Request For Proposal
Question 1
1.
A security manager wishes to objectively measure the maturity of security processes in his organization. Which model should be used for this evaluation?
Answer
SSE-CMM | ||
SEI-CMM | ||
Common Criteria | ||
TCSEC |
2 points
Question 2
1.
The component in a computer where program instructions are executed is called the:
Answer
CPU | ||
Bus | ||
Front-side bus | ||
Firmware |
2 points
Question 3
1.
The innermost portion of an operating system is known as:
Answer
Kernel | ||
Core | ||
Ring 0 | ||
Process 0 |
2 points
Question 4
1.
DoD Information Assurance Certification and Accreditation Process (DIACAP):
Answer
Has been superseded by the Common Criteria | ||
Is the process by which all U.S. federal information systems are certified and accredited | ||
Has been superseded by DITSCAP (Department of Defense Information Technology Security Certification and Accreditation Process) | ||
Is the process used to certify and accredit U.S. military information systems |
2 points
Question 5
1.
The TCSEC system evaluation criteria is used to evaluate systems of what type:
Answer
E-Commerce | ||
Public utilities | ||
Banking | ||
Military |
2 points
Question 6
1.
A source code review uncovered the existence of instructions that permit the user to bypass security controls. What was discovered in the code review?
Answer
Feature | ||
Bot | ||
Logic bomb | ||
Back door |
2 points
Question 7
1.
The TCSEC system evaluation criteria is used to address:
Answer
Confidentiality of information | ||
Preventive and detective controls | ||
Penetration testing | ||
Intrusion prevention systems |
2 points
Question 8
1.
What is the purpose of the Software Engineering Institute Capability Maturity Model Integration (SEI CMMI)?
Answer
Objective assessment of the integrity of an organization’s application programs | ||
Objective assessment of an organization’s systems engineering processes | ||
Objective assessment of an organization’s business processes | ||
Subjective assessment of an organization’s systems engineering processes |
2 points
Question 9
1.
The purpose of a CPU fetch operation is:
Answer
To retrieve data from memory | ||
To retrieve an instruction from memory | ||
To retrieve data from the hard disk drive | ||
To retrieve data from the program counter |
2 points
Question 10
1.
The purpose of a fire extinguisher is:
Answer
The primary device used to fight accidental fires | ||
The primary device to fight all fires until the fire department arrives | ||
The primary device used to fight all fires | ||
The primary device used to fight small fires |
2 points
Question 11
1.
A security manager is concerned that lost key cards can be used by an intruder to gain entrance to a facility. What measure can be used to prevent this?
Answer
Implement PIN pads at card reader stations | ||
Implement video surveillance at card reader stations | ||
Implement man traps at card reader stations | ||
Implement RFID sensors at card reader stations |
2 points
Question 12
1.
Common biometric solutions that are suitable for building entrance control include:
Answer
Voice print and gait | ||
Retina scan and hand print | ||
Voice print and DNA | ||
Fingerprint and hand print |
2 points
Question 13
1.
A building access mechanism where only one person at a time may pass is called a:
Answer
Entrance trap | ||
Step trap | ||
Mantrap | ||
Passtrap |
2 points
Question 14
1.
A security-minded organization is relocating its business office into a shared-tenant building. How should the entrance of personnel be controlled?
Answer
One key card system that is jointly operated by all of the tenants | ||
Separate key card systems that are operated by each tenant | ||
Security guards to control who can enter the building | ||
Video surveillance to monitor who enters the building |
2 points
Question 15
1.
The type of smoke detector that is designed to detect smoke before it is visible is:
Answer
Ionization | ||
Optical | ||
Ultraviolet | ||
Radioactive |
2 points
Question 16
1.
A secure facility needs to control incoming vehicle traffic and be able to stop determined attacks. What control should be implemented:
Answer
Crash gate | ||
Guard post | ||
Turnstile | ||
Bollards |
2 points
Question 17
1.
The use of key cards to control physical access to a work facility is a form of:
Answer
Both preventive and administrative control | ||
Detective control | ||
Both preventive and detective control | ||
Preventive control |
2 points
Question 18
1.
A security manager wants to implement barriers that will block the passage of vehicles but freely allow foot traffic. The control that should be implemented is:
Answer
Turnstiles | ||
Bollards | ||
Crash gates | ||
Low wall |
2 points
Question 19
1.
All of the following statements about the polyalphabetic cipher are true EXCEPT:
Answer
It is a form of one-time pad | ||
It is resistant to frequency analysis attacks | ||
It uses multiple substitution alphabets | ||
It is a type of substitution cipher |
2 points
Question 20
1.
