SSCP Questions

Study online at quizlet.com/_26vsek

1. [Access Controls] A 5. [Access Controls] D

Access controls protect assets such as files by Authentication includes three types or factors. Which of
preventing unauthorized access. What must occur before the following best describes these authentication
a system can implement access controls to restrict methods?
access to these types of assets?
A. Something you say, something you think, and
A. Identification and authentication something you are
B. Identification and accountability B. Something you know, something you have, and
C. Authentication and accounting something you type
D. Accountability and availability C. Something you know, something you say, and
something you are
2. [Access Controls] C
D. Something you know, something you have, and
something you are
An organization has been using an iris scanner for
authentication but has noticed a significant number of 6. [Access Controls] D
errors. Assuming the iris scanner is a high-quality
scanner which of the following could affect its accuracy? Of the following choices what most accurately identifies
the major drawback of SSO systems?
A. False Acceptance Rate (FAR)
B. False Rejection Rate (FRR) A. It allows users to access multiple systems after
C. Sunlight shining into the scanner logging on once.
D. Faulty laser beam B. It increases the difficulty for users to log on.
C. It increases the administrative workload.
3. [Access Controls] D
D. It risks maximum unauthorized access with
compromised accounts.
An organization uses a biometric system with a one-to-
many search method. What does this system provide for 7. [Access Controls] D
the organization?
Users are required to enter a different password each
A. Authentication time they log on. What type of password is this?
B. Accountability
C. Authorization A. Static password
D. Identification B. Cognitive password
C. Passphrase
4. [Access Controls] C
D. Dynamic password
A user professes an identity by entering a user logon 8. [Access Controls] D
name and then enters a password. What is the purpose
of the logon name? What can be used to prevent a user from reusing the
same password?
A. Authentication
B. Accountability A. Minimum password age
C. Identification B. Maximum password age
D. Accounting C. Password length
D. Password history
9. [Access Controls] C

What form(s) of authentication are individuals using

when they authenticate with a hardware token and a
password?

A. Something they have only

B. Something they know only
C. Something they have and something they know
D. Something they have and something they are
10. [Access Controls] A 16. [Access Controls] B

What is SSO? Which of the following choices does NOT ensure that a
password is strong?
A. A system that requires user credentials once and uses
the same credentials for the entire session A. Ensuring that the password is of a sufficient length
B. An authentication system that requires users to use B. Ensuring that the password is changed frequently
different credentials for each resource they access C. Ensuring that the password has a mixture of different
C. A secure system used for operations character types
D. Any network that employs secure access controls D. Ensuring that the password does not include any part
of the user's name
11. [Access Controls] C
17. [Access Controls] B
What is the primary goal of the Bell-LaPadula model?
Which of the following metrics identifies the number of
A. Enforce separation of duties valid users that a biometric authentication system
B. Enforce two-factor authentication falsely rejects?
C. Enforce confidentiality
D. Enforce integrity A. FAR
B. FRR
12. [Access Controls] A
C. CER
D. AAA
What type of access control is identity based?
18. [Access Controls] A
A. Discretionary
B. Non-discretionary Which of the following models helps enforce the
C. ABAC principle of separation of duties?
D. Biba
A. Chinese Wall and Clark-Wilson
13. [Access Controls] A
B. Chinese Wall and Biba
C. Clark-Wilson and Bell-LaPadula
What type of service does Kerberos provide?
D. Biba and Bell-LaPadula
A. Authentication 19. [Access Controls] C
B. Accounting
C. Availability Which of the following statements is true?
D. Accountability
A. An access control matrix is object based and a
14. [Access Controls] B
capability table is object based.
B. An access control matrix is subject based and a
Which of the following actions is most appropriate if an
capability table is object based.
employee leaves the company?
C. An access control matrix is object based and a
capability table is subject based.
A. Delete the user's account as soon as possible.
D. An access control matrix is subject based and a
B. Disable the user's account as soon as possible.
capability table is subject based.
C. Change the user's password as soon as possible.
D. Change the user's permissions as soon as possible. 20. [Access Controls] B
15. [Access Controls] A
Which of the following will disable an account if an
attacker tries to guess the password multiple times?
Which of the following biometric methods has the
lowest CER?
A. A password policy
B. An account lockout policy
A. Iris scan
C. A password history
B. Handwriting analysis
D. De-provisioning accounts
C. Keystroke dynamics
D. Thumbprint scan
21. [Advanced Networking & Communications] A 26. [Advanced Networking & Communications] C

An organization is sharing resources with another Of the following choices what indicates the primary
organization using cloud-based computing. Which of improvement that MS-CHAPv2 included over previous
the following cloud operation models does this protocols?
describe?
A. Support for biometrics
A. Community B. Use of certificates
B. Hybrid C. Mutual authentication
C. Private D. Use of a nonce
D. Public
27. [Advanced Networking & Communications] C
22. [Advanced Networking & Communications] A
Of the following choices what is NOT used for VPNs?
A packet-filtering firewall can block ICMP traffic such
as ping requests. How does a packet-filtering firewall A. L2TP
identify ICMP traffic? B. PPTP
C. SSLTP
A. Based on the protocol ID having a value of 1 D. TLS
B. Based on the protocol ID having a value of 2
28. [Advanced Networking & Communications] A
C. Based on the port of 50
D. Based on the port of 51
Of the following choices what represents the primary
23. [Advanced Networking & Communications] C benefits provided by a proxy server?

How can you provide defense diversity with a DMZ?
A. Use a single firewall.
B. Use two firewalls from the same vendor.
C. Use two firewalls from different vendors.
D. Ensure that only trusted partners are allowed access.
24. [Advanced Networking & Communications]
How would users typically access a TLS VPN?
A. Caching and filtering
B. Authentication and caching
C. Authentication, authorization, and accounting
D. Stateful inspection
29. [Advanced Networking & Communications] C
A What can be used to examine the health of a client prior
to allowing network access and restricting access of
unhealthy clients to a quarantined network?

A. With a web browser A. RADIUS

B. With a dedicated application B. TACACS+
C. With broadband access but never DSL access C. NAC
D. With an IMAP application D. SRTP
25. [Advanced Networking & Communications] D 30. [Advanced Networking & Communications] D

It's common to enable or install a firewall on a server to What port does a TLS VPN typically use?
protect the server. What type of firewall is this?
A. 80
A. Network-based B. 88
B. Hardware-based C. 143
C. Packet-filtering D. 443
D. Host-based
31. [Advanced Networking & Communications] D

What port does PPTP typically use?

