CISSP - EXAM 2024/2025 WITH 100%

ACCURATE SOLUTIONS

What is the most effective defense against cross-site scripting attacks?

a) Limiting account privileges

b)User Authentication
c) Input validation
d)encryption - Precise Answer ✔✔c) Input validation prevents cross-site
scripting attacks by limiting user input to a predefined range. This
prevents the attacker from including the HTML ˂SCRIPT˃ tag in the
input.

What phase of the Electronic Discovery Reference Model puts evidence

in a format that may be shared with others?
a) production
b) processing
c) revice
d) presentation - Precise Answer ✔✔a) Production places the
information in a format that may be shared with others.

What form of security planning is designed to focus on timeframes of

approximately one year and may include scheduling of tasks, assignment
of responsibilities, hiring plans, maintenance plans, and even acquisition
plans?
a)strategic
b) operational
c) tactical
d)administrative - Precise Answer ✔✔c.) tactical planning is designed to
focus on timeframes of approximately one year and may include
scheduling of tasks, assignment of responsibilities, hiring plans,
maintenance plans, and even acquisition plans.

Which is not a part of an electronic access control lock?

A. An electromagnet
B. A credential reader
C. A door sensor
D. A biometric scanner - Precise Answer ✔✔d -An electronic access
control (EAC) lock comprises three elements: an electromagnet to keep
the door closed, a credential reader to authenticate subjects and to
disable the electromagnet, and a door-closed sensor to reenable the
electromagnet.

Which one of the following items is a characteristic of hot sites but not a
characteristic of warm sites?
a.Communications circuits
B. Workstations
C. Servers
D. Current data - Precise Answer ✔✔d- current data

Which one of the following Data Encryption Standard (DES) operating

modes can be used for large messages with the assurance that an error
early in the encryption/decryption process won't spoil results throughout
the communication?
A. Cipher Block Chaining (CBC)
B. Electronic Code Book (ECB)
C. Cipher Feedback (CFB)
D. Output feedback (OFB) - Precise Answer ✔✔d -Output feedback
(OFB) mode prevents early errors from interfering with future
encryption/decryption. Cipher Block Chaining and Cipher Feedback
modes will carry errors throughout the entire encryption/decryption
process. Electronic Code Book (ECB) operation is not suitable for large
amounts of data.

Which one of the following items is not a critical piece of information in

the chain of evidence?
A. General description of the evidence
B. Name of the person collecting the evidence
C. Relationship of the evidence to the crime
D. Time and date the evidence was collected - Precise Answer ✔✔c -
The chain of evidence does not require that the evidence collector know
or document the relationship of the evidence to the crime.
Which firewall type looks exclusively at the message header to
determine whether to transmit or drop data?
A. Static packet filtering
B. Application-level gateway
C. Stateful inspection
D. Dynamic packet filtering - Precise Answer ✔✔a -A static packet-
filtering firewall filters traffic by examining data from a message header.

What type of information is used to form the basis of an expert system's

decision-making process?
A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted
according to past performance
C. A series of "if/then" rules codified in a knowledge base
D. A biological decision-making process that simulates the reasoning
process used by the human mind - Precise Answer ✔✔c -Expert systems
use a knowledge base consisting of a series of "if/then" statements to
form decisions based on the previous experience of human experts.

What type of cryptographic attack rendered Double DES (2DES) no

more effective than standard DES encryption?
A. Birthday attack
B. Chosen ciphertext attack
C. Meet-in-the-middle attack
D. Man-in-the-middle attack - Precise Answer ✔✔c -The meet-in-the-
middle attack demonstrated that it took relatively the same amount of
computation power to defeat 2DES as it does to defeat standard DES.
This led to the adoption of Triple DES (3DES) as a standard for
government communication.

Which of the following is most directly associated with providing or

supporting perfect forward secrecy?
A. PBKDF2
B. ECDHE
C. HMAC
D. OCSP - Precise Answer ✔✔B- Elliptic Curve Diffie-Hellman
Ephemeral, or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE),
implements perfect forward secrecy through the use of elliptic curve
cryptography (ECC). PBKDF2 is an example of a key-stretching
technology not directly supporting perfect forward secrecy. HMAC is a
hashing function. OCSP is used to check for certificate revocation.

What is the best way to understand the meaning of the term 100-year
flood plain?
A. A flood that occurs once every 100 years
B. A flood larger than any recorded in the past 100 years
C. A very serious but very unlikely flood event
D. A very serious flood that has a probability of 1 in 100 (1%) of
occurring in any single calendar year - Precise Answer ✔✔D-Flood
levels rated in years (100-year, 500-year, 1,000-year, and so forth)
basically reflect estimates of the probability of their occurrence. An area
rated as a 100-year flood plain has a 1 in 100 chance of occurring in any
given calendar year (1%), a 500-year flood has a 1 in 500 chance of
occurring in any given calendar year, and so forth. Options A and B
misrepresent the meaning of the 100-year interval mentioned, while
option C fails to address its probabilistic intent.

What is the formula used to compute the ALE?

A. ALE = AV * EF * ARO
B. ALE = ARO * EF
C. ALE = AV * ARO
D. ALE = EF * ARO - Precise Answer ✔✔a -The Annualized Loss
Expectancy (ALE) is computed as the product of the asset value (AV)
times the exposure factor (EF) times the annualized rate of occurrence
(ARO). This is the longer form of the formula ALE = SLE * ARO. The
other formulas displayed here do not accurately reflect this calculation.

Matthew and Richard want to communicate with each other using a

public key cryptosystem. What is the total number of keys they must
have to successfully communicate?
A. 1
B. 2
C. 3
D. 4 - Precise Answer ✔✔To use public key cryptography, Matthew and
Richard must each have their own pair of public and private
cryptographic keys.
atunnel mode VPN is used to connect which types of systems?

A. Hosts and servers

B. Clients and terminals
C. Hosts and networks
D. Servers and domain controllers - Precise Answer ✔✔c-Tunnel mode
VPNs are used to connect networks to networks or networks to hosts.
Transport mode is used to connect hosts to hosts. Host, server, client,
terminal, and domain controller are all synonyms.

___________________ is any hardware, software, or administrative

policy or procedure that defines and enforces access and restriction
rights on an organizational level.
A. Logical control
B. Technical control
C. Access control
D. Administrative control - Precise Answer ✔✔c- access control

Which of the following cryptographic attacks can be used when you

have access to an encrypted message but no other information?
A. Known plain-text attack
B. Frequency analysis attack
C. Chosen cipher-text attack
D. Meet-in-the-middle attack - Precise Answer ✔✔b-Frequency analysis
may be used on encrypted messages. The other techniques listed require
additional information, such as the plaintext or the ability to choose the
ciphertext.

