单选题WhatdotheSAvaluesinthegraphicofIPSecthatfollowsrepresent?
单选题What type of markup language allows company interfaces to pass service requests and the receiving company provision access to these services?
单选题Thereareseveraltypesofattacksthatprogrammersneedtobeawareof.Whatattackdoesthegraphicthatfollowsillustrate?
单选题The following scenario applies to questions 27 and 28.Sam is the security manager of a company that makes most of its revenue from its intellectual property. Sam has implemented a process improvement program that has been certified by an outside entity. His company received a Level 2 during an appraisal process, and he is putting in steps to increase this to a Level 3. A year ago when Sam carried out a risk analysis, he determined that the company was at too much of a risk when it came to potentially losing trade secrets. The countermeasure his team implemented reduced this risk, and Sam determined that the annualized loss expectancy of the risk of a trade secret being stolen once in a hundred-year period is now $400.
单选题Therearefourwaysofdealingwithrisk.Inthegraphicthatfollows,whichmethodismissingandwhatisthepurposeofthismethod?
单选题______ provides a machine-readable description of the specific operations provided by a specific Web service. ______provides a method for Web services to be registered by service providers and located by service consumers.
单选题Therearedifferentwaysofprovidingintegrityandauthenticationwithincryptography.Whattypeoftechnologyisshowninthegraphicthatfollows?
单选题Lacy's manager has tasked her with researching an intrusion detection system for a new dispatching center. Lacy identifies the top five products and compares their ratings. Which of the following are the evaluation criteria most in use today for these types of purposes?
单选题Database software should meet the requirements of what is known as the ACID test. Why should database software carry out atomic transactions, which is one requirement of the ACID test, when OLTP is used?
单选题Privacy is becoming more threatened as the world relies more and more on technology. There are several approaches to addressing privacy, including the generic approach and regulation by industry. Which of the following best describes these two approaches?
单选题What type of database software integrity service guarantees that tuples are uniquely identified by primary key values?
单选题Mandy needs to calculate how many keys must be generated for the 260 employees using the company"s PKI asymmetric algorithm. How many keys are required?
单选题CGTV can use fixed focal length or varifocal lenses. Which of the following correctly describes the lenses used in CCTV?
单选题Virtualization offers many benefits. Which of the following incorrectly describes virtualization?
单选题Protectionmethodscanbeintegratedintosoftwareprograms.Whattypeofprotectionmethodisillustratedinthegraphicthatfollows?
单选题Fred is a new security officer who wants to implement a control for detecting and preventing users who attempt to exceed their authority by misusing the access rights that have been assigned to them. Which of the following best fits this need?
单选题Steve, a department manager, has been asked to join a committee that is responsible for defining an acceptable level of risk for the organization, reviewing risk assessment and audit reports, and approving significant changes to security policies and programs. What committee is he joining?
单选题Jane has been charged with ensuring that clients' personal health information is adequately protected before it is exchanged with a new European partner. What data security requirements must she adhere to?
单选题Of the following steps that describe the development of a botnet, which best describes the step that comes first?
单选题Which of the following is not true of IDSs?
单选题Brad is a security manager at Thingamabobs Inc. He is preparing a presentation for his company"s executives on the risks of using instant messaging (IM) and his reasons for wanting to prohibit its use on the company network. Which of the following should not be included in his presentation?
单选题What cryptographic attack type carries out a mathematical analysis by trying to break a math problem from the beginning and the end of the mathematical formula simultaneously?
单选题Which of the following categories of routing protocols builds a topology database of the network?
单选题A suspected crime has been reported within your organization. Which of the following steps should the incident response team take first?
单选题A rule-based IDS takes a different approach than a signature-based or anomaly based system. Which of the following is characteristic of a rule-based IDS?
单选题End-to-end encryption is used by users, and link encryption is used by service providers. Which of the following correctly describes these technologies?
单选题Which of the following does not describe IP telephony security?
单选题Business continuity plans can be assessed via a number of tests. Which type of test continues up to the point of actual relocation to an offsite facility and actual shipment of replacement equipment?
