Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Cybersecurity Concepts and Practices, Exams of Securities Regulation

A wide range of cybersecurity topics, including cloud implementation, intrusion detection and prevention systems, access control, cryptography, risk assessment, network security, and more. It provides answers to various security-related questions, highlighting key concepts and best practices in the field of information security. The content is structured in a question-and-answer format, making it a valuable resource for students, professionals, and lifelong learners interested in understanding the fundamentals of cybersecurity and how to apply them in real-world scenarios.

Typology: Exams

2024/2025

Available from 10/22/2024

premium-essay
premium-essay 🇺🇸

5

(2)

1.1K documents

Partial preview of the text

Download Cybersecurity Concepts and Practices and more Exams Securities Regulation in PDF only on Docsity!

SSCP - WGU - Practice Test B PRACTICE

QUESTIONS |LATEST VERSION|NEW

UPDATE 2024-2025|GRADED A|.

How can a symmetric key be securely exchanged over an insecure communication medium when both sides of the communication do not have key pair sets?

  • ANSWER Diffie-Hellmann Which option best describes the encryption technique of a Caesar cipher?
  • ANSWER Substitution Which of the following is most accurate concerning data warehousing and big data architecture?
    • ANSWER Big data is so large that standard relational database management systems do not work. Data must be processed by parallel processors. What do the following concepts have in common: weather, utilities and services, human actions, business processes, information technology, and reputation?
  • ANSWER They are all potential sources of threats. What is the prime objective of code signing?
    • ANSWER To verify the author and integrity of downloadable code that is signed using a private key When an organization has limited visibility of their risk, in addition to how risk affects daily operations, in what state or condition is the organization?
    • ANSWER Reactive state How is a hybrid cloud implemented?
  • ANSWER Part of the resources is hosted by a third-party, while the rest is hosted within the company environment. Which statement best describes an advanced persistent threat (APT)?
  • ANSWER A malware attack by a nation state How is the total amount of potential risk calculated for a single asset and a specific threat? - ANSWER AV x EF x ARO Which choice is an attack on a senior executive?
  • ANSWER Whaling attack What is the purpose of a source system? - ANSWER Anything that records or maintains data of interest

If information being protected is critical, which is the best course of action?

  • ANSWER The encryption password should be changed more frequently Which option most accurately describes continuity of operations after a disaster event? - ANSWER Planned activities that enable the organizations critical business functions to return to operations What is the difference between the functions of an IDS and an IPS?
    • ANSWER An IDS notice violations once they are occurring, while an IPS attempts to stop a violation from being successful. Upon arriving at an incident scene, the incident response team should do which of the following?
  • ANSWER Follow the procedures specified in the incident response plan. How can an equivalent to RBAC be implemented in a DAC operating system? - ANSWER Create groups with the names of jobs, assign privileges to the groups, and place users into named groups. Which of the following is a poor choice for secure password management?
  • ANSWER Use the default password. What is a primary goal of security in an organization?
  • ANSWER Enforce and maintain the AIC objectives If subjects receive a clearance, what do objects receive?
    • ANSWER Classification Your company has recently acquired a small startup company, Metroil. Metroil has a single Microsoft Active Directory domain named Metroil-HQ. Your company has three existing domains: BaseStar1, RemoteOf2, and RemoteOf3. Your company's three existing domains are configured in a standard domain tree, with BaseStar1 linked to RemoteOf2, which is then linked to RemoteOf3. How can users from Metroil be able to access resources in BaseStar1 with the least amount of network reconfiguration? - ANSWER Establish a trust between RemoteOf3 and Metroil-HQ. How is a backup strategy tested to verify that it is a viable tool for recovery after a disaster?
    • ANSWER Restore files from backup media. An Acceptable Use Policy (AUP) is what type of control?
    • ANSWER Administrative What is the main advantage of using a qualitative impact analysis over a quantitative impact analysis? - ANSWER A qualitative impact analysis identifies areas that require immediate improvement

Which of the following is the most accurate statement?

