Sec +3

1.

1 point

Backing up data by sending it through a communications line to a remote location is known as

Transaction journaling

Off-site storage

Electronic vaulting

Electronic journaling

2.

1 point

Two-factor authentication is so called because

It requires two of the three authentication types

Tokens use two-factor encryption to hide their secret algorithms

Authentication difficulty is increased by a factor of two

It uses a factor of two prime numbers algorithm for added strength

3.

1 point

Which of the following is NOT a value of change control in the software development life cycle?

Changes are documented and subject to approval

Scope creep is controlled

It gives the customer veto power over proposed changes

The cost of changes is considered

4.

1 point

What's one disadvantage of an organization signing its own certificates?

The certificate-signing function is labor intensive

Anyone outside the organization will receive warning messages

The user-identification process is labor intensive

It's much more expensive than having certificates signed by a Certification Authority (CA)

5.

1 point

Which agency has jurisdiction over computer crimes in the United States?

The Department of Justice

The Electronic Crimes Task Force

Federal, state, or local jurisdiction

The FBI and the Secret Service

6.

1 point

Configuration Management is used to

Document the approval process for configuration changes

Control the approval process for configuration changes

Ensure that changes made to an information system don't compromise its security

Preserve a complete history of the changes to software or data in a system

7.

1 point

Why would a dry-pipe sprinkler be preferred over a wet-pipe sprinkler?

Dry-pipe systems put out a fire more quickly

Dry-pipe systems consume less water

Dry-pipe systems have a smaller likelihood of rust damage

Dry-pipe systems have a potentially useful time delay before water is discharged

8.

1 point

The purpose of an operating system is to

Manage hardware resources

Compile program code

Decompile program code

Present graphic display to users

9.

1 point

The purpose of risk analysis is

To qualify the classification of a potential threat

To quantify the likelihood of a potential threat

To quantify the net present value of an asset

To quantify the impact of a potential threat

10.

1 point

Which of the following is a disadvantage of SSL?

It requires a certificate on every client system

It is CPU intensive

All clients must be retrofitted with HTTP v3 browsers

An eavesdropper can record and later play back an SSL session

11.

1 point

Which of the following is NOT a method used to create an online redundant data set?

Remote journaling

Off-site storage

Electronic vaulting

Database mirroring

12.

1 point

The phrase something you are refers to

A user's security clearance

A user's role

Type 2 authentication

Type 3 authentication

13.

1 point

How does the Waterfall software development life cycle help to assure that applications will be secure?

Security requirements can be included early on and verified later in testing

The testing phase includes penetration testing

The Risk Analysis phase will uncover flaws in the feasibility model

A list of valid users must be approved prior to production

14.

1 point

The ability for a government agency to wiretap a data connection was implemented in the

Skipjack chip

Magic lantern

Cutty chip

Clipper chip

15.

1 point

Under what circumstances may evidence be seized without a warrant?

If it's in the public domain

If it's believed that its destruction is imminent

In international incidents

If it's on a computer

16.

1 point

The traces of original data remaining after media erasure are known as

Data remanence

Data traces

Leakage

Data particles

17.

1 point

Why should a datacenter's walls go all the way to the ceiling and not just stop as high as the suspended ceiling?

The walls will serve as an effective fire break

The HVAC will run more efficiently

The walls will be stronger

The high wall will block more noise

18.

1 point

Protection rings are used for

Implementing memory protection

Creating nested protection domains

Modeling layers of protection around and information object

Shielding system from EMF

19.

1 point

Annualized Rate of Occurrence refers to

The exact frequency of a threat

The estimated frequency of a threat

The estimated monetary value of a threat

The exact monetary value of a threat

20.

1 point

An access control list is NOT used by

A firewall or screening router to determine which packets should pass through

A router to determine which administrative nodes may access it

A bastion host to determine which network services should be permitted

A client system to record and save passwords

21.

1 point

A DRP that has a high RPO and a low RTO will result in

A system that takes more time to recover but has recent data

A system that recovers quickly but has old data

A system that recovers quickly and has recent data

A system that has never been tested

22.

1 point

Two-factor authentication is stronger than single-factor authentication because

It uses a factor of two prime numbers algorithm for added strength

It relies on two factors, such as a password and a smart card

Authentication difficulty is increased by a factor of two

The user must be physically present to authenticate

23.

1 point

The main purpose of configuration management is to

Require cost justification for any change in a software product

Require approval for any desired change in a software product

Maintain a detailed record of change for the lifetime of a software product

Provide the customer with a process for requesting configuration changes

24.

1 point

The cipher device used by Germany in World War II is known as

M-922

M-902

Enigma

Turing

25.

1 point

Motive, means, and opportunity

Are required prior to the commission of a crime

Are the required three pieces of evidence in any criminal trail

Are the three factors that help determine whether someone may have committed a crime

Are the usual ingredients in a sting operation

26.

1 point

Software controls are used to

Perform input checking to ensure that no buffer overflow occur

Keep running programs from viewing or changing other programs memory

Perform configuration management-like functions on software

Ensure the confidentiality and integrity of software

27.

1 point

Which of the following are NOT fire detectors?

