1. Matthew captures traffic on his network and notices connections using ports 20, 22, 23, and 80. Which port normally hosts a protocol that uses secure, encrypted connections?
2. Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.
3. Which mitigation plan is most appropriate to limit the risk of unauthorized access to workstations?
4. The System/Application Domain holds all the mission-critical systems, applications, and data.
5. For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories.
6. Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages.
7. Which risk is most effectively mitigated by an upstream Internet service provider (ISP)?
Distributed denial of service (DDoS)
8. Which one of the following measures the average amount of time that it takes to repair a system, application, or component?
Mean time to repair (MTTR)
9. Hypertext Transfer Protocol (HTTP) is the communications protocol between web browsers and websites with data in cleartext.
10. In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
11. Which term describes any action that could damage an asset?
12. The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.
13. Which classification level is the highest level used by the U.S. federal government?
14. Cryptography is the process of transforming data from cleartext into ciphertext.
15. Which element of the IT security policy framework provides detailed written definitions for hardware and software and how they are to be used?
16. The weakest link in the security of an IT infrastructure is the server.
1. One of the first industries to adopt and widely use mobile applications was the healthcare industry.
2. In e-business, secure web applications are one of the critical security controls that each organization must implement to reduce risk.
3. Devices that combine the capabilities of mobile phones and personal digital assistants (PDAs) are commonly called smartphones.
4. Unified messaging allows you to download both voice and email messages to a smartphone or tablet.
5. IoT technology has a significant impact on developing economies, given that it can transform countries into e-commerce-ready nations.
6. Ron is the IT director at a medium-sized company and is constantly bombarded by requests from users who want to select customized mobile devices. He decides to allow users to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?
Bring Your Own Device (BYOD)
7. Kaira’s company recently switched to a new calendaring system provided by a vendor. Kaira and other users connect to the system, hosted at the vendor’s site, using a web browser. Which service delivery model is Kaira’s company using?
Software as a Service (SaaS)
8. Which action is the best step to protect Internet of Things (IoT) devices from becoming the entry point for security vulnerabilities into a network while still meeting business requirements?
Applying security updates promptly
9. Application service providers (ASPs) are software companies that build applications hosted in the cloud and on the Internet.
10. From a security perspective, what should organizations expect will occur as they become more dependent upon the Internet of Things (IoT)?
Security risks will increase.
11. Metadata of Internet of Things (IoT) devices can be sold to companies seeking demographic marketing data about users and their spending habits.
12. Which of the following is NOT one of the four fundamental principles outlined by the Internet Society that will drive the success of Internet of Things (IoT) innovation?
13. Which one of the following is an example of a business-to-consumer (B2C) application of the Internet of Things (IoT)?
14. Which technology can be used to protect the privacy rights of individuals and simultaneously allow organizations to analyze data in aggregate?
15. Regarding the Internet of Things (IoT), a business involved in utilities, critical infrastructure, or environmental services can benefit from traffic-monitoring applications.
16. In Mobile IP, what term describes a device that would like to communicate with a mobile node (MN)?
Correspondent node (CN)
17. The auto industry has not yet implemented the Internet of Things (IoT).
18. Jody would like to find a solution that allows real-time document sharing and editing between teams. Which technology would best suit her needs?
19. Bring Your Own Device (BYOD) opens the door to considerable security issues.
20. Bricks-and-mortar stores are completely obsolete now.
1. Which password attack is typically used specifically against password files that contain cryptographic hashes?
2. Which type of denial of service attack exploits the existence of software flaws to disrupt a service?
3. Yuri is a skilled computer security expert who attempts to break into the systems belonging to his clients. He has permission from the clients to perform this testing as part of a paid contract. What type of person is Yuri?
4. When servers need operating system upgrades or patches, administrators take them offline intentionally, so they can perform the necessary work without risking malicious attacks.
5. The anti-malware utility is one of the most popular backdoor tools in use today.
6. A phishing email is a fake or bogus email intended to trick the recipient into clicking on an embedded URL link or opening an email attachment.
7. Which control is not designed to combat malware?
8. Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?
9. Brian notices an attack taking place on his network. When he digs deeper, he realizes that the attacker has a physical presence on the local network and is forging Media Access Control (MAC) addresses. Which type of attack is most likely taking place?
Address Resolution Protocol (ARP) poisoning
10. A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.
11. Spyware gathers information about a user through an Internet connection, without his or her knowledge.
12. A phishing attack “poisons” a domain name on a domain name server.
13. Users throughout Alison’s organization have been receiving unwanted commercial messages over the organization’s instant messaging program. What type of attack is taking place?
14. An alteration threat violates information integrity.
15. Rootkits are malicious software programs designed to be hidden from normal methods of detection.
16. In which type of attack does the attacker attempt to take over an existing connection between two systems?
17. Which tool can capture the packets transmitted between systems over a network?
18. Using a secure logon and authentication process is one of the six steps used to prevent malware.
19. A DoS attack is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks.
20. Which type of attack against a web application uses a newly discovered vulnerability that is not patchable?
1. Which one of the following is the best example of an authorization control?
Access control lists
2. The recovery point objective (RPO) is the maximum amount of data loss that is acceptable.
3. Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time.
