Questão 1
Questão
Jesse is looking at the /etc/passwd file on a system configured to use
shadowed passwords. What should she expect to see in the password
field of this file?
Responda
-
A. Plaintext passwords
-
B. Encrypted passwords
-
C. Hashed passwords
-
D. x
Questão 2
Questão
SYN floods rely on implementations of what protocol to cause denial
of service conditions?
Responda
-
A. IGMP
-
B. UDP
-
C. TCP
-
D. ICMP
Questão 3
Questão
What principle states that an individual should make every effort to
complete his or her responsibilities in an accurate and timely manner?
Responda
-
A. Least privilege
-
B. Separation of duties
-
C. Due care
-
D. Due diligence
Questão 4
Questão
Cable modems, ISDN, and DSL are all examples of what type of
technology?
Responda
-
A. Baseband
-
B. Broadband
-
C. Digital
-
D. Broadcast
Questão 5
Questão
What penetration testing technique can best help assess training and
awareness issues?
Questão 6
Questão
Bill implemented RAID level 5 on a server that he operates using a
total of three disks. How many disks may fail without the loss of data?
Questão 7
Questão
Data is sent as bits at what layer of the OSI model?
Responda
-
A. Transport
-
B. Network
-
C. Data Link
-
D. Physical
Questão 8
Questão
Bert is considering the use of an infrastructure as a service cloud
computing partner to provide virtual servers. Which one of the
following would be a vendor responsibility in this scenario?
Responda
-
A. Maintaining the hypervisor
-
B. Managing operating system security settings
-
C. Maintaining the host firewall
-
D. Configuring server access control
Questão 9
Questão
When Ben records data and then replays it against his test website to
verify how it performs based on a real production workload, what type
of performance monitoring is he undertaking?
Responda
-
A. Passive
-
B. Proactive
-
C. Reactive
-
D. Replay
Questão 10
Questão
What technology ensures that an operating system allocates separate
memory spaces used by each application on a system?
Responda
-
A. Abstraction
-
B. Layering
-
C. Data hiding
-
D. Process isolation
Questão 11
Questão
Alan is considering the use of new identification cards in his
organization that will be used for physical access control. He comes
across a sample card and is unsure of the technology. He breaks it
open and sees the following internal construction. What type of card is
this?
Responda
-
A. Smart card
-
B. Proximity card
-
C. Magnetic stripe
-
D. Phase-two card
Questão 12
Questão
Mark is planning a disaster recovery test for his organization. He
would like to perform a live test of the disaster recovery facility but
does not want to disrupt operations at the primary facility. What type
of test should Mark choose?
Questão 13
Questão
Which one of the following is not a principle of the Agile approach to
software development?
Responda
-
A. The best architecture, requirements, and designs emerge from self-organizing teams.
-
B. Deliver working software infrequently, with an emphasis on creating accurate code over longer timelines.
-
C. Welcome changing requirements, even late in the development process.
-
D. Simplicity is essential.
Questão 14
Questão
During a security audit, Susan discovers that the organization is using
hand geometry scanners as the access control mechanism for their
secure data center. What recommendation should Susan make about
the use of hand geometry scanners?
Responda
-
A. They have a high FRR and should be replaced.
-
B. A second factor should be added because they are not a good way to reliably distinguish individuals.
-
C. The hand geometry scanners provide appropriate security for the data center and should be considered for other high-security areas.
-
D. They may create accessibility concerns, and an alternate biometric system should be considered.
Questão 15
Questão
Colleen is conducting a business impact assessment for her
organization. What metric provides important information about the
amount of time that the organization may be without a service before
causing irreparable harm?
Responda
-
A. MTD
-
B. ALE
-
C. RPO
-
D. RTO
Questão 16
Questão
An attack that changes a symlink on a Linux system between the time
that an account’s rights to the file are verified and the file is accessed is
an example of what type of attack?
Responda
-
A. Unlinking
-
B. Tick/tock
-
C. setuid
-
D. TOCTOU
Questão 17
Questão
An authentication factor that is “something you have,” and that
typically includes a microprocessor and one or more certificates, is
what type of authenticator?