A. 143
B. 443
C. 1701
D. 1723
32. [Advanced Networking & Communications] B 38. [Advanced Networking & Communications] A

What port does TACACS+ typically use? Which of the following is the best choice to segment
traffic on a network?
A. 25
B. 49 A. VLAN
C. 53 B. EAP
D. 443 C. SSL
D. TLS
33. [Advanced Networking & Communications] B
39. [Advanced Networking & Communications] B
Which of the following best describes the mapping of
data held within a switch's table? Which of the following represents the greatest risk to
virtual systems?
A. IP address to port
B. MAC address to port A. Confidentiality
C. IP address to MAC address B. VM escape
D. Physical port to logical port C. Increased costs for power and cooling
D. Loss of control of data in the cloud
34. [Advanced Networking & Communications] D
40. [Advanced Networking & Communications] B
Which of the following can provide security for VoIP?
Your organization has a private phone system. Of the
A. RADIUS following what is the best choice to control call
B. TACACS+ forwarding?
C. PSTN
D. SRTP A. Ensure that the administrator password is kept private
and changed often.
35. [Advanced Networking & Communications] D
B. Restrict phone numbers that can be used with call
forwarding.
Which of the following choices provides the best
C. Restrict long distance calling.
protection against potentially malicious FTP
D. Protect the phone system with physical security.
commands?
41. [Attacks] C
A. Defense diversity
B. Packet-filtering firewall An application has received more input than it expected
C. Stateful inspection firewall and the resulting error has exposed normally protected
D. Application firewall memory. What is the best explanation for what
happened?
36. [Advanced Networking & Communications] B

A. Phishing attack
Which of the following identifies the correct
B. Salami attack
representation of RADIUS?
C. Buffer overflow
D. Session hijacking
A. Remote Access Dial-in User System.
B. Remote Authentication Dial-in User Service 42. [Attacks] A
C. Roaming Access Dial-in User Service
D. Remote Authentication Dialing User System An attacker has written a program to shave off a penny
from each transaction and divert the penny to the
37. [Advanced Networking & Communications] C
attacker's bank account. What best describes this
attack?
Which of the following is an example of SaaS?

A. Salami attack
A. Access to an operating system over the Internet
B. Sniffing attack
B. Access to a server over the Internet
C. Replay attack
C. Web-based e-mail
D. Covert channel
D. VM escape
43. [Attacks] C 48. [Attacks] D

An attacker is using Wireshark to capture and analyze A user attempted to access http:/mcgraw-hill.com/ but
TCP sessions. What is the best term that identifies this was redirected to a website that advertised
action? pharmaceutical drugs for sale. What does this describe?

A. Dumpster diving A. Phishing

B. Shoulder surfing B. Impersonation
C. Sniffing C. Whaling
D. Vishing D. Pharming
44. [Attacks] B 49. [Attacks] C

An attacker sends an e-mail to many members of an A user connected to a free wireless network at a coffee
organization and spoofs the From address so that the shop to access Facebook. Later someone else started
e-mail looks like it came from within the organization. making posts on the user's page. What is the most likely
The e-mail tries to trick recipients into following a link. cause of this?
What is the best definition of this action?
A. Zero day exploit
A. Phishing B. WPS cracking
B. Spear phishing C. Evil twin
C. Whaling D. WPA cracking
D. Vishing
50. [Attacks] C
45. [Attacks] A
A user receives an e-mail indicating that the bank has
An attacker uses nontechnical means to learn the e- detected suspicious activity on the user's bank account.
mail address of a manager within a company. Which of The message indicates the user should log on
the following best describes this attack? immediately to prevent loss of funds. What is the best
term to describe this attack?
A. Social engineering
B. Shoulder surfing A. Sniffing
C. Smishing B. Session hijacking
D. Covert cramming C. Phishing
D. Tailgating
46. [Attacks] A
51. [Attacks] B
A system has a protocol analyzer installed. What mode
must the system operate in to capture all packets that A website is preventing users from entering the < and >
reach it including those that are not directly addressed characters when they enter data. What is the website
to or from the system? trying to prevent?

A. Promiscuous A. SQL injection attack

B. Nonpromiscuous B. Cross-site scripting attack
C. DoS C. Input validation attack
D. DDoS D. Trojan horse
47. [Attacks] D 52. [Attacks] A

A system has been attacked by an exploit that isn't Of the following choices what is a common DoS attack?
published. What type of attack is this?
A. TCP flood
A. Scareware B. Tailgating
B. APT C. Smishing
C. Pharming D. Whaling
D. Zero day
53. [Attacks] B 58. [Attacks] D

Of the following choices what is the best method to What is the difference between a DoS attack and a
prevent tailgating? DDoS attack?

A. Education A. There is no real difference.

B. Mantrap B. A DoS attack uses technical methods but a DDoS
C. Antivirus software attack uses nontechnical methods.
D. Access controls on the phone system C. A DDoS attack is an attack from a single system, but
a DoS attack is an attack from multiple systems.
54. [Attacks] B
D. A DoS attack is an attack from a single system, but a
DDoS attack is an attack from multiple
Of the following choices what provides the best
protection against buffer overflow attacks? 59. [Attacks] D

A. SQL injection What type of attack can access data in a database used
B. Input validation by a website?
C. Cross-site scripting
D. Code signing A. Cross-site scripting
B. Cross-site request forgery
55. [Attacks] C
C. Rootkit
D. SQL injection
Thousands of computers have been infected with
malware and are periodically directed to send out spam 60. [Attacks] D
to other computers. What does this describe?
Which of the following best identifies a computer
A. Zombies controlled by a botnet?
B. Spear phishing
C. A botnet A. DoS computer
D. Phishing B. DDoS computer
C. Attacker
56. [Attacks] A
D. Zombie
What is an APT? 61. [Auditing] B

A. A group often sponsored by a government, that has
the capability and intent to launch persistent attacks
against an organization
B. Software that alerts a user that their system is
infected with malware, but won't remove the malware
unless the user pays a fee
C. An attack that redirects users to a bogus website
D. A scan to detect open ports
57. [Attacks]
What is a primary goal of security-related user
awareness training?
A badge reader records employee names, dates, and
times when employees enter and exit a secure server
room. An auditor reviewed the logs and noticed that
they showed that many employees entered the room,
but the logs do not show when all of the employees
exited the room. What does this indicate?
A. The badge reader is operational
B. Tailgating
B
C. The mantrap is not being used
D. Unauthorized entry
62. [Auditing] D

A. Increase use of e-mail An accounting system ignores logon failures until an

B. Change behavior account has three logon failures within a 30-minute
C. Implement technical solutions period. It then generates an alert. What is the
D. Show how to use applications accounting system using?

A. Account lockout
B. Password policy
C. Snipping level
D. Clipping level
63. [Auditing] A 68. [Auditing] A

An organization handles credit card data from Of the following choices, what is a primary method used
customers on a regular basis. What provides the for configuration control?
security objectives and requirements that the
organization must follow? A. Baseline
B. Change management requests
A. PCI DSS C. Security logs
B. HIPAA D. Password audits
C. FIPS Pub 200
69. [Auditing] A
D. NIST SP 800-53
64. [Auditing] A Of the following choices, what is the best example of a
log used as a deterrent for internal employees?
A system ignores potential security violations until it
detects a specific number of events. It then raises an A. Proxy server log
alert. What does this describe? B. Network firewall log
C. Security audit
A. Clipping level D. Change management log
B. Acceptance level
70. [Auditing] C
C. Audit level
D. Baseline level
Of the following choices, which one is NOT a
65. [Auditing] B recommended strategy for audit logs?