  • ANSWER The European Union's General Data Protection Regulation provides a single set of rules for all member states. Under which condition should a security practitioner of your organization sit out of a security audit?
  • ANSWER When an outside consultant is evaluating compliance What channel is defined as part of the original IEEE 802.11 in the 2.4 GHz range and is restricted from use within the United States?
  • ANSWER 14 Access control is best described as which of the following?
  • ANSWER The use of identification and authorization techniques What is the type of access control in the default access control method found in Microsoft Windows which allows users to share files?
  • ANSWER Discretionary access control Many businesses craft an ethical guidance policy as part of their overall security policy. In the event that there is a conflict between your employer's ethical policy and your own personal ethical views, how should you handle this conflict?
  • ANSWER Discuss the issue internally with your manager and IT security administrator. You must select the biometric devices to add multifactor authentication to the company's workstations. Every user will be required to use a biometric as an element in his authentication process to gain access to the company's IT resources. How can you determine which device will provide your organization with the most accurate results? - ANSWER Select the device with the lowest CER. Proper security administration policies, controls, and procedures enforce which of the following?
  • ANSWER The AIC objectives What is the goal of event data analysis?
  • ANSWER Interpret collected events, and take appropriate action. How does hashing detect integrity violations?
  • ANSWER A before and after hash value is compared. Which concept or technology can be used to improve the security of password hashes?
  • ANSWER Salting before crafting the hash digest How many accounts should a typical administrative user have and why?
  • ANSWER Two accounts: one for general tasks and one for special privileged tasks Continuous monitoring is best defined by which of the following? - ANSWER A method of monitoring that is used to detect risk issues within an organization How does discretionary access control determine whether a subject has valid permission to access an object?
  • ANSWER Check for the user identity in the object's ACL. What is the term used to describe a relationship between two entities where resources from either side can be accessed by users from either side?
  • ANSWER Two-way trust Which of the following should be included in every policy that states possible penalties or restrictions for individuals?
  • ANSWER An enforcement statement Which converged network communications concept includes support for real-time chat, video conferencing, voice and video mail, and file exchange?
  • ANSWER VoIP What type of network deployment is the most fault tolerant?
  • ANSWER Mesh What is the result of an access control management process that adds new capabilities to users as their job tasks change over time, but does not perform a regular reassessment of the assigned authorization?
  • ANSWER Privilege creep Which choice best describes a federation?
  • ANSWER An association of nonrelated third-party organizations that share information based upon a single sign-on What is the term used for the range of values that can be used to control the symmetric encryption function while converting plaintext into ciphertext?
  • ANSWER Key space What is a primary goal of a forensic investigator while collecting evidence? - ANSWER Preserve evidence integrity. How is granular control of objects and resources implemented within a mandatory access control environment?
  • ANSWER Need to know

Which of the following types of access control is preferred for its ease of administration when there are a large number of personnel with the same job in an organization? - ANSWER Role-based Access Control How does a network access control (NAC) system ensure that only systems with current configurations and the most recently approved updates are allowed to access the production network?

  • ANSWER By checking for compliance each time a system attempts to access the production network Which attack attempts to steal information from victims by tricking them into visiting false or fake Web sites using a spoofed email communication that seems to originate from a legitimate source?
  • ANSWER Phishing When crafting a digital signature, what are the initial steps in the process performed by the sender?
    • ANSWER Hash the message, and then encrypt the digest with the private key. Which means of authentication is NOT supported by IPSec? - ANSWER Biometrics When an organization is unable to lose more than a few hours of data without experiencing severe consequences, what means or method of backup is most appropriate?
    • ANSWER Real-time backup Which trust architecture or model is based on the concept of an individual top level entity that all other entities trust and with entities organized in levels or layers below the top level?
  • ANSWER Hierarchical trust Which of the following statements is not true of an organizations incident response policy?
    • ANSWER It should require the retaliation against repeat attackers. When an organization has a properly implemented enterprise risk management (ERM), what is the tool used to list and categorize each discovered or encountered risk? - ANSWER Risk register What is the only viable method a determined attacker can attempt to compromise an encrypted file, assuming a publicly available cryptography standard was used? - ANSWER Brute force guess the key What is the certificate standard used by PKI? – ANSWER X.509 v

How is account provisioning commonly accomplished?

