Answers to Practice Exam Questions
A1: |
The correct answer is C. A mandatory access control (MAC) model is static and based on a predetermined list of access privileges. Therefore, in a MAC-based system, access is determined by the system rather than the user. Answer A is incorrect because there is no access-control model known as restricted access control. Answer B is incorrect because discretionary access control (DAC) leaves access control up to the owner's discretion. Answer D is incorrect because role-based access control models are used extensively by banks and other organizations that have very defined roles. |
A2: |
The correct answer is D. Remote Authentication and Dial-In User Service (RADIUS) is a UDP-based client/server protocol used for access control. Answers A, B, and C are all examples of SSO technologies. |
A3: |
The correct answer is C. Iris recognition functions by analyzing the features that exist in the colored tissue surrounding the pupil, to confirm a match. These systems can analyze more than 200 points for comparison. Answer A is incorrect because retina scanning analyzes the layer of blood vessels in the eye. Answer B is incorrect because there is no cornea scan. Answer D is incorrect because there is no optic nerve scan. |
A4: |
The correct answer is D. The crossover error rate is defined as a percentage in which a lower number indicates a better biometric system. It is the most important measurement when attempting to determine the accuracy of the system. Answer A is incorrect because there is no crossover acceptance rate. Answer B is incorrect because higher numbers are less accurate. Answer C is incorrect because, again, there is no crossover acceptance rate. |
A5: |
The correct answer is B. Type II errors occur when unauthorized individuals are granted access to resources and devices they should not have. Answer A is incorrect because Type I errors occur when legitimate users are improperly denied access. Answers C and D are incorrect because there are no Type III or Type IV errors. |
A6: |
The correct answer is B. A 3- to 4-foot fence will deter only casual trespassers. Answers A, C, and D do not correctly address the question: Fences that are 57 feet high are considered too difficult to climb, and fences that are 8 feet high should be used to prevent a determined intruder. Fences 2 to 3 feet high can be easily crossed and would not be considered a deterrent. |
A7: |
The correct answer is B. The data owner, who is typically a member of senior management, is responsible for protecting company assets and data. Answer A is incorrect because the user is the individual who uses the documentation. Answer C is incorrect because the data custodian is responsible for maintaining and protecting the company's assets and data. Answer D is incorrect because the auditor makes periodic reviews of the documentation, verifies that it is complete, and ensures that users are following its guidelines. |
A8: |
The correct answer is B. A vulnerability is a flaw, loophole, oversight, or error that makes the organization susceptible to attack or damage. Answer A is incorrect because a risk is the potential harm that can arise from an event. Answer C is incorrect because exposure is the amount of damage that could result from the vulnerability. Answer D is incorrect because a threat is a natural or man-made event that could have some type of negative impact on the organization. |
A9: |
The correct answer is B. The correct formula to determine single loss expectancy is: Single loss expectancy = Asset value x Exposure factor. Answers A, C, and D are incorrect because they are not the correct formula. Items to consider when calculating the SLE include the physical destruction or theft of assets, the loss of data, the theft of information, and threats that might cause a delay in processing. |
A10: |
The correct answer is D. Quantitative assessment deals with numbers and dollar amounts. It attempts to assign a cost (monetary value) to the elements of risk assessment and to the assets and threats of a risk analysis. To complete the assessment, first estimate potential losses, then conduct a threat analysis, and finally determine annual loss expectancy. Answer A, B, and C do not detail the steps needed to perform a quantitative assessment. |
A11: |
The correct answer is D. The Delphi Technique is an example of a qualitative-assessment technique. It is not used for quantitative asses-sment, DRP, or BCP; therefore, answers A, B, and C are incorrect. |
A12: |
The correct answer is C. It properly defines the formula for total risk. Total risk is calculated by Threat x Vulnerability x Asset value. Answers A, B, and D are incorrect because they do not properly define the formula. |
A13: |
The correct answer is D. Risk acceptance means that the risk has been analyzed and the individuals responsible have decided that they will accept such risk. Answer A is incorrect because risk reduction occurs when a countermeasure is implemented to alter or reduce the risk. Answer B is incorrect because risk rejection means that the responsible party has decided to ignore the risk. Answer C is incorrect because risk transference transfers the risk to a third party. |
