Cissp Study Questions
142 questions across 0 topics. Use the find bar or section chips to jump to what you need.
What is the most effective defense against cross-site scripting attacks? a) Limiting account privileges b)User Authentication c) Input validation d)encryption
c) Input validation prevents cross-site scripting attacks by limiting user input to a predefined range. This prevents the attacker from including the HTML ˂SCRIPT˃ tag in the input.
What phase of the Electronic Discovery Reference Model puts evidence in a format that may be shared with others? a) production b) processing c) revice d) presentation
a) Production places the information in a format that may be shared with others.
What form of security planning is designed to focus on timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans? a)strategic b) operational c) tactical d)administrative
c.) tactical planning is designed to focus on timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans.
Which is not a part of an electronic access control lock? A. An electromagnet B. A credential reader C. A door sensor D. A biometric scanner
d -An electronic access control (EAC) lock comprises three elements: an electromagnet to keep the door closed, a credential reader to authenticate subjects and to disable the electromagnet, and a door-closed sensor to reenable the electromagnet.
Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites? a.Communications circuits B. Workstations C. Servers D. Current data
d- current data
Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won't spoil results throughout the communication? A. Cipher Block Chaining (CBC) B. Electronic Code Book (ECB) C. Cipher Feedback (CFB) D. Output feedback (OFB)
d -Output feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large amounts of data.
Which one of the following items is not a critical piece of information in the chain of evidence? A. General description of the evidence B. Name of the person collecting the evidence C. Relationship of the evidence to the crime D. Time and date the evidence was collected
c -The chain of evidence does not require that the evidence collector know or document the relationship of the evidence to the crime.
Which firewall type looks exclusively at the message header to determine whether to transmit or drop data? A. Static packet filtering B. Application-level gateway C. Stateful inspection D. Dynamic packet filtering
a -A static packet-filtering firewall filters traffic by examining data from a message header.
What type of information is used to form the basis of an expert system's decision-making process? A. A series of weighted layered computations B. Combined input from a number of human experts, weighted according to past performance C. A series of "if/then" rules codified in a knowledge base D. A biological decision-making process that simulates the reasoning process used by the human mind
c -Expert systems use a knowledge base consisting of a series of "if/then" statements to form decisions based on the previous experience of human experts.
What type of cryptographic attack rendered Double DES (2DES) no more effective than standard DES encryption? A. Birthday attack B. Chosen ciphertext attack C. Meet-in-the-middle attack D. Man-in-the-middle attack
c -The meet-in-the-middle attack demonstrated that it took relatively the same amount of computation power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as a standard for government communication.
Which of the following is most directly associated with providing or supporting perfect forward secrecy? A. PBKDF2 B. ECDHE C. HMAC D. OCSP
B- Elliptic Curve Diffie-Hellman Ephemeral, or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE), implements perfect forward secrecy through the use of elliptic curve cryptography (ECC). PBKDF2 is an example of a key-stretching technology not directly supporting perfect forward secrecy. HMAC is a hashing function. OCSP is used to check for certificate revocation.
What is the best way to understand the meaning of the term 100-year flood plain? A. A flood that occurs once every 100 years B. A flood larger than any recorded in the past 100 years C. A very serious but very unlikely flood event D. A very serious flood that has a probability of 1 in 100 (1%) of occurring in any single calendar year
D-Flood levels rated in years (100-year, 500-year, 1,000-year, and so forth) basically reflect estimates of the probability of their occurrence. An area rated as a 100-year flood plain has a 1 in 100 chance of occurring in any given calendar year (1%), a 500-year flood has a 1 in 500 chance of occurring in any given calendar year, and so forth. Options A and B misrepresent the meaning of the 100-year interval mentioned, while option C fails to address its probabilistic intent.
What is the formula used to compute the ALE? A. ALE = AV EF ARO B. ALE = ARO * EF C. ALE = AV * ARO D. ALE = EF * ARO
a -The Annualized Loss Expectancy (ALE) is computed as the product of the asset value (AV) times the exposure factor (EF) times the annualized rate of occurrence (ARO). This is the longer form of the formula ALE = SLE * ARO. The other formulas displayed here do not accurately reflect this calculation.
Matthew and Richard want to communicate with each other using a public key cryptosystem. What is the total number of keys they must have to successfully communicate? A. 1 B. 2 C. 3 D. 4
To use public key cryptography, Matthew and Richard must each have their own pair of public and private cryptographic keys.
atunnel mode VPN is used to connect which types of systems? A. Hosts and servers B. Clients and terminals C. Hosts and networks D. Servers and domain controllers
c-Tunnel mode VPNs are used to connect networks to networks or networks to hosts. Transport mode is used to connect hosts to hosts. Host, server, client, terminal, and domain controller are all synonyms.
___________________ is any hardware, software, or administrative policy or procedure that defines and enforces access and restriction rights on an organizational level. A. Logical control B. Technical control C. Access control D. Administrative control
c- access control
Which of the following cryptographic attacks can be used when you have access to an encrypted message but no other information? A. Known plain-text attack B. Frequency analysis attack C. Chosen cipher-text attack D. Meet-in-the-middle attack
b-Frequency analysis may be used on encrypted messages. The other techniques listed require additional information, such as the plaintext or the ability to choose the ciphertext.
Which of the following approaches uses mathematical algorithms to analyze data, developing models that may be used to predict future activity? A. Expert systems B. Data mining C. Data warehousing D. Information discovery
b- Data mining uses mathematical approaches to analyze data, searching for patterns that predict future activity.
