A.  

Pre Initialization Phase

B.  

Phase 1

C.  

Phase 2

D.  

No peer authentication is performed

A.  

Private / Public

B.  

Public / Private

C.  

Symmetric / Asymmetric

D.  

Private / Symmetric

A.  

The key sizes must be a multiple of 32 bits

B.  

Maximum block size is 256 bits

C.  

Maximum key size is 512 bits

D.  

The key size does not have to match the block size

A.  

A message that is encrypted and signed with a digital certificate.

B.  

A message that is signed with a secret key and encrypted with the sender's private key.

C.  

A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.

D.  

A message that is encrypted with the recipient's public key and signed with the sender's private key.

A.  

Message Authentication Code - MAC

B.  

PAM - Pluggable Authentication Module

C.  

NAM - Negative Acknowledgement Message

D.  

Digital Signature Certificate

A.  

the ciphertext and the key

B.  

the plaintext and the secret key

C.  

both the plaintext and the associated ciphertext of several messages

D.  

the plaintext and the algorithm

A.  

Degaussing magnetic tapes when they're no longer needed.

B.  

Deleting files on disk before reusing the space.

C.  

Clearing memory blocks before they are allocated to a program or data.

D.  

Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.

A.  

Storage and timing.

B.  

Storage and low bits.

C.  

Storage and permissions.

D.  

Storage and classification.

A.  

Full backup method

B.  

Incremental backup method

C.  

Fast backup method

D.  

Differential backup method

A.  

the rapid recovery of mission-critical business operations

B.  

the continuation of critical business functions

C.  

the monitoring of threat activity for adjustment of technical controls

D.  

the reduction of the impact of a disaster

A.  

Human

B.  

Natural

C.  

Technological

D.  

Hackers

A.  

Is damaged media stored and/or destroyed?

B.  

Are the backup storage site and alternate site geographically far enough from the primary site?

C.  

Is there an up-to-date copy of the plan stored securely off-site?

D.  

Is the location of stored backups identified?

A.  

Steganography

B.  

Digital watermarking

C.  

Digital enveloping

D.  

Digital signature

A.  

Data fiddling

B.  

Data diddling

C.  

Salami techniques

D.  

Trojan horses

A.  

Chosen-Ciphertext attack

B.  

Ciphertext-only attack

C.  

Plaintext Only Attack

D.  

Adaptive-Chosen-Plaintext attack

A.  

64 bits

B.  

128 bits

C.  

160 bits

D.  

192 bits

A.  

Cipher block chaining

B.  

Electronic code book

C.  

Input feedback

D.  

Cipher feedback

A.  

Asymmetric Key.

B.  

Symmetric Key.

C.  

Secret Key.

D.  

Private Key.

A.  

The more a key is used, the shorter its lifetime should be.

B.  

When not using the full keyspace, the key should be extremely random.

C.  

Keys should be backed up or escrowed in case of emergencies.

D.  

A key's lifetime should correspond with the sensitivity of the data it is protecting.

A.  

Distinguished name of the subject

B.  

Telephone number of the department

C.  

secret key of the issuing CA

D.  

the key pair of the certificate holder

A.  

40 bits

B.  

56 bits

C.  

64 bits

D.  

80 bits

A.  

Role-based access control

B.  

Discretionary access control

C.  

Non-discretionary access control

D.  

Mandatory access control

A.  

manage without passwords

B.  

biometrics

C.  

not there

D.  

use of them for physical access control

A.  

Consistency and utility

B.  

Reliability and utility

C.  

Usefulness and utility

D.  

Convenience and utility

A.  

ISDN

B.  

SLIP

C.  

xDSL

D.  

T1

A.  

Logon Banners

B.  

Wall poster

C.  

Employee Handbook

D.  

Written agreement

A.  

Increased system sensitivity can cause a higher false rejection rate

B.  

The crossover error rate is the point at which false rejection rate equals the false acceptance rate.

C.  

False acceptance rate is also known as Type II error.

D.  

Biometrics are based on the Type 2 authentication mechanism.

A.  

Because of the least privilege concept.

B.  

Because they cannot be accessed by operators.