Which of the following approaches uses mathematical algorithms to

analyze data, developing models that may be used to predict future
activity?
A. Expert systems
B. Data mining
C. Data warehousing
D. Information discovery - Precise Answer ✔✔b- Data mining uses
mathematical approaches to analyze data, searching for patterns that
predict future activity.

Vulnerabilities and risks are evaluated based on their threats against

which of the following?
A. One or more of the CIA Triad principles
B. Data usefulness
C. Due care
D. Extent of liability - Precise Answer ✔✔a- CIA

The Twofish algorithm uses an encryption technique not found in other

algorithms that XORs the plain text with a separate subkey before the
first round of encryption. What is this called?
A. Preencrypting
B. Prewhitening
C. Precleaning
D. Prepending - Precise Answer ✔✔b-Prewhitening XORs the plain text
with a separate subkey before the first round of encryption.

When you are configuring a wireless extension to an intranet, once

you've configured WPA-2 with 802.1x authentication, what additional
security step could you implement in order to offer additional reliable
security?
A. Require a VPN.
B. Disable SSID broadcast.
C. Issue static IP addresses.
D. Use MAC filtering. - Precise Answer ✔✔a -VPNRequiring a VPN to
access the private wired network in addition to WPA-2 and 802.1x is the
only additional reliable security option.

Which one of the following is not a major asset category normally

covered by the BCP (business continuity plan)?
A. People
B. Documentation
C. Infrastructure
D. Buildings/facilities - Precise Answer ✔✔b- The BCP normally
covers three major asset categories: people, infrastructure, and
buildings/facilities.

What is a security risk of an embedded system that is not commonly

found in a standard PC?
A. Software flaws
B. Access to the internet
C. Control of a mechanism in the physical world
D. Power loss - Precise Answer ✔✔C- Because an embedded system is
in control of a mechanism in the physical world, a security breach could
cause harm to people and property. This typically is not true of a
standard PC. Power loss, internet access, and software flaws are security
risks of both embedded systems and standard PCs.

what is the most common cause of failure for water based fire
suppression systems?
a. water shortage
b. people
c. ioniziation detectors
d. placement of detectors in drop ceilings - Precise Answer ✔✔b- people
-humans turn off water after fire and forget to turn back on

What type of motion detector senses charges in the electrical or

magnetic field surrounding a monitored object?
a. wave
b. photoelectric
c. heat
d. capacitance - Precise Answer ✔✔Capacitance is the ratio of the
amount of electric charge stored on a conductor to a difference in
electric potential
What is the ideal humidity range for computer room? - Precise Answer
✔✔40-60%

What network devices operate within the Physical layer?

A. Bridges and switches
B. Firewalls
C. Hubs and repeaters
D. Routers - Precise Answer ✔✔c- hubs and repeaters

What method is not integral to assuring effective and reliable security

staffing?
A. Screening
B. Bonding
C. Training
D. Conditioning - Precise Answer ✔✔D- conditioning.Screening,
bonding, and training are all vital procedures for ensuring effective and
reliable security staffing because they verify the integrity and validate
the suitability of said staffers

Which of the following is not an expected result of requiring users to

regularly change their workstation assignment or physical location?
A. Deters collusion between employees because ever-changing
constellations of co-workers are less likely to bond sufficiently to
perform unauthorized or illegal activities together
B. Encourages users to store personal information on systems
C. Encourages users to keep all work materials on network servers
where they can be easily protected, overseen, and audited
D. Gives users little or no opportunity to customize their systems or to
install unapproved software because subsequent users will discover and
report such changes - Precise Answer ✔✔B-Options A, C, and D are
examples of valid reasons why changes to workstation assignments or
physical location can improve or maintain security. Regularly changing
workstation assignment or location discourages users from storing
personal information on systems.

Among the following attack patterns, which is not considered a form of

amplified or denial of service attack?
A. Flooding
B. Spoofing
C. Ping of death
D. Smurf - Precise Answer ✔✔b- Spoofing is the replacement of valid
source and destination IP and port addresses with false ones. It is often
used in DoS attacks but is not considered a DoS attack itself. Flooding,
smurf, and ping of death are all DoS attacks.

What type of evidence refers to written documents that are brought into
court to prove a fact?
A. Best evidence
B. Payroll evidence
C. Documentary evidence
D. Testimonial evidence - Precise Answer ✔✔c- written documents
brought into court to prove the facts of a case are referred to as
documentary evidence.

If you are the victim of a bluejacking attack, what was compromised?

A. Your firewall
B. Your switch
C. Your cell phone
D. Your web cookies - Precise Answer ✔✔C-

_______________ is the process by which a subject provides a

username, logon ID, personal identification number, and so on.
A. Accountability
B. Authentication
C. Confidentiality
D. Identification - Precise Answer ✔✔D-Identification is the process by
which a subject professes an identity and accountability is initiated.

When NAC is used to manage an enterprise network, what is most likely

to happen to a notebook system once reconnected to the intranet after it
has been out of the office for six weeks while in use by an executive on
an international business trip?
A. Reimaged
B. Updated at next refresh cycle
C. Quarantine
D. User must reset their password - Precise Answer ✔✔c- NAC often
operates in a pre-admission philosophy in which a system must meet all
current security requirements (such as patch application and antivirus
updates) before it is allowed to communicate with the network. This
often means systems that are not in compliance are quarantined or
otherwise involved in a captive portal strategy in order to force
compliance before network access is restored.

Beth is planning to run a network port scan against her organization's

web server. What ports should she expect will be open to the world?
A. 80 and 443
B. 22 and 80
C. 80 and 1433
D. 22, 80, and 443 - Precise Answer ✔✔a- Web servers should expose
ports 80 and/or 443 to the world to support HTTP and/or HTTPS
connections. Port 22, used by SSH, and port 1433, used by SQL Server
databases, should not normally be publicly exposed.

What part of the Common Criteria specifies the claims of security from
the vendor that are built into a target of evaluation?
A. Protection profiles
B. Evaluation assurance level
C. Certificate authority
D. Security target - Precise Answer ✔✔D- Security targets (STs) specify
the claims of security from the vendor that are built into a TOE.
What form of password attack utilizes a preassembled lexicon of terms
and their permutations?
A. Rainbow tables
B. Dictionary word list
C. Brute force
D. Educated guess - Precise Answer ✔✔b-Dictionary word lists are
precompiled lists of common passwords and their permutations and
serve as the foundation for a dictionary attack on accounts.