Vulnerabilities and risks are evaluated based on their threats against which of the following? A. One or more of the CIA Triad principles B. Data usefulness C. Due care D. Extent of liability
a- CIA
The Twofish algorithm uses an encryption technique not found in other algorithms that XORs the plain text with a separate subkey before the first round of encryption. What is this called? A. Preencrypting B. Prewhitening C. Precleaning D. Prepending
b-Prewhitening XORs the plain text with a separate subkey before the first round of encryption.
When you are configuring a wireless extension to an intranet, once you've configured WPA-2 with 802.1x authentication, what additional security step could you implement in order to offer additional reliable security? A. Require a VPN. B. Disable SSID broadcast. C. Issue static IP addresses. D. Use MAC filtering.
a -VPNRequiring a VPN to access the private wired network in addition to WPA-2 and 802.1x is the only additional reliable security option.
Which one of the following is not a major asset category normally covered by the BCP (business continuity plan)? A. People B. Documentation C. Infrastructure D. Buildings/facilities
b- The BCP normally covers three major asset categories: people, infrastructure, and buildings/facilities.
What is a security risk of an embedded system that is not commonly found in a standard PC? A. Software flaws B. Access to the internet C. Control of a mechanism in the physical world D. Power loss
C- Because an embedded system is in control of a mechanism in the physical world, a security breach could cause harm to people and property. This typically is not true of a standard PC. Power loss, internet access, and software flaws are security risks of both embedded systems and standard PCs.
what is the most common cause of failure for water based fire suppression systems? a. water shortage b. people c. ioniziation detectors d. placement of detectors in drop ceilings
b- people -humans turn off water after fire and forget to turn back on
What type of motion detector senses charges in the electrical or magnetic field surrounding a monitored object? a. wave b. photoelectric c. heat d. capacitance
Capacitance is the ratio of the amount of electric charge stored on a conductor to a difference in electric potential
What is the ideal humidity range for computer room?
40-60%
What network devices operate within the Physical layer? A. Bridges and switches B. Firewalls C. Hubs and repeaters D. Routers
c- hubs and repeaters
What method is not integral to assuring effective and reliable security staffing? A. Screening B. Bonding C. Training D. Conditioning
D- conditioning.Screening, bonding, and training are all vital procedures for ensuring effective and reliable security staffing because they verify the integrity and validate the suitability of said staffers
Which of the following is not an expected result of requiring users to regularly change their workstation assignment or physical location? A. Deters collusion between employees because ever-changing constellations of co-workers are less likely to bond sufficiently to perform unauthorized or illegal activities together B. Encourages users to store personal information on systems C. Encourages users to keep all work materials on network servers where they can be easily protected, overseen, and audited D. Gives users little or no opportunity to customize their systems or to install unapproved software because subsequent users will discover and report such changes
B-Options A, C, and D are examples of valid reasons why changes to workstation assignments or physical location can improve or maintain security. Regularly changing workstation assignment or location discourages users from storing personal information on systems.
Among the following attack patterns, which is not considered a form of amplified or denial of service attack? A. Flooding B. Spoofing C. Ping of death D. Smurf
b- Spoofing is the replacement of valid source and destination IP and port addresses with false ones. It is often used in DoS attacks but is not considered a DoS attack itself. Flooding, smurf, and ping of death are all DoS attacks.
What type of evidence refers to written documents that are brought into court to prove a fact? A. Best evidence B. Payroll evidence C. Documentary evidence D. Testimonial evidence
c- written documents brought into court to prove the facts of a case are referred to as documentary evidence.
If you are the victim of a bluejacking attack, what was compromised? A. Your firewall B. Your switch C. Your cell phone D. Your web cookies
C-
_______________ is the process by which a subject provides a username, logon ID, personal identification number, and so on. A. Accountability B. Authentication C. Confidentiality D. Identification
D-Identification is the process by which a subject professes an identity and accountability is initiated.
When NAC is used to manage an enterprise network, what is most likely to happen to a notebook system once reconnected to the intranet after it has been out of the office for six weeks while in use by an executive on an international business trip? A. Reimaged B. Updated at next refresh cycle C. Quarantine D. User must reset their password
c- NAC often operates in a pre-admission philosophy in which a system must meet all current security requirements (such as patch application and antivirus updates) before it is allowed to communicate with the network. This often means systems that are not in compliance are quarantined or otherwise involved in a captive portal strategy in order to force compliance before network access is restored.
Beth is planning to run a network port scan against her organization's web server. What ports should she expect will be open to the world? A. 80 and 443 B. 22 and 80 C. 80 and 1433 D. 22, 80, and 443
a- Web servers should expose ports 80 and/or 443 to the world to support HTTP and/or HTTPS connections. Port 22, used by SSH, and port 1433, used by SQL Server databases, should not normally be publicly exposed.
What part of the Common Criteria specifies the claims of security from the vendor that are built into a target of evaluation? A. Protection profiles B. Evaluation assurance level C. Certificate authority D. Security target
D- Security targets (STs) specify the claims of security from the vendor that are built into a TOE.
What form of password attack utilizes a preassembled lexicon of terms and their permutations? A. Rainbow tables B. Dictionary word list C. Brute force D. Educated guess
b-Dictionary word lists are precompiled lists of common passwords and their permutations and serve as the foundation for a dictionary attack on accounts.