C.  

Because they may contain credentials.

D.  

Because of the need-to-know concept.

A.  

Authentication server and PIN codes.

B.  

Authentication of clients and static passwords generation.

C.  

Authentication of clients and dynamic passwords generation.

D.  

Authentication server as well as support for Static and Dynamic passwords.

A.  

TCP

B.  

SSL

C.  

UDP

D.  

SSH

A.  

These factors include the enrollment time and the throughput rate, but not acceptability.

B.  

These factors do not include the enrollment time, the throughput rate, and acceptability.

C.  

These factors include the enrollment time, the throughput rate, and acceptability.

D.  

These factors include the enrollment time, but not the throughput rate, neither the acceptability.

A.  

TCP

B.  

SSL

C.  

UDP

D.  

SSH

A.  

Web Applications

B.  

Intrusion Detection Systems

C.  

Firewalls

D.  

DNS Servers

A.  

Stealth viruses

B.  

Polymorphic viruses

C.  

Trojan horses

D.  

Logic bombs

A.  

Boot Sector

B.  

Parasitic

C.  

Stealth

D.  

Polymorphic

A.  

Object-oriented.

B.  

Distributed.

C.  

Architecture Specific.

D.  

Multithreaded.

A.  

Help the community in securing their networks.

B.  

Seeing how far their skills will take them.

C.  

Getting recognition for their actions.

D.  

Gaining Money or Financial Gains.

A.  

They are both denial-of-service (DOS) attacks.

B.  

They have nothing in common.

C.  

They are both masquerading attacks.

D.  

They are both social engineering attacks.

A.  

IP spoofing

B.  

Password sniffing

C.  

Data diddling

D.  

Denial of service (DOS)

A.  

Black hats

B.  

White hats

C.  

Script kiddies

D.  

Phreakers

A.  

Not possible

B.  

Only possible with key recovery scheme of all user keys

C.  

It is possible only if X509 Version 3 certificates are used

D.  

It is possible only by "brute force" decryption

A.  

virus

B.  

worm

C.  

Trojan horse.

D.  

trapdoor

A.  

Worm

B.  

Rootkit

C.  

Adware

D.  

Logic Bomb

A.  

project initiation and planning phase

B.  

system design specification phase

C.  

development & documentation phase

D.  

acceptance phase

A.  

Very-Long Instruction-Word Processor (VLIW)

B.  

Complex-Instruction-Set-Computer (CISC)

C.  

Reduced-Instruction-Set-Computer (RISC)

D.  

Super Scalar Processor Architecture (SCPA)

A.  

Who is involved in establishing the security policy?

B.  

Where is the organization's security policy defined?

C.  

What are the actions that need to be performed in case of a disaster?

D.  

Who is responsible for monitoring compliance to the organization's security policy?

A.  

Standards

B.  

Guidelines

C.  

Procedures

D.  

Baselines

A.  

closure

B.  

disclosure

C.  

disposal

D.  

disaster

A.  

System functions are layered, and none of the functions in a given layer can access data outside that layer.

B.  

Auditing processes and their memory addresses cannot be accessed by user processes.

C.  

Only security processes are allowed to write to ring zero memory.

D.  

It is a form of strong encryption cipher.

A.  

IS security specialists

B.  

Senior Management

C.  

Senior security analysts

D.  

systems Auditors

A.  

Standards

B.  

Policies

C.  

Guidelines

D.  

Procedures

A.  

Session layer

B.  

Physical layer

C.  

Network layer

D.  

Transport layer

A.  

Physical layer

B.  

Network layer

C.  

Data link layer

D.  

Session layer

A.  

Network Address Translation

B.  

Network Address Hijacking

C.  

Network Address Supernetting

D.  

Network Address Sniffing

A.  

Transport layer

B.  

Session layer

C.  

Data link layer

D.  

Network layer

A.  

RPC

B.  

IGMP

C.  

LPD

D.  

SPX

A.  

A list of IP addresses and corresponding MAC addresses.

B.  

A list of station and network addresses with corresponding gateway IP address.

C.  

A list of host names and corresponding IP addresses.

D.  