Questão 18
Questão
What term best describes an attack that relies on stolen or falsified
authentication credentials to bypass an authentication mechanism?
Responda
-
A. Spoofing
-
B. Replay
-
C. Masquerading
-
D. Modification
Questão 19
Questão
Lisa wants to integrate with a cloud identity provider that uses OAuth
2.0, and she wants to select an appropriate authentication framework.
Which of the following best suits her needs?
Responda
-
A. OpenID Connect
-
B. SAML
-
C. RADIUS
-
D. Kerberos
Questão 20
Questão
Owen recently designed a security access control structure that
prevents a single user from simultaneously holding the role required
to create a new vendor and the role required to issue a check. What
principle is Owen enforcing?
Responda
-
A. Two-person control
-
B. Least privilege
-
C. Separation of duties
-
D. Job rotation
Questão 21
Questão
Denise is preparing for a trial relating to a contract dispute between
her company and a software vendor. The vendor is claiming that
Denise made a verbal agreement that amended their written contract.
What rule of evidence should Denise raise in her defense?
Questão 22
Questão
While Lauren is monitoring traffic on two ends of a network
connection, she sees traffic that is inbound to a public IP address show
up inside the production network bound for an internal host that uses
an RFC 1918 reserved address. What technology should she expect is
in use at the network border?
Responda
-
A. NAT
-
B. VLANs
-
C. S/NAT
-
D. BGP
Questão 23
Questão
Which of the following statements about SSAE-18 is not true?
Responda
-
A. It mandates a specific control set.
-
B. It is an attestation standard.
-
C. It is used for external audits.
-
D. It uses a framework, including SOC 1, SOC 2, and SOC 3 reports.
Questão 24
Questão
What does a constrained user interface do?
Responda
-
A. It prevents unauthorized users from logging in.
-
B. It limits the data visible in an interface based on the content.
-
C. It limits the access a user is provided based on what activity they are performing.
-
D. It limits what users can do or see based on privileges.
Questão 25
Questão
Greg is building a disaster recovery plan for his organization and
would like to determine the amount of time that it should take to
restore a particular IT service after an outage. What variable is Greg
calculating?
Responda
-
A. MTD
-
B. RTO
-
C. RPO
-
D. SLA
Questão 26
Questão
What business process typically requires sign-off from a manager
before modifications are made to a system?
Responda
-
A. SDN
-
B. Release management
-
C. Change management
-
D. Versioning
Questão 27
Questão
What type of fire extinguisher is useful against liquid-based fires?
Responda
-
A. Class A
-
B. Class B
-
C. Class C
-
D. Class D
Questão 28
Questão
The company Chris works for has notifications posted at each door
reminding employees to be careful to not allow people to enter when
they do. Which type of controls best describes this?
Responda
-
A. Detective
-
B. Physical
-
C. Preventive
-
D. Directive
Questão 29
Questão
Which one of the following principles is not included in the seven EUU.
S. Privacy Shield provisions?
Responda
-
A. Access
-
B. Security
-
C. Recourse
-
D. Nonrepudiation
Questão 30
Questão
What group is eligible to receive safe harbor protection under the
terms of the Digital Millennium Copyright Act (DMCA)?
Questão 31
Questão
Alex is the system owner for the HR system at a major university.
According to NIST SP 800-18, what action should he take when a
significant change occurs in the system?
Responda
-
A. He should develop a data confidentiality plan.
-
B. He should update the system security plan.
-
C. He should classify the data the system contains.
-
D. He should select custodians to handle day-to-day operational tasks.
Questão 32
Questão
Alex has been with the university he works at for over 10 years.
During that time, he has been a system administrator and a
database administrator, and he has worked in the university’s help
desk. He is now a manager for the team that runs the university’s
web applications. Using the provisioning diagram shown here,
answer the following questions.
If Alex hires a new employee and the employee’s account is
provisioned after HR manually inputs information into the
provisioning system based on data Alex provides via a series of forms,
what type of provisioning has occurred?
Responda
-
A. Discretionary account provisioning
-
B. Workflow-based account provisioning
-
C. Automated account provisioning
-
D. Self-service account provisioning
Questão 33
Questão
Alex has been with the university he works at for over 10 years.
