CISSP Exam Dumps | Which of the following is one of the oldest and most common problem in software development that is still

<< Prev Question Next Question >>

Question 361/1299

Which of the following is one of the oldest and most common problem in software development that is still very prevalent today?

A. Buffer Overflow

B. Social Engineering

C. Code injection for machine language

D. Unassembled reversible DOS instructions.

Correct Answer: A

Explanation/Reference:
Explanation:
Buffer overflows are in the source code of various applications and operating systems. They have been around since programmers started developing software. This means it is very difficult for a user to identify and fix them. When a buffer overflow is identified, the vendor usually sends out a patch, so keeping systems current on updates, hotfixes, and patches is usually the best countermeasure.
A buffer overflow takes place when too much data are accepted as input to a specific process. A buffer is an allocated segment of memory. A buffer can be overflowed arbitrarily with too much data, but for it to be of any use to an attacker, the code inserted into the buffer must be of a specific length, followed up by commands the attacker wants executed. So, the purpose of a buffer overflow may be either to make a mess, by shoving arbitrary data into various memory segments, or to accomplish a specific task, by pushing into the memory segment a carefully crafted set of data that will accomplish a specific task. This task could be to open a command shell with administrative privilege or execute malicious code.
Incorrect Answers:
B: Social engineering is when one person tricks another person into sharing confidential information, for example, by posing as someone authorized to have access to that information. This is a user issue; it is not a problem in software development.
C: Code injection is the exploitation of a computer bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or "inject") code into a vulnerable computer program and change the course of execution. This is not one of the most common problems in software development today.
D: DOS applications are rare nowadays so unassembled reversible DOS instructions is not a prevalent problem today.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 332, 337

Question List (1299q): Question 1: Which of the following best describes the Secure Electronic ...; Question 2: Which of the following security controls is intended to brin...; Question 3: In discretionary access environments, which of the following...; Question 4: External consistency ensures that the data stored in the dat...; Question 5: Which of the following is most concerned with personnel secu...; 1 commentQuestion 6: Mark's manager has tasked him with researching an intrusion ...; Question 7: Organizations should consider which of the following first b...; Question 8: Related to information security, integrity is the opposite o...; Question 9: Business rules can be enforced within a database through the...; Question 10: The fact that a network-based IDS reviews packets payload an...; Question 11: Which of the following term BEST describes a weakness that c...; Question 12: You have been tasked with developing a Business Continuity P...; Question 13: Under the principle of culpable negligence, executives can b...; Question 14: Which of the following services is NOT provided by the digit...; Question 15: RADIUS incorporates which of the following services?...; Question 16: Which of the following rules is LEAST likely to support the ...; Question 17: Which of the following is NOT an example of an operational c...; Question 18: What assesses potential loss that could be caused by a disas...; Question 19: What is the primary reason why some sites choose not to impl...; Question 20: Transport Layer Security (TLS) is a two-layered socket layer...; Question 21: What is the percentage at which the False Rejection Rate equ...; Question 22: Which of the following is the MOST important aspect relating...; Question 23: What best describes a scenario when an employee has been sha...; Question 24: Which one of the following factors is NOT one on which Authe...; Question 25: Remote Procedure Call (RPC) is a protocol that one program c...; Question 26: Which of the following statements relating to Distributed Co...; Question 27: Which of the following computer recovery sites is only parti...; Question 28: Which of the following is not a one-way hashing algorithm?...; Question 29: What is called the formal acceptance of the adequacy of a sy...; Question 30: What can be described as a measure of the magnitude of loss ...; Question 31: If an employee's computer has been used by a fraudulent empl...; Question 32: Which of the following is an example of discretionary access...; Question 33: In a stateful inspection firewall, data packets are captured...; Question 34: Suppose that you are the COMSEC - Communications Security cu...; Question 35: Which of the following algorithms is used today for encrypti...; Question 36: Which of the following is a drawback of fiber optic cables?...; Question 37: Physical security is accomplished through proper facility co...; Question 38: Which of the following is commonly used for retrofitting mul...; Question 39: Which one of the following is NOT one of the outcomes of a v...; Question 40: An Intrusion Detection System (IDS) is what type of control?...; Question 41: The RSA algorithm is an example of what type of cryptography...; Question 42: What security model implies a central authority that defines...; Question 43: What is the difference between the OCSP (Online Certificate ...; Question 44: The Domain Name System (DNS) is a global network of:...; Question 45: Which port does the Post Office Protocol Version 3 (POP3) ma...; Question 46: Which of the following would be an example of the BEST passw...; Question 47: Which of the following statements pertaining to Kerberos is ...; Question 48: The only difference between RAID 3 and RAID 4 is that level ...; Question 49: The description of the database is called a schema. The sche...; Question 50: Which of the following focuses on sustaining an organization...; Question 51: What are the four domains that make up CobiT?...; Question 52: In an organization, an Information Technology security funct...; Question 53: Which of the following biometric devices has the lowest user...; Question 54: If an internal database holds a number of printers in every ...; Question 55: The DMZ does not normally contain:...; Question 56: In which phase of Internet Key Exchange (IKE) protocol is pe...; Question 57: When referring to the data structures of a packet, the term ...; Question 58: The MOST common threat that impacts a business's ability to ...; Question 59: Which layer of the OSI/ISO model handles physical addressing...; Question 60: Which of the following backup method must be made regardless...; Question 61: Which of the following statements pertaining to protection r...; Question 62: Which of the following is given the responsibility of the ma...; Question 63: In IPSec, if the communication is to be gateway-to-gateway o...; Question 64: Java is not:; Question 65: Which Network Address Translation (NAT) is the MOST convenie...; Question 66: Which of the following is NOT a common integrity goal?...; Question 67: The security of a computer application is MOST effective and...; Question 68: Another type of access control is lattice-based access contr...; Question 69: Why would a database be denormalized?...; Question 70: ICMP and IGMP belong to which layer of the OSI model?...; Question 71: Which of the following is the most important consideration i...; Question 72: Which of the following characteristics pertaining to databas...; Question 73: Which answer BEST describes a computer software attack that ...; Question 74: In this type of attack, the intruder re-routes data traffic ...; Question 75: Which of the following describes a logical form of separatio...; Question 76: Communications and network security relates to transmission ...; Question 77: 2 According to ISC , what should be the fire rating for the ...; Question 78: Which of the following establishes the minimal national stan...; Question 79: Which IPSec operational mode encrypts the entire data packet...; Question 80: While using IPsec, the ESP and AH protocols both provide int...; Question 81: Because ordinary cable introduces a toxic hazard in the even...; Question 82: Configuration Management is a requirement for the following ...; Question 83: Which of the following can best be defined as a key distribu...; Question 84: RAID Level 1 is commonly called which of the following?...; Question 85: Which of the following assertions is NOT true about pattern ...; Question 86: Which of the following tools is NOT likely to be used by a h...; Question 87: Which of the following is less likely to accompany a conting...; Question 88: A prolonged power supply that is below normal voltage is a:...; Question 89: Which type of risk assessment is the formula ALE = ARO x SLE...; Question 90: When RAID runs as part of the operating system on the file s...; Question 91: Failure of a contingency plan is usually:...; Question 92: Which of the following is NOT true of the Kerberos protocol?...; Question 93: What mechanism automatically causes an alarm originating in ...; Question 94: A server cluster looks like a:; Question 95: What is the highest amount a company should spend annually o...; Question 96: Which of the following is NOT a system-sensing wireless prox...; Question 97: What security problem is most likely to exist if an operatin...; Question 98: When should a post-mortem review meeting be held after an in...; Question 99: If an organization were to deploy only one Intrusion Detecti...; Question 100: What is the role of IKE within the IPsec protocol?...; Question 101: What is the BEST definition of SQL injection?...; Question 102: Which of the following statements pertaining to air conditio...; Question 103: What kind of encryption technology does SSL utilize?...; Question 104: Kerberos is vulnerable to replay in which of the following c...; Question 105: Which of the following could be BEST defined as the likeliho...; Question 106: The Secure Hash Algorithm (SHA-1) creates:...; Question 107: A hardware RAID implementation is usually:...; Question 108: A prolonged electrical power supply that is below normal vol...; Question 109: Which of the following risk handling technique involves the ...; Question 110: Many approaches to Knowledge Discovery in Databases (KDD) ar...; Question 111: What is considered the MOST important type of error to avoid...; Question 112: Passwords can be required to change monthly, quarterly, or a...; Question 113: Which of the following is not a form of passive attack?...; Question 114: Which of the following outlined how senior management are re...; Question 115: How often should a Business Continuity Plan be reviewed?...; Question 116: System reliability is increased by:...; Question 117: Which