Which of the following is an example of an internal threat?

A server back door allows an attacker on the internet to gain access to the intranet site.

A user accidentally deletes the new product designs.

A water pipe in the server room breaks.

A delivery man is able to walk into a controlled area and steal a laptop

A user accidentally deletes the new product designs.

What is the greatest threat to the confidentiality of data in most secure organizations?

Operator error
USB devices
Malware
Hacker-intrusion

USB devices

Which of the following is the correct definition of a threat?

Instance of exposure to losses from an attacker

The likelihood of an attack taking advantage of a vulnerability

Absence or weakness of a safeguard that could be exploited

Any potential danger to the confidentiality, integrity, or availability of information or systems

Any potential danger to the confidentiality, integrity, or availability of information or systems

Which of the following is an example of a vulnerability?

Virus infection

A misconfigured server

Denial of service attack

Unauthorized access to confidential resources

A misconfigured server

By definition, which security concept uses the ability to prove that a sender sent an encrypted message?

Privacy
Integrity
Non-repudiation
Authentication

Non-repudiation

Which of the following is not a valid concept to associate with integrity?

Prevent the unauthorized change of data

Ensure that your systems record the real information when collecting data

Control access to resources to prevent unwanted access

Protect your environment so it maintains the highest source of truth

Control access to resources to prevent unwanted access

Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government?

Hacktivist
Script kiddie
Insider
Nation-state
Competitor

Hacktivist

Which of the following is the best definition of the term hacker?

The most organized, well-funded, and dangerous type of threat actor.

A general term used to describe any individual who uses their technical knowledge to gain unauthorized access
to an organization.

A threat actor who lacks skills and sophistication but wants to impress their friends or garner attention.

A threat actor whose main goal is financial gain.

Any individual whose attacks are politically motivated.

A general term used to describe any individual who uses their technical knowledge to gain unauthorized access
to an organization.

The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal
includes the following:
• Create and follow onboarding and off-boarding procedures
• Employ the principle of least privilege
• Have appropriate physical security controls in place

Which type of threat actor do these steps guard against?
Script Kiddie
Insider
Competitor
Hacktivist

Insider

A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems.

What is the best defense against script kiddie attacks?

Implement email filtering systems.

Have appropriate physical security controls in place.

Properly secure and store data backups.

Build a comprehensive security approach that uses all aspects of threat prevention and protection.

Keep systems up-to-date and use standard security practices.

Keep systems up-to-date and use standard security practices.

Which of the following is a security approach that combines multiple security controls and defenses and is sometimes
called defense in depth?

Cumulative security
Perimeter security
Countermeasure security
Network security
Layered security

Layered security

Which of the following reduce the risk of a threat agent being able to exploit a vulnerability?

Implementation of VLANs
Countermeasures
manageable network plans
Secure data transmissions

Countermeasures

Which of the following is the single greatest threat to network security?

Email phishing
Weak passwords
Employees
Insecure physical access to network resources

Employees

Which type of media preparation is sufficient for media that will be reused in different security contexts within your
organization?

Formatting
Deletion
Sanitization
Destruction

Sanitization

Which of the following is an example of privilege escalation?

Mandatory vacations
Principle of least privilege
Separation of duties
Creeping privileges

Creeping privileges

Which security principle prevents any one administrator from having sufficient access to compromise the security of
the overall IT solution?

Separation of duties
Principle of least privilege
Dual administrator accounts
Need to know

Separation of duties

You assign access permissions so that users can only access the resources required to accomplish their specific work
tasks. Which security principle are you complying with?

Cross-training
Job rotation
Principle of least privilege
Need to know

Principle of least privilege

An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL
automatically prevents access to anyone who is not on the list?

Explicit allow
Explicit deny
Implicit deny
Implicit allow

Implicit deny

You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principle should you implement to accomplish this goal?

Mandatory vacations
Implicit deny
Separation of duties
Job rotation
Least privilege

Separation of duties

You are concerned that the accountant in your organization might have the chance to modify financial information and
steal from the company. You want to periodically have another person take over all accounting responsibilities to
catch any irregularities.

Which security principle are you implementing by periodically shifting accounting responsibilities?

Job rotation
Need to know
Separation of duties
Least privilege
Explicit deny

Job rotation

You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access.
Which of the following methods of access control will the access list use?

Implicit allow, explicit deny
Implicit allow, implicit deny
Explicit allow, explicit deny
Explicit allow, implicit deny

Explicit allow, implicit deny

Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?

Ownership
Clearance
Need to know
Least privilege
Separation of duties

Need to know

What is the primary purpose of separation of duties?

Increase the difficulty of performing administration

Grant a greater range of control to senior management

Inform managers that they are not trusted

Prevent conflicts of interest

Prevent conflicts of interest

Separation of duties is an example of which type of access control?

