Final

profilealozot
cis502_final.docx

Question 1

1.  

A security manager wishes to objectively measure the maturity of security processes in his organization. Which model should be used for this evaluation?

Answer

SSE-CMM

SEI-CMM

Common Criteria

TCSEC

2 points   

Question 2

1.  

The component in a computer where program instructions are executed is called the:

Answer

CPU

Bus

Front-side bus

Firmware

2 points   

Question 3

1.  

The innermost portion of an operating system is known as:

Answer

Kernel

Core

Ring 0

Process 0

2 points   

Question 4

1.  

DoD Information Assurance Certification and Accreditation Process (DIACAP):

Answer

Has been superseded by the Common Criteria

Is the process by which all U.S. federal information systems are certified and accredited

Has been superseded by DITSCAP (Department of Defense Information Technology Security Certification and Accreditation Process)

Is the process used to certify and accredit U.S. military information systems

2 points   

Question 5

1.  

The TCSEC system evaluation criteria is used to evaluate systems of what type:

Answer

E-Commerce

Public utilities

Banking

Military

2 points   

Question 6

1.  

A source code review uncovered the existence of instructions that permit the user to bypass security controls. What was discovered in the code review?

Answer

Feature

Bot

Logic bomb

Back door

2 points   

Question 7

1.  

The TCSEC system evaluation criteria is used to address:

Answer

Confidentiality of information

Preventive and detective controls

Penetration testing

Intrusion prevention systems

2 points   

Question 8

1.  

What is the purpose of the Software Engineering Institute Capability Maturity Model Integration (SEI CMMI)?

Answer

Objective assessment of the integrity of an organization’s application programs

Objective assessment of an organization’s systems engineering processes

Objective assessment of an organization’s business processes

Subjective assessment of an organization’s systems engineering processes

2 points   

Question 9

1.  

The purpose of a CPU fetch operation is:

Answer

To retrieve data from memory

To retrieve an instruction from memory

To retrieve data from the hard disk drive

To retrieve data from the program counter

2 points   

Question 10

1.  

The purpose of a fire extinguisher is:

Answer

The primary device used to fight accidental fires

The primary device to fight all fires until the fire department arrives

The primary device used to fight all fires

The primary device used to fight small fires

2 points   

Question 11

1.  

A security manager is concerned that lost key cards can be used by an intruder to gain entrance to a facility. What measure can be used to prevent this?

Answer

Implement PIN pads at card reader stations

Implement video surveillance at card reader stations

Implement man traps at card reader stations

Implement RFID sensors at card reader stations

2 points   

Question 12

1.  

Common biometric solutions that are suitable for building entrance control include:

Answer

Voice print and gait

Retina scan and hand print

Voice print and DNA

Fingerprint and hand print

2 points   

Question 13

1.  

A building access mechanism where only one person at a time may pass is called a:

Answer

Entrance trap

Step trap

Mantrap

Passtrap

2 points   

Question 14

1.  

A security-minded organization is relocating its business office into a shared-tenant building. How should the entrance of personnel be controlled?

Answer

One key card system that is jointly operated by all of the tenants

Separate key card systems that are operated by each tenant

Security guards to control who can enter the building

Video surveillance to monitor who enters the building

2 points   

Question 15

1.  

The type of smoke detector that is designed to detect smoke before it is visible is:

Answer

Ionization

Optical

Ultraviolet

Radioactive

2 points   

Question 16

1.  

A secure facility needs to control incoming vehicle traffic and be able to stop determined attacks. What control should be implemented:

Answer

Crash gate

Guard post

Turnstile

Bollards

2 points   

Question 17

1.  

The use of key cards to control physical access to a work facility is a form of:

Answer

Both preventive and administrative control

Detective control

Both preventive and detective control

Preventive control

2 points   

Question 18

1.  

A security manager wants to implement barriers that will block the passage of vehicles but freely allow foot traffic. The control that should be implemented is:

Answer

Turnstiles

Bollards

Crash gates

Low wall

2 points   

Question 19

1.  

All of the following statements about the polyalphabetic cipher are true EXCEPT:

Answer

It is a form of one-time pad

It is resistant to frequency analysis attacks

It uses multiple substitution alphabets

It is a type of substitution cipher

2 points   

Question 20

1.  