During that time, he has been a system administrator and a
database administrator, and he has worked in the university’s help
desk. He is now a manager for the team that runs the university’s
web applications. Using the provisioning diagram shown here,
answer the following questions.
Alex has access to B, C, and D. What concern should he raise to the
university’s identity management team?
Responda
-
A. The provisioning process did not give him the rights he needs.
-
B. He has excessive privileges.
-
C. Privilege creep may be taking place.
-
D. Logging is not properly enabled.
Questão 34
Questão
Alex has been with the university he works at for over 10 years.
During that time, he has been a system administrator and a
database administrator, and he has worked in the university’s help
desk. He is now a manager for the team that runs the university’s
web applications. Using the provisioning diagram shown here,
answer the following questions.
When Alex changes roles, what should occur?
Responda
-
A. He should be de-provisioned and a new account should be created.
-
B. He should have his new rights added to his existing account.
-
C. He should be provisioned for only the rights that match his role.
-
D. He should have his rights set to match those of the person he is replacing.
Questão 35
Questão
Robert is reviewing a system that has been assigned the EAL2
evaluation assurance level under the Common Criteria. What is the
highest level of assurance that he may have about the system?
Responda
-
A. It has been functionally tested.
-
B. It has been structurally tested.
-
C. It has been formally verified, designed, and tested.
-
D. It has been semiformally designed and tested.
Questão 36
Questão
Adam is processing an access request for an end user. What two items
should he verify before granting the access?
Responda
-
A. Separation and need to know
-
B. Clearance and endorsement
-
C. Clearance and need to know
-
D. Second factor and clearance
Questão 37
Questão
During what phase of the electronic discovery reference model does an
organization ensure that potentially discoverable information is
protected against alteration or deletion?
Responda
-
A. Identification
-
B. Preservation
-
C. Collection
-
D. Processing
Questão 38
Questão
Nessus, OpenVAS, and SAINT are all examples of what type of tool?
Questão 39
Questão
Harry would like to access a document owned by Sally stored on a file
server. Applying the subject/object model to this scenario, who or
what is the object of the resource request?
Responda
-
A. Harry
-
B. Sally
-
C. File server
-
D. Document
Questão 40
Questão
What is the process that occurs when the Session layer removes the
header from data sent by the Transport layer?
Responda
-
A. Encapsulation
-
B. Packet unwrapping
-
C. De-encapsulation
-
D. Payloading
Questão 41
Questão
Which of the following tools is best suited to testing known exploits
against a system?
Responda
-
A. Nikto
-
B. Ettercap
-
C. Metasploit
-
D. THC Hydra
Questão 42
Questão
What markup language uses the concepts of a Requesting Authority, a
Provisioning Service Point, and a Provisioning Service Target to
handle its core functionality?
Responda
-
A. SAML
-
B. SAMPL
-
C. SPML
-
D. XACML
Questão 43
Questão
What type of risk assessment uses tools such as the one shown here?
Responda
-
A. Quantitative
-
B. Loss expectancy
-
C. Financial
-
D. Qualitative
Questão 44
Questão
MAC models use three types of environments. Which of the following
is not a mandatory access control design?
Responda
-
A. Hierarchical
-
B. Bracketed
-
C. Compartmentalized
-
D. Hybrid
Questão 45
Questão
What level of RAID is also called disk striping with parity?
Responda
-
A. RAID 0
-
B. RAID 1
-
C. RAID 5
-
D. RAID 10
Questão 46
Questão
Sally is wiring a gigabit Ethernet network. What cabling choices
should she make to ensure she can use her network at the full 1000
Mbps she wants to provide to her users?
Responda
-
A. Cat 5 and Cat 6
-
B. Cat 5e and Cat 6
-
C. Cat 4e and Cat 5e
-
D. Cat 6 and Cat 7
Questão 47
Questão
Which one of the following is typically considered a business
continuity task?
Responda
-
A. Business impact assessment
-
B. Alternate facility selection
-
C. Activation of cold sites
-
D. Restoration of data from backup
Questão 48
Questão
Robert is the network administrator for a small business and recently
installed a new firewall. After seeing signs of unusually heavy network
traffic, he checked his intrusion detection system, which reported that
a smurf attack was under way. What firewall configuration change can
Robert make to most effectively prevent this attack?
