web analytics

Distinguish between the role of the data owner and the role of the data custodian. Complete the following sentence. The data owner is the:

Distinguish between the role of the data owner and the role of the data custodian. Complete the following sentence. The data owner is the: A. department in the organization responsible

Maintenance of the Business Continuity Plan (BCP) must be integrated with an organization’s _______________ process.

Maintenance of the Business Continuity Plan (BCP) must be integrated with an organization’s _______________ process. A. Change-control B. Disaster-recovery C. Inventory-maintenance D. Discretionary-budget E. Compensation-review Answer: A

Which of the following are enterprise administrative controls? (Choose TWO.)

Which of the following are enterprise administrative controls? (Choose TWO.) A. Network access control B. Facility access control C. Password authentication D. Background checks E. Employee handbooks Answer: DE

_________________ is the process of subjects establishing who they are to an access control.

_________________ is the process of subjects establishing who they are to an access control. A. Identification B. Authentication C. Authorization D. Validation E. Biometrics Answer: A

Embedding symbols in images or common items, such as pictures or quilts, is an example of __________.

Embedding symbols in images or common items, such as pictures or quilts, is an example of __________. A. Espionage B. Transposition cipher C. Key exchange D. Arithmancy E. Steganography Answer:

You will take all of the actions listed below. Which of the following actions should you take first?

You are a system administrator for a pool of Web servers. The vendor who sells your Web server posts a patch and sample exploit for a newly discovered vulnerability. You

Which of the following best describes the largest security challenge for Remote Offices/Branch Offices?

Which of the following best describes the largest security challenge for Remote Offices/Branch Offices? A. Leased-line security B. Salami attacks C. Unauthorized network connectivity D. Distributed denial-of-service attacks E. Secure

Which types of security solutions should a home user deploy? (Choose TWO.)

Which types of security solutions should a home user deploy? (Choose TWO.) A. Managed Security Gateway B. Access control lists on a router C. Personal firewall D. Network intrusion-detection system

Which of the following is likely in a small-business environment?

Which of the following is likely in a small-business environment? A. Most small businesses employ a full-time information-technology staff. B. Resources are available as needed. C. Small businesses have security

when protecting information assets?

INFOSEC professionals are concerned about providing due care and due diligence. With whom should they consult, when protecting information assets? A. Law enforcement in their region B. Senior management, particularly

Why should user populations be segmented?

Why should user populations be segmented? A. To allow resources to be shared among employees B. To allow appropriate collaboration, and prevent inappropriate resource sharing C. To prevent appropriate collaboration

Why should each system user and administrator have individual accounts? (Choose TWO.)

Why should each system user and administrator have individual accounts? (Choose TWO.) A. Using generic user names and passwords increases system security and reliability. B. Using separate accounts for each

Which of the following is the BEST method for managing users in an enterprise?

Which of the following is the BEST method for managing users in an enterprise? A. Enter user data in a spreadsheet. B. Implement centralized access control. C. Deploy Kerberos. D.

Digital signatures are typically provided by a ____________________, where a third party verifies a key’s authenticity.

Digital signatures are typically provided by a ____________________, where a third party verifies a key’s authenticity. A. Network firewall B. Security administrator C. Domain controller D. Certificate Authority E. Hash

Which of the following is NOT an auditing function that should be performed regularly?

Which of the following is NOT an auditing function that should be performed regularly? A. Reviewing IDS alerts B. Reviewing performance logs C. Reviewing IDS logs D. Reviewing audit logs

How is bogus information disseminated?

How is bogus information disseminated? A. Adversaries sort through trash to find information. B. Adversaries use anomalous traffic patterns as indicators of unusual activity. They will employ other methods, such

_______ involves gathering pieces of information and drawing a conclusion, whose sensitivity exceeds any of the individual pieces of information.

_______ involves gathering pieces of information and drawing a conclusion, whose sensitivity exceeds any of the individual pieces of information. A. Inference B. Social engineering C. Movement analysis D. Communication-pattern

Which TWO of the following items should be accomplished, when interviewing candidates for a position within an organization?