Which one of the following is not a requirement that Internet service providers must satisfy in order to gain protection under the "transitory activities" clause of the Digital Millennium Copyright Act? A. The service provider and the originator of the message must be located in different states. B. The transmission, routing, provision of connections, or copying must be carried out by an automated technical process without selection of material by the service provider. C. Any intermediate copies must not ordinarily be accessible to anyone other than anticipated recipients and must not be retained for longer than reasonably necessary. D. The transmission must be originated by a person other than the provider.
a-The Digital Millennium Copyright Act does not include any geographical location requirements for protection under the "transitory activities" exemption. The other options are three of the five mandatory requirements. The other two requirements are that the service provider must not determine the recipients of the material and the material must be transmitted with no modification to its content.
What is the primary objective of a spoof attack? A. To send large amounts of data to a victim B. To cause a buffer overflow C. To hide the identity of an attacker through misdirection D. To steal user accounts and passwords
c-Spoofing grants the attacker the ability to hide their identity through misdirection. It is therefore involved in most attacks.
Which of the following is true regarding vulnerability scanners? A. They actively scan for intrusion attempts. B. They serve as a form of enticement. C. They locate known security holes. D. They automatically reconfigure a system to a more secure state.
Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weaknesses, they produce evaluation reports, which include recommendations.
Which of the following does not usually represent a timeframe of increased risk and vulnerability to an organization, such as information disclosure, data loss, and unplanned downtime? A. Layoffs B. Awareness training C. Acquisitions D. Mergers
b-Awareness training typically reduces risk and vulnerability.
Which of the following is not a denial-of-service attack? A. Exploiting a flaw in a program to consume 100 percent of the CPU B. Sending malformed packets to a system, causing it to freeze C. Performing a brute-force attack against a known user account when account lockout is not present D. Sending thousands of emails to a single address
c
What is the second phase of the IDEAL software development model? A. Developing B. Diagnosing C. Determining D. Designing
B-The second phase of the IDEAL software development model is the Diagnosing stage.
In what scenario would you perform bulk transfers of backup data to a secure off-site location? A. Incremental backup B. Differential backup C. Full backup D. Electronic vaulting
D-Electronic vaulting describes the transfer of backup data to a remote backup site in a bulk-transfer fashion.
What law amended the Health Insurance Portability and Accountability Act to include data breach notification requirements? A. FERPA B. HITECH C. PCI DSS D. CALEA
B-The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA to include new regulations related to data breach notification and the compliance requirements of covered entity business associates.
If you require the most advanced and complete method of off-site backup, what option do you choose? A. Manual backups B. Automated backups C. Remote mirroring D. Remote journaling
C-Remote mirroring is the most advanced, complete, and expensive off-site backup solution. With this solution, a live database server is kept off-site at some secure remote location.
Which of the following is a true statement regarding the EU-U.S. Privacy Shield? A. It is the updated and renamed version of the International Safe Harbor Privacy Principles. B. It extends HIPPA protections for U.S. citizens to countries in Europe. C. It was declared invalid by the European Court of Justice. D. It provides a means by which U.S. companies can process EU citizens' personal data.
D-The true statement from this list is that the EU-U.S. Privacy Shield provides a means by which U.S. companies can process EU citizens' personal data. The International Safe Harbor Privacy Principles were declared invalid by the European Court of Justice; thus, the EU-US Privacy Shield is a replacement for Safe Harbor but not a renamed and revised version of Safe Harbor. EU-US Privacy Shield does not extend HIPPA protections for U.S. citizens to countries in Europe.
Which of the following is a fake network designed to tempt intruders with unpatched and unprotected security vulnerabilities and false data? A. IDS B. Honeynet C. Padded cell D. Pseudo flaw
B-Honeypots are individual computers, and honeynets are entire networks created to serve as a trap for intruders. They look like legitimate networks and tempt intruders with unpatched and unprotected security vulnerabilities as well as attractive and tantalizing but false data. An intrusion detection system (IDS) will detect attacks. In some cases, an IDS can divert an attacker to a padded cell, which is a simulated environment with fake data intended to keep the attacker's interest. A pseudo flaw (used by many honeypots and honeynets) is a false vulnerability intentionally implanted in a system to tempt attackers.
Christopher would like to send Renee a message using a digital signature. What key should he use to create the digital signature? A. Christopher's public key B. Christopher's private key C. Renee's public key D. Renee's private key
B-The sender of a message uses their own private key to create a digital signature.
Christopher recently received word that his application for a trademark was approved by the US Patent and Trademark Office. What symbol should he use next to the name to indicate its protected status? A. © B. ® C. ™ D. †
The ® symbol is reserved for trademarks that have received official registration status by the US Patent and Trademark Office.
What law protects the privacy rights of students? A. HIPAA B. SOX C. GLBA D. FERPA
D-The Family Educational Rights and Privacy Act (FERPA) protects the rights of students and the parents of minor students.
What security protocol has become the de facto standard used to provide secure e-commerce services? A. S/MIME B. TLS C. SET D. PGP
B-Transport Layer Security (TLS), the revised replacement for SSL, has become the de facto standard used to provide secure e-commerce services. This is in spite of the attempts of several credit card companies to promote alternate options, such as Secure Electronic Transaction (SET).
Which of the following is a type of connection that can be described as a logical circuit that always exists and is waiting for the customer to send data? A. ISDN B. PVC C. VPN D. SVC
B-A permanent virtual circuit (PVC) can be described as a logical circuit that always exists and is waiting for the customer to send data.