of the following models does NOT include data integrit...; Question 118: Which of following is NOT a service provided by AAA servers ...; Question 119: A packet containing a long string of NOP's followed by a com...; Question 120: What would BEST define risk management?...; Question 121: Unshielded Twisted Pair cabling is a:...; Question 122: At which temperature does damage start occurring to magnetic...; Question 123: The scope and focus of the Business continuity plan developm...; Question 124: What is the MOST critical piece to disaster recovery and con...; Question 125: The RSA Algorithm uses which mathematical concept as the bas...; Question 126: The Loki attack exploits a covert channel using which networ...; Question 127: A database view is the results of which of the following ope...; Question 128: What is the process that RAID Level 0 uses as it creates one...; Question 129: 2 Which of the following is the most important ISC Code of E...; Question 130: What is the essential difference between a self-audit and an...; Question 131: Which software development model is actually a meta-model th...; Question 132: Which of the following elements is NOT included in a Public ...; Question 133: Which of the following should be allowed through a firewall ...; Question 134: Which cable technology refers to the CAT3 and CAT5 categorie...; Question 135: What can be defined as a momentary low voltage?...; Question 136: Which of the following Common Data Network Services is used ...; Question 137: What is an error called that causes a system to be vulnerabl...; Question 138: Detective/Technical measures:; Question 139: All of the following can be considered essential business fu...; Question 140: In telephony different types of connections are being used. ...; Question 141: 2 The ISC Code of Ethics does not include which of the follo...; Question 142: Which of the following statements pertaining to key manageme...; Question 143: Which of the following is NOT true concerning Application Co...; Question 144: Which of the following can BEST eliminate dial-up access thr...; Question 145: Which of the following item would best help an organization ...; Question 146: In a database management system (DBMS), what is the "cardina...; Question 147: Which Orange Book evaluation level is described as "Structur...; Question 148: A central authority determines what subjects can have access...; Question 149: Which type of control is concerned with restoring controls?...; Question 150: Which one of the following is a key agreement protocol used ...; Question 151: Who should DECIDE how a company should approach security and...; Question 152: Which of the following biometrics devices has the highest Cr...; Question 153: Which of the following is an IDS that acquires data and defi...; Question 154: Which of the following computer recovery sites is the least ...; Question 155: Which of the following would be the MOST serious risk where ...; Question 156: Business Impact Analysis (BIA) is about:...; Question 157: What is NOT true about a one-way hashing function?...; Question 158: When a possible intrusion into your organization's informati...; Question 159: The owner of a system should have the confidence that the sy...; Question 160: Which of the following identifies the encryption algorithm s...; Question 161: Which of the following will a Business Impact Analysis NOT i...; Question 162: Which Orange book security rating introduces security labels...; Question 163: Which integrity model defines a constrained data item, an in...; Question 164: What category of law deals with regulatory standards that re...; Question 165: Which of the following ciphers is a subset on which the Vige...; Question 166: Which of the following places the Orange Book classification...; Question 167: Which of the following would not correspond to the number of...; Question 168: Which of the following represents the rows of the table in a...; Question 169: Which of the following enables the person responsible for co...; Question 170: This type of backup management provides a continuous on-line...; Question 171: The ideal operating humidity range is defined as 40 percent ...; Question 172: Which of the following groups represents the leading source ...; Question 173: Frame relay and X.25 networks are part of which of the follo...; Question 174: Computer-generated evidence is considered:...; Question 175: Which of the following is considered the weakest link in a s...; Question 176: In what LAN topology do all the transmissions of the network...; Question 177: In which of the following security models is the subject's c...; Question 178: This type of attack is generally most applicable to public-k...; Question 179: The criteria for evaluating the legal requirements for imple...; Question 180: How should a doorway of a manned facility with automatic loc...; Question 181: Which of the following is NOT appropriate in addressing obje...; Question 182: Who of the following is responsible for ensuring that proper...; Question 183: Which of the following answers presents the MOST significant...; Question 184: The environment that must be protected includes all personne...; Question 185: Which of the following phases of a software development life...; Question 186: Which of the following organizations PRODUCES and PUBLISHES ...; Question 187: Which of the following protocol was used by the INITIAL vers...; Question 188: Which of the following ensures that security is NOT breached...; Question 189: A confidential number used as an authentication factor to ve...; Question 190: Which of the following biometric parameters are better suite...; Question 191: What is the name of the protocol use to set up and manage Se...; Question 192: Which of the following is TRUE of two-factor authentication?...; Question 193: A DMZ is also known as a:; Question 194: Which of the following type of cryptography is used when bot...; Question 195: Which of the following usually provides reliable, real-time ...; Question 196: Which of the following is NOT a form of detective technical ...; Question 197: Which of the following Common Data Network Services is used ...; Question 198: Debbie from finance called to tell you that she downloaded a...; Question 199: What is the maximum key size for the RC5 algorithm?...; Question 200: Which of the following questions is LESS likely to help in a...; Question 201: Which type of attack is based on the probability of two diff...; Question 202: In the context of access control, locks, gates, guards are e...; Question 203: Which of the following security-focused protocols has confid...; Question 204: When an outgoing request is made on a port number greater th...; Question 205: Which of the following protocol is PRIMARILY used to provide...; Question 206: What enables users to validate each other's certificate when...; Question 207: If your property Insurance has Actual Cash Valuation (ACV) c...; Question 208: Which of the following Kerberos components holds all users' ...; Question 209: When referring to a computer crime investigation, which of t...; Question 210: The deliberate planting of apparent flaws in a system for th...; Question 211: Which of the following statements pertaining to Secure Socke...; Question 212: The "vulnerability of a facility" to damage or attack may be...; Question 213: Which of the following is NOT an example of preventive contr...; Question 214: Prior to a live disaster test also called a Full Interruptio...; Question 215: Controlling access to information systems and associated net...; Question 216: Complete the blanks. When using PKI, I digitally sign a mess...; Question 217: Which must bear the primary responsibility for determining t...; Question 218: What is the 802.11 standard related to?...; Question 219: The US department of Health, Education and Welfare developed...; Question 220: Under what conditions would the use of a Class C fire exting...; Question 221: Which fire class can water be most appropriate for?...; Question 222: One purpose of a security awareness program is to modify:...; Question 223: Which of the following is an advantage of prototyping?...; Question 224: Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP)...; Question 225: Making sure that only those who are supposed to access the d...; Question 226: Of the following, which multiple access method for computer ...; Question 227: What is the proper term to refer to a single unit of IP data...; Question 228: An Ethernet address is composed of how many bits?...; Question 229: What is the main problem of the renewal of a root CA certifi...; Question 230: In the physical security context, a security door equipped w...; Question 231: Which of the following is not an EPA-approved replacement fo...; Question 232: Which of the following was NOT designed to be a proprietary ...; Question 233: It is a violation of the "separation of duties" principle wh...; Question 234: Ding Ltd. is a firm specialized in intellectual property bus...; Question 235: Which of the following is a NOT a guideline necessary to enh...; Question 236: What would be the Annualized Rate of Occurrence (ARO) of the...; Question 237: An intranet provides more security and control than which of...; Question 238: Under the Business Exemption Rule to the hearsay evidence, w...; Question 239: Frame relay uses a public switched network to provide:...; Question 240: Which of the following logical access exposures involvers ch...; Question 241: Which of the following does not address Database Management ...; Question 242: Which of the following choices is NOT normally part of the q...; Question 243: Keeping in mind that these are objectives that are provided ...; Question 244: Which of the following ensures that a TCB is designed, devel...; Question 245: Degaussing is used to clear data from all of the following m...; Question 246: Which backup method usually resets the archive bit on the fi...; Question 247: Which of the following is NOT a disadvantage of Single Sign ...; Question 248: What refers to legitimate users accessing networked services...; Question 249: Which of the following is NOT a type of motion detector?...; Question 250: Which of the following classes is the first level (lower) de...; Question 251: The first step in the implementation of the contingency plan...; Question 252: Which of the following is NOT an example of corrective contr...; Question 253: How do you distinguish between a bridge and a router?...; Question 254: Which of the following represents the columns of the table i...; Question 255: The National Institute of Standards and Technology (NIST) st...; Question 256: Which of the following DoD Model layer provides non-repudiat...; Question 257: At which of the Orange Book evaluation levels is configurati...; Question 258: Which of the following should be emphasized during the Busin...; Question 259: Valuable paper insurance coverage does cover damage to which...; Question 260: A Differential backup process:; Question 261: What is a password called that is the same for each