Responda
-
A. Block the source IP address of the attack.
-
B. Block inbound UDP traffic.
-
C. Block the destination IP address of the attack.
-
D. Block inbound ICMP traffic.
Questão 49
Questão
Which one of the following types of firewalls does not have the ability
to track connection status between different packets?
Responda
-
A. Stateful inspection
-
B. Application proxy
-
C. Packet filter
-
D. Next generation
Questão 50
Questão
Which of the following is used only to encrypt data in transit over a
network and cannot be used to encrypt data at rest?
Responda
-
A. TKIP
-
B. AES
-
C. 3DES
-
D. RSA
Questão 51
Questão
What type of fuzzing is known as intelligent fuzzing?
Responda
-
A. Zzuf
-
B. Mutation
-
C. Generational
-
D. Code based
Questão 52
Questão
Matthew is experiencing issues with the quality of network service on
his organization’s network. The primary symptom is that packets are
occasionally taking too long to travel from their source to their
destination. The length of this delay changes for individual packets.
What term describes the issue Matthew is facing?
Responda
-
A. Latency
-
B. Jitter
-
C. Packet loss
-
D. Interference
Questão 53
Questão
Which of the following multifactor authentication technologies
provides both low management overhead and flexibility?
Questão 54
Questão
What type of testing would validate support for all the web browsers
that are supported by a web application?
Responda
-
A. Regression testing
-
B. Interface testing
-
C. Fuzzing
-
D. White box testing
Questão 55
Questão
Kathleen is implementing an access control system for her
organization and builds the following array:
Reviewers: update files, delete files
Submitters: upload files
Editors: upload files, update files
Archivists: delete files
What type of access control system has Kathleen implemented?
Responda
-
A. Role-based access control
-
B. Task-based access control
-
C. Rule-based access control
-
D. Discretionary access control
Questão 56
Questão
Alan is installing a fire suppression system that will kick in after a fire
breaks out and protect the equipment in the data center from
extensive damage. What metric is Alan attempting to lower?
Responda
-
A. Likelihood
-
B. RTO
-
C. RPO
-
D. Impact
Questão 57
Questão
Alan’s Wrenches recently developed a new manufacturing process for
its product. They plan to use this technology internally and not share it
with others. They would like it to remain protected for as long as
possible. What type of intellectual property protection is best suited
for this situation?
Responda
-
A. Patent
-
B. Copyright
-
C. Trademark
-
D. Trade secret
Questão 58
Questão
Ben wants to interface with the National Vulnerability Database using
a standardized protocol. What option should he use to ensure that the
tools he builds work with the data contained in the NVD?
Responda
-
A. XACML
-
B. SCML
-
C. VSML
-
D. SCAP
Questão 59
Questão
Which of the following is not one of the three components of the
DevOps model?
Responda
-
A. Software development
-
B. Change management
-
C. Quality assurance
-
D. Operations
Questão 60
Questão
In the figure shown here, Harry’s request to read the data file is
blocked. Harry has a Secret security clearance, and the data file has a
Top Secret classification. What principle of the Bell-LaPadula model
blocked this request?
Responda
-
A. Simple Security Property
-
B. Simple Integrity Property
-
C. *-Security Property
-
D. Discretionary Security Property
Questão 61
Questão
Norm is starting a new software project with a vendor that uses an
SDLC approach to development. When he arrives on the job, he
receives a document that has the sections shown here. What type of
planning document is this?
Questão 62
Questão
Kolin is searching for a network security solution that will allow him to
help reduce zero-day attacks while using identities to enforce a
security policy on systems before they connect to the network. What
type of solution should Kolin implement?
Questão 63
Questão
Gwen comes across an application that is running under a service
account on a web server. The service account has full administrative
rights to the server. What principle of information security does this
violate?
Responda
-
A. Need to know
-
B. Separation of duties
-
C. Least privilege
-
D. Job rotation
Questão 64
Questão
Which of the following is not a type of structural coverage in a code
review process?