What software development model uses a seven-stage approach with a feedback loop that allows progress one step backward? A. Boyce-Codd B. Waterfall C. Spiral D. Agile
B-The waterfall model uses a seven-stage approach to software development and includes a feedback loop that allows development to return to the previous phase to correct defects discovered during the subsequent phase.
Which of the following wireless technologies supports multifactor authentication options? A. WEP B. TKIP C. CCMP D. WPA2
D Both WPA and WPA2 support the enterprise authentication known as 802.1x/EAP, a standard port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place. Effectively, 802.1x is a hand-off system that allows the wireless network to leverage the existing network infrastructure's authentication services. Through the use of 802.1x, other techniques and solutions such as RADIUS, TACACS, certificates, smart cards, token devices, and biometrics can be integrated into wireless networks providing techniques for both mutual and multi-factor authentication.
What is the weakest link in a security chain? A. Internet connection B. People C. Documentation D. Hardware
B-People are the weakest link in a security chain.
What security model is based on dynamic changes of user privileges and access based on user activity? A. Sutherland B. Brewer-Nash C. Biba D. Graham-Denning
The Brewer-Nash model is based on dynamic changes of user privileges and access based on user activity.
Which one of the following storage devices is most likely to require encryption technology in order to maintain data security in a networked environment? A. Hard disk B. Backup tape C. Removable drives D. RAM
C- Removable drives are easily taken out of their authorized physical location, and it is often not possible to apply operating system access controls to them. Therefore, encryption is often the only security measure short of physical security that can be afforded to them. Backup tapes are most often well controlled through physical security measures. Hard disks and RAM chips are often secured through operating system access controls.
What type of access control system is deployed to physically deter unwanted or unauthorized activity and access? A. Preventive access control B. Deterrent access control C. Directive access control D. Compensation access control
a-Preventive access control is deployed to stop unwanted or unauthorized activity from occurring.
When attempting to impose accountability on users, what key issue must be addressed? A. Reliable log storage system B. Proper warning banner notification C. Legal defense/support of authentication D. Use of discretionary access control
C-To effectively hold users accountable, your security must be legally defensible. Primarily, you must be able to prove in a court that your authentication process cannot be easily compromised. Thus, your audit trails of actions can then be tied to a human.
Which of the following identifies vendor responsibilities and can include monetary penalties if the vendor doesn't meet the stated responsibilities? A. Service-level agreement (SLA) B. Memorandum of understanding (MOU) C. Interconnection security agreement (ISA) D. Software as a service (SaaS)
a -A service-level agreement identifies responsibilities of a third party such as a vendor and can include monetary penalties if the vendor doesn't meet the stated responsibilities. A MOU is an informal agreement and does not include monetary penalties. An ISA defines requirements for establishing, maintaining, and disconnecting a connection. SaaS is one of the cloud-based service models and does not specify vendor responsibilities.
What is the primary function of a gateway as a network device? A. Routing traffic B. Protocol translator C. Attenuation protection D. Creating virtual LANs
B-The gateway is a network device (or service) that works at the Application layer. However, an Application layer gateway is a very specific type of component. It serves as a protocol translation tool. For example, an IP-to-IPX gateway takes inbound communications from TCP/IP and translates them over to IPX/SPX for outbound transmission.
Which one of the following types of memory might retain information after being removed from a computer and, therefore, represent a security risk? A. Static RAM B. Dynamic RAM C. Secondary memory D. Real memory
c- Secondary memory is a term used to describe magnetic, optical, or flash media. These devices will retain their contents after being removed from the computer and may later be read by another user.
Which of the following statements is true? A. An open system does not allow anyone to view its programming code. B. A closed system does not define whether or not its programming code can be viewed. C. An open source program can only be distributed for free. D. A closed source program cannot be reverse engineered or decompiled.
B- A closed system is designed to work well with a narrow range of other systems, generally all from the same manufacturer. The standards for closed systems are often proprietary and not normally disclosed. However, a closed system (as a concept) does not define whether or not its programming code can be viewed. An open system (as a concept) also does not define whether or not its programming code can be viewed. An open source program can be distributed for free or for a fee. A closed source program can be reverse engineered or decompiled.
What process state can be dependent on peripherals? A. Ready B. Waiting C. Running D. Supervisory
B- The waiting state is a process state that depends on peripherals as the processes pause execution until the conclusion of some requested activity, such as peripheral activity.
What is the main purpose of a military and intelligence attack? A. To attack the availability of military systems B. To obtain secret and restricted information from military or law enforcement sources C. To utilize military or intelligence agency systems to attack other nonmilitary sites D. To compromise military systems for use in attacks against other systems
B-A military and intelligence attack is targeted at the classified data that resides on the system. To the attacker, the value of the information justifies the risk associated with such an attack. The information extracted from this type of attack is often used to plan subsequent attacks.
An organization is planning the layout of a new building that will house a datacenter. Where is the most appropriate place to locate the datacenter? A. In the center of the building B. Closest to the outside wall where power enters the building C. Closest to the outside wall where heating, ventilation, and air conditioning systems are located D. At the back of the building
A -Valuable assets require multiple layers of physical security, and placing a datacenter in the center of the building helps provide these additional layers. Placing valuable assets next to an outside wall (including at the back of the building) eliminates some layers of security
Which of the following elements of teaching is considered a prerequisite for the others? A. Education B. Awareness C. Training D. Certification
B-Awareness must be established before actual training can take place.
hat mechanism is used to support the exchange of authentication and authorization details between systems, services, and devices? A. Biometric B. Two-factor authentication C. SAML D. LDAP
C-SAML is an open standard data format based on XML for the purpose of supporting the exchange of authentication and authorization details between systems, services, and devices. A biometric is an authentication factor, not a means of exchanging authentication information. Two-factor authentication is the use of two authentication factors. LDAP is a protocol used by directory services and is not directly related to authentication.
