Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CSIA 300 Final Exam Prep: Cybersecurity Concepts and Practices, Exams of Advanced Education

A comprehensive set of multiple-choice questions and answers covering key cybersecurity concepts and practices relevant to csia 300. It covers topics such as system development life-cycle phases, cryptography, security incident response, business continuity planning, and more. A valuable resource for students preparing for their final exam in csia 300.

Typology: Exams

2024/2025

Available from 11/06/2024

professoraxel
professoraxel 🇺🇸

3.7

(29)

10K documents

1 / 20

Toggle sidebar

Partial preview of the text

Download CSIA 300 Final Exam Prep: Cybersecurity Concepts and Practices and more Exams Advanced Education in PDF only on Docsity!

CSIA 300 Final Exam Prep With 100%

Correct Answers 2023

Which of the following phases of a system development life-cycle is most concerned with authenticating users and processes to ensure appropriate access control decisions? - Correct Answer-Operation and maintenance What is the effective key size of DES? - Correct Answer-56 bit What are two types of ciphers? - Correct Answer-Transposition and substitution When block chaining cryptography is used, what type of code is calculated and appended to the data to ensure authenticity? - Correct Answer-Message authentication code Which of the following is the most secure form of triple-DES encryption? - Correct Answer-DES-EDE Cryptography does not help in - Correct Answer-Detecting fraudulent disclosure All of the following statements about a security incident plan are correct EXCEPT - Correct Answer-The plan should be published annually Two separate employees are required to open a safe containing sensitive information. One employee has part of the safe combination, and a second employee has another part of the safe combination. This arrangement follows the principle of - Correct Answer- Split custody Within the realm of IT security, which of the following combinations best defines risk? - Correct Answer-Threat coupled with a vulnerability The purpose of a security incident debrief is all of the following EXCEPT: - Correct Answer-Review of log files The primary impact of a pandemic on an organization is: - Correct Answer-Long periods of employee absenteeism that impact the organization's ability to provide services In what phase of a business continuity plan does a company proceed when it is ready to move back into its original site or a new site? - Correct Answer-Reconstitution phase The process of erasing magnetic media through the use of a strong magnetic field is known as: - Correct Answer-Degaussing

A security manager has instructed a system administrator to wipe files on a hard disk. This means that the administrator needs to: - Correct Answer-Use a tool to overwrite files multiple times Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue? - Correct Answer-Problem Management What is the minimum and customary practice of responsible protection of assets that affects a community or societal norm? - Correct Answer-Due care What is one disadvantage of content-dependent protection of information? - Correct Answer-increases processing overhead In the event of a security incident, one of the primary objectives of the operations staff is to ensure that.. - Correct Answer-there is minimal disruption to the organization's mission Which of the following statements pertaining to block ciphers is incorrect? - Correct Answer-Plain text is encrypted with a public key and decrypted with a private key. Cryptography does not help in: - Correct Answer-Detecting fraudulent disclosure Where is firmware primarily stored on a computer system? - Correct Answer-Read-only memory What size is an MD5 message digest (hash)? - Correct Answer-128 bits Which of the following mail standards relies on a "Web of Trust"? - Correct Answer- Pretty Good Privacy (PGP How many bits is the effective length of the key of the Data Encryption Standard Algorithm? - Correct Answer- A demilitarized zone on a computer network exists for all of the following reasons except: - Correct Answer-Reduces the load on firewalls The primary advantage of the use of a central management console for anti-virus is: - Correct Answer-Consolidation of reporting and centralized signature file distribution Which attack is primarily based on the fragmentation implementation of IP and uses large ICMP packets? - Correct Answer-Ping of Death TCP and UDP use port numbers of what length? - Correct Answer-16 bits A screening router can perform packet filtering based on which type of data? - Correct Answer-Source and destination addresses and port numbers.