Responda
-
A. Statement
-
B. Trace
-
C. Loop
-
D. Data flow
Questão 65
Questão
Which of the following tools is best suited to the information gathering
phase of a penetration test?
Responda
-
A. Whois
-
B. zzuf
-
C. Nessus
-
D. Metasploit
Questão 66
Questão
During a web application vulnerability scanning test, Steve runs
Nikto against a web server he believes may be vulnerable to
attacks. Using the Nikto output shown here, answer the following
questions.
Why does Nikto flag the /test directory?
Responda
-
A. The /test directory allows administrative access to PHP.
-
B. It is used to store sensitive data.
-
C. Test directories often contain scripts that can be misused.
-
D. It indicates a potential compromise.
Questão 67
Questão
During a web application vulnerability scanning test, Steve runs
Nikto against a web server he believes may be vulnerable to
attacks. Using the Nikto output shown here, answer the following
questions.
Why does Nikto identify directory indexing as an issue?
Responda
-
A. It lists files in a directory.
-
B. It may allow for XDRF.
-
C. Directory indexing can result in a denial of service attack.
-
D. Directory indexing is off by default, potentially indicating
compromise.
Questão 68
Questão
During a web application vulnerability scanning test, Steve runs
Nikto against a web server he believes may be vulnerable to
attacks. Using the Nikto output shown here, answer the following
questions.
Nikto lists OSVDB-877, noting that the system may be vulnerable to
XST. What would this type of attack allow an attacker to do?
Responda
-
A. Use cross-site targeting.
-
B. Steal a user’s cookies.
-
C. Counter SQL tracing.
-
D. Modify a user’s TRACE information.
Questão 69
Questão
Which one of the following memory types is considered volatile
memory?
Responda
-
A. Flash
-
B. EEPROM
-
C. EPROM
-
D. RAM
Questão 70
Questão
Ursula believes that many individuals in her organization are storing
sensitive information on their laptops in a manner that is unsafe and
potentially violates the organization’s security policy. What control
can she use to identify the presence of these files?
Responda
-
A. Network DLP
-
B. Network IPS
-
C. Endpoint DLP
-
D. Endpoint IPS
Questão 71
Questão
In what cloud computing model does the customer build a cloud
computing environment in his or her own data center or build an
environment in another data center that is for the customer’s exclusive
use?
Responda
-
A. Public cloud
-
B. Private cloud
-
C. Hybrid cloud
-
D. Shared cloud
Questão 72
Questão
Which one of the following technologies is designed to prevent a web
server going offline from becoming a single point of failure in a web
application architecture?
Responda
-
A. Load balancing
-
B. Dual-power supplies
-
C. IPS
-
D. RAID
Questão 73
Questão
Alice wants to send Bob a message with the confidence that Bob will
know the message was not altered while in transit. What goal of
cryptography is Alice trying to achieve?
Responda
-
A. Confidentiality
-
B. Nonrepudiation
-
C. Authentication
-
D. Integrity
Questão 74
Questão
What network topology is shown here?
Responda
-
A. A ring
-
B. A bus
-
C. A star
-
D. A mesh
Questão 75
Questão
Monica is developing a software application that calculates an
individual’s body mass index for use in medical planning. She would
like to include a control on the field where the physician enters an
individual’s weight to ensure that the weight falls within an expected
range. What type of control should Monica use?
Responda
-
A. Fail open
-
B. Fail secure
-
C. Limit check
-
D. Buffer bounds
Questão 76
Questão
Your lab manager is preparing to buy all the equipment that has been budgeted for next year. While reviewing the
specifications for several pieces of equipment, he notices that each device has a Mean Time To Repair (MTTR) rating. He
asks you what this means. Which of the following is the best response?
Responda
-
○ A. The MTTR is used to determine the expected time before the repair can be completed. Higher numbers are better.
-
○ B. The MTTR is used to determine the expected time before the repair can be completed. Lower numbers are better.
-
○ C. The MTTR is used to determine the expected time between failures. Higher numbers are better.
-
○ D. The MTTR is used to determine the expected time between failures. Lower numbers are better.
Questão 77
Questão
Which of the following would you be least likely to find in a data center?
