Exam 2

1. Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?

2. An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?

3. Which of the following actions should be performed when implementing a change to a database schema in a production system?

4. The Hardware Abstraction Layer (HAL) is implemented in the

5. Which one of the following transmission media is MOST effective in preventing data interception?

6. In a financial institution, who has the responsibility for assigning the classification to a piece of information?

7. Which of the following is the BEST way to verify the integrity of a software patch?

8. During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?

9. Why must all users be positively identified prior to using multi-user computers?

10. Copyright provides protection for which of the following?

11. Which of the following is a potential risk when a program runs in privileged mode?

12. Why MUST a Kerberos server be well protected from unauthorized access?

13. Which of the following does Temporal Key Integrity Protocol (TKIP) support?

14. Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?

15. Contingency plan exercises are intended to do which of the following?

16. Which of the following does the Encapsulating Security Payload (ESP) provide?

17. Multi-threaded applications are more at risk than single-threaded applications to

18. What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?

19. A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

20. By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

21. An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?

22. A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?

23. The goal of software assurance in application development is to

24. Which one of the following is a threat related to the use of web-based client-side input validation?

25. Which of the following is an appropriate source for test data?

26. An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

27. Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?

28. When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and

29. The birthday attack is MOST effective against which one of the following cipher technologies?

30. The overall goal of a penetration test is to determine a system's

31. Which of the following is the best practice for testing a Business Continuity Plan (BCP)?

32. Which of the following is ensured when hashing files during chain of custody handling?

33. The FIRST step in building a firewall is to

34. An organization is selecting a service provider to assist in consolidating multiple computing sites. Which of the following MUST be verified by the Information Security Department?

35. In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

36. The three PRIMARY requirements for a penetration test are

37. A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

38. An organization is designing a large enterprise-wide document repository system with several classification levels. The BEST way to ensure document confidentiality in the repository is to

39. Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

40. Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?

41. Which one of the following considerations has the LEAST impact when considering transmission security?

42. The type of authorized interactions a subject can have with an object is

43. The stringency of an Information Technology (IT) security assessment will be determined by the

44. Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

45. An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?

46. Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

47. Which one of the following describes granularity?

48. What is the BEST method to detect the most common improper initialization problems in programming languages?

49. What component of a web application that stores the session state in a cookie an attacker can bypass?

50. What is the PRIMARY advantage of using automated application security testing tools?

51. An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule?

52. What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service?

53. A common challenge when implementing SAML for identity integration between an on-premise environment and an external identity provider service is that

54. Which of the following MOST influences the design of the organization's electronic monitoring policies?

55. With data labeling, which of the following MUST be the key decision maker?

56. A business has implemented PCI-DSS compliant handheld credit card processing on their WLAN. The network team created a private segment for processing using a firewall. What components are in the scope of PCI-DSS?

57. Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?

58. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following documents explains the proper use of the organization's assets?

59. The use of proximity card to gain access to a building is an example of what type of security control?

60. Which of the following describes the concept of a Single Sign-On (SSO) system?

61. According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

62. A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?

63. During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?

64. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?

65. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. When determining appropriate resource allocation, which of the following is MOST important to monitor?

66. When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?

67. A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

68. What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?

69. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. What is the MOST critical requirement for the third party?

70. Which of the following assures that rules are followed in an identity management architecture?

71. What is the MOST important reason to configure unique user IDs?

72. Which of the following is the MAIN goal of a data retention policy?

73. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. Which of the following is considered the MOST important priority for the information security officer?

74. The effectiveness of the security program can PRIMARILY be measured through

75. Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?

76. A thorough review of an organization’s audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

77. A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as

78. Which of the following BEST describes Recovery Time Objective (RTO)?

79. Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?

80. An organization experiencing a negative financial impact is forced to reduce budgets and the number of IT operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will MOST likely allow the organization to keep risk at an acceptable level?

81. If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the

82. Which item below is a federated identity standard?

83. Which of the following is the MOST beneficial to review when performing an IT audit?

84. Which of the following methods provides the MOST protection for user credentials?

85. What physical characteristic does a retinal scan biometric device measure?

86. Which of the following BEST mitigates a replay attack against a system using identity federation and SAML?

87. Which of the following is the BEST countermeasure to brute force login attacks?

88. What MUST the plan include to reduce client-side exploitation?

89. What is the MAIN feature that onion routing networks offer?

90. Which of the following is the MOST crucial for a successful audit plan?

91. Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program from being installed on the computer?

92. An organization's data policy MUST include a data retention period which is based on

93. What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?

94. Which of the following provides the BEST option for low maintenance and ease of deployment for remote access?

95. If the intrusion causes the system processes to hang, which of the following has been affected?

96. What is the PRIMARY reason for ethics awareness and related policy implementation?

97. Which of the following is the BEST reason to review audit logs periodically?

98. Which of the following violates identity and access management best practices?

99. Which of the following problems is not addressed by using OAuth 2.0 to integrate a third-party identity provider for a service?

100. When outsourcing a portion of IT to a third-party provider, the organization should ensure that the third party's physical security controls

101. Which of the following is the BEST solution to provide redundancy for telecommunications links?

102. Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

103. A Business Continuity Plan (BCP) is based on

104. An organization experiencing a negative financial impact is forced to reduce budgets and the number of IT operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will indicate where the IT budget is BEST allocated during this time?

105. According to best practice, which of the following is required when implementing third-party software in a production environment?

106. Which of the following is the MOST effective attack against cryptographic hardware modules?

107. For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?

108. An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?

109. Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?

110. Which of the following is the MOST difficult to enforce when using cloud computing?

111. What is the MOST effective countermeasure to a malicious code attack against a mobile system?

112. An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

113. Which of the following would be the FIRST step to take when implementing a patch management program?

114. What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?

115. When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?

116. Logical access control programs are MOST effective when they are

117. Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

118. The process of mutual authentication involves a computer system authenticating

119. The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using

120. Which of the following is a detective access control mechanism?

121. In addition to authentication at the start of the user session, best practice would require re-authentication

122. Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?

123. What is the ultimate objective of information classification?

124. The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide

125. A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step?