  • ANSWER Create user groups based on assigned company department or job responsibility. Which level of risk is associated with repeated attempts from a remote unknown entity to guess a user's password which result in the account being locked?
    • ANSWER Elevated Which option is not a commonly accepted definition for a script kiddie? - ANSWER A highly skilled attacker Prior to analysis, data should be copied from a hard disk utilizing which of the following?
  • ANSWER Bit-by-bit copy software If an organization experiences a disaster level event that damages its ability to perform mission critical operations, what form of emergency response plan will provide a reliable means to ensure the least amount of downtime?
    • ANSWER Multi-site What is the fourth layer of the OSI model?
  • ANSWER Transport Which of the following best describes converged network communications? - ANSWER Transmission of voice and media files over a network When implementing LAN-based security like traffic management in a software-defined network, where are decisions about where traffic is to be sent made?
    • ANSWER Control plane What is the legal process by which law enforcement officials, including attorneys, can make formal requests to obtain digital information in relation to a legal action, investigation, or court proceeding?
  • ANSWER eDiscovery Which of the following choices is the most accurate description of a countermeasure? - ANSWER Controls put in place as a result of a risk analysis What is the most important consideration in regards to communicating findings from a security monitoring system?
    • ANSWER Speed of presentation Which of the following is the least effective means to share files between multiple guest OSes?
  • ANSWER USB drive

Which term refers to the security concept that proves a specific individual performed a task and prevents that individual from being able to claim that they did not perform that task? - ANSWER Non-repudiation The disaster recovery plan (DRP) is used to guide the re-creation of mission critical processes in the event of a disaster. Which of the following is a key element that is required as part of restoration planning to ensure that the most current version of the IT infrastructure is restored? - ANSWER Updated configuration documentation A disaster recovery plan (DRP) should focus on restoring mission critical services. Part of the DRP is to ensure that recent data is available for processing once mission critical services are restored. How is data loss addressed in DRP? - ANSWER Through understanding the RPO Which of the following media access methods features a node broadcasting a tone prior to transmitting? - ANSWER CSMA/CA When a client is located behind a firewall that does not allow inbound initiated contact, which of the following will need to be used to support file transfer? - ANSWER Passive FTP What form of monitoring involves the injection of packets into communications in order to measure performance of various elements in the network? - ANSWER Active monitoring Many Web sites use a digital certificate to prove their identity to visitors. Why is the use of digital certificates considered a reliable form of authentication? - ANSWER It is a form of trusted third-party authentication. Which option is not a cloud deployment model? - ANSWER Corporate cloud How is an incident response strategy triggered? - ANSWER By an event Which of the following would best describe the purpose of a trusted platform module? - ANSWER A dedicated microprocessor that offloads cryptographic processing from the CPU while storing cryptographic keys For optimal signal quality, which of the following is correct concerning wireless antenna placement? - ANSWER Place the antenna as high as possible in the center of the service area. Which answer is most accurate regarding a wireless intrusion prevention system? - ANSWER Rogue access points are detected. Which of the following best describes a security policy? - ANSWER Completely aligns with the mission, objectives, culture, and nature of the business