Which one of the following is not a requirement that Internet service

providers must satisfy in order to gain protection under the "transitory
activities" clause of the Digital Millennium Copyright Act?
A. The service provider and the originator of the message must be
located in different states.
B. The transmission, routing, provision of connections, or copying must
be carried out by an automated technical process without selection of
material by the service provider.
C. Any intermediate copies must not ordinarily be accessible to anyone
other than anticipated recipients and must not be retained for longer than
reasonably necessary.
D. The transmission must be originated by a person other than the
provider. - Precise Answer ✔✔a-The Digital Millennium Copyright Act
does not include any geographical location requirements for protection
under the "transitory activities" exemption. The other options are three
of the five mandatory requirements. The other two requirements are that
the service provider must not determine the recipients of the material
and the material must be transmitted with no modification to its content.
What is the primary objective of a spoof attack?
A. To send large amounts of data to a victim
B. To cause a buffer overflow
C. To hide the identity of an attacker through misdirection
D. To steal user accounts and passwords - Precise Answer ✔✔c-
Spoofing grants the attacker the ability to hide their identity through
misdirection. It is therefore involved in most attacks.

Which of the following is true regarding vulnerability scanners?

A. They actively scan for intrusion attempts.
B. They serve as a form of enticement.
C. They locate known security holes.
D. They automatically reconfigure a system to a more secure state. -
Precise Answer ✔✔Vulnerability scanners are used to test a system for
known security vulnerabilities and weaknesses. They are not active
detection tools for intrusion, they offer no form of enticement, and they
do not configure system security. In addition to testing a system for
security weaknesses, they produce evaluation reports, which include
recommendations.

What is a security risk of an embedded system that is not commonly

found in a standard PC?
A. Software flaws
B. Access to the internet
C. Control of a mechanism in the physical world
D. Power loss - Precise Answer ✔✔c-Because an embedded system is in
control of a mechanism in the physical world, a security breach could
cause harm to people and property. This typically is not true of a
standard PC. Power loss, internet access, and software flaws are security
risks of both embedded systems and standard PCs.

Which of the following does not usually represent a timeframe of

increased risk and vulnerability to an organization, such as information
disclosure, data loss, and unplanned downtime?
A. Layoffs
B. Awareness training
C. Acquisitions
D. Mergers - Precise Answer ✔✔b-Awareness training typically reduces
risk and vulnerability.

Which of the following is not a denial-of-service attack?

A. Exploiting a flaw in a program to consume 100 percent of the CPU
B. Sending malformed packets to a system, causing it to freeze
C. Performing a brute-force attack against a known user account when
account lockout is not present
D. Sending thousands of emails to a single address - Precise Answer
✔✔c

What is the second phase of the IDEAL software development model?

A. Developing
B. Diagnosing
C. Determining
D. Designing - Precise Answer ✔✔B-The second phase of the IDEAL
software development model is the Diagnosing stage.

In what scenario would you perform bulk transfers of backup data to a

secure off-site location?
A. Incremental backup
B. Differential backup
C. Full backup
D. Electronic vaulting - Precise Answer ✔✔D-Electronic vaulting
describes the transfer of backup data to a remote backup site in a bulk-
transfer fashion.

What law amended the Health Insurance Portability and Accountability

Act to include data breach notification requirements?
A. FERPA
B. HITECH
C. PCI DSS
D. CALEA - Precise Answer ✔✔B-The Health Information Technology
for Economic and Clinical Health Act of 2009 (HITECH) amended
HIPAA to include new regulations related to data breach notification
and the compliance requirements of covered entity business associates.
If you require the most advanced and complete method of off-site
backup, what option do you choose?
A. Manual backups
B. Automated backups
C. Remote mirroring
D. Remote journaling - Precise Answer ✔✔C-Remote mirroring is the
most advanced, complete, and expensive off-site backup solution. With
this solution, a live database server is kept off-site at some secure remote
location.

Which of the following is a true statement regarding the EU-U.S.

Privacy Shield?
A. It is the updated and renamed version of the International Safe Harbor
Privacy Principles.
B. It extends HIPPA protections for U.S. citizens to countries in Europe.
C. It was declared invalid by the European Court of Justice.
D. It provides a means by which U.S. companies can process EU
citizens' personal data. - Precise Answer ✔✔D-The true statement from
this list is that the EU-U.S. Privacy Shield provides a means by which
U.S. companies can process EU citizens' personal data. The International
Safe Harbor Privacy Principles were declared invalid by the European
Court of Justice; thus, the EU-US Privacy Shield is a replacement for
Safe Harbor but not a renamed and revised version of Safe Harbor. EU-
US Privacy Shield does not extend HIPPA protections for U.S. citizens
to countries in Europe.
Which of the following is a fake network designed to tempt intruders
with unpatched and unprotected security vulnerabilities and false data?
A. IDS
B. Honeynet
C. Padded cell
D. Pseudo flaw - Precise Answer ✔✔B-Honeypots are individual
computers, and honeynets are entire networks created to serve as a trap
for intruders. They look like legitimate networks and tempt intruders
with unpatched and unprotected security vulnerabilities as well as
attractive and tantalizing but false data. An intrusion detection system
(IDS) will detect attacks. In some cases, an IDS can divert an attacker to
a padded cell, which is a simulated environment with fake data intended
to keep the attacker's interest. A pseudo flaw (used by many honeypots
and honeynets) is a false vulnerability intentionally implanted in a
system to tempt attackers.

Christopher would like to send Renee a message using a digital

signature. What key should he use to create the digital signature?
A. Christopher's public key
B. Christopher's private key
C. Renee's public key
D. Renee's private key - Precise Answer ✔✔B-The sender of a message
uses their own private key to create a digital signature.

Christopher recently received word that his application for a trademark

was approved by the US Patent and Trademark Office. What symbol
should he use next to the name to indicate its protected status?
A. ©
B. ®
C. ™
D. † - Precise Answer ✔✔The ® symbol is reserved for trademarks that
have received official registration status by the US Patent and
Trademark Office.

What law protects the privacy rights of students?

A. HIPAA
B. SOX
C. GLBA
D. FERPA - Precise Answer ✔✔D-The Family Educational Rights and
Privacy Act (FERPA) protects the rights of students and the parents of
minor students.

What security protocol has become the de facto standard used to provide
secure e-commerce services?
A. S/MIME
B. TLS
C. SET
D. PGP - Precise Answer ✔✔B-Transport Layer Security (TLS), the
revised replacement for SSL, has become the de facto standard used to
provide secure e-commerce services. This is in spite of the attempts of
several credit card companies to promote alternate options, such as
Secure Electronic Transaction (SET).
Which of the following is a type of connection that can be described as a
logical circuit that always exists and is waiting for the customer to send
data?
A. ISDN
B. PVC
C. VPN
D. SVC - Precise Answer ✔✔B-A permanent virtual circuit (PVC) can
be described as a logical circuit that always exists and is waiting for the
customer to send data.

