These
questions are similar to the type of questions that a person could expect to see on the
test and should not be misinterpreted as being questions FROM the test. Ive broken
them down into the Domains.
ACCESS CONTROL
1. Access control is implemented by several categories and types. The three types
are administrative, technical, and:
a. Preventive
b. Deterrent
c. Physical
d. Discretionary
2. Which one of the following provides access control assurance?
a. Incident response handling
b. Penetration testing
c. The reference monitor
d. Vulnerability mapping/scanning
3. The two parts of integrity are the system and the:
a. Data
b. Process
c. User
d. Transaction
4. Separation of duties forces collusion to commit fraud. Collusion can BEST be
broken up by which one of the following?
a. Supervision
b. Need to know
c. Rotation of duties
d. Awareness training
5. The main benefit of an information classification program is:
a. To meet military security requirements
b. To give data the appropriate level of protection
c. To save the company money
d. To meet regulatory requirements
6. How does centralized identity and access management (IAM) support
compliance with regulations?
a. It improves security governance by taking scattered identity data and
centralizing it, so it can be more easily reviewed for appropriateness
b. It reduces the time spent on manually managing accounts
c. It is required by Sarbanes-Oxley (SOX), section 404, which lists specific
internal controls including IAM
d. It prevents unauthorized access to company resources using a
centralized control application
7. What is an authoritative system of records ((ASOR)?
a. A hierarchical end system that contains users, accounts, and
authorizations for that system
b. An active directory (AD), where all users are created and managed
c. A hierarchical parent system that tracks users, accounts, and
authorization chains
d. A lightweight directory access protocol (LDAP) directory, where all users
are created and managed
8. What is an advantage of legacy single sign-on (SSO)?
a. It provides a single system where all authentication information is stored
b. It allows integration of old, non-interoperable systems into the SSO
process
c. It provides a single technology allowing all systems to authenticate the
users once using the same technology
d. It allows users to authenticate once no matter how many different
systems they wish to access
9. Which one of the following measures is used to control the emanations from
electronic equipment?
a. Kerberos
b. Remote Authentication Dial-In User Server/Service (RADIUS)
c. Internet Protocol Security (IPSec)
d. TEMPEST
10. Which one of the following is an alternative authentication system used in single
sign-on?
a. Secure European System for Applications in a Multivendor Environment
(SESAME)
b. DIAMETER
c. TEMPEST
d. SOCKS
CRYPTOGRAPHY
1. In which type of cryptoanalytic attack is a cryptosystems work factor MOST
relevant?
a. Differential cryptanalysis
b. Chosen plaintext attacks
c. Linear-differential cryptanalysis
d. Brute force attacks
2. RC4 and RC5
a. Are related symmetric key cryptographic algorithms, although RC5 was
designed to accommodate larger key sizes
b. Both employ repeated substitution and permutation transformations on
each plaintext block
c. Are unrelated symmetric key cryptographic algorithms, although they were
created by the same individual
d. Address the need for message integrity controls that resist intentional
changes
3. Which of the following is the most common attack against message digests used
to determine the original plaintext?
a. Ciphertext only attack
b. Dictionary attack
c. Known plaintext attack
d. Linear cryptanalysis attack
4. Wired Equivalent Privacy (WEP) and WIFI-Protected Access (WPA) use which of
the following ciphers?
a. Rivest Cipher 4 (RC4)
b. Rivest-Shamir-Adleman (RSA)
c. Triple Data Encryption Standard (3DES)
d. Advanced Encryption Standard (AES)
5. The process of hiding information in photos, music, and videos in such a way as
to make the alteration invisible to casual observers is called
a. Steganography
b. Optimal Asymmetric Encryption Padding (OAEP)
c. A null cipher
d. expansion
6. Which of the following is typically used to help two parties agree on a session key
without exchanging secret information?
a. Initialization vectors (IVs)
b. Exclusive or (XOR) operations
c. Rivest-Shamir-Adleman (RSA)
d. Diffie-Hellman
7. Keyed hashes and digital signatures differ in what way?
a. Keyed hashes employ symmetric keys alone while digital signatures
employ symmetric keys and has functions
b. Keyed hashes combine a hash function with a shared symmetric key while
digital signatures combine a hash function with an asymmetric key
c. Keyed hashes provide for message integrity while digital signatures
provide for message confidentiality
d. Keyed hashes are intended to detect accidental changes while digital
signatures are intended to detect intentional changes
8. What is the most significant advantage that the Advanced Encryption Standard
(AES) offers over the Data Encryption Standard (DES)?
a. Larger key space due to larger key sizes
b. More efficient operation when used in general-purpose computing devices
c. Smaller key sizes with greater strength per bit than DES
d. More block-cipher modes are supported
9. For what application would Electronic Code Book (ECB) mode be MOST
acceptable?
a. Encryption of Wi-Fi communications
b. Applications where high security is required
c. Encrypting small executable files
d. Encrypting large graphic image files
10. What is the BEST way to verify that a digital signature is valid?
a. Verify the digital signature through a manual comparison of the hash value
b. Obtain the public key from the partner and verify the digital signature
c. Obtain a public key certificate from a trusted certification authority and
verify the digital signature using that key
d. Use a hash algorithm to determine if the message has been altered
OPERATIONS SECURITY
1. Due to a software bug and a reload of the firewall, the firewall has lost its
complete configuration. After that happened, all firewall ports are shut down.