A user entered an incorrect password three times. Now,

the user is no longer able to log on. What caused this to A. Review the logs regularly
occur? B. Archive logs for later review
C. Periodically overwrite logs
A. Password policy D. Store logs on remote servers
B. Account lockout policy
71. [Auditing] D
C. Clipping level
D. Audit trail
What do you call a group of one or more logs used to
66. [Auditing] B re-create events leading up to and occurring during an
incident?
Of the following choices, what can help ensure that
system modifications do NOT cause unintended A. A configuration control program
outages? B. A change management program
C. A security audit
A. Security audit D. An audit trail
B. Change management
72. [Auditing] A
C. Configuration control
D. Audit trail
What is the purpose of reviewing logs?
67. [Auditing] C
A. Detecting potential security events
Of the following choices, what is an example of an B. Preventing potential security events
auditable event logged in an operating system's C. Correcting potential security events
security log? D. Deterring potential security events
73. [Auditing] C
A. Access through a firewall
B. Accessing a website through a proxy server
What type of control is an audit trail?
C. Reading a file
D. The date and time when a service starts
A. Preventive control
B. Corrective control
C. Detective control
D. Physical access control
74. [Auditing] B 79. [Auditing] C

What type of log on a Microsoft system records Your organization uses strong authentication and
auditable events, such as when a user deletes a file? authorization mechanisms and has robust logging
capabilities. Combined, what do these three elements
A. System provide?
B. Security
C. Application A. Guaranteed security
D. Forwarded Events B. Prevention of unintended outages from unauthorized
changes
75. [Auditing] D
C. Accountability
D. Configuration control
Which of the following is NOT a valid method used for
configuration control? 80. [Auditing] A

A. Imaging You suspect that many internal systems may be part of

B. Microsoft's Group Policy a botnet. What log would you review to verify your
C. Change management suspicions?
D. Proxy server logs
A. Network-based firewall logs
76. [Auditing] B
B. Host-based firewall logs
C. Operating system logs
Which of the following statements best describes a
D. System security logs
benefit of using clipping levels?
81. [Basic Networking & Communications] D
A. Clipping levels ignore baselines and generate alerts
when they detect security violations. What is the protocol number for IPsec AH?
B. Clipping levels ignore normal user errors, but
generate alerts when these errors exceed a A. 1
predetermined threshold. B. 6
C. Audit trails use clipping levels to record all potential C. 50
alerts for accountability. D. 51
D. Clipping levels ensure systems generate alerts when
82. [Basic Networking & Communications] B
they detect any potential security violations.
77. [Auditing] C What port does POP3 use?

Who would measure the effectiveness of an A. 25

organization's security controls? B. 110
C. 143
A. An administrator D. 443
B. A manager
83. [Basic Networking & Communications] A
C. An auditor
D. A data owner
What protocol would a system use to determine a
78. [Auditing] D systems physical address?

Your organization has recently completed a security A. ARP

audit. Which of the following is NOT a valid step to take B. RARP
after completing the audit? C. BootP
D. DNS
A. Approve changes
B. Evaluate controls
C. Implement fixes
D. Delete the security audit
84. [Basic Networking & Communications] D 90. [Basic Networking & Communications] B

Where is a DMZ located? Which layer of the OSI Model provides reliable end-to-
end communication services?
A. Behind the intranet firewall
B. In front of the first intranet-facing firewall A. Physical layer
C. In front of the first Internet-facing firewall B. Transport layer
D. Behind the first Internet-facing firewall C. Data Link layer
D. Host layer
85. [Basic Networking & Communications] A
91. [Basic Networking & Communications] C
Which layer of the OSI Model defines cable standards?
Which layer of the TCP/IP Model corresponds to the
A. Physical layer OSI Network layer?
B. Data Link layer
C. Network layer A. Host layer
D. Transport layer B. Application layer
C. Internet layer
86. [Basic Networking & Communications] C
D. Link layer
Which layer of the OSI Model handles physical 92. [Basic Networking & Communications] B
addressing?
Which of the following accurately identifies a difference
A. Physical layer between FTP and TFTP?
B. Network layer
C. Data Link layer A. FTP uses UDP and TFTP uses TCP.
D. Transport layer B. FTP supports authentication but TFTP does not
support authentication.
87. [Basic Networking & Communications] A
C. TFTP sends data across a network in cleartext, but
FTP encrypts data.
Which layer of the OSI Model includes TCP and UDP?
D. TFTP is primarily used to transfer large files, and FTP
is used to transfer configuration information to and
A. Transport layer
from network devices.,
B. Network layer
C. Data Link layer 93. [Basic Networking & Communications] C
D. Application
Which of the following is the recommended security
88. [Basic Networking & Communications] B
mechanism to use with wireless networks?
Which layer of the OSI Model packages data as a
A. 802.11a
frame?
B. 802.11g
C. 802.11i
A. Physical layer
D. 802.11n
B. Data Link layer
C. Network layer 94. [Basic Networking & Communications] D
D. Transport layer
Which of the following protocols is a more secure
89. [Basic Networking & Communications] C
alternative for remote login?
Which layer of the OSI Model packages data as a
A. Telnet
packet?
B. rlogin
C. rexec
A. Physical layer
D. SSH
B. Data Link layer
C. Network layer
D. Transport layer
95. [Basic Networking & Communications] D 100. [Basic Networking & Communications] A

Which of the following protocols is commonly used with You are purchasing a product from a website. Which of
diagnostic utilities? the following protocols will your system most likely use
to provide confidentiality for this transaction?
A. TFTP
B. RARP A. SSL
C. IGMP B. SSH
D. ICMP C. IPsec
D. HTTP
96. [Basic Networking & Communications] C
101. [Controls and Countermeasures] D
Which of the following protocols is connection
oriented? A computer system records events into a security log,
and administrators periodically review the log for
A. IP security incidents. What type of control is this?
B. RIP
C. TCP A. A preventive, technical security control
D. UDP B. A detective, physical security control
C. A preventive, physical security control
97. [Basic Networking & Communications] B
D. A detective, technical security control
Which of the following statements is correct related to 102. [Controls and Countermeasures] A
IPsec?
A security professional is reviewing existing security
A. IPsec provides confidentiality by encrypting data controls. What type of security control is this?
with AH.
B. IPsec provides confidentiality by encrypting data on A. Management
the Network layer. B. Technical
C. IPsec AH uses protocol number 50. C. Physical
D. IPsec ESP uses protocol number 51. D. Compensating
98. [Basic Networking & Communications] B 103. [Controls and Countermeasures] C

Which of the following topologies avoids collisions Of the following choices, what is NOT one of the
using a token? methods or goals of hardening a server?
A. IEEE 802.3
B. IEEE 802.5 A. Reducing the attack surface
C. CSMA/CD B. Keeping a system up to date
D. CSMA/CA C. Disabling firewalls
D. Adding AV software
99. [Basic Networking & Communications] C
104. [Controls and Countermeasures] B
Which of these ports does DNS use?
Of the following choices, which one is authoritative in
A. TCP 23 nature?
B. TCP 25
C. UDP 53 A. Procedure
D. UDP 69 B. Policy
C. Action steps
D. Tasks
105. [Controls and Countermeasures] B 110. [Controls and Countermeasures] B