What software development model uses a seven-stage approach with a

feedback loop that allows progress one step backward?
A. Boyce-Codd
B. Waterfall
C. Spiral
D. Agile - Precise Answer ✔✔B-The waterfall model uses a seven-stage
approach to software development and includes a feedback loop that
allows development to return to the previous phase to correct defects
discovered during the subsequent phase.

Which of the following wireless technologies supports multifactor

authentication options?
A. WEP
B. TKIP
C. CCMP
D. WPA2 - Precise Answer ✔✔D Both WPA and WPA2 support the
enterprise authentication known as 802.1x/EAP, a standard port-based
network access control that ensures clients cannot communicate with a
resource until proper authentication has taken place. Effectively, 802.1x
is a hand-off system that allows the wireless network to leverage the
existing network infrastructure's authentication services. Through the
use of 802.1x, other techniques and solutions such as RADIUS,
TACACS, certificates, smart cards, token devices, and biometrics can be
integrated into wireless networks providing techniques for both mutual
and multi-factor authentication.

What is the weakest link in a security chain?

A. Internet connection
B. People
C. Documentation
D. Hardware - Precise Answer ✔✔B-People are the weakest link in a
security chain.

What security model is based on dynamic changes of user privileges and

access based on user activity?
A. Sutherland
B. Brewer-Nash
C. Biba
D. Graham-Denning - Precise Answer ✔✔The Brewer-Nash model is
based on dynamic changes of user privileges and access based on user
activity.
Which one of the following storage devices is most likely to require
encryption technology in order to maintain data security in a networked
environment?
A. Hard disk
B. Backup tape
C. Removable drives
D. RAM - Precise Answer ✔✔C- Removable drives are easily taken out
of their authorized physical location, and it is often not possible to apply
operating system access controls to them. Therefore, encryption is often
the only security measure short of physical security that can be afforded
to them. Backup tapes are most often well controlled through physical
security measures. Hard disks and RAM chips are often secured through
operating system access controls.

What type of access control system is deployed to physically deter

unwanted or unauthorized activity and access?
A. Preventive access control
B. Deterrent access control
C. Directive access control
D. Compensation access control - Precise Answer ✔✔a-Preventive
access control is deployed to stop unwanted or unauthorized activity
from occurring.

When attempting to impose accountability on users, what key issue must

be addressed?
A. Reliable log storage system
B. Proper warning banner notification
C. Legal defense/support of authentication
D. Use of discretionary access control - Precise Answer ✔✔C-To
effectively hold users accountable, your security must be legally
defensible. Primarily, you must be able to prove in a court that your
authentication process cannot be easily compromised. Thus, your audit
trails of actions can then be tied to a human.

Which of the following identifies vendor responsibilities and can include

monetary penalties if the vendor doesn't meet the stated responsibilities?
A. Service-level agreement (SLA)
B. Memorandum of understanding (MOU)
C. Interconnection security agreement (ISA)
D. Software as a service (SaaS) - Precise Answer ✔✔a -A service-level
agreement identifies responsibilities of a third party such as a vendor and
can include monetary penalties if the vendor doesn't meet the stated
responsibilities. A MOU is an informal agreement and does not include
monetary penalties. An ISA defines requirements for establishing,
maintaining, and disconnecting a connection. SaaS is one of the cloud-
based service models and does not specify vendor responsibilities.

What is the primary function of a gateway as a network device?

A. Routing traffic
B. Protocol translator
C. Attenuation protection
D. Creating virtual LANs - Precise Answer ✔✔B-The gateway is a
network device (or service) that works at the Application layer.
However, an Application layer gateway is a very specific type of
component. It serves as a protocol translation tool. For example, an IP-
to-IPX gateway takes inbound communications from TCP/IP and
translates them over to IPX/SPX for outbound transmission.

Which one of the following types of memory might retain information

after being removed from a computer and, therefore, represent a security
risk?
A. Static RAM
B. Dynamic RAM
C. Secondary memory
D. Real memory - Precise Answer ✔✔c- Secondary memory is a term
used to describe magnetic, optical, or flash media. These devices will
retain their contents after being removed from the computer and may
later be read by another user.

Which of the following statements is true?

A. An open system does not allow anyone to view its programming
code.
B. A closed system does not define whether or not its programming code
can be viewed.
C. An open source program can only be distributed for free.
D. A closed source program cannot be reverse engineered or
decompiled. - Precise Answer ✔✔B- A closed system is designed to
work well with a narrow range of other systems, generally all from the
same manufacturer. The standards for closed systems are often
proprietary and not normally disclosed. However, a closed system (as a
concept) does not define whether or not its programming code can be
viewed. An open system (as a concept) also does not define whether or
not its programming code can be viewed. An open source program can
be distributed for free or for a fee. A closed source program can be
reverse engineered or decompiled.

What process state can be dependent on peripherals?

A. Ready
B. Waiting
C. Running
D. Supervisory - Precise Answer ✔✔B- The waiting state is a process
state that depends on peripherals as the processes pause execution until
the conclusion of some requested activity, such as peripheral activity.

What is the main purpose of a military and intelligence attack?

A. To attack the availability of military systems
B. To obtain secret and restricted information from military or law
enforcement sources
C. To utilize military or intelligence agency systems to attack other
nonmilitary sites
D. To compromise military systems for use in attacks against other
systems - Precise Answer ✔✔B-A military and intelligence attack is
targeted at the classified data that resides on the system. To the attacker,
the value of the information justifies the risk associated with such an
attack. The information extracted from this type of attack is often used to
plan subsequent attacks.

An organization is planning the layout of a new building that will house

a datacenter. Where is the most appropriate place to locate the
datacenter?
A. In the center of the building
B. Closest to the outside wall where power enters the building
C. Closest to the outside wall where heating, ventilation, and air
conditioning systems are located
D. At the back of the building - Precise Answer ✔✔A -Valuable assets
require multiple layers of physical security, and placing a datacenter in
the center of the building helps provide these additional layers. Placing
valuable assets next to an outside wall (including at the back of the
building) eliminates some layers of security

Which of the following elements of teaching is considered a prerequisite

for the others?
A. Education
B. Awareness
C. Training
D. Certification - Precise Answer ✔✔B-Awareness must be established
before actual training can take place.

hat mechanism is used to support the exchange of authentication and

authorization details between systems, services, and devices?
A. Biometric
B. Two-factor authentication
C. SAML
D. LDAP - Precise Answer ✔✔C-SAML is an open standard data
format based on XML for the purpose of supporting the exchange of
authentication and authorization details between systems, services, and
devices. A biometric is an authentication factor, not a means of
exchanging authentication information. Two-factor authentication is the
use of two authentication factors. LDAP is a protocol used by directory
services and is not directly related to authentication.