A security manager is searching for an encryption algorithm to be used to encrypt data files containing sensitive information. Which of the following algorithms should NOT be considered:
Answer
FISH | ||
Twofish | ||
Blowfish | ||
CAST |
2 points
Question 21
1.
A particular encryption algorithm transforms plaintext to ciphertext by XORing the plaintext with the encryption key. This is known as:
Answer
Electronic codebook | ||
Cipher block chaining | ||
Block cipher | ||
Stream cipher |
2 points
Question 22
1.
The purpose of digitally signing a message is to ensure:
Answer
Integrity of the message | ||
Confidentiality of the message | ||
Integrity of the sender | ||
Confidentiality of the sender |
2 points
Question 23
1.
A stream cipher encrypts data by XORing plaintext with the encryption key. How is the ciphertext converted back into plaintext?
Answer
XORing it with the encryption key | ||
XORing it with the inverse of the encryption key | ||
ANDing it with the encryption key | ||
NANDing it with the encryption key |
2 points
Question 24
1.
The encryption mode where ciphertext output from each encrypted plaintext block in the encryption used for the next block is known as:
Answer
Cipher feedback | ||
Output feedback | ||
Cipher block chaining | ||
Electronic codebook |
2 points
Question 25
1.
In an electronic codebook (ECB) cipher, each block of ciphertext:
Answer
Is used to encrypt the next block | ||
Is used to encrypt the previous block | ||
Is used to decrypt the next block | ||
Is not used to encrypt the next block |
2 points
Question 26
1.
Two parties that have never communicated before wish to send messages using asymmetric key cryptography. How should the parties begin?
Answer
The receiving party should send its private encryption key to the transmitting party. | ||
The transmitting party should send its private encryption key to the receiving party. | ||
The receiving party should send its public encryption key to the transmitting party. | ||
The transmitting party should send its public encryption key to the receiving party. |
2 points
Question 27
1.
The purpose of a password policy that locks an account after five unsuccessful login attempts is:
Answer
To prevent an intruder from carrying out a dictionary attack against a password | ||
To prevent a second user from changing the password | ||
To prevent someone from quickly cycling back to their familiar password | ||
To prevent other individuals from logging in to the account |
2 points
Question 28
1.
A security manager has instructed a system administrator to wipe files on a hard disk. This means that the administrator needs to:
Answer
Perform a low-level format on the hard disk | ||
Use a degausser to re-align the magnetic storage material on the hard disk | ||
Use a tool to overwrite files multiple times | ||
Perform a high-level format on the hard disk |
2 points
Question 29
1.
An organization’s data classification policy includes handling procedures for data at each level of sensitivity. The IT department backs up all data onto magnetic tape, resulting in tapes that contain data at all levels of sensitivity. How should these backup tapes be handled?
Answer
According to procedures for the lowest sensitivity level | ||
According to procedures for the highest sensitivity level | ||
According to procedures in between the lowest and highest sensitivity levels | ||
Data handling procedures do not apply to backup media, only original media |
2 points
Question 30
1.
What is the difference between split tunneling and inverse split tunneling:
Answer
Only inverse split tunneling can utilize a firewall | ||
Only split tunneling can utilize a firewall | ||
Split tunneling uses IPsec and SSL, while inverse split tunneling uses L2TP | ||
In split tunneling, the default network is the LAN; in inverse split tunneling, the default network is the VPN |
2 points
Question 31
1.
The purpose of a periodic review of user access rights is:
Answer
To check whether employees have logged in to the system | ||
To check for active accounts that belong to terminated employees | ||
To determine password quality and expiration | ||
To determine whether access control systems still function properly |
2 points
Question 32
1.
Why do the actions of system administrators need to be monitored more closely than other personnel?
Answer
Administrator actions can be more harmful and have a larger impact on the organization | ||
Administrators are more likely to make mistakes | ||
Administrators have access to all other users’ passwords | ||
Administrative interfaces have fewer safeguards |
2 points
Question 33
1.
An organization has received notice of a lawsuit related to activities in its operations department. How should the organization respond:
Answer
Cease all purging activities until further notice | ||
Alter retention schedules and begin purging the oldest information | ||
Purge all information older than timelines specified in its retention schedule | ||
Hire an outside organization to perform all purging activities |
2 points
Question 34
1.
The purpose of backups includes all of the following EXCEPT:
Answer
Software malfunctions | ||
Human error | ||
Hardware malfunctions | ||
Cluster failovers |
2 points
Question 35
1.
A forensics investigator has been asked to examine the workstation used by an employee who has been known to misbehave in the past. This investigation is related to more potential misconduct. What approach should the investigator take in this new investigation?