Which TWO of the following items should be accomplished, when interviewing candidates for a position within an organization? A. Hire an investigation agency to run background checks. B. Verify all

A(n) ________________ is a one-way mathematical function that maps variable values into smaller values of a fixed length.

A(n) ________________ is a one-way mathematical function that maps variable values into smaller values of a fixed length. A. Symmetric key B. Algorithm C. Back door D. Hash function E.

Organizations _______ risk, when they convince another entity to assume the risk for them.

Organizations _______ risk, when they convince another entity to assume the risk for them. A. Elevate B. Assume C. Deny D. Transfer E. Mitigate Answer: D

____________________ educate(s) security administrators and end users about organizations’ security policies.

____________________ educate(s) security administrators and end users about organizations’ security policies. A. Security-awareness training B. Information Security (INFOSEC) briefings C. Acceptable-use policies D. Continuing education E. Nondisclosure agreements Answer: A

_______ is a method of tricking users into revealing passwords, or other sensitive information.

_______ is a method of tricking users into revealing passwords, or other sensitive information. A. Dumpster diving B. Means testing C. Social engineering D. Risk E. Exposure Answer: C

Which of the following is NOT a Business Continuity Plan (BCP) recovery strategy?

Which of the following is NOT a Business Continuity Plan (BCP) recovery strategy? A. Delegating risk to another entity, such as an insurer B. Manual procedures; alternative solution to technology

A(n) __________________________ is issued by senior management, and defines an organization’s security goals.

A(n) __________________________ is issued by senior management, and defines an organization’s security goals. A. Records-retention procedure B. Acceptable-use policy C. Organizational security policy D. Security policy mission statement E. Service

_______________________________ occurs when an individual or process acquires a higher level of privilege, or access, than originally intended.

_______________________________ occurs when an individual or process acquires a higher level of privilege, or access, than originally intended. A. Security Triad B. Privilege aggregation C. Need-to-know D. Privilege escalation E.

If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the organization’s e-mail policy?

If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the organization’s e-mail policy? A. Technologies and methods used to

If a firewall receives traffic not explicitly permitted by its security policy, what should the firewall do?

If a firewall receives traffic not explicitly permitted by its security policy, what should the firewall do? A. Nothing B. Do not log and drop the traffic. C. Log and

Which of the following equations results in the Single Loss Expectancy for an asset?

Which of the following equations results in the Single Loss Expectancy for an asset? A. Asset Value x % Of Loss From Realized Exposure B. Asset Value x % Of

Which of the following is a cost-effective solution for securely transmitting data between remote offices?

Which of the following is a cost-effective solution for securely transmitting data between remote offices? A. Standard e-mail B. Fax machine C. Virtual private network D. Bonded courier E. Telephone

A(n) _______ is the first step for determining which technical information assets should be protected.

A(n) _______ is the first step for determining which technical information assets should be protected. A. Network diagram B. Business Impact Analysis C. Office floor plan D. Firewall E. Intrusion

Which type of access management uses information about job duties and positions, to indicate subjects’ clearance levels?

Which type of access management uses information about job duties and positions, to indicate subjects’ clearance levels? A. Discretionary B. Role-based C. Nondiscretionary D. Hybrid E. Mandatory Answer: B

Operating-system fingerprinting uses all of the following, EXCEPT ________, to identify a target operating system.

Operating-system fingerprinting uses all of the following, EXCEPT ________, to identify a target operating system. A. Sequence Verifier B. Initial sequence number C. Address spoofing D. Time to Live E.

You are a system administrator managing a pool of database servers. Your software vendor releases a service pack, with many new features. What should you do? (Choose TWO.)

You are a system administrator managing a pool of database servers. Your software vendor releases a service pack, with many new features. What should you do? (Choose TWO.) A. Eliminate

How do virtual corporations maintain confidentiality?