What is the maximum key length of Blowfish?

A. 128 bits
B. 256 bits
C. 384 bits
D. 448 bits - Precise Answer ✔✔Blowfish has a maximum key length of
448 bits.

Which of the following would provide the best protection against

rainbow table attacks?
A. Hashing passwords with MD5
B. Salt and pepper with hashing
C. Account lockout
D. Implement RBAC - Precise Answer ✔✔B-Using both a salt and
pepper when hashing passwords provides strong protection against
rainbow table attacks. MD5 is no longer considered secure, so it isn't a
good choice for hashing passwords. Account lockout helps thwart online
password brute-force attacks, but a rainbow table attack is an offline
attack. Role Based Access Control (RBAC) is an access control model
and unrelated to password attacks.

______________________ is a layer 2 connection mechanism that uses

packet-switching technology to establish virtual circuits between the
communication endpoints.
A. ISDN
B. Frame Relay
C. SMDS
D. ATM - Precise Answer ✔✔B-Frame Relay is a layer 2 connection
mechanism that uses packet-switching technology to establish virtual
circuits between the communication endpoints. The Frame Relay
network is a shared medium across which virtual circuits are created to
provide point-to-point communications. All virtual circuits are
independent of and invisible to each other.

Which of the following is not an effective countermeasure against

inappropriate content being hosted or distributed over a secured
network?
A. Activity logging
B. Content filtering
C. Intrusion detection system
D. Penalties for violations - Precise Answer ✔✔C-An intrusion
detection system is designed to detect intrusions and is not a
countermeasure against inappropriate content by internal users.
However, activity logging, content filtering, and policies that include
penalties for violations can all be used as countermeasures for
inappropriate content.

Which firewall type looks exclusively at the message header to

determine whether to transmit or drop data?
A. Static packet filtering
B. Application-level gateway
C. Stateful inspection
D. Dynamic packet filtering - Precise Answer ✔✔A static packet-
filtering firewall filters traffic by examining data from a message header.

What regulation formalizes the prudent man rule that requires senior
executives to take personal responsibility for their actions?
A. CFAA
B. Federal Sentencing Guidelines
C. GLBA
D. Sarbanes-Oxley - Precise Answer ✔✔B- The Federal Sentencing
Guidelines released in 1991 formalized the prudent man rule, which
requires senior executives to take personal responsibility for ensuring the
due care that ordinary, prudent individuals would exercise in the same
situation.

What networking device can be used to create digital network segments

that can be altered as needed by adjusting the settings internal to the
device rather than on endpoint devices?
a) router
b) switch
c) proxy
d) gateway - Precise Answer ✔✔B- A switch is a networking device that
can be used to create digital network segments (i.e., VLANs) that can be
altered as needed by adjusting the settings internal to the device rather
than on endpoint devices. A router connects disparate networks rather
than creating network segments.

Identification is the first step toward what ultimate goal?

A. Accountability
B. Authorization
C. Auditing
D. Nonrepudiation - Precise Answer ✔✔a -Accountability is the
ultimate goal of a process started by identification.

What type of attack targets proprietary information stored on a civilian

organization's system?
A. Business attack
B. Denial-of-service attack
C. Financial attack
D. Military and intelligence attack - Precise Answer ✔✔- b- business
attack Confidential information that is not related to the military or
intelligence agencies is the target of business attacks. The ultimate goal
could be destruction, alteration, or disclosure of confidential
information.
You've performed a basic quantitative risk analysis on a specific
threat/vulnerability/risk relation. You select a possible countermeasure.
When performing the calculations again, which of the following factors
will change?
A. Exposure factor
B. Single loss expectancy
C. Asset value
D. Annualized rate of occurrence - Precise Answer ✔✔d -A
countermeasure directly affects the annualized rate of occurrence,
primarily because the counter-measure is designed to prevent the
occurrence of the risk, thus reducing its frequency per year.

A team that knows substantial information about its target, including on-
site hardware/software inventory and configuration details, is best
described as what?
A. Zero knowledge
B. Infinite knowledge
C. Absolute knowledge
D. Partial knowledge - Precise Answer ✔✔D -Partial-knowledge teams
possess a detailed account of organizational assets, including hardware
and software inventory, prior to a penetration test.

What BIA metric can be used to express the longest time a business
function can be unavailable without causing irreparable harm to the
organization?
A. SLE
B. EF
C. MTD
D. ARO - Precise Answer ✔✔c-The maximum tolerable downtime
(MTD) represents the longest period a business function can be
unavailable before causing irreparable harm to the business. This figure
is useful when determining the level of business continuity resources to
assign to a particular function.

Which one of the following alternate processing arrangements is rarely

implemented?
A. Hot site
B. Warm site
C. Cold site
D. MAA site - Precise Answer ✔✔d - Mutual assistance agreements are
rarely implemented because they are difficult to enforce in the event of a
disaster requiring site activation.

What does the term "100-year flood plain" mean to emergency

preparedness officials?
A. The last flood of any kind to hit the area was more than 100 years
ago.
B. The odds of a flood at this level are 1 in 100 in any given year.
C. The area is expected to be safe from flooding for at least 100 years.
D. The last significant flood to hit the area was more than 100 years ago.
- Precise Answer ✔✔B- The term 100-year flood plain is used to
describe an area where flooding is expected once every 100 years. It is,
however, more mathematically correct to say that this label indicates a 1
percent probability of flooding in any given year.

The Goguen-Meseguer model is an ________ model based on

predetermining the set or domain—a list of objects that a subject can
access.
A. Integrity
B. Confidentiality
C. Non-interference
D. Availability - Precise Answer ✔✔a -The Goguen-Meseguer model is
an integrity model based on predetermining the set or domain—a list of
objects that a subject can access.

What are the well-known ports?

A. 0 to 1,023
B. 80, 135, 110, 25
C. 0 to 65, 536
D. 32,000 to 65,536 - Precise Answer ✔✔a- Ports 0 to 1,023 are the
well-known ports.

Servers within your organization were recently attacked causing an

excessive outage. You are asked to check systems for known issues that
attackers may use to exploit other systems in your network. Which of the
following is the best choice to meet this need?
A. Versioning tracker
B. Vulnerability scanner
C. Security audit
D. Security review - Precise Answer ✔✔B- Vulnerability scanners are
used to check systems for known issues and are part of an overall
vulnerability management program. Versioning is used to track software
versions and is unrelated to detecting vulnerabilities. Security audits and
reviews help ensure that an organization is following its policies but
wouldn't directly check systems for vulnerabilities.