What is the maximum key length of Blowfish? A. 128 bits B. 256 bits C. 384 bits D. 448 bits
Blowfish has a maximum key length of 448 bits.
Which of the following would provide the best protection against rainbow table attacks? A. Hashing passwords with MD5 B. Salt and pepper with hashing C. Account lockout D. Implement RBAC
B-Using both a salt and pepper when hashing passwords provides strong protection against rainbow table attacks. MD5 is no longer considered secure, so it isn't a good choice for hashing passwords. Account lockout helps thwart online password brute-force attacks, but a rainbow table attack is an offline attack. Role Based Access Control (RBAC) is an access control model and unrelated to password attacks.
______________________ is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints. A. ISDN B. Frame Relay C. SMDS D. ATM
B-Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints. The Frame Relay network is a shared medium across which virtual circuits are created to provide point-to-point communications. All virtual circuits are independent of and invisible to each other.
Which of the following is not an effective countermeasure against inappropriate content being hosted or distributed over a secured network? A. Activity logging B. Content filtering C. Intrusion detection system D. Penalties for violations
C-An intrusion detection system is designed to detect intrusions and is not a countermeasure against inappropriate content by internal users. However, activity logging, content filtering, and policies that include penalties for violations can all be used as countermeasures for inappropriate content.
What regulation formalizes the prudent man rule that requires senior executives to take personal responsibility for their actions? A. CFAA B. Federal Sentencing Guidelines C. GLBA D. Sarbanes-Oxley
B- The Federal Sentencing Guidelines released in 1991 formalized the prudent man rule, which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation.
What networking device can be used to create digital network segments that can be altered as needed by adjusting the settings internal to the device rather than on endpoint devices? a) router b) switch c) proxy d) gateway
B- A switch is a networking device that can be used to create digital network segments (i.e., VLANs) that can be altered as needed by adjusting the settings internal to the device rather than on endpoint devices. A router connects disparate networks rather than creating network segments.
Identification is the first step toward what ultimate goal? A. Accountability B. Authorization C. Auditing D. Nonrepudiation
a -Accountability is the ultimate goal of a process started by identification.
What type of attack targets proprietary information stored on a civilian organization's system? A. Business attack B. Denial-of-service attack C. Financial attack D. Military and intelligence attack
- b- business attack Confidential information that is not related to the military or intelligence agencies is the target of business attacks. The ultimate goal could be destruction, alteration, or disclosure of confidential information.
You've performed a basic quantitative risk analysis on a specific threat/vulnerability/risk relation. You select a possible countermeasure. When performing the calculations again, which of the following factors will change? A. Exposure factor B. Single loss expectancy C. Asset value D. Annualized rate of occurrence
d -A countermeasure directly affects the annualized rate of occurrence, primarily because the counter-measure is designed to prevent the occurrence of the risk, thus reducing its frequency per year.
A team that knows substantial information about its target, including on-site hardware/software inventory and configuration details, is best described as what? A. Zero knowledge B. Infinite knowledge C. Absolute knowledge D. Partial knowledge
D -Partial-knowledge teams possess a detailed account of organizational assets, including hardware and software inventory, prior to a penetration test.
What BIA metric can be used to express the longest time a business function can be unavailable without causing irreparable harm to the organization? A. SLE B. EF C. MTD D. ARO
c-The maximum tolerable downtime (MTD) represents the longest period a business function can be unavailable before causing irreparable harm to the business. This figure is useful when determining the level of business continuity resources to assign to a particular function.
Which one of the following alternate processing arrangements is rarely implemented? A. Hot site B. Warm site C. Cold site D. MAA site
d - Mutual assistance agreements are rarely implemented because they are difficult to enforce in the event of a disaster requiring site activation.
What does the term "100-year flood plain" mean to emergency preparedness officials? A. The last flood of any kind to hit the area was more than 100 years ago. B. The odds of a flood at this level are 1 in 100 in any given year. C. The area is expected to be safe from flooding for at least 100 years. D. The last significant flood to hit the area was more than 100 years ago.
B- The term 100-year flood plain is used to describe an area where flooding is expected once every 100 years. It is, however, more mathematically correct to say that this label indicates a 1 percent probability of flooding in any given year.
The Goguen-Meseguer model is an ________ model based on predetermining the set or domain—a list of objects that a subject can access. A. Integrity B. Confidentiality C. Non-interference D. Availability
a -The Goguen-Meseguer model is an integrity model based on predetermining the set or domain—a list of objects that a subject can access.
What are the well-known ports? A. 0 to 1,023 B. 80, 135, 110, 25 C. 0 to 65, 536 D. 32,000 to 65,536
a- Ports 0 to 1,023 are the well-known ports.
