Questions
- Melinda just received an International Information Systems Security Certification Consortium (ISC)² certification. Per their Code of Ethics, her primary service is to?
A. Users
B. Management
C. Shareholders
D. All humanity
- A key difference between a penetration test and a vulnerability scan would be which of the following?
A. There is no difference between the two as they both search for vulnerabilities.
B. Penetration testing is done only in logical environments to ensure firewalls are not vulnerable to attack.
C. Vulnerability testing is done only in physical environments to ensure exit and safety doors are not vulnerable.
D. A vulnerability scan searches for vulnerabilities, but a penetration test exploits vulnerabilities.
- Phillip, a systems analyst, insists that he did not send an email requesting a ransom. Further analysis shows that the public key of the letter directly relates to Phillip's private key. This is an example of?
A. Certificates
B. Repudiation
C. Defense in depth (DiD)
D. Non-repudiation
- After powering on a computer, it eventually boots the Linux operating system. Which of the following loads the kernel?
A. Basic input/output system (BIOS)
B. Master boot record (MBR)
C. User
D. Unified Extensible Firmware Interface (UEFI)
- Terri is a security analyst seeking to improve authentication from using just a password, to a password and an authenticator that uses a time-based one-time password (TOTP). Which type of authentication is she implementing?
A. Two-factor authentication (2FA)
B. Three-factor authentication (3FA)
C. Something-that-you-know
D. Multi-factor authentication (MFA)
- Emory is a security administrator setting up systems so that when users use a fully qualified domain name (FQDN), it is converted to Internet Protocol (IP) addresses. Which two technologies is he configuring?
A. Dynamic Host Configuration Protocol daemon (DHCPD)
B. Berkeley Internet Name Domain (BIND)
C. HyperText Transfer Protocol daemon (HTTPD)
D. Name server Daemon (NAMED)
- Patty, a CISSP technician with KNA Engr, has discovered that Tom and Tim, also CISSPs, colluded and harmed a business associate. How should she report this ethics violation to (ISC)²?
A. Only with the sponsorship of another (ISC)²-certified individual
B. The (ISC)² ethics web page
C. By emailing
ethics@isc2.orgD. In a typed or handwritten letter
- Julie is setting up an intrusion detection system (IDS) that is rule-based. A rule-based IDS has which of the following attributes?
A. Can recognize patterns and multiple activities
B. Protocol recognition outside normal settings
C. Produces
ifstatementsD. Recognizes new types of attacks
- This computer security technique continuously and randomly repositions an application's data in memory to mitigate buffer overflows. Which of the following security techniques is being referred to here?
A. Dynamic random-access memory (DRAM)
B. Static RAM (SRAM)
C. Erasable programmable read-only memory (EPROM)
D. Address space layout randomization (ASLR)
- Ken is a network engineer tuning the network to meet corporate standards. His supervisor informs him that the security measures are making the network perform poorly, and he must remove them. What must BEST be done for the security of the organization?
A. Ken must remove the security measures.
B. Ken should suggest his manager speak with the security manager.
C. Ken should remove the security measures and re-enable them after his manager goes home.
D. Make Ken's supervisor the security manager.
- Akheela is required to destroy card verification value (CVV) codes after transactions have been completed. She is complying with which standard?
A. The Committee of Sponsoring Organizations (COSO)
B. The IT Infrastructure Library (ITIL)
C. The National Institute of Standards and Technology (NIST)
D. The Payment Card Industry Data Security Standard (PCI-DSS)
- Jerry is an ethical hacker attacking LUANG hospital as authorized by their chief information security officer (CISO). Federal investigators notice the attack and raid Jerry's office and arrest him. Why was he MOST LIKELY arrested?
A. All hacking is against the law, including ethical hacking.
B. He was attacking the human resources (HR) department instead of the financial department, per the agreement.
C. He was attacking HERT hospital instead of HART hospital, which was unapproved.
D. He started the attack before getting his Get-Out-of-Jail-Free-Card document.
- Jaquan is a security manager creating a corporate security document that states laptops must maintain the latest patches, use ClamAV malware detection software, LibreOffice suite, and Thunderbird email client. This document BEST fits which category?
A. Policy
B. Standard
C. Procedures
D. Guidelines
- Aliyah, a software developer, is creating a chess-playing game. To make her job easier, she acquires a library of chess pieces recommended to her by a newsgroup. A week later, an overseas hacker is detected on her computer. What MOST LIKELY happened?