Which one of the following is not a goal of cryptographic systems?

A. Nonrepudiation
B. Confidentiality
C. Availability
D. Integrity - Precise Answer ✔✔C- The four goals of cryptographic
systems are confidentiality, integrity, authentication, and
nonrepudiation.

What is the first step of the business impact assessment process?

A. Identification of priorities
B. Likelihood assessment
C. Risk identification
D. Resource prioritization - Precise Answer ✔✔a -Identification of
priorities is the first step of the business impact assessment process.
What is the formula used to compute the single loss expectancy for a
risk scenario?
A. SLE = AV × EF
B. SLE = RO × EF
C. SLE = AV × ARO
D. SLE = EF × ARO - Precise Answer ✔✔a-The single loss expectancy
(SLE) is computed as the product of the asset value (AV) and the
exposure factor (EF). The other formulas displayed here do not
accurately reflect this calculation.

Which one of the following attacks is most indicative of a terrorist

attack?
A. Altering sensitive trade secret documents
B. Damaging the ability to communicate and respond to a physical
attack
C. Stealing unclassified information
D. Transferring funds to other countries - Precise Answer ✔✔b-A
terrorist attack is launched to interfere with a way of life by creating an
atmosphere of fear. A computer terrorist attack can reach this goal by
reducing the ability to respond to a simultaneous physical attack.

Which one of the following is not a basic requirement for the reference
monitor?
A. It must be tamperproof.
B. The source code must be made public.
C. It must always be invoked.
D. It must be small enough for testing. - Precise Answer ✔✔b-There is
no requirement that the reference monitor's source code be available to
the public.

Exercising reasonable care to protect the interests and assets of an

organization through a formalized security structure (policies, standards,
guidelines, and so on) is better known as what?
A. Due care
B. Due notice
C. Due diligence
D. Due indifference - Precise Answer ✔✔a- Due care is the notion of
preserving and protecting assets and interests for a given organization as
exercised through a formalized security structure comprising baselines,
guidelines, policies, procedures, and rules.

What evidentiary principle states that a written contract is assumed to

contain all the terms of an agreement?
A. Material evidence
B. Best evidence
C. Parol evidence
D. Relevant evidence - Precise Answer ✔✔c-The parol evidence rule
states that a written contract is assumed to contain all the terms of an
agreement and cannot be modified by a verbal agreement

Which of the following would security personnel do during the

remediation stage of an incident response?
A. Contain the incident
B. Collect evidence
C. Rebuild system
D. Root cause analysis - Precise Answer ✔✔B-Security personnel
perform a root cause analysis during the remediation stage. A root cause
analysis attempts to discover the source of the problem. After
discovering the cause, the review will often identify a solution to help
prevent a similar occurrence in the future. Containing the incident and
collecting evidence is done early in the incident response process.
Rebuilding a system may be needed during the recovery stage

___________________ ensures against unauthorized access to

information deemed personal or confidential.
A. Integrity
B. Availability
C. Nonrepudiation
D. Privacy - Precise Answer ✔✔D -The principle of privacy ensures
freedom from unauthorized access to information deemed personal or
confidential.

Which of the following is the most important and distinctive concept in

relation to layered security?
A. Multiple
B. Series
C. Parallel
D. Filter - Precise Answer ✔✔B-Layering is the deployment of multiple
security mechanisms in a series. When security restrictions are
performed in a series, they are performed one after the other in a linear
fashion. Therefore, a single failure of a security control does not render
the entire solution ineffective.

When information is collected about your activities online without your

consent, it is a violation of what?
A. Integrity
B. Intent
C. Confidentiality
D. Privacy - Precise Answer ✔✔D -When information is collected about
your activities online without your consent, it is known as a violation of
privacy.

Which software development life cycle model allows for multiple

iterations of the development process, resulting in multiple prototypes,
each produced according to a complete design and testing process?
A. Software Capability Maturity model
B. Waterfall model
C. Development cycle
D. Spiral model - Precise Answer ✔✔D-The spiral model allows
developers to repeat iterations of another life cycle model (such as the
waterfall model) to produce a number of fully tested prototypes.

Which of the following is not a segmentation of a network?

A. Subnet
B. VPN
C. VLAN
D. DMZ - Precise Answer ✔✔B-A VPN is not a network segmentation;
it is a secured encapsulation tunnel used to connect networks (or
network segments) together. Subnets, VLANs, and a DMZ are examples
of network segmentation.

Which one of the following is not a principle of Agile development?

A. Satisfy the customer through early and continuous delivery.
B. Businesspeople and developers work together.
C. Pay continuous attention to technical excellence.
D. Prioritize security over other requirements. - Precise Answer ✔✔D-In
Agile, the highest priority is to satisfy the customer through early and
continuous delivery of valuable software.

Which of the following is the best response after detecting and verifying
an incident?
A. Contain it.
B. Report it.
C. Remediate it.
D. Gather evidence. - Precise Answer ✔✔A -Containment is the first
step after detecting and verifying an incident. This limits the effect or
scope of an incident. Organizations report the incident based on policies
and governing laws, but this is not the first step. Remediation attempts to
identify the cause of the incident and steps that can be taken to prevent a
reoccurrence, but this is not the first step. It is important to protect
evidence while trying to contain an incident, but gathering the evidence
will occur after containment.

In an Agile software development process, how often should business

users be involved in development?
A. Daily
B. Weekly
C. Monthly
D. At each release - Precise Answer ✔✔a -The Agile development
process requires that business users interact with developers on a daily
basis.

What is used to increase the strength of cryptography by creating a

unique cipher text every time the same message is encrypted with the
same key?
A. Initialization vector
B. Vignere cipher
C. Steganography
D. Stream cipher - Precise Answer ✔✔a- An initialization vector (IV) is
a random bit string (a nonce) that is the same length as the block size
that is XORed with the message. IVs are used to create a unique cipher
text every time the same message is encrypted with the same key.

Which subset of the Structured Query Language is used to create and

modify the database schema?
A. Data Definition Language
B. Data Structure Language
C. Database Schema Language
D. Database Manipulation Language - Precise Answer ✔✔The Data
Definition Language (DDL) is used to make modifications to a relational
database's schema.

A VPN is a specific form of ___________________.

A. Tunnel
B. Encryption
C. WAN connectivity
D. Accountability mechanism - Precise Answer ✔✔a -A virtual private
network (VPN) is simply a communication tunnel that provides point-to-
point transmission of both authentication and data traffic over an
intermediary network.