Where should backups be stored? - ANSWER Onsite and offsite The OSI model features how many layers? - ANSWER Seven What is the purpose of a baseline in relation to security monitoring? - ANSWER Notices trends away from normal What are the three main components of a smart lock or an electronic access control (EAC) lock? - ANSWER Credential reader, locking mechanism, door closed sensor The most redundancy and connection speed are offered by which of the following network typologies? - ANSWER Mesh What is the composition of a cryptographic key, whether symmetric or asymmetric? - ANSWER A binary value According to NIST SP 800-30 Revision 1, what is the first major step in risk assessment? - ANSWER Preparation How can an organization protect itself from compromise by accounts that were used by previous employees? - ANSWER Account deactivation Which of the following is most accurate concerning virtualization security? - ANSWER Virtual machine is developed under a hypervisor and utilizes the underlying physical hardware. Why is an enterprise risk management (ERM) program implemented? - ANSWER To establish a proactive risk response strategy The sensitivity adjustment on a biometric authentication device affects which of the following? - ANSWER False acceptance rate and false rejection rate What is the most critical document of the computer forensic process to ensure that evidence is admissible in court? - ANSWER Chain of custody One of the security challenges for big data is controlling access to the data stored within the massive data structure. Efforts to apply traditional access control and authorization settings to individual options within the data store have produced lack-luster results or unsatisfactory performance. A new technique being applied which shows promise. What is the new technique of controlling access to the content of big data information collections? - ANSWER Apply security controls to the output of data-mining operations. How can a user avoid being seriously harmed by ransomware? - ANSWER Have an offline backup.

Organization policies are generally created in response to the requirement to meet certain criteria. Which of the following best details these requirements? - ANSWER Standards The threat evaluation process performed when designing a business continuity plan (BCP) or disaster recovery plan (DRP) evaluates risk in light of work process and is similar in nature to the technique used when designing security policies. What is this threat evaluation process called? - ANSWER Business impact analysis Why is account or identity proofing necessary? - ANSWER It verifies that only the authorized person is able to use a specific user account. How is a baseline used in compliance management? - ANSWER By comparing the current configuration of a system with the required configuration Which of the following offers the highest bandwidth and fiber-optic transmissions? - ANSWER Single-mode What type of technical control can be used in the process of assessing compliance? - ANSWER Auditing What form of social engineering tricks a victim into contacting the attacker to ask for technical support? - ANSWER Reverse social engineering What is the term used to describe the process of a certificate authority extending the expiration date of a digital certificate? - ANSWER Renewal Which malware attempts to embed itself deeply into a system in order to hide itself and other items, such as files, folders, or even executable processes? - ANSWER Rootkit Which cryptography concept is based on trap-door, one-way functions? - ANSWER Asymmetric Which of the following options best describes the concept of hiding information in plain sight? - ANSWER Steganography What is the name of a physical security mechanism that is used to eliminate piggybacking and tailgating and includes two locked doorways? - ANSWER Mantrap Which type of network device is used to create a virtual local area network? - ANSWER A switch What standards-based technology is supported on most platforms and is used as a remote authentication service? - ANSWER RADIUS

Which choice is not a common means of gathering information when performing a risk analysis? - ANSWER Interviewing fired employees Which term is used to describe the role of the person who takes physical control of a crime scene in order to preserve evidence and prevent tampering before the full forensics team arrives? - ANSWER First responder Which of the following is the third canon of the (ISC)2 Code of Ethics? - ANSWER Provide competent and diligent service Which term is used when limiting the amount of network traffic a specific protocol or application is allowed to generate or consume, with the goal of keeping the remainder of the network's capacity free for other communications? - ANSWER Bandwidth throttling What is a service pack? - ANSWER An executable program that loads a number of fixes and system upgrades Which technique best describes a one-to-one search to verify an individual's claim of identity? - ANSWER Authentication In which of the following attacks does an attacker use a previously unknown attack technique or exploit a previously unknown vulnerability? - ANSWER Zero-day attack Which disaster recovery/emergency management plan testing type is considered the most cost-effective and efficient way to identify areas of overlap in the plan before conducting a more demanding training exercise? - ANSWER Structured walk-through test Which term is used when an event triggers an IDS alert, but the event was not malicious? - ANSWER False positive Which statement most accurately describes a virus? - ANSWER It requires an outside action in order to replicate. Properly managing user accounts is an essential element in maintaining security. How should the process of identity management be implemented? - ANSWER Policies and procedures - privileged accounts have significant access capability; define the parameters of use with authorized use policies, nondisclosure agreements, and confidentiality agreements to reduce risk. Which of the following best describes a disaster recovery plan? - ANSWER Documents procedures to restore equipment and facilities to the condition they were in prior to the disaster Which item is not part of the primary security categories? - ANSWER Encryption