A. The dynamic-link library (DLL) or shared object had a backdoor.
B. The system was air-gapped.
C. The malware protection was not updated.
D. The application is written in the C language.
- Identity management systems maintain user authentication information and include which two out of the following?
A. Active Directory (AD)
B. Lightweight AD Protocol (LDAP)
C. A distinguished name (DN)
D. A domain component (DC)
- Toussaint, a network engineer, is asked to install a router to separate two networks within his local-area network (LAN) where there are no email or web services, instead of a firewall. After asking "why not a firewall", how does his network manager respond?
A. Routers are stateful by default.
B. Routers are less expensive.
C. Firewalls are less expensive.
D. Routers are stateless by default.
- Robert, a software technician, develops an application in the C language allowing users to enter their home and business addresses. Which of the following is his primary concern?
A. Lack of library support
B. Users entering wrong addresses
C. Buffer overflows
D. Malware
- Kristi is a security technician completing setups for the single sign-on (SSO) system. Which system should she utilize for the MOST secure authentication?
A. Extensible Authentication Program (EAP)
B. Message-digest 5 (MD5)
C. Password Authentication Protocol (PAP)
D. Advanced Encryption Standard (AES)
- Prixy is a chef seeking to visit his daughter at the Federal Bureau of Investigation (FBI). He's instructed to go through a door, and the door in front and behind him are locked. While locked in the room, he hears over the speaker that metal is detected and he is being detained. What is the name of this room?
A. Chroot jail
B. Mantrap
C. Panic room
D. Temporary lockup
- The practice of conducting timely network vulnerability scans helps to discover which two vulnerabilities?
A. Unauthorized services
B. File modifications
C. Open ports
D. Poor passwords
- Brett is a network manager architecting a wired network through Klout Co. Part of the cabling will run above drop ceilings and through raised floors. Which of the following is his BEST recommendation?
A. Use standard-grade cable because it is the least expensive.
B. Use plenum-grade cable because, in the case of a fire, standard-grade cables emit deadly gas.
C. Use standard-grade cable because it is fireproof.
D. Use plenum-grade cable because of its encryption features.
- Fake video cameras are a type of which security control?
A. Deterrent
B. Compensating
C. Preventative
D. Detective
- Lisa's credit card information was stolen, and she realizes this occurred at the Luke petrol station. She believes the owner should go to prison. Which would MOST LIKELY occur?
A. The PCI-DSS is a contractual agreement between the store owner and the credit card provider. At worst, the owners will lose the right to accept credit cards.
B. PCI-DSS is an industry standard. At worst, the owner will lose their credit card license.
C. PCI-DSS is a federal regulation punishable by up to 5 years in federal prison.
D. PCI-DSS is a legal standard punishable by up to 5 years in state prison.
- Computer system features such as the UEFI, a globally unique identifier (GUID) partition table, a universally unique ID (UUID), a trusted platform module (TPM), and SELinux are a part of which security feature?
A. BIOS
B. MBR
C. Extensible Firmware Interface (EFI)
D. Trusted computing base (TCB)
- Lonnie is a security technician analyzing fingerprint scanners for access to the security operations center (SOC). Device 1 has a crossover error rate (CER) of 3.5. Device 2 has a CER of 3.1. Which of the following is true for BEST security?
A. He should use device 1 because the CER is higher.
B. He should use device 2 because the CER is lower.
C. Since the CERs are similar, he should use the lower-cost device.
D. Use both devices to simplify access to the system on a chip (SOC).
- Diskless computers with memory and fast central processing units (CPUs), networked to obtain their operating system and data from a centralized server, are called?
A. Backup servers
B. Distributed computing
C. Thick clients
D. Thin clients
- Complete mediation can be BEST described by which of the following approaches to security?
A. Integrates authentication and authorization
B. Layered security
C. An approach that minimizes the opportunity to be circumvented
D. An approach that uses DiD and least privilege
- Which of the following predicts how long an electromechanical system will run until it fails and can be repaired?
A. Mean time between failures (MTBF)
B. Mean down time (MDT)
C. Mean time to failure (MTTF)
D. Mean time to recovery (MTTR)
- Terminal Access Controller Access-Control System (TACACS) and TACACS+ systems contain which of the following two features?
A. 2FA
B. Encrypts passwords but not data
C. Communicates via User Datagram Protocol (UDP) protocols
D. Allows password changes
- Several signs and emails warn staff not to pick up and use Universal Serial Bus (USB) drives found in parking lots or elsewhere. These types of security notices fall under which category?
