New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > ISC > ISC 2 Credentials > SSCP

SSCP Systems Security Certified Practitioner Question and Answers

Question # 4

Which of the following statements pertaining to software testing is incorrect?

A.

Unit testing should be addressed and considered when the modules are being designed.

B.

Test data should be part of the specifications.

C.

Testing should be performed with live data to cover all possible situations.

D.

Test data generators can be used to systematically generate random test data that can be used to test programs.

Full Access
Question # 5

The security of a computer application is most effective and economical in which of the following cases?

A.

The system is optimized prior to the addition of security.

B.

The system is procured off-the-shelf.

C.

The system is customized to meet the specific security threat.

D.

The system is originally designed to provide the necessary security.

Full Access
Question # 6

What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?

A.

Polyinstantiation

B.

Inference

C.

Aggregation

D.

Data mining

Full Access
Question # 7

Which of the following refers to the data left on the media after the media has been erased?

A.

remanence

B.

recovery

C.

sticky bits

D.

semi-hidden

Full Access
Question # 8

Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems?

A.

Recovery testing

B.

Security testing

C.

Stress/volume testing

D.

Interface testing

Full Access
Question # 9

In an organization, an Information Technology security function should:

A.

Be a function within the information systems function of an organization.

B.

Report directly to a specialized business unit such as legal, corporate security or insurance.

C.

Be lead by a Chief Security Officer and report directly to the CEO.

D.

Be independent but report to the Information Systems function.

Full Access
Question # 10

Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle?

A.

Pipelining

B.

Reduced Instruction Set Computers (RISC)

C.

Complex Instruction Set Computers (CISC)

D.

Scalar processors

Full Access
Question # 11

What is the appropriate role of the security analyst in the application system development or acquisition project?

A.

policeman

B.

control evaluator & consultant

C.

data owner

D.

application user

Full Access
Question # 12

The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address?

A.

integrity and confidentiality.

B.

confidentiality and availability.

C.

integrity and availability.

D.

none of the above.

Full Access
Question # 13

Who is ultimately responsible for the security of computer based information systems within an organization?

A.

The tech support team

B.

The Operation Team.

C.

The management team.

D.

The training team.

Full Access
Question # 14

Which of the following is not a responsibility of an information (data) owner?

A.

Determine what level of classification the information requires.

B.

Periodically review the classification assignments against business needs.

C.

Delegate the responsibility of data protection to data custodians.

D.

Running regular backups and periodically testing the validity of the backup data.

Full Access
Question # 15

Which of the following does not address Database Management Systems (DBMS) Security?

A.

Perturbation

B.

Cell suppression

C.

Padded cells

D.

Partitioning

Full Access
Question # 16

What does "System Integrity" mean?

A.

The software of the system has been implemented as designed.

B.

Users can't tamper with processes they do not own.

C.

Hardware and firmware have undergone periodic testing to verify that they are functioning properly.

D.

Design specifications have been verified against the formal top-level specification.

Full Access
Question # 17

Examples of types of physical access controls include all EXCEPT which of the following?

A.

badges

B.

locks

C.

guards

D.

passwords

Full Access
Question # 18

What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values?

A.

Mandatory model

B.

Discretionary model

C.

Lattice model

D.

Rule model

Full Access
Question # 19

Smart cards are an example of which type of control?

A.

Detective control

B.

Administrative control

C.

Technical control

D.

Physical control

Full Access
Question # 20

In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified. Such a model can be used to quickly summarize what permissions a subject has for various system objects.

A.

Access Control Matrix model

B.

Take-Grant model

C.

Bell-LaPadula model

D.

Biba model

Full Access
Question # 21

An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?

A.

Discretionary Access

B.

Least Privilege

C.

Mandatory Access

D.

Separation of Duties

Full Access
Question # 22

Which of the following is BEST defined as a physical control?

A.

Monitoring of system activity

B.

Fencing

C.

Identification and authentication methods

D.

Logical access control mechanisms

Full Access
Question # 23

Which of the following logical access exposures INVOLVES CHANGING data before, or as it is entered into the computer?

A.