In the OSI model, at what level are TCP and UDP provided? - Correct Answer- Transport A workstation that can remotely access the organization's network through a VPN and access the local LAN where the workstation is connected, all through the same physical network connection, is using: - Correct Answer-Split tunneling The purpose of a password policy that locks an account after five unsuccessful login attempts is: - Correct Answer-To prevent an intruder from carrying out a dictionary attack against a password The information security officer in an organization has assigned various accounting department employees to various roles in the organization's financial system, taking care to assign roles with the fewest possible functions. Roles have been assigned according to the principle of: - Correct Answer-Least privilege Which of the following is NOT a risk associated with remote access: - Correct Answer- Anti-virus software on the remote computer will not be able to download virus definition updates Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server? - Correct Answer-Bind variables An employee in an organization is requesting access to more information than is required. This request should be denied on the basis of which principle: - Correct Answer-Need to know What is the difference between split tunneling and inverse split tunneling: - Correct Answer-In split tunneling, the default network is the LAN; in inverse split tunneling, the default network is the VPN A security manager is setting up resource permissions in an application. The security manager has discovered that he can establish objects that contain access permissions, and then assign individual users to those objects. The access control model that most closely resembles this is: - Correct Answer-Role based access control (RBAC) A guard dog patrolling the perimeter of a data center is what type of a control? - Correct Answer-Physical A resource server contains an access control system. When a user requests access to an object, the system examines the permission settings for the object and the permission settings for the user, and then makes a decision whether the user may access the object. The access control model that most closely resembles this is: - Correct Answer-Mandatory access control (MAC)

Steve, a department manager, has been asked to join a committee that is responsible for defining an acceptable level of risk for the organization, reviewing risk assessment and audit reports, and approving significant changes to security policies and programs. What committee is he joining? - Correct Answer-Security steering committee What is the reason that an Information Security Continuous Monitoring (ISCM) program is established? - Correct Answer-To collect information in accordance with pre- established metrics, utilizing information readily available in part through implemented security controls Synthetic performance monitoring, sometimes called proactive monitoring, involves? - Correct Answer-having external agents run scripted transactions against a web application. What is the most effective means of determining how controls are functioning within an operating system? - Correct Answer-Review of software control features and/or parameters Buffer overflow and boundary condition errors are subsets of - Correct Answer-Input validation errors The process for developing an ISCM strategy and implementing an ISCM program is? - Correct Answer-Define, establish, implement, analyze, respond, review and update A Service Organization Control (SOC) Report commonly covers a - Correct Answer- month period An outline for a physical security design should include program categories and the necessary countermeasures for each. What category do locks and access controls belong to? - Correct Answer-Delay The NIST document that discusses the Information Security Continuous Monitoring (ISCM) program is? - Correct Answer-NIST SP 800- "Please do not touch Steve's pet alligator" is: - Correct Answer-A memory aid for the names of the layers in the OSI network model All of the following are valid reasons for backing up data EXCEPT: - Correct Answer-R An organization has a strong, management-driven model of security related activities such as policy, risk management, standards, and processes. This model is better known as: - Correct Answer-Security governance Which type of fire extinguisher is effective against flammable liquids: - Correct Answer- Class B

A system administrator needs to harden a server. The most effective approach is: - Correct Answer-Remove unneeded services, disable unused ports, and remove unneeded accounts Within the realm of IT security, which of the following combinations best defines risk? - Correct Answer-Threat coupled with a vulnerability When determining the value of an intangible asset which is the BEST approach? - Correct Answer-With the assistance of a finance of accounting professional determine how much profit the asset has returned Qualitative risk assessment is earmarked by which of the following? - Correct Answer- Ease of implementation and it can be completed by personnel with a limited understanding of the risk assessment process Single loss expectancy (SLE) is calculated by using: - Correct Answer-Asset value and exposure factor Consideration for which type of risk assessment to perform includes all of the following:

  • Correct Answer-Culture of the organization, budget, capabilities and resources Security awareness training includes: - Correct Answer-Security roles and responsibilities for staff What is the minimum and customary practice of responsible protection of assets that affects a community or societal norm? - Correct Answer-Due care Effective security management: - Correct Answer-Reduces risk to an acceptable level Availability makes information accessible by protecting from: - Correct Answer-Denial of services, fires, floods, and hurricanes and unreadable backup tapes Which phrase best defines a business continuity/disaster recovery plan? - Correct Answer-The adequate preparations and procedures for the continuation of all organization functions Which of the following steps should be performed first in a business impact analysis (BIA)? - Correct Answer-Identify all business units within an organization Tactical security plans are BEST used to: - Correct Answer-Deploy new security technology Who is accountable for implementing information security? - Correct Answer-Security officer