Of the following choices, which provides high-level What type of control are procedures to back up and
guidance to employees? restore data?
A. Procedure
B. Policy A. Operational
C. Action steps B. Corrective
D. Disaster recovery plan C. Detective
D. Deterrent
106. [Controls and Countermeasures] A
111. [Controls and Countermeasures] C
What are the primary objectives of security controls?
What type of control is an audit log?
A. Prevent, detect, and correct
B. Prevent, detect, and block A. Technical
C. Detect, correct, and block B. Corrective
D. Detect, correct, and remove C. Detective
D. Preventive
107. [Controls and Countermeasures] C
D 112. [Controls and Countermeasures] A
What is an important benefit to organizations that use
virtual servers? (Choose all that apply.) Which of the following choices best describes an
operational control?
A. VM escape capabilities
B. Better control of data with cloud computing A. A control implemented by people (rather than
C. Reduction of costs associated with power and systems)
cooling B. A control implemented using hardware, software, or
D. Reduction of costs for physical security firmware
C. A control that focuses on the management of risk
108. [Controls and Countermeasures] D
and the management of IT security
D. A control that focuses on preventing losses due to
What is the overall goal of a change management
risks
process?
113. [Controls and Countermeasures] A
A. To slow down changes
B. To ensure that systems are configured similarly Which of the following controls attempts to avoid
C. To enable stakeholders to deny unwanted changes security incidents?
D. To reduce unintended outages from unauthorized
changes A. Preventive
B. Compensating
109. [Controls and Countermeasures] B
C. Corrective
D. Detective
What should administrators do after learning that a
vendor has released a patch that is relevant for servers 114. [Controls and Countermeasures] A
they manage?
Which of the following definitions best describes
A. Apply the patch. system hardening?
B. Test the patch.
C. Audit systems to see whether the patch is applied. A. Making a system more secure than the default
D. Document the systems where the patch is applied. configuration
B. Increasing physical security to make it harder to
access the system
C. Increasing the length of the administrator password
to make it harder to access the system
D. Reducing the attack surface
115. [Controls and Countermeasures] C 119. [Controls and Countermeasures] B

Which of the following helps ensure that mobile devices You have two disk drives and you want to provide fault
have all relevant patches? tolerance by mirroring the two drives. What should you
use?
A. BYOD
B. COPE A. RAID-0
C. MDM B. RAID-1
D. USB C. RAID-5
D. RAID-6
116. [Controls and Countermeasures] D
120. [Controls and Countermeasures] C
Which of the following provides the best definition of a
control? You need to ensure that a service continues to run even
if a server fails. What should you implement?
A. The means, methods, actions, techniques, processes,
procedures, or devices used to prevent attackers from A. RAID-1
launching attacks on systems B. RAID-6
B. A detective method that identifies threats C. Failover cluster
C. A corrective method that reverses the impact of an D. Warm site
incident
121. [Cryptography] C
D. The means, methods, actions, techniques, processes,
procedures, or devices used to reduce the vulnerability
A website sent a user a certificate to initiate a secure
of a system or the possibility of a threat exploiting a
web session over the Internet. What information would
vulnerability
NOT be in the certificate?
117. [Controls and Countermeasures] B
A. Name of the website
Which of the following security controls can restore a B. Name of the issuing CA
failed or disabled control? C. Private key
D. Expiration date
A. Preventive
122. [Cryptography] B
B. Corrective
C. Detective
How are public keys distributed to clients from Internet
D. Deterrent
websites?
118. [Controls and Countermeasures] D
A. As e-mail attachments
You don't have enough maintenance time during the B. Embedded in certificates
week to perform full backups, so you decide to C. As cookies
implement a backup strategy that takes less time to do D. Embedded in the HTML code for the page
backups during the week. Of the following choices,
123. [Cryptography] A
what strategy will minimize the amount of time needed
to restore a backup after a failure?
How are public keys shared with other entities?

A. Full
A. Published in a certificate
B. Incremental
B. Encrypted by a private key
C. Full / incremental
C. Encrypted by a session key
D. Full / differential
D. Public keys are not shared
124. [Cryptography] C 130. [Cryptography] B

Of the following choices, what is NOT provided with a What is a common standard used to encrypt and
digital signature used for e-mail? digitally sign e-mail?

A. Authentication A. Symmetric encryption

B. Integrity B. S/MIME
C. Confidentiality C. TLS
D. Nonrepudiation D. Steganography
125. [Cryptography] A 131. [Cryptography] B

Of the following choices, what is used to determine What is used to create a digital signature used with e-
whether a certificate has been revoked? mail?
A. OCSP
B. Digital signature A. The public key of the sender
C. CARL B. The private key of the sender
D. Trust chain C. The public key of the recipient
D. The private key of the recipient
126. [Cryptography] D
132. [Cryptography] A
Of the following choices, which one is considered a
strong, efficient symmetric encryption algorithm? What type of cryptography does public cryptography
use?
A. TLS
B. DES A. Asymmetric encryption
C. 3DES B. Symmetric encryption
D. AES C. Steganography
D. One-way functions
127. [Cryptography] B
133. [Cryptography] B
Researchers are attempting to discover weaknesses in
an encryption algorithm using a known-plaintext attack. Which of the following choices allows you to verify that
What is this called? a file has not been modified?
A. Cryptography
B. Cryptanalysis A. AES
C. Criminal behavior B. SHA
D. Hashing C. PKI
D. IDEA
128. [Cryptography] D
134. [Cryptography] D
Someone has embedded a secret code within a picture
used on a web page. What is the best description of Which of the following choices provides one-way
this? encryption of data?

A. Symmetric encryption A. Symmetric

B. Asymmetric encryption B. Asymmetric
C. Hashing C. Transport Layer Security
D. Steganography D. Hashing
129. [Cryptography] C 135. [Cryptography] C

What basic security function does asymmetric Which of the following is an accurate statement related
encryption provide? to asymmetric encryption?

A. Integrity A. It is used to privately share a private key.

B. Authentication B. It is used to privately share a public key.
C. Confidentiality C. It is used to privately share a secret key.
D. Availability D. It is faster than symmetric encryption.
136. [Cryptography] C 142. [Legal Issues] B

Which of the following is a symmetric 128-bit block A forensic expert wants to examine data on a hard
cipher? drive of a confiscated computer. Which of the following
actions should the expert complete first?
A. Data Encryption Standard (DES)
B. Triple Data Encryption Standard (3DES) A. Ensure that the computer has UPS protection
C. Advanced Encryption Standard (AES) B. Create a bit copy of the disk
D. Blowfish C. Disable the antivirus software on the computer
D. Move the hard drive to another system and examine
137. [Cryptography] D
it on the other system
Which of the following is NOT a symmetric encryption 143. [Legal Issues] B
standard?
An organization collects customer data such as their
A. AES name, e-mail address, physical address, and phone
B. Blowfish number. What term best describes this information?
C. RC4
D. RSAChapter A. PHI
B. PII
138. [Cryptography] D
C. COFEE
D. DECAF
Which of the following keys is changed the most often?
144. [Legal Issues] A
A. Public key
B. Private key An organization regularly collects information on
C. Symmetric key customers for marketing purposes. It uses this
D. Session key information to personally identify the customers. Who
is responsible for protecting this data?
139. [Cryptography] A