Data diddling

B.

Salami techniques

C.

Trojan horses

D.

Viruses

Full Access
Question # 24

In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?

A.

Bell-LaPadula model

B.

Biba model

C.

Access Matrix model

D.

Take-Grant model

Full Access
Question # 25

What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?

A.

Authentication

B.

Identification

C.

Authorization

D.

Confidentiality

Full Access
Question # 26

Which of the following is an issue with signature-based intrusion detection systems?

A.

Only previously identified attack signatures are detected.

B.

Signature databases must be augmented with inferential elements.

C.

It runs only on the windows operating system

D.

Hackers can circumvent signature evaluations.

Full Access
Question # 27

The session layer provides a logical persistent connection between peer hosts. Which of the following is one of the modes used in the session layer to establish this connection?

A.

Full duplex

B.

Synchronous

C.

Asynchronous

D.

Half simplex

Full Access
Question # 28

Which of the following tools is NOT likely to be used by a hacker?

A.

Nessus

B.

Saint

C.

Tripwire

D.

Nmap

Full Access
Question # 29

Which of the following is NOT a characteristic of a host-based intrusion detection system?

A.

A HIDS does not consume large amounts of system resources

B.

A HIDS can analyse system logs, processes and resources

C.

A HIDS looks for unauthorized changes to the system

D.

A HIDS can notify system administrators when unusual events are identified

Full Access
Question # 30

Which of the following is NOT a common category/classification of threat to an IT system?

A.

Human

B.

Natural

C.

Technological

D.

Hackers

Full Access
Question # 31

Computer security should be first and foremost which of the following:

A.

Cover all identified risks

B.

Be cost-effective.

C.

Be examined in both monetary and non-monetary terms.

D.

Be proportionate to the value of IT systems.

Full Access
Question # 32

Which of the following is a problem regarding computer investigation issues?

A.

Information is tangible.

B.

Evidence is easy to gather.

C.

Computer-generated records are only considered secondary evidence, thus are not as reliable as best evidence.

D.

In many instances, an expert or specialist is not required.

Full Access
Question # 33

What is the PRIMARY goal of incident handling?

A.

Successfully retrieve all evidence that can be used to prosecute

B.

Improve the company's ability to be prepared for threats and disasters

C.

Improve the company's disaster recovery plan

D.

Contain and repair any damage caused by an event.

Full Access
Question # 34

The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram?

A.

Transmission Control Protocol (TCP)

B.

Authentication Header (AH)

C.

User datagram protocol (UDP)

D.

Internet Control Message Protocol (ICMP)

Full Access
Question # 35

If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on:

A.

Value of item on the date of loss

B.

Replacement with a new item for the old one regardless of condition of lost item

C.

Value of item one month before the loss

D.

Value of item on the date of loss plus 10 percent

Full Access
Question # 36

The typical computer fraudsters are usually persons with which of the following characteristics?

A.

They have had previous contact with law enforcement

B.

They conspire with others

C.

They hold a position of trust

D.

They deviate from the accepted norms of society

Full Access
Question # 37

All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would not be considered an essential element of the BIA but an important TOPIC to include within the BCP plan:

A.

IT Network Support

B.

Accounting

C.

Public Relations

D.

Purchasing

Full Access
Question # 38

Another example of Computer Incident Response Team (CIRT) activities is:

A.

Management of the netware logs, including collection, retention, review, and analysis of data

B.

Management of the network logs, including collection and analysis of data

C.

Management of the network logs, including review and analysis of data

D.

Management of the network logs, including collection, retention, review, and analysis of data

Full Access
Question # 39

Which type of attack would a competitive intelligence attack best classify as?

A.

Business attack

B.

Intelligence attack

C.

Financial attack

D.

Grudge attack

Full Access
Question # 40

Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of:

A.

Incident Evaluation

B.

Incident Recognition

C.

Incident Protection

D.

Incident Response

Full Access
Question # 41

Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?

A.

Web Applications

B.

Intrusion Detection Systems

C.

Firewalls

D.

DNS Servers

Full Access
Question # 42

Which of the following virus types changes some of its characteristics as it spreads?