A list of current network interfaces on which IP routing is enabled.

A.  

Ethernet Segment.

B.  

Ethernet Datagram.

C.  

Ethernet Frame.

D.  

Ethernet Packet.

A.  

Transmission control protocol (TCP)

B.  

User datagram protocol (UDP)

C.  

Internet protocol (IP)

D.  

Internet control message protocol (ICMP)

A.  

delegation

B.  

distribution

C.  

documentation

D.  

destruction

A.  

Security Testing.

B.  

Design Verification.

C.  

System Integrity.

D.  

System Architecture Specification.

A.  

People

B.  

Software

C.  

Communications

D.  

Hardware

A.  

Outside espionage

B.  

Hackers

C.  

Personnel

D.  

Equipment failure

A.  

pipelining

B.  

complex-instruction-set-computer (CISC)

C.  

reduced-instruction-set-computer (RISC)

D.  

multitasking

A.  

Value

B.  

Age

C.  

Useful life

D.  

Personal association

A.  

employee's attitudes and behaviors towards enterprise's security posture

B.  

management's approach towards enterprise's security posture

C.  

attitudes of employees with sensitive data

D.  

corporate attitudes about safeguarding data

A.  

backup and recovery

B.  

Auditing

C.  

contingency planning

D.  

operations procedures

A.  

system maintenance.

B.  

system stability.

C.  

system operations.

D.  

system tracking.

A.  

security administrator

B.  

security analyst

C.  

systems auditor

D.  

systems programmer

A.  

Motherboard

B.  

Central Processing Unit (CPU

C.  

Storage Devices

D.  

Peripherals (input/output devices)

A.  

The system is optimized prior to the addition of security.

B.  

The system is procured off-the-shelf.

C.  

The system is customized to meet the specific security threat.

D.  

The system is originally designed to provide the necessary security.

A.  

Prevention of the modification of information by unauthorized users.

B.  

Prevention of the unauthorized or unintentional modification of information by authorized users.

C.  

Preservation of the internal and external consistency.

D.  

Prevention of the modification of information by authorized users.

A.  

On each of the critical hosts

B.  

decentralized hosts

C.  

central hosts

D.  

bastion hosts

A.  

Security policy being outdated

B.  

Data owners not laying out the foundation of data protection

C.  

Network administrator not taking mandatory two-week vacation as planned

D.  

Latest security patches for servers being installed as per the Patch Management process

A.  

Statistical Anomaly-Based ID

B.  

Signature-Based ID

C.  

dynamical anomaly-based ID

D.  

inferential anomaly-based ID

A.  

Compare source code, looking for events or sets of events that could cause damage to a system or network.

B.  

Compare system activity for the behaviour patterns of new attacks.

C.  

Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack.

D.  

Compare network nodes looking for objects or sets of objects that match a predefined pattern of objects that may describe a known attack.

A.  

signature-based IDS

B.  

statistical anomaly-based IDS

C.  

event-based IDS

D.  

inferent-based IDS

A.  

Server-based and Host-based.

B.  

Network-based and Guest-based.

C.  

Network-based and Client-based.

D.  

Network-based and Host-based.

A.  

Conformity with the concept of least privilege.

B.  

Whether active accounts are still being used.

C.  

Strength of user-chosen passwords.

D.  

Whether management authorizations are up-to-date.

A.  

l0phtcrack

B.  

Tripwire

C.  

OphCrack

D.  

John the Ripper

A.  

Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred.

B.  

Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant.

C.  

Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status.

D.  

Clipping levels enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations.

A.  

A HIDS does not consume large amounts of system resources

B.  

A HIDS can analyse system logs, processes and resources

C.  

A HIDS looks for unauthorized changes to the system

D.  

A HIDS can notify system administrators when unusual events are identified

A.  

Commonly reside on a discrete network segment and monitor the traffic on that network segment.

B.  

Commonly will not reside on a discrete network segment and monitor the traffic on that network segment.

C.  

Commonly reside on a discrete network segment and does not monitor the traffic on that network segment.

D.  

Commonly reside on a host and and monitor the traffic on that specific host.