A. The organization.
Which of the following uses a single key to encrypt and
B. It depends on whether the customers gave
decrypt data?
permission to collect the data.
C. It depends on whether a data breach occurred.
A. Symmetric
D. Customers.
B. Asymmetric
C. Public key cryptography 145. [Legal Issues] C
D. SHA-1
Countries sometimes engage in espionage against
140. [Cryptography] C
other countries. What is this called?
Which of the following would most likely be used to
A. Cyberbullying
encrypt data in an e-mail message before it is sent?
B. Cyberstalking
C. Cyberwarfare
A. The public key of the sender
D. Cyberterrorism
B. The private key of the sender
C. The public key of the recipient 146. [Legal Issues] A
D. The private key of the recipient
In general, what elements need to come together for a
141. [Legal Issues] C
crime?
A business in Florida gathers customers' names and ZIP
A. Means, motive, and opportunity
codes and uses them to identify the customers'
B. Criminal, software, and hardware
addresses. What is occurring?
C. Discovery, theft, and benefit
D. Attacker, attackee, and method
A. Violation of an EU directive
B. Data breach
C. Data inference
D. Violation of COPPA
147. [Legal Issues] B 152. [Legal Issues] A

Managers suspect that an employee in your What law requires an organization to get a parent's
organization has committed fraud. You are told to consent prior to collecting information on children
secure his computer as part of an incident response. under 13?
Which of the following should you NOT do?
A. COPPA
A. Disconnect the computer from the LAN B. OPPA
B. Power the system down C. Data Protection Directive
C. Prevent anyone from accessing the system D. E-Privacy Directive
D. Take pictures of the system
153. [Legal Issues] C
148. [Legal Issues] A
What law requires organizations to post a privacy
Of the following choices, what is NOT a phase of a policy on their website?
computer forensic investigation?
A. SOX
A. Prosecution based on evidence B. PHI
B. Authenticating evidence C. OPPA
C. Analyzing evidence D. COPPA
D. Acquiring evidence
154. [Legal Issues] B
149. [Legal Issues] C
What security practice moves employees into different
What are the principles of notice, choice, access, and positions periodically to reduce the risk of fraud?
enforcement most closely related to?
A. Separation of duties
A. Privacy policies B. Job rotation
B. Incident response C. Mandatory vacations
C. Safe Harbor D. Risk mitigation
D. Protection of children's privacy
155. [Legal Issues] C
150. [Legal Issues] C
Which of the following best describes a primary goal of
What forensic evidence can be lost if a system is incident handling?
powered down before the evidence is collected?
A. Collecting evidence
A. Data on the disk drive B. Documenting evidence
B. Data on a USB drive C. Containing any potential damage
C. Data in memory D. Improving security controls
D. Data in files
156. [Legal Issues] D
151. [Legal Issues] D
Which of the following choices is the most important
What is the purpose of mandatory vacations in relation consideration when gathering evidence as part of a
to security? computer forensic investigation?

A. To ensure that employees do not burn out
B. To ensure that employees take time to relax
C. To reduce the payroll of an organization
D. To reduce the chance of fraud
A. Ensuring that systems are turned off as soon as
possible
B. Ensuring that a record of files on a system is
recorded by accessing the system
C. Ensuring that users can log on to the system
D. Ensuring that evidence is not modified
157. [Legal Issues] B 162. [Malicious Code and Activity] D

Which of the following helps to prove that collected After visiting a website a user sees a pop-up indicating
evidence has been controlled since it was collected? a virus has infected his system and offering free
antivirus software. He downloads the free antivirus
A. COFEE application software, but finds that it won't clean the virus unless
B. Chain of custody he purchases the full version. What does this describe?
C. DECAF application
D. Audit logs A. Shareware
B. Rootkit
158. [Legal Issues] D
C. Freeware
D. Scareware
Which of the following identifies a primary
responsibility of a first responder after a computer 163. [Malicious Code and Activity] A
security incident?
An employee configured malicious code to execute at
A. Capturing images of disks midnight on February 2.
B. Capturing data in RAM What does this describe?
C. Interviewing witnesses
D. Preserving the scene A. Logic bomb
B. Groundhog Day virus
159. [Legal Issues] D
C. Worm
D. Ransomware
Which of the following is a benefit of a chain-of-
custody form? 164. [Malicious Code and Activity] D

A. It helps ensure that evidence is protected. A software application appears to have a useful
B. It helps ensure that evidence is controlled. purpose but it includes malicious code. What does this
C. It helps ensure that evidence is not modified. describe?
D. It helps ensure that evidence is admissible in court.
A. A virus
160. [Legal Issues] D
B. A backdoor
C. A worm
Which one of the following is mostly like to be
D. A Trojan horse
performed during a feedback loop in an incident
handling process? 165. [Malicious Code and Activity] A

A. Chain of custody A virus is detected on a system based on the virus's

B. Hashing behavior. What detected the virus?
C. Escalation
D. Perform a lessons learned review A. Heuristics
B. A virus fingerprint
161. [Malicious Code and Activity] C
C. A virus filter
D. A signature
A company authorizes users to transport data from
work to home using USB drives. What's the best method 166. [Malicious Code and Activity] B
of protecting systems from malware without affecting
the user? A website developer wants to provide assurances to
users that ActiveX controls used on the site are not
A. Install AV software on the network firewall malicious. What can provide this assurance?
B. Install AV software on the e-mail server
C. Install AV software on each user's work computer A. Input validation
D. Prevent users from using USB drives B. Code signing
C. Code review
D. Enabling cross-site scripting
167. [Malicious Code and Activity] A 172. [Malicious Code and Activity] C

Of the following choices how is malware most often What does antivirus software use to detect previously
delivered today? unknown viruses?

A. Over the Internet A. Signatures

B. Via an intranet B. Polymorphism
C. Via USB drives C. Heuristics
D. Through company policies D. Armor
168. [Malicious Code and Activity] B 173. [Malicious Code and Activity] D

Of the following choices, what is the best technique you What provides a standardized method of describing
can implement on an e-mail server to reduce infection malware?
through e-mail?
A. The Consortium of Antivirus Vendors (CAV)
A. Block all e-mail B. The Consortium of Virus Authors (CVA)
B. Add a spam filter C. The National Institute of Standards and Technology
C. Add a polymorphic filter (NIST)
D. Remove all attachments D. The Common Vulnerabilities and Exposures (CVE) list
169. [Malicious Code and Activity] D 174. [Malicious Code and Activity] A

Of the following choices what network device can filter What should users do to ensure that antivirus software
e-mail, spam, and malware? can detect recently released viruses?

A. Packet-filtering firewall A. Update signatures

B. Proxy server B. Update the operating system
C. An intrusion detection system C. Update the AV software
D. Content-filtering appliance D. Regularly purchase new AV software
170. [Malicious Code and Activity] B 175. [Malicious Code and Activity] C

Of the following choices which one is a principle that What type of malware can spread without any user
prevents users from accidentally installing malicious intervention?
software on their systems?
A. Virus
A. Nonrepudiation B. Trojan horse
B. Least privilege C. Worm
C. Separation of duties D. Spyware
D. Accountability
176. [Malicious Code and Activity] D
171. [Malicious Code and Activity] C
What type of malware takes control of the operating
Of the following choices which one is NOT a valid system at the kernel level?
method to reduce malware infections?
A. Trojan horse
A. Don't open attachments from unsolicited e-mails. B. Worm
B. Don't click links in unsolicited e-mails. C. Keylogger
C. Don't send encrypted personal information via e- D. Rootkit
mail.
D. Don't follow shortened links from unknown sources.
177. [Malicious Code and Activity] A 182. [Monitoring and Analysis] D

What type of virus attempts to protect itself from A vulnerability assessment reports that a patch is not
reverse engineering and prevent antivirus researchers installed on a system but you've verified that the patch
from analyzing the malware? is installed. What is this called?