Questão 78
Questão
You are asked to serve as a consultant on the design of a new facility. Which of the following is the best location for the
server room?
Responda
-
○ A. Near the outside of the building
-
○ B. Near the center of the building
-
○ C. In an area that has plenty of traffic so that equipment can be observed by other employees and guests
-
○ D. In an area that offers easy access
Questão 79
Questão
Which of the following is not one of the three types of access controls?
Responda
-
○ A. Administrative
-
○ B. Personnel
-
○ C. Technical
-
○ D. Physical
Questão 80
Questão
Your company has just opened a call center in India to handle nighttime operations, and you are asked to review the site’s
security controls. Specifically, you are asked which of the following is the strongest form of authentication. What will your
answer be?
Responda
-
○ A. Something you know
-
○ B. Something you are
-
○ C. Passwords
-
○ D. Tokens
Questão 81
Questão
Your organization has become worried about recent attempts to gain unauthorized access to the R&D facility. Therefore,
you are asked to implement a system that will require individuals to present a password and enter a PIN at the security gate
before gaining access. What is this type of system called?
Questão 82
Questão
Which of the following ciphers is/are symmetric?
Responda
-
○ A. DES
-
○ B. DES and Skytale
-
○ C. DES, Skytale, and Caesar’s cipher
-
○ D. DES, Skytale, Caesar’s cipher, and RSA
Questão 83
Questão
An employee is leaving your company. You debrief the individual and escort him to the door. After reviewing the materials in
his office, you realize he left with the VPN router that had been configured for him to use when he worked from home. This
router had a certificate issued to that employee, and it is not deemed worth the effort to retrieve it. What action should be
taken in regards to the certificate?
Responda
-
○ A. Suspend it.
-
○ B. Destroy it.
-
○ C. Revoke it.
-
○ D. Transfer it.
Questão 84
Questão
Which algorithm provides for key distribution but does not provide encryption or nonrepudiation?
Questão 85
Questão
TCSEC provides levels of security that are classified in a hierarchical manner. Each level has a corresponding set of security
requirements that must be met. Which of the following does Level A correspond to?
Questão 86
Questão
TCSEC offers numbered divisions of security that can occur in each category. With this in mind, which of the following
represents the highest level of security?
Responda
-
○ A. B2
-
○ B. D2
-
○ C. B1
-
○ D. D1
Questão 87
Questão
Jim has been asked to assist with a security evaluation. He has heard other members of the teams speak of TCB. What does
TCB stand for?
Responda
-
○ A. Taking care of business
-
○ B. Total computer base
-
○ C. Trusted computer base
-
○ D. Total communication bandwidth
Questão 88
Questão
Which of the following is considered a connection-oriented protocol?
Responda
-
○ A. UDP
-
○ B. TCP
-
○ C. ICMP
-
○ D. ARP
Questão 89
Questão
Which connectionless protocol is used for its low overhead and speed?
Responda
-
○ A. UDP
-
○ B. TCP
-
○ C. ICMP
-
○ D. ARP
Questão 90
Questão
Information security is not built on which of the following?
Responda
-
○ A. Confidentiality
-
○ B. Availability
-
○ C. Accessibility
-
○ D. Integrity
Questão 91
Questão
Place the following four elements of the Business Continuity Plan in the proper order.
Responda
-
○ A. Scope and plan initiation, plan approval and implementation, business impact assessment, business continuity plan development
-
B. Scope and plan initiation, business impact assessment, business continuity plan development, plan approval and
implementation
-
○ C. Business impact assessment, scope and plan initiation, business continuity plan development, plan approval and implementation
-
○ D. Plan approval and implementation, business impact assessment, scope and plan initiation, business continuity plan development
Questão 92
Questão
Risk assessment is a critical component of the BCP process. As such, which risk-assessment method is scenario-driven and
does not assign numeric values to specific assets?
Responda
-
○ A. Qualitative Risk Assessment
-
○ B. Statistical Weighted Risk Assessment
-
○ C. Quantitative Risk Assessment
-
○ D. Asset-Based Risk Assessment
Questão 93
Questão
Which of the following best describes the concept and purpose of BCP?
Responda
-
○ A. BCPs are used to reduce outage times.
