Sample Question • 1. The preliminary steps to security planning include all of the following EXCEPT • • • • a. b. c. d. establish objectives. list planning assumptions. establish a security audit function. determine alternate courses of action Sample Question • 2. Which of the following represents an ALE calculation? • • • • a. b. c. d. Gross loss expectancy X loss frequency. Asset value X loss expectancy. Total cost of loss + actual replacement value. Single loss expectancy X annualized rate of occurrence. Sample Question • 3. Why would an information security policy require that communications test equipment be controlled? • a. • b. The equipment is susceptible to damage The equipment can be used to browse information passing on a network • c. The equipment must always be available for replacement if necessary • d. The equipment can be used to reconfigure the network multiplexers Sample Question • 4. Step-by-step instructions used to satisfy control requirements is called a • a. policy • b. standard • c. guideline • d. procedure Sample Question • 5. One purpose of a security awareness program is to modify • • • • a. b. c. d. employee’s attitudes and behaviors. management’s approach. attitudes of employees with sensitive data. corporate attitudes about safeguarding data. Sample Question • 6. Which one of the following individuals has PRIMARY responsibility for determining the classification level of information? • • • • a. b. c. d. Security manager User Owner Auditor Sample Question • 1. Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breeches if • a. • b. • c. • d. the company is not a multi-national company. they have not exercised due care protecting computing resources. they have failed to properly insure computer resources against loss. the company does not prosecute the hacker that caused the breech. Sample Question • 2. Since disks and other magnetic media are only copies of the actual or original evidence, what type of evidence are they are often considered to represent? • • • • a. b. c. d. Hearsay Irrelevant Incomplete Secondary Sample Question • 3. The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called • • • • a. b. c. d. alteration. investigation. re-direction. enticement. Sample Question • 4. Which element must computer evidence have to be admissible in court? • • • • a. b. c. d. It must be relevant. It must be annotated. It must be printed. It must contain source code. Sample Question • 5. The Internet Activities Board characterizes which of the following as unethical behavior for Internet users? • • • • a. b. c. d. Writing computer viruses. Monitoring data traffic. Wasting computer resources. Concealing unauthorized accesses. Sample Question • 1. What is a common problem when using vibration detection devices for perimeter control? • a. • b. • c. • d. They are vulnerable to non-adversarial disturbances. They can be defeated by electronic means. Signal amplitude is affected by weather conditions. They must be buried below the frost line. Sample Question • 2. What physical characteristics does a retinal scan biometric device measure? • • • • a. b. c. d. The amount of light reaching the retina. The amount of light reflected by the retina. The size, curvature, and shape of the retina. The pattern of blood vessels at the back of the eye. Sample Question • 3. Which of the following measures would be the BEST deterrent to the theft of corporate information from a laptop which was left in a hotel room? • a. • b. • c. • d. Store all data on disks and lock them in an inroom safe. Remove the batteries and power supply from the laptop and store them separately from the computer. Install a cable lock on the laptop when it is unattended. Encrypt the data on the hard drive. Sample Question • 4. Under what conditions would use of a “Class C” hand-held fire extinguisher be preferable to use of a “Class A” hand-held fire extinguisher? • • • • a. b. c. d. When the fire is in its incipient stage. When the fire involves electrical equipment. When the fire is located in an enclosed area. When the fire is caused by flammable products. Sample Question • 5. To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room? • a. • b. • c. • d. Order an immediate refill with Halon 1201 from the manufacturer. Contact a Halon recycling bank to make arrangements for a refill. Order a different chlorofluorocarbon compound from the manufacturer. Order an immediate refill with Halon 1301 from the manufacturer. Sample Question • 1. Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data? • • • • a. b. c. d. Limiting the local access of operations personnel Job rotation of operations personnel Management monitoring of audit logs Enforcing regular password changes Sample Question • 2. An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called • • • • a. b. c. d. a magnetic field. a degausser. magnetic remanence. magnetic saturation. Sample Question • 3. What is the most secure way to dispose of information on a CD-ROM? • • • • a. b. c. d. Sanitizing Physical damage Degaussing Physical destruction Sample Question • 4. Fault tolerance countermeasures are designed to combat threats to • • • • a. b. c. d. an uninterruptible power supply. backup and retention capability. design reliability. data integrity. Sample Question • 5. In what way can violation clipping levels assist in violation tracking and analysis? • a. Clipping levels set a baseline for normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred. • b. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant. • c. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to usercodes with a privileged status. • d. Clipping levels enable a security administrator to view all reductions in security levels which have been made to usercodes which have incurred violations. Sample Question • 1. For which areas of the enterprise are business continuity plans required? • a. • b. • c. • d. All areas of the enterprise. The financial and information processing areas of the enterprise. The operating areas of the enterprise. The marketing, finance, and information processing areas. Sample Question • 2. Which of the following will a Business Impact Analysis NOT identify? • a. • b. • c. • d. Areas that would suffer the greatest financial or operational loss in the event of a disaster. Systems critical to the survival of the enterprise. The names of individuals to be contacted during a disaster. The outage time that can be tolerated by the enterprise as a result of a disaster. Sample Question • 3. What is a hot-site facility? • a. A site with pre-installed computers, raised flooring, air conditioning, telecommunications and networking equipment, and UPS. • b. A site in which space is reserved with pre-installed wiring and raised floors. • c. A site with raised flooring, air conditioning, telecommunications, and networking equipment, and UPS. • d. A site with ready made work space with telecommunications equipment, LANs, PCs, and terminals for work groups. Sample Question • 4. Which of the following best describes remote journaling? • a. • b. • c. • d. Send hourly tapes containing transactions off-site. Send daily tapes containing transactions off-site. Real-time capture of transactions to multiple storage devices. The electronic forwarding of transactions to an off-site facility. Sample Question • 5. Emergency actions are taken at the incipient stage of a disaster with the objectives of preventing injuries or loss of life and of • • • • a. b. c. d. determining the extent of property damage. protecting evidence. preventing looting and further damage. mitigating the damage to avoid the need for recovery. Sample Question • 1. A mechanism that enforces the authorized access relationships between subjects and objects is known as • • • • a. b. c. d. the reference monitor. discretionary access control. trusted kernal. mandatory access control. Sample Question • 2. What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? • • • • a. b. c. d. Clark and Wilson Model Harrison-Ruzzo-Ullman Model Rivest and Shamir Model Bell-LaPadula Model Sample Question • 3. Which of the following models does NOT include data integrity? • • • • a. b. c. d. Biba Clark-Wilson Bell-LaPadula Brewer-Nash Sample Question • 4. Which of the following describes a logical form of separation used by secure computing systems? • a. • b. • c. • d. Processes use different levels of security for input and output devices. Processes are constrained so that each cannot access objects outside its permitted domain. Processes conceal data and computations to inhibit access by outside processes. Processes are granted access based on granularity of controlled objects. Sample Question • 5. What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects? • a. • b. • c. • d. Disclosure of residual data. Unauthorized obtaining of a privileged execution state. Denial of service through a deadly embrace. Data leakage through covert channels. Sample Question • 1. What is the PRIMARY use of a password? • • • • a. b. c. d. Allow access to files. Identify the user. Authenticate the user. Segregate various user’s accesses. Sample Question • 2. The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something • • • • a. b. c. d. you need. you read. you are. you do. Sample Question • 3. A timely review of system access audit records would be an example of which basic security function? • • • • a. b. c. d. Avoidance Deterrence Prevention Detection Sample Question • 4. An access system that grants users only those rights necessary for them to perform their work is operating on which security principle? • • • • a. b. c. d. Discretionary Access Least Privilege Mandatory Access Separation of Duties Sample Question • 5. Tokens, smart cards, and biometric devices used for identification and authentication provide robust authentication of the individual by practicing which of the following principles? • • • • a. b. c. d. Multi-party