A. Armored virus A. Anomaly-based vulnerability

B. Polymorphic virus B. Signature-based vulnerability
C. Metamorphic virus C. False negative
D. Multipartite virus D. False positive
178. [Malicious Code and Activity] B 183. [Monitoring and Analysis] A

When Sally turns her computer on she sees a screen How does a behavior-based IDS detect attacks?
indicating software has encrypted all of her data files.
A message indicates she must pay $300 within 48 hours A. It compares current activity against a baseline.
to access the decryption key. What does this describe? B. It compares current activity against a database of
known attack methods.
A. Logic bomb C. It compares current activity with antivirus signatures.
B. Ransomware D. It monitors activity on firewalls.
C. Worm
184. [Monitoring and Analysis] D
D. Spyware
179. [Malicious Code and Activity] B How does a vulnerability scanner fingerprint a system?

Which of the following malware types alters its own A. With a biometric scanner
code to avoid detection by antivirus software? B. Using an ICMP sweep
C. By identifying its IP address
A. Armored virus D. By analyzing packets
B. Metamorphic virus
185. [Monitoring and Analysis] D
C. Polymorphic virus
D. Ransomware
Of the following choices, what best describes an IPS?
180. [Malicious Code and Activity] C
A. An active antivirus program that can detect malware
Your organization mandates security training for users B. An inline monitoring system that can perform
within its security policy to educate users about penetration testing
malware and methods to prevent malware infections. C. An inline monitoring system that can perform
What is the best description of this effort? vulnerability assessments
D. An inline monitoring system that can modify the
A. A detective control environment to block an attack
B. A corrective control
186. [Monitoring and Analysis] B
C. A preventive control
D. A technical control
Of the following choices what best describes a whitelist
181. [Monitoring and Analysis] B as a replacement for a HIDS?

An external organization is performing a vulnerability A. A listing of websites that a user can visit, blocking
test for a company. Officials from the company give access to all other websites for a HIDS?
this group some information on the company's network B. A listing of applications that a user can run, blocking
prior to the test. What type of test is this? attempts to run any other applications
C. A listing of MAC addresses blocked through a
A. White box test firewall, allowing traffic from all other systems
B. Gray box test D. A listing of suitable vendors for IPSs
C. Black box test
D. Internal test
187. [Monitoring and Analysis] A 192. [Monitoring and Analysis] B

Of the following choices what is a primary purpose of a What type of control is a NIDS?
honeypot?
A. Corrective
A. To give administrators an opportunity to observe B. Detective
new exploits C. Deterrent
B. To give administrators an opportunity to observe new D. Preventive
controls
193. [Monitoring and Analysis] C
C. To give administrators an opportunity to perform
vulnerability tests
When should a penetration test stop?
D. To give administrators an opportunity to perform
penetration tests
A. After discovering the vulnerabilities
188. [Monitoring and Analysis] D B. After discovering the threats
C. Before causing any damage
What is an important first step in a vulnerability D. Before discovering the exploits
assessment?
194. [Monitoring and Analysis] D

A. Document vulnerabilities
Which of the following can detect if a system file has
B. Fingerprinting
been modified?
C. Reconnaissance
D. Gaining approval
A. Encryption algorithm
189. [Monitoring and Analysis] C B. Anomaly-based detection
C. Signature-based detection
What is the last step in a vulnerability assessment? D. File integrity checker
195. [Monitoring and Analysis] A
A. Discovery
B. Analysis
Which of the following choices identifies a major
C. Remediation
drawback associated with a host-based IDS (HIDS)?
D. Document vulnerabilities
190. [Monitoring and Analysis] A A. It is very processor intensive and can affect the
computer's performance.
What logs are most valuable after an attack? B. The signatures must be updated frequently.
C. It does not support anomaly-based detection.
A. Logs on a remote system D. It stores the logs on remote systems.
B. Logs on local systems that have been attacked
196. [Monitoring and Analysis] B
C. Logs for local firewalls
D. Logs for antivirus events
Which of the following identifies a system that requires
191. [Monitoring and Analysis] B a database to detect attacks?

What's the primary difference between a penetration A. Anomaly-based IDS

test and a vulnerability assessment? B. Signature-based IDS
C. HIPS
A. A vulnerability assessment includes a penetration D. NIPS
test but a penetration test does not include a
vulnerability assessment.
B. A penetration test is intrusive and can cause damage,
while a vulnerability assessment is passive.
C. A vulnerability assessment is intrusive and can cause
damage, while a penetration test is passive.
D. They are basically the same, but with different
names.
197. [Monitoring and Analysis] B 202. [Risk, Recovery and Response] D

You have recently modified the network infrastructure An organization has implemented several controls to
within your network. What should be re-created to mitigate risks. However some risk remains. What is the
ensure that the anomaly-based NIDS continues to work name of the remaining risk?
properly?
A. Vulnerable risk
A. Signature database file B. Mitigated risk
B. Baseline C. Alternate risk
C. Router gateways D. Residual risk
D. Firewalls
203. [Risk, Recovery and Response] B
198. [Monitoring and Analysis] C
A risk assessment recommended several controls to
Your organization has contracted with a security mitigate risks but only some of the controls were
organization to test your network's vulnerability. The accepted and implemented. Who is responsible for any
security organization is not given access to any losses that occur from the remaining risk?
internal information from the company. What type of
test will the organization perform? A. The person completing the risk assessment
B. Senior management
A. White box testing C. IT personnel managing the systems
B. Gray box testing D. Security personnel
C. Black box testing
204. [Risk, Recovery and Response] B
D. Partial knowledge testing
199. [Monitoring and Analysis] A Of the following choices what best represents all of the
steps related to incident response?
You want to monitor a server for potential attacks. Of
the following choices what is the best choice? A. Preparation, containment, detection, analysis,
eradication, and recovery
A. HIDS B. Preparation, detection, analysis, containment,
B. NIDS eradication, and recovery
C. Anomaly-based IDS C. Containment, preparation, detection, analysis,
D. Signature-based IDS eradication, and recovery
D. Containment, analysis, detection, eradication, and
200. [Monitoring and Analysis] C
recovery
You want to monitor the network for possible intrusions 205. [Risk, Recovery and Response] C
or attacks and report on any activity. What would you
use? Of the following choices what is an important first step
in a risk management plan?
A. HIPS
B. HIDS A. Implementing controls
C. NIDS B. Identifying vulnerabilities
D. AV software C. Identifying assets
D. Identifying threats
201. [Risk, Recovery and Response] B

An organization has a business location in Miami

Florida. Due to the risks associated with hurricanes, the
organization has decided to move the location to
Atlanta, Georgia, away from any ocean. What risk
management strategy is the organization using?