单选题Michael is charged with developing a classification program for his company. Which of the following should he do first?
单选题During what stage of incident response is it determined if the source of the incident was internal or external, and how the offender penetrated and gained access to the asset?
单选题When an organization is unsure of the final nature of the product, what type of system development method is most appropriate for them?
单选题ThereareseveraldifferentimportantpiecestotheCommonCriteria.Whichofthefollowingbestdescribesthefirstofthemissingcomponents?
单选题Mary is creating malicious code that will steal a user's cookies by modifying the original client-side Java script. What type of cross-site scripting vulnerability is she exploiting?
单选题A number of factors should be considered when assigning values to assets. Which of the following is not used to determine the value of an asset?
单选题Which of the following correctly describes a drawback of symmetric key systems?
单选题Encryption can happen at different layers of an operating system and network stack. Where does PPTP encryption take place?
单选题Various levels of RAID dictate the type of activity that will take place within the RAID system. Which level is associated with byte-level parity?
单选题Which of the following was the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation?
单选题Which of the following correctly describes the difference between public key cryptography and public key infrastructure?
单选题Harrison is evaluating access control products for his company. Which of the following is not a factor he needs to consider when choosing the products?
单选题The following scenario applies to questions 28 and 29.Tim's development team is designing a new operating system. One of the requirements of the new product is that critical memory segments need to be categorized as nonexecutable, with the goal of reducing malicious code from being able to execute instructions in privileged mode. The team also wants to make sure that attackers will have a difficult time predicting execution target addresses.
单选题Which of the following describes the type of construction materials most commonly used to build a bank's exterior walls?
单选题Mirroringofdrivesiswhendataiswrittentotwodrivesatonceforredundancypurposes.Whatsimilartypeoftechnologyisshowninthegraphicthatfollows?
单选题Thereareseveraltypesofredundanttechnologiesthatcanbeputintoplace.Whattypeoftechnologyisshowninthegraphicthatfollows?
单选题The following scenario applies to questions 26 and 27.Charlie is a new security manager at a textile company that develops its own proprietary software for internal business processes. Charlie has been told that the new application his team needs to develop must comply with the ISO/IEC 42010 standard. He has found out that many of the critical applications have been developed in the C programming language and has asked for these applications to be reviewed for a specific class of security vulnerabilities.
单选题Thereareseveraldifferenttypesofimportantarchitectureswithinpublickeyinfrastructures.Whicharchitecturedoesthegraphicthatfollowsrepresent?
单选题WhichtypeofWANtunnelingprotocolismissingfromthetablethatfollows?
单选题As head of sales, Jim is the information owner for the sales department. Which of the following is not Jim's responsibility as information owner?
单选题Therearedifferentwaysthatspecifictechnologiescancreateone-timepasswordsforauthenticationpurposes.Whattypeoftechnologyisillustratedinthegraphicthatfollows?
单选题Therearemanydifferenttypesofaccesscontrolmechanismsthatarecommonlyembeddedintoalloperatingsystems.Whichofthefollowingisthemechanismthatismissinginthisgraphic?
单选题Which of the following works similarly to stream ciphers?
单选题Which of the following does not correctly describe a directory service?
单选题Anaccesscontrolmatrixisusedinmanyoperatingsystemsandapplicationstocontrolaccessbetweensubjectsandobjects.Whatisthecolumninthistypeofmatrixreferredtoas?AccessControlMatrix
单选题What was the direct predecessor to Standard Generalized Markup Language(SGML)?
单选题Which of the following statements is not true of dumpster diving?
单选题A number of measures should be taken to help protect devices and the environment from electric power issues. Which of the following is best to keep voltage steady and power clean?
单选题Which of the following is not a common component of configuration management change control steps?
单选题Which of the following is a light-sensitive chip used in most of today's CCTV cameras?
单选题Data marts, databases, and data warehouses have distinct characteristics. Which of the following does not correctly describe a data warehouse?
