Answers to Practice Exam 2
Answers to Practice Exam Questions
A1: |
The correct answer is D. Smoke-activated fire detectors use a photoelectric sensor to detect a fire. Answer A is incorrect because flame-activated sensors respond to the infrared energy that emanates from a fire. Answer B is incorrect because heat-activated sensors respond to the infrared energy. Answer C is incorrect because there is no category of fire detector known as pressure activated. |
A2: |
The correct answer is D. Class D fires result from combustible metals. All other answers are incorrect: Class A fires consist of wood and paper products, Class B fires consist of liquids such as petroleum, and Class C fires are electrical fires. |
A3: |
The correct answer is A. A deluge water sprinkler system works by leaving the sprinkler head open and filling the pipe only when a fire has been detected. Answers B, C, and D are incorrect: Dry-pipe systems hold back the water by means of a value, preaction systems release water into the pipe only when a specified temperature triggers its release, and wet-pipe systems always contain water that is released by a sensor. |
A4: |
The correct answer is A. Magnetic strip card keys contain rows of copper strips. Answers B, C, and D are incorrect: Electronic circuit card keys have embedded electronic circuits, magnetic stripe card keys have a stripe of magnetic material, and active electronic cards can transmit data. |
A5: |
The correct answer is D. Hard-drive encryption offers the best defense against the loss of confidentiality. Answer A is incorrect because integrity programs validate the integrity of installed software but do not validate its confidentiality. Answer B is incorrect; reward labels might or might not encourage someone to return equipment and, again, will not protect its confidentiality. Answer C is incorrect because locking cables might prevent someone from removing a laptop but won't prevent someone from accessing data on the device. |
A6: |
The correct answer is B. If halon is deployed in concentrations of greater than 10% and in temperatures of 900°F or more, it degrades into hydrogen fluoride, hydrogen bromide, and bromine. This toxic brew can be deadly. Answers A, C, and D are incorrect because concentrations must be 10% or greater and temperatures must reach 900°F. |
A7: |
The correct answer is C. The NIST standard for perimeter protection using lighting is that critical areas should be illuminated with 2 candle feet of power at a height of 8 feet. Answers A, B, and D do not match the NIST standards. |
A8: |
The correct answer is A. A Type I error occurs when a biometric system denies an authorized individual access. Answer B is incorrect because a Type II error occurs when an unauthorized individual is granted access. Answers C and D are incorrect because Type III and IV errors do not exist. |
A9: |
The correct answer is A. When comparing biometric systems, the most important item to consider is the crossover error rate (CER). The CER is the point at which the false acceptance rate meets the false rejection rate. The CER relates to the accuracy of the biometric system. Answers B, C, and D are not correct because there are no measurements known as error acceptance rate, crossover acceptance rate, or failure acceptance rate. |
A10: |
The correct answer is B. RSA's SecurID is an example of synchronous authentication. Devices used in the synchronous authentication process are synchronized to the authentication server. Each individual passcode is valid for only a very short period of time. Answer A is incorrect because RSA's SecurID might be part of an SSO system, but this is not an accurate answer. Answer C is incorrect because although RSA's SecurID might be considered a token, it is not the most accurate answer available. Answer D is incorrect because asynchronous authentication devices are not synchronized to the authentication server. These devices use a challenge-response mechanism. |
A11: |
The correct answer is A. NetSP is an example of SSO technology. NetSP is a KryptoKnight derivative that functions at Layer 3 and does not require clock synchronization. Answers B and C, RADIUS and TACACS, are incorrect because they are both examples of centralized authentication systems. Answer D, WIDZ, is a wireless intrusion system that can be easily integrated with SNORT or RealSecure. |
A12: |
The correct answer is D. Single sign-on (SSO) offers the attacker potential access to many systems when authenticated only once. Answer A is incorrect because it is can be breached and offers the intruder access to all systems. SSO does not require much more maintenance and overhead. Answer B is incorrect because although SSO systems such as Kerberos do require clock synchronization, this is not the overriding security issue. Answer C is incorrect because all systems have some type of flaw or drawback. |
A13: |
The correct answer is B. SNORT is a signature-based IDS system. A signature-based system examines data to check for malicious content. When data is found that matches one of these known signatures, it can be flagged to initiate further action. Answer A is incorrect because SNORT is not a behavior-based IPS system. Answer C is incorrect because SNORT is not a behavior-based IDS system. Answer D is incorrect because although SNORT is signature based, it is considered an IDS system, not an IPS system. IPS systems are unlike IDS systems, in that IPS systems have much greater response capabilities and allow administrators to initiate action upon being alerted. |