A. Accept
B. Avoid
C. Mitigate
D. Transfer
206. [Risk, Recovery and Response] A 212. [Risk, Recovery and Response] C

Of the following choices which one most accurately Which of the following choices best represents the
reflects differences between risk management and a definition of risk?
risk assessment?
A. The likelihood that a threat source can cause a threat
A. A risk assessment is a point-in-time event, while risk event resulting in a vulnerability
management is an ongoing process. B. The likelihood that a vulnerability can exploit a threat
B. Risk management is a point-in-time event, while a and cause a loss
risk assessment is an ongoing process. C. The likelihood that a threat will exploit a vulnerability
C. Risk assessments are broad in scope, while risk and cause a loss
management is focused on a specific system. D. The likelihood that an incident can cause a
D. Risk management is one part of an overall risk vulnerability resulting in a loss
assessment strategy for an organization.
213. [Risk, Recovery and Response] A
207. [Risk, Recovery and Response] D B
Which of the following choices identify valid threat C
What is the first step in incident response? sources? (Choose all that apply.) D
A. Analysis
B. Containment, eradication, and recovery A. Employee
C. Detection B. Earthquake
D. Preparation C. State-sponsored attacker
D. Administrator
208. [Risk, Recovery and Response] B
214. [Risk, Recovery and Response] B
What is the purpose of risk management?
Which of the following formulas will determine the
A. Eliminate risks annual loss expectancy
B. Reduce risks to an acceptable level (ALE)?
C. Share or transfer risks
D. Identify risks A. SLE - ARO
B. SLE × ARO
209. [Risk, Recovery and Response] B
C. ARO - SLE
D. SLE divide by ARO
What's a primary method used to reduce risk?
215. [Risk, Recovery and Response] A
A. Reducing threats
B. Reducing vulnerabilities Which of the following helps ensure that an
C. Increasing threats organization focuses risk management resources only
D. Increasing vulnerabilities on the most serious risks?
210. [Risk, Recovery and Response] B
A. Risk assessment
B. Residual risk
What should an organization do when the cost of a
C. Countermeasures
control exceeds the cost of a risk?
D. Qualitative analysis
A. Implement the control 216. [Risk, Recovery and Response] A
B. Accept the risk
C. Perform a risk assessment You are completing a risk assessment and using
D. Mitigate the risk historical data. You've identified that a system has
failed five times in each of the past two years and each
211. [Risk, Recovery and Response] A
outage resulted in losses of about $5,000. What is the
ARO?
Which of the following can cause a negative impact on
an organization's assets?
A. Five
A. A threat
B. $5,000
B. A risk
C. $25,000
C. A weakness
D. Impossible to determine with the information
D. A control
provided
217. [Risk, Recovery and Response] B 222. [Security Administration & Planning] C

You are completing a risk assessment using historical
data. You've identified that a system has failed three
times in the past year and each of these outages
resulted in approximately $10,000 in losses. What type
of analysis does this allow you to perform?
An organization decides to designate an alternative
location to be used in case of an emergency. The
organization doesn't need anything other than an open
building with water and electricity. What type of site
best meets this need?

A. Qualitative A. Hot
B. Quantitative B. Warm
C. Informative C. Cold
D. Subjective D. Distant
218. [Risk, Recovery and Response] D 223. [Security Administration & Planning] C

You are involved in risk management activities within An organization has a security policy in place. What
your organization. Of the following activities which one can personnel within the organization do to ensure it
is the best choice to reduce risk? remains relevant?
A. Reducing threats
B. Increasing vulnerabilities A. Perform audits
C. Increasing impact B. Perform training
D. Mitigating risk C. Review it
D. Test it
219. [Risk, Recovery and Response] D
224. [Security Administration & Planning] C
You decide to manage risk by purchasing insurance to
cover any losses. Which one of the following risk An organization is updating its business continuity plan
management techniques are you using? (BCP) and wants to implement an alternative location
that is the easiest to relocate. What type of site best
A. Accept meets this need?
B. Avoid
C. Mitigate A. Cold
D. Transfer B. Hot
C. Mobile
220. [Risk, Recovery and Response] A
D. Warm
You have completed a risk assessment and determined 225. [Security Administration & Planning] B
that you can purchase a control to mitigate a risk for
only $10,000. The SLE is $2,000 and the ARO is 20. Is An organization's location has been hit by a tornado
this cost justified? and the organization is moving to an alternative
location. What provides the direction for this action?
A. Yes. The control is less than the ALE.
B. No. The control exceeds the ALE. A. BIA
C. Yes. The control exceeds the ARO. B. BCP
D. No. The control is less than the ARO. C. DRP
D. Hot site
221. [Security Administration & Planning] D
226. [Security Administration & Planning] C
An organization decides to designate an alternative
location for operations during a disaster. The site must An organization wants to ensure that users are aware
be up and operational within minutes of an outage at of their responsibilities related to the use of IT systems.
the primary location. What type of site best meets this What should the organization create?
need?
A. A video monitoring system
A. Mobile B. An audio monitoring system
B. Cold C. An acceptable use policy
C. Warm D. An account lockout policy
D. Hot
227. [Security Administration & Planning] B 232. [Security Administration & Planning] B

Of the following choices, what is a U.S. government What is RTO in relation to business continuity
entity that regularly publishes Special Publications planning?
(known as SP 800 series documents) related to IT
security? A. Recovery terminal objective
B. Recovery time objective
A. ITIL C. Recovery tolerable outage
B. NIST D. Recovery tolerable objective
C. CERT Division
233. [Security Administration & Planning] D
D. US-CERT
228. [Security Administration & Planning] B What is the purpose of a BIA?

Of the following choices, which provides the highest- A. To identify recovery plans
level authority for an organization? B. To drive the creation of the BCP
C. To test recovery plans
A. Standards D. To identify critical business functions
B. Policies
234. [Security Administration & Planning] A
C. Guidelines
D. Procedures
Which of the following best describes maximum
229. [Security Administration & Planning] D tolerable downtime?

Sally notices that Homer appears to be stealing from A. The maximum amount of downtime before a
the company. What should business loses viability
Sally do? B. The point in time in which a failed database should
be restored
A. Confront Homer C. The maximum amount of time that can be taken to
B. Ignore the activity because it doesn't concern her restore a system or process
C. Call the police D. The minimum amount of time that can be taken to
D. Report the activity to a manager restore a system or process
230. [Security Administration & Planning] D 235. [Security Administration & Planning] C

What is MTO in relation to business continuity Which of the following best describes the purpose of a
planning? security policy?

A. Minimum time for an outage A. Ensures personnel understand their responsibilities

B. Maximum time for an outage B. Ensures personnel use strong authentication
C. Minimum tolerable outage C. Informs personnel of management priorities related
D. Maximum tolerable outage to security
D. Provides guidance on management controls
231. [Security Administration & Planning] B
236. [Security Administration & Planning] A
What is RPO in relation to business continuity B
planning? Which of the following choices are effective methods C
of ensuring that employees know the relevant contents
A. Restoring potential outage of an organization's security policy? (Choose all that
B. Recovery point objective apply.)
C. Restoration process option
D. Recovery process options A. Providing training
B. Using warning banners
C. Using posters
D. Storing the policy in the company vault
237. [Security Administration & Planning] A 242. [Security Fundamentals] B