A. Training
B. Education
C. Awareness
D. Professional development
- Which of the following is NOT a directive control type?
A. Privacy policy
B. Beware of dog sign
C. Bollard
D. Terms of service
- Which of the following is a framework that uses seven evaluation assurance levels to help assess the security of technology devices?
A. United Labs
B. Evaluation Assurance
C. Common Criteria (CC)
D. Functional Testing
- Marcus has purchased laptops for his staff for US Dollars (USD) $4,000 each. Insurance will cover 50% if they are lost, stolen, or damaged. In an average year, five laptops are lost, stolen, or damaged. Calculate the annualized loss expectancy (ALE).
A. $20,000
B. $10,000
C. $4,000
D. $2,000
- Anna's security manager asks her to provide data as to whether they should stay on their Remote Authentication Dial-In User Service (RADIUS) authentication, authorization, and accounting (AAA) server, or move to TACACS. What are two differences between RADIUS and TACACS?
A. TACACS transmits data via Transmission Control Protocol (TCP), and RADIUS transmits data via UDP.
B. TACACS transmits data via UDP, and RADIUS transmits data via TCP.
C. TACACS encrypts all the data; RADIUS encrypts the password only.
D. TACACS encrypts all the data; RADIUS encrypts the username and password only.
- SSO systems have which characteristics?
A. Provide a single username and password to access each system
B. Provide multiple usernames and passwords to access resources
C. Provide a single username with various passwords to access resources
D. Provide a single username and password to access the entire network
- Isolating test code from direct contact with in-production systems and data is which kind of process?
A. Automation
B. Isolation
C. Revision control
D. Sandboxing
- PGIN Corp has detected an attack on their network where personally identifiable information (PII) was leaked to an overseas hacker. What is the next step in the incident management process?
A. Preparation
B. Response
C. Detection
D. Mitigation
- Frank is a hacker seeking vulnerabilities to attack a bank and steal money electronically. Which electronic communication device is MOST LIKELY the weakest vulnerability?
A. The bank website
B. The internal corporate website
C. Fishtank thermometer
D. The firewall
- From the following list, which is NOT a requirement of the PCI-DSS?
A. Restrict physical access to cardholder data.
B. Collect logins and passwords for each online customer.
C. Protect stored cardholder data.
D. Regularly test security systems and processes.
- Which of the following represents an acceptable amount of data loss measured in time?
A. Recovery point objective (RPO)
B. Maximum tolerable downtime (MTD)
C. Recovery time objective (RTO)
D. Work recovery time (WRT)
- Charles is a security administrator who convinced the chief security officer (CSO) that they should invest in an empty building as a recovery site because space becomes expensive in the case of a disaster. Which kind of facility is this?
A. Hot site
B. Cloud site
C. Cold site
D. Warm site
- A type of role-based access control (RBAC) that allows for defining a subset of roles based on a superset role is named which of the following?
A. Superuser
B. Superset-based
C. Subset-based
D. Hierarchical
- A popular source code repository (SCR) tool that archives, tracks the history, and maintains revisions of an application is known as which of the following?
A. Pascal
B. Git
C. Java
D. Fortran
- Brig is a senior systems administrator looking to mitigate external threats into his Linux and Unix systems. What BEST mitigates brute-force attacks?
A. Encrypt the hard drive.
B. Implement stronger password policies.
C. Hash passwords using Secure Hash Algorithm 256 (SHA-256).
D. Change the root login name to
roto-root3r. - Madge is a network manager whose team has recently installed 100 IP cameras. Practicing good security, all default logins and passwords were changed to strong credentials. It is later discovered that one of the cameras has been used as an attack vector to breach the corporate network. What did the team miss?
A. They forgot to change the credentials on the breached camera.
B. Malware is within the cameras that call back to the manufacturer.
C. A team member installed a 101st camera with the default credentials.
D. The camera had a hardcoded password.
- Arie is a hacker who wishes to launch an attack with the least technology possible. Which attack does he MOST Likely perform?
A. Social engineering
B. Phishing
C. Spam
D. Trojan horse
- Greg is a service manager ready to start his day. He opens his laptop but cannot access the internet. He notices that he has an IP address of
169.254.3.4but still cannot access his online bank. What is MOST LIKELY the problem?A. The DHCP server is down.