A14: |
The correct answer is A. Layer 0 is the most trusted level. The security kernel resides at this level, and protection rings support the security of the system. Answers B, C, and D are incorrect because the security kernel is not located at the respective rings. |
A15: |
The correct answer is C. Ring 3 contains applications. Rings of protection typically run from 0 to 3, with lower numbers representing more protected processes. Answers A, B, and D are incorrect because Ring 1 contains portions of the OS and Ring 2 contains I/O drivers, utilities, and low-level processes. Ring 4 does not exist. |
A16: |
The correct answer is B. Registers are considered the temporary storage units within the CPU. CPUs consist of registers, arithmetic/logic unit (ALU), and control circuitry. Answers A, C, and D are incorrect because the I/O buffers, control circuitry, and the ALU are not considered temporary storage units in the CPU. |
A17: |
The correct answer is A. The Biba model, which was published in 1977, was the first model developed to address the concerns of integrity. Answer B is incorrect because although the Clark-Wilson model is based on integrity, it was not the first model. Answer C is incorrect because the Brewer and Nash model is based on confidentiality. Answer D is incorrect because there is not a model named Clark-Phillips. |
A18: |
The correct answer is B. Bell-LaPadula was the first model to address the concerns of confidentiality. It was developed in the 1970s and was considered groundbreaking because it supported multilevel security. Answer A is incorrect because the Biba model is an integrity model. Answer C is incorrect because the Graham-Denning model was not the first model to be developed on integrity. Answer D is incorrect because the Clark-Wilson model is another example of an integrity model. |
A19: |
The correct answer is B. The Red Book was developed to evaluate integrity and availability. It is also know as Trusted Network Interpretation (TNI). Answer A is incorrect because the Orange Book addresses confidentiality. Answer C is incorrect because Common Criteria is a combined version of TCSEC, ITSEC, and the CTCPEC. Answer D is incorrect because the CTCPEC is the Canadian version of the Orange Book. |
A20: |
The correct answer is B. The Orange Book rates systems into one of four categories: Category A is verified protection, B is mandatory protection, C is discretionary protection, and D is minimal protection. Therefore, answers A, C, and D are incorrect. |
A21: |
The correct answer is D. Threads are the smallest sets of code a processor can schedule for processing. Answer A is incorrect because a subroutine is a sequence of code. Answer B is incorrect because a line of code is just that, a line of code; it is not the smallest set that is used for processing. Answer C is incorrect because a process is a task being run by a computer, and many tasks can run simultaneously. |
A22: |
The correct answer is A. Cordless phones do not use the 850MHz frequency. Analog cellphones use the 824894MHz frequencies. Because the question asks what frequencies are not used, answers B, C, and D are incorrect because cordless phones and some other consumer electronics such as baby monitors use those three frequencies. |
A23: |
The correct answer is A. Bluetooth uses frequency-hopping spread spectrum (FHSS). FHSS functions by modulating the data with a narrowband carrier signal that "hops" in a random but predictable sequence from frequency to frequency. Bluetooth can be susceptible to war chipping and other forms of attack. Answer B is incorrect because 802.11a uses orthogonal frequency-division multiplexing. Answer C is incorrect because 802.11b uses direct sequence spread spectrum (DSSS) technology. Answer D is incorrect because 802.11g also uses orthogonal frequency-division multiplexing. |
A24: |
The correct answer is C. Pulse code modulation (PCM) is the original technique used to digitize voice with 8 bits of sampling 8,000 times per second, which yields 64Kbps for one voice channel. Answer A is incorrect because DAT is digital audio tape and is an analog voice-transmission method. Answers B and D are incorrect because CDMA and GMS are both methods for cellphone transmission. |
A25: |
The correct answer is C. Twenty-four DS0 lines are bundled to make one T1. A T1 line has a composite rate of 1.544Mb. Answers A, B, and D are incorrect because 18, 21, and 32 DS0 lines do not exist. |
A26: |
The correct answer is A. The Synchronous Data Link Control (SDLC) protocol was developed in the mid-1970s for use in Systems Network Architecture (SNA) environments. SDLC is unique, in that it was the first synchronous, link-layer, bit-oriented protocol. The ISO modified SDLC to create the High-Level Data Link Control (HDLC) protocol and release it as a standard. Answer B is incorrect because ISDN is an end-to-end telephone service that is digital in nature. Answer C is incorrect because Link Access ProcedureBalanced (LAP-B) is a subset of HDLC and is not used by SNA. Answer D is incorrect because X.25 is an efficient protocol that was developed in the 1970s for packet-switched networks. |
