Sec + 2

1.

1 point

The Disaster Recovery Plan (DRP) needs to be continuously maintained because:

The organization's software versions are constantly changing

The organization's business process are constantly changing

The available software patches are constantly changing

The organization's data is constantly changing

2.

1 point

Security guards, locked doors, and surveillance cameras are known as

Site-access controls

Safeguards

Physical access controls

Administrative controls

3.

1 point

Neural networking gets its name from

The make and model of equipment in a network

Patterns thought to exist in the brain

Its inventor, Sigor Neura

Observed patterns in neural telepahty

4.

1 point

The process of hiding a message inside a larger data set is known as

Decryption

Steganography

Cryptanalysis

Extraction

5.

1 point

Enticement is defined as

Being caught with criminal evidence in one's possession

Leading someone to commit a crime that they wouldn't otherwise have committed

Monitoring with the intent of recording a crime

Keeping the criminal at the scene of the crime long enough to gather evidence

6.

1 point

The practice of separation of duties

Is used to provide variety by rotating personnel among various tasks

Help to prevent any single individual from compromising an information system

Is used to ensure that the most experienced persons get the best tasks

Is used in large 24x7 operations shops

7.

1 point

Tailgating is a term describing what activity?

Logging in to a server from two or more locations

Causing a PBX to permit unauthorized long distance calls

Following an employee through an uncontrolled access

Following an employee through a controlled access

8.

1 point

Which of the following is NOT a security issue with distributed architectures?

Lack of security awareness by some personnel

Difficulty in controlling the distribution and use of software

Protection of centrally stored information

Backups might not be performed on some systems, risking loss of data

9.

1 point

What's the purpose of a senior management statement of security policy?

It defines who's responsible for carrying out a security policy?

It states that senior management need not follow a security policy

It emphasizes the importance of security throughout an organization

It states that senior management must also follow a security policy

10.

1 point

What is the purpose of RARP?

When given an IP address, RARP returns a MAC address

When given a MAC address, RARP returns an IP address

It traces the source address of a spoofed packet

It determines the least cost route through a multipath network

11.

1 point

How is the organization's DRP best kept up-to-date?

With regular audits to ensure that changes in business processes are known

By maintaining list of current software versions, patches, and configurations

By maintaining personnel contact lists

By regularly testing the DRP

12.

1 point

Role-based access control and task-based access control are examples of

Mandatory access controls

Administrative controls

Discretionary access controls

Non-discretionary access controls

13.

1 point

The verification activity associated with coding is called

Unit testing

Design review

System testing

Architecture review

14.

1 point

Steganography isn't easily noticed because

Monitor and picture quality are so good these days

Most PC's speakers are turned off or disabled

The human eye often can't sense the noise that steganography introduces

Check sums can't detect most steganographed images

15.

1 point

The purpose of a honeypot is to

Log an intruder's actions

Act as a decoy to keep the intruder interested while his or her orgin and identity are traced

Deflect Denial of Service attacks away from production servers

Provide direct evidence of a break-in

16.

1 point

Which of the following tasks would NOT be performed by security administrator?

Changing file permissions

Configuring users privileges

Installing system software

Reviewing audit data

17.

1 point

What does fail open mean in the context of controlled building entrances?

Controlled entrances permit no one to pass

Controlled entrances permit people to pass without identification

A power outage won't affect control of the entrance

A pass key is required to enter the building

18.

1 point

TCB is an acronym for

Trusted Computing Baseline

Trusted Computing Base

Tertiary Computing Base

Trusted Cache Base

19.

1 point

What is the purpose of an "advisory policy"?

This is an optional policy that can be followed

This is an informal offering of advice regarding security practices

This is a temporary policy good only for a certain period of time

This is a policy that must be followed but is not mandated by regulation

20.

1 point

132.116.72.5 is a

MAC address

IPv4 address

Subnet mask

IPv6 address

21.

1 point

An organization that's developing its DRP has established a 20 minute Recovery Time Objective (RTO). Which solution will best support this

Cluster

Cold site

Hot site

Virtualization

22.

1 point

Audits, background checks, video cameras, and listening devices are known as

Discrentionary controls

Physical controls

Preventive controls

Detective controls

23.

1 point

What's the primary input of a high-level product design?

Feasibility study

Integration rules

Unit testing

Requirments

24.

1 point

What historic event was the backdrop for breakthroughs in strategic cryptography?

The Gulf War

World War I

World War II

The Six-Day War

25.