B. His network card is disabled.
C. The bank's web server is down.
D. The internet is down.
- Arthur, chief executive officer (CEO) of Funutek, wishes to implement online purchasing via their website. The chief marketing officer (CMO) likes the idea because the new system can double sales. The CSO fears internet attacks and suggests NOT moving forward. How should Arthur proceed?
A. Implement the website once he is certain there is no risk of attack.
B. Implement the website after the CMO collects research on securing websites.
C. Implement the website and secure it within acceptable risk levels.
D. Listen to the CSO—do not implement the website.
- Which of the following steps are NOT part of forensically protecting evidence from a hard drive?
A. Hash the hard drive.
B. Save critical files for the manufacturing department to a remote system.
C. Duplicate the hard drive.
D. Write-protect the hard drive.
- Kilroy has just learned about hacking and attempts to hack into his school website to change his grades. This puts him in which class of hackers?
A. Ethical hacker
B. Script kiddie
C. Advanced persistent threat (APT)
D. Internal threat
- ZZX Corp is under a widespread phishing attack, stating DHL cannot deliver a package and must click a link to fix the problem. Which is the BEST solution to this?
A. Program a packet-filtering firewall.
B. Install and program a circuit-level gateway within the corporate LAN.
C. Install software-based firewalls on each PC.
D. Security awareness training and phish auditing.
- Matia is a software development manager, and her team is undertaking the final testing of software before releasing it to production. The final test will simulate the production environment. What is this test called?
A. Penetration testing
B. Production testing
C. Simulation testing
D. Sandbox testing
- Nadia is a systems administrator given privileges above standard users, such as the ability to add and remove networks and printers. Senior systems administrators can also add and remove hard drives, which Nadia is not allowed to do. Which model does this BEST represent?
A. RBAC
B. Non-discretionary access control (NDAC)
C. Discretionary access control (DAC)
D. Mandatory access control (MAC)
- Which groups are MOST responsible for data leaks of PII?
A. Hackers and script kiddies
B. Nation-sponsored hackers
C. External hacktivists
D. Employees and contractors
- Compilation and derivation of data from databases is called?
A. Aggregation and inference
B. Compiling and deriving
C. Compilation and derivation
D. Certification and accreditation
- Which of the following backup types make for the fewest number of tapes to restore after making several years of backups?
A. Full
B. Incremental
C. Differential
D. Partial
- Routing IP (RIP) is a distance-vector routing protocol. Distance-vector routing protocols make routing decisions based on what?
A. Physical distance measured in centimeters (cm) or kilometers (km), if preferred
B. Number of hops, network load, and packet size
C. A combination of physical distance and number of hops
D. Minimum number of hops to reach the destination
- Manne is conducting a risk assessment and needs to determine the percentage of risk his organization would suffer if an asset were compromised. Which of the following signifies this aspect of risk?
A. Vulnerabilities
B. Safeguards
C. Exposure factors
D. Risks
- Nifta just completed a risk assessment with his team and they determined that the new planned office location was too dangerous, so they decided not to build there. Which risk response did they use?
A. Mitigation
B. Avoidance
C. Acceptance
D. Transfer
- Mobile device management (MDM) helps security technicians manage security on smartphones. Which three features are managed using MDM?
A. Patch updates
B. Encryption
C. Remote wipe
D. Contact list updates
- Catia is a hacker who can forge email messages to make them appear as if they are signed by a trusted person. Why will this fail for her?
A. Copying valid digital signatures to another document results in a different hash.
B. The public key must be identical.
C. The symmetric key must be identical.
D. A script kiddie would have no trouble forging messages.
- What is an organization's largest security risk in using open source applications?
A. The operations department does not install version updates and patches in a timely manner.
B. The source code is visible by anyone in the world.
C. The creator(s) of the application may not have used secure software development procedures.
D. The creator(s) decides to discontinue further development of the application.
- Two ways to monitor a website's utilization, storage, system loads, and users for effectiveness are with which utilities?
A. Alerts and logs
B. Metrics and logs
C. Events and logs
D. Thresholds and logs
- Tanisia has discovered that her employer has been reading her emails. She approaches her boss, and her boss shows her that she signed the reasonable expectation of privacy (REP) agreement. Which steps can Tanisia take next?
A. Report the supervisor to HR.
B. Contact the police or federal authorities and open a criminal case.
C. Nothing—she waived her rights to email privacy while at work.
D. File a civil lawsuit.
- Cheng, a networking engineer, is connecting two computers in a LAN. Computer A has an IP address of
10.0.4.7/24, and computer B has an IP address of10.0.5.8/24. He tests the connections usingpingbut gets ahost unreachableerror message. They are both properly plugged into the switch. What is the MOST Likely problem?A. One of the cables is broken.