Which of the following is the most correct in a digitally signed message transmission using a hash function? - ANSWER The sender's private key encrypts the hash. Which of the following is the most likely to attack using an advanced persistent threat? - ANSWER Nation state B - ANSWER DES - Data Encryption standard has a 128 bit key and is very difficult to break. A. True B. False B - ANSWER What is the main difference between computer abuse and computer crime? A. Amount of damage B. Intentions of the perpetrator C. Method of compromise D. Abuse = company insider; crime = company outsider C - ANSWER A standardized list of the most common security weaknesses and exploits is the __________. A. SANS Top 10 B. CSI/FBI Computer Crime Study C. CVE - Common Vulnerabilities and Exposures D. CERT Top 10 C - ANSWER A salami attack refers to what type of activity? A. Embedding or hiding data inside of a legitimate communication - a picture, etc. B. Hijacking a session and stealing passwords C. Committing computer crimes in such small doses that they almost go unnoticed D. Setting a program to attack a website at11:59 am on New Year's Eve D - ANSWER Multi-partite viruses perform which functions? A. Infect multiple partitions B. Infect multiple boot sectors C. Infect numerous workstations D. Combine both boot and file virus behavior B - ANSWER What security principle is based on the division of job responsibilities - designed to prevent fraud? A. Mandatory Access Control B. Separation of Duties

C. Information Systems Auditing D. Concept of Least Privilege A - ANSWER ________ is the authoritative entity which lists port assignments A. IANA B. ISSA C. Network Solutions D. Register.com E. InterNIC B - ANSWER Cable modems are less secure than DSL connections because cable modems are shared with other subscribers? A. True B. False D - ANSWER ____________ is a file system that was poorly designed and has numerous security flaws. A. NTS B. RPC C. TCP D. NFS E. None of the above Log files - ANSWER Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse. D - ANSWER HTTP, FTP, SMTP reside at which layer of the OSI model? A. Layer 1 - Physical B. Layer 3 - Network C. Layer 4 - Transport D. Layer 7 - Application E. Layer 2 - Data Link D - ANSWER Layer 4 in the DoD model overlaps with which layer(s) of the OSI model? A. Layer 7 - Application Layer B. Layers 2, 3, & 4 - Data Link, Network, and Transport Layers C. Layer 3 - Network Layer D. Layers 5, 6, & 7 - Session, Presentation, and Application Layers

B - ANSWER A Security Reference Monitor relates to which DoD security standard? A. LC B. C C. D D. L2TP E. None of the items listed D - ANSWER The ability to identify and audit a user and his / her actions is known as ____________. A. Journaling B. Auditing C. Accessibility D. Accountability E. Forensics A,B,C - ANSWER There are 5 classes of IP addresses available, but only 3 classes are in common use today, identify the three: (Choose three) A. Class A: 1- 126 B. Class B: 128- 191 C. Class C: 192- 223 D. Class D: 224- 255 E. Class E: 0.0.0.0 - 127.0.0. B - ANSWER The ultimate goal of a computer forensics specialist is to ___________________. A. Testify in court as an expert witness B. Preserve electronic evidence and protect it from any alteration C. Protect the company's reputation D. Investigate the computer crime A - ANSWER One method that can reduce exposure to malicious code is to run applications as generic accounts with little or no privileges. A. True B. False Risk assessment - ANSWER ______________ is a major component of an overall risk management program. Cryptanalysis - ANSWER An attempt to break an encryption algorithm is called _____________.