Security is likely to be most expensive when addressed in which phase? - Correct Answer-Implementation Information systems auditors help the organization: - Correct Answer-Identify control gaps The Facilitated Risk Analysis Process (FRAP): - Correct Answer-makes a base assumption that a narrow risk assessment is the most efficient way to determine risk in a system, business segment, application or process Setting clear security roles has the following benefits: - Correct Answer-Establishes personal accountability, establishes continuous improvement and reduces turf battles Well-written security program policies are BEST reviewed: - Correct Answer-At least annually or at pre-determined organization changes An organization will conduct a risk assessment to evaluate: - Correct Answer-threats to its assets, vulnerabilities present in the environment, the likelihood that a threat will be realized by taking advantage of an exposure, the impact that the exposure being realized will have on the organization, the residual risk A security policy which will remain relevant and meaningful over time includes the following: - Correct Answer-Directive words such as shall, must, or will, defined policy development process and is short in length The ability of one person in the finance department to add vendors to the vendor database and subsequently pay the vendor violates which concept? - Correct Answer- Separation of duties Collusion is best mitigated by: - Correct Answer-Job rotation Data access decisions are best made by: - Correct Answer-Data owners Which of the following statements BEST describes the extent to which an organization should address business continuity or disaster recovery planning? - Correct Answer- Continuity planning is a significant organizational issue and should include all parts or functions of the company Business impact analysis is performed to BEST identify: - Correct Answer-The exposures to loss to the organization During the risk analysis phase of the planning, which of the following actions could BEST manage threats or mitigate the effects of an event? - Correct Answer- Implementing procedural controls

The BEST reason to implement additional controls or safeguards is to: - Correct Answer-reduce the impact of the threat Which of the following statements BEST describes organization impact analysis? - Correct Answer-An organization impact analysis establishes the effect of disruptions on the organization The term "disaster recovery" refers to the recovery of: - Correct Answer-technology environment Which of the following terms BEST describes the effort to determine the consequences of disruptions that could result from a disaster? - Correct Answer-Business impact analysis The elements of risk are: - Correct Answer-Threats, assets, and mitigating controls Which of the following methods is not acceptable for exercising the business continuity plan? - Correct Answer-Halting a production application or function Which of the following is the primary desired result of any well-planned business continuity exercise? - Correct Answer-Identifies plan strengths and weaknesses A business continuity plan is best updated and maintained: - Correct Answer-During the configuration and change management process Which of the following is MOST important for successful business continuity? - Correct Answer-Senior leadership support A service's recovery point objective is zero. Which approach BEST ensures the requirement is met? - Correct Answer-RAID 6 with a hot site alternative The (ISC) 2 code of ethics resolves conflicts between canons by: - Correct Answer-the order of the canons In the event of a security incident, one of the primary objectives of the operations staff is to ensure that - Correct Answer-there is minimal disruption to the organization's mission. Good data management practices include - Correct Answer-Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.

The information owner typically has the following responsibilities - Correct Answer- Determine the impact the information has on the mission of the organization, understanding the replacement cost of the information, determine who in the organization or outside of it has a need for the information and and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed. Issues to be considered by the security practitioner when establishing a data policy include - Correct Answer-Cost Ownership and custodianship Privacy Liability Sensitivity Existing law and policy requirements Policy and process QA/QC mechanisms are designed to prevent data contamination, which occurs when a process or event produces either of which two types of fundamental errors into a dataset? - Correct Answer-Errors of commission Errors of omission Some typical responsibilities of a data custodian may include: - Correct Answer- Adherence to appropriate ad relevant data policy and data ownership guidelines. Ensuring accessibility to appropriate users, maintaining appropriate levels of dataset security. Fundamental dataset maintenance, including but not limited to data storage and archiving. Assurance of quality and validation of any additions to a dataset, including periodic audits to assure ongoing data integrity. The objectives of data documentation are to - Correct Answer-Ensure the longevity of data and their re-use for multiple purposes.