B. Cheng needs to use a hub instead of a switch.
C. The systems are improperly connected.
D. The systems are on separate subnets.
- A public key infrastructure (PKI) offers which type of trust to users?
A. Peer-to-peer
B. Transitive
C. Trust metrics
D. Coaching
- Data that resides on a solid-state drive (SSD), optical disk, hard drive, or magnetic tape is also known as:
A. Data in use
B. Data on disk
C. Data at rest
D. Data in motion
- Bee-Ar Restaurant suffers an incident where a male cook followed a woman into a bathroom, took a photo, and ran out. He is finally caught, and newspapers ask employees for answers. All staff, except for public relations (PR), should be trained to say which of the following?
A. The attacker was apprehended, and the police will get back with answers to your questions.
B. The attacker was apprehended, and the CEO will get back with answers to your questions.
C. The attacker was apprehended, and PR will get back with answers to your questions.
D. No comment.
- A digital signature must have which two of the following attributes?
A. Contain letters, numbers, and special characters
B. Be unique
C. Be easy to remember
D. Be readable and legible
- Karlton, a network technician, installs a firewall and opens ports
80and443. He can reach the website, but testing the Secure Shell (SSH) service from the Wide Area Network (WAN) results in access being denied. What MOST LIKELY caused this issue?A. The first rule of the firewall is deny-all.
B. The first rule of the firewall is allow-all.
C. The last rule of the firewall is deny-all.
D. The last rule of the firewall is allow-all.
- Which of the following describes an infrastructure of using asymmetric keys and certificates for mutual verification?
A. GNU Privacy Guard (GPG)
B. Pretty Good Privacy (PGP)
C. Online Certificate Status Protocol (OCSP)
D. X.509
- Several administrators are getting phone calls at GD Company to make $3,000 investments in platinum. What likely caused this?
A. Vishing
B. PhoneSweep
C. War dialing
D. An administrator responded to an advertisement in a magazine
- Roger is a security engineer reviewing log files and notices that from 9 P.M. to 3 A.M., the server reports attempted connections on network ports
0,1,2,3…., and1023from an unknown system on the internet. Which type of attack is occurring?A. HPING
B. Port scanning
C. Network Mapper (NMAP)
D. Distributed denial-of-service (DOS)
- Bini has provided his phone number, email address, and home address to Pay & Go Food Store so that they can deliver groceries to his home. He is considered to be which of the following?
A. Data owner
B. Data auditor
C. Data subject
D. Data custodian
- An example of a device that blocks cars from entering but allows people through is known as which device?
A. Turnstile
B. Mantrap
C. Bollard
D. Fence
- Which command starts the computer management console on a Windows 10 system?
A.
compmgmt.mscB.
perfmon.mscC.
eventvwr.mscD.
regedit.exe - Which of the following should NOT be put in a service-level agreement (SLA)?
A. The types of media backup data is saved on
B. Protocols to change metrics
C. Metrics on how services will be measured
D. Remedies for breach of the agreement
- Dalip is president of BAS Mail Order services and is a vendor to firms that needs bulk letters sent to their clients. How would the General Data Protection Regulation (GDPR) define BAS Mail Order services?
A. Data controller
B. Data processor
C. Data custodian
D. Data steward
- Casey, an information technology (IT) intern, opens a case with the corporate support department but they refuse to assist her. This is MOST LIKELY for which reason?
A. Interns are required to get technological assistance from their supervisor.
B. She is seeking assistance for software not on the whitelist.
C. Interns are required to get technological assistance from their assigned peer.
D. Part of being an intern is figuring out technology issues on your own.
- Neicy is a software developer making a computer game. She has the option to reuse source code from previous video games to simplify the task. How should the manager respond?
A. Never reuse code because it is poor practice.
B. Never reuse code because it is inherently insecure.
C. Test and validate the reused code as if it were new code.
D. Never reuse code because it brings bugs into the application.
- When comparing encryption systems, symmetric systems do NOT have which feature:
A. Encryption algorithm
B. Non-repudiation
C. Decryption algorithm
D. Key
- Kim is a security analyst deploying a honeynet. Her manager suggests that once a hacker is identified, the system should automatically attack the hacker's system and wipe the hacker's hard drive. Why is this NOT recommended?