C - ANSWER The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack? A. Spoofing B. Hijacking C. Man In The Middle D. Social Engineering E. Distributed Denial of Service (DDoS) Cramming - ANSWER If Big Texas telephone company suddenly started billing you for caller ID and call forwarding without your permission, this practice is referred to as __________________. Disable - ANSWER When an employee leaves the company, their network access account should be __________? 90 - ANSWER Passwords should be changed every ________ days at a minimum. 90 days is the recommended minimum, but some resources will tell you that 30-60 days is ideal. C - ANSWER IKE - Internet Key Exchange is often used in conjunction with what security standard? A. SSL B. OPSEC C. IPSEC D. Kerberos E. All of the above A - ANSWER Wiretapping is an example of a passive network attack? A. True B. False A,C,E - ANSWER What are some of the major differences of Qualitative vs. Quantitative methods of performing risk analysis? (Choose all that apply) A. Quantitative analysis uses numeric values B. Qualitative analysis uses numeric values C. Quantitative analysis is more time consuming D. Qualitative analysis is more time consuming E. Quantitative analysis is based on Annualized Loss Expectancy (ALE) formulas F. Qualitative analysis is based on Annualized Loss Expectancy (ALE) formulas

A - ANSWER Which of the concepts best describes Availability in relation to computer resources? A. Users can gain access to any resource upon request (assuming they have proper permissions) B. Users can make authorized changes to data C. Users can be assured that the data content has not been altered D. None of the concepts describes Availability properly E - ANSWER Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model? A. MAC B. L2TP C. SSL D. HTTP E. Ethernet E - ANSWER Instructions or code that executes on an end user's machine from a web browser is known as __________ code. A. Active X B. JavaScript C. Malware D. Windows Scripting E. Mobile B - ANSWER Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from? A. Authorization B. Authentication C. Kerberos D. Mandatory Access Control A,B,C - ANSWER Information Security policies should be __________________? (Choose all that apply) A. Written down B. ClearlyCommunicated to all system users C. Audited and revised periodically D. None of the choices listed are correct A - ANSWER Which layer of the OSI model handles encryption?

A. Presentation Layer - L B. Application Layer - L C. Session Layer - L D. Data Link Layer - L A - ANSWER EDI (Electronic Data Interchange) differs from e-Commerce in that ___________________. A. EDI involves only computer to computer transactions B. E-Commerce involves only computer to computer transactions C. EDI allows companies to take credit cards directly to consumers via the web D. None of the items listed accurately reflect the differences between EDI and e- Commerce Macro - ANSWER A type of virus that resides in a Word or Excel document is called a ___________ virus? C - ANSWER Vulnerability x Threat = RISK is an example of the _______________. A. Disaster Recovery Equation B. Threat Assessment C. Risk Equation D. Calculation of Annual Loss Expectancy B - ANSWER Only law enforcement personnel are qualified to do computer forensic investigations. A. True B. False A,B,C - ANSWER Countermeasures have three main objectives, what are they? (Choose all that apply) A. Prevent B. Recover C. Detect D. Trace E. Retaliate ISO - ANSWER ___________________ is responsible for creating security policies and for communicating those policies to system users. D - ANSWER An intrusion detection system is an example of what type of countermeasure?

A. Preventative B. Corrective C. Subjective D. Detective E. Postulative A - ANSWER So far, no one has been able to crack the IDEA algorithm with Brute Force. A. True B. False Confidentiality - ANSWER ______________ relates to the concept of protecting data from unauthorized users. B - ANSWER Which auditing practice relates to the controlling of hardware, software, firmware, and documentation to insure it has not been improperly modified? A. System Control B. Configuration Control C. Consequence Assessment D. Certification / Accreditation A - ANSWER MD5 is a ___________ algorithm A. One way hash B. 3DES C. 192 bit D. PKI A,B - ANSWER Which of the following is an example of One-Time Password technology? (Choose all that apply) A. S/Key B. OPIE C. LC D. MD C - ANSWER How often should virus definition downloads and system virus scans be completed? A. Daily B. Monthly C. Weekly D. Yearly