Preventive
Compensative
Detective
Corrective

Preventive

Need to know access is required to access which types of resources?

Low-security resources
high-security resources
Resources with unique ownership
Compartmentalized resources

Compartmentalized resources

When a cryptographic system is used to protect the data confidentiality, what actually takes place?

The data is protected from corruption or change

Unauthorized users are prevented from viewing or accessing the resource

Transmitting the encrypted data is prohibited

The data is available for access whenever authorized users need it

Unauthorized users are prevented from viewing or accessing the resource

Which type of cipher changes the position of the characters in a plain text message?

Block
Steam
Transposition
Substituion

Transposition

Which is the cryptography mechanism that hides secret communications within various forms of data?

Codes
Steganography
Polyinstantiation
Signals

Steganography

Which of the following is not a valid example of steganography?

Hiding text messages within graphical images
Microdots
Digital watermarking
Encrypting a data file with an encryption key

Encrypting a data file with an encryption key

Which of the following encryption methods combines a random value with plain text to produce ciphertext?

Steganography
One-time pad
Transposition
Elliptic curve

One-time pad

What is the cryptography method of recovering original data that has been encrypted without having access to the key
used in the encryption process?

Steganography
Ciphertext
Cryptanalysis
Algorithm

Cryptanalysis

Which of the following tools would you use to validate the bandwidth on your network and identify when the
bandwidth is significantly below what it should be?

Load tester
Protocol analyzer
Throughput tester
Packet sniffer

Throughput tester

You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation.

Which of the following must you configure in order to see all of the network traffic?

Configure the network interface to use port mirroring mode
Configure the network interface to use promiscuous mode
Configure the network interface to use protocol analysis mode
Configure the network interface to enable logging

Configure the network interface to use promiscuous mode

You want to examine the data on your network to find out if any of the following are happening:
• Users are connecting to unauthorized websites
• Cleartext passwords are allowed by protocols or services
• Unencrypted traffic that contains sensitive data is on the network

Which of the following tools would you use?

Protocol analyzer
System logging
Load tester
Throughput tester

Protocol analyzer

Which of the following tools would you use to simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email?

Protocol analyzer
Packet sniffer
Load tester
Throughput tester

Load tester

Which of the following accurately describes what a protocol analyzer is used for? (Select two.)

A device that can simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email.

A passive device that is used to copy frames and allow you to view frame contents.

A device that allows you to capture, modify, and retransmit frames (to perform an attack).

A device that does not allow you to capture, modify, and retransmit frames (to perform an attack).

A device that measures the amount of data that can be transferred through a network or processed by a device.

A passive device that is used to copy frames and allow you to view frame contents.

A device that does not allow you to capture, modify, and retransmit frames (to perform an attack).

After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?

Restore and repair any damage
Deploy new countermeasures
Update the security policy
Back up all logs and audits regarding the incident

Back up all logs and audits regarding the incident

Which of the following is an important aspect of evidence gathering?

Backing up all log files and audit trails
Restoring damaged data from backup media
Purging transaction logs
Monitoring user access to compromised systems

Backing up all log files and audit trails

During a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence?

See who is connected to the access point and attempt to find the attacker
Run a packet sniffer to monitor traffic to and from the access point
Disconnect the access point from the network
Connect to the access point and examine its logs for information

Disconnect the access point from the network

You have discovered a computer that is connected to your network and was used for an attack. You have disconnected the computer from the network to isolate it and stop the attack.

What should you do next?

Stop all running processes
Clone the hard drive
make a hash of the hard drive
Perform a memory dump

Perform a memory dump

You are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first?

remove the hard drive
Turn off the system
Document what's on the screen
Stop all running processes

Document what's on the screen

Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?

File directory listing
Hashing
Photographs
Serial number notation

Hashing

When duplicating a drive for forensic investigation purposes, which of the following copying methods is most appropriate?

File-by-file copying
Active sector cloning
Bit-level cloning
drive mirroring

Bit-level cloning

How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?

Write a log file to the media
Create a checksum using a hashing algorithm
Enable write protection
Reset the file attributes on the media to read-only

Create a checksum using a hashing algorithm

You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains.

What should you do first?

Fire the employee who uses the computer
Run forensic tools to examine the hard drive contents
Obtain a search warrant
Make a bit-level copy of the disk

Make a bit-level copy of the disk

What is the best definition of a security incident?

Interruption of productivity
Compromise of the CIA of resources
Violation of a security policy
criminal activity

Violation of a security policy

What is the most important element related to evidence in addition to the evidence itself?

Photographs of the crime scene
Completeness
Witness testimony
Chain of custody document

Chain of custody document

The chain of custody is used for which purposes?