单选题Alex works for a chemical distributor that assigns employees tasks that separate their duties and routinely rotates job assignments. Which of the following best describes the differences between these countermeasures?
单选题CPUs and operating systems can work in two main types of multitasking modes. What controls access and the use of system resources in preemptive multitasking mode?
单选题During an incident response, what stage involves mitigating the damage caused by an incident?
单选题Which of the following is a correct statement regarding computer forensics?
单选题Inaredundantarrayofinexpensivedisks(RAID)systems,dataandparityinformationarestripedoverseveraldifferentdisks.Whatisparityinformationusedfor?
单选题Which of the following best describes Key Derivation Functions (KDFs)?
单选题SSL is a de facto protocol used for securing transactions that occur over untrusted networks. Which of the following best describes what takes place during an SSL connection setup process?
单选题ISO/IEC 27000 is part of a growing family of ISO/IEC information security management systems (ISMS) standards. It comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC). Which of the following provides an incorrect mapping of the individual standards that make up this family of standards?
单选题Assigning data classification levels can help with all of the following except:
单选题Computer programs that are based on human logic by using "if/then" statements and inference engines are called______.
单选题Thereareseveraldifferenttypesofcentralizedaccesscontrolprotocols.Whichofthefollowingisillustratedinthegraphicthatfollows?
单选题Of the following plans, which establishes senior management and a headquarters after a disaster?
单选题Therearefourwaysofdealingwithrisk.Inthegraphicthatfollows,whichmethodismissingandwhatisthepurposeofthismethod?
单选题CrimePreventionThroughEnvironmentalDesign(CPTED)isadisciplinethatoutlineshowtheproperdesignofaphysicalenvironmentcanreducecrimebydirectlyaffectinghumanbehavior.OfCPTED'sthreemaincomponents,whatisillustratedinthefollowingphoto?
单选题What markup language allows for the sharing of application security policies to ensure that all applications are following the same security rules?
单选题An elliptic curve cryptosystem is an asymmetric algorithm. What sets it apart from other asymmetric algorithms?
单选题Thereareseveraldifferenttypesofimportantarchitectureswithinbackuptechnologies.Whicharchitecturedoesthegraphicthatfollowsrepresent?
单选题Which of the following best describes the difference between a virtual firewall that works in bridge mode versus one that is embedded into a hypervisor?
单选题Protection profiles used in the Common Criteria evaluation process contain five elements. Which of the following establishes the type and intensity of the evaluation?
单选题Virtual storage combines RAM and secondary storage for system memory. Which of the following is a security concern pertaining to virtual storage?
单选题Therearedifferentwaysthatspecifictechnologiescancreateone-timepasswordsforauthenticationpurposes.Whattypeoftechnologyisillustratedinthegraphicthatfollows?
单选题Sarah recently learned that the painting she inherited from a relative and hung in her downtown coffee shop is worth a lot of money. She is worried about its protection and wants to install an IDS. Which of the following intrusion detection systems is the most appropriate for protecting the painting?
单选题Brian, a security administrator, is responding to a virus infection. The antivirus application reports that a file has been infected with a dangerous virus and disinfecting it could damage the file. What course of action should Brian take?
单选题DNS is a popular target for attackers due to its strategic role on the Internet. What type of attack uses recursive queries to poison the cache of a DNS server?
单选题For evidence to be legally admissible, it must be authentic, complete, sufficient, and reliable. Which characteristic refers to the evidence having a reasonable and sensible relationship to the findings?
单选题A number of attacks can be performed against smart cards. Side-channel is a class of attacks that doesn"t try to compromise a flaw or weakness. Which of the following is not a side-channel attack?
单选题Thereareseveraldifferenttypesoftechnologieswithincryptographythatprovideconfidentiality.Whatisrepresentedinthegraphicthatfollows?
单选题Which of the following correctly describes Bluejacking?