A.  

network-based IDS

B.  

host-based IDS

C.  

application-based IDS

D.  

firewall-based IDS

A.  

Nessus

B.  

Saint

C.  

Tripwire

D.  

Nmap

A.  

Complexity

B.  

Non-transparency

C.  

Transparency

D.  

Simplicity

A.  

Does the audit trail provide a trace of user actions?

B.  

Are incidents monitored and tracked until resolved?

C.  

Is access to online logs strictly controlled?

D.  

Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

A.  

Detection of denial of service

B.  

Detection of all viruses

C.  

Detection of data corruption

D.  

Detection of all password guessing attacks

A.  

Access control lists

B.  

Security labels

C.  

Audit trails

D.  

Information security policies

A.  

Network-based IDSs are not vulnerable to attacks.

B.  

Network-based IDSs are well suited for modern switch-based networks.

C.  

Most network-based IDSs can automatically indicate whether or not an attack was successful.

D.  

The deployment of network-based IDSs has little impact upon an existing network.

A.  

Only previously identified attack signatures are detected.

B.  

Signature databases must be augmented with inferential elements.

C.  

It runs only on the windows operating system

D.  

Hackers can circumvent signature evaluations.

A.  

To lure hackers into attacking unused systems

B.  

To entrap and track down possible hackers

C.  

To set up a sacrificial lamb on the network

D.  

To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.

A.  

An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services.

B.  

Testing should be done remotely to simulate external threats.

C.  

Ethical hacking should not involve writing to or modifying the target systems negatively.

D.  

Ethical hackers never use tools that have the potential of affecting servers or services.

A.  

audit trails.

B.  

access control lists.

C.  

security clearances

D.  

host-based authentication

A.  

Intrusion Detection System

B.  

Compliance Validation System

C.  

Intrusion Management System (IMS)

D.  

Compliance Monitoring System

A.  

Direct evidence

B.  

Circumstantial evidence

C.  

Hearsay evidence

D.  

Secondary evidence

A.  

Quantative loss assessment

B.  

Qualitative loss assessment

C.  

Formal approval of BCP scope and initiation document

D.  

Defining critical support areas

A.  

Much of the data gathered during the review cannot be reused for subsequent analysis.

B.  

Automated methodologies require minimal training and knowledge of risk analysis.

C.  

Most software tools have user interfaces that are easy to use and does not require any training.

D.  

Information gathering would be minimized and expedited due to the amount of information already built into the tool.

A.  

Recovery

B.  

Containment

C.  

Triage

D.  

Analysis and tracking

A.  

It is implemented to gather input from all personnel that is going to be part of the recovery teams.

B.  

The purpose of the survey must be clearly stated.

C.  

Management's approval should be obtained before distributing the survey.

D.  

Its intent is to find out what services and systems are critical to keeping the organization in business.

A.  

All areas of the enterprise.

B.  

The financial and information processing areas of the enterprise.

C.  

The operating areas of the enterprise.

D.  

The marketing, finance, and information processing areas.

A.  

Time brokers

B.  

Hot sites

C.  

Cold sites

D.  

Reciprocal Agreement

A.  

Full backup method

B.  

Incremental backup method

C.  

Differential backup method

D.  

Additive backup method

A.  

Acquisition collection and identification

B.  

Analysis

C.  

Storage, preservation, and transportation

D.  

Destruction

A.  

spike

B.  

blackout

C.  

sag

D.  

fault

A.  

System development activity

B.  

Help-desk function

C.  

System Imaging

D.  

Risk management process

A.  

2001:0db8:0:0:0:0:1428:57ab

B.  

ABCD:EF01:2345:6789:ABCD:EF01:2345:6789

C.  

::1

D.  

2001:DB8::8:800::417A

A.  

Incremental backup method

B.  

Off-site backup method

C.  

Full backup method

D.  

Differential backup method

A.  

Eliminate all means of intruder access.

B.  

Contain the intrusion.

C.  

Determine to what extent systems and data are compromised.

D.  

Communicate with relevant parties.

A.  

Continuity of support plan

B.  

Business continuity plan

C.  

Incident response plan

D.  

Continuity of operations plan

A.  