Retaining evidence integrity
Detailing the timeline between creation and discovery of evidence
Identifying the owner of the evidence
Listing people coming into contact with evidence

Listing people coming into contact with evidence

You have been asked to draft a document related to evidence-gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?

CPS (certificate practice statement)
FIPS-140
Rules of evidence
Chain of custody

Chain of custody

Which of the following is defined as a contract that prescribes the technical support or business parameters a provider will bestow to its client?

Mutual aid agreement
Certificate practice statement
Service level agreement
Final audit report

Service level agreement

HIPAA is a set of federal regulations that define security guidelines. What do HIPAA guidelines protect?

Integrity
Privacy
Availability
Non-repudiation

Privacy

What is a service level agreement (SLA)?

A guarantee of a specific level of service
An agreement to support another company in the event of a disaster
A contract with an ISP for a specific level of bandwidth
A contract with a legal entity to limit your asset loss liability

A guarantee of a specific level of service

A Service Level Agreement (SLA) defines the relationship and contractual responsibilities of providers and service recipients. Which of the following characteristics are most important when designing an SLA? (Select two.)

Industry standard templates for all SLAs to ensure corporate compliance

Detailed provider responsibilities for all continuity and disaster recovery mechanisms.

Employee vetting procedures that don't apply to contract labor.

Clear and detailed descriptions of penalties if the level of service is not provided.

Detailed provider responsibilities for all continuity and disaster recovery mechanisms.

Clear and detailed descriptions of penalties if the level of service is not provided.

You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device?

Change management
Acceptable use
SLA
Resource allocation

Change management

When you inform an employee that they are being terminated, what is the most important activity?

Giving them two weeks' notice
Allowing them to collect their personal items
Disabling their network access
Allowing them to complete their current work projects

Disabling their network access

What is the most effective way to improve or enforce security in any environment?

Requiring two-factor authentication
Enforcing account lockout
Disabling Internet access
Providing user-awareness training

Providing user-awareness training

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs.

Which of the following methods should you use to best prevent data extraction from the discs?

Write junk data over the discs seven times
Shred the disks
Delete the data on the discs
Degauss the disks

Shred the disks

Which of the following best describes the concept of due care or due diligence?

Security through obscurity is best accomplished by port stealthing.

Reasonable precautions based on industry best practices are utilized and documented.

Legal disclaimers are constantly and conspicuously displayed on all systems.

Availability supersedes security unless physical harm is likely.

Reasonable precautions based on industry best practices are utilized and documented.

Which of the following is an example of a strong password?

Robert694
a8bT11$yi
at9iov45a
desktop#7

a8bT11$yi

Which of the following is a recommendation to use when a specific standard or procedure does not exist?

Baseline
Guideline
Procedure
Standard

Guideline

Which of the following is the best protection against security violations?

Defense-in-depth
Fortress mentality
Bottom-up decision-making
Monolithic security

Defense-in-depth

What is the primary purpose of source code escrow?

To obtain change rights over software after the vendor goes out of business

To provide a backup copy of the software to use for recovery in the event of a disaster

To obtain resale rights over software after the vendor goes out of business

To hold funds in reserve for unpredicted costs before paying the fees of the programmer

To obtain change rights over software after the vendor goes out of business

Change control should be used to oversee and manage changes over what aspect of an organization?

IT hardware and software
Physical environment
Every aspect
Personnel and policies

Every aspect

You have recently discovered that a network attack has compromised your database server. The attacker may have stolen customer credit card numbers. You have stopped the attack and implemented security measures to prevent the same incident from occurring in the future.
What else might you be legally required to do?

Contact your customers to let them know about the security breach
Perform additional investigations to identify the attacker
Delete personally identifiable information from your computers
Implement training for employees who handle personal information

Contact your customers to let them know about the security breach

Which of the following is not an appropriate response to a risk discovered during a risk analysis?
Acceptance
Assignment
Mitigation
Denial

Denial

Which of the following best defines Single Loss Expectancy (SLE)?

The total monetary loss associated with a single occurrence of a threat

The total cost of all countermeasures associated with protecting against a given vulnerability

The monetary value of a single employee's loss of productivity due to a successful attack

The statistical probability of a malicious event

The total monetary loss associated with a single occurrence of a threat

What is the average number of times that a specific risk is likely to be realized in a single year?

Annualized rate of occurrence
Annualized loss expectancy
Estimated maximum downtime
Exposure factor

Annualized rate of occurrence

Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called?

Exposure
Residual risk
Risk
Loss

Residual risk

Which of the following statements is true regarding risk analysis? (Select two.)

Exposure factor is the percent of the asset lost from an unsuccessful threat attack.

Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year.