log-on s...; Question 262: In biometric identification systems, the parts of the body c...; Question 263: Which of the following media is MOST resistant to EMI interf...; Question 264: Which of the following is NOT a true statement regarding the...; Question 265: Which type of algorithm is considered to have the highest st...; Question 266: Which of the following is NOT a characteristic or shortcomin...; Question 267: What mechanism does a system use to compare the security lab...; Question 268: What principle focuses on the uniqueness of separate objects...; Question 269: Which type of password provides maximum security because a n...; Question 270: The Diffie-Hellman algorithm is used for:...; Question 271: What is one disadvantage of content-dependent protection of ...; Question 272: Which category of law is also referenced as a Tort law?...; Question 273: The copyright law ("original works of authorship") protects ...; Question 274: A server farm consisting of multiple similar servers seen as...; Question 275: What is Kerberos?; Question 276: In the UTP category rating, the tighter the wind:...; Question 277: What is the most correct choice below when talking about the...; Question 278: Which of the following control helps to identify an incident...; Question 279: Which of the following is a tool often used to reduce the ri...; Question 280: Which Orange book security rating introduces the object reus...; Question 281: An Architecture where there are more than two execution doma...; Question 282: Which of the following server contingency solutions offers t...; Question 283: What algorithm was DES derived from?...; Question 284: According to the Orange Book, which security level is the fi...; Question 285: The viewing of recorded events after the fact using a closed...; Question 286: Which of the following is a transaction redundancy implement...; Question 287: Which of the following is BEST at defeating frequency analys...; Question 288: If an organization were to monitor their employees' e-mail, ...; Question 289: Which of the following can best be defined as a cryptanalysi...; Question 290: Which of the following would provide the BEST stress testing...; Question 291: Which of the following is used to interrupt the opportunity ...; Question 292: Which of the following statements pertaining to a Criticalit...; Question 293: Which of the following European Union (EU) principles pertai...; Question 294: Related to information security, availability is the opposit...; Question 295: Which type of control is concerned with avoiding occurrences...; Question 296: Which of the following tasks is NOT usually part of a Busine...; Question 297: Which of the following can prevent hijacking of a web sessio...; Question 298: There are basic goals of Cryptography. Which of the followin...; Question 299: Which of the following can best be defined as a key recovery...; Question 300: Which of the following is NOT part of user provisioning?...; Question 301: The most prevalent cause of computer center fires is which o...; Question 302: An access system that grants users only those rights necessa...; Question 303: Which of the following statements do apply to a hot site?...; Question 304: At what Orange Book evaluation levels are design specificati...; Question 305: Which of the following offers security to wireless communica...; Question 306: What does the Clark-Wilson security model focus on?...; Question 307: Which of the following computer crime is MORE often associat...; Question 308: Which of the following asymmetric encryption algorithms is b...; Question 309: Which of the following is currently the most recommended wat...; Question 310: Which approach to a security program ensures people responsi...; Question 311: You are a security consultant who is required to perform pen...; Question 312: Which Orange book security rating is the FIRST to be concern...; Question 313: Which of the following statements pertaining to software tes...; Question 314: How many bits is the effective length of the key of the Data...; Question 315: Which of the following is not a method to protect objects an...; Question 316: Which of the following is based on the premise that the qual...; Question 317: Examine the following characteristics and identify which ans...; Question 318: What is a sequence of characters that is usually longer than...; Question 319: Which access control model was proposed for enforcing access...; Question 320: Within the OSI model, at what layer are some of the SLIP, CS...; Question 321: Which xDSL flavor, appropriate for home or small offices, de...; Question 322: What is the PRIMARY goal of incident handling?...; Question 323: How should a risk be handled when the cost of the countermea...; Question 324: Kerberos can prevent which one of the following attacks?...; Question 325: Which of the following is NOT a precaution you can take to r...; Question 326: Which of the following answers BEST indicates the most impor...; Question 327: During an IS audit, one of your auditors has observed that s...; Question 328: What is the main focus of the Bell-LaPadula security model?...; Question 329: The Logical Link Control sub-layer is a part of which of the...; Question 330: Which of the following items is a benefit of cold sites?...; Question 331: In addition to the Legal Department, with what company funct...; Question 332: Which one of the following is NOT a check for Input or Infor...; Question 333: What is NOT included in a data dictionary?...; Question 334: Which of the following best describes signature-based detect...; Question 335: What Cloud Deployment model consist of a cloud infrastructur...; Question 336: Which of the following protection devices is used for spot p...; Question 337: Devices that supply power when the commercial utility power ...; Question 338: Which of the following phases of a system development life-c...; Question 339: Which of the following is NOT a critical security aspect of ...; Question 340: What is used to bind a document to its creation at a particu...; Question 341: You are part of a security staff at a highly profitable bank...; Question 342: Which of the following statements pertaining to packet filte...; Question 343: Risk reduction in a system development life-cycle should be ...; Question 344: Which one of the following authentication mechanisms creates...; Question 345: Which of the following algorithms is a stream cipher?...; Question 346: Which of the following is NOT an example of an asymmetric ke...; Question 347: What is the maximum length of cable that can be used for a t...; Question 348: Which of the following is an issue with signature-based intr...; Question 349: Which one of the following is used to provide authentication...; Question 350: What is an IP routing table?; Question 351: Technical controls such as encryption and access control can...; Question 352: An access control policy for a bank teller is an example of ...; Question 353: For which areas of the enterprise are business continuity pl...; Question 354: Which of the following is NOT a part of a risk analysis?...; Question 355: Why would anomaly detection IDSs often generate a large numb...; Question 356: Which of the following results in the most devastating busin...; Question 357: Which of the following describes a technique in which a numb...; Question 358: Which security model uses division of operations into differ...; Question 359: Which of the following countermeasures would be the most app...; Question 360: Single Sign-on (SSO) is characterized by which of the follow...; Question 361: Which of the following is one of the oldest and most common ...; Question 362: In a dry pipe system, there is no water standing in the pipe...; Question 363: Making sure that the data is accessible when and where it is...; Question 364: What protocol is used on the Local Area Network (LAN) to obt...; Question 365: Another name for a VPN is a:; Question 366: What is the primary role of cross certification?...; Question 367: What is RAD?; Question 368: Which of the following should be used as a replacement for T...; Question 369: Which backup method is additive because the time and tape sp...; Question 370: What is a trusted shell?; Question 371: Which of the following is the most complete disaster recover...; Question 372: Related to information security, the prevention of the inten...; Question 373: Which of the following is an extension to Network Address Tr...; Question 374: Which of the following questions is LESS likely to help in a...; Question 375: What can be defined as an abstract machine that mediates all...; Question 376: Which of the following would be used to implement Mandatory ...; Question 377: Which of the following is a large hardware/software backup s...; Question 378: Which of the following can best define the "revocation reque...; Question 379: In the Open Systems Interconnect (OSI) Reference Model, at w...; Question 380: In SSL/TLS protocol, what kind of authentication is supporte...; Question 381: Which of the following concerning the Rijndael block cipher ...; Question 382: Organizations should not view disaster recovery as which of ...; Question 383: Which International Organization for Standardization standar...; Question 384: Which of the following type of traffic can easily be filtere...; Question 385: What is it called when a computer uses more than one CPU in ...; Question 386: Which of the following are the two commonly defined types of...; Question 387: During a test of a disaster recovery plan the IT systems are...; Question 388: Which of the following protocols is designed to send individ...; Question 389: Which of the following is NOT defined in the Internet Archit...; Question 390: What is the framing specification used for transmitting digi...; Question 391: Which ISO/OSI layer establishes the communications link betw...; Question 392: When planning for disaster recovery it is important to know ...; Question 393: An application layer firewall is also called a:...; Question 394: The BEST technique to authenticate to a system is to:...; Question 395: SMTP can best be described as:; Question 396: The equation used to calculate the total number of symmetric...; Question 397: What is the main issue with media reuse?...; Question 398: Which of the following items is NOT primarily used to ensure...; Question 399: A system file that has been patched numerous times becomes i...; Question 400: Legacy single sign on (SSO) is:...; Question 401: Which of the following backup methods is most appropriate fo...; Question 402: Which of the following was developed by the National Compute...; Question 403: Java follows which security model:...; Question 404: CobiT was developed from the COSO framework. Which of the ch...; Question 405: Which of the following can be defined as the process of reru...; Question 406: What does the * (star) integrity axiom mean in the Biba mode...; Question 407: Which of the following is NOT an advantage that TACACS+ has ...; Question 408: How many rounds are used by DES?...; Question 