单选题The following scenario is to be used for questions 27, 28, and 29.Mike is the new CSO of a large pharmaceutical company. He has been asked to revamp the company's physical security program and better align it with the company's information security practices. Mike knows that the new physical security program should be made up of controls and processes that support the following categories: deterrent, delaying, detection, assessment, and response.
单选题Which of the following correctly describes a federated identity and its role within identity management processes?
单选题Which of the following attacks can be best prevented by limiting the amount of electrical signals emitted from a computer system?
单选题Anaccesscontrolmatrixisusedinmanyoperatingsystemsandapplicationstocontrolaccessbetweensubjectsandobjects.Whatisthecolumninthistypeofmatrixreferredtoas?
单选题Which security architecture model defines how to securely develop access rights between subjects and objects?
单选题The trusted computing base (TCB) ensures security within a system when a process in one domain must access another domain in order to retrieve sensitive information. What function does the TCB initiate to ensure that this is done in a secure manner?
单选题Security countermeasures should be transparent to users and attackers. Which of the following does not describe transparency?
单选题Susan, an attorney, has been hired to fill a new position at Widgets Inc. The position is Chief Privacy Officer (CPO). What is the primary function of her new role?
单选题Sue has been tasked with implementing a number of security controls, including antivirus and antispam software, to protect the company"s e-mail system, What type of approach is her company taking to handle the risk posed by the system?
单选题Listintheproperorderfromthetableonthetopofthenextpagethelearningobjectivesthataremissingandtheirproperdefinitions.
单选题Lisa has learned that most databases implement concurrency controls. What is concurrency, and why must it be controlled?
单选题ACME Inc. paid a software vendor to develop specialized software, and that vendor has gone out of business. ACME Inc. does not have access to the code and therefore cannot keep it updated. What mechanism should the company have implemented to prevent this from happening?
单选题Widgets Inc. wishes to protect its logo from unauthorized use. Which of the following will protect the logo and ensure that others cannot copy and use it?
单选题Which of the following is not considered a countermeasure to port scanning and operating system fingerprinting?
单选题Of the following, what is the primary item that a capability listing is based upon?
单选题Which of the following is considered the second generation of programming languages?
单选题Sam plans to establish mobile phone service using the personal information he has stolen from his former boss. What type of identity theft is this?
单选题There are several components involved with steganography. Which of the following refers to a file that has hidden information in it?
单选题Sally has found out that software programmers in her company are making changes to software components and uploading them to the main software repository without following version control or documenting their changes. This is causing a lot of confusion and has caused several teams to use the older versions. Which of the following would be the best solution for this situation?
单选题Before an effective physical security program can be rolled out, a number of steps must be taken. Which of the following steps comes first in the process of rolling out a security program?
单选题Thereareseveraldifferentmodesthatblockcipherscanworkin.Whichmodedoesthegraphicthatfollowsportray?
单选题John is installing a sprinkler system that makes use of a thermal-fusible link for a data center located in Canada. Which of the following statements is true of the system he's installing?
单选题IPv6 has many new and different characteristics and functionality compared to IPv4. Which of the following is an incorrect functionality or characteristic of IPv6?
ⅰ. IPv6 allows for nonscoped addresses, which enables an administrator to restrict specific addresses for specific servers or file and print sharing, for example.
ⅱ. IPv6 has IPSec integrated into the protocol stack, which provides application-based secure transmission and authentication.
ⅲ. IPv6 has more flexibility and routing capabilities compared to IPv4 and allows for Quality of Service (QoS) priority values to be assigned to time sensitive transmissions.
ⅳ. The protocol offers auto configuration, which makes administration much easier compared to IPv4, and it does not require network address translation (NAT) to extend its address space.
单选题As his company's CISO, George needs to demonstrate to the Board of Directors the necessity of a strong risk management program. Which of the following should George use to calculate the company's residual risk?
单选题David is preparing a server room at a new branch office. What locking mechanisms should he use for the primary and secondary server room entry doors?
单选题If Marge uses her private key to create a digital signature on a message she is sending to George, but she does not show or share her private key with George, what is it an example of?