The value of an asset is the worth of a resource to the organization excluding qualitative values.

Don't implement a countermeasure if the cost is greater than loss.

Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year.

Don't implement a countermeasure if the cost is greater than loss.

When would choosing to do nothing about an identified risk be acceptable?

When the threat is most likely to come from an internal source instead of an external source

When the threat is likely to occur less than once per year

When the asset is an intangible asset instead of a tangible asset

When the cost of protecting the asset is greater than the potential loss

When the cost of protecting the asset is greater than the potential loss

If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?

Negligence
Asset loss
Investigation
Liability

Negligence

You have conducted a risk analysis to protect a key company asset. You identify the following values:
• Asset value 400
• Exposure factor 75
• Annualized rate of occurrence .25

What is the Annualized Loss Expectancy (ALE)?

25
75
100
175
475

Asset value (AV) x exposure factor (EF) x Annualized Rate of Occurrence (ARO)

400 x 75% x .25 = 75

When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated?

Multiply the Single Loss Expectancy (SLE) by the Annual Loss Expectancy (ALE).

Through historical data provided by insurance companies and crime statistics.

Multiply the Single Loss Expectancy (SLE) by the standard annual deviation.

Divide the static variable by the probability index.

Through historical data provided by insurance companies and crime statistics.

Purchasing insurance is what type of response to risk?

Acceptance
Deployment of a countermeasure
Rejection
Transference

Transference

To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used?

Asset classification
Sensitivity vs. risk
Comparative
Delphi method

Delphi method

You have conducted a risk analysis to protect a key company asset. You identify the following values:
• Asset value 400
• Exposure factor 75
• Annualized Rate of Occurrence .25

What is the Single Loss Expectancy (SLE)?

100
300
475
30000

The Single Loss Expectancy (SLE) is the asset value (AV) multiplied by the exposure factor (EF), with the EF being a percentage of the asset value that is lost. In this example, SLE 400 x 75% 300.

Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies?

Network DLP
Chinese Wall
Endpoint DLP
File level DLP

Network DLP

Which type of data loss prevention system can be configured to block unauthorized email messages from being sent and, therefore, being subject to email retention rules?

File-Level DI-P
Cloud DLP
Endpoint DLP
Network DLP

Endpoint DLP

Which of the following is not an accepted countermeasure to strengthen a cryptosystem?

Implement long key spaces
Implement strong systems with redundant encipherment
Use strong passwords
Keep the cryptosystem a secret

Keep the cryptosystem a secret

When recovering from a disaster, which services should you stabilize first?

Mission-critical
Outside communications
Financial support
Least business-critical

Mission-critical

In business continuity planning, what is the primary focus of the scope?

Recovery time objective
Business processes
Company assets
Human life and safety

Business processes

What is the primary goal of business continuity planning?

Maintaining business operations with reduced or restricted infrastructure capabilities or resources

Protecting an organization from major computer services failure

Minimizing the organization's risk of service delays and interruptions

Minimize decision-making during the development process

Maintaining business operations with reduced or restricted infrastructure capabilities or resources

When is a BCP or DRP design and development actually completed?

Only after implementation and distribution
Never
Once senior management approves
Only after testing

Never

You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals.

Which type of BCP test is this considered?

Succession planning
Tabletop exercise
Medium exercise
Complex exercise

Tabletop exercise

You have recently been hired as the new network administrator for a startup company. The company's network was implemented
prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network plan for the network.
You have already completed the first and second milestones, in which documentation procedures were identified and the network was mapped. You are now working on the third milestone, identifying ways to protect the network

Which tasks should you complete as a part of this milestone? (Select two.)

Physically secure high-value systems
Apply critical patches whenever they are released
Create an approved application list for each network device
Identify and document each user on the network
Set account expiration dates

Physically secure high-value systems

Identify and document each user on the network

You have hired 10 new temporary workers who will be with the company for three months. You want to make sure that after that time the user accounts cannot be used for login.

What should you do?

Configure account lockout in Group Policy
Configure account expiration in the user accounts
Configure day/time restrictions in the user accounts
Configure account policies in Group Policy

Configure account expiration in the user accounts

As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same network segment as the human resources department.

Which of the following steps can be used to isolate these departments?

Move the sales department into the DMZ
Implement the principle of least privilege for the human resources department
Create a separate VLAN for each department
Identify the choke points in your network

Create a separate VLAN for each department

What is the primary countermeasure to social engineering?

Heavy management oversight
A written security policy
Traffic filters
Awareness

Awareness

How can an organization help prevent social engineering attacks? (Select two.)

Publish and enforce clearly-written security policies.
Educate employees on the risks and countermeasures.
Close all unneeded ports on firewalls.
Implement IPsec on all critical systems.