A.

Boot Sector

B.

Parasitic

C.

Stealth

D.

Polymorphic

Full Access
Question # 43

Which of the following computer crime is MORE often associated with INSIDERS?

A.

IP spoofing

B.

Password sniffing

C.

Data diddling

D.

Denial of service (DOS)

Full Access
Question # 44

Crackers today are MOST often motivated by their desire to:

A.

Help the community in securing their networks.

B.

Seeing how far their skills will take them.

C.

Getting recognition for their actions.

D.

Gaining Money or Financial Gains.

Full Access
Question # 45

What is malware that can spread itself over open network connections?

A.

Worm

B.

Rootkit

C.

Adware

D.

Logic Bomb

Full Access
Question # 46

In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.

A.

virus

B.

worm

C.

Trojan horse.

D.

trapdoor

Full Access
Question # 47

What do the ILOVEYOU and Melissa virus attacks have in common?

A.

They are both denial-of-service (DOS) attacks.

B.

They have nothing in common.

C.

They are both masquerading attacks.

D.

They are both social engineering attacks.

Full Access
Question # 48

The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers?

A.

Black hats

B.

White hats

C.

Script kiddies

D.

Phreakers

Full Access
Question # 49

Java is not:

A.

Object-oriented.

B.

Distributed.

C.

Architecture Specific.

D.

Multithreaded.

Full Access
Question # 50

Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?

A.

Stealth viruses

B.

Polymorphic viruses

C.

Trojan horses

D.

Logic bombs

Full Access
Question # 51

Which of the following is not an example of a block cipher?

A.

Skipjack

B.

IDEA

C.

Blowfish

D.

RC4

Full Access
Question # 52

Which of the following would best describe certificate path validation?

A.

Verification of the validity of all certificates of the certificate chain to the root certificate

B.

Verification of the integrity of the associated root certificate

C.

Verification of the integrity of the concerned private key

D.

Verification of the revocation status of the concerned certificate

Full Access
Question # 53

What algorithm was DES derived from?

A.

Twofish.

B.

Skipjack.

C.

Brooks-Aldeman.

D.

Lucifer.

Full Access
Question # 54

A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following?

A.

encrypting messages

B.

signing messages

C.

verifying signed messages

D.

decrypt encrypted messages

Full Access
Question # 55

How many bits is the effective length of the key of the Data Encryption Standard algorithm?

A.

168

B.

128

C.

56

D.

64

Full Access
Question # 56

Which of the following offers security to wireless communications?

A.

S-WAP

B.

WTLS

C.

WSP

D.

WDP

Full Access
Question # 57

What is the effective key size of DES?

A.

56 bits

B.

64 bits

C.

128 bits

D.

1024 bits

Full Access
Question # 58

In a Public Key Infrastructure, how are public keys published?

A.

They are sent via e-mail.

B.

Through digital certificates.

C.

They are sent by owners.

D.

They are not published.

Full Access
Question # 59

Which of the following is more suitable for a hardware implementation?

A.

Stream ciphers

B.

Block ciphers

C.

Cipher block chaining

D.

Electronic code book

Full Access
Question # 60

What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?

A.

A public-key certificate

B.

An attribute certificate

C.

A digital certificate

D.

A descriptive certificate

Full Access
Question # 61

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?

A.

Data fiddling

B.

Data diddling

C.

Salami techniques

D.

Trojan horses

Full Access
Question # 62

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:

A.

Not possible

B.

Only possible with key recovery scheme of all user keys

C.

It is possible only if X509 Version 3 certificates are used

D.

It is possible only by "brute force" decryption

Full Access
Question # 63

Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ?

A.

TCSEC

B.

ITSEC

C.

DIACAP

D.

NIACAP

Full Access
Question # 64

What is the main focus of the Bell-LaPadula security model?

A.

Accountability

B.

Integrity

C.

Confidentiality

D.

Availability

Full Access
Question # 65

For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)?

A.

3' to 4' high

B.

6' to 7' high

C.

8' high and above with strands of barbed wire

D.