A security manager is searching for an encryption algorithm to be used to encrypt data files containing sensitive information. Which of the following algorithms should NOT be considered:

Answer

FISH

Twofish

Blowfish

CAST

2 points   

Question 21

1.  

A particular encryption algorithm transforms plaintext to ciphertext by XORing the plaintext with the encryption key. This is known as:

Answer

Electronic codebook

Cipher block chaining

Block cipher

Stream cipher

2 points   

Question 22

1.  

The purpose of digitally signing a message is to ensure:

Answer

Integrity of the message

Confidentiality of the message

Integrity of the sender

Confidentiality of the sender

2 points   

Question 23

1.  

A stream cipher encrypts data by XORing plaintext with the encryption key. How is the ciphertext converted back into plaintext?

Answer

XORing it with the encryption key

XORing it with the inverse of the encryption key

ANDing it with the encryption key

NANDing it with the encryption key

2 points   

Question 24

1.  

The encryption mode where ciphertext output from each encrypted plaintext block in the encryption used for the next block is known as:

Answer

Cipher feedback

Output feedback

Cipher block chaining

Electronic codebook

2 points   

Question 25

1.  

In an electronic codebook (ECB) cipher, each block of ciphertext:

Answer

Is used to encrypt the next block

Is used to encrypt the previous block

Is used to decrypt the next block

Is not used to encrypt the next block

2 points   

Question 26

1.  

Two parties that have never communicated before wish to send messages using asymmetric key cryptography. How should the parties begin?

Answer

The receiving party should send its private encryption key to the transmitting party.

The transmitting party should send its private encryption key to the receiving party.

The receiving party should send its public encryption key to the transmitting party.

The transmitting party should send its public encryption key to the receiving party.

2 points   

Question 27

1.  

The purpose of a password policy that locks an account after five unsuccessful login attempts is:

Answer

To prevent an intruder from carrying out a dictionary attack against a password

To prevent a second user from changing the password

To prevent someone from quickly cycling back to their familiar password

To prevent other individuals from logging in to the account

2 points   

Question 28

1.  

A security manager has instructed a system administrator to wipe files on a hard disk. This means that the administrator needs to:

Answer

Perform a low-level format on the hard disk

Use a degausser to re-align the magnetic storage material on the hard disk

Use a tool to overwrite files multiple times

Perform a high-level format on the hard disk

2 points   

Question 29

1.  

An organization’s data classification policy includes handling procedures for data at each level of sensitivity. The IT department backs up all data onto magnetic tape, resulting in tapes that contain data at all levels of sensitivity. How should these backup tapes be handled?

Answer

According to procedures for the lowest sensitivity level

According to procedures for the highest sensitivity level

According to procedures in between the lowest and highest sensitivity levels

Data handling procedures do not apply to backup media, only original media

2 points   

Question 30

1.  

What is the difference between split tunneling and inverse split tunneling:

Answer

Only inverse split tunneling can utilize a firewall

Only split tunneling can utilize a firewall

Split tunneling uses IPsec and SSL, while inverse split tunneling uses L2TP

In split tunneling, the default network is the LAN; in inverse split tunneling, the default network is the VPN

2 points   

Question 31

1.  

The purpose of a periodic review of user access rights is:

Answer

To check whether employees have logged in to the system

To check for active accounts that belong to terminated employees

To determine password quality and expiration

To determine whether access control systems still function properly

2 points   

Question 32

1.  

Why do the actions of system administrators need to be monitored more closely than other personnel?

Answer

Administrator actions can be more harmful and have a larger impact on the organization

Administrators are more likely to make mistakes

Administrators have access to all other users’ passwords

Administrative interfaces have fewer safeguards

2 points   

Question 33

1.  

An organization has received notice of a lawsuit related to activities in its operations department. How should the organization respond:

Answer

Cease all purging activities until further notice

Alter retention schedules and begin purging the oldest information

Purge all information older than timelines specified in its retention schedule

Hire an outside organization to perform all purging activities

2 points   

Question 34

1.  

The purpose of backups includes all of the following EXCEPT:

Answer

Software malfunctions

Human error

Hardware malfunctions

Cluster failovers

2 points   

Question 35

1.  

A forensics investigator has been asked to examine the workstation used by an employee who has been known to misbehave in the past. This investigation is related to more potential misconduct. What approach should the investigator take in this new investigation?