Publish and enforce clearly-written security policies.
Educate employees on the risks and countermeasures.

Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online entity that the victim trusts?

Adware
Phishing
Man-in-the-middle
Session hijacking

Phishing

Which of the following is a common social engineering attack?

Distributing hoax virus information emails
Distributing false information about your organization's financial status
Using a sniffer to capture network traffic
Logging on with stolen credentials

Distributing hoax virus information emails

You have just received a generic-looking email that is addressed as coming from the administrator of your company.
The email says that, as part of a system upgrade, you are to go to a website and enter your user name and password at a new website so you can manage your email and spam using the new service.

What should you do?

Delete the email.

Open a web browser and type the URL included in the email. Follow the directions to enter your login credentials.

Verify that the email was sent by the administrator and that this new service is legitimate.

Click on the link in the email and follow the directions to enter your login information.

Click on the link in the email and look for company graphics or information before entering the login information.

Verify that the email was sent by the administrator and that this new service is legitimate.

Dumpster diving is a low-tech way of gathering information that may be useful in gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?

Secure all terminals with screensaver passwords
Mandate the use of Integrated Windows Authentication
Establish and enforce a document destruction policy
Create a strong password policy

Establish and enforce a document destruction policy

Which of the following are examples of social engineering? (Select two.)

War dialing
Port scanning
Shoulder surfing
Dumpster diving

Shoulder surfing
Dumpster diving

Which of the following social engineering attacks use Voice over IP (VolP) to gain sensitive information?

Tailgating
Spear phishing
Masquerading
Vishing

Vishing

A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule.

Which type of attack best describes the scenario?

Masquerading
MAC spoofing
Whaling
Passive

Whaling

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and is requesting sensitive information. The individual is engaging in which type of social engineering?

Commitment
Social validation
Authority
Persuasive

Authority

You've just received an email message explaining that a new and serious malicious code threat is ravaging across the internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the WVindowsXSystem32 folder. As a countermeasure, the message suggests that you delete these three files from your system.

In response to this message, which action should you take first?

Delete the indicated files if present
Verify the information on well-known malicious code threat management websites
Distribute the message to everyone in your address book
Reboot the system
Perform a complete system backup

Verify the information on well-known malicious code threat management websites

What is the weakest point in an organization's security infrastructure?

Physical structure
Procedures
People
Technology

People

Which of the following is not a form of social engineering?

Impersonating a user by logging on with stolen credentials
Impersonating a manager over the phone
A virus hoax email message
Impersonating a utility repair technician

Impersonating a user by logging on with stolen credentials

What is another name for a back door that was accidentally left in a product by the manufacturer?

Security patch
Root kit
Maintenance hook
Trojan horse

Maintenance hook

Which of the following is an action that must take place during the release stage of the SDLC?

Certification, accreditation, and auditing are performed.

Vendors develop and release patches in response to exploited vulnerabilities that have been discovered.

Testing of the software for bugs.

The product goes into major production and is developed by programmers.

Vendors develop and release patches in response to exploited vulnerabilities that have been discovered.

Which of the following program writing development modes is a method that allows for optimal control over coherence, security, accuracy, and comprehensibility?

Waterfall planning
Object-oriented programming
Clean room
Structured programming

Structured programming

How often should change control management be implemented?

At regular intervals throughout the year.
Only when a production system is altered greatly.
Only when changes are made that affect senior management.
Any time a production system is altered.

Any time a production system is altered.

In which phase of the system life cycle is security integrated into the product?

Project initiation
Installation
Software development
Maintenance

Project initiation

In which phase of the system life cycle is software testing performed? (Choose Two)

Installation
System design specifications
Software development and coding
Functional design analysis and planning

Installation

Software development and coding

What is the primary purpose of imposing software lifecycle management concepts?

Increase the quality of software
Decrease development overhead
Reduce product returns
Increase interoperability

Increase the quality of software

What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year?

To prevent the buildup of significant vacation time
To cut costs on travel
To check for evidence of fraud
To test their knowledge of security

To check for evidence of fraud

A code of ethics does all but which of the following?

Establishes a baseline for managing complex situations
Serves as a reference for the creation of acceptable use policies
Clearly defines courses of action to take when a complex issue is encountered
Improves the professionalism of your organization as well as your profession

Clearly defines courses of action to take when a complex issue is encountered

Which of the following are typically associated with human resource security policies? (Select two.)

Background checks
SLA
Termination
Change management
Password policies

Background checks
Termination

Which of the following is not part of security awareness training?

Familiarize employees with the security policy
Communicate standards, procedures, and baselines that apply to the employee's job
Employee agreement documents
Establish reporting procedures for suspected security violations

Employee agreement documents

Over the last month, you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment?

