When an organization takes reasonable measures to ensure that it took precautions to
protect its network and resources is called:
A. Reasonable Action
B. Security Mandate
C. Due Care
D. Prudent Countermeasures
Due care are the steps taken to show it has taken responsibility for its actions.
What two things below are associated with security policy?(Choose Two)
A. Support of upper management
B. Support of department managers
C. Are tactical in nature
D. Are strategic in nature
E. Must be developed after procedures
F. Must be developed after guidelines
Policies are written as a broad overview and require the support of upper management. After the
development and approval of policies, guidelines and procedures may be written.
Total risk is equal to:(Choose All That Apply)
D. Asset value
E. Asset loss
Total risk = asset value * vulnerability * threats
Government data classifications include which of the following:(Choose three)
F. Top Secret
One of the most common systems used to classify information is the one developed within the
US Department of Defense. These include: unclassified, sensitive, confidential, secret, and top
Job rotation is important because:
A. It insures your employees are cross-trained.
B. It increases job satisfaction.
C. It reduces the opportunity for fraud
Job rotation is tightly tied to the principle of least privilege. It is an effective security control.
Your co-worker is studying for the CISSP exam and has come to you with a question. What
is ARP poisoning?
A. Flooding of a switched network
B. A denial of service that uses the DNS death ping
C. Turning of IP to MAC resolution
D. Inserting a bogus IP and MAC address in the ARP table
E. Modifying a DNS record
ARP poisoning is a masquerading attack where the attacker inserts a bogus IP and MAC address
in a victims ARP table or into the table of a switch. This has the effect of redirecting traffic to
the attacker and not to the intended computer.
What is the best description for CHAP Challenge Handshake Authentication Protocol?
A. Passwords are sent in clear text
B. Passwords are not sent in clear text
C. Passwords are not used, a digital signature is sent
D. It is substandard to PAP
E. It was used with PS2’s and has been discontinued
Passwords are not sent in clear text. The server performing the authentication sends a challenge
value and the user types in the password. The password is used to encrypt the challenge value
then is sent back to the authentication server.
CSMA/CD computers cannot communicate without a token.(True/False)
CSMA/CD computers do not use a token. It is the media access method used in Ethernet.
__________ sends out a message to all other computers indicating it is going to send out
CSMA/CA sends out a message to all other computers indicating it is going to send out data.
CSMA/CA or token ring networking uses this approach to reduce the amount of data collisions.
Which of the following best describes ISDN BRI(Choose two)
A. 2 B channels
B. 4 B channels
C. 23 B channels
D. 1 D channel
E. 2 D channels
ISDN BRI has 2 B and 1 D channels
The top speed of ISDN BRI is 256 KBS.(True/False)
The top speed of ISDN BRI is 128 KBS. Its two primary channels are each capable of carrying
64 KBS so the combined top speed is 128 KBS.
Which of the following should NOT be implemented to protect PBX’s?(Choose all that
A. Change default passwords and configurations
B. Make sure that maintenance modems are on 24/7
C. Review telephone bill regularly
D. Block remote calling after business hours
E. Post PBX configuration and specs on the company website
Many vendors have maintenance modems that vendors can use to troubleshoot systems and
provide updates. They should normally be turned off. Also information about the system should
not be posted on the website and should be closely guarded.
Which of the following best describes the difference between a circuit based and
application based firewall?
A. Application based is more flexible and handles more protocols
B. Circuit based provides more security
C. Application based builds a state table
D. Circuit based looks at IP addresses and ports
E. Circuit based firewalls are only found in Cisco routers
Circuit based look only at IP address and ports, whereas application based dig much deeper into
the packet. This makes it more secure.
_________ is the fraudulent use of telephone services.
Phreaking is the fraudulent use of telephone services.
What is another name for a VPN?
C. Packet switching
E. Circuit switching
A VPN creates a secure tunnel through an insecure network.
Which of the following is a connection-orientated protocol?
TCP is a connection-orientated protocol.
Which of the following is not considered firewall technology?
A. Screened subnet
B. Screened host
C. Duel gateway host
D. Dual homed host
Duel gateway host is not considered firewall technology.
Which of the following can be used to defeat a call-back security system?