authentication Two-factor authentication Mandatory authentication Discretionary authentication Sample Question • 1. Which of the following statements is true about data encryption as a method of protecting data? • • • • a. b. c. d. It verifies the accuracy of the data. It is usually easily administered. It requires careful key management. It makes few demands on system resources. Sample Question • 2. In what way does the Rivest-ShamirAdleman algorithm differ from the Data Encryption Standard? • a. • b. • c. • d. • • • It is based on a symmetric algorithm. It uses a public key for encryption. It eliminates the need for a keydistribution center. It cannot produce a digital signature. “a.” is wrong because it is based on an asymmetric algorithm. “c.” is wrong because often a third party creates & distributes the key pairs; thereby acting as a key distribution center. “d.” is wrong because it can produce a digital signature. Sample Question • 3. Which of the following is NOT a property of a one-way hash function? • a. • b. • c. • d. It converts a message of a fixed length into a message digest of arbitrary length. It is computationally infeasible to construct two different messages with the same digest. It converts a message of arbitrary length into a message digest of a fixed length. Given a digest value, it is computationally infeasible to find the corresponding message. Sample Question • 4. The Data Encryption Algorithm performs how many rounds of substitution and permutation? • • • • a. b. c. d. 4 16 54 64 Sample Question • 5. Which of the following statements is most accurate of digital signature? • a. • b. • c. • d. It is a method used to encrypt confidential data. It is the art of transferring handwritten signature to electronic media. It allows the recipient of data to prove the source and integrity of data. It can be used as a signature system and a cryptosystem. Sample Question • 1. Why does fiber optic communication technology have significant security advantage over other transmission technology? • a. • b. • c. • d. Higher data rates can be transmitted. Interception of data traffic is more difficult. Traffic analysis is prevented by multiplexing. Single and double-bit errors are correctable. • Answer: b. • It would be correct to select “a.” if the word “security” was not in the question. Because of the resistance of fiber to tapping. Sample Question • 2. as Layer 4 of the OSI stack is known • • • • a. b. c. d. the data link layer the transport layer the network layer the presentation layer Sample Question • 3. Another name for a VPN is a • • • • a. b. c. d. tunnel one-time password pipeline bypass Sample Question • 4. Why is traffic across a packet switched network (e.g. frame relay, X.25) difficult to monitor? • a. • b. • c. • d. Packets are link encrypted by the carrier Government regulations forbid monitoring Packets are transmitted on multiple paths The network factor is too high Sample Question • 5. Which one of the following is used to provide authentication and confidentiality for e-mail messages? • • • • a. b. c. d. Digital signature PGP IPSEC AH MD4 Sample Question • 6. What is a packet sniffer? • a. • b. • c. • d. It tracks network connections to off-site locations. It monitors network traffic for illegal packets. It scans network segments for cabling faults. It captures network traffic for later analysis. Sample Question 1. At what stage of the applications developmen process should the security department become involved? • a. • b. • c. • d. Prior to the implementation Prior to systems testing During unit testing During requirements development Sample Question 2. What is one disadvantage of contentdependent protection of information? • • • • a. b. c. d. It increases processing overhead. It requires additional password entry. It exposes the system to data locking. It limits the user's individual address space. Sample Question 3. In what way could Java applets pose a security threat? • a. • b. • c. • d. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP Java interpreters do not provide the ability to limit system access that an applet could have on a client system. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system. Java does not check the bytecode at runtime provide other safety mechanisms for program isolation from the client system. or Sample Question 4. Which of the following has the objective to control and manage data from a central location? • • • • a. b. c. d. Databases Data dictionaries Data access methods Data storage Sample Question 5. A system file that has been patched numerous times becomes infected with a virus. The anti-virus software warns that disinfecting the file may damage it. What course of action should be taken? • a. • b. • c. • d. Replace the file with the original version from master media Proceed with automated disinfection Research the virus to see if it is benign Restore an uninfected version of the patched file from backup media