Terminate all offenders
Reduce all employee permissions and privileges
Initiate stronger auditing
Improve and hold new awareness sessions

Improve and hold new awareness sessions

As you help a user with a computer problem, you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required:
• Minimum password length 10
• Minimum password age 4
• Maximum password age 30
• Password history 6
• Require complex passwords that include numbers and symbols
• Account lockout clipping level 3

Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down?

Remove the complex password requirement
Decrease the minimum password length
Implement end-user training
Increase the account lockout clipping level
Increase the maximum password age

Implement end-user training

You have installed antivirus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she installed some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it.

What should you add to your security measures to help prevent this from happening again?

User awareness training
Close unused firewall ports
Proxy server
Account lockout

User awareness training

Which of the following defines two-man control?

Certain tasks should be dual-custody in nature to prevent a security breach.

An employee is granted the minimum privileges required to perform the position's duties.

A situation in which multiple employees conspire to commit fraud or theft.

For any task in which vulnerabilities exist, steps within the tasks are assigned to different positions with different management.

Certain tasks should be dual-custody in nature to prevent a security breach.

Which of the following is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information?

Acceptable use agreement
Non-compete agreement
Employee monitoring agreement
Non-disclosure agreement

Non-disclosure agreement

Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept?

Security policy authors may never fraternize with system administration personnel

Every change to the default system image requires concurrent processing by multiple domain controllers.

Only the security officer can implement new border router rule sets.

The system administrator configures remote access privileges and the security officer reviews and activates each account.

The system administrator configures remote access privileges and the security officer reviews and activates each account.

Which of the following is not a protection against collusion?

Principle of least privilege
Separation of duties
Cross-training
Two-man control

Cross-training

Which of the following is not an element of the termination process?

Disable all network access
Return company property
Exit interview
Dissolution of the NDA

Dissolution of the NDA

When you inform an employee that they are being terminated, what is the most important activity?

Disable their network access
Allow them to complete their current work projects
Give them two week s notice
Allow them to collect their personal items

Disable their network access

The best way to initiate solid administrative control over an organization's employees .s to have what element in place?

Mandatory vacations in one-week increments
Rotation of duties
Distinct job descriptions
An acceptable use policy

Distinct job descriptions

A smart phone was lost at the airport. There is no way to recover the device. Which if the following will ensure data confidentiality on the device?

TPM
Remote wipe
Screen lock
GPS

Remote wipe

Which of the following are not reasons to remote wipe a mobile device?

The device is inactive for a period of time.
The device is stolen or lost.
The device is locked and someone has entered multiple incorrect passwords or PINs.
The device is being assigned to another user

The device is inactive for a period of time.

Which of the following mobile device security considerations disables the ability to use the device after a short period of inactivity?

Screen lock
TPM
GPS
Remote wipe

Screen lock

Over the last several years, the use of mobile devices within your organization has increased dramatically. Unfortunately, many department heads circumvented your information systems procurement policies and directly purchased tablets and smartphones for their employees without authorization. As a result, there is a proliferation of devices within your organization without accountability. You need to get things under control and begin tracking your organization's devices.

How should you do this?

Join the devices to your organization's domain.

Implement a mobile endpoint management (MEM) solution.

Apply security-related Group Policy settings to the devices using a Group Policy object.

Require users to sign an acceptable use policy before allowing them to use mobile devices for work-related tasks.

Implement a mobile endpoint management (MEM) solution.

Your organization has recently purchased 20 tablet devices for the Human Resource department to use for training sessions. You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible.

Which actions should you take? (Select two)

Install the devices in your organization's directory services tree.

Configure a Group Policy object (GPO) containing mobile device-specific security settings.

Enable device encryption.

Implement storage segmentation.

Enable device encryption.

Implement storage segmentation

Your organization entered into an Interoperability Agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain. The partnership has been in the ongoing operations phase for almost nine months now.

As a security administrator, which tasks should you complete during this phase? (Select two.)

Verify compliance with the IA documents

Disable user and groups accounts used by the partner organization to access your organization's data

Conduct periodic vulnerability assessments

Draft an MOU document

Negotiate the BPO agreement

Verify compliance with the IA documents
Conduct periodic vulnerability assessments

Your organization is in the process of negotiating an Interoperability Agreement (IA) with another organization. As a part of this agreement, the partner organization proposes that a federated trust be established between your domain and their domain. This configuration will allow users in their domain to access resources in your domain and Vice versa.

As a security administrator, which tasks should you complete during this phase? (Select two.)

Reset all passwords used by the third party to access data or applications on your network.

Conduct security audits on the partner organization.

Identify how data will be shared.

Identify how data ownership will be determined.

Verify compliance with the IA documents.

Identify how data will be shared.