What evidentiary principle states that a written contract is assumed to

contain all the terms of an agreement?
A. Material evidence
B. Best evidence
C. Parol evidence
D. Relevant evidence - Precise Answer ✔✔c-The parol evidence rule
states that a written contract is assumed to contain all the terms of an
agreement and cannot be modified by a verbal agreement.
Gathering sensitive information about an organization or party, in both
physical and digital form, for the purpose of ill-gotten gain or disclosure
is indicative of what crime?
A. Sabotage
B. Social engineering
C. Espionage
D. Collusion - Precise Answer ✔✔c-Espionage is a criminal action to
disclose or profit from illegally obtained sensitive information about an
organization.

What is the primary purpose of change management?

A. To prevent unwanted reductions to security
B. To allow management to review all changes
C. To delay the release of mission-critical patches
D. To improve productivity of end users - Precise Answer ✔✔b-The
primary purpose of change management is to allow management to
review all changes. However, it is true that the overall goal of change
management is to prevent unwanted reductions to security.

During what phase of incident response do you collect evidence such as

firewall logs?
A. Detection
B. Response
C. Compliance
D. Remediation - Precise Answer ✔✔b-Evidence collection takes place
during the response phase of the incident. Incidents are identified and
verified during the detection phase. Compliance with laws might occur
during the reporting phase, depending on the incident. Personnel
typically perform a root-cause analysis during the remediation phase.

A team that initially knows nothing about its target before performing a
security analysis is known as what?
A. Absolute knowledge
B. Partial knowledge
C. Zero knowledge
D. Infinite knowledge - Precise Answer ✔✔c-Zero-knowledge teams
possess only primary information about an organization during a
security assessment or penetration test.

In an Agile software development process, how often should business

users be involved in development?
A. Daily
B. Weekly
C. Monthly
D. At each release - Precise Answer ✔✔a-The Agile development
process requires that business users interact with developers on a daily
basis.

Which form of DBMS primarily supports the establishment of treelike

relationships?
A. Relational
B. Hierarchical
C. Mandatory
D. Distributed - Precise Answer ✔✔b-A hierarchical DBMS supports
one-to-many relationships, often expressed in a tree structure.

Which one of the following tools is used primarily to perform network

discovery scans?
A. Nmap
B. Nessus
C. Metasploit
D. lsof - Precise Answer ✔✔a-Nmap is a network discovery scanning
tool that reports the open ports on a remote system.

In a(n) ___________ system, all protection mechanisms work together

to process sensitive data for many types of users while maintaining a
stable and secure computing environment.
A. Trusted
B. Authorized
C. Available
D. Baseline - Precise Answer ✔✔a-In a trusted system, all protection
mechanisms work together to process sensitive data for many types of
users while maintaining a stable and secure computing environment.
During threat modeling, several options exist for ranking or rating the
severity and priority of threats. Which of the following not a threat
modeling ranking system?
A. DREAD
B. Probability * Damage Potential
C. Qualitative analysis
D. High/medium/low - Precise Answer ✔✔c-Qualitative analysis is part
of risk management/risk assessment, but it is not specifically a means of
ranking or rating the severity and priority of threats under threat
modelling. The three common means of ranking or rating the severity
and priority of threats are DREAD, Probability * Damage Potential, and
High/medium/low.

What is an attempt to vigorously exercise the security constraints and

parameters of a network, often using any means necessary?
A. Ethical hacking
B. Penetration testing
C. War dialing
D. Brute force - Precise Answer ✔✔b- Penetration testing is the process
of exercising, validating, and verifying the state of security on a
network.

In a typical environment, when a user creates a new file object (such as a

document or image file), who is the owner of that object by default?
A. Key recovery agent
B. Administrator or root
C. Creator
D. None - Precise Answer ✔✔c-The user who creates a new object is
usually the default owner of that object.

What is the client source port of a secured web communication?

A. 1024
B. 80
C. 443
D. A dynamic port - Precise Answer ✔✔d-Client source ports are
dynamic ports (i.e., randomly selected port number between 1024-
65,535) for most Application layer protocols, including secure web
communications (i.e., HTTPS).

Which one of the following technologies is considered flawed and

should no longer be used?
A. SHA-3
B. PGP
C. WEP
D. TLS - Precise Answer ✔✔C-The WEP algorithm has documented
flaws that make it trivial to break. It should never be used to protect
wireless networks.

What phase of the Electronic Discovery Reference Model examines

information to remove information subject to attorney-client privilege?
A. Identification
B. Collection
C. Processing
D. Review - Precise Answer ✔✔d-Review examines the information
resulting from the processing phase to determine what information is
responsive to the request and remove any information protected by
attorney-client privilege.

at is the point and purpose of disaster recovery services?

A. To prevent interruption to business operations
B. To prevent intrusion upon business operations
C. To provide restoration facilities to continue business operations
D. To provide personnel for provisioning rations to survivors - Precise
Answer ✔✔c-Disaster recovery services provide restoration facilities to
continue business operations.

System architecture, system integrity, covert channel analysis, trusted

facility management, and trusted recovery are elements of what security
criteria?
A. Quality assurance
B. Operational assurance
C. Life cycle assurance
D. Quantity assurance - Precise Answer ✔✔b-Assurance is the degree of
confidence you can place in the satisfaction of security needs of a
computer, network, solution, and so on. Operation-al assurance focuses
on the basic features and architecture of a system that lend themselves to
sup-porting security.
You are the security administrator for an e-commerce company and are
placing a new web server into production. What network zone should
you use?
A. Internet
B. DMZ
C. Intranet
D. Sandbox - Precise Answer ✔✔b-The DMZ (demilitarized zone) is
designed to house systems like web servers that must be accessible from
both the internal and external networks.

Which would an administrator do to classified media before reusing it in

a less secure environment?
A. Erasing
B. Clearing
C. Purging
D. Overwriting - Precise Answer ✔✔c-Purging media removes all data
by writing over existing data multiple times to ensure that the data is not
recoverable using any known methods. Purged media can then be reused
in less secure environments. Erasing the media performs a delete, but the
data remains and can easily be restored. Clearing, or overwriting, writes
unclassified data over existing data, but some sophisticated forensics
techniques may be able to recover the original data, so this method
should not be used to reduce the classification of media.

What element of data categorization management can override all other

forms of access control?
A. Classification
B. Physical access
C. Custodian responsibilities
D. Taking ownership - Precise Answer ✔✔d-Ownership grants an entity
full capabilities and privileges over the object they own. The ability to
take ownership is often granted to the most powerful accounts in an
operating system because it can be used to overstep any access control
limitations otherwise implemented.