Which of the following choices best describes an An organization wants to ensure that authorized
organization's security policy? employees are able to access resources during normal
business hours. What security principle is the
A. An authoritative written document that identifies an organization trying to enforce?
organization's overall security goals
B. A non-authoritative written document that identifies A. Accountability
an organization's overall security goals B. Availability
C. A technical control that mitigates risks C. Integrity
D. A baseline used to ensure that systems are secure D. Confidentiality
when deployed
243. [Security Fundamentals] A
238. [Security Administration & Planning] A
How many years of experience are required to earn the
Which of the following is the most important element Associate of (ISC)2 designation?
of business continuity planning?
A. Zero
A. Support from senior management B. One
B. Availability of a warm site C. Two
C. The backup plan D. Five
D. Cost
244. [Security Fundamentals] C
239. [Security Administration & Planning] D
What are the AAAs of information security?
Which of the following organizations provides regular
cyber-security alerts about current security issues, A. Authentication, availability, and authorization
vulnerabilities, and exploits as part of the U.S. National B. Accounting, authentication, and availability
Cyber Awareness System? C. Authentication, authorization, and accounting
D. Availability, accountability, and authorization
A. ITL
245. [Security Fundamentals] B
B. NIST
C. CERT Division
What are the three elements of the security triad?
D. US-CERT
240. [Security Administration & Planning] C A. Authentication authorization, and accounting
B. Confidentiality, integrity, and availability
Which one of the following is a valid step to perform C. Identification, authentication, and authorization
during a business impact analysis? D. Confidentiality, integrity, and authorization
246. [Security Fundamentals] B
A. Identify alternative locations
B. Create a plan to restore critical operations
Which of the following is required to support
C. Identify resources needed by critical business
accountability?
functions
D. Identify minimum outage times for key business
A. Encryption
services
B. Authentication
241. [Security Fundamentals] B C. Hashing
D. Redundant systems
An organization has created a disaster recovery plan.
What security principle is the organization trying to
enforce?

A. Authentication
B. Availability
C. Integrity
D. Confidentiality
247. [Security Fundamentals] A 252. [Security Fundamentals] C

Which of the following statements accurately describes
due care?
A. It is the practice of implementing security policies
and procedures to protect resources.
B. Due care eliminates risk.
C. A company is not responsible for exercising due
care over PII.
D. Organizations cannot be sued if they fail to exercise
due care over resources such as customer data.
248. [Security Fundamentals]
Which of the following would a financial institution use
to validate an e-commerce transaction?
Your organization has implemented a least privilege
policy. Which of the following choices describes the
most likely result of this policy?
A. It adds multiple layers of security.
B. No single user has full control over any process.
C. Users can only access data they need to perform
their jobs.
D. It prevents users from denying they took an action.
253. [Security Fundamentals] D
A
Your organization wants to ensure that attackers are
unable to modify data within a database. What security
principle is the organization trying to enforce?

A. Nonrepudiation A. Accountability
B. Least privilege B. Availability
C. Authentication C. Confidentiality
D. Signature D. Integrity
249. [Security Fundamentals] A 254. [Security Fundamentals] D

Which one of the following concepts provides the Your organization wants to implement policies that will
strongest security? deter fraud by dividing job responsibilities. Which of
the following policies should they implement?
A. Defense in depth
B. Nonrepudiation A. Nonrepudiation
C. Security triad B. Least privilege
D. AAAs of security C. Defense in depth
D. Separation of duties
250. [Security Fundamentals] B
255. [Security Fundamentals] A
Who is responsible for ensuring that security controls
are in place to protect against the loss of You want to ensure that a system can identify
confidentiality integrity, or availability of their systems individual users track their activity, and log their
and data? actions. What does this provide?

A. IT administrators A. Accountability
B. System and information owners B. Availability
C. CFO C. Authentication
D. Everyone D. Authorization
251. [Security Fundamentals] C 256. [Security Operations] B

You are sending an e-mail to a business partner that A company wants to reduce the amount of space used
includes proprietary data. You want to ensure that the to store files used and shared by employees. What can
partner can access the data but that no one else can. it use to reduce the amount of storage space used?
What security principle should you apply?
A. Data loss prevention (DLP) systems
A. Authentication B. Deduplication
B. Availability C. Information rights management (IRM)
C. Confidentiality D. Retention policies
D. Integrity
257. [Security Operations] D 262. [Security Operations] C

An attacker has collected several pieces of unclassified Of the following choices, what is a primary task to
information to deduce a conclusion. What is this accomplish in the disposal phase of a system's life
called? cycle?

A. Data mining A. Migrate all data to other systems

B. Database normalization B. Delete all data
C. OLAP C. Remove data remnants from systems before
D. Data inference disposal
D. Back up all data to tape
258. [Security Operations] A
263. [Security Operations] B
An employee makes unauthorized changes to data as
he is entering it. What is this? Of the following choices, what is a tuple?

A. Data diddling A. A column in a database

B. Data entry B. A row in a database
C. Data inference C. A primary key
D. Data deduplication D. A foreign key
259. [Security Operations] A 264. [Security Operations] B

An organization is using a system development life Of the following choices, what type of data requires
cycle for the design of a system. When should the least amount of protection?
personnel first address security issues?
A. Confidential
A. During the initiation phase B. Public
B. During the development/acquisition phase C. Private
C. During the operations/maintenance phase D. Sensitive
D. During the disposal phase
265. [Security Operations] B
260. [Security Operations] C
The CEO of a publicly held company in the United
An organization wants to restrict risks associated with States is required to verify the accuracy of a company's
proprietary data transmitted over the network. What financial data. What requires this activity?
can it do in its data management policy to achieve this
objective? A. HIPAA
B. SOX
A. Restrict how long data is retained C. NIST SP 800-64
B. Specify how data is deleted from storage media D. NIST SP 800-37
C. Require the encryption of data in motion
266. [Security Operations] D
D. Require the encryption of data at rest
261. [Security Operations] A Users within an organization have recently sent
sensitive data outside the organization in e-mail
Information that can be used to distinguish or trace an attachments. Management believes this was an
individual's identity is also known as what? accident, but they want to prevent a recurrence. Which
of the following is the best method to do so?
A. PII
B. Tuple A. Implement a network-based intrusion prevention
C. Data inference system (IPS)
D. PHI B. Provide training to users
C. Ensure the data is marked appropriately
D. Implement a network-based data loss prevention
(DLP) system
267. [Security Operations] B 272. [Security Operations] B

Which of the following choices identifies a regulation Which of the following methods will reliably remove all
that mandates the protection of health-related data from a backup tape?
information?
A. Erasing
A. SOX B. Degaussing
B. HIPAA C. Diddling
C. Epsilon D. Sanitizing
D. PII
273. [Security Operations] D
268. [Security Operations] C
Which of the following provides the best
Which of the following EAL levels indicates a system confidentiality protection for data at rest?
was methodically designed, tested, and reviewed, and
is the level of assurance assigned to many commercial A. Marking it
operating systems? B. Labeling it
C. Backing it up
A. EAL0 D. Encrypting it
B. EAL1
274. [Security Operations] D
C. EAL4
D. EAL7
Who is responsible for classifying data?
269. [Security Operations] C
A. Management
Which of the following is an international standard that B. User
provides a framework to evaluate the security of IT C. Administrator
systems? D. Owner
275. [Security Operations] D
A. ITSEC
B. TCSEC
Within the U.S. government, who can formally approve
C. Common Criteria
a system for operation at a specific level of risk?
D. Orange book
270. [Security Operations] D A. Certification authority
B. NIST
Which of the following is a secure method of sanitizing C. Senator
optical media? D. Designated Approving Authority (DAA)

A. Degaussing
B. Overwriting
C. Shining
D. Destroying
271. [Security Operations] A

Which of the following is a virtual table and allows a

user access to a limited amount of data within a table?

A. View
B. Tuple
C. Row
D. Foreign key