Servers within your organization were recently attacked causing an excessive outage. You are asked to check systems for known issues that attackers may use to exploit other systems in your network. Which of the following is the best choice to meet this need? A. Versioning tracker B. Vulnerability scanner C. Security audit D. Security review
B- Vulnerability scanners are used to check systems for known issues and are part of an overall vulnerability management program. Versioning is used to track software versions and is unrelated to detecting vulnerabilities. Security audits and reviews help ensure that an organization is following its policies but wouldn't directly check systems for vulnerabilities.
Which one of the following is not a goal of cryptographic systems? A. Nonrepudiation B. Confidentiality C. Availability D. Integrity
C- The four goals of cryptographic systems are confidentiality, integrity, authentication, and nonrepudiation.
What is the first step of the business impact assessment process? A. Identification of priorities B. Likelihood assessment C. Risk identification D. Resource prioritization
a -Identification of priorities is the first step of the business impact assessment process.
What is the formula used to compute the single loss expectancy for a risk scenario? A. SLE = AV × EF B. SLE = RO × EF C. SLE = AV × ARO D. SLE = EF × ARO
a-The single loss expectancy (SLE) is computed as the product of the asset value (AV) and the exposure factor (EF). The other formulas displayed here do not accurately reflect this calculation.
Which one of the following attacks is most indicative of a terrorist attack? A. Altering sensitive trade secret documents B. Damaging the ability to communicate and respond to a physical attack C. Stealing unclassified information D. Transferring funds to other countries
b-A terrorist attack is launched to interfere with a way of life by creating an atmosphere of fear. A computer terrorist attack can reach this goal by reducing the ability to respond to a simultaneous physical attack.
Which one of the following is not a basic requirement for the reference monitor? A. It must be tamperproof. B. The source code must be made public. C. It must always be invoked. D. It must be small enough for testing.
b-There is no requirement that the reference monitor's source code be available to the public.
Exercising reasonable care to protect the interests and assets of an organization through a formalized security structure (policies, standards, guidelines, and so on) is better known as what? A. Due care B. Due notice C. Due diligence D. Due indifference
a- Due care is the notion of preserving and protecting assets and interests for a given organization as exercised through a formalized security structure comprising baselines, guidelines, policies, procedures, and rules.
What evidentiary principle states that a written contract is assumed to contain all the terms of an agreement? A. Material evidence B. Best evidence C. Parol evidence D. Relevant evidence
c-The parol evidence rule states that a written contract is assumed to contain all the terms of an agreement and cannot be modified by a verbal agreement.
Which of the following would security personnel do during the remediation stage of an incident response? A. Contain the incident B. Collect evidence C. Rebuild system D. Root cause analysis
B-Security personnel perform a root cause analysis during the remediation stage. A root cause analysis attempts to discover the source of the problem. After discovering the cause, the review will often identify a solution to help prevent a similar occurrence in the future. Containing the incident and collecting evidence is done early in the incident response process. Rebuilding a system may be needed during the recovery stage
___________________ ensures against unauthorized access to information deemed personal or confidential. A. Integrity B. Availability C. Nonrepudiation D. Privacy
D -The principle of privacy ensures freedom from unauthorized access to information deemed personal or confidential.
Which of the following is the most important and distinctive concept in relation to layered security? A. Multiple B. Series C. Parallel D. Filter
B-Layering is the deployment of multiple security mechanisms in a series. When security restrictions are performed in a series, they are performed one after the other in a linear fashion. Therefore, a single failure of a security control does not render the entire solution ineffective.
When information is collected about your activities online without your consent, it is a violation of what? A. Integrity B. Intent C. Confidentiality D. Privacy
D -When information is collected about your activities online without your consent, it is known as a violation of privacy.
Which software development life cycle model allows for multiple iterations of the development process, resulting in multiple prototypes, each produced according to a complete design and testing process? A. Software Capability Maturity model B. Waterfall model C. Development cycle D. Spiral model
D-The spiral model allows developers to repeat iterations of another life cycle model (such as the waterfall model) to produce a number of fully tested prototypes.
Which of the following is not a segmentation of a network? A. Subnet B. VPN C. VLAN D. DMZ
B-A VPN is not a network segmentation; it is a secured encapsulation tunnel used to connect networks (or network segments) together. Subnets, VLANs, and a DMZ are examples of network segmentation.
Which one of the following is not a principle of Agile development? A. Satisfy the customer through early and continuous delivery. B. Businesspeople and developers work together. C. Pay continuous attention to technical excellence. D. Prioritize security over other requirements.
D-In Agile, the highest priority is to satisfy the customer through early and continuous delivery of valuable software.
Which of the following is the best response after detecting and verifying an incident? A. Contain it. B. Report it. C. Remediate it. D. Gather evidence.
A -Containment is the first step after detecting and verifying an incident. This limits the effect or scope of an incident. Organizations report the incident based on policies and governing laws, but this is not the first step. Remediation attempts to identify the cause of the incident and steps that can be taken to prevent a reoccurrence, but this is not the first step. It is important to protect evidence while trying to contain an incident, but gathering the evidence will occur after containment.
In an Agile software development process, how often should business users be involved in development? A. Daily B. Weekly C. Monthly D. At each release
a -The Agile development process requires that business users interact with developers on a daily basis.
What is used to increase the strength of cryptography by creating a unique cipher text every time the same message is encrypted with the same key? A. Initialization vector B. Vignere cipher C. Steganography D. Stream cipher
a- An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique cipher text every time the same message is encrypted with the same key.
Which subset of the Structured Query Language is used to create and modify the database schema? A. Data Definition Language B. Data Structure Language C. Database Schema Language D. Database Manipulation Language
The Data Definition Language (DDL) is used to make modifications to a relational database's schema.