Double fencing

Full Access
Question # 66

Which access control model is also called Non Discretionary Access Control (NDAC)?

A.

Lattice based access control

B.

Mandatory access control

C.

Role-based access control

D.

Label-based access control

Full Access
Question # 67

In regards to information classification what is the main responsibility of information (data) owner?

A.

determining the data sensitivity or classification level

B.

running regular data backups

C.

audit the data users

D.

periodically check the validity and accuracy of the data

Full Access
Question # 68

Which type of control is concerned with restoring controls?

A.

Compensating controls

B.

Corrective controls

C.

Detective controls

D.

Preventive controls

Full Access
Question # 69

Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level?

A.

The Bell-LaPadula model

B.

The information flow model

C.

The noninterference model

D.

The Clark-Wilson model

Full Access
Question # 70

What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?

A.

False Rejection Rate (FRR) or Type I Error

B.

False Acceptance Rate (FAR) or Type II Error

C.

Crossover Error Rate (CER)

D.

True Rejection Rate (TRR) or Type III Error

Full Access
Question # 71

Which of the following is NOT a compensating measure for access violations?

A.

Backups

B.

Business continuity planning

C.

Insurance

D.

Security awareness

Full Access
Question # 72

Which of the following is needed for System Accountability?

A.

Audit mechanisms.

B.

Documented design as laid out in the Common Criteria.

C.

Authorization.

D.

Formal verification of system design.

Full Access
Question # 73

In Synchronous dynamic password tokens:

A.

The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).

B.

The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).

C.

The unique password is not entered into a system or workstation along with an owner's PIN.

D.

The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.

Full Access
Question # 74

Which security model introduces access to objects only through programs?

A.

The Biba model

B.

The Bell-LaPadula model

C.

The Clark-Wilson model

D.

The information flow model

Full Access
Question # 75

Which of the following is related to physical security and is not considered a technical control?

A.

Access control Mechanisms

B.

Intrusion Detection Systems

C.

Firewalls

D.

Locks

Full Access
Question # 76

Which of the following are the steps usually followed in the development of documents such as security policy, standards and procedures?

A.

design, development, publication, coding, and testing.

B.

design, evaluation, approval, publication, and implementation.

C.

initiation, evaluation, development, approval, publication, implementation, and maintenance.

D.

feasibility, development, approval, implementation, and integration.

Full Access
Question # 77

Which of the following describes a logical form of separation used by secure computing systems?

A.

Processes use different levels of security for input and output devices.

B.

Processes are constrained so that each cannot access objects outside its permitted domain.

C.

Processes conceal data and computations to inhibit access by outside processes.

D.

Processes are granted access based on granularity of controlled objects.

Full Access
Question # 78

Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options?

A.

Detailed design

B.

Implementation

C.

Product design

D.

Software plans and requirements

Full Access
Question # 79

Which of the following is not appropriate in addressing object reuse?

A.

Degaussing magnetic tapes when they're no longer needed.

B.

Deleting files on disk before reusing the space.

C.

Clearing memory blocks before they are allocated to a program or data.

D.

Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.

Full Access
Question # 80

What is the difference between Advisory and Regulatory security policies?

A.

there is no difference between them

B.

regulatory policies are high level policy, while advisory policies are very detailed

C.

Advisory policies are not mandated. Regulatory policies must be implemented.

D.

Advisory policies are mandated while Regulatory policies are not

Full Access
Question # 81

Which of the following can be used as a covert channel?

A.

Storage and timing.

B.

Storage and low bits.

C.

Storage and permissions.

D.

Storage and classification.

Full Access
Question # 82

Which of the following is responsible for MOST of the security issues?

A.

Outside espionage

B.

Hackers

C.

Personnel

D.

Equipment failure

Full Access
Question # 83

Which of the following is considered the weakest link in a security system?

A.

People

B.

Software

C.

Communications

D.

Hardware

Full Access
Question # 84

Which of the following networking devices allows the connection of two or more homogeneous LANs in a simple way where they forward the traffic based on the MAC address ?

A.

Gateways

B.

Routers

C.

Bridges

D.