Identify how data ownership will be determined.

Your company is preparing to enter into a partner relationship with another organization. It will be necessary for the information systems used by each organization to connect and integrate with each other.

Which of the following is of primary importance as you take steps to enter into this partner relationship?

Ensure that all aspects of the relationship are agreed upon in writing

Ensure that both organizations have similar incident response procedures

Ensure that the integration process maintains the security of each organization's network

Ensure that the integration process maintains the security of each organization's network

You are about to enter your office building through a back entrance. A man dressed as a plumber asks you to let him in so he can fix the restroom.

What should you do?

Let him in and help him find the restroom, then let him work.
Let him in.
Tell him no and quickly close the door.
Direct him to the front entrance and instruct him to check in with the receptionist.

Direct him to the front entrance and instruct him to check in with the receptionist.

Which of the following are solutions that address physical security? (Select two.)

Escort visitors at all times
Disable guest accounts on computers
Implement complex passwords
Scan all floppy disks before use
Require identification and name badges for all employees

Escort visitors at all times

Require identification and name badges for all employees

Which of the following is not an example of a physical barrier access control mechanism?

Biometric locks
Mantrap
One-time passwords
Fences

One-time passwords

Which of the following can be used to stop piggybacking at a front entrance where employees should swipe smart cards to gain entry?

Use key locks rather than electronic locks
Deploy a mantrap
Use weight scales
Install security cameras

Deploy a mantrap

Which option is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment while actively preventing re-entrance through the exit portal?

Turnstiles
Egress mantraps
Locked doors with interior unlock push bars
Electronic access control doors

Turnstiles

What is the primary benefit of CCTV?

Expand the area visible by security guards
Provide a corrective control
Reduce the need for locks and sensors on doors
Increase security protection throughout an environment

Expand the area visible by security guards

You want to use CCTV to increase your physical security. You want the ability to remotely control the camera position.

Which camera type should you choose?

C-mount
PTZ
Dome
Bullet

PTZ

You want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions?

400 resolution, 10mm, .05 LUX
400 resolution, 10mm, 2 LUX
500 resolution, 50mm, 2 LUX
500 resolution, 50mm, .05 LUX

When you select cameras, be aware of the following characteristics:
• The resolution is rated in the number of lines included in the image. In general, the higher the resolution, the sharper the image.
• The focal length measures the magnification power of a lens. The focal length controls the distance that the camera can see, as well as how much detail can be seen at a specific range. A higher focal length lets you see more detail at a greater distance.
• LUX is a measure of the sensitivity to light. The lower the number, the less light is necessary for a clear
Image.

500 resolution, 50mm, .05 LUX

When you select cameras, be aware of the following characteristics:
• The resolution is rated in the number of lines included in the image. In general, the higher the resolution, the sharper the image.
• The focal length measures the magnification power of a lens. The focal length controls the distance that the camera can see, as well as how much detail can be seen at a specific range. A higher focal length lets you see more detail at a greater distance.
• LUX is a measure of the sensitivity to light. The lower the number, the less light is necessary for a clear
Image.

Which of the following CCTV camera types lets you adjust the distance that the camera can see (in other words, zoom in or out)?

Varifocal
Fixed
C-mount
Infrared

Varifocal

Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry? (Select two.)

Anti-passback system
Mantrap
Double-entry door
Turnstile
PTZ CCTV

Double-entry door
Turnstile

Which of the following controls is an example of a physical access control method?

Locks on doors
Passwords
Access control lists with permissions
Hiring background checks
Smart cards

Locks on doors

Which of the following is the most important thing to do to prevent console access to the router?

Set console and enable secret passwords
Implement an access list to prevent console connections
Disconnect the console cable when not in use
Keep the router in a locked room

Keep the router in a locked room

• When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock.
• The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet.
• She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media.
• You notice that the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace.
• You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks.

Which security-related recommendations should you make to this client? (Select two.)

Use separate dedicated network perimeter security devices instead of an all-in-one device
Replace the key lock on the server closet with a card reader
Relocate the switch to the locked server closet
Control access to the work area with locking doors and card readers
Replace the USB hard disks used for server backups with a tape drive

• Relocate the switch to the locked server closet. Keeping it in a cubicle could allow an attacker to configure port mirroring on the switch and capture network traffic.
• Control access to the work area with locking doors and card readers. Controlling access to the building is critical to prevent unauthorized people from gaining access to computers.

• When you enter the facility, a receptionist greets you and escorts you through a locked door to the work area, where the office manager sits.
• The office manager informs you that the organization's servers are kept in a locked closet. An access card is required to enter the server closet.
• She informs you that server backups are configured to run each night. A rotation of tapes is used as the backup media.
• You notice the organization's network switch is kept in the server closet.
• You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks.
• The office manager informs you that her desktop system will no longer boot and asks you to repair or replace it, recovering as much data as possible in the process. You take the workstation back to your office to work on it.