A. It is technically impossible to launch a counterattack.
B. Hackback is illegal.
C. Hackback is too difficult to automate.
D. There is not enough staff to conduct the remote hard-drive wipes.
- Terry enjoys answering fun questions about himself on social media. His bank account was recently hacked and money stolen. What MOST LIKELY occurred?
A. His credentials and other private data were stolen during a credit-union hack.
B. Hackers obtained his credentials by launching a Structured Query Language injection attack on his computer.
C. Hackers launched a DoS attack on the credit union to obtain his login credentials.
D. Hackers used information from social media to discover his credentials and his mother's maiden name.
- Matin is planning on hiring 25 new technicians. What should be his FIRST step when reviewing new candidates?
A. Conduct thorough background checks.
B. Make sure prospects pass lie-detector screening.
C. Follow the employment candidate screening process.
D. Perform drug screenings.
- Denise is a website developer who has completed programming to accept credit cards. Which kind of testing is it when she simulates being a hacker attempting to steal credit card information?
A. Static code analysis
B. Misuse case testing
C. Normal case testing
D. Code review
- SHA-1 hashing has a longer message digest than MD5 hashing. This makes SHA-1 less vulnerable to which kind of attack?
A. Happy
B. Correlation
C. Collision
D. Birthday
- What is the primary purpose of configuring a computer room with hot and cold aisles?
A. Reduce exhaust recirculation.
B. Increase server capacity.
C. Improve the availability of computing services.
D. Reduce cooling costs.
- Which of the following is NOT a trait of digital rights management (DRM)?
A. Watermarking
B. Product keys
C. Automatic failover
D. Copy restriction
- Buffer overflow attacks occur because of poorly written applications. Attackers exploit the vulnerability and can potentially gain access to the entire computer. These attacks occur where?
A. Space on hard drives where files have been marked for removal
B. Main memory
C. Unused space within files
D. Unused space in applications
- TACACS uses which communication protocol to support AAA?
A. Internet Control Message Protocol (ICMP)
B. TCP
C. UDP
D. A&P
- Maria, a security technician, is testing methods to defeat the firewall. Which method does she find MOST effective?
A. Changing the static IP address
B. Firewalking
C. Fragmentation
D. Encryption
- Microsoft has put which system together to help analyze common software threats?
A. Self-Monitoring, Analysis, and Reporting Technology (SMART)
B. Waterfall
C. Denial, Rejection, Expectation, Acceptance, Dependency (DREAD)
D. Spoofing identity, Tampering with data, Repudiation threats, Information disclosure, Denial of service, and Elevation of privileges (STRIDE)
- Which of the following is NOT part of the qualitative risk analysis process?
A. Cost versus benefit analysis
B. Multiple experts
C. Opinions considered
D. Educated guesses
- Gael is a system engineer setting up devices to reduce noise and power spikes entering the data center. Which system provides the BEST filtering?
A. Generator
B. Uninterruptable power supply (UPS)
C. Power distribution unit (PDU)
D. Dual power feed
- Common vulnerabilities found during internal scans include which two of the following?
A. Nessus results
B. Unpatched systems
C. Open network ports
D. Wireshark results
- Carla, a security technician, has installed a fingerprint scanner to authenticate users. The device has a relatively high false acceptance rate (FAR). Which result can she expect?
A. Too many unauthorized users will be granted access.
B. The false rejection rate (FRR) will be relatively high.
C. The FAR will be equal to the CER.
D. Unauthorized users will be blocked.
- Geri is a CSO reviewing the International Organization for Standardization (ISO) 27002 security framework. She determines she can ignore the security controls related to parking because the organization has no parking lot. This process is known as what?
A. Tailoring
B. Scoping
C. Baselining
D. Supplementing
- Fred, a security engineer, is notified that sketches of new boat designs have made their way to the internet and have been seen online. His office has no computers or other technology. What is his BEST next step?
A. Enable encryption.
B. Install dummy cameras.
C. Deploy a firewall.
D. Implement a clean desk policy.
- Users who create passwords with multiple characters using lowercase, uppercase, and special characters, and a minimum of 16 characters, are using which security model?
A. Mutual authentication
B. Security through obscurity
C. DiD
D. Implicit deny
- The Address Resolution Protocol (ARP) command notifies the user of which media access control (MAC) address a computer uses by providing the IP address of that system. ARP collects data from which layers of the Open Systems Interconnection (OSI) model?
A. Network and data link
B. Presentation and application
C. Network and transport
D. Physical and data link