Ensure the data users understand the content context and limitations of datasets. Facilitate the interoperability of datasets and data exchange Benefits of data standards include: - Correct Answer-More efficient data management, increased data sharing, higher quality data, improved data consistency increased data integration better understanding of data improved documentation of information resources When classifying data, the security practitioner needs to determine the following aspects of the policy - Correct Answer-Who has access to the data, what methods should be used to dispose of the data, how the data is secured, whether the data needs to be encrypted. The major benefits of information classification is to - Correct Answer-identify the appropriate level of protection needs. When sensitive information is no longer critical but till within scope of a record retention policy, that information is best - Correct Answer-Re-categorized What are the four phases of equipment lifecycle? - Correct Answer-Defining requirements acquiring and implementing operations and maintenance disposal and decommission. Which of the following best determines the employment suitability of an individual? - Correct Answer-Background investigation

The best way to ensure that there is no data remanence of sensitive information that was one stored on a DVD-R media is by - Correct Answer-Destruction Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue? - Correct Answer-Problem management Before applying a software update to production systems, it is most important that - Correct Answer-the production systems are backed up. A holistic lifestyle for developing security architecture that begins with assessing business requirements and subsequently creating a 'chain of traceability' through phases of strategy, concept, design, implementation and metrics is characteristic of which of the following frameworks? - Correct Answer-SABSA While and Enterprise Security Architecture (ESA) can be applied in many different ways, it is focused on a few key goals. Identify the proper listing of the goals for the ESA. - Correct Answer-it represents a simple, long term view of control, it provides a unified vision for common security controls, it leverages existing technology investments, it provides a flexible approach to current and future threats and also the needs of core functions. Which of the following can best be used to capture detailed security requirements? - Correct Answer-Threat modeling, data classification, and risk assessments. Which of the following security standards is internationally recognized as the standards for sound security practices and is focused on the standardization and certification of an organization's Information Security Management System (ISMS)? - Correct Answer-ISO 27001 Which of the following describes the rules that need to be implemented to ensure that the security requirements are met? - Correct Answer-Security policy A two-dimensional grouping of individual subjects into groups or roles and granting access to groups to objects is an example of which of the following types of models? - Correct Answer-Matrix-based Which of the following models ensures that a subject with clearance of 'Secret' has the ability to write only to objects classified as 'Secret" or 'Top Secret' but is prevented from writing information classified as 'Public"? - Correct Answer-Bell-LaPadula Which of the following is unique to the Biba Integrity Model? - Correct Answer- Invocation property

Which of the following models is best combined is a shared data-hosting environment so that the data of one customer is not disclosed to a competitor or other customers sharing that hosted environment? - Correct Answer-Brewer-Nash Which of the following security models is primarily concerned with how the subjects and objects are assigned rights or privileges? - Correct Answer-Graham-Denning Which of the following ISO standards provides the evaluation criteria that can be used to evaluate security requirements of different products with different functions? - Correct Answer- In the Common Criteria, the common set of functional and assurance requirements for a category of vendor products deployed in a particular type of environment are known as - Correct Answer-Protection profiles Formal acceptance of an evaluated system by management is known as - Correct Answer-Accreditation Which of the following evaluation assurance level that is formally verified, designed and tested is expected for high risk situation? - Correct Answer-EAL Which stage of the Capability Maturity Model (CMM) is characterized by having organizational processes that are proactive? - Correct Answer-Defined Which of the following best provides a method of quantifying risks associated with information technology when validating the abilities of new security controls and countermeasures to address the identified risks? - Correct Answer-Threat/risk assessment The TCSEC identifies two sets of covert channels, what are they? - Correct Answer- Storage and Timing Which of the following is the main reason for security concerns in mobile computing devices? - Correct Answer-Lower processing power In decentralized environments device drivers that enable the OS to control and communicate with hardware need to be securely designed developed and deployed because they are - Correct Answer-typically installed by end-users and granted access to the supervisor state. A system administrator grants rights to a group of individuals called 'Accounting' instead of granting rights to each individual. This is an example of which of the following security mechanisms? - Correct Answer-Abstraction