This is commonly referred to as
a. Secure configuration
b. Fail secure
c. Fail open
d. Fail soft
2. The BEST way to control users with elevated system privileges is with
a. Clear job descriptions
b. Thorough hiring procedures
c. Constant supervision
d. Rotation of duty
3. Which RAID (Redundant Array of Independent Disks) configuration offers the
usable disk storage as the sum of all disk capacities?
a. RAID 0
b. RAID 1
c. RAID 3
d. RAID 6
4. Which RAID (Redundant Array of Independent Disks) configuration offers the
lowest cost redundancy?
a. RAID 0
b. RAID 1
c. RAID 5
d. RAID 6
5. The temperature in the data center has risen. It has been observed that the
primary and backup air conditioning units are malfunctioning. When contacted,
the vendor maintenance staff advises that it will take one (1) hour before anyone
can arrive. What step should be taken?
a. Power down the complete system and all of the peripheral devices
b. Do nothing until the vendor maintenance staff arrives
c. Power down only the peripheral devices
d. Follow your business continuity plans procedures
6. Security administrator responsibilities include reviewing audit log data, setting
access permissions, conducting vulnerability assessments, and
a. Setting file-sensitivity labels
b. Reassigning ports/lines
c. Mounting I/O volumes
d. Configuration management
7. Media management practices include media marking, labeling, handling, storing,
a. Recovery, and destroying
b. Declassifying, and recovery
c. Declassifying, and destroying
d. Reviewing, and backup
8. Which of the following backup types is the replication of data on spate disks in
real time?
a. File image
b. System image
c. Data mirroring
d. Database shadowing
9. Storage area network (SAN) is BEST defined as
a. Disk drives connected to a separate optical network for the use of servers
b. Disk drives connected to a separate optical network for the use of clients
c. Disk drives connected to the same network as all clients and servers for
the use of servers
d. Disk drives connected to the same network as all clients and servers for
the use of all
10. Network administrator responsibilities include
a. Performing backups of data
b. Applying operating system updates and configuration changes
c. Resetting of time/date and network/operating system passwords
d. Configuring traffic priority controls on devices
PHYSICAL SECURITY
1. The six (6) goals of physical security are
a. Protect, delay, detect, assess, respond, and recover
b. Deter, delay, detect, assess, respond, and recover
c. Protect, delay, detect, assess, respond, and react
d. Deter, delay, detect, assess, respond, and react
2. The union representing many of the employees who work for your coal supplier
goes on strike. This type of threat is best categorized as
a. Natural/environmental
b. Utilities
c. Circumstantial
d. Human-made/political events
3. Five (5) examples of successful countermeasures for theft include
a. Strong access controls, intrusion detection systems, locked doors, key
control, and bag checks
b. Strong access controls, anti-phishing software, locked doors, key control,
and bag checks
c. Identification and authentication, intrusion detection systems, locked
doors, key control, and bag check
d. Identification and authentication, anti-phishing software, locked doors, key
control, and bag check
4. Environmental controls are grouped into three (3) distinct categories:
a. Layered, administrative/managerial, and technical
b. Physical, layered and technical
c. Physical, administrative/managerial, and layered
d. Physical, administrative/managerial, and technical
5. An approach to physical security that delves into the relationship between
incidents and frequency of crime, and the environment the crime was committed
in, is known as
a. Defensible space crime prevention through urban design (CPTUD)
b. The layered approach
c. Crime prevention through environmental design (CPTED)
d. Creating defensible space through superior design and analysis
(CDSTSDA)
6. You have been directed to assist with determining the minimum height of a fence
which will encircle the building that houses your companys data center. The
desired is to deter trespassers and to delay determined intruders. What is the
minimum recommended height of the fence?
a. 1.0 meters/ ~3.0 feet
b. 2.0 meters/ ~6.0 feet
c. 2.5 meters/ ~8.0 feet
d. 3.0 meters/ ~10 feet
7. Which type of intrusion detection system (IDS) is BEST described as an active
beam of light that triggers an alarm when the beam is broken?