409: Which layer of the TCP/IP protocol model defines the IP data...; Question 410: Which of the following can be defined as a framework that su...; Question 411: What is the RESULT of a hash algorithm being applied to a me...; Question 412: Which of the following is NOT a preventive operational contr...; Question 413: Which authentication technique BEST protects against hijacki...; Question 414: In regards to information classification what is the main re...; Question 415: A momentary power outage is a:; Question 416: Which virus category has the capability of changing its own ...; Question 417: Which of the following is used to create parity information?...; Question 418: Which of the following statements pertaining to secure infor...; Question 419: You work in a police department forensics lab where you exam...; Question 420: Which of the following are additional terms used to describe...; Question 421: The steps of an access control model should follow which log...; Question 422: Which of the following was developed to address some of the ...; Question 423: Which access control model would a lattice-based access cont...; Question 424: What is the PRIMARY use of a password?...; Question 425: The older coaxial cable has been widely replaced with twiste...; Question 426: Of the various types of "Hackers" that exist, the ones who a...; Question 427: Which of the following specifically addresses cyber-attacks ...; Question 428: A host-based IDS is resident on which of the following?...; Question 429: Referential Integrity requires that for any foreign key attr...; Question 430: Due care is not related to:; Question 431: Which of the following floors would be MOST appropriate to l...; Question 432: Which of the following does NOT concern itself with key mana...; Question 433: Which of the following is NOT a correct notation for an IPv6...; Question 434: The Orange Book states that "Hardware and software features ...; Question 435: Which of the following security controls might force an oper...; Question 436: What is the PRIMARY reason to maintain the chain of custody ...; Question 437: Which of the following is an important part of database desi...; Question 438: What do the ILOVEYOU and Melissa virus attacks have in commo...; Question 439: What is Dumpster Diving?; Question 440: A network-based vulnerability assessment is a type of test a...; Question 441: This is a common security issue that is extremely hard to co...; Question 442: The Data Encryption Algorithm performs how many rounds of su...; Question 443: Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI st...; Question 444: Which of the following control is intended to discourage a p...; Question 445: What are user interfaces that limit the functions that can b...; Question 446: Which of the following is an Internet IPsec protocol to nego...; Question 447: Which of the following was designed as a more fault-tolerant...; Question 448: A contingency plan should address:...; Question 449: Which of the following would best describe secondary evidenc...; Question 450: How would nonrepudiation be BEST classified as?...; Question 451: Which of the following NAT firewall translation modes offers...; Question 452: What does "System Integrity" mean?...; Question 453: A 'Pseudo flaw' is which of the following?...; Question 454: What is the difference between Advisory and Regulatory secur...; Question 455: To control access by a subject (an active entity such as ind...; Question 456: In a security context what are database views used for?...; Question 457: A packet filtering firewall looks at the data packet to get ...; Question 458: One of the following statements about the differences betwee...; Question 459: Which of the following BEST describes an exploit?...; Question 460: Which of the following is not a property of the Rijndael blo...; Question 461: Under United States law, an investigator's notebook may be u...; Question 462: Which of the following services is provided by S-RPC?...; Question 463: Controls like guards and general steps to maintain building ...; Question 464: If your property Insurance has Replacement Cost Valuation (R...; Question 465: Which of the following is LESS likely to be used today in cr...; Question 466: There is no way to completely abolish or avoid risks, you ca...; Question 467: What kind of encryption is realized in the S/MIME-standard?...; Question 468: Which of the following cloud computing service model is a pr...; Question 469: Which of the following is often the GREATEST challenge of di...; Question 470: What security model is dependent on security labels?...; Question 471: Which of the following statements pertaining to disaster rec...; Question 472: Which of the following should NOT be performed by an operato...; Question 473: What is the primary difference between FTP and TFTP?...; Question 474: The typical computer fraudsters are usually persons with whi...; Question 475: Which of the following is an advantage of a qualitative over...; Question 476: Which of the following is related to physical security and i...; Question 477: What type of key would you find within a browser's list of t...; Question 478: Which of the following control pairings include: organizatio...; Question 479: In an SSL session between a client and a server, who is resp...; Question 480: Readable is to unreadable just as plain text is to:...; Question 481: At what stage of the applications development process should...; Question 482: Which of the following provides enterprise management with a...; Question 483: Which term BEST describes a practice used to detect fraud fo...; Question 484: Controls are implemented to:; Question 485: For competitive reasons, the customers of a large shipping c...; Question 486: Common Criteria has assurance level from EAL 1 to EAL 7 rega...; Question 487: A business continuity plan should list and prioritize the se...; Question 488: Asynchronous Communication transfers data by sending:...; Question 489: Which of the following is the marriage of object-oriented an...; Question 490: Which of the following is NOT a Generally Accepted System Se...; Question 491: Which of the following is NOT an asymmetric key algorithm?...; Question 492: At which OSI/ISO layer is an encrypted authentication betwee...; Question 493: Which of the following access control techniques BEST gives ...; Question 494: Which type of fire extinguisher is MOST appropriate for a di...; Question 495: Which of the following statements do not apply to a hot site...; Question 496: Which of the following is an advantage of proxies?...; Question 497: Which of the following encryption methods is known to be unb...; Question 498: Which of the following statements relating to the Biba secur...; Question 499: Which of the following is an advantage of using a high-level...; Question 500: A one-way hash provides which of the following?...; Question 501: Which of the following is a class A fire?...; Question 502: Which of the following would be the BEST criterion to consid...; Question 503: When two or more separate entities (usually persons) operati...; Question 504: Which of the following packets should NOT be dropped at a fi...; Question 505: Crackers today are MOST often motivated by their desire to:...; Question 506: What is defined as the hardware, firmware and software eleme...; Question 507: Which of the following is used in database information secur...; Question 508: A message can be encrypted and digitally signed, which provi...; Question 509: Which of the following statements pertaining to software tes...; Question 510: Which type of encryption is considered to be unbreakable if ...; Question 511: What is NOT an authentication method within IKE and IPsec?...; Question 512: The ISO/IEC 27001:2005 is a standard for:...; Question 513: What is called the act of a user professing an identity to a...; Question 514: Identity Management solutions include such technologies as D...; Question 515: Which of the following should NOT normally be allowed throug...; Question 516: What is the percentage of valid subjects that are falsely re...; Question 517: Which of the following components are considered part of the...; Question 518: Which of the following is a class C fire?...; Question 519: Which of the following is TRUE about link encryption?...; Question 520: What is the BEST answer pertaining to the difference between...; Question 521: Which of the following should be performed by an operator?...; Question 522: Which of the following is BEST practice to employ in order t...; Question 523: The Internet Architecture Board (IAB) characterizes which of...; Question 524: Which of the following is NOT a technical control?...; Question 525: What is NOT true with pre shared key authentication within I...; Question 526: Which of the following classes is defined in the TCSEC (Oran...; Question 527: Ensuring least privilege does NOT require:...; Question 528: Which of the following methods of providing telecommunicatio...; Question 529: Under what conditions would the use of a "Class C" hand-held...; Question 530: Which of the following statements pertaining to biometrics i...; Question 531: What is the MOST important step in business continuity plann...; Question 532: Knowledge-based Intrusion Detection Systems (IDS) are more c...; Question 533: Which of the following BEST defines add-on security?...; Question 534: Which of the following protocols that provide integrity and ...; Question 535: You are a criminal hacker and have infiltrated a corporate n...; Question 536: Which of the following statements pertaining to VPN protocol...; Question 537: To be admissible in court, computer evidence must be which o...; Question 538: A business continuity plan is an example of which of the fol...; Question 539: Why is infrared generally considered to be more secure to ea...; Question 540: Which RAID level concept is considered more expensive and is...; Question 541: How can an individual/person BEST be identified or authentic...; Question 542: Which of the following questions is less likely to help in a...; Question 543: Which of the following protocols would BEST mitigate threats...; Question 544: Which of the following would be LESS likely to prevent an em...; Question 545: A potential problem related to the physical installation of ...; Question 546: Which of the following backup sites is the most effective fo...; Question 547: Like the Kerberos protocol, SESAME is also subject to which ...; Question 548: Which of the following BEST explains why computerized inform...; Question 549: Why do buffer overflows happen? What is the main cause?...; Question 550: Which of the following is TRUE about digital certificate?...; Question 551: Which of the following statements pertaining to using Kerber...; Question 552: In Operations Security trusted paths provide:...; Question 553: Which of the following reviews system and event logs to dete...; Question 554: Which service usually runs on port 25?...; Question 555: During the salvage of the Local Area Network and Servers, wh...; Question 