Question 1 of 20 5.0/ 5.0 Points

Physical security deals with all of the following except:

A.Buildings
Correct B.Logical systems C.Computer Rooms D.Computer devices

Answer Key: B Feedback: Answer: B Reference: Introduction

Question 2 of 20 5.0/ 5.0 Points

Tracing the history of a transaction through an institution is called:
Correct A.Audit trail B.Intrusion control C.Biometrics D.Authentication control

Answer Key: A Feedback: Answer: A Reference: Audit Trails/Access Logs

Question 3 of 20 5.0/ 5.0 Points

Which of the following are categories of intrusion detection devices? A.Perimeter intrusion detectors B.Motion detectors
Correct C.Both of the above D.Neither of the above

Answer Key: C Feedback: Answer: C Reference: Intrusion Detection

Question 4 of 20 5.0/ 5.0 Points

Which of the following is NOT a resource that operations security identifies the controls for? A.Software B.Hardware C.Media
Correct D.All of the above are resources

Answer Key: D Feedback: Answer: D Reference: Introduction

Question 5 of 20 5.0/ 5.0 Points

Which of the following is NOT a key element of a system of internal and security controls? A.Employ competent people B.Have adequate separation of job duties
Correct C.Execute internal and external transactions D.Maintain adequate documents and records

Answer Key: C Feedback: Answer: C Reference: Operations Security Principles

Question 6 of 20 5.0/ 5.0 Points

Operations security process controls include all of the following except: A.Personnel security B.Resource protection
Correct C.User recovery controls D.Privileged entity controls

Answer Key: C Feedback: Answer: C Reference: Operations Security Process Controls

Question 7 of 20 5.0/ 5.0 Points

A user’s offline identity includes name, initials, or e-mail address and makes up the ____________. A.Authentication credentials
Correct B.Identification credentials C.Information owner D.Access control list

Answer Key: B Feedback: Answer: B Reference: Terms and Concepts

Question 8 of 20 5.0/ 5.0 Points

The principle of ____________ says that the information owner is the one who decides who gets to access the system. A.ACL B.Least privilege
Correct C.DAC D.RSS

Answer Key: C Feedback: Answer: C Reference: Terms and Concepts

Question 9 of 20 5.0/ 5.0 Points

____________ is used to reduce time by grouping users with a common access need. A.ACLD B.DACS C.MACP
Correct D.RBAC

Answer Key: D Feedback: Answer: D Reference: Role-Based Access Control

Question 10 of 20 5.0/ 5.0 Points

Cryptographic keys are used to do all of the following except: A.Keep messages private B.Authenticate the sender C.Test the integrity of messages
Correct D.Maintain the receiver’s privacy

Answer Key: D Feedback: Answer: D Reference: Introduction

Question 11 of 20 5.0/ 5.0 Points

Which of the following is a common hashing function found with most commercial software? A.SHA-1 B.MD5
Correct C.Both A and B D.None of the above

Answer Key: C Feedback: Answer: C Reference: Examining Digital Cryptography

Question 12 of 20 5.0/ 5.0 Points

All of the following are goals of TLS protocols except: A.Cryptographic security B.Interoperability
Correct C.Usability D.Extensibility

Answer Key: C Feedback: Answer: C Reference: Implementations of PPK Cryptography

Question 13 of 20 5.0/ 5.0 Points

Which of the following is NOT a typical type of malicious activity that targets Internet sites? A.File tampering
Correct B.Theft of services C.Break-ins D.Service disruptions

Answer Key: B Feedback: Answer: B Reference: Introduction

Question 14 of 20 5.0/ 5.0 Points

Which of the following is NOT a common method for key exchanges in IPSec Key management?
Correct A.Automated key exchange B.Manual key exchange C.Simple Key Interchange Protocol D.ISAKMP/Oakley

Answer Key: A Feedback: Answer: A Reference: IPSec Key Management

Question 15 of 20 5.0/ 5.0 Points

Who assigns IP addresses to host computers on networks? A.Internet Naming Authority B.Central Naming Consortium Correct C.Internet Assigned Numbers Authority D.Internet Assigned Naming Consortium

Answer Key: C Feedback: Answer: C Reference: Network Layer Protocols

Question 16 of 20 5.0/ 5.0 Points

Which of the following is NOT an ISO security service?
Correct A.Data protection B.Access control C.Data integrity D.Nonrepudiation

Answer Key: A Feedback: Answer: A Reference: OSI Model and Security

Question 17 of 20 5.0/ 5.0 Points

As the software development process matures, who is increasingly responsible for safeguarding applications?
Correct A.Software designers B.IT directors C.Network administrators D.Security administrators

Answer Key: A Feedback: Answer: A Reference: Introduction

Question 18 of 20 5.0/ 5.0 Points

Which of the following is not a methodology involved with the SDLC? A.Simple SDLC

B.Waterfall model
Correct C.Free flow model D.Spiral model

Answer Key: C Feedback: Answer: C Reference: Software Development Life Cycles

Question 19 of 20 5.0/ 5.0 Points

Sandia’s Red Team engages in a form of ____________. A.Pharming

B.Phishing C.Cracking Correct D.White-Hat hacking

Answer Key: D Feedback: Answer: D Reference: Continuous Monitoring and Constant Vigilance

Question 20 of 20 5.0/ 5.0 Points

Redirecting an internet user from a legitimate site to a malicious Web site for the purpose of harvesting user IDs and passwords is referred to as: A.Phishing

Correct B.Pharming C.Scamming D.Slamming

Answer Key: B Feedback: Answer: B Reference: Pharming Supplements Phishing Attacks