Asymmetric key cryptography is used for the following: - Correct Answer-Encryption of data, non-repudiation, Access Control Which of the following supports asymmetric key cryptography? - Correct Answer-Diffie- Hellman What is an important disadvantage of using a public key algorithm compared to a symmetric key algorithm? - Correct Answer-A symmetric algorithm is a faster process. When a user needs to provide message integrity, what option is best? - Correct Answer- Create a checksum, append it to the message, encrypt the message, send it to the recipient. A Certificate Authority (CA) provides which benefits to the user? - Correct Answer- Validation that a public key is associate to a particular user. What is the output length of a RIPEMD-160 hash? - Correct Answer-160 bits ANSI X9.17 is concerned primarily with - Correct Answer-protection and secrecy of key. When a certificate is revoked, what is the proper procedure? - Correct Answer-updating the certificate revocation list Which is true about link encryption? - Correct Answer-Link encryption encrypts routing information, is often used for Frame Relay of satellite links, and provides traffic flow confidentiality. NIST defines three service models that represent different types of cloud services available, what are they? - Correct Answer-Software as a Service (SaaS) Infrastructure as a Service (IaaS) Platform as a Service (PaaS) The process used in most block ciphers to increase their strength is - Correct Answer- SP-network Which of the following best describes fundamental methods of encrypting data - Correct Answer-Symmetric and asymmetric Cryptography supports all of the principles of information security except - Correct Answer-Authenticity

A way to defeat frequency analysis as a method to determine the key is to use - Correct Answer-Polyalphabetic ciphers The running key cipher is based on - Correct Answer-Modular arithmetic The only cipher system said to be unbreakable by brute force is - Correct Answer-One- time pad The main types of implementation attacks include - Correct Answer-Fault analysis and Probing Which is the best choice for implementing encryption on a smart card? - Correct Answer-Elliptical Curve Cryptography An e-mail with a document attachment from a know individual is received with a digital signature. The e-mail client is unable to validate the signature. What is the best course of action? - Correct Answer-Determine why the signature can't be validated prior to opening the attachment. The vast majority of Virtual Private Networks use - Correct Answer-SSL/TLS and IPSec In the OSI reference model, on which layer can Ethernet (IEEE 802.3) be described? - Correct Answer-Layer 2—Data-link layer A customer wants to keep cost to a minimum and has only ordered a single static IP address from the ISP. Which of the following must be configured on the router to allow for all the computers to share the same public IP address? - Correct Answer-PAT (port address translation) Users are reporting that some Internet websites are not accessible anymore. Which of the following will allow the network administrator to quickly isolate the remote router that is causing the network communication issue, so that the problem can be reported to the appropriate responsible party? - Correct Answer-Tracert Ann installs a new Wireless Access Point (WAP) and users are able to connect to it. However, once connected, users cannot access the Internet. Which of the following is the MOST likely cause of the problem? - Correct Answer-An incorrect subnet mask has been entered in the WAP configuration What is the optimal placement for network-based intrusion detection systems (NIDS)? - Correct Answer-On the network perimeter, to alert the network administrator of all suspicious traffic Which of the following end-point devices would MOST likely be considered part of a converged IP network? - Correct Answer-file server, IP phone, security camera

Network upgrades have been completed and the WINS server was shutdown. It was decided that NetBIOS network traffic will no longer be permitted. Which of the following will accomplish this objective? - Correct Answer-Port filtering Which of the following devices should be part of a network's perimeter defense? - Correct Answer-A firewall, A proxy server, A host based intrusion detection system (HIDS) Which of the following is a principal security risk of wireless LANs? - Correct Answer- Lack of physical access control Which of the following is a path vector routing protocol? - Correct Answer-BGP It can be said that IPSec - Correct Answer-provides mechanisms for authentication and encryption A Security Event Management (SEM) service performs the following function: - Correct Answer-Aggregates logs from security devices and application servers looking for suspicious activity Which of the following is the principal weakness of DNS (Domain Name System)? - Correct Answer-Lack of authentication of servers, and thereby authenticity of records Which of the following statements about open e-mail relays is INCORRECT? - Correct Answer-Using a blacklist of open e-mail relays provides a secure way for an e-mail administrator to identify open mail relays and filter spam A botnet can be characterized as - Correct Answer-A group of dispersed, compromised machines controlled remotely for illicit reasons During a disaster recovery test, several billing representatives need to be temporarily setup to take payments from customers. It has been determined that this will need to occur over a wireless network, with security being enforced where possible. Which of the following configurations should be used in this scenario? - Correct Answer-WPA2, SSID disabled, and 802.11a Which xDSL flavor delivers both downstream and upstream speeds of 1.544 Mbps over two copper twisted pairs? - Correct Answer-HDSL A new installation requires a network in a heavy manufacturing area with substantial amounts of electromagnetic radiation and power fluctuations. Which media is best suited for this environment if little traffic degradation is tolerated? - Correct Answer-Fiber Multi-layer protocols such as Modbus used in industrial control systems - Correct Answer-Are often insecure by their very nature as they were not designed to natively operate over today's IP networks