556: With regard to databases, which of the following has charact...; Question 557: Which of the following translates source code one command at...; Question 558: What is called an attack in which an attacker floods a syste...; Question 559: In biometric identification systems, at the beginning, it wa...; Question 560: In what way could Java applets pose a security threat?...; Question 561: Which access control model is also called Non-Discretionary ...; Question 562: Which of the following is responsible for MOST of the securi...; Question 563: Which of the following is the most costly countermeasure to ...; Question 564: Address Resolution Protocol (ARP) interrogates the network b...; Question 565: Which of the following monitors network traffic in real time...; Question 566: What is the MOST critical characteristic of a biometric iden...; Question 567: Which BEST describes a tool (i.e. keyfob, calculator, memory...; Question 568: Which of the following would best describe the difference be...; Question 569: Operations Security seeks to PRIMARILY protect against which...; Question 570: Which of the following is the MOST secure form of triple-DES...; Question 571: Kerberos depends upon what encryption method?...; Question 572: Which of the following describes the major disadvantage of m...; Question 573: Why would a memory dump be admissible as evidence in court?...; Question 574: Which of the following was developed as a simple mechanism f...; Question 575: Which of the following cloud deployment model operates solel...; Question 576: Which of the following is an advantage in using a bottom-up ...; Question 577: Which of the following can be defined as a unique identifier...; Question 578: What level of assurance for a digital certificate verifies a...; Question 579: Which of the following is often implemented by a one-for-one...; Question 580: Which of the following is the preferred way to suppress an e...; Question 581: Covert Channel Analysis is FIRST introduced at what level of...; Question 582: Which of the following is most relevant to determining the m...; Question 583: The Orange Book requires auditing mechanisms for any systems...; Question 584: Which of the following cloud computing service model provide...; Question 585: Which of the following would BEST describe a Concealment cip...; Question 586: Which of the following is a method of multiplexing data wher...; Question 587: Which of the following is true of biometrics?...; Question 588: In a hierarchical PKI the highest CA is regularly called Roo...; Question 589: Which of the following cloud deployment model can be shared ...; Question 590: Of the following, which is a specific loss criteria that sho...; Question 591: Which of the following is TRUE about Kerberos?...; Question 592: In the statement below, fill in the blank: Law enforcement a...; Question 593: Which of the following is the most critical item from a disa...; Question 594: Which of the following recovery plan test results would be m...; Question 595: Which model, based on the premise that the quality of a soft...; Question 596: Which of the following can be defined as THE unique attribut...; Question 597: Which of the following statements pertaining to fire suppres...; Question 598: Authentication Headers (AH) and Encapsulating Security Paylo...; Question 599: The exact requirements for the admissibility of evidence var...; Question 600: The Computer Security Policy Model the Orange Book is based ...; Question 601: Which of the following is the SIMPLEST type of firewall?...; Question 602: Which of the following would describe a type of biometric er...; Question 603: Which of the following protects Kerberos against replay atta...; Question 604: The object-relational and object-oriented models are better ...; Question 605: Making sure that the data has not been changed unintentional...; Question 606: Which of the following is needed for System Accountability?...; Question 607: Which of the following category of UTP cables is specified t...; Question 608: Which of the following is NOT a responsibility of an informa...; Question 609: What attack involves the perpetrator sending spoofed packet(...; Question 610: According to private sector data classification levels, how ...; Question 611: Which of the following statements pertaining to firewalls NO...; Question 612: Which of the following provides coordinated procedures for m...; Question 613: Communications devices must operate:...; Question 614: Which of the following is not a DES mode of operation?...; Question 615: Which of the following is used to create and modify the stru...; Question 616: In which of the following models are Subjects and Objects id...; Question 617: For maximum security design, what type of fence is most effe...; Question 618: Which of the following is NOT a way to secure a wireless net...; Question 619: Which of the following Orange Book ratings represents the hi...; Question 620: What is the most effective means of determining that control...; Question 621: How often should tests and disaster recovery drills be perfo...; Question 622: You wish to make use of "port knocking" technologies. How ca...; Question 623: Risk mitigation and risk reduction controls for providing in...; Question 624: Which of the following is immune to the effects of electroma...; Question 625: Which of the following would BEST be defined as an absence o...; Question 626: In order to enable users to perform tasks and duties without...; Question 627: When first analyzing an intrusion that has just been detecte...; Question 628: Which of the following technologies is a target of XSS or CS...; Question 629: Who should measure the effectiveness of Information System s...; Question 630: Which of the following devices enables more than one signal ...; Question 631: The ideal operating humidity range is defined as 40 percent ...; Question 632: 2 Regarding codes of ethics covered within the ISC CBK, with...; Question 633: What physical characteristic does a retinal scan biometric d...; Question 634: Which of the following steps is NOT one of the eight detaile...; Question 635: What is the Maximum Tolerable Downtime (MTD)?...; Question 636: What Orange Book security rating is reserved for systems tha...; Question 637: Which of the following statements pertaining to block cipher...; Question 638: Which of the following answers is directly related to provid...; Question 639: Data which is properly secured and can be described with ter...; Question 640: Which of the following refers to the data left on the media ...; Question 641: Crime Prevention Through Environmental Design (CPTED) is a d...; Question 642: What does "residual risk" mean?...; Question 643: What is the name for a substitution cipher that shifts the a...; Question 644: How is Annualized Loss Expectancy (ALE) derived from a threa...; Question 645: Which of the following virus types changes some of its chara...; Question 646: Which of the following is NOT a specific loss criteria that ...; Question 647: During which phase of an IT system life cycle are security r...; Question 648: What is defined as inference of information from other, inte...; Question 649: What is the main concern with single sign-on?...; Question 650: As per the Orange Book, what are two types of system assuran...; Question 651: You are an information systems security officer at a mid-siz...; Question 652: PGP uses which of the following to encrypt data?...; Question 653: All hosts on an IP network have a logical ID called a(n):...; Question 654: What can best be defined as high-level statements, beliefs, ...; Question 655: Cryptography does NOT concern itself with which of the follo...; Question 656: When a station communicates on the network for the first tim...; Question 657: Regarding risk reduction, which of the following answers is ...; Question 658: What is called an event or activity that has the potential t...; Question 659: Which of the following are placeholders for literal values i...; Question 660: Who should direct short-term recovery actions immediately fo...; Question 661: What would you call the process that takes advantages of the...; Question 662: Which of the following is NOT an example of a detective cont...; Question 663: Electrical systems are the lifeblood of computer operations....; Question 664: Which of the following fire extinguishing systems incorporat...; Question 665: Which of the following tools is less likely to be used by a ...; Question 666: Which of the following access control models requires defini...; Question 667: Tim is a network administrator of Acme Inc. He is responsibl...; Question 668: In terms or Risk Analysis and dealing with risk, which of th...; Question 669: Which type of attack involves hijacking a session between a ...; Question 670: Of the seven types of Access Control Categories, which is de...; Question 671: Computer security should be first and foremost which of the ...; Question 672: During an IS audit, auditor has observed that authentication...; Question 673: A copy of evidence or oral description of its contents; whic...; Question 674: In a known plaintext attack, the cryptanalyst has knowledge ...; Question 675: Which of the following defines when RAID separates the data ...; Question 676: Fault tolerance countermeasures are designed to combat threa...; Question 677: This OSI layer has a service that negotiates transfer syntax...; Question 678: Sam is the security Manager of a financial institute. Senior...; Question 679: Which of the following answers is the BEST example of Risk T...; Question 680: Which of the following is NOT a known type of Message Authen...; Question 681: A prolonged high voltage is a:; Question 682: Which of the following exemplifies proper separation of duti...; Question 683: A public key algorithm that does both encryption and digital...; Question 684: Which of the following statements relating to the Bell-LaPad...; Question 685: In regards to the query function of relational database oper...; Question 686: Which RAID implementation is commonly called mirroring?...; Question 687: Which of the following IEEE standards defines the token ring...; Question 688: Which of the following steps should be one of the FIRST step...; Question 689: Which of the following is a fraud detection method whereby e...; Question 690: Within the context of the CBK, which of the following provid...; Question 691: Which of the following would best describe certificate path ...; Question 692: What allows a relation to contain multiple rows with a same ...; Question 693: The Orange Book is founded upon which security policy model?...; Question 694: Which of the following attack includes social engineering, l...; Question 695: Which of the following is BEST provided by symmetric cryptog...; Question 696: Related to information security, the guarantee that the mess...; Question 697: Which of the following is defined as an Internet, IPsec, key...; Question 698: To be in compliance with the Montreal Protocol, which of the...; Question 699: Which of the following