) list. C. Insiders rarely display “red flags” regarding their potential to commit adverse activities. D. Only the people you trust can betray you. |
A. MICE (Money, Ideology, Coercion, Ego) motives applies to “insiders” as well as spying. B. The “insider threat” suspect list is also known as the authorized user (normal and administrator) list. D. Only the people you trust can betray you. |
|
|
Which of these following groups of people do not come under the scope of personnel security? A. None of these B. Unauthorized people C. Executives D. Employees |
A. None of these |
|
|
Which of the following is NOT considered a trust model? A. Clark-Wilson B. Hybrid C. Peer-to-peer D. Hierarchial |
A. Clark-Wilson |
|
|
TWhich model is considered as the the foundation of noninterference conceptual theories A. Goguen-Meseguer B. Clark-Wilson C. Brewer and Nash Model D. Biba |
A. Goguen-Meseguer |
|
|
What is the commercial application of steganography |
Digital watermarking |
|
|
Steganography can be done only with graphic files |
False Explanation: There are various forms of steganography: from shaved heads and wax tablets of ancient Greece to modern days sound files, video files, VOIP conversations, compromised wireless networks. |
|
|
Which of the following is NOT a procedure a company would perform under configuration management principles? A. Patches and updates B. New applications which are installed C. New computers or devices which are installed D. Computer disposal |
D. Computer disposal |
|
|
As part of your BAU support management you have admin access to production data. You have been asked by your manager to write a program that deletes employees who have resigned in the last 1 month. How would you proceed? |
Log a change and follow change management process |
|
|
The biggest threat to change implementation can be: |
Resistance to the change |
|
|
Fault-tolerant systems must properly detect and correct the problems when encountered |
False |
|
|
In the ring-based systems security, the application programs run in Ring ___. |
3 Explanation: Provided that there are four rings - 0, 1, 2 and 3 - the application programs run in the outermost ring, that is, Ring 3. |
|
|
Which of the following instruction CPU designs use shorter and simpler commands, requiring more individual instructions to perform a complex task A. Complex instructions set computer B. Reduced instruction set computer C. Super processor D. Very long instruction word processor |
B. Reduced instruction set computer Explanation: The correct answer is Reduced instruction set computer. CISC and RISC - Complex instruction set computer (CISC) and reduced instruction set computer (RISC) are two forms of CPU design. CISC uses a large set of complex machine language instructions, while RISC uses a reduced set of simpler instructions. |
|
|
\Application data is processed during which of the following states? A. Supervisor B. Execution State C. Wait D. Problem |
D. Problem |
|
|
What was the maximum number of rings present in the original Multics CPU architecture? |
8 |
|
|
True or False: A nonintrusive penetration test is a vulnerability scan. |
True |
|
|
Crossover Error rate is generally expressed as: |
FRR=FAR Explanation: CER is defined as a point where FRR(False Reject Rate) equals FAR(False Accept Rate). Comments: This should in Domain 5, Identity Access Mgmt |
|
|
Forensics examiners need to also search outlying or third-party storage facilities on the Internet. These types of storage areas are called what? |
Virtual Storage |
|
|
When conducting an investigation into the contents of a hard drive: Select the incorrect statement A. use the disk image for your investigation B. make an image of that drive C. none of the choices D. seal the original drive in an evidence bag |
C. none of the choices Explanation: The statements are the proper process for preserving the original drive and working on it image |
|
|
What is the best term used for routinely concurrently routing traffic through different cable facilities? |
Diverse Routing |
|
|
True or false. Quantitative losses include increased operating expenses because of higher cost of executing contingency plans. |
True |
|
|
Which of the following is the primary function of the emergency management organization (EMO)? A. Ensure that all locations and operating areas will receive an appropriate, coordinated response in the event of a serious outage of any type B. Approve the disaster recovery plan C. formed to provide both a formal response process for management and on-site coverage, support, and expertise during large-scale emergencies D. Play a key role in responding to emergency situations, including security, real estate, systems, HR, organizational communications, compliance etc... |
C. formed to provide both a formal response process for management and on-site coverage, support, and expertise during large-scale emergencies Explanation: The emergency management organization (EMO) is formed to provide both a formal response process for management and on-site coverage, support, and expertise during large-scale emergencies. The EMO ensures that all locations and operating areas will receive an appropriate, coordinated response in the event of a serious outage of any type. The EMO management team is the decision-making body of the EMO and is usually comprised of areas within the company that play a key role in responding to emergency situations (From CISSP CBK 4th edition, Domain 7 - Security Operations > Update and Maintenance of the Plan > Transitioning from Project to Program |
|
|
Which is NOT a testing level of the business continuity plan? A. 0parallel test B. simulation C. cut over test D. war game |
D. war game |
|
|
Which backup type ensures data will be restored in the shortest available time? |
Full backup |
|
|
During the penetration testing process, the tester maintains a detailed and exact list of all the actions taken. What purpose does this serve? |
Cleaning up |
|
|
Which of the following is the goal of the clean up step in the penetration testing process? |
To return everything to the pre-test state |
|
|
Which of the wireless cracking tools is a 'proof-of-concept' only and not stable? |
Wesside-ng Explanation: Wesside-ng is a proof-of-concept tool and is not entirely stable. **To Author: While this answer may have been correct at the time it was written (and may be at the time I am writing this), it is not a good question as there may come a time in which Westside-ng becomes stable.** |
|
|
_____ is a tool in the suite of Aircrack-ng, which is used to store and manage ESSIDs and relevant password lists, and for computation of PMKs |
Airolib-ng |
|
|
Which type of document is used during a security assessment that contains specific clauses on liabilities and disruption to business services? |
Terms and conditions |
|
|
Which one of the following is not part of the change management process? A. Change control B. Configuration audit C. Request control D. Release control |
B. Configuration audit |
|
|
Audits have two distinct meanings in the context of application security. Which type of audit includes privileges granted to users in terms of rights and permissions to perform their job? |
User entitlement audits |
|
|
What is the purpose of a 'canary' value in a stack? |
To detect a stack smashing attack Explanation: A canary is a designated piece of data which is used to validate stored data because when malformed/suspicious information appears, the difference can be identified easily and an attempted vulnerability exploit can be defanged. |
|
|
A programmer who developed the software is restricted from modifying the production code. What is this an example of? |
Separation of Duties |
|
|
Which of the following is the least effective way to manage vulnerabilities? A. By changing the security policy B. By installing a patch C. By reconfiguring the software D. By buying new hardware |
A. By changing the security policy Explanation: Vulnerabilities may be in hardware, software or firmware, and not all may be patchable. A policy may require new hardware purchases to meet its standards. |
|
|
Which of the following is a reactive approach to security? A. Penetrate and patch B. Patch and penetrate C. Penetrate and penetrate D. Patch and patch |
A. Penetrate and patch Explanation: A defense is first penetrated, then in response, a patch is made to prevent further penetration |