Frame Relay and X.25 networks are part of which of the following? - Correct Answer- Packet-switched services Authentication is - Correct Answer-the process of verifying the identity of the user Which best describes access controls? - Correct Answer-Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved _____ requires that a user or process be granted access to only those resources necessary to perform assigned functions. - Correct Answer-Least privilege What are the seven main categories of access control? - Correct Answer-directive, deterrent, preventative, detective, corrective, compensating, and recovery What are the three types of access control? - Correct Answer-Administrative, physical, technical What are types of failures in biometric identification systems? - Correct Answer-False reject, False accept What best describes two-factor authentication? - Correct Answer-A PIN and a hard token A potential vulnerability of the Kerberos authentication server is - Correct Answer-single point of failure In mandatory access control the system controls access and the owner determines - Correct Answer-need to know Which is the least significant issue when considering biometrics? - Correct Answer- technology type Which is a fundamental disadvantage of biometrics? - Correct Answer-revoking credentials Role-based access control... - Correct Answer-is based on user job functions Identity management is... - Correct Answer-A set of technologies and processes intended to offer greater efficiency in the management of a diverse user and technical environment A disadvantage of single sign-on is... - Correct Answer-A compromised password exposes all authorized resources

Which of the following is incorrect when considering privilege management? - Correct Answer-Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function The Identity and Access Provisioning Lifecycle is made up of which phases? - Correct Answer-Review, Provisioning, Revocation When reviewing user entitlement the security professional must be MOST aware of... - Correct Answer-Business or organizational processes and access aggregation A guard dog patrolling the perimeter of a data center is what type of a control? - Correct Answer-Physical Assuming a working IDS is in place, which of the following groups is best capable of stealing sensitive information due to the absence of syste auditing? - Correct Answer- Disgruntled Employee Which of the following provides controlled and un-intercepted interfaces into priveleged user functions? - Correct Answer-Trusted Paths the doors of a data center spring open in teh event of a fire. This is an example of? - Correct Answer-Fail-safe Which of the following ensures constant redundancy and fault-tolerance? - Correct Answer-Hot Spare If speed is prefferred over resilience, which of teh following RAID configuration is the most suited? - Correct Answer-RAID 0 Updating records in multiple locations or copying an entire database on to a remote location as a means to ensure the appropriate levels of fault-tolerance and redundancy is known as - Correct Answer-Shadowing When the backup window is not long enough to backup all of the data and the restoration of backup must be as fast as possible. Which of the following type of high- availability backup strategy is Best? - Correct Answer-Differential At a restricted facility, visitor are requested to provide identification and verified against a pre-approved list by the guard at the front gate before being let in. This is an example of checking for - Correct Answer-Least Privilege When sensitive information is no longer critical but still within scope of a record retention policy, that information is best - Correct Answer-Re-categorized

Which of the following best determines access and suitability of an individual? - Correct Answer-Clearance level Which of the following can help with ensuring that only the needed logs are collected for monitoring? - Correct Answer-Clipping Level The main difference between a Security Even Information Management (SEIM) system and a log management system is that SEIM systems are useful for log collection, collation and analysis - Correct Answer-In real time The best way to ensure that there is no data remanence of sensitive information that was once stored on a DVD-R media is by - Correct Answer-Destruction Computer forensics is the marriage of computer science, information technology, and engineering with - Correct Answer-Law What principle allows an investigator to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator leaves traces while stealing assets? - Correct Answer-Locards Principle of Exchange Which of the following is part of the five rules of evidence? - Correct Answer-Be complete, be authentic and be admissible. What is not mentioned as a phase of an incident response? - Correct Answer- Prosecution Which best emphasizes the abstract concepts of law and is influenced by the writings of legal scholars and academics. - Correct Answer-Civil law Which of the following are computer forensics guidelines? - Correct Answer-IOCE, SWGDE and ACPO Triage encompasses which of the following incident response subphases? - Correct Answer-Detection, identification, notification The integrity of a forensic bit stream image is determined by: - Correct Answer- Comparing hash totals to the original source When dealing with digital evidence, the crime scene: - Correct Answer-must have the least amount of contamination that is possible When outsourcing IT systems - Correct Answer-all regulatory and compliance requirements must be passed on to the provider. when dealing with digital evidence, the chain of custody: - Correct Answer-Must follow a formal documented process.