is a true statement pertaining to mem...; Question 700: Which of the following can be used as a covert channel?...; Question 701: Which of the following RAID levels is not used in practice a...; Question 702: In the Bell-LaPadula model, the *-property (Star-property) i...; Question 703: Critical areas should be lighted:...; Question 704: The IP header contains a protocol field. If this field conta...; Question 705: Which of the following is best defined as an administrative ...; Question 706: A persistent collection of interrelated data items can be de...; Question 707: At which OSI layer does SSL reside in?...; Question 708: When attempting to establish liability, which of the followi...; Question 709: Which layer of the TCP/IP protocol stack corresponds to the ...; Question 710: When we encrypt or decrypt data there is a basic operation i...; Question 711: Which of the following is defined as a key establishment pro...; Question 712: What is the percentage of invalid subjects that are falsely ...; Question 713: Which of the following is a reasonable response from the Int...; Question 714: A weakness or lack of a safeguard, which may be exploited by...; Question 715: Which of the following is a problem regarding computer inves...; Question 716: The MAIN issue with Level 1 of RAID is which of the followin...; Question 717: Which of the following would constitute the BEST example of ...; Question 718: At which of the basic phases of the System Development Life ...; Question 719: Which of the following protocols offers native encryption?...; Question 720: Memory management in TCSEC levels B3 and A1 operating system...; Question 721: What does it mean to say that sensitivity labels are "incomp...; Question 722: Which of the following is NOT a characteristic of a host-bas...; Question 723: Which of the following can be defined as the set of allowabl...; Question 724: Which one of the following is usually not a benefit resultin...; Question 725: Which of the following is electromagnetic interference (EMI)...; Question 726: Which of the following rules pertaining to a Business Contin...; Question 727: What uses a key of the same length as the message where each...; Question 728: Which of the following is NOT a valid reason to use external...; Question 729: The standard server port number for HTTP is which of the fol...; Question 730: Which type of attack involves the altering of a systems Addr...; Question 731: Which of the following embodies all the detailed actions tha...; Question 732: What setup should an administrator use for regularly testing...; Question 733: Which division of the Orange Book deals with discretionary p...; Question 734: What can be BEST defined as the examination of threat source...; Question 735: What is a limitation of TCP Wrappers?...; Question 736: The Reference Validation Mechanism that ensures the authoriz...; Question 737: Application Layer Firewalls operate at the:...; Question 738: Which of the following statements pertaining to PPTP (Point-...; Question 739: Which property ensures that only the intended recipient can ...; Question 740: Which of the following is more suitable for a hardware imple...; Question 741: Which of the following represents the best programming?...; Question 742: One drawback of Application Level Firewall is that it reduce...; Question 743: Which of the following controls related to physical security...; Question 744: A group of independent servers, which are managed as a singl...; Question 745: Secure Sockets Layer (SSL) is very heavily used for protecti...; Question 746: The basic language of modems and dial-up remote access syste...; Question 747: With SQL Relational databases where is the actual data store...; Question 748: Which security model introduces access to objects only throu...; Question 749: Which of the following protocols does not operate at the dat...; Question 750: Which of the following is NOT a property of a one-way hash f...; Question 751: Which of the following is NOT a security characteristic we n...; Question 752: Which of the following is an IP address that is private (i.e...; Question 753: Within the realm of IT security, which of the following comb...; Question 754: Which disaster recovery plan test involves functional repres...; Question 755: Which of the following is NOT a common weakness of packet fi...; Question 756: Pin, Password, Passphrases, Tokens, smart cards, and biometr...; Question 757: In which mode of DES, will a block of plaintext and a key al...; Question 758: An electrical device (AC or DC) which can generate coercive ...; Question 759: What is the effective key size of DES?...; Question 760: Which of the following can be best defined as computing tech...; Question 761: Layer 2 of the OSI model has two sublayers. What are those s...; Question 762: Which of the following backup methods makes a complete backu...; Question 763: Which of the following is TRUE related to network sniffing?...; Question 764: Which of the following categories of hackers poses the great...; Question 765: Which of the following backup methods is primarily run when ...; Question 766: Which of the following biometrics methods provides the HIGHE...; Question 767: Which of the following attack is also known as Time of Check...; Question 768: The DES algorithm is an example of what type of cryptography...; Question 769: Several analysis methods can be employed by an IDS, each wit...; Question 770: Looking at the choices below, which ones would be the most s...; Question 771: What is used to protect programs from all unauthorized modif...; Question 772: Which of the following was the FIRST mathematical model of a...; Question 773: Suppose you are a domain administrator and are choosing an e...; Question 774: Business Continuity Planning (BCP) is not defined as a prepa...; Question 775: What can be defined as secret communications where the very ...; Question 776: Which of the following is the act of performing tests and ev...; Question 777: Which of the following statements pertaining to RAID technol...; Question 778: Controls provide accountability for individuals who are acce...; Question 779: In access control terms, the word "dominate" refers to which...; Question 780: What is the main purpose of Corporate Security Policy?...; Question 781: RAID levels 3 and 5 run:; Question 782: Which of the following are additional access control objecti...; Question 783: According to Requirement 3 of the Payment Card Industry's Da...; Question 784: Phreakers are hackers who specialize in telephone fraud. Wha...; Question 785: In which of the following cloud computing service model are ...; Question 786: What is the appropriate role of the security analyst in the ...; Question 787: Which RAID implementation stripes data and parity at block l...; Question 788: Which of the following addresses a portion of the primary me...; Question 789: Which of the following is a CHARACTERISTIC of a decision sup...; Question 790: Which of the following was developed in order to protect aga...; Question 791: The type of discretionary access control (DAC) that is based...; Question 792: What is the Biba security model concerned with?...; Question 793: An employee ensures all cables are shielded, builds concrete...; Question 794: The computations involved in selecting keys and in encipheri...; Question 795: Where in a PKI infrastructure is a list of revoked certifica...; Question 796: Which access control model achieves data integrity through w...; Question 797: Which of the following statements pertaining to IPSec NOT tr...; Question 798: What is a security policy?; Question 799: How many bits is the address space reserved for the source I...; Question 800: Which access control model enables the OWNER of the resource...; Question 801: Risk analysis is MOST useful when applied during which phase...; Question 802: In what way can violation of clipping levels assist in viola...; Question 803: Which of the following Common Data Network Services is used ...; Question 804: Which of the following Confidentiality, Integrity, Availabil...; Question 805: Which of the following statements pertaining to disaster rec...; Question 806: Ensuring that printed reports reach proper users and that re...; Question 807: Which of the following is BEST defined as a physical control...; Question 808: Which of the following division is defined in the TCSEC (Ora...; Question 809: Why does fiber optic communication technology have significa...; Question 810: Which of the following are the steps usually followed in the...; Question 811: The number of violations that will be accepted or forgiven b...; Question 812: Which of the following BEST ensures accountability of users ...; Question 813: An incremental backup process; Question 814: You have been approached by one of your clients. They are in...; Question 815: Which common backup method is the fastest on a daily basis?...; Question 816: Researchers have recently developed a tool that imitates a 1...; Question 817: In the context of Biometric authentication, there is a quick...; Question 818: Which of the following is not a physical control for physica...; Question 819: In which LAN transmission method is a source packet copied a...; Question 820: An area of the Telecommunications and Network Security domai...; Question 821: Access control is the collection of mechanisms that permits ...; Question 822: Which of the following is a set of data processing elements ...; Question 823: What are cognitive passwords?; Question 824: What is used to hide data from unauthorized users by allowin...; Question 825: Which type of password token involves time synchronization?...; Question 826: When you update records in multiple locations or you make a ...; Question 827: Which answer BEST describes information access permissions w...; Question 828: What is the minimum static charge able to cause disk drive d...; Question 829: The primary purpose for using one-way hashing of user passwo...; Question 830: What would you call a network security control deployed in l...; Question 831: Which of the following statements regarding trade secrets is...; Question 832: A deviation from an organization-wide security policy requir...; Question 833: In the CIA triad, what does the letter A stand for?...; Question 834: The Physical Security domain focuses on three areas that are...; Question 835: Which of the following is best defined as a circumstance in ...; Question 836: Which of the following statements pertaining to the trusted ...; Question 837: Which of the following is NOT a preventive login control?...; Question 838: Attributable data should be:; Question 839: In which layer of the OSI Model are connection-oriented prot...; Question 840: What size is an MD5 message digest (hash)?...; Question 841: Which of the following offers advantages such as the ability...; Question 842: In non-discretionary access control using Role Based Access ...; Question 843: Pervasive Computing and Mobile Computing Devices have to sac...; Question 844: During the initial stage of configuration of your