B - ANSWER S/MIME was developed for the protection of what communication mechanism(s)? A. Telephones B. Email C. Wireless devices D. Firewalls B - ANSWER Unclassified, Private, Confidential, Secret, Top Secret, and Internal Use Only are levels of


A. Security Classification B. Data Classification C. Object Classification D. Change Control Classification C - ANSWER Contracting with an insurance company to cover losses due to information security breaches is known as risk __________. A. Avoidance B. Reduction C. Assignment D. Acceptance C - ANSWER ______________ is a Unix security scanning tool developed at Texas A&M university. A. COPS B. SATAN C. TIGER D. AGGIE E. SNIFFER Environmental - ANSWER Security incidents fall into a number of categories such as accidental, deliberate, and ____________. A - ANSWER Decentralized access control allows ______________________. A. File owners to determine access rights B. Help Desk personnel to determine access rights C. IT personnel to determine access rights D. Security Officers to determine access rights

E. Security Officers to delegate authority to other users Data Hiding - ANSWER Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________. F - ANSWER From a security standpoint, the product development life cycle consists of which of the following? A. Code Review B. Certification C. Accreditation D. Functional Design Review E. System Test Review F. All of the items listed B - ANSWER Only key members of the staff need to be educated in disaster recovery procedures. A. True B. False B - ANSWER A virus is considered to be "in the ______ " if it has been reported as replicating and causing harm to computers. A. Zoo B. Wild C. Cage D. Jungle E. Fire A - ANSWER ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential, Top Secret, etc.. A. MAC - Mandatory Access Control B. DAC - Discretionary Access Control C. SAC - Strategic Access Control D. LAC - Limited Access Control E - ANSWER ___________________ viruses change the code order of the strain each time they replicate to another machine. A. Malicious

B. Zenomorphic C. Worm D. Super E. Polymorphic D - ANSWER Which major vendor adopted TACACS into its product line as a form of AAA architecture? A. Microsoft B. Dell C. Sun D. Cisco E. All of the above A,B,C - ANSWER Name three types of firewalls __________, _______________, and


(Choose three) A. Packet Filtering B. Application Proxy C. Stateful Inspection D. Microsoft Proxy E. SonicWall F. Raptor Firewall D - ANSWER This free (for personal use) program is used to encrypt and decrypt emails. A. SHA- 1 B. MD C. DES D. PGP E. 3DES F. None of the above B - ANSWER __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine. A. SYN Flood B. Buffer Overflow C. Denial of Service D. Coordinated E. Distributed Denial of Service

C D - ANSWER A good password policy uses which of the following guidelines? (Choose all that apply) A. Passwords should contain some form of your name oruserid B. Passwords should always use words that can be found in a dictionary C. Passwords should be audited on a regular basis D. Passwords should never be shared or written down B - ANSWER What is the main goal of a risk management program? A. To develop a disaster recovery plan B. To help managers find the correct cost balance between risks and countermeasures C. To evaluate appropriate risk mitigation scenarios D. To calculate ALE formulas E. None of the above B - ANSWER The __________ is the most dangerous part of a virus program. A. Code B. Payload C. Strain D. Trojan E. None of the above B - ANSWER A one way hash converts a string of random length into a _______________ encrypted string. A. 192 bit B. fixed length C. random length D. 56 bit E. SHA F. MD5 C - ANSWER Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems. A. Sniffing B. Eavesdropping C. Social Engineering D. Shoulder Surfing E. None of the items are correct B - ANSWER Diffie Hellman, RSA, and ___________ are all examples of Public Key cryptography?