Because it is used to demonstrate the truth of the contents.

B.  

Because it is used to identify the state of the system.

C.  

Because the state of the memory cannot be used as evidence.

D.  

Because of the exclusionary rule.

A.  

A vulnerability analysis

B.  

A likelihood assessment

C.  

An uncertainty analysis

D.  

A threat identification

A.  

(C < L) or C is less than L

B.  

(C < L - (residual risk)) or C is less than L minus residual risk

C.  

(C > L) or C is greather than L

D.  

(C > L - (residual risk)) or C is greather than L minus residual risk

A.  

It is unlikely to be affected by the same disaster.

B.  

It is close enough to become operational quickly.

C.  

It is close enough to serve its users.

D.  

It is convenient to airports and hotels.

A.  

Transport layer

B.  

Network layer

C.  

Data link layer

D.  

Physical layer

A.  

Public Key Infrastructure (PKI)

B.  

Wireless network communications

C.  

Packet-switching technology

D.  

The OSI/ISO model

A.  

192.168.42.5

B.  

192.166.42.5

C.  

192.175.42.5

D.  

192.1.42.5

A.  

CHAP

B.  

Pre shared key

C.  

certificate based authentication

D.  

Public key authentication

A.  

The level of performance

B.  

How thick the shielding is.

C.  

The length of the cable

D.  

The diameter of the copper.

A.  

Inspected at only one layer of the Open System Interconnection (OSI) model

B.  

Inspected at all Open System Interconnection (OSI) layers

C.  

Decapsulated at all Open Systems Interconnect (OSI) layers.

D.  

Encapsulated at all Open Systems Interconnect (OSI) layers.

A.  

User datagram protocol (UDP)

B.  

Internet protocol (IP)

C.  

Internet Group Management Protocol (IGMP)

D.  

Internet control message protocol (ICMP)

A.  

Router

B.  

Multiplexer

C.  

Channel service unit/Data service unit (CSU/DSU)

D.  

Wan switch

A.  

It enables two different types of file systems to interoperate.

B.  

It enables two different types of file systems to share Sun applications.

C.  

It enables two different types of file systems to use IP/IPX.

D.  

It enables two different types of file systems to emulate each other.

A.  

TCP.

B.  

ICMP.

C.  

UDP.

D.  

IGMP.

A.  

Fiber Distributed Data Interface (FDDI).

B.  

Ethernet

C.  

Fast Ethernet

D.  

Broadband

A.  

IP segment.

B.  

IP datagram.

C.  

IP frame.

D.  

IP fragment.

A.  

TACACS+

B.  

RADIUS

C.  

PAP

D.  

TACACS

A.  

Screened subnets

B.  

Digital certificates

C.  

An encrypted Virtual Private Network

D.  

Encryption

A.  

Network Time Protocol (NTP)

B.  

Digital Signature

C.  

Digital Timestamp

D.  

Certification Authority (CA)

A.  

Authentication Header (AH)

B.  

Encapsulating Security Payload (ESP)

C.  

Secure Sockets Layer (SSL)

D.  

Secure Shell (SSH-2)

A.  

64 bits of data input results in 56 bits of encrypted output

B.  

128 bit key with 8 bits used for parity

C.  

64 bit blocks with a 64 bit total key length

D.  

56 bits of data input results in 56 bits of encrypted output

A.  

Confidentiality

B.  

Availability

C.  

Integrity

D.  

Authentication

A.  

Twofish

B.  

Serpent

C.  

RC6

D.  

Rijndael

A.  

Registration authority

B.  

Certification authority

C.  

Issuing authority

D.  

Vouching authority

A.  

The SSL protocol was developed by Netscape to secure Internet client-server transactions.

B.  

The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates.

C.  

Web pages using the SSL protocol start with HTTPS

D.  

SSL can be used with applications such as Telnet, FTP and email protocols.

A.  

Stream ciphers

B.  

Block ciphers

C.  

Cipher block chaining

D.  

Electronic code book

A.  

L2TP

B.  

PPTP

C.  

IPSec

D.  

L2F

A.  

B2

B.  

B1

C.  

C2

D.  

C1