1 point

Which of the following is NOT a precaution that needs to be taken before monitoring e-mail?

Establishing strict procedures that define under what circumstances

Posting a visible notice that states e-mail is company information subject to search

Issuing monitoring tools to all e-mail admisistrators

Making sure that all employees know that e-mail is being monitored

26.

1 point

What's the potential security benefit of rotation of duties?

It reduces the risk that personnel will perform unauthorized activites

It ensures that all personnel are familiar with all security task

It's used to detect covert activities

It ensures security because personnel aren't very familiar with their duties

27.

1 point

What does fail closed mean in the context of controlled building entrances?

Controlled entrances permit no one to pass

Controlled entrances permit people to pass without identification

The access control computer is down

Everyone is permitted to enter the building

28.

1 point

The sum total of all protection mechanisms in a system is known as a

Trusted Computing Base

Protection domain

Trusted path

SPM (Summation Protection Mechanism)

29.

1 point

What is the definition of a "threat"

Any event that produces an undesirable outcome

A weakness present in a control or countermeasure

An act of aggression that causes harm

An individual likely to violate security policy

30.

1 point

04:c6:d1:45:87:E8 is a

MAC address

IPv4 address

Subnet mask

IPv6 address

31.

1 point

Which of the following is NOT natural disaster?

Tsunami

Pandemic

Flood

Communications outage

32.

1 point

Smart cards, fences, guard dogs, and card key access are known as

Mandatory controls

Physical controls

Preventive controls

Detective controls

33.

1 point

The main improvement of the Waterfall software life cycle model over earlier process models is

System and software requirements are combined into one step

Developers can back up one step in the process for rework

Coding and testing is combined into one step

The need for rework was eliminated

34.

1 point

Non-repudiation refers to

The technology that shoots down the "I didn't send that message" excuse

Re-verification of all Certificate Authority (CA) certificates servers

The annual competency review of system authentication mechanisms

The annual competency review of network authentication mechanisms

35.

1 point

Intellectual property laws apply to

Trade secrets, trademarks, copyrights, and patents

Trademarks, copyrights, and patents

Trademarks only

Patents only

36.

1 point

The process of reviewing and approving changes in production systems is known as

Availability management

Configuration management

Change management

Resource control

37.

1 point

A water sprinkler system that's characterized as always having water in the pipes is known as

Dry-pipe

Wet-pipe

Preaction

Discharge

38.

1 point

The mechanism that overlaps hardware instructions to increase performance is known as

RISC

Pipeline

Pipe dream

Multitasking

39.

1 point

A weakness in a security control is called a

Risk

Vulnerability

Threat

Hole

40.

1 point

The "Ping" command sends

IGRP Echo Reply packets

IGRP Echo Request packets

ICMP Echo Request packets

UDP Echo Request packets

41.

1 point

The term remote journaling refers to

A mechanism that transmits transactions to an alternative processing site

A procedure for maintaining multiple copies of change control record

A procedure for maintaining multiple copies of configuration management records

A mechanism that ensures the survivability of written records

42.

1 point

Is identification weaker than authentication?

Yes: Identity is based only on the assertion of identity without providing proof

Yes: Identification uses ASCII data, whereas authentication uses binary data

No: Identification and authentication provide the same level of identity

No: They are used in different contexts and have noting to do with each other

43.

1 point

A project team is at the beginning stages of a new software development project. The team wants to ensure that the security features are present in the completed software application. In what stage should security be introduced?

Requirements development

Test plan development

Application coding

Implementation plan development

44.

1 point

The amount of effort required to break a given ciphertext is known as

The Work function

The Effort function

Cryptanalysis

Extraction

45.

1 point

In order to be admissible, electronic evidence must

Be legally permissible

Not be copied

Have been in the custody of the investigator at all times

Not contain vireses

46.

1 point

The process of maintaining and documenting software versions and settings is known as

Availability management

Configuration management

Change management

Resource control

47.

1 point

A water sprinkler system that charges the pipes when it receives a heat or smoke alarm, and then discharges the water when a higher ambient temperature is reached, is known as

Dry-pipe

Wet-pipe

Preaction

Discharge

48.

1 point

FORTRAN, BASIC, and C are known aas

Structured languages

Nested languages

Second-generation languages

Third-generation languages

49.

1 point

A security control intended to reduce risk is called a

Safeguard

Threat

Countermeasure

Partition

50.

1 point

SMTP is used to

Manage multiple telnet sessions

Tunnel private sessions through the internet

Simulate modems

Transport e-mail