Firewalls

Full Access
Question # 85

Which layer defines how packets are routed between end systems?

A.

Session layer

B.

Transport layer

C.

Network layer

D.

Data link layer

Full Access
Question # 86

Which OSI/ISO layer is responsible for determining the best route for data to be transferred?

A.

Session layer

B.

Physical layer

C.

Network layer

D.

Transport layer

Full Access
Question # 87

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

A.

172.12.42.5

B.

172.140.42.5

C.

172.31.42.5

D.

172.15.42.5

Full Access
Question # 88

Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect?

A.

PPTP allow the tunnelling of any protocols that can be carried within PPP.

B.

PPTP does not provide strong encryption.

C.

PPTP does not support any token-based authentication method for users.

D.

PPTP is derived from L2TP.

Full Access
Question # 89

Upon which of the following ISO/OSI layers does network address translation operate?

A.

Transport layer

B.

Session layer

C.

Data link layer

D.

Network layer

Full Access
Question # 90

Secure Sockets Layer (SSL) is very heavily used for protecting which of the following?

A.

Web transactions.

B.

EDI transactions.

C.

Telnet transactions.

D.

Electronic Payment transactions.

Full Access
Question # 91

Which of the following transmission media would NOT be affected by cross talk or interference?

A.

Copper cable

B.

Radio System

C.

Satellite radiolink

D.

Fiber optic cables

Full Access
Question # 92

You have been tasked to develop an effective information classification program. Which one of the following steps should be performed first?

A.

Establish procedures for periodically reviewing the classification and ownership

B.

Specify the security controls required for each classification level

C.

Identify the data custodian who will be responsible for maintaining the security level of data

D.

Specify the criteria that will determine how data is classified

Full Access
Question # 93

In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?

A.

Both client and server

B.

The client's browser

C.

The web server

D.

The merchant's Certificate Server

Full Access
Question # 94

The general philosophy for DMZ's is that:

A.

any system on the DMZ can be compromized because it's accessible from the Internet.

B.

any system on the DMZ cannot be compromized because it's not accessible from the Internet.

C.

some systems on the DMZ can be compromized because they are accessible from the Internet.

D.

any system on the DMZ cannot be compromized because it's by definition 100 percent safe and not accessible from the Internet.

Full Access
Question # 95

What is the main characteristic of a multi-homed host?

A.

It is placed between two routers or firewalls.

B.

It allows IP routing.

C.

It has multiple network interfaces, each connected to separate networks.

D.

It operates at multiple layers.

Full Access
Question # 96

A proxy can control which services (FTP and so on) are used by a workstation , and also aids in protecting the network from outsiders who may be trying to get information about the:

A.

network's design

B.

user base

C.

operating system design

D.

net BIOS' design

Full Access
Question # 97

What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets?

A.

SYN Flood attack

B.

Smurf attack

C.

Ping of Death attack

D.

Denial of Service (DOS) attack

Full Access
Question # 98

A variation of the application layer firewall is called a:

A.

Current Level Firewall.

B.

Cache Level Firewall.

C.

Session Level Firewall.

D.

Circuit Level Firewall.

Full Access
Question # 99

Which of the following is a telecommunication device that translates data from digital to analog form and back to digital?

A.

Multiplexer

B.

Modem

C.

Protocol converter

D.

Concentrator

Full Access
Question # 100

Which of the following is the simplest type of firewall ?

A.

Stateful packet filtering firewall

B.

Packet filtering firewall

C.

Dual-homed host firewall

D.

Application gateway

Full Access
Question # 101

Why is traffic across a packet switched network difficult to monitor?

A.

Packets are link encrypted by the carrier

B.

Government regulations forbids monitoring

C.

Packets can take multiple paths when transmitted

D.

The network factor is too high

Full Access
Question # 102

Which of the following service is a distributed database that translate host name to IP address to IP address to host name?

A.

DNS

B.

FTP

C.

SSH

D.