Dial-up alarms

Heat-sensing alarms

Flame-sensing alarms

Smoke-sending alarms

28.

1 point

The TCSEC document is known as the Orange Book because

It's orange in color

It covers the major classes of computing system security, D through A

Its coverage of security was likened to the defoliant Agent Orange

No adequate model of computing system security was available at the time

29.

1 point

Single Loss Expectancy refers to

The expectation of the occurrence of a single loss

The monetary loss realized from an individual threat

The likelihood that a single loss will occur

The annualized monetary loss from a single threat

30.

1 point

What is the purpose of the DHCP protocol?

It's used to diagnose network problems

It assigns IP addresses to serves

It assigns IP addresses to stations that join the network

It's used to dynamically build network routes

31.

1 point

The purpose of a BIA is

To determine the criticality of business processes

To determine the impact of disasters on critical processes

To determine the impact of software defects on critical business processes

To determine which software defects should be fixed

32.

1 point

An organization has recently implemented a palm-scan biometric system to control access to sensitive zones in a building. Some employees have objected to the biometric system for sanitary reasons. The organization should

Switch to a fingerprint-scanning biometric system

Educate users about the inherent cleanliness of the system

Allow users who object to the system to be able to bypass it

Require employees to use a hand sanitizer prior to using the biometric system

33.

1 point

A security specialist has discovered that an application her company produces has a JavaScript injection vulnerability. What advice should the security specialist give to the application's developers?

Implement input filtering to block JavaScript and other script languages

Upgrade to the latest release of Java

Re-complile the application with safe input filtering turned on

Re-compile the application by using UTF-8 character set support

34.

1 point

Cryptography can be used for all the following situations EXCEPT

Performance

Confidentiality

Integrity

Authentication

35.

1 point

The burden of proof in U.S. civil law is

The preponderance of the evidence

Beyond a reasonable doubt

Beyond all doubt

Based on the opinion of the presiding judge

36.

1 point

An organization may choose to perform periodic background checks on its employees for all the following reason EXCEPT

To determine whether the employee has earned any additional educational degrees

To determine whether a detrimental change in an employee's financial situation might entice him or her to steal from the employer

To determine whether a criminal offense has occurred since the person was hired that would impact the risk of continued employment

To uncover any criminal offenses that weren't discovered in the initial background check

37.

1 point

Which class of hand-held fire extinguisher should be used in a datacenter

Class B

Class C

Class A

Class D

38.

1 point

All the following CPU's are CISC design EXCEPT

PDP-11

Intel x86

SPARC

Motorola 68000

39.

1 point

A system architect has designed a system that is protected with redundant parallel firewalls. This follows which security design principle?

Avoidance of a single point of failure

Defense in depth

Fail open

Fail closed

40.

1 point

The type of cable that is best suited for high RF and EMF environments is

Fiber-optic

Sheilded twisted-pair

Coaxil

Thinnet

41.

1 point

A disaster Recovery Planning team has been told by management that the equipment required to meet RTO and RPO targets is too costly. What's the best course of action to take?

Classify the system as being out of scope

Reduce the RTO and RPO targets

Look for less expensive methods for achieving targets and report to management if no alternatives can be found

Ask for more budget for recovery systems

42.

1 point

A security manager is planning a new video surveillance system. The manager wants the video surveillance system to be both a detective control and a deterrent control. What aspect of the system's design will achieve this objective?

Include a video-recording capability in the system

Make video cameras conspicuously visible and post warning notices

Hide video cameras and don't post warning notices

Make video monitors conspicuously visible

43.

1 point

Privacy advocates organizations are concerned about the practices of aggregation, which involves

Selling highly sensitive data to the highest bidder

Distributing highly sensitive data to third parties

Combining low-sensitivity data elements that result in highly sensitive data

Disclosing highly sensitive data to government agencies

44.

1 point

A cipher uses a table to replace plain text characters with cipher text characters. This type of cipher is known as

Stream

Block

Substitution

Transposition

45.

1 point

Under U.S. law, the amount of a fine and the length of imprisonment are based on

The opinion of the judge

The opinion of the jury

The evidence introduced in a trial

Federal sentencing guidlines

46.

1 point

An organization has identified a high-risk activity that's performed by a single individual. The organization will change the activity so that two or more individuals are required to perform the task. This new setup is known as

Single point of failure

Shared custody

Split custody

Separation of duties

47.

1 point

An organization wants to erect fencing around its property to keep out determined intruders. What are the minimum specifications that the organization should consider?

Eight feet in height and three strands of barbed wire at the top

Twelve feet in height and three strands of barbed wire at the top

Eight feet in height

Twelve feet in height

48.

1 point

Which type of technology is a computer designer most likely to use for main memory?

EAROM

Dynamic RAM

Flash

Hard drive

49.

1 point

A document that lists the equipment brands, programming languages, and communications protocols to be used in an organization is a

Policy

Guideline

Requirement

Standard

50.

1 point

Which of the following is true about Digital Subscriber Line

Digital Subscriber Line is synonymous with DOCSIS (Digital Over Cable Services Interface Specification)

Digital Subscriber Line is a simplex protocol

Digital Subscriber Line has been superseded by ISDN

Digital Subscriber Line has superseded ISDN