a. Electrical circuits
b. Motion sensor
c. Ultrasonic
d. Photoelectric
8. Closed circuit television (CCTV) systems must meet which of the following
requirements?
a. Mixing capabilities, recognition, and identification
b. Detection, recognition, and identification
c. Detection, recognition, and mixing capabilities
d. Detection, identification, and mixing capabilities
9. Which of the following statement BEST describes the relationships between
guards and a cost benefit analysis?
a. Guards are inexpensive and provide a unique capability by providing
reasoned, discriminating, and measured responses to changing situations
b. Guards are inexpensive and do not provide a unique capability by
providing reasoned, discriminating, and measured responses to changing
situations
c. Guards are expensive and do not provide a unique capability by providing
reasoned, discriminating, and measured responses to changing situations
d. Guards are expensive and provide a unique capability by providing
reasoned, discriminating, and measured responses to changing situations.
10. Doors play a critical role in a physical security program. Best business practice
guidelines for doors include solid core open
a. Inward if permitted by law, minimum of three (3) hinges, and the same fire
resistance rating as the adjoining walls
b. Outward if permitted by law, minimum of three (3) hinges, and the same
fire resistance rating as the adjoining walls
c. Inward if permitted by law, minimum of three (3) hinges, and a 25 percent
greater fire resistance rating as the adjoining walls
d. Outward if permitted by law, minimum of three (3) hinges, and a 25
percent greater fire resistance rating as the adjoining walls
Every Monday, the London branch of a manufacturing company sends its weekly sales
figures for the prior week to corporate headquarters in Seattle. It is imperative to use
the most secure method of data transmission.
3. You are in charge of deciding what technology to use for this data transfer. The
BEST alternative is
a. X.25 protocol
b. A permanent virtual circuit (PVC)
c. A virtual private network (VPN)
d. An optical carrier-class (OC-class) carrier
4. Your boss is confused about the merits of RIP (routing information protocol) and
OSPF (open shortest path first). You explain that
a. RIP is preferable because variable length subnet masks (VLSMs) are
supported in all versions
b. OSPF is preferable because it is more flexible and inherently more secure
c. RIP is preferable because OSPF is only used in smaller networks
d. RIP is preferable because it is more flexible and inherently more secure
5. London is one of a number of small branch offices, and there is no local
authentication server. The employees must, therefore, authenticate to a domain
controller at the corporate office. The best method of authentication involves
a. A dial-up virtual private network (VPN)
b. Establishing a private virtual circuit (PVC) to forward the request
c. A Windows server running routing and remote access (RRAS) configured
as a remote authentication dial in user service (RADIUS) client
d. Synchronous optical network (SONET)
6. You advise the use of Layer 2 Tunneling Protocol (L2TP) virtual private networks
(VPN) for people working outside of the branch offices or headquarters because
a. A L2TP VPN is automatically encrypted. This removes the responsibility
of remembering to encrypt from the shoulders of employees and enables
them to focus on their jobs
b. Data entering the enterprise is encrypted and will pose no internal danger
c. You can chose to use Encapsulating Security Payload (ESP) with internet
protocol security (IPSec) when you set up the VPN to make the remote
communication more secure
d. Full-disk encryption makes the use of VPNs unnecessary
7. The head office has decided to use Kerberos for network authentication. The
company has a number of remote offices scattered across the country. What
problems might this present?
a. Kerberos is time sensitive in its default configuration
b. Kerberos logons are sent in plaintext
c. If the central key distribution center (KDC) fails, then all logons will fail
d. The key distribution center (KDC) retrieves passwords from the security
accounts manager (SAM)
8. Which of the following is a network configuration protocol for hosts on internet
protocol (IP) networks and provides other configuration information, particularly
the IP addresses of local caching DNS resolvers, network boot servers, and
other service hosts?
a. DHCP (Dynamic Host Configuration Protocol)
b. NIS (Network Information Service)
c. DNS (Domain Name Service)
d. LDAP (Lightweight Directory Access Protocol)
9. Which statement is TRUE concerning internet protocol (IP)V4 and IPV6 security?
a. IPV6 is less security than IPV4. IPV6 allows every node to have its own
IP address. IPV4 allows shielding private addresses behind public
addresses
b. IPV6 is less security than IPV4. Although there is still a centralizing body,
it is now international and terrorist organizations may now get IP
addresses
c. IPV6 is more security than IPV4. IPV6 mandates the use of internet
protocol security (IPSec)
d. IPV6 is more secure than IPV4. Only enterprises that have been
governmentally approved may use it
10. You are a CISSP working for a small corporation with responsibility for providing
security advice to the internet technology (IP) department. Your primary concern
for training all employees in the company on security awareness is defending
against
a. Denial of service
b. Malware
c. Social engineering
d. Botnets