A27: |
The correct answer is B. Transaction persistence means that the state of the database security is the same after a transaction has occurred. In addition, there is no risk of integrity problems. Answer A is incorrect because it does not define transaction persistence. Answer C is wrong because transaction persistence does not state that the database should be the same before and after a transaction. Answer D is incorrect because even though databases should be available to multiple users at the same time without endangering the integrity of the data, that is not a definition of transaction persistence. |
A28: |
The correct answer is C. Aggregation is the capability to combine data from separate sources to gain information. Answer A is incorrect because metadata is data about data. Answer B is incorrect because inference attacks occur when authorized users infer information by analyzing the data they have access to. Answer D is incorrect because deadlocking is a database stalemate. |
A29: |
The correct answer is B. A TOC/TOU attack can occur when the contents of a file have changed between the time the system security functions checked the contents of the variables, and the time the variables are actually used or accessed. This is a form of asynchronous attack. Answer A is incorrect because the description describes an asynchronous attack. Answer C is incorrect because the example does not describe a DCOM attack. Answer D is incorrect because although the network might be vulnerable to a Smurf attack, the subsequent lock would not change status of such an attack. |
A30: |
The correct answer is D. Hearsay evidence is not based on personal knowledge, but is information that was told to a witness from another person. It is inadmissible. Answer A is incorrect because best evidence is the preferred type of evidence. Answer B is incorrect because secondary evidence is admissible and is usually a copy of original evidence. Answer C is incorrect because conclusive evidence is also admissible. |
A31: |
The correct answer is A. Electronic Code Book is the fastest of all four of the listed modes of DES. Answer B is incorrect because Cipher Block Chaining (CBC) is not the fastest, but it is the most used mode of DES. Answer C is incorrect because Cipher Feedback (CFB) is not the fastest, but it can be used to emulate a stream cipher. Answer D is incorrect because Output Feedback (OFB) is not the fastest but is faster than CFB because it can pregenerate the key stream independent of the data. |
A32: |
The correct answer is B. DES-EEE3 is a form of Triple DES that performs three encryptions with three different keys. Answer A is incorrect because there is no mode of Triple DES known as DES E3. Answer C is incorrect because 3DES does not describe a mode of Triple DES. Answer D is incorrect because Triple DES EDE2 uses two keys, not three. |
A33: |
The correct answer is D. Elliptic curve cryptosystems (ECC) is an asymmetric cryptosystem that was created in the 1980s to create and store digital signatures in a small amount of memory. Answer A is incorrect because DES is a symmetric algorithm. Answer B is incorrect because SHA1 is a hashing algorithm. Answer C is incorrect because Diffie-Hellman is used for key exchange. |
A34: |
The correct answer is D. The tiger team's purpose is to penetrate security. Tiger teams are sometimes called red teams or penetration testers. Answers A, B, and C are incorrect because individuals from all those groups should be involved in the contingency-planning process. |
A35: |
The correct answer is A. Attacks can attack ARP by flooding the switch and other devices with bogus MAC addresses or by ARP poisoning. Answer B is incorrect because corruption of the tree is a type of attack that would target DNS; DNS has a treelike structure, and ARP does not. Answer C is incorrect because name server poisoning is another type of DNS attack. Answer D is incorrect because a reverse lookup is a term associated with DNS, not ARP. |
A36: |
The correct answer is D. Password Authentication Protocol (PAP) is the weakest form of authentication because it sends passwords in clear text. Answers A, B, and C are incorrect because all of these protocols are more secure than PAP. EAP is considered the most secure because, unlike PAP and CHAP, it can be extended to use more advanced forms of authentication, such as digital certificates. |
A37: |
The correct answer is C. RFC 1918 specifies the addresses that are to be used for private address schemes. Addresses 172.16.0.0 to 172.63.255.255 are not part of the specified range; therefore, answer C is the correct choice. Answers A, B, and D are incorrect because RFC 1918 specifies 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255. |