Answer

Approach this investigation objectively, without regard to the history of this employee’s conduct

Approach this investigation subjectively, given the history of this employee’s conduct

Assume the employee is guilty and search for evidence to support this

Assume the employee is innocent and search for evidence to refute this

2 points   

Question 36

1.  

A suspect has been forging credit cards with the purpose of stealing money from their owners through ATM withdrawals. Under which U.S. law is this suspect most likely to be prosecuted?

Answer

Computer Fraud and Abuse Act

Access Device Fraud

Computer Security Act

Sarbanes-Oxley Act

2 points   

Question 37

1.  

A case of employee misconduct that is the subject of a forensic investigation will likely result in a court proceeding. What should included in the forensic investigation:

Answer

Legible notes on all activities

Law enforcement investigation

Chain of custody for all evidence

Dual custody for all evidence

2 points   

Question 38

1.  

The purpose of the containment step in a security incident response plan is:

Answer

To prevent the spread of the incident

To recover the affected system to its pre-incident state

To isolate the system

To collect evidence for possible disciplinary action or prosecution

2 points   

Question 39

1.  

The (ISC)2 code of ethics includes all of the following EXCEPT:

Answer

Provide diligent and competent service to principals

Protect society and the infrastructure

Act honorably, honestly, justly, responsibly, and legally

Advance and protect the profession

2 points   

Question 40

1.  

Trademarks, copyrights, and patents are all a part of:

Answer

Intellectual property law

Civil law

Administrative law

Private property law

2 points   

Question 41

1.  

Which U.S. law gives law enforcement organizations greater powers to search telephone, e-mail, banking, and other records?

Answer

Patriot Act

Communications Assistance for Law Enforcement Act

Federal Information Security Management Act

Gramm-Leach-Bliley Act

2 points   

Question 42

1.  

The categories of laws in the U.S. are:

Answer

Civil, criminal, administrative, and family

Intellectual, privacy, and computer crime

Criminal, civil, and administrative

Criminal, civil, and family

2 points   

Question 43

1.  

A systems engineer has discovered that a web server supports only 56-bit SSL connections. What can the systems engineer deduce from this?

Answer

Web communications with this server are highly secure

The server does not support remote administration

Web communications with this server are not secure

The server is running the Windows operating system

2 points   

Question 44

1.  

Two computers are communicating on a wide area network over a UDP port. One computer is sending the contents of a large file to the other computer. Network congestion has caused some packets to be delayed. What will the TCP/IP network drivers do about the packet delay?

Answer

The receiving computer will request that the file transfer be restarted

The network drivers will assemble the packets into the proper order

The receiving computer will request the sending computer to re-transmit the delayed packets

Nothing

2 points   

Question 45

1.  

A computer has just been rebooted. An application program has started, and the application program needs to send an FTP packet to a server at IP address 10.14.250.200. What is the first packet that the computer will send on the network to accomplish this:

Answer

ARP

Whois

FTP

Rlogin

2 points   

Question 46

1.  

An organization is about to occupy an existing office building. The network manager has examined all of the network cabling and has observed that most of it has been labeled “Category 3”. What is the fastest network technology that can be used on this cabling?

Answer

10Mbit/s Ethernet

100Mbit/s Ethernet

1000Mbit/s Ethernet

10Gbit/s Ethernet

2 points   

Question 47

1.  

A stateful packet filtering firewall protects a web server. Which of the following is true:

Answer

The firewall will authenticate all users to the web server

The firewall will detect but not block application level attacks

The firewall will block application level attacks

The firewall will not block application level attacks

2 points   

Question 48

1.  

Digital subscriber line (DSL) service:

Answer

Utilizes existing cable service and communicates on a different frequency

Has been superseded by ISDN

Has been superseded by satellite communications

Utilizes existing telephone services and communicates on a different frequency

2 points   

Question 49

1.  

The size of packets in an ATM networks is:

Answer

53 bytes

1500 bytes

1544 bytes

Variable, from 64 to 1500 bytes

2 points   

Question 50

1.  

An IT manager wishes to connect several branch offices to the headquarters office for voice and data communications. What packet switched service should the IT manager consider?

Answer

ATM

DSL

MPLS

Frame Relay