4. The Children’s Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation?
5. Screen locks are a form of endpoint device security control.
6. The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.
7. What is the first step in a disaster recovery effort?
Ensure that everyone is safe.
8. Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers?
9. The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
10. Which formula is typically used to describe the components of information security risks?
Correct Risk = Threat X Vulnerability
11. What is NOT one of the three tenets of information security?
12. Which one of the following is an example of a reactive disaster recovery control?
Moving to a warm site
13. As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct?
14. Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device.
15. The term risk methodology refers to a list of identified risks that results from the risk-identification process.
16. What is NOT a commonly used endpoint security technique?
17. A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.
18. The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems.
19. Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?
20. Which one of the following is an example of a direct cost that might result from a business disruption?
1. What is an XML-based open standard for exchanging authentication and authorization information and is commonly used for web applications?
Security Assertion Markup Language (SAML)
2. Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?
3. Which security model does NOT protect the integrity of information?
4. The ___________ is the central part of a computing environment’s hardware, software, and firmware that enforces access control.
5. Content-dependent access control requires the access control mechanism to look at the data to decide who should get to see it.
6. Voice pattern biometrics are accurate for authentication because voices can’t easily be replicated by computer software.
7. A Chinese wall security policy defines a barrier and develops a set of rules that makes sure no subject gets to objects on the other side.
8. Which of the following is an example of a hardware security control?
9. Which one of the following principles is NOT a component of the Biba integrity model?
Subjects cannot change objects that have a lower integrity level.
10. Which one of the following is NOT a commonly accepted best practice for password security?
Use at least six alphanumeric characters.
11. The four central components of access control are users, resources, actions, and features.
12. Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?
13. Which of the following does NOT offer authentication, authorization, and accounting (AAA) services?
Redundant Array of Independent Disks (RAID)
14. A smart card is a token shaped like a credit card that contains one or more microprocessor chips that accept, store, and send information through a reader.
15. Which one of the following is an example of a logical access control?
16. Which of the following is NOT a benefit of cloud computing to organizations?
Lower dependence on outside vendors
17. You should use easy-to-remember personal information to create secure passwords.
18. Passphrases are less secure than passwords.
19. Which one of the following is NOT an advantage of biometric systems?
Physical characteristics may change.
20. A degausser creates a magnetic field that erases data from magnetic storage media.
1. A successful change control program should include the following elements to ensure the quality of the change control process: peer review, documentation, and back-out plans.
2. The idea that users should be granted only the levels of permissions they need in order to perform their duties is called the principle of least privilege.
3. Procedures do NOT reduce mistakes in a crisis.
4. Which of the following would NOT be considered in the scope of organizational compliance efforts?
5. In an accreditation process, who has the authority to approve a system for implementation?
Authorizing official (AO)
6. Company-related classifications are not standard, therefore, there may be some differences between the terms “private” and “confidential” in different companies.
7. Biyu is making arrangements to use a third-party service provider for security services. She wants to document a requirement for timely notification of security breaches. What type of agreement is most likely to contain formal requirements of this type?
Service level agreement (SLA)
8. Social engineering is deceiving or using people to get around security controls.
9. Which agreement type is typically less formal than other agreements and expresses areas of common interest?
Memorandum of understanding (MOU)
10. One advantage of using a security management firm for security monitoring is that it has a high level of expertise.
11. Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?
Access to a high level of expertise
12. Which activity manages the baseline settings for a system or device?
13. Classification scope determines what data you should classify; classification process determines how you handle classified data.
14. Mandatory vacations minimize risk by rotating employees among various systems or duties.
15. Janet is identifying the set of privileges that should be assigned to a new employee in her organization. Which phase of the access control process is she performing?
16. In what type of attack does the attacker send unauthorized commands directly to a database?
17. Certification is the formal agreement by an authorizing official to accept the risk of implementing a system.
18. A remediation liaison makes sure all personnel are aware of and comply with an organization’s policies.
19. Marguerite is creating a budget for a software development project. What phase of the system lifecycle is she undertaking?
Project initiation and planning
20. In what software development model does activity progress in a lock-step sequential process where no phase begins until the previous phase is complete?
1. You must always use the same algorithm to encrypt information and decrypt the same information.
2. A private key cipher is also called an asymmetric key cipher.
3. Gary is sending a message to Patricia. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Gary attempting to achieve?
4. A salt value is a set of random characters you can combine with an actual input key to create the encryption key.
5. The Diffie-Hellman (DHE) algorithm is the basis for several common key exchange protocols, including Diffie-Hellman in Ephemeral mode (DHE) and Elliptic Curve DHE (ECDHE).