firewall, ...; Question 845: Which of the following plan provides procedures for sustaini...; Question 846: Which of the following algorithms does NOT provide hashing?...; Question 847: Access Control techniques do NOT include which of the follow...; Question 848: What ensures that the control mechanisms correctly implement...; Question 849: In the course of responding to and handling an incident, you...; Question 850: What kind of certificate is used to validate a user identity...; Question 851: Which conceptual approach to intrusion detection system is t...; Question 852: Which of the following terms can be described as the process...; Question 853: Which of the following statements pertaining to message dige...; Question 854: Which of the following access control models is based on sen...; Question 855: John is the product manager for an information system. His p...; Question 856: Which one of these statements about the key elements of a go...; Question 857: Which of the following is NOT true about IPSec Tunnel mode?...; Question 858: What does the simple security (ss) property mean in the Bell...; Question 859: Which of the following is NOT an example of a block cipher?...; Question 860: The control of communications test equipment should be clear...; Question 861: A Business Continuity Plan should be tested:...; Question 862: What is the name of a one way transformation of a string of ...; Question 863: The controls that usually require a human to evaluate the in...; Question 864: One of the following assertions is NOT a characteristic of I...; Question 865: Which of the following is a proximity identification device ...; Question 866: Which of the following is the correct set of assurance requi...; Question 867: MOST access violations are:; Question 868: The US-EU Safe Harbor process has been created to address wh...; Question 869: What is the length of an MD5 message digest?...; Question 870: In the days before CIDR (Classless Internet Domain Routing),...; Question 871: The control measures that are intended to reveal the violati...; Question 872: A site that is owned by the company and mirrors the original...; Question 873: Which of the following method is recommended by security pro...; Question 874: A DMZ is located:; Question 875: What can be defined as: It confirms that users' needs have b...; Question 876: Rule-Based Access Control (RuBAC) access is determined by ru...; Question 877: At which layer of ISO/OSI does the fiber optics work?...; Question 878: Which of the following statements pertaining to quantitative...; Question 879: Which security model uses an access control triple and also ...; Question 880: Out of the steps listed below, which one is not one of the s...; Question 881: Which of the following activities would not be included in t...; Question 882: Which of the following is the lowest TCSEC class wherein the...; Question 883: Which of the following pairings uses technology to enforce a...; Question 884: Which of the following services relies on UDP?...; Question 885: What is called an exception to the search warrant requiremen...; Question 886: What is the purpose of Trusted Distribution?...; Question 887: Which of the following is NOT an encryption algorithm?...; Question 888: Which backup type run at regular intervals would take the le...; Question 889: Which of the following questions is LEAST likely to help in ...; Question 890: What would you call a microchip installed on the motherboard...; Question 891: Which of the following media is MOST resistant to tapping?...; Question 892: Which of the following access control models introduces user...; Question 893: Which of the following would BEST classify as a management c...; Question 894: Which of the following is the primary security feature of a ...; Question 895: Which of the following is MOST appropriate to notify an inte...; Question 896: Who is ultimately responsible for the security of computer b...; Question 897: A momentary high voltage is a:; Question 898: Which one of the following represents an ALE calculation?...; Question 899: In biometrics, "one-to-many" search against database of stor...; Question 900: SQL commands do not include which of the following?...; Question 901: Which of the following is a symmetric encryption algorithm?...; Question 902: What can be defined as a list of subjects along with their a...; Question 903: Which of the following attack could be avoided by creating m...; Question 904: Which layer deals with Media Access Control (MAC) addresses?...; Question 905: What would you call an attack where an attacker can influenc...; Question 906: Which of the following is an example of an active attack?...; Question 907: Why are coaxial cables called "coaxial"?...; Question 908: Which of the following testing method examines the functiona...; Question 909: Which of the following statements pertaining to a security p...; Question 910: Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) ...; Question 911: Which of the following proves or disproves a specific act th...; Question 912: The absence of a safeguard, or a weakness in a system that m...; Question 913: There are parallels between the trust models in Kerberos and...; Question 914: Which of the following remote access authentication systems ...; Question 915: Which of the following best allows risk management results t...; Question 916: FIPS-140 is a standard for the security of which of the foll...; Question 917: What is the MAIN objective of proper separation of duties?...; Question 918: The IP header contains a protocol field. If this field conta...; Question 919: Complete the following sentence. A digital signature is a:...; Question 920: Which of the following is NOT a common backup method?...; Question 921: Which of the following questions is less likely to help in a...; Question 922: Which of the following is TRUE regarding Transmission Contro...; Question 923: Which of the following is the most reliable authentication m...; Question 924: Matches between which of the following are important because...; Question 925: This type of supporting evidence is used to help prove an id...; Question 926: The International Organization for Standardization / Open Sy...; Question 927: Which OSI/ISO layer defines how to address the physical devi...; Question 928: Which of the following is a LAN transmission method?...; Question 929: In a Public Key Infrastructure, how are public keys publishe...; Question 930: Which of the following statements pertaining to Kerberos is ...; Question 931: Which of the following choices describe a condition when RAM...; Question 932: Which of the following NAT firewall translation modes allows...; Question 933: What is called the number of columns in a table?...; Question 934: Which of the following is the BEST way to detect software li...; Question 935: A business impact assessment is one element in business cont...; Question 936: You have been tasked to develop an effective information cla...; Question 937: Which element must computer evidence have to be admissible i...; Question 938: What attribute is included in a X.509-certificate?...; Question 939: Who can best decide what are the adequate technical security...; Question 940: Which of the following is NOT a proper component of Media Vi...; Question 941: Which of the following technologies has been developed to su...; Question 942: Which of the following is required in order to provide accou...; Question 943: Which of the following is an IP address that is private (i.e...; Question 944: To mitigate the risk of fire in your new data center, you pl...; Question 945: Which of the following statements pertaining to link encrypt...; Question 946: In a SSL session between a client and a server, who is respo...; Question 947: The preliminary steps to security planning include all of th...; Question 948: Which of the following security control is intended to avoid...; Question 949: Which of the following is NOT a security goal for remote acc...; Question 950: Business Continuity Planning (BCP) is defined as a preparati...; Question 951: Which of the following standards concerns digital certificat...; Question 952: Which access control model is BEST suited in an environment ...; Question 953: Logical or technical controls involve the restriction of acc...; Question 954: Which of the following is not one of the three goals of Inte...; Question 955: What can be defined as a digital certificate that binds a se...; Question 956: When backing up an applications system's data, which of the ...; Question 957: Which of the following are the three classifications of RAID...; Question 958: Which of the following security models does NOT concern itse...; Question 959: Which of the following would be MOST important to guarantee ...; Question 960: Which of the following statements is NOT true of IPSec Trans...; Question 961: Which of the following is not classified as "Security and Au...; Question 962: The Clipper Chip utilizes which concept in public key crypto...; Question 963: Which of the following is NOT a basic component of security ...; Question 964: Which of the following is an unintended communication path t...; Question 965: A demilitarized zone is:; Question 966: An effective information security policy should NOT have whi...; Question 967: Which of the following is NOT part of the Kerberos authentic...; Question 968: Business Continuity and Disaster Recovery Planning (Primaril...; Question 969: What is the primary role of smartcards in a PKI?...; Question 970: Which backup method only copies files that have been recentl...; Question 971: Which of the following determines that the product developed...; Question 972: What are the three MOST important functions that Digital Sig...; Question 973: Step-by-step instructions used to satisfy control requiremen...; Question 974: Which of the following would be best suited to oversee the d...; Question 975: Which of the following is the BIGGEST concern with firewall ...; Question 976: The property of a system or a system resource being accessib...; Question 977: Which of the following attack is MOSTLY performed by an atta...; Question 978: Controls such as job rotation, the sharing of responsibiliti...; Question 979: When companies come together to work in an integrated manner...; Question 980: The authenticator within Kerberos provides a requested servi...; Question 981: A code, as is pertains to cryptography:...; Question 982: What can be defined as a table of subjects and objects indic...; Question 983: Which of the following items is NOT a benefit of cold sites?...; Question 984: What is called an attack where the attacker spoofs the sourc...; Question 985: Which Security and Audit Framework has been adopted by some ...; Question 986: Which of the following cryptographic attacks describes when ...; Question 987: Which type of security control is also known as "Logical" co...; Question 988: What is surreptitious transfer of information from a higher ...; Question 989: When considering all the reasons that buffer overflow vulner...; Question 