A. Call waiting
B. Passive wiretapping
C. Active wiretapping
D. Brute force password attacks
E. Call forwarding
Call forwarding can be used to bypass the call back feature and is considered a security risk.
Which type of network topology passes all traffic through all active nodes?
D. Token Ring
Token ring passes all traffic through nodes.
The act of validating a user with a unique and specific identifier is called what?
Authentication is the act of validating a user with a unique and specific identifier.
Why is fiber the most secure means of transmission?
A. High speed multiplexing
B. Interception of traffic is more difficult because it is optically based
C. Higher data rates make it more secure
D. Multiplexing prevents traffic analysis
E. Built-in fault tolerance
Fiber is more secure because it is hard to tap into and gives off no EMI such as copper cabling.
The IAB defines which of the following as a violation of ethics?
A. Performing a DoS
B. Downloading an active control
C. Performing a penetration test
D. Creating a virus
E. Disrupting Internet communications
The IAAB considers the Internet a privilege, not a right, and as such considers it unethical to
purposely disrupt communications.
A chain of custody shows who ______ _________ and _________.(Choose three)
A. Who controlled the evidence
B. Who transcribed the evidence
C. Who validated the evidence
D. Who presented the evidence
E. Secured the evidence
F. Obtained the evidence
The chain of evidence shows who obtained the evidence, who secured the evidence, and who
controlled the evidence.
Good forensics requires the use of a bit level copy?(True/False)
Good forensics requires the use of a bit level copy. A bit level copy duplicates all information on
the suspect’s disk. This includes slack space and free space.
Which agency shares the task of investigating computer crime along with the FBI?
A. Secret Service
C. Department of justice
D. Police force
Along with the FBI, the Secret Service has been given the authority to investigate computer
This type of password recovery is considered more difficult and must work through all
possible combinations of numbers and characters.
D. Brute force
Brute force cracking is considered more difficult and must work through all possible
combinations of numbers and characters.
_______ are added to Linux passwords to increase their randomness.
D. MD5 hashes
E. Asymmetric algorithms
Salts are added to Linux passwords to increase their randomness. They are used to help insure
that no two users have the same, hashed password.
The Linux root user password is typically kept in where?(Choose two)
The Linux root user password is typically kept in /etc/passwd or etc/shadow.
The goal of cryptanalysis is to ____________.
A. Determine the number of encryption permutations required
B. Reduce the system overhead for a crypto-system
C. Choose the correct algorithm for a specified purpose
D. Forge coded signals that will be accepted as authentic
E. Develop secure crypto-systems
The goal of cryptanalysis is to forge coded signals that will be accepted as authentic.
If an employee is suspected of computer crime and evidence need to be collected, which of
the following departments must be involved with the procedure?
A. Public relations
B. Law enforcement
C. Computer security
Human Resources always needs to be involved if an employee is suspected of wrongdoing. They
know what rules apply to protect and prosecute employees.
What is it called when a system has apparent flaws that were deliberately available for
penetration and exploitation?
A. A jail
D. Data manipulation
Administrators that leave systems with apparent flaws are performing an act of enticement. This
is sometimes called a honeypot.
Why are computer generated documents not considered reliable?
A. Difficult to detect electron tampering
B. Stored in volatile media
C. Unable to capture and reproduce
D. Too delicate
E. Because of US law, Section 7 paragraph 154
Because it is difficult to detect electron tampering and can be easily modified.
What is the name of the software that prevents users from seeing all items or directories on
a computer and is most commonly found in the UNIX/Linux environment?
A. Shell Kits
B. Root Kits
D. Shadow data
What is a commercial application of steganography that is used to identify pictures or
verify their authenticity?
A. A MAC
B. A digital checksum
C. A MD5 hash
D. A digital signature
E. A watermark
A watermark is a commercial application of steganography that is used to identify pictures or
verify its authenticity.
What are the basic questions that must be asked at the beginning of any
investigation?(Choose all that apply)
G. Time frame
At the beginning of any investigation, an investigator must ask who, what, when, where, and
how. Answering the questions will lead to the successful conclusion of the case.
Risk can be eliminated.(True/False)
Risk can never be eliminated. It may be reduced or transferred to a third party through insurance,
but will always remain in some form.
Employees are a greater risk to employers than outsiders. T/F(True/False)
Employees are a greater risk to employers than outsiders, because they possess two of the three
items required to commit a crime: means and opportunity.