-
○ B. BCPs and procedures are put in place for the response to an emergency.
-
○ C. BCPs guarantee the reliability of standby systems.
-
○ D. BCPs are created to prevent interruptions to normal business activity.
Questão 94
Questão
What is not one of the three things that are needed to commit a computer crime?
Responda
-
○ A. Means
-
○ B. Skill
-
○ C. Motive
-
○ D. Opportunity
Questão 95
Questão
The IAB (Internet Architecture Board) considers which of the following acts unethical?
Responda
-
○ A. Disrupting the intended use of the Internet
-
○ B. Rerouting Internet traffic
-
○ C. Writing articles about security exploits
-
○ D. Developing security patches
Questão 96
Questão
What category of attack is characterized by the removal of small amounts of money over long periods of time?
Responda
-
○ A. Slicing attack
-
○ B. Skimming attack
-
○ C. Bologna attack
-
○ D. Salami attack
Questão 97
Questão
Which of the following is not a valid database management system model?
Responda
-
○ A. The hierarchical database management system
-
○ B. The structured database management system
-
○ C. The network database management system
-
○ D. The relational database management system
Questão 98
Questão
During which stage of the software development life cycle should security be implemented?
Responda
-
○ A. Development
-
○ B. Project initiation
-
○ C. Deployment
-
○ D. Installation
Questão 99
Questão
In which software development life cycle phase do the programmers and developers become deeply involved and do the
majority of the work?
Responda
-
○ A. System Design Specifications
-
○ B. Software Development
-
○ C. Operation and Maintenance
-
○ D. Functional Design Analysis and Planning
Questão 100
Questão
You have just won a contract for a small software development firm, which has asked you to perform a risk analysis. The
firm provided you information on previous incidents and has a list of the known environmental threats of the geographic area.
The firm’s president believes that risk is something that can be eliminated. As a CISSP, how should you respond to this
statement?
Responda
-
○ A. Although it can be prohibitively expensive, risk can be eliminated.
-
○ B. Risk can be reduced but cannot be eliminated.
-
○ C. A qualitative risk analysis can eliminate risk.
-
○ D. A quantitative risk assessment can eliminate risk.
Questão 101
Questão
Which term describes the method of identifying vulnerabilities and threats and assessing the possible damage to determine
where to implement security safeguards?
Responda
-
○ A. Information management
-
○ B. Risk analysis
-
○ C. Countermeasure selection
-
○ D. Classification controls
Questão 102
Questão
Proper security management dictates separation of duties for all the following reasons except which one?
Responda
-
○ A. It reduces the possibility of fraud.
-
○ B. It reduces dependency on individual workers.
-
○ C. It reduces the need for personnel.
-
○ D. It provides integrity.
Questão 103
Questão
Attackers are always looking for ways to identify systems. One such method is to send a TCP SYN to a targeted port.
What would an attacker expect to receive in response to indicate an open port?
Responda
-
○ A. SYN
-
○ B. SYN ACK
-
○ C. ACK
-
○ D. ACK FIN
Questão 104
Questão
Which of the following is an example of a directive control?
Questão 105
Questão
Brad uses Telnet to connect to several open ports on a victim computer and capture the banner information. What is the
purpose of his activity?
Questão 106
Questão
A closed-circuit TV (CCTV) system has been installed to monitor a bank’s ATM. The lighting has been adjusted to prevent
dark areas, and the depth of field and degree of focus are appropriate for proper monitoring. However, the guard has asked
if it would be possible to provide greater width to the area being monitored to permit a subject to be captured for a longer
stretch of time. Which adjustment is needed?
Questão 107
Questão
When you’re choosing the physical location for a new facility, which of the following should you not avoid?
Questão 108
Questão
Which of the following is not one of the three primary types of authentication?
Questão 109
Questão
While working as a contractor for Widget, Inc., you are asked what the weakest form of authentication is. What will you
say?
Responda
-
○ A. Passwords
-
○ B. Retina scans
-
○ C. Facial recognition
-
○ D. Tokens
Questão 110
Questão
A coworker reports that she has lost her public key ring. What does this mean?
Responda
-
○ A. This is a security violation. You need to revoke her digital certificate.