A14: |
The correct answer is C. Asynchronous attacks are sometimes called race conditions because the attacker is racing to make a change to the object after it has been changed but before it has been used by the system. Asynchronous attacks typically target timing. The objective is to exploit the delay between the time of check (TOC) and the time of use (TOU). Answers A, B, and D are incorrect because they do not adequately describe a race condition. |
A15: |
The correct answer is B. Rings of protection run from Ring 0 to Ring 3. Ring 2 is the location of I/O drivers and utilities. Answers A, C, and D are incorrect because Ring 1 contains parts of the OS that do not reside in the kernel, Ring 3 contains applications and programs, and Ring 0 is the location of the security kernel. |
A16: |
The correct answer is A. Multiprogramming CPUs can interleave two or more programs for execution at any one time. Answer B is incorrect because multitasking CPUs have the capability to perform one or more tasks or subtasks at a time. Answer C is incorrect because there is no type of processor known as multiapp. Answer D is incorrect because the term multiprocessor refers to systems that have the capability to support more than one CPU. |
A17: |
The correct answer is D. The ALU portion of the CPU performs arithmetic and logical operations on the binary data. Answers A, B, and C are incorrect because I/O buffers, registers, and the control circuits do not perform arithmetic and logical operations. |
A18: |
The correct answer is C. The Brewer and Nash model is also known as the Chinese Wall model, is integrity based, and places all information in a hierarchical structure. Answer A is incorrect because the Biba model is not known as the Chinese Wall model. Answer B is incorrect because although Clark-Wilson is an integrity model, it is not known as the Chinese Wall model. Answer D is incorrect because the Harrison-Ruzzo-Ullman Model is not known as the Chinese Wall model. |
A19: |
The correct answer is B. The Orange Book's official name is the Trusted Computer System Evaluation Criteria (TCSEC). It was developed to evaluate standalone systems for confidentiality. Answer A is incorrect because the Red Book was developed to evaluate integrity and availability. It is also known as Trusted Network Interpretation (TNI). Answer C is incorrect because Common Criteria is a combined version of TCSEC, ITSEC, and the CTCPEC. Answer D is incorrect because the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) is the Canadian version of the Orange Book. |
A20: |
The correct answer is C. The Orange Book rates systems as one of four categories. Category A is verified protection, B is mandatory protection, C is discretionary protection, and D is minimal protection. Therefore, answers A, B, and D are incorrect. |
A21: |
The correct answer is C. The Trusted Computer Base (TCB) is the totality of protection mechanisms within a computer system. This includes hardware, firmware, software, processes, and some interprocess communications. These items are responsible for enforcing security. Answer A is incorrect because rings of protection are designed to protect the operating system. Answer B is incorrect because the security kernel is the most trusted portion of the operating system. Answer D is incorrect because although resource isolation is an important part of implementing security, it is not the totality of protection mechanisms. |
A22: |
The correct answer is D. Session Initiation Protocol (SIP) is an application-layer request-response protocol used for VoIP. SIP is transported by UDP and is vulnerable to sniffing attacks. More details can be found in RFC 2543. Answer A is incorrect because there is no protocol SKYP; the proprietary protocol named SKYPE offers encryption and is used for a peer-to-peer Internet phone service. Answer B is incorrect because SLIP is used by ISPs for dialup connections. Answer C is incorrect because S/MIME is used to secure email. |
A23: |
The correct answer is C. 802.11b uses direct sequence spread spectrum (DSSS) technology. DSSS is a transmission method that transmits the data along with a chipping bit to increase the signal's resistance to interference. Answer A is incorrect because Bluetooth uses frequency-hopping spread spectrum. Answer B is incorrect because 802.11a uses orthogonal frequency-division multiplexing. Answer D is incorrect because 802.11g also uses orthogonal frequency-division multiplexing. |
A24: |
The correct answer is B. A rogue AP is an unauthorized AP that has been attached to the corporate network. These unauthorized APs represent one of the biggest threats to any secure network. Answer A is incorrect because a connection to an unauthorized modem is not a valid answer. Answer C is incorrect because attaching a modem is not the definition of a rogue AP. Answer D is incorrect because connecting to an unsecured network is not a rogue AP but might be considered an act of war driving. |
A25: |
The correct answer is C. Pulse code modulation (PCM) is used to digitize voice with 8 bits of sampling 8,000 times per second, which yields 64Kbps for one DS0 channel. Answers A, B, and D are incorrect because 28.8Kbps, 56Kbps, and 128Kbps are not the rates of transmission for one DS0 channel. |