What does the term “red boxing” mean?
A. Denial of Service
B. Telephone voltage manipulation
C. Sounds of coins dropping
D. Tone manipulation
E. A salami attack
Red boxing was used by phone phreakers to record the sound off coins dropping in pay phones
and play it back to gain free phone access.
Which of the following is the proper lifecycle of evidence?
A. A Collection, storage, present in court, destroy
B. Collection, transportation, storage, return to owner
C. Collection, present in court, transportation, return to owner
D. Collection, analysis, storage, present in court, return to owner
E. Collection, storage, transportation, present in court, return to owner
The life cycle of evidence includes: collection, analysis, storage, present in court, and return to
A copy of a computer disk would be what type of evidence?
A copy of a computer disk is considered hearsay, because unless it has been copied in a
forensically approved manner, it is not credible evidence.
A copyright protects _________.
A. The trade secrets of a company
B. A persons private papers
C. An invention
D. An expression or an idea
E. Distinguishing or unique characters, colors, or words
A copyright protects the expression of a resource, not the resource directly.
________ is a ________ attack that eavesdrops on communication. (Choose two)
C. Brute force
E. Password cracking
Wiretapping is a passive attack that eavesdrops on communication. It is only legal with prior
consent or a warrant.
What types of laws are considered standards of performance or conduct expected by
government agencies from companies, industries, and certain officials.(Chose all that
Administrative or regulatory laws are considered standards of performance or conduct expected
by government agencies from companies, industries, and certain officials.
Sandra’s employer is considering placing login banners on all company computers to
indicate to the users about the permitted use of company computers. What is this called?
A. Employee privacy law
B. Employee policies
C. Employee regulations
D. User policies
E. Acceptable use policy
Acceptable use policies provide the company with legal protection. Logon banners should be
used to inform users what will happen if they do not follow company rules.
________ deemed proprietary to a company and can be information that provides a
A. Trade secrets are
B. Copyrights are
C. Restricted information is
D. Information marked strictly private is
Trade secrets are deemed proprietary to a company and can be information that provides a
competitive edge. This information is protected as long as the owner takes the necessary security
Sandra is studying for her CISSP exam. Sandra has come to you for help and wants to
know what the last step in the change control process is?
A. Validated and approved
B. Test and implement
C. Review and approve
D. Report change to management
E. Inform user of change
Reporting the change to management is the last step in the process.
Who is ultimately responsible for the security of an organization?
B. Senior management
C. The chief security officer
D. Department heads
Senior management is ultimately responsible for the security of an organization. Policy flows
from the top down.
Which of the following falls under the categories of configuration management?(Choose
A. Operating system configuration
B. Software configuration
C. Hardware configuration
D. Logical configuration
E. Physical configuration
Configuration management controls the changes that take place in hardware, software, and
Macro viruses infect what type of files.
A. Microsoft office files
B. Mail servers
C. E-mail messages
D. Web browsers
E. Linux Kernel files
Macro viruses infect Microsoft office files. There are many macro viruses because the macro
language is easy to use and because Microsoft Office is prolific.
What is another name for rows and columns within relational databases?(Choose two)
Within a relational database, the rows of a table are called tuples and the columns are called
Which of the following can reproduce itself without the help of system applications or
B. Logic bomb
Worms can reproduce themselves without the help of system applications or resources.
What is the final stage of the system development life cycle?
Maintenance is the final stage of the system development life cycle.
A polymorphic virus is _____________.
A. A virus that makes copies of itself and then makes changes to those copies
B. A virus that can make itself stealth
C. A virus that is written in a macro language
D. A virus that is written in visual basic
E. A virus that infects the boot sector of a hard drive
A polymorphic virus is a virus that makes copies of itself, then makes changes to those copies. It
does this in hopes of avoiding detection of anti-virus software.
Which one of the following is identified by a business impact analysis?(Choose three)
A. Determining regulatory requirements
B. Analyzing the threats associated with each functional area
C. Determining the risk associated with each threat
D. Identifying the major functional areas of information
E. Determining the team members that will be associated with disaster planning
The following identifies a business impact analysis: analyzing the threats associated with each
functional area, determining the risk associated with each threat, and identifying the major
functional areas of information.
_______ are the step-by-step instructions used to satisfy control requirements.
Procedures are the step-by-step instructions used to satisfy control requirements.
Which of the following are controls that can be used to secure faxing of sensitive
data?(Choose all that apply)
A. Disable automatic printing
B. Print “sensitive document banner” on each page
C. Fax encryptor
D. Send to email boxes instead of printing
E. Restrict the use of fax machines that use a ribbon or duplication cartridge
All of the items listed can help secure faxes except printing a sensitive document banner,
which actually encourages people to look at the document.
Which of the following are considered administrative controls?(Choose all that apply)
A. Rotation of duties
B. Separation of duties
C. Implementation of WEP keys
D. Enforcing mandatory vacations
Rotation of duties, separation of duties, and mandatory vacations are all administrative controls,
enforcing WEP is a technical control
Why should organizations enforce separation of duties?
A. It ensures compliance with federal union rules
B. It helps verify that all employees know their job tasks
C. It provides for a better work environment
D. It encourages collusion
E. It is considered valuable in deterring fraud
Separation of duties is considered valuable in deterring fraud since fraud can occur if an
opportunity exists for collaboration between various job related capabilities. The most
commonly used examples are the separate transactions needed to initiate a payment and to
authorize a payment. No single individual should be capable of executing both transactions.
What is the most secure way to dispose of data held on a CD?
C. Physical destruction
Since CD’s cannot be sanitized in a way to remove all data, they should be physically destroyed.
There are many products that con do this. Some actually shred the CD!
What is the most accepted way to dispose data held on a floppy disk?
C. Physical destruction
Degaussing is the most accepted way of disposing data held on a floppy disk.
Which of the following is NOT an attack against operations?
A. Morris Worm
B. SYN Denial of Service
C. Buffer Overflow
D. Brute force
E. Known plain text attack
A known plain text attack is an attack against the organization’s cryptosystem, not a direct attack
Which one of the following tools can be used to launch a Distributed Denial of service
attack against a network?
Trinoo and the Tribal Flood Network (TFN) are the two most commonly used distributed denial
of service attacks. The other four tools mentioned are reconnaissance techniques used to map
networks and scan for known vulnerabilities.
Which one of the following network attacks takes advantages of weaknesses in the
fragment reassembly functionality of the TCP/IP protocol stack?
C. Ping of Death
D. SYN flood
E. SNMP Attack
The teardrop attack uses overlapping packet fragments to confuse a target system and cause the
system to reboot or crash.
What are the elements of the CIA triad?(Choose three)
The essential security principles of confidentiality, integrity, and availability are referred to as
the CIA Triad.
____________ is the first step of access control.
E. Accountability logging
The first step in the access control process is identifying who the subject is.
What is a Type 2 authentication factor?
A. Something you know
B. Something you are
C. Something you have
A Type 2 authentication factor is something you have, such as a smart card, ATM card, token
device, memory card, etc.
_______ requires that two entities work together to complete a task?
A. Rotation of duties
B. Separation of duties
C. Dual controls
D. Enforced mandatory vacations
E. Workplace rules
Dual controls require that two entities work together to complete a task. This is used to reduce
the possibility of fraud.
PGP provides which of the following?(Choose three)
PGP provides confidentiality, integrity, and authenticity.
Computer security is generally considered the responsibility of everyone in the
Everyone is responsible for security.
Which aspect of security was the Bell-LaPadula access control model designed to protect?
The Bell-LaPadula model is focused on maintaining confidentiality.
Which access control method uses security policies and security awareness training to stop
or deter an unauthorized activity from occurring?
Preventative access control is deployed to stop an unauthorized activity from occurring.
The Secure Hash Algorithm (SHA) is specified in?
A. Digital Encryption Standard
B. Digital Signature Standard
C. Digital Encryption Standard
D. Advanced Encryption Standard
E. NSA 1403
The Secure Hash Algorithm (SHA) is specified in the Digital Encryption Standard. This is the
most widely used encryption to date. It is used to encrypt millions of files ranging from matters
of national security, to bank accounts, and electronic funds transfers.
Which of the following is an example of a symmetric key algorithm?(Choose all that apply)
All the others except Rijndael and IDEA are examples of asymmetric key algorithms.
Actualtests.com – The Power of Knowing