A. SSL - Secure Sockets Layer B. DSS - Digital Signature Standard C. Blowfish D. AES - Advanced Encryption Standard B - ANSWER ___________, generally considered "need to know" access is given based on permissions granted to the user. A. MAC - Mandatory Access Control B. DAC - Discretionary Access Control C. SAC - Strategic Access Control D. LAC - Limited Access Control B C D - ANSWER What are the main goals of an information security program? (Choose all that apply) A. Complete Security B. Confidentiality C. Availability D. Integrity of data E. Ease of Use B - ANSWER The ability to adjust access control to the exact amount of permission necessary is called ______________. A. Detection B. Granularity C. Separation of Duties D. Concept of Least Privilege C - ANSWER Which one of these formulas is used in Quantitative risk analysis? A. SLO - Single Loss Occurrence B. ARE - Annual Rate of Exposure C. SLE - Single Loss Expectancy D. ALO - Annual Loss Occurrence Answer: C A - ANSWER Integrity = ______________ A. Data being delivered from the source to the intended receiver without being altered B. Protection of data from unauthorized users C. Data being kept correct and current

D. Ability to access data when requested E. All answers are correct A - ANSWER A true network security audit does include an audit for modems? A. True B. False A B - ANSWER What is the main difference between a logic bomb and a stealth virus? (Choose all that apply) A. Stealth viruses supply AV engines with false information to avoid detection B. Stealth viruses live in memory while logic bombs are written to disk C. Stealth viruses "wake up" at a pre-specified time in the code, then execute payload D. Logic Bombs supply AV engines with false information to avoid detection D - ANSWER What is the minimum recommended length of a security policy? A. 200 pages B. 5 pages C. 1 page D. There is no minimum length - the policy length should support the business needs B - ANSWER There are ______ available service ports A. 65535 B. 65536 C. 1024 D. 1- 1024 E. Unlimited B - ANSWER Each of the following is a valid step in handling incidents except


A. Contain B. Prosecute C. Recover D. Review E. Identify F. Prepare Certificate - ANSWER A ______________ is an electronically generated record that ties a user's ID to their public key. C - ANSWER Which of the following is NOT and encryption algorithm?

A. DES

B. 3DES

C. SSL

D. MD5

E. SHA- 1

B - ANSWER Which range defines "well known ports?" A. 0- 1024 B. 0- 1023 C. 1- 1024 D. 1024- 49151 B - ANSWER What does RADIUS stand for? A. Remote Access Dialup User Systems B. Remote Access Dial-in User Service C. Revoke Access Deny User Service D. Roaming Access Dial-in User System A - ANSWER In the past, many companies had been hesitant to report computer crimes. A. True B. False C - ANSWER If you the text listed below at the beginning or end of an email message, what would it be anindication of? mQGiBDfJY1ERBADd1lBX8WlbSHj2uDt6YbMVl4Da3O1yG0exQnEwU3sKQARzspNB zB2BF+ngFiy1+RSfDjfbpwz6vLHo6zQZkT2vKOfDu1e4/LqiuOLpd/6rOrmH/Mvk A. A virus B. A worm C. A PGP Signed message D. A software error A - ANSWER Although they are accused of being one in the same, hackers and crackers are two distinctly different groups with different goals pertaining to computers. A. True B. False A C D - ANSWER Select three ways to deal with risk.

A. Acceptance B. Avoid / Eliminate C. Transfer D. Mitigate E. Deny C - ANSWER Digital Certificates use which protocol? A. X.400 B. X.500 C. X.509 D. X.511 E. X.525 F. None of the above B - ANSWER A. L2TP B. LDAP C. L2F D. PPTP encrypting, depcrypting - ANSWER Public keys are used for ___________ messages and private keys are used for __________ messages. B - ANSWER In a Public Key Infrastructure (PKI), what is the role of a directory server? A. To issue certificates to users B. To make user certificates available to others C. Authorizes CA servers to issue certificates to users D. Is the root authority for thePKI D - ANSWER RSA has all of the following characteristics except? A. Can produce a digital signature B. Relies on large prime number factoring C. Uses third party key distribution centers D. Is based on a symmetric algorithm C - ANSWER What distinguishes a hacker / cracker from a phreak? A. Hackers and crackers specifically target telephone networks B. Phreaks specifically target data networks C. Phreaks specifically target telephone networks D. Phreaks cause harm, hackers and crackers do not