A26: |
The correct answer is D. T1s use time division to break the individual DS0s into 24 separate channels. Time division is the allotment of available bandwidth based on time. It allows the T1 to carry both voice and data at the same time. Answer A is incorrect because there is no system known as channel division. Answer B is incorrect because FHSS is used by mobile devices. Answer C is incorrect because T1s do not use frequency division. |
A27: |
The correct answer is C. The disaster-recovery plan (DRP) focuses on how to repair and restore the data center and information at an original or new primary site. Answer A is incorrect because the business continuity plan (BCP) is focused on the continuation of critical services. Answer B is incorrect because business continuity management (BCM) is about building a framework for a capable response. Answer D is incorrect because a business impact analysis (BIA) is the functional analysis that is used to identify the potential impact if an outage occurred. |
A28: |
The correct answer is D. Software escrow agreements are used to provide protection for source code in case the manufacturer declares bankruptcy or goes broke. The three items that are most critical in this agreement are where the code will be deposited, under what conditions the code will be released, and the terms of use of the source code upon its release to the user. Answer A is incorrect because government access to keys deals with the government's wishes to maintain cryptographic keys used by industry. Answer B is incorrect because mutual assured destruction (MAD) is a term not associated with software protection. Answer C is incorrect because electronic vaulting is a term that describes the bulk transfer of data. |
A29: |
The correct answer is C. The Safe Harbor Act describes the cooperative effort between the United States and Europe to exchange information about European citizens between European firms and North American parent corporations. It was enacted because of the large numbers of individuals who have been victims of identity theft and because of the increase of misuses of personal information laws and agreements. Answer A is incorrect because although SB 168 deals with privacy, it is a state law that took effect in 2002, preventing businesses from using California residents' social security numbers as unique identifiers. Answer B is incorrect because there is no law known as the Demar Act. Answer D is incorrect because the name of the act is not Safety Shield. |
A30: |
The correct answer is B. A bit copy, or physical copy, captures all the data on the copied medium and reproduces an exact copy that includes hidden and residual data, slack space, swap contents, deleted files, and other data remnants. This allows the examiner to perform an analysis of the copy and store the original. Answer A is incorrect because a logical copy will not completely duplicate the structure of the original media. Answer C is incorrect because Microsoft backup is not an approved product for forensic analysis. Answer D is incorrect because although Xcopy can duplicate files, it does not provide a bit-level copy of the original medium. |
A31: |
The correct answer is B. Secure Electronic Transaction (SET) was developed by MasterCard and Visa to be used on the Internet for credit card transactions. It uses digital signatures. Answer A is incorrect because SET is not used for digital signatures. Answer C is incorrect because SET is not used for key exchange, and Victor Miller and Neal Koblitz are the creators of ECC. Answer D is incorrect because SET does not use SSL. |
A32: |
The correct answer is D. Knowledge Discovery in Databases (KDD) is an artificial intelligence method used to identify useful patterns in data; as such, it provides a type of automatic analysis. Answer A is incorrect because polyinstantiation is a technique used to prevent inference violations. Answer B is incorrect because known signature scanning is a method used to detect computer viruses. Answer C is incorrect because the application programming interface (API) is in no way associated with artificial intelligence. |
A33: |
The correct answer is A. DNS lookups occur on UDP 53. Answers B, C, and D are incorrect because UDP 69 is used for TFTP, TCP 53 is used for zone transfers, and UDP 161 is used for SNMP. |
A34: |
The correct answer is C. Running an MD5sum would be the best way for Bob to verify the program. MD5sum is a hashing algorithm. Answer A is incorrect because AES is a symmetric algorithm and will not help Bob verify the program. Answer B is incorrect because the size and date might match the information found on the developer's website, but the program might have still been altered. Answer D is incorrect because a digital signature will not verify the integrity of the program. |
A35: |
The correct answer is A. There is no email security standard known as VSP. Although answers B, C, and D are all incorrect, they do specify valid email security standards: MIME Object Security Services (MOSS), Pretty Good Privacy (PGP), and Privacy Enhanced Email (PEM). |
A36: |
The correct answer is B. With link encryption, the message is decrypted and re-encrypted as it passes through each successive node using a key common to the two nodes. Answers A, C, and D are incorrect because they all describe end-to-end encryption. |