6. What mathematical problem forms the basis of most modern cryptographic algorithms?
Factoring large primes
7. The financial industry created the ANSI X9.17 standard to define key management procedures.
8. What is NOT a symmetric encryption algorithm?
9. A physical courier delivering an asymmetric key is an example of in-band key exchange.
10. Which type of cipher works by rearranging the characters in a message?
11. Which approach to cryptography provides the strongest theoretical protection?
12. What type of function generates the unique value that corresponds to the contents of a message and is used to create a digital signature?
13. Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
Alice’s public key
14. What is NOT an effective key distribution method for plaintext encryption keys?
15. Which of the following allows a certificate authority (CA) to revoke a compromised digital certificate in real time?
Online Certificate Status Protocol (OCSP)
16. When Patricia receives a message from Gary, she wants to be able to demonstrate to Sue that the message actually came from Gary. What goal of cryptography is Patricia attempting to achieve?
17. A person demonstrates anonymity when posting information to a web discussion site without authorities knowing who he or she is.
18. A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks.
19. In a chosen-ciphertext attack, cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system.
20. What is the only unbreakable cipher when it is used properly?
1. Norm recently joined a new organization. He noticed that the firewall technology used by his new firm opens separate connections between the devices on both sides of the firewall. What type of technology is being used?
2. A packet-filtering firewall remembers information about the status of a network communication.
3. What type of network connects systems over the largest geographic area?
Wide area network (WAN)
4. Gary is configuring a Smartphone and is selecting a wireless connectivity method. Which approach will provide him with the highest speed wireless connectivity?
5. A firewall is a basic network security defense tool.
6. What protocol is responsible for assigning IP addresses to hosts on most networks?
Dynamic Host Configuration Protocol (DHCP)
7. The Physical Layer of the OSI Reference Model must translate the binary ones and zeros of computer language into the language of the transport medium.
8. The term “router” describes a device that connects two or more networks and selectively interchanges packets of data between them.
9. IP addresses are eight-byte addresses that uniquely identify every device on the network.
10. Network access control (NAC) works on wired and wireless networks.
11. David would like to connect a fibre channel storage device to systems over a standard data network. What protocol can he use?
Fibre Channel over Ethernet (FCoE)
12. The Transport Layer of the OSI Reference Model creates, maintains, and disconnects communications that take place between processes over the network.
13. Another name for a border firewall is a DMZ firewall.
14. Terry is troubleshooting a network that is experiencing high traffic congestion issues. Which device, if present on the network, should be replaced to alleviate these issues?
15. TCP/IP is a suite of protocols that operates at both the Network and Transport layers of the OSI Reference Model.
16. What wireless security technology contains significant flaws and should never be used?
Wired Equivalent Privacy (WEP)
17. A subnet mask is a partition of a network based on IP addresses.
18. A network protocol governs how networking equipment interacts to deliver data across the network.
19. Internet Small Computer System Interface (iSCSI) is a storage networking standard used to link data storage devices to networks using IP for its transport layer.
20. Henry would like to create a different firewall rule that allows encrypted web traffic to reach a web server. What port is used for that communication?
1. What file type is least likely to be impacted by a file infector virus?
2. What ISO security standard can help guide the creation of an organization’s security policy?
3. Yolanda would like to prevent attackers from using her network as a relay point for a smurf attack. What protocol should she block?
Internet Control Message Protocol (ICMP)
4. What is NOT a common motivation for attackers?
5. Which type of virus targets computer hardware and software startup functions?
6. The four primary types of malicious code attacks are unplanned attacks, planned attacks, direct attacks, and indirect attacks.
7. Retro viruses counter the ability of antivirus programs to detect changes in infected files.
8. What is NOT a typical sign of virus activity on a system?
Unexpected power failures
9. A computer virus is an executable program that attaches to, or infects, other executable programs.
10. An electronic mail bomb is a form of malicious macro attack that typically involves an email attachment that contains macros designed to inflict maximum damage.
11. A smurf attack tricks users into providing logon information on what appears to be a legitimate website but is in fact a website set up by an attacker to obtain this information.
12. Brian would like to conduct a port scan against his systems to determine how they look from an attacker’s viewpoint. What tool can he use for this purpose?
13. Alison discovers that a system under her control has been infected with malware, which is using a key logger to report user keystrokes to a third party. What information security property is this malware attacking?
14. Bob is developing a web application that depends upon a database backend. What type of attack could a malicious individual use to send commands through his web application to the database?
15. Backdoor programs are typically more dangerous than computer viruses.
16. Adam discovers a virus on his system that is using encryption to modify itself. The virus escapes detection by signature-based antivirus software. What type of virus has he discovered?
17. The term “web defacement” refers to someone gaining unauthorized access to a web server and altering the index page of a site on the server.
18. What is NOT one of the four main purposes of an attack?
19. The goal of a command injection is to execute commands on a host operating system.
20. What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?