单选题Which of the following incorrectly describes how routing commonly takes place on the Internet?
单选题Which of the following antivirus detection methods is the most recent to the industry and monitors suspicious code as it executes within the operating system?
单选题Cross-site scripting (XSS) is an application security vulnerability usually found in Web applications. What type of XSS vulnerability occurs when a victim is tricked into opening a URL programmed with a rogue script to steal sensitive information?
单选题Hanna is a new security manager for a computer consulting company. She has found out that the company has lost intellectual property in the past because malicious employees installed rogue devices on the network, which were used to capture sensitive traffic. Hanna needs to implement a solution that ensures only authorized devices are allowed access to the company network. Which of the following IEEE standards was developed for this type of protection?
单选题The common law system is broken down into which of the following categories?
单选题Operating systems have evolved and changed over the years. The earlier operating systems were monolithic and did not segregate critical processes from noncritical processes. As time went on operating system vendors started to reduce the amount of programming code that ran in kernel mode. Only the absolutely necessary code ran in kernel mode, and the remaining operating system code ran in user mode. This architecture introduced performance issues, which required the operating system vendors to reduce the critical operating system functionality to microkernels and allow the remaining operating system functionality to run in client/server models within kernel mode.
单选题Hannah has been assigned the task of installing Web access management (WAM) software. What is the best description for what WAM is commonly used for?
单选题Sam is the security manager of a company that makes most of its revenue from its intellectual property. Sam has implemented a process improvement program that has been certified by an outside entity. His company received a Level 2 during an appraisal process, and he is putting in steps to increase this to a Level 3. A year ago when Sam carried out a risk analysis, he determined that the company was at too much of a risk when it came to potentially losing trade secrets. The countermeasure his team implemented reduced this risk, and Sam determined that the annualized loss expectancy of the risk of a trade secret being stolen once in a hundred-year period is now $400.
单选题Whattechnologywithinidentitymanagementisillustratedinthegraphicthatfollows?
单选题The NIST organization has defined best practices for creating continuity plans. Which of the following phases deals with identifying and prioritizing critical functions and systems?
单选题There are several categories of evidence. How is a witness's oral testimony categorized?
单选题Which of the following does not describe privacy-aware role-based access control?
单选题WhichtypeofWANtunnelingprotocolismissingfromthetablethatfollows?
单选题Which of the following occurs in a PKI environment?
单选题The relay agent on a mail server plays a role in spam prevention. Which of the following incorrectly describes mail relays?
单选题Which of the following best defines a virtual machine?
单选题Robert has been given the responsibility of installing doors that provide different types of protection. He has been told to install doors that provide failsafe, fail-secure, and fail-soft protection. Which of the following statements is true about secure door types?
单选题The integrity of data is not related to which of the following?
单选题Windows can have different glazing materials. What type of window may be prohibited by fire codes because of its combustibility?
单选题Authorization creep is to access controls what scope creep is to software development. Which of the following is not true of authorization creep?
单选题There are several types of volumetric IDSs. What type of IDS emits a measurable magnetic field that it monitors for disruptions?
单选题Which of the following statements does not correctly describe SOAP and Remote Procedure Calls?
单选题A change management process should include a number of procedures. Which of the following incorrectly describes a characteristic or component of a change control policy?
单选题Paisley is helping her company identify potential site locations for a new facility. Which of the following is not an important factor when choosing a location?
单选题______is a set of extensions to DNS that provides to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types.
单选题Both de facto and proprietary interior protocols are in use today. Which of the following is a proprietary interior protocol that chooses the best path between the source and destination?
单选题The following scenario is to be used for questions 30, 31, and 32.Greg is the security facility officer of a financial institution. His boss has told him that visitors need a secondary screening before they are allowed into sensitive areas within the building. Greg has also been told by the network administrators that after the new HVAC system was installed throughout the facility, they have noticed that power voltage to the systems in the data center sags.