A37: |
The correct answer is C. Diameter uses RADIUS as a base and is considered the next generation of authentication, authorization, and accounting services for the Internet. Answer A is incorrect because TACACS is not considered a base for Diameter. Answer B is incorrect because TACACS+ is a Cisco protocol but is widely used. Answer D is incorrect because Kerberos is not associated with Diameter but is considered a single sign-on technology. |
A38: |
The correct answer is B. Programmers involved in database management talk about the ACID test when discussing whether a database-management system has been properly designed to handle transactions. The ACID test addresses atomicity, consistency, isolation, and durability. Answer A is incorrect because the ACID test does not deal with behavior-based IDS systems. Answer C is incorrect because ACID is not related to signature-based IDS systems. Answer D is incorrect because the ACID test is not related to the strength or a cryptographic function. |
A39: |
The correct answer is B. Fault Resistant Disk Systems (FRDS) are used to maintain services. A technological example of FRDS is RAID. Answer A is incorrect because an uninterrupted power supply is not an example of a FRDS. Answer C is incorrect because a backup power supply is not an example of FRDS. Answer D is incorrect because a hot site might provide backup disk services but is not the best answer. |
A40: |
The correct answer is C. RC4 is a stream cipher. It has been implemented in products such as SSL and WEP. Answer A is incorrect because DES is a block cipher with a 56-bit key size. Answer B is incorrect because Skipjack is a block cipher with a default 80-bit key size. Answer D is incorrect because Twofish is a 256-bit key size block cipher. |
A41: |
The correct answer is A. Electronic Code Book (ECB) is fast and simple but is also the weakest mode of DES. Answer B is incorrect because Cipher Block Chaining (CBC) is not the weakest mode of DES. Answer C is incorrect because Cipher Feedback (CFB) is more secure than ECB and OFB. Answer D is incorrect because Output Feedback (OFB) is not the weakest, but it can't detect integrity errors as well as CFB. |
A42: |
The correct answer is A. The statement "Access and use of the Internet is a privilege and should be treated as such by all users" is part of RFC 1087, which is titled Ethics and the Internet. Answer B is incorrect because the statement is not part of the ISC2 Code of Ethics. Answer C is incorrect because the statement is not part of the Ten Commandments of Computer Ethics. Answer D is incorrect because RFC 1109 addresses network management, not ethics. |
A43: |
The correct answer is C. The waterfall method is the oldest and one of the most well-known methods for developing software systems. It was developed in the 1970s and is divided into phases. Each phase contains a list of activities that must be performed before the next phase can begin. Answer A is incorrect because the spiral model is a combination of the waterfall and prototyping methods. Answer B is incorrect because the clean room software-development method focuses on ways to prevention defects rather then ways to remove them. Answer D is incorrect because prototyping was developed in the 1980s to overcome weaknesses in the waterfall method. It is a four-step process: develop an initial concept, design and implement an initial prototype, refine the prototype until it is acceptable, and then complete and release the final version of the software. |
A44: |
The correct answer is B. A multipartite virus can infect both boot sectors and program files. Answer A is incorrect because file-infector viruses infect files. Answer C is incorrect because a polymorphic virus is one that has the capability to change. Answer D is incorrect because system infector viruses infect system files. |
A45: |
The correct answer is D. HTTPS uses port 443. Answer A is incorrect because port 80 is used for HTTP, answer B is incorrect because port 110 is used for POP3, and answer C is incorrect because port 111 is RPC. |
A46: |
The correct answer is A. Hierarchical databases link records in a tree structure so that each record type has only one owner. Hierarchical databases date from the information-management systems of the 1950s and 1960s. Answer B is incorrect because network databases were not the first. Answer C is incorrect because although relational databases are the most widely used, they were not the first. Answer D is incorrect because they were not the first but were designed to overcome some of the limitations of relational databases. |
A47: |
The correct answer is B. IEEE divides the OSI data link layer into sublayers. The upper half is the Logical Link Control (LLC) layer, and the lower half is the Media Access Control (MAC) layer. The LLC is based on HDLC; the MAC is where 802.3 addressing is performed. Answers A, C, and D are incorrect because none of these terms matches the proper definition of the sublayers of the data link layer. |
A48: |