Answer
Approach this investigation objectively, without regard to the history of this employee’s conduct | ||
Approach this investigation subjectively, given the history of this employee’s conduct | ||
Assume the employee is guilty and search for evidence to support this | ||
Assume the employee is innocent and search for evidence to refute this |
2 points
Question 36
1.
A suspect has been forging credit cards with the purpose of stealing money from their owners through ATM withdrawals. Under which U.S. law is this suspect most likely to be prosecuted?
Answer
Computer Fraud and Abuse Act | ||
Access Device Fraud | ||
Computer Security Act | ||
Sarbanes-Oxley Act |
2 points
Question 37
1.
A case of employee misconduct that is the subject of a forensic investigation will likely result in a court proceeding. What should included in the forensic investigation:
Answer
Legible notes on all activities | ||
Law enforcement investigation | ||
Chain of custody for all evidence | ||
Dual custody for all evidence |
2 points
Question 38
1.
The purpose of the containment step in a security incident response plan is:
Answer
To prevent the spread of the incident | ||
To recover the affected system to its pre-incident state | ||
To isolate the system | ||
To collect evidence for possible disciplinary action or prosecution |
2 points
Question 39
1.
The (ISC)2 code of ethics includes all of the following EXCEPT:
Answer
Provide diligent and competent service to principals | ||
Protect society and the infrastructure | ||
Act honorably, honestly, justly, responsibly, and legally | ||
Advance and protect the profession |
2 points
Question 40
1.
Trademarks, copyrights, and patents are all a part of:
Answer
Intellectual property law | ||
Civil law | ||
Administrative law | ||
Private property law |
2 points
Question 41
1.
Which U.S. law gives law enforcement organizations greater powers to search telephone, e-mail, banking, and other records?
Answer
Patriot Act | ||
Communications Assistance for Law Enforcement Act | ||
Federal Information Security Management Act | ||
Gramm-Leach-Bliley Act |
2 points
Question 42
1.
The categories of laws in the U.S. are:
Answer
Civil, criminal, administrative, and family | ||
Intellectual, privacy, and computer crime | ||
Criminal, civil, and administrative | ||
Criminal, civil, and family |
2 points
Question 43
1.
A systems engineer has discovered that a web server supports only 56-bit SSL connections. What can the systems engineer deduce from this?
Answer
Web communications with this server are highly secure | ||
The server does not support remote administration | ||
Web communications with this server are not secure | ||
The server is running the Windows operating system |
2 points
Question 44
1.
Two computers are communicating on a wide area network over a UDP port. One computer is sending the contents of a large file to the other computer. Network congestion has caused some packets to be delayed. What will the TCP/IP network drivers do about the packet delay?
Answer
The receiving computer will request that the file transfer be restarted | ||
The network drivers will assemble the packets into the proper order | ||
The receiving computer will request the sending computer to re-transmit the delayed packets | ||
Nothing |
2 points
Question 45
1.
A computer has just been rebooted. An application program has started, and the application program needs to send an FTP packet to a server at IP address 10.14.250.200. What is the first packet that the computer will send on the network to accomplish this:
Answer
ARP | ||
Whois | ||
FTP | ||
Rlogin |
2 points
Question 46
1.
An organization is about to occupy an existing office building. The network manager has examined all of the network cabling and has observed that most of it has been labeled “Category 3”. What is the fastest network technology that can be used on this cabling?
Answer
10Mbit/s Ethernet | ||
100Mbit/s Ethernet | ||
1000Mbit/s Ethernet | ||
10Gbit/s Ethernet |
2 points
Question 47
1.
A stateful packet filtering firewall protects a web server. Which of the following is true:
Answer
The firewall will authenticate all users to the web server | ||
The firewall will detect but not block application level attacks | ||
The firewall will block application level attacks | ||
The firewall will not block application level attacks |
2 points
Question 48
1.
Digital subscriber line (DSL) service:
Answer
Utilizes existing cable service and communicates on a different frequency | ||
Has been superseded by ISDN | ||
Has been superseded by satellite communications | ||
Utilizes existing telephone services and communicates on a different frequency |
2 points
Question 49
1.
The size of packets in an ATM networks is:
Answer
53 bytes | ||
1500 bytes | ||
1544 bytes | ||
Variable, from 64 to 1500 bytes |
2 points
Question 50
1.
An IT manager wishes to connect several branch offices to the headquarters office for voice and data communications. What packet switched service should the IT manager consider?
Answer
ATM | ||
DSL | ||
MPLS | ||
Frame Relay |
Needs help with similar assignment?
We are available 24x7 to deliver the best services and assignment ready within 3-4 hours? Order a custom-written, plagiarism-free paper
Get Answer Over WhatsApp Order Paper Now