单选题The following scenario will be used to answer questions 30, 31 and 32. Jeff is leading the business continuity group in his company. They have completed a business impact analysis and have determined that if the company's credit card processing functionality was unavailable for 48 hours the company would most likely experience such a large financial hit that it would have to go out of business. The team has calculated that this functionality needs to be up and running within 28 hours after experiencing a disaster for the company to stay in business. The team has also determined that the restoration steps must be able to restore data that are one hour old or less.
单选题Therearemanydifferenttypesofaccesscontrolmechanismsthatarecommonlyembeddedintoalloperatingsystems.Whichofthefollowingisthemechanismthatismissinginthisgraphic?
单选题Several teams should be involved in carrying out the business continuity plan. Which team is responsible for starting the recovery of the original site?
单选题Which of the following best describes how SAML, SOAP, and HTTP commonly work together in an environment that provides Web services?
单选题Widgets Inc.'s software development processes are documented and the organization is capable of producing its own standard of software processes. Which of the following Capability Maturity Model Integration levels best describes Widgets Inc.?
单选题Which of the following is not a responsibility of the memory manager?
单选题Brian has been asked to work on the virtual directory of his company"s new identity management system. Which of the following best describes a virtual directory?
单选题The following scenario will be used for questions 26, 27, and 28.Trent is the new manager of his company's internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Web Application Security Consortium, and Trent just received an e-mail stating that one of the company's currently deployed applications has a zero day vulnerability.
单选题There are several types of intrusion detection systems (IDSs). What type of IDS builds a profile of an environment"s normal activities and assigns an anomaly score to packets based on the profile?
单选题There are two main functions that Trusted Platform Modules (TPMs) carry out within systems today. Which of the following best describes these two functions?
单选题Whattechnologywithinidentitymanagementisillustratedinthegraphicthatfollows?
单选题Differentaccesscontrolmodelsprovidespecifictypesofsecuritymeasuresandfunctionalityinapplicationsandoperatingsystems.Whatmodelisbeingexpressedinthegraphicthatfollows?
单选题There are four categories of software licensing. Which of the following refers to software sold at a reduced cost?
单选题Thereareseveraldifferenttypesofdatabases.Whichtypedoesthegraphicthatfollowsillustrate?
单选题Which of the following is not an effective countermeasure against spam?
单选题With what phase of a business continuity plan does a company proceed when it is ready to move back into its original site or a new site?
单选题What discipline combines the physical environment and sociology issues that surround it to reduce crime rates and the fear of crime?
单选题Sally is carrying out a software analysis on her company"s proprietary application. She has found out that it is possible for an attacker to force an authorization step to take place before the authentication step is completed successfully. What type of issue would allow for this type of compromise to take place?
单选题Hereisagraphicofabusinesscontinuitypolicy.Whichcomponentismissingfromthisgraphic?
单选题There are many types of viruses that hackers can use to damage systems. Which of the following is not a correct description of a polymorphic virus?
单选题The Information Technology Infrastructure Library(ITIL) consists of five sets of instructional books. Which of the following is considered the core set and focuses on the overall planning of the intended IT services?
单选题Thereareseveraldifferenttypesofcentralizedaccesscontrolprotocols.Whichofthefollowingisillustratedinthegraphicthatfollows?
单选题It is not unusual for business continuity plans to become out of date. Which of the following is not a reason why plans become outdated?
单选题Angela wants to group together computers by department to make it easier for them to share network resources. Which of the following will allow her to group computers logically?
单选题Which of the following is the best description of a component-based system development method?
单选题Which of the following describes object-oriented programming deferred commitment?
单选题Which of the following incorrectly describes the concept of executive succession planning?
单选题High availability (HA) is a combination of technologies and processes that work together to ensure that specific critical functions are always up and running at the necessary level. To provide this level of high availability, a company has to have a long list of technologies and processes that provide redundancy, fault tolerance, and failover capabilities. Which of the following best describes these characteristics?
单选题Certain types of attacks have been made more potent by which of the following advances to microprocessor technology?
单选题Cyberlaw categorizes computer-related crime into three categories. Which of the following is an example of a crime in which the use of a computer would be categorized as incidental?