To ensure proper forensics action when needed, an incident response program must: - Correct Answer-Treat every incident as though it may be a crime. A hard drive is recovered from a submerged vehicle. The drive is needed for a court case. What is the best approach to pull information off the drive? - Correct Answer- Contact a professional data recovery organization, explain the situation, and request they pull a forensic image. To successfully complete a vulnerability assessment, it is critical that protection systems are well understood through: - Correct Answer-threat definition, target identification and facility characterization. The strategy of forming layers and protection around an asset or facility is known as: - Correct Answer-Defense-in-depth The key to a successful physical protection system is the integration of: - Correct Answer-people, procedures, and equipment For safety considerations in perimeter areas such as parking lots or garages what is the advised lighting? - Correct Answer-5 fc What would be the most appropriate interior sensor used for a building that has windows along the ground floor? - Correct Answer-accoustic/shock glass-break sensors which of the following best describe three separate functions of CCTV? - Correct Answer-surveillance, deterrence, and evidentiary archives What is the best means of protecting the physical devices associate with the alarm system? - Correct Answer-Tamper protection The key objective of application security is to ensure - Correct Answer-the confidentiality, integrity and availability of data For an application security program to be effective within an organization, it is critical to

  • Correct Answer-develop the security policy that can be enforced. Which of the following architectures states: "There is no inherrent difference between data and programming representations in computer memory" which can lead to injection attacks, characterized by executing data as instructions. - Correct Answer-Von Neumann An important characteristic of bytecode is that it - Correct Answer-is faster than interpreted languages

Two cooperating processes that simultaneously compete for a shared resource, in such a way that they violate the system's security policy, is commonly known as - Correct Answer-covert channel An organization has a website with a guest book feature, where visitors to the web site can input their names and comments about the organization. Each time the guest book web page loads, a message box is prompted with the message "You have been POwnd" followed by redirection to a different website. Analysis reveals that the no input validation or output encoding is being performed in the web application. This is the basis for the following type of attack? - Correct Answer-Cross-site Scripting (XSS) The art of influencing people to divulge sensitive information about themselves or their organization by either coercion or masquerading as a valid entity is known as - Correct Answer-Social engineering An organization's server audit logs indicate that an employee that was terminated in the morning was still able to access certain sensitive resources on his system, on the internal network, that afternoon. The logs indicate that the employee had logged on successfully before he was terminated but there is no record of him logging off before he was terminated. This is an example of this type of attack - Correct Answer-Time of Check/Time of Use (TOC/TOU) The most effective defense against buffer overflow attack is - Correct Answer-bounds checking It is extremely important that as one follows a software development project, security activities are performed - Correct Answer-In each stage of the lifecycle Software Acquisition (SwA) can be organized around the major phases of a generic acquisition process. The major phases are: - Correct Answer-Planning, contracting, monitoring, and acceptance, follow on Who can ensure and enforce the separation of duties by ensuring that programmers don't have access to production code? - Correct Answer-Software librarian technical evaluation of assurance to ensure that security requirements have been met is known as? - Correct Answer-certification Defect prevention rather than defect removal is characteristic of which of the following software development methodology? - Correct Answer-Cleanroom A security protection mechanism in which untrusted code, which is not signed is restricted from accessing system resources is known as? - Correct Answer-Sandboxing

A program that does not reproduce itself but pretends to be performing a legitimate action, while actually performing malicious operations in the background is the characteristic of which of the following? - Correct Answer-Trojan A plot to take insignificant pennies from a users bank account and move them to the attacker's bank account is an example of - Correct Answer-Salami Scam Role-based access control to protect confidentiality of data in databases can be achieved by which of the following? - Correct Answer-Views The two most dangerous types of attacks against databases containing disparate non- sensitive information are - Correct Answer-Aggregation and inference A property that ensures only valid or legal transactions that do not violate any user- defined integrity constraints in DBMS technologies is known as? - Correct Answer- consistency Expert systems are comprised of a knowledge base comprising modeled human experience and which of the following? - Correct Answer-inference engine The best defense against session hijacking and man-in-the-middle (MITM) attacks is to use the following in the development of your software? - Correct Answer-Unique and random identification