A VPN is a specific form of ___________________. A. Tunnel B. Encryption C. WAN connectivity D. Accountability mechanism
a -A virtual private network (VPN) is simply a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary network.
Gathering sensitive information about an organization or party, in both physical and digital form, for the purpose of ill-gotten gain or disclosure is indicative of what crime? A. Sabotage B. Social engineering C. Espionage D. Collusion
c-Espionage is a criminal action to disclose or profit from illegally obtained sensitive information about an organization.
What is the primary purpose of change management? A. To prevent unwanted reductions to security B. To allow management to review all changes C. To delay the release of mission-critical patches D. To improve productivity of end users
b-The primary purpose of change management is to allow management to review all changes. However, it is true that the overall goal of change management is to prevent unwanted reductions to security.
During what phase of incident response do you collect evidence such as firewall logs? A. Detection B. Response C. Compliance D. Remediation
b-Evidence collection takes place during the response phase of the incident. Incidents are identified and verified during the detection phase. Compliance with laws might occur during the reporting phase, depending on the incident. Personnel typically perform a root-cause analysis during the remediation phase.
A team that initially knows nothing about its target before performing a security analysis is known as what? A. Absolute knowledge B. Partial knowledge C. Zero knowledge D. Infinite knowledge
c-Zero-knowledge teams possess only primary information about an organization during a security assessment or penetration test.
Which form of DBMS primarily supports the establishment of treelike relationships? A. Relational B. Hierarchical C. Mandatory D. Distributed
b-A hierarchical DBMS supports one-to-many relationships, often expressed in a tree structure.
Which one of the following tools is used primarily to perform network discovery scans? A. Nmap B. Nessus C. Metasploit D. lsof
a-Nmap is a network discovery scanning tool that reports the open ports on a remote system.
In a(n) ___________ system, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment. A. Trusted B. Authorized C. Available D. Baseline
a-In a trusted system, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.
During threat modeling, several options exist for ranking or rating the severity and priority of threats. Which of the following not a threat modeling ranking system? A. DREAD B. Probability * Damage Potential C. Qualitative analysis D. High/medium/low
c-Qualitative analysis is part of risk management/risk assessment, but it is not specifically a means of ranking or rating the severity and priority of threats under threat modelling. The three common means of ranking or rating the severity and priority of threats are DREAD, Probability * Damage Potential, and High/medium/low.
What is an attempt to vigorously exercise the security constraints and parameters of a network, often using any means necessary? A. Ethical hacking B. Penetration testing C. War dialing D. Brute force
b- Penetration testing is the process of exercising, validating, and verifying the state of security on a network.
In a typical environment, when a user creates a new file object (such as a document or image file), who is the owner of that object by default? A. Key recovery agent B. Administrator or root C. Creator D. None
c-The user who creates a new object is usually the default owner of that object.
What is the client source port of a secured web communication? A. 1024 B. 80 C. 443 D. A dynamic port
d-Client source ports are dynamic ports (i.e., randomly selected port number between 1024-65,535) for most Application layer protocols, including secure web communications (i.e., HTTPS).
Which one of the following technologies is considered flawed and should no longer be used? A. SHA-3 B. PGP C. WEP D. TLS
C-The WEP algorithm has documented flaws that make it trivial to break. It should never be used to protect wireless networks.
What phase of the Electronic Discovery Reference Model examines information to remove information subject to attorney-client privilege? A. Identification B. Collection C. Processing D. Review
d-Review examines the information resulting from the processing phase to determine what information is responsive to the request and remove any information protected by attorney-client privilege.
at is the point and purpose of disaster recovery services? A. To prevent interruption to business operations B. To prevent intrusion upon business operations C. To provide restoration facilities to continue business operations D. To provide personnel for provisioning rations to survivors
c-Disaster recovery services provide restoration facilities to continue business operations.
System architecture, system integrity, covert channel analysis, trusted facility management, and trusted recovery are elements of what security criteria? A. Quality assurance B. Operational assurance C. Life cycle assurance D. Quantity assurance
b-Assurance is the degree of confidence you can place in the satisfaction of security needs of a computer, network, solution, and so on. Operation-al assurance focuses on the basic features and architecture of a system that lend themselves to sup-porting security.
You are the security administrator for an e-commerce company and are placing a new web server into production. What network zone should you use? A. Internet B. DMZ C. Intranet D. Sandbox
b-The DMZ (demilitarized zone) is designed to house systems like web servers that must be accessible from both the internal and external networks.
Which would an administrator do to classified media before reusing it in a less secure environment? A. Erasing B. Clearing C. Purging D. Overwriting
c-Purging media removes all data by writing over existing data multiple times to ensure that the data is not recoverable using any known methods. Purged media can then be reused in less secure environments. Erasing the media performs a delete, but the data remains and can easily be restored. Clearing, or overwriting, writes unclassified data over existing data, but some sophisticated forensics techniques may be able to recover the original data, so this method should not be used to reduce the classification of media.
What element of data categorization management can override all other forms of access control? A. Classification B. Physical access C. Custodian responsibilities D. Taking ownership
d-Ownership grants an entity full capabilities and privileges over the object they own. The ability to take ownership is often granted to the most powerful accounts in an operating system because it can be used to overstep any access control limitations otherwise implemented.
John recently received an email message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message? A. Nonrepudiation B. Confidentiality C. Availability D. Integrity
a-Nonrepudiation prevents the sender of a message from later denying that they sent it.