单选题Amultitaskingoperatingsystemcanhaveseveralprocessesrunningatthesametime.Whatarethecomponentswithintheprocessesthatareshowninthegraphicthatfollows?
单选题After a disaster occurs, a damage assessment needs to take place. Which of the following steps occurs last in a damage assessment?
单选题Which of the following refers to the amount of time it will be expected to take to get a device fixed and back into production?
单选题There are several types of password management approaches used by identity management systems. Which of the following reduces help-desk call volume, but is also criticized for the ease with which a hacker could gain access to multiple resources if a password is compromised?
单选题Organizations should keep system documentation on hand to ensure that the system is properly cared for, that changes are controlled, and that the organization knows what's on the system. What does not need to be in this type of documentation?
单选题As with logical access controls, audit logs should be produced and monitored for physical access controls. Which of the following statements is correct about auditing physical access?
单选题In computer programming, cohesion and coupling are used to describe modules of code. Which of the following is a favorable combination of cohesion and coupling?
单选题Whattypeoftechnologyisrepresentedinthegraphicthatfollows?
单选题Whatisthemissingsecondstepinthegraphicthatfollows?
单选题What type of exploited vulnerability allows more input than the program has allocated space to store it?
单选题Whattypeofinfrastructuralsetupisillustratedinthegraphicthatfollows?
单选题Whattypeoftechnologyisrepresentedinthegraphicthatfollows?
单选题Whatarethethreetypesofpoliciesthataremissingfromthefollowinggraphic?
单选题As a CISSP candidate, you must sign a Code of Ethics. Which of the following is from the (ISC)
2
Code of Ethics for the CISSP?
单选题There are two main types of symmetric ciphers: stream and block. Which of the following is not an attribute of a good stream cipher?
单选题For what purpose was the COSO framework developed?
单选题An outline for a physical security design should include program categories and the necessary countermeasures for each. What category do locks and access controls belong to?
单选题Risk assessment has several different methodologies. Which of the following official risk methodologies was not created for the purpose of analyzing security risks?
单选题Which of the following is a common association of the Clark-Wilson access model?
单选题The Recovery Time Objective (RTO) and Maximum Tolerable Downtime (MTD) metrics have similar roles, but their values are very different. Which of the following best describes the difference between RTO and MTD metrics?
单选题Whattypeofsecurityencryptioncomponentismissingfromthetablethatfollows?
单选题Charlie is a new security manager at a textile company that develops its own proprietary software for internal business processes. Charlie has been told that the new application his team needs to develop must comply with the ISO/IEC 42010 standard. He has found out that many of the critical applications have been developed in the C programming language and has asked for these applications to be reviewed for a specific class of security vulnerabilities.
单选题What type of fence detects if someone attempts to climb or cut it?
单选题Preplanned business continuity procedures provide organizations a number of benefits. Which of the following is not a capability enabled by business continuity planning?
单选题Thereareseveralsecurityenforcementcomponentsthatarecommonlybuiltintooperatingsystems.Whichcomponentisillustratedinthegraphicthatfollows?
单选题Electrical power is being provided more through smart grids, which allow for self-healing, resistance to physical and cyberattacks, increased efficiency, and better integration of renewable energy sources. Countries want their grids to be more reliable, resilient, flexible, and efficient. Why does this type of evolution in power infrastructure concern many security professionals?
单选题RAID systems use a number of techniques to provide redundancy and performance. Which of the following activities divides and writes data over several drives?
单选题The requirement of erasure is the end of the media life cycle if it contains sensitive information. Which of the following best describes purging?
单选题Whattypeofriskanalysisapproachdoesthefollowinggraphicprovide?
单选题IDSs can detect intruders by employing electromechanical systems or volumetric systems. Which of the following correctly describes these systems?
单选题Bethany is working on a mandatory access control (MAC) system. She has been working on a file that was classified as Secret. She can no longer access this file because it has been reclassified as Top Secret. She deduces that the project she was working on has just increased in confidentiality and she now knows more about this project than her clearance and need-to-know allows. Which of the following refers to a concept that attempts to prevent this type of scenario from occurring?