What security-related recommendations should you make to this client?

Replace the tape drive used for backups with external USB hard disks.
Keep the network infrastructure devices (switch and all-in-one device) in a locked room separate from network servers.
Implement a hardware checkout policy.
Upgrade the server closet lock to a biometric authentication system.

Implement a hardware checkout policy.

A malicious user in your organization was able to use the Trinity Rescue Kit to change the password on a department manager's computer in the finance department. The user was able to copy data containing bank account information and social security numbers. The user then destroyed the data by resetting the computer. The department manager was at lunch at the time and had enabled the lock screen to require a password to gain access to the computer.

Which additional measure should the manager have taken to prevent data theft?

The data should have been backed up so it could be restored after it was destroyed.
The computer should have been kept in a physically secure location.
The computer should have been bolted to the desk.
The sensitive data on the computer should have been encrypted

The computer should have been kept in a physically secure location.

An attacker is using an eavesdropping technique called Van Eck phreaking on a networking closet.

Which of the following describes what the attacker is doing?

Collecting electronic emissions
Connecting to an open Ethernet port
Capturing data transmissions
Connecting to an open switch port

Collecting electronic emissions

Van Eck phreaking.

A Faraday cage can be used to prevent this type of attack.

Your networking closet contains your network routers, switches, bridges, and some servers. You want to make sure an attacker is not able to gain physical access to the equipment in the networking closet and prevent anyone from reconfiguring the network to set up remote access or backdoor access.

Which of the following measures are the best way to secure your networking equipment from unauthorized physical access? (Select two)

Place your networking equipment in a locked cage.
Place your networking equipment in a Van Eck cage.
Place your networking equipment in a room that requires key card entry.
Place your networking equipment in a TEMPEST cage.

Place your networking equipment in a locked cage.

Place your networking equipment in a room that requires key card entry.

One of the ways attackers can access unencrypted data being transmitted on your network is by collecting electronic em.ssions that come from your networking closet or Ethernet cables.

Which of the following is NOT a good solution to this problem?

User ethernet port locking devices
Configure all data transmissions to be encrypted
Place your network closet inside a Faraday cage
Employing a protective distribution system, or PDS

Configure all data transmissions to be encrypted

Physical security is an obvious requirement for network security, but it is often easy to overlook or forget to plan for it.

Which of the following is NOT a benefit of physical security?

Employee passwords are stronger.
Terrorists cannot walk in off the street and change the network configuration.
Network resources are safer from natural disasters.
Untrained employees cannot misuse equipment.
Sensitive data is protected from unauthorized access.

Employee passwords are stronger.

To keep your data center safe, you have done the following:
• Restricted physical access to employees who strictly need to get in the data center.
• Required employees to enter a password using a pin pad to enter the data center.
• Deployed a Faraday cage to keep sensitive network devices safe from external electrical fields.

Which of the following measures will NOT improve physical security in the data center?

Place all servers in secured cabinets.
Set up video surveillance in the data center.
Implement a checkout policy.
Grant employee access to hardware on a need to know basis.

Implement a checkout policy.

You walk by the server room and notice that a fire has started. What should you do first?

Grab a fire extinguisher and try to put out the fire.
Call the fire department.
Make sure everyone has cleared the area.
Turn on the overhead sprinklers.

Make sure everyone has cleared the area.

Which of the following fire extinguisher types is best used for the electrical fires that might result when working with computer components?

Class A
Class B
Class C
Class D

Class C

Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components?

Dry powder
Water-based
Carbon dioxide (C02)
Soda acid

Carbon dioxide (C02)

Which of the following fire extinguisher types poses a safety risk to users in the area? (Select two.)

Water
Halon
Foam
C02

Halon

C02

What is the recommended humidity level for server rooms?

10% or lower
30%
50%
70% or higher

50%

Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees.

What should you do to help reduce problems?

Add a de-humidifier to the server room
Add line conditioners in the server room
Add a hum-cffier to the server room
Add a separate A/C unit in the server room

Add a separate A/C unit in the server room

You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting network availability.

Which of the following should you implement?

Line conditioner
Positive pressure system
Backup generator
Negative pressure system
UPS

Positive pressure system

- air to be forced out through doors and windows

Which of the following statements about ESD is NOT correct?

One of the greatest threats to computer equipment is ESD.

ESD is much more likely to occur when the relative humidity is above 50%.

Measuring the moisture content in the air can be helpful in avoiding ESD.

ESD damage is more likely to occur in low humidity

ESD is much more likely to occur when the relative humidity is above 50%.