John recently received an email message from Bill. What cryptographic

goal would need to be met to convince John that Bill was actually the
sender of the message?
A. Nonrepudiation
B. Confidentiality
C. Availability
D. Integrity - Precise Answer ✔✔a-Nonrepudiation prevents the sender
of a message from later denying that they sent it.

What standard governs the creation of digital certificates used in the

public key infrastructure?
A. FIPS 180-2
B. S/MIME
C. X.509
D. 802.1x - Precise Answer ✔✔c-X.509 defines a common format for
digital certificates containing certification of a public encryption key.
What is the duration of trade secret protection under federal law?
A. 20 years
B. 25 years
C. 50 years
D. Unlimited - Precise Answer ✔✔d-There is no limit to the duration of
trade secret protection.

Which security mechanism is used to verify whether the directive and

preventive controls have been successful?
A. Directive control
B. Preventive control
C. Detective control
D. Corrective control - Precise Answer ✔✔c-A detective control is a
security mechanism used to verify whether the directive and preventive
controls have been successful.

Which of the following is not true?

A. A purely quantitative analysis is not possible.
B. Qualitative risk analysis employs complex formulas and calculations.
C. Quantitative risk analysis assigns real dollar figures to the loss of an
asset.
D. Qualitative risk analysis assigns subjective and intangible values to
the loss of an asset. - Precise Answer ✔✔b-Qualitative risk analysis
does not employ complex formulas and calculations. Scenario
discussions and simple value assignments are used to evaluate risk,
incidents, losses, and safeguards.

What is the length of protection offered by trademark law without

requiring a renewal?
A. 5 years
B. 7 years
C. 10 years
D. 20 years - Precise Answer ✔✔c-Trademarks are protected for an
initial 10-year period and may be renewed for unlimited successive 10-
year periods.

Which of the following is not a security concern in relation to an

organization's divestitures?
A. Preventing data leakage
B. Sanitization techniques
C. Holding exit interviews
D. Performing on-boarding - Precise Answer ✔✔d

What is a trusted computing base (TCB)?

A. Hosts on your network that support secure transmissions
B. The operating system kernel and device drivers
C. The combination of hardware, software, and controls that work
together to enforce a security policy
D. The software and controls that certify a security policy - Precise
Answer ✔✔c-The TCB is the combination of hardware, software, and
controls that work together to enforce a security policy.

A central authority determines which files a user can access. Which of

the following best describes this?
A. An access control list (ACL)
B. An access control matrix
C. Discretionary Access Control model
D. Nondiscretionary access control model - Precise Answer ✔✔d-A
nondiscretionary access control model uses a central authority to
determine which objects (such as files) that users (and other subjects)
can access. In contrast, a Discretionary Access Control (DAC) model
allows users to grant or reject access to any objects they own. An ACL is
an example of a rule-based access control model. An access control
matrix includes multiple objects, and it lists the subject's access to each
of the objects.

Adam recently ran a network port scan of a web server running in his
organization. He ran the scan from an external network to get an
attacker's perspective on the scan. Which one of the following results is
the greatest cause for alarm?
A. 80/open
B. 22/filtered
C. 443/open
D. 1433/open - Precise Answer ✔✔d-Only open ports represent
potentially significant security risks. Ports 80 and 443 are expected to be
open on a web server. Port 1433 is a database port and should never be
exposed to an external network.

What type of malicious code appears to be a beneficial program but

actually performs some type of malicious activity in the background?
A. Virus
B. Worm
C. Trojan horse
D. Logic bomb - Precise Answer ✔✔c-Trojan horses are programs that
appear to the user to be some type of beneficial program (such as a game
or utility) but perform a malicious activity in the background.

Which of the following is not an example of a converged protocol?

A. iSCSI
B. VoIP
C. FCoE
D. NNTP - Precise Answer ✔✔d-Network News Transfer Protocol
(NNTP) is not an example of a converged protocol. ISCSI, VoIP, and
FCoE are converged protocols.

Which of the following acts as a proxy between an application and a

database to support interaction and simplify the work of programmers?
A. SDLC
B. ODBC
C. DSS
D. Abstraction - Precise Answer ✔✔B-ODBC acts as a proxy between
applications and the backend DBMS.

Senior management must show reasonable ___________________ to

reduce their culpability and liability when a loss occurs.
A. Profits
B. Insurance
C. Due care
D. Asset valuation - Precise Answer ✔✔c-Senior management must
show reasonable due care to reduce their culpability and liability when a
loss occurs.

What term is used to describe hiding messages within graphical images?

A. Pseudocryptography
B. Graphography
C. Steganography
D. Rheumatology - Precise Answer ✔✔c-Steganography is the art of
hiding messages within the bits of a graphical image to avoid detection.

Which of the following best describes an implicit deny principle?

A. All actions that are not expressly denied are allowed.
B. All actions that are not expressly allowed are denied.
C. All actions must be expressly denied.
D. None of the above. - Precise Answer ✔✔b-The implicit deny
principle ensures that access to an object is denied unless access has
been expressly allowed (or explicitly granted) to a subject. It does not
allow all actions that are not denied, and it doesn't require all actions to
be denied.

Which of the following is not a valid security measure to protect against

brute-force and dictionary attacks?
A. Enforce strong passwords through a security policy.
B. Maintain strict control over physical access.
C. Require all users to log in remotely.
D. Use two-factor authentication. - Precise Answer ✔✔c-Requiring
users to log in remotely does not protect against password attacks such
as brute-force or dictionary attacks. Strong password policies, physical
access control, and two-factor authentication all improve the protection
against brute-force and dictionary password attacks.

What is a TCP wrapper?

A. An encapsulation protocol used by switches
B. An application that can serve as a basic firewall by restricting access
based on user IDs or system IDs
C. A security protocol used to protect TCP/IP traffic over WAN links
D. A mechanism to tunnel TCP/IP through non-IP networks - Precise
Answer ✔✔b-A TCP wrapper is an application that can serve as a basic
firewall by restricting access based on user IDs or system IDs.
Which of the following attacks is the best example of a financial attack?
A. Denial of service
B. Website defacement
C. Port scanning
D. Phone phreaking - Precise Answer ✔✔d-Phone phreaking attacks are
designed to obtain service while avoiding financial costs.

Which one of the following cannot be achieved by a secret key

cryptosystem?
A. Nonrepudiation
B. Confidentiality
C. Authentication
D. Key distribution - Precise Answer ✔✔s-Nonrepudiation requires the
use of a public key cryptosystem to prevent users from falsely denying
that they originated a message.