单选题Two commonly used networking protocols are TCP and UPD. Which of the following correctly describes the two?
单选题Thereareseveraldifferenttypesofauthenticationtechnologies.Whichtypeisbeingshowninthegraphicthatfollows?
单选题Which of the following is a legal form of eavesdropping when performed with prior consent or a warrant?
单选题John is responsible for providing a weekly report to his manager outlining the week's security incidents and mitigation steps. What steps should he take if a report has no information?
单选题If implemented properly, a one-time pad is a perfect encryption scheme. Which of the following incorrectly describes a requirement for implementation?
单选题Which of the following occurs in a PK.I environment?
单选题Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer?
单选题There are different ways that operating systems can carry out software I/O procedures. Which of the following is used when the CPU sends data to an I/O device and then works on another process's request until the I/O device is ready for more data?
单选题Thereareseveraldifferenttypesofauthenticationtechnologies.Whichtypeisbeingshowninthegraphicthatfollows?
单选题Management support is critical to the success of a business continuity plan. Which of the following is the most important to be provided to management to obtain their support?
单选题The following scenario will be used for questions 30 and 31.Stephanie has been put in charge of developing incident response and forensics procedures her company needs to carry out if an incident occurs. She needs to ensure that their procedures map to the international principles for gathering and protecting digital evidence. She also needs to ensure that if and when internal forensics teams are deployed, they have labels, tags, evidence bags, cable ties, imaging software, and other associated tools.
单选题Amultitaskingoperatingsystemcanhaveseveralprocessesrunningatthesametime.Whatarethecomponentswithintheprocessesthatareshowninthegraphicthatfollows?
单选题Which of the following indicates to a packet where to go and how to communicate with the right service or protocol on the destination computer?
单选题The following scenario will be used for questions 28 and 29.Jack has been told that successful attacks have been taking place and data that have been encrypted by his company's software systems have leaked to the company's competitors. Through Jack's investigation he has discovered that the lack of randomness in the seeding values used by the encryption algorithms in the company's software uncovered patterns and allowed for successful reverse engineering.
单选题Whattypeofriskanalysisapproachdoesthefollowinggraphicprovide?
单选题Which of the following correctly best describes an object-oriented database?
单选题Tom works at a large retail company that recently deployed radio-frequency identification (RFID) to better manage its inventory processes. Employees use scanners to gather product-related information instead of manually looking up product data. Tom has found out that malicious customers have carried out attacks on the RFID technology to reduce the amount they pay on store items. Which of the following is the most likely reason for the existence of this type of vulnerability?
单选题Whattypeoftelecommunicationtechnologyisillustratedinthegraphicthatfollows?
单选题Jill is establishing a companywide sales program that will require different user groups with different privileges to access information on a centralized database. How should the security manager secure the database?
单选题As his company's business continuity coordinator, Matthew is responsible for helping recruit members to the business continuity planning (BCP) committee. Which of the following does not correctly describe this effort?
单选题Whatarethethreetypesofpoliciesthataremissingfromthefollowinggraphic?
单选题The operations team is responsible for defining which data gets backed up and how often. Which type of backup process backs up files that have been modified since the last time all data was backed up?
单选题Which of the following is a correct description of the pros and cons associated with third-generation programming languages?
单选题Guidelines should be followed to allow secure remote administration. Which of the following is not one of those guidelines?
单选题Differenttypesofmaterialarebuiltintowallsandotherconstructsofvarioustypesofbuildingsandfacilities.Whattypeofmaterialisshowninthefollowingphoto?
单选题There are different types of approaches to regulations. Which of the following is an example of self-regulation?
单选题Severaldifferenttypesofsmokeandfiredetectorscanbeused.Whattypeofdetectorisshowninthefollowinggraphic?
单选题Gizmos and Gadgets has restored its original facility after a disaster. What should be moved in first?