What standard governs the creation of digital certificates used in the public key infrastructure? A. FIPS 180-2 B. S/MIME C. X.509 D. 802.1x
c-X.509 defines a common format for digital certificates containing certification of a public encryption key.
What is the duration of trade secret protection under federal law? A. 20 years B. 25 years C. 50 years D. Unlimited
d-There is no limit to the duration of trade secret protection.
Which security mechanism is used to verify whether the directive and preventive controls have been successful? A. Directive control B. Preventive control C. Detective control D. Corrective control
c-A detective control is a security mechanism used to verify whether the directive and preventive controls have been successful.
Which of the following is not true? A. A purely quantitative analysis is not possible. B. Qualitative risk analysis employs complex formulas and calculations. C. Quantitative risk analysis assigns real dollar figures to the loss of an asset. D. Qualitative risk analysis assigns subjective and intangible values to the loss of an asset.
b-Qualitative risk analysis does not employ complex formulas and calculations. Scenario discussions and simple value assignments are used to evaluate risk, incidents, losses, and safeguards.
What is the length of protection offered by trademark law without requiring a renewal? A. 5 years B. 7 years C. 10 years D. 20 years
c-Trademarks are protected for an initial 10-year period and may be renewed for unlimited successive 10-year periods.
Which of the following is not a security concern in relation to an organization's divestitures? A. Preventing data leakage B. Sanitization techniques C. Holding exit interviews D. Performing on-boarding
d
What is a trusted computing base (TCB)? A. Hosts on your network that support secure transmissions B. The operating system kernel and device drivers C. The combination of hardware, software, and controls that work together to enforce a security policy D. The software and controls that certify a security policy
c-The TCB is the combination of hardware, software, and controls that work together to enforce a security policy.
A central authority determines which files a user can access. Which of the following best describes this? A. An access control list (ACL) B. An access control matrix C. Discretionary Access Control model D. Nondiscretionary access control model
d-A nondiscretionary access control model uses a central authority to determine which objects (such as files) that users (and other subjects) can access. In contrast, a Discretionary Access Control (DAC) model allows users to grant or reject access to any objects they own. An ACL is an example of a rule-based access control model. An access control matrix includes multiple objects, and it lists the subject's access to each of the objects.
Adam recently ran a network port scan of a web server running in his organization. He ran the scan from an external network to get an attacker's perspective on the scan. Which one of the following results is the greatest cause for alarm? A. 80/open B. 22/filtered C. 443/open D. 1433/open
d-Only open ports represent potentially significant security risks. Ports 80 and 443 are expected to be open on a web server. Port 1433 is a database port and should never be exposed to an external network.
What type of malicious code appears to be a beneficial program but actually performs some type of malicious activity in the background? A. Virus B. Worm C. Trojan horse D. Logic bomb
c-Trojan horses are programs that appear to the user to be some type of beneficial program (such as a game or utility) but perform a malicious activity in the background.
Which of the following is not an example of a converged protocol? A. iSCSI B. VoIP C. FCoE D. NNTP
d-Network News Transfer Protocol (NNTP) is not an example of a converged protocol. ISCSI, VoIP, and FCoE are converged protocols.
Which of the following acts as a proxy between an application and a database to support interaction and simplify the work of programmers? A. SDLC B. ODBC C. DSS D. Abstraction
B-ODBC acts as a proxy between applications and the backend DBMS.
Senior management must show reasonable ___________________ to reduce their culpability and liability when a loss occurs. A. Profits B. Insurance C. Due care D. Asset valuation
c-Senior management must show reasonable due care to reduce their culpability and liability when a loss occurs.
What term is used to describe hiding messages within graphical images? A. Pseudocryptography B. Graphography C. Steganography D. Rheumatology
c-Steganography is the art of hiding messages within the bits of a graphical image to avoid detection.
Which of the following best describes an implicit deny principle? A. All actions that are not expressly denied are allowed. B. All actions that are not expressly allowed are denied. C. All actions must be expressly denied. D. None of the above.
b-The implicit deny principle ensures that access to an object is denied unless access has been expressly allowed (or explicitly granted) to a subject. It does not allow all actions that are not denied, and it doesn't require all actions to be denied.
Which of the following is not a valid security measure to protect against brute-force and dictionary attacks? A. Enforce strong passwords through a security policy. B. Maintain strict control over physical access. C. Require all users to log in remotely. D. Use two-factor authentication.
c-Requiring users to log in remotely does not protect against password attacks such as brute-force or dictionary attacks. Strong password policies, physical access control, and two-factor authentication all improve the protection against brute-force and dictionary password attacks.
What is a TCP wrapper? A. An encapsulation protocol used by switches B. An application that can serve as a basic firewall by restricting access based on user IDs or system IDs C. A security protocol used to protect TCP/IP traffic over WAN links D. A mechanism to tunnel TCP/IP through non-IP networks
b-A TCP wrapper is an application that can serve as a basic firewall by restricting access based on user IDs or system IDs.
Which of the following attacks is the best example of a financial attack? A. Denial of service B. Website defacement C. Port scanning D. Phone phreaking
d-Phone phreaking attacks are designed to obtain service while avoiding financial costs.
Which one of the following cannot be achieved by a secret key cryptosystem? A. Nonrepudiation B. Confidentiality C. Authentication D. Key distribution
s-Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely denying that they originated a message.
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials