- CCCure.org

advertisement
Sample Question
• 1. The preliminary steps to security planning
include all of the following EXCEPT
•
•
•
•
a.
b.
c.
d.
establish objectives.
list planning assumptions.
establish a security audit function.
determine alternate courses of action
Sample Question
• 2. Which of the following represents an ALE
calculation?
•
•
•
•
a.
b.
c.
d.
Gross loss expectancy X loss frequency.
Asset value X loss expectancy.
Total cost of loss + actual replacement value.
Single loss expectancy X annualized rate of
occurrence.
Sample Question
• 3. Why would an information security policy require
that communications test equipment be controlled?
• a.
• b.
The equipment is susceptible to damage
The equipment can be used to browse
information passing on a network
• c.
The equipment must always be available for
replacement if necessary
• d. The equipment can be used to reconfigure the network
multiplexers
Sample Question
• 4. Step-by-step instructions used to
satisfy control requirements is called a
• a. policy
• b. standard
• c. guideline
• d. procedure
Sample Question
• 5. One purpose of a security awareness
program is to modify
•
•
•
•
a.
b.
c.
d.
employee’s attitudes and behaviors.
management’s approach.
attitudes of employees with sensitive data.
corporate attitudes about safeguarding
data.
Sample Question
• 6. Which one of the following individuals
has PRIMARY responsibility for
determining the classification level of
information?
•
•
•
•
a.
b.
c.
d.
Security manager
User
Owner
Auditor
Sample Question
• 1. Under the principle of culpable negligence,
executives can be held liable for losses that
result from computer system breeches if
• a.
• b.
• c.
• d.
the company is not a multi-national company.
they have not exercised due care protecting
computing resources.
they have failed to properly insure computer
resources against loss.
the company does not prosecute the hacker that
caused the breech.
Sample Question
• 2. Since disks and other magnetic media
are only copies of the actual or original
evidence, what type of evidence are they
are often considered to represent?
•
•
•
•
a.
b.
c.
d.
Hearsay
Irrelevant
Incomplete
Secondary
Sample Question
• 3. The deliberate planting of apparent flaws in a
system for the purpose of detecting attempted
penetrations or confusing an intruder about
which flaws to exploit is called
•
•
•
•
a.
b.
c.
d.
alteration.
investigation.
re-direction.
enticement.
Sample Question
• 4. Which element must computer evidence
have to be admissible in court?
•
•
•
•
a.
b.
c.
d.
It must be relevant.
It must be annotated.
It must be printed.
It must contain source code.
Sample Question
• 5. The Internet Activities Board
characterizes which of the following as
unethical behavior for Internet users?
•
•
•
•
a.
b.
c.
d.
Writing computer viruses.
Monitoring data traffic.
Wasting computer resources.
Concealing unauthorized accesses.
Sample Question
• 1. What is a common problem when using
vibration detection devices for perimeter
control?
• a.
• b.
• c.
• d.
They are vulnerable to non-adversarial
disturbances.
They can be defeated by electronic means.
Signal amplitude is affected by weather
conditions.
They must be buried below the frost line.
Sample Question
• 2. What physical characteristics does a
retinal scan biometric device measure?
•
•
•
•
a.
b.
c.
d.
The amount of light reaching the retina.
The amount of light reflected by the retina.
The size, curvature, and shape of the retina.
The pattern of blood vessels at the back of
the eye.
Sample Question
• 3. Which of the following measures would
be the BEST deterrent to the theft of
corporate information from a laptop which
was left in a hotel room?
• a.
• b.
• c.
• d.
Store all data on disks and lock them in an inroom safe.
Remove the batteries and power supply from
the laptop and store them separately from the
computer.
Install a cable lock on the laptop when it is
unattended.
Encrypt the data on the hard drive.
Sample Question
• 4. Under what conditions would use of a
“Class C” hand-held fire extinguisher be
preferable to use of a “Class A” hand-held
fire extinguisher?
•
•
•
•
a.
b.
c.
d.
When the fire is in its incipient stage.
When the fire involves electrical equipment.
When the fire is located in an enclosed area.
When the fire is caused by flammable
products.
Sample Question
• 5. To be in compliance with the Montreal
Protocol, which of the following options can be
taken to refill a Halon flooding system in the
event that Halon is fully discharged in the
computer room?
• a.
• b.
• c.
• d.
Order an immediate refill with Halon 1201 from
the manufacturer.
Contact a Halon recycling bank to make
arrangements for a refill.
Order a different chlorofluorocarbon
compound from the manufacturer.
Order an immediate refill with Halon 1301 from
the manufacturer.
Sample Question
• 1. Which of the following security controls
might force an operator into collusion with
personnel assigned organizationally within a
different function in order to gain access to
unauthorized data?
•
•
•
•
a.
b.
c.
d.
Limiting the local access of operations personnel
Job rotation of operations personnel
Management monitoring of audit logs
Enforcing regular password changes
Sample Question
• 2. An electrical device (AC or DC) which can
generate coercive magnetic force for the purpose
of reducing magnetic flux density to zero on
storage media or other magnetic media is called
•
•
•
•
a.
b.
c.
d.
a magnetic field.
a degausser.
magnetic remanence.
magnetic saturation.
Sample Question
• 3. What is the most secure way to
dispose of information on a CD-ROM?
•
•
•
•
a.
b.
c.
d.
Sanitizing
Physical damage
Degaussing
Physical destruction
Sample Question
• 4. Fault tolerance countermeasures are
designed to combat threats to
•
•
•
•
a.
b.
c.
d.
an uninterruptible power supply.
backup and retention capability.
design reliability.
data integrity.
Sample Question
• 5. In what way can violation clipping levels assist in
violation tracking and analysis?
• a. Clipping levels set a baseline for normal user errors, and
violations exceeding that threshold will be recorded for analysis of
why the violations
occurred.
• b. Clipping levels enable a security administrator to
customize the audit trail to record only those
violations which are deemed to be security relevant.
• c. Clipping levels enable the security administrator to customize
the audit trail to record only actions for users with access to
usercodes with a privileged
status.
• d. Clipping levels enable a security administrator to
view all reductions in security levels which have
been made to usercodes which have incurred
violations.
Sample Question
• 1. For which areas of the enterprise are
business continuity plans required?
• a.
• b.
• c.
• d.
All areas of the enterprise.
The financial and information processing
areas of the enterprise.
The operating areas of the enterprise.
The marketing, finance, and information
processing areas.
Sample Question
• 2. Which of the following will a Business
Impact Analysis NOT identify?
• a.
• b.
• c.
• d.
Areas that would suffer the greatest
financial or operational loss in the event of a
disaster.
Systems critical to the survival of the
enterprise.
The names of individuals to be contacted
during a disaster.
The outage time that can be tolerated by
the enterprise as a result of a disaster.
Sample Question
• 3. What is a hot-site facility?
• a.
A site with pre-installed computers, raised flooring,
air
conditioning, telecommunications and
networking
equipment, and UPS.
• b.
A site in which space is reserved with pre-installed
wiring and raised floors.
• c.
A site with raised flooring, air conditioning,
telecommunications, and networking equipment, and UPS.
• d.
A site with ready made work space with
telecommunications equipment, LANs, PCs, and
terminals for work groups.
Sample Question
• 4. Which of the following best describes
remote journaling?
• a.
• b.
• c.
• d.
Send hourly tapes containing
transactions off-site.
Send daily tapes containing transactions
off-site.
Real-time capture of transactions to
multiple storage devices.
The electronic forwarding of transactions to
an off-site facility.
Sample Question
• 5. Emergency actions are taken at the incipient
stage of a disaster with the objectives of preventing
injuries or loss of life and of
•
•
•
•
a.
b.
c.
d.
determining the extent of property damage.
protecting evidence.
preventing looting and further damage.
mitigating the damage to avoid the need for
recovery.
Sample Question
• 1. A mechanism that enforces the
authorized access relationships between
subjects and objects is known as
•
•
•
•
a.
b.
c.
d.
the reference monitor.
discretionary access control.
trusted kernal.
mandatory access control.
Sample Question
• 2. What is the name of the first
mathematical model of a multi-level
security policy used to define the concept
of a secure state, the modes of access, and
rules for granting access?
•
•
•
•
a.
b.
c.
d.
Clark and Wilson Model
Harrison-Ruzzo-Ullman Model
Rivest and Shamir Model
Bell-LaPadula Model
Sample Question
• 3. Which of the following models does
NOT include data integrity?
•
•
•
•
a.
b.
c.
d.
Biba
Clark-Wilson
Bell-LaPadula
Brewer-Nash
Sample Question
• 4. Which of the following describes a logical
form of separation used by secure computing
systems?
• a.
• b.
• c.
• d.
Processes use different levels of security
for input and output devices.
Processes are constrained so that each
cannot access objects outside its
permitted domain.
Processes conceal data and
computations to inhibit access by outside
processes.
Processes are granted access based on
granularity of controlled objects.
Sample Question
• 5.
What security problem is most likely to
exist if an operating system permits objects to be
used sequentially by multiple users without
forcing a refresh of the objects?
• a.
• b.
• c.
• d.
Disclosure of residual data.
Unauthorized obtaining of a privileged
execution state.
Denial of service through a deadly embrace.
Data leakage through covert channels.
Sample Question
• 1. What is the PRIMARY use of a
password?
•
•
•
•
a.
b.
c.
d.
Allow access to files.
Identify the user.
Authenticate the user.
Segregate various user’s accesses.
Sample Question
• 2. The three classic ways of
authenticating yourself to the computer
security software are: something you
know, something you have, and
something
•
•
•
•
a.
b.
c.
d.
you need.
you read.
you are.
you do.
Sample Question
• 3. A timely review of system access audit
records would be an example of which
basic security function?
•
•
•
•
a.
b.
c.
d.
Avoidance
Deterrence
Prevention
Detection
Sample Question
• 4. An access system that grants users
only those rights necessary for them to
perform their work is operating on which
security principle?
•
•
•
•
a.
b.
c.
d.
Discretionary Access
Least Privilege
Mandatory Access
Separation of Duties
Sample Question
• 5. Tokens, smart cards, and biometric devices
used for identification and authentication
provide robust authentication of the individual
by practicing which of the following principles?
•
•
•
•
a.
b.
c.
d.
Multi-party authentication
Two-factor authentication
Mandatory authentication
Discretionary authentication
Sample Question
• 1. Which of the following statements is
true about data encryption as a method
of protecting data?
•
•
•
•
a.
b.
c.
d.
It verifies the accuracy of the data.
It is usually easily administered.
It requires careful key management.
It makes few demands on system
resources.
Sample Question
• 2. In what way does the Rivest-ShamirAdleman algorithm differ from the Data
Encryption Standard?
• a.
• b.
• c.
• d.
•
•
•
It is based on a symmetric algorithm.
It uses a public key for encryption.
It eliminates the need for a keydistribution center.
It cannot produce a digital signature.
“a.” is wrong because it is based on an asymmetric algorithm.
“c.” is wrong because often a third party creates & distributes the key
pairs; thereby acting as a key distribution center.
“d.” is wrong because it can produce a digital signature.
Sample Question
• 3. Which of the following is NOT a property
of a one-way hash function?
• a.
• b.
• c.
• d.
It converts a message of a fixed length
into a message digest of arbitrary length.
It is computationally infeasible to
construct two different messages with the
same digest.
It converts a message of arbitrary length
into a message digest of a fixed length.
Given a digest value, it is computationally
infeasible to find the corresponding message.
Sample Question
• 4. The Data Encryption Algorithm
performs how many rounds of
substitution and permutation?
•
•
•
•
a.
b.
c.
d.
4
16
54
64
Sample Question
• 5. Which of the following statements is
most accurate of digital signature?
• a.
• b.
• c.
• d.
It is a method used to encrypt
confidential data.
It is the art of transferring handwritten
signature to electronic media.
It allows the recipient of data to prove
the source and integrity of data.
It can be used as a signature system and a
cryptosystem.
Sample Question
• 1. Why does fiber optic communication
technology have significant security advantage
over other transmission technology?
• a.
• b.
• c.
• d.
Higher data rates can be transmitted.
Interception of data traffic is more
difficult.
Traffic analysis is prevented by
multiplexing.
Single and double-bit errors are
correctable.
•
Answer: b.
•
It would be correct to select “a.” if the word “security” was not in the
question.
Because of the resistance of fiber to tapping.
Sample Question
• 2.
as
Layer 4 of the OSI stack is known
•
•
•
•
a.
b.
c.
d.
the data link layer
the transport layer
the network layer
the presentation layer
Sample Question
• 3. Another name for a VPN is a
•
•
•
•
a.
b.
c.
d.
tunnel
one-time password
pipeline
bypass
Sample Question
• 4. Why is traffic across a packet
switched network (e.g. frame relay, X.25)
difficult to monitor?
• a.
• b.
• c.
• d.
Packets are link encrypted by the carrier
Government regulations forbid
monitoring
Packets are transmitted on multiple paths
The network factor is too high
Sample Question
• 5. Which one of the following is used to
provide authentication and
confidentiality for e-mail messages?
•
•
•
•
a.
b.
c.
d.
Digital signature
PGP
IPSEC AH
MD4
Sample Question
• 6. What is a packet sniffer?
• a.
• b.
• c.
• d.
It tracks network connections to off-site
locations.
It monitors network traffic for illegal
packets.
It scans network segments for cabling
faults.
It captures network traffic for later
analysis.
Sample Question
1. At what stage of the applications developmen
process should the security department become
involved?
• a.
• b.
• c.
• d.
Prior to the implementation
Prior to systems testing
During unit testing
During requirements development
Sample Question
2. What is one disadvantage of contentdependent protection of information?
•
•
•
•
a.
b.
c.
d.
It increases processing overhead.
It requires additional password entry.
It exposes the system to data locking.
It limits the user's individual address
space.
Sample Question
3. In what way could Java applets pose a security
threat?
• a.
• b.
• c.
• d.
Their transport can interrupt the secure
distribution of World Wide Web pages over the
Internet by removing SSL and S-HTTP
Java interpreters do not provide the
ability to limit system access that an
applet could have on a client system.
Executables from the Internet may
attempt an intentional attack when they are
downloaded on a client system.
Java does not check the bytecode at runtime
provide other safety mechanisms for
program isolation from the client system.
or
Sample Question
4. Which of the following has the objective to
control and manage data from a central
location?
•
•
•
•
a.
b.
c.
d.
Databases
Data dictionaries
Data access methods
Data storage
Sample Question
5. A system file that has been patched numerous times
becomes infected with a virus. The anti-virus software
warns that disinfecting the file may damage it. What
course of action should be taken?
• a.
• b.
• c.
• d.
Replace the file with the original version
from master media
Proceed with automated disinfection
Research the virus to see if it is benign
Restore an uninfected version of the
patched file from backup media
Download