A38: |
The correct answer is A. Encrypting email is not time consuming or hard. Email is one of the most popular Internet applications and deserves protection. Although answers B, C, and D are incorrect, they all outline potential vulnerabilities in standard email. Faking, sniffing, and stealing email are all relatively easy to do. |
A39: |
The correct answer is A. Instant messaging (IM) has the capability for scripting. This is one of the reasons it is dangerous for the organization. Answers B, C, and D do not properly answer the question because they are all reasons why IM is vulnerable. IM can bypass corporate firewalls, most versions lack encryption, and IM uses insecure password management. |
A40: |
The correct answer is D. The Distributed Object Component Model (DCOM) allows applications to be divided into pieces and objects to be run remotely over the network. Potential vulnerabilities exist because of the way ActiveX is integrated with DCOM. Answer A is incorrect because Java is not used by ActiveX. Answer B is incorrect because CORBA is a set of standards that addresses the need for interoperability between hardware and software. Answer C is incorrect because Enterprise Java Bean (EJB) is designed for enterprise networks. |
A41: |
The correct answer is C. Pretty Good Privacy (PGP) uses a weblike model because there are no Certificate Authorities; there are only end users. Anyone who uses PGP must determine whom they trust: Without a Certificate Authority, there is no centralized or governing agency to control and validate other users. Answer A is incorrect because PKI does not use a web of trust. Answer B is incorrect because IGMP is used for multicast router group management. Answer D is incorrect because Privacy Enhanced Email (PEM) is an email-security protocol. |
A42: |
The correct answer is B. Entrapment is considered the act of inducing a person to commit a crime in order to bring criminal charges against him or her. Although entrapment might be seen as illegal behavior, enticement usually is not. Answer A is incorrect because inducement is the act of bringing about the desired result. Answer C is incorrect because a honeypot is a trap set to detect or slow attempts at unauthorized use of information systems. Answer D is incorrect because enticement is the act of influencing by exciting hope or desire. |
A43: |
The correct answer is B. Mutual Legal Assistance Treaties (MLAT) are agreements that U.S. law-enforcement agencies have with law-enforcement agencies in other nations to fight computer crime and terrorism. MLATs are relatively recent developments that were created to improve the effectiveness of judicial assistance and to regularize and facilitate cooperation. Answer A is incorrect because the G8 is a group of economically advanced nations that have agreed to work together. Answer C is incorrect because SWAT is a term used for Special Weapons and Tactics police teams. Answer D is incorrect because UN resolution 1154 deals with weapons inspections in Iraq. |
A44: |
The correct answer is A. The five main types of BCP testing strategies include checklist, structured walk-through, simulation, parallel, and full interruption. Therefore, answers B, C, and D are incorrect because the question asked which is not a valid type. Answer A describes a partial interruption, which is not one of the five valid types. |
A45: |
The correct answer is D. Business, facility and supply, user, technical, and data are the five primary categories. Answers A, B, and C are incorrect because they do not describe the five categories. |
A46: |
The correct answer is B. The Java script is used by the Java interpreter and is not one of the three layers. Answers A, C, and D do not succes-sfully answer the question, but they do comprise the three layers used by the Java interpreter. These include the Java language, which interprets code downloaded from a website; Java libraries, which prevent undesired access to resources and help implement a security policy; and the Java interpreter, which converts the code into native machine code. |
A47: |
The correct answer is D. Internet Group Management Protocol (IGMP) is used by hosts to report multicast group memberships to neighboring multicast routers. Security problems exist with IGMP because anyone can start a multicast group or join an existing one. Answer A is incorrect because IGMP is used for logical errors and diagnostics. Answer B is incorrect because the Routing Information Protocol (RIP) is a broadcast-based routing protocol. Answer C is incorrect because although 224.0.0.1 is a multicast address, it is not a protocol used for multicast management. |
A48: |
The correct answer is D. VoIP is very time sensitive and, as such, should be based on an isochronous design. This means that the entire system must be engineered to deliver output with exactly the same timing as the input. Firewire is another example of a device that contains an isochronous interface. Answer A is incorrect because VoIP does not use time-division multiplexing. Answer B is incorrect because VoIP uses UDP, not TCP. Answer C is incorrect because VLANs are not used for timing and delay problems, but are used to separate the VoIP from general traffic to make it more secure from sniffing. |