SMTP

Full Access
Question # 103

Another name for a VPN is a:

A.

tunnel

B.

one-time password

C.

pipeline

D.

bypass

Full Access
Question # 104

If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a:

A.

server farm

B.

client farm

C.

cluster farm

D.

host farm

Full Access
Question # 105

Unshielded Twisted Pair cabling is a:

A.

four-pair wire medium that is used in a variety of networks.

B.

three-pair wire medium that is used in a variety of networks.

C.

two-pair wire medium that is used in a variety of networks.

D.

one-pair wire medium that is used in a variety of networks.

Full Access
Question # 106

Which of the following IEEE standards defines the token ring media access method?

A.

802.3

B.

802.11

C.

802.5

D.

802.2

Full Access
Question # 107

Which of the following is best at defeating frequency analysis?

A.

Substitution cipher

B.

Polyalphabetic cipher

C.

Transposition cipher

D.

Ceasar Cipher

Full Access
Question # 108

How many rounds are used by DES?

A.

16

B.

32

C.

64

D.

48

Full Access
Question # 109

Which of the following protects Kerberos against replay attacks?

A.

Tokens

B.

Passwords

C.

Cryptography

D.

Time stamps

Full Access
Question # 110

Which of the following is the most secure form of triple-DES encryption?

A.

DES-EDE3

B.

DES-EDE1

C.

DES-EEE4

D.

DES-EDE2

Full Access
Question # 111

Which of the following is less likely to be used today in creating a Virtual Private Network?

A.

L2TP

B.

PPTP

C.

IPSec

D.

L2F

Full Access
Question # 112

Which of the following is NOT a symmetric key algorithm?

A.

Blowfish

B.

Digital Signature Standard (DSS)

C.

Triple DES (3DES)

D.

RC5

Full Access
Question # 113

Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis?

A.

Internet Security Association and Key Management Protocol (ISAKMP)

B.

Simple Key-management for Internet Protocols (SKIP)

C.

Diffie-Hellman Key Distribution Protocol

D.

IPsec Key exchange (IKE)

Full Access
Question # 114

What attribute is included in a X.509-certificate?

A.

Distinguished name of the subject

B.

Telephone number of the department

C.

secret key of the issuing CA

D.

the key pair of the certificate holder

Full Access
Question # 115

Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender?

A.

Message Authentication Code - MAC

B.

PAM - Pluggable Authentication Module

C.

NAM - Negative Acknowledgement Message

D.

Digital Signature Certificate

Full Access
Question # 116

Which of the following statements pertaining to key management is incorrect?

A.

The more a key is used, the shorter its lifetime should be.

B.

When not using the full keyspace, the key should be extremely random.

C.

Keys should be backed up or escrowed in case of emergencies.

D.

A key's lifetime should correspond with the sensitivity of the data it is protecting.

Full Access
Question # 117

What is NOT true about a one-way hashing function?

A.

It provides authentication of the message

B.

A hash cannot be reverse to get the message used to create the hash

C.

The results of a one-way hash is a message digest

D.

It provides integrity of the message

Full Access
Question # 118

Which of the following statements pertaining to link encryption is false?

A.

It encrypts all the data along a specific communication path.

B.

It provides protection against packet sniffers and eavesdroppers.

C.

Information stays encrypted from one end of its journey to the other.

D.

User information, header, trailers, addresses and routing data that are part of the packets are encrypted.

Full Access
Question # 119

What is the role of IKE within the IPsec protocol?

A.

peer authentication and key exchange

B.

data encryption

C.

data signature

D.

enforcing quality of service

Full Access
Question # 120

Which of the following types of Intrusion Detection Systems uses behavioral characteristics of a system’s operation or network traffic to draw conclusions on whether the traffic represents a risk to the network or host?

A.

Network-based ID systems.

B.

Anomaly Detection.

C.

Host-based ID systems.

D.

Signature Analysis.

Full Access
Question # 121

In what way can violation clipping levels assist in violation tracking and analysis?

A.

Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred.

B.

Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant.

C.

Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status.

D.

Clipping levels enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations.

Full Access
Question # 122

Which one of the following statements about the advantages and disadvantages of network-based Intrusion detection systems is true

A.

Network-based IDSs are not vulnerable to attacks.

B.