How do virtual corporations maintain confidentiality? A. Encryption B. Checksum C. Data hashes D. Redundant servers E. Security by obscurity Answer: A

At this rate of return, how long will it take ABC Company to recoup the cost of the safeguard?

To protect its information assets, ABC Company purchases a safeguard that costs $60,000. The annual cost to maintain the safeguard is estimated to be $40,000. The aggregate Annualized Loss Expectancy

Why should the number of services on a server be limited to required services?

Why should the number of services on a server be limited to required services? A. Every open service represents a potential vulnerability. B. Closed systems require special connectivity services. C.

_________ is a smaller, enhanced version of the X.500 protocol. It is used to provide directory-service information. (Choose the BEST answer.)

_________ is a smaller, enhanced version of the X.500 protocol. It is used to provide directory-service information. (Choose the BEST answer.) A. Lightweight Directory Access Protocol B. X.400 Directory Access

ABC Corporation’s network is configured such that a user must log in individually at each server and access control. Which type of authentication is in use?

ABC Corporation’s network is configured such that a user must log in individually at each server and access control. Which type of authentication is in use? A. Role-based access control

Public servers are typically placed in the _______, to enhance security.

Public servers are typically placed in the _______, to enhance security. A. Restricted Entry Zone B. Open Zone C. Internet Zone D. Demilitarized Zone E. Public Entry Zone Answer: D

Which of the following should be included in an enterprise Business Continuity Plan (BCP)? (Choose THREE.)

Which of the following should be included in an enterprise Business Continuity Plan (BCP)? (Choose THREE.) A. Accidental or intentional data deletion B. Severe weather disasters C. Employee terminations D.

What is mandatory sign-on? An authentication method that:

What is mandatory sign-on? An authentication method that: A. uses smart cards, hardware tokens, and biometrics to authenticate users; also known as three-factor authentication B. requires the use of one-time

Which of the following is the MOST important consideration, when developing security-awareness training materials?

Which of the following is the MOST important consideration, when developing security-awareness training materials? A. Training material should be accessible and attractive. B. Delivery mechanisms should allow easy development of

A(n) ______________________________ is a quantitative review of risks, to determine how an organization will continue to function, in the event a risk is realized.

A(n) ______________________________ is a quantitative review of risks, to determine how an organization will continue to function, in the event a risk is realized. A. Monitored risk process B. Disaster-recovery

Which of the following entities review partner-extranet requirements?

Which of the following entities review partner-extranet requirements? A. Information systems B. Shipping and receiving C. Marketing D. Requesting department E. Chief Information Officer Answer: D

____________________ is the state of being correct, or the degree of certainty a person or process can have, that the data in an information asset is correct.

____________________ is the state of being correct, or the degree of certainty a person or process can have, that the data in an information asset is correct. A. Confidentiality B.

What type of document contains information on alternative business locations, IT resources, and personnel?

What type of document contains information on alternative business locations, IT resources, and personnel? A. End-user license agreement B. Nondisclosure agreement C. Acceptable use policy D. Security policy E. Business

Which of the following is an example of a simple, physical-access control?

Which of the following is an example of a simple, physical-access control? A. Lock B. Access control list C. Background check D. Token E. Firewall Answer: A

Which of the following can be stored on a workstation? (Choose TWO.)

Which of the following can be stored on a workstation? (Choose TWO.) A. Payroll information B. Data objects used by many employees C. Databases D. Interoffice memo E. Customer correspondence

The items listed below are examples of ___________________ controls. *Smart cards *Access control lists *Authentication servers *Auditing

The items listed below are examples of ___________________ controls. *Smart cards *Access control lists *Authentication servers *Auditing A. Role-based B. Administrative C. Technical D. Physical E. Mandatory Answer: C

This is an example of which type of access-control method?

ABC Corporation’s network requires users to authenticate to cross the border firewall, and before entering restricted segments. Servers containing sensitive information require separate authentication. This is an example of which