A49: |
The correct answer is A. ATM creates a fixed channel, or route, between two points whenever data transfer begins, and packages the data into 53-byte fixed-length cells. ATM can be used in LANS, WANS, and MANS. It supports high-bandwidth data needs. Answer B is incorrect because ISDN provides a completely end-to-end digital connection. Answer C is incorrect because Switched Multimegabit Data Service (SMDS) is a low-market-share service that is used to interconnect LANS. Answer D is incorrect because Frame Relay does not package data into 53-byte fixed-length cells. |
A50: |
The correct answer is C. The IV vector was 24 bites, not 20. Answers A, B, and D are incorrect, but each answer does detail some of the vulnerabilities of WEP. For example, WEP uses a single shared key among all clients, which means that you are authenticating groups, not devices or single users. Also, RC4 is the correct encryption type, but WEP does not properly initialize it. This means that the first part of the key stream is predictable. Finally, a 24-bit IV vector is too short, and a 40-bit key is vulnerable to attack. |
A51: |
The correct answer is D. The formula for the annual loss expectancy is this: ALE = ARO x SLE, or .95 x 720 = $684 Annual rate of occurrence is 95%, or .95 Single loss expectance is ($9 per hour x 8 hours) x 10 employees = $720 Therefore, the nonprofit could expect to lose $684 by not using antivirus software. |
A52: |
The correct answer is B. An evaluation that is carried out and meets an evaluation assurance level (EAL) 2 specifies that the design has been structurally tested. Answers A, C, and D are incorrect because EAL 1 = functionally tested; EAL 4 = methodically designed, tested, and reviewed; and EAL 5 = semiformally designed and tested. |
A53: |
The correct answer is A. The Red Book lists the following ratings: B2 Good, C2 Fair, C1 Minimum, and None. Therefore, answers B, C, and D are incorrect because the question asks what is not a valid rating. |
A54: |
The correct answer is A. The star * property rule states that someone at one security level cannot write information to a lower security level. Answer B is incorrect because the simple security rule states that someone cannot read information at a higher security level. Answer C is incorrect because the simple integrity property deals with the Biba model, not Bell-LaPadula. Answer D is incorrect because it states that read and write privileges are valid only at the level at which the user resides. |
A55: |
The correct answer is B. Annual loss expectancy is calculated this way: ALE = ARO x SLE, or .95 x 720 = $684 The annual savings is the ALE minus the cost of the deterrent, or $684 - $399 = $285. Therefore, answers A, C, and D are incorrect. |
A56: |
The correct answer is B. Physical security is considered the first line of defense against human behavior. Items such as gates, guards, locks, and cameras can be used for physical defense. Answer A is incorrect because cryptography is best used to protect the integrity and confidentiality of data. Answer C is incorrect because business continuity planning should be used to prevent critical outages. Answer D is incorrect because policies are an administrative control. |
A57: |
The correct answer is D. HVAC should be a closed-loop system with positive pressurization. Closed loop means that the air inside the building is filtered and continually reused. Positive pressurization should be used to ensure that inside air is pushed out. This is a big safety feature in case the building catches on fire. Answers A, B, and C are incorrect because they do not contain both closed-loop systems and positive pressurization. |
A58: |
The correct answer is B. Heat-activated sensors can be either rate-of-rise or fixed-temperature sensors. Answer A is incorrect because flame-activated sensors respond to the infrared energy that emanates from a fire. Answer C is incorrect because smoke-activated sensors use a photoelectric device. Answer D is incorrect because there is no category of fire detector known as ion activated. |
A59: |
The correct answer is B. Electrical fires are considered Class C fires. All other answers are incorrect because Class A fires consist of wood and paper products, Class B fires consist of liquids such as petroleum, and Class D fires result from combustible metals. |
A60: |
The correct answer is D. A wet-pipe system is also known as a closed-head system because water is in the pipe ready to be released and is held back only by the closed head. All other answers are incorrect because deluge systems release a large amount of water in a very short period of time, dry-pipe systems hold back the water by means of a valve, and preaction systems release water into the pipe only when a specified temperature triggers its release. |