The correct answer is C. Third-generation mobile telephone systems (3G) are being designed and developed by most major manufacturers. 3G is considered the most current version of wireless cellular technology. Analog cellular phones are considered first generation (1G) and digital PCS are second generation (2G); third generation (3G) combines high-speed mobile access with Internet Protocolbased services. If your phone does not support streaming music and video downloads, expect that your next one will. Answer A is incorrect because there is not a Gen4, answer B is incorrect because 2G is not the latest standard, and answer D is incorrect because Gen5 is not a valid answer. |
A49: |
The correct answer is D. Frame Relay started as a simplified version of X.25. Frame Relay is a packet-switching technology. One critical concept is the Committed Information Rate (CIR), which is the amount of bandwidth the provider commits to carry. Answer A is incorrect because ADSL is a circuit technology. Answer B is incorrect because Digital Data Service (DDS) is also a circuit-switched technology. Answer C is incorrect because a T1 is another example of a circuit-switched technology. |
A50: |
The correct answer is D. A service set ID (SSID) is used to identify 802.11 networks. The SSID is a 32-bit character that acts as a shared password that differentiates one WLAN from another. Answer A is incorrect because a security ID (SID) is an identifier used in conjunction with Microsoft domains. Answer B is incorrect because a broadcast name is not the means of identifying a WLAN. Answer C is incorrect because Kismet is a Linux software program used to sniff wireless traffic. |
A51: |
The correct answer is A. British standard 7799 formed the underpinnings of the later-developed ISO 17799. This document is considered the code of practice for information security management. Answers B, C, and D are incorrect because the Canadian Trusted Computer Product Evaluation Criteria, Information Technology Security Evaluation Criteria, and Trusted Computer System Evaluation Criteria did not form the underpinnings of the later-developed ISO 17799. |
A52: |
The correct answer is A. An evaluation that is carried out and that meets an evaluation assurance level (EAL) 1 specifies that the design has been functionally tested. Answers B, C, and D are incorrect because EAL 2 = structurally tested; EAL 4 = methodically designed, tested, and reviewed; and EAL 5 = semiformally designed and tested. |
A53: |
The correct answer is C. Clark-Wilson does not protect the confidentiality of the information; Clark-Wilson deals with integrity. Answers A, B, and D are all incorrect because the question asks which of the following Clark-Wilson does not address. |
A54: |
The correct answer is C. The data custodian is responsible for maintaining and protecting the company's assets and data. Answer A is incorrect because the user is the individual who uses the documentation. Answer B is incorrect because the data owner is responsible for protecting the data. Answer D is incorrect because the auditor makes periodic reviews of the documentation and verifies that it is complete and that users are following its guidelines. |
A55: |
The correct answer is C. Single loss expectancy (SLE) x Annualized rate of occurrence (ARO) is the formula used to determine ALE. Answers A, B, and D are incorrect because they are not the formulas used to calculate ALE. |
A56: |
The correct answer is D. A qualitative assessment ranks the seriousness of threats and sensitivity of assets into grades or classes, such as low, medium, and high. It is performed by experts or external consultants and is based on risk scenarios. Although purely quantitative risk asses-sment is not possible, purely qualitative risk analysis is. Answers A, B, and C are incorrect because they do not adequately describe qualitative risk assessment. |
A57: |
The correct answer is D. The facilitated risk-assessment process (FRAP) is an example of a qualitative-assessment technique. It is not used for BCP, quantitative assessment, or DRP; therefore, answers A, B, and C are incorrect. |
A58: |
The correct answer is B. The U.S. Department of Defense data-classification standard classifies data as unclassified, sensitive, confidential, secret, and top secret. Answer A is incorrect because ISO 17799 is an international security standard policy. Answer C is incorrect because RFC 2196 is the site security handbook and does not address data-classification standards. Answer D is incorrect because there is no CDCS standard. |
A59: |
The correct answer is B. Risk rejection is the least acceptable course of action because individuals have decided that it does not exist and are ignoring the risk. Answer A is incorrect because risk reduction occurs when a countermeasure is implemented to alter or reduce the risk. Answer C is incorrect because risk transference transfers the risk to a third party. Answer D is incorrect because risk acceptance means that the risk is analyzed, but the individuals responsible have decided that they will accept such risk. |
A60: |
The correct answer is A. Risk management requires that vulnerabilities be examined, that loss expectancy be calculated, that a probability of occurrence be determined, and that the costs of countermeasures be estimated. Only then can it be determined whether the value of the asset outweighs the cost of protection. It is possible that the cost of protection outweighs the value of the asset. Whereas some risk assessments use dollar amounts (quantitative) to value the assets, others use ratings (qualitative) based on breaches of confidentiality, integrity, and availability to measure value. |