Network-based IDSs are well suited for modern switch-based networks.

C.

Most network-based IDSs can automatically indicate whether or not an attack was successful.

D.

The deployment of network-based IDSs has little impact upon an existing network.

Full Access
Question # 123

Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?

A.

signature-based IDS and statistical anomaly-based IDS, respectively

B.

signature-based IDS and dynamic anomaly-based IDS, respectively

C.

anomaly-based IDS and statistical-based IDS, respectively

D.

signature-based IDS and motion anomaly-based IDS, respectively.

Full Access
Question # 124

A periodic review of user account management should not determine:

A.

Conformity with the concept of least privilege.

B.

Whether active accounts are still being used.

C.

Strength of user-chosen passwords.

D.

Whether management authorizations are up-to-date.

Full Access
Question # 125

Which of the following would assist the most in Host Based intrusion detection?

A.

audit trails.

B.

access control lists.

C.

security clearances

D.

host-based authentication

Full Access
Question # 126

In order to enable users to perform tasks and duties without having to go through extra steps it is important that the security controls and mechanisms that are in place have a degree of?

A.

Complexity

B.

Non-transparency

C.

Transparency

D.

Simplicity

Full Access
Question # 127

If an organization were to monitor their employees' e-mail, it should not:

A.

Monitor only a limited number of employees.

B.

Inform all employees that e-mail is being monitored.

C.

Explain who can read the e-mail and how long it is backed up.

D.

Explain what is considered an acceptable use of the e-mail system.

Full Access
Question # 128

What is the primary goal of setting up a honeypot?

A.

To lure hackers into attacking unused systems

B.

To entrap and track down possible hackers

C.

To set up a sacrificial lamb on the network

D.

To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.

Full Access
Question # 129

Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exists. Which of the basic method is more prone to false positive?

A.

Pattern Matching (also called signature analysis)

B.

Anomaly Detection

C.

Host-based intrusion detection

D.

Network-based intrusion detection

Full Access
Question # 130

Which of the following Intrusion Detection Systems (IDS) uses a database of attacks, known system vulnerabilities, monitoring current attempts to exploit those vulnerabilities, and then triggers an alarm if an attempt is found?

A.

Knowledge-Based ID System

B.

Application-Based ID System

C.

Host-Based ID System

D.

Network-Based ID System

Full Access
Question # 131

What IDS approach relies on a database of known attacks?

A.

Signature-based intrusion detection

B.

Statistical anomaly-based intrusion detection

C.

Behavior-based intrusion detection

D.

Network-based intrusion detection

Full Access
Question # 132

Who is responsible for providing reports to the senior management on the effectiveness of the security controls?

A.

Information systems security professionals

B.

Data owners

C.

Data custodians

D.

Information systems auditors

Full Access
Question # 133

Which of the following monitors network traffic in real time?

A.

network-based IDS

B.

host-based IDS

C.

application-based IDS

D.

firewall-based IDS

Full Access
Question # 134

Why would anomaly detection IDSs often generate a large number of false positives?

A.

Because they can only identify correctly attacks they already know about.

B.

Because they are application-based are more subject to attacks.

C.

Because they can't identify abnormal behavior.

D.

Because normal patterns of user and system behavior can vary wildly.

Full Access
Question # 135

Which protocol is NOT implemented in the Network layer of the OSI Protocol Stack?

A.

hyper text transport protocol

B.

Open Shortest Path First

C.

Internet Protocol

D.

Routing Information Protocol

Full Access
Question # 136

A host-based IDS is resident on which of the following?

A.

On each of the critical hosts

B.

decentralized hosts

C.

central hosts

D.

bastion hosts

Full Access
Question # 137

How often should a Business Continuity Plan be reviewed?

A.

At least once a month

B.

At least every six months

C.

At least once a year

D.

At least Quarterly

Full Access
Question # 138

Which of the following questions are least likely to help in assessing controls covering audit trails?

A.

Does the audit trail provide a trace of user actions?

B.

Are incidents monitored and tracked until resolved?

C.

Is access to online logs strictly controlled?

D.

Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

Full Access