-
○ B. She can regenerate it.
-
○ C. She will be unable to decrypt her stored files.
-
○ D. The PKI is gone.
Questão 111
Questão
What is the risk to an organization when a cryptosystem fails to use the full keyspace available?
Questão 112
Questão
Which of the following is not one of the valid states in which a CPU can operate?
Responda
-
○ A. Processor
-
○ B. Supervisor
-
○ C. Problem
-
○ D. Wait
Questão 113
Questão
Which organization began developing the Common Criteria standard in 1990?
Responda
-
○ A. IEEE
-
○ B. ISC2
-
○ C. ISO
-
○ D. NIST
Questão 114
Questão
Which data communications solution transmits timing information to the receiver by using a “preamble” of alternating 1s and
0s?
Questão 115
Questão
LAN data transmissions can take on several different forms. Which of the following can be both a source and a destination
address?
Responda
-
○ A. Unicast
-
○ B. Multicast
-
○ C. Broadcast
-
○ D. Anycast
Questão 116
Questão
What are the three goals of a business impact analysis?
Responda
-
○ A. Downtime estimation, resource requirements, defining the continuity strategy
-
○ B. Defining the continuity strategy, criticality prioritization, resource requirements
-
○ C. Criticality prioritization, downtime estimation, documenting the continuity strategy
-
○ D. Criticality prioritization, downtime estimation, resource requirements
Questão 117
Questão
Which of the following is the number-one priority for all Business Continuity Plans (BCPs) and Disaster Recovery Plans
(DRPs)?
Responda
-
○ A. The reduction of potential critical outages
-
○ B. The minimization of potential outages
-
○ C. The elimination of potential outages
-
○ D. The protection and welfare of employees
Questão 118
Questão
You are assigned to a team that is investigating a computer crime. You are asked to make sure that the original data remains
unchanged. Which of the following programs can be used to create a cryptographic checksum to verify the data’s integrity?
Responda
-
○ A. PKZip
-
○ B. MD5sum
-
○ C. DES
-
○ D. PGP
Questão 119
Questão
Paul is concerned about the proper disposal of old hard drives that contain propriety information. Which of the following
techniques ensures that the data cannot be recovered?
Responda
-
○ A. Formatting
-
○ B. FDISK
-
○ C. Drive wiping
-
○ D. Data parsing
Questão 120
Questão
In the software development life cycle, what is used to maintain changes to development or production?
Questão 121
Questão
What is the most-used type of database management system?
Responda
-
○ A. The hierarchical database management system
-
○ B. The structured database management system
-
○ C. The network database management system
-
○ D. The relational database management system
Questão 122
Questão
As a potential CISSP, you need to know common RFCs and NIST standards. One such RFC is 2196. This IETF
document provides basic guidance on security in a networked environment. What is the title of this document?
Responda
-
○ A. “Ethics and the Internet”
-
○ B. “Site Security Handbook”
-
○ C. “Cracking and Hacking TCP/IP”
-
○ D. “Security Policies and Procedures”
Questão 123
Questão
Mr. Hunting, your former college math teacher, hears that you are studying for your CISSP exam and asks if you know the
formula for total risk. What is the correct response?
Responda
-
○ A. Annual Loss Expectancy * Vulnerability = Total Risk
-
○ B. Threat * Vulnerability * Asset Value = Total Risk
-
○ C. Residual Risk / Asset Value * Vulnerability = Total Risk
-
○ D. Asset Value / Residual Risk = Total Risk
Questão 124
Questão
An access-control matrix can be used to associate permissions of a subject to an object. Permissions can be tied to a lattice
of control. If the lattice of control for Cindy and Bob is read and read/write, which of the following is true?
Responda
-
○ A. Bob will be able to read File X.
-
○ B. Bob has full control of File X.
-
○ C. Bob cannot access File X.
-
○ D. Alice has full access on File Y.
Questão 125
Questão
The attacker waits until his victim establishes a connection to the organization’s FTP server. Then, he executes a program
that allows him to take over the established session. What type of attack has taken place?
Responda
-
○ A. Password attack
-
○ B. Spoofing
-
○ C. Session hijack
-
○ D. ARP redirection