990: Which of the following LAN devices only operates at the phys...; Question 991: Which of the following access control models requires securi...; Question 992: Secure Sockets Layer (SSL) uses a Message Authentication Cod...; Question 993: Which of the following issues is not addressed by digital si...; Question 994: Which of the following is NOT a technique used to perform a ...; Question 995: What is the name of the FIRST mathematical model of a multi-...; Question 996: What can be defined as a data structure that enumerates digi...; Question 997: What is defined as the rules for communicating between compu...; Question 998: Who first described the DoD multilevel military security pol...; Question 999: Which of the following is best defined as a mode of system t...; Question 1000: What can be defined as the maximum acceptable length of time...; Question 1001: What is the maximum number of different keys that can be use...; Question 1002: Which layer of the TCP/IP protocol model would BEST correspo...; Question 1003: How many layers are defined within the US Department of Defe...; Question 1004: What is a common problem when using vibration detection devi...; Question 1005: Which of the following is NOT a symmetric key algorithm?...; Question 1006: Which of the following is biggest factor that makes Computer...; Question 1007: Of the three types of alternate sites: hot, warm or cold, wh...; Question 1008: Password management falls into which control category?...; Question 1009: According to the Orange Book, which security level is the fi...; Question 1010: Which of the following is used to monitor network traffic or...; Question 1011: What does the * (star) property mean in the Bell-LaPadula mo...; Question 1012: Individual accountability does not include which of the foll...; Question 1013: What would BEST define a covert channel?...; Question 1014: What is the primary goal of setting up a honey pot?...; Question 1015: In what type of attack does an attacker try, from several en...; Question 1016: Another example of Computer Incident Response Team (CIRT) ac...; Question 1017: Which of the following transmission media would NOT be affec...; Question 1018: Behavioral-based systems are also known as?...; Question 1019: Attributes that characterize an attack are stored for refere...; Question 1020: Hierarchical Storage Management (HSM) is commonly employed i...; Question 1021: Which of the following cable types is limited in length to 1...; Question 1022: Smart cards are an example of which type of control?...; Question 1023: The Open Web Application Security Project (OWASP) Top Ten li...; Question 1024: Which of the following does NOT apply to system-generated pa...; Question 1025: The Information Technology Security Evaluation Criteria (ITS...; Question 1026: Which of the following statements pertaining to ethical hack...; Question 1027: Who is responsible for providing reports to the senior manag...; Question 1028: Which access control method allows the data owner (the perso...; Question 1029: What is the most secure way to dispose of information on a C...; Question 1030: The act of requiring two of the three factors to be used in ...; Question 1031: The International Standards Organization / Open Systems Inte...; Question 1032: What is the access protection system that limits connections...; Question 1033: An attack initiated by an entity that is authorized to acces...; Question 1034: Compared to RSA, which of the following is true of Elliptic ...; Question 1035: What does the directive of the European Union on Electronic ...; Question 1036: In order to ensure the privacy and integrity of the data, co...; Question 1037: What algorithm has been selected as the AES algorithm, repla...; Question 1038: An X.509 public key certificate with the key usage attribute...; Question 1039: Public key infrastructure (PKI) consists of programs, data f...; Question 1040: What works as an E-mail message transfer agent?...; Question 1041: Virus scanning and content inspection of S/MIME encrypted e-...; Question 1042: In the process of gathering evidence from a computer attack,...; Question 1043: Which of the following statements pertaining to IPSec is NOT...; Question 1044: Which of the following offers confidentiality to an e-mail m...; Question 1045: The Data Encryption Standard (DES) encryption algorithm has ...; Question 1046: Qualitative loss resulting from the business interruption do...; Question 1047: Which of the following is a cryptographic protocol and infra...; Question 1048: In Mandatory Access Control, sensitivity labels attached to ...; Question 1049: In which of the following phases of system development life ...; Question 1050: In order to be able to successfully prosecute an intruder:...; Question 1051: Which backup method does not reset the archive bit on files ...; Question 1052: Domain Name Service is a distributed database system that is...; Question 1053: What are the four basic elements of Fire?...; Question 1054: Which of the following are suitable protocols for securing V...; Question 1055: Which is NOT a suitable method for distributing certificate ...; Question 1056: Which of the following is NOT a common category/classificati...; Question 1057: Which access control type has a central authority that deter...; Question 1058: Which of the following is the best reason for the use of an ...; Question 1059: Normalizing data within a database could include all or some...; Question 1060: Which backup method is used if backup time is critical and t...; Question 1061: What is a decrease in amplitude as a signal propagates along...; Question 1062: Which protocol is used to send email?...; Question 1063: Which of the following can be defined as an attribute in one...; Question 1064: Which of the following BEST describes Configuration Manageme...; Question 1065: Which of the following choices is a valid Public Key Cryptog...; Question 1066: The spare drives that replace the failed drives are usually ...; Question 1067: Which of the following is NOT a transaction redundancy imple...; Question 1068: Which of the following is a Wide Area Network that was origi...; Question 1069: Which of the following statements is MOST accurate regarding...; Question 1070: Which of the following teams should NOT be included in an or...; Question 1071: Which of the following encryption algorithms does NOT deal w...; Question 1072: What is the PRIMARY purpose of using redundant array of inex...; Question 1073: Which of the following would be the best reason for separati...; Question 1074: Which of the following statements pertaining to the Bell-LaP...; Question 1075: IT security measures should:; Question 1076: Which of the following cloud deployment model is provisioned...; Question 1077: Considerations of privacy, invasiveness, and psychological a...; Question 1078: Which of the following teams should be included in an organi...; Question 1079: What is a hot-site facility?; Question 1080: Which of the following stripes the data and the parity infor...; Question 1081: Which of the following suppresses combustion by disrupting a...; Question 1082: When preparing a business continuity plan, who of the follow...; Question 1083: Of the reasons why a Disaster Recovery plan gets outdated, w...; Question 1084: Which security model ensures that actions that take place at...; Question 1085: Which of the following is the MOST secure firewall implement...; Question 1086: Which of the following statements pertaining to the maintena...; Question 1087: What is called the probability that a threat to an informati...; Question 1088: In computing what is the name of a non-self-replicating type...; Question 1089: Which of the following is the most reliable, secure means of...; Question 1090: Which of the following statements pertaining to stream ciphe...; Question 1091: The communications products and services, which ensure that ...; Question 1092: Which of the following is NOT a countermeasure to traffic an...; Question 1093: Preservation of confidentiality within information systems r...; Question 1094: What is the goal of the Maintenance phase in a common develo...; Question 1095: Which of the following test makes sure the modified or new s...; Question 1096: Contracts and agreements are often times unenforceable or ha...; Question 1097: An attack that involves a fraudster tricking a user into mak...; Question 1098: A circuit level proxy is ____________ when compared to an ap...; Question 1099: Which TCSEC (Orange Book) rating or level requires the syste...; Question 1100: The International Standards Organization / Open Systems Inte...; Question 1101: Which of the following is TRUE of network security?...; Question 1102: Public Key Infrastructure (PKI) uses asymmetric key encrypti...; Question 1103: To understand the 'whys' in crime, many times it is necessar...; Question 1104: RAID level 10 is created by combining which of the following...; Question 1105: What layer of the OSI/ISO model does Point-to-point tunnelin...; Question 1106: Buffer overflow and boundary condition errors are subsets of...; Question 1107: What can be defined as an event that could cause harm to the...; Question 1108: Which of the following Common Data Network Services allocate...; Question 1109: Which of the following statements is TRUE about data encrypt...; Question 1110: Physically securing backup tapes from unauthorized access is...; Question 1111: Within the legal domain what rule is concerned with the lega...; Question 1112: Which of the following describes the sequence of steps requi...; Question 1113: During the testing of the business continuity plan (BCP), wh...; Question 1114: Which layer defines how packets are routed between end syste...; Question 1115: Which of the following defines the software that maintains a...; Question 1116: Which of the following is NOT a disadvantage of symmetric cr...; Question 1117: Which access model is most appropriate for companies with a ...; Question 1118: What is called the use of technologies such as fingerprint, ...; Question 1119: Brute force attacks against encryption keys have increased i...; Question 1120: Which of the following best describes remote journaling?...; Question 1121: What is called the type of access control where there are pa...; Question 1122: A security analyst asks you to look at the traffic he has ga...; Question 1123: Which access control model provides upper and lower bounds o...; Question 1124: Which of the following is less likely to be included in the ...; Question 1125: Which of the following would NOT violate the Due Diligence c...; Question 1126: An intranet is an Internet-like logical network that uses:...; Question 1127: Which of the following is NOT a VPN communications protocol ...; Question 1128: Recovery Site Strategies for the technology environment depe...; Question 1129: Tim's day to day responsibilities include monitoring health ...; Question 1130: Which of the following keys has the SHORTEST lifespan?...; Question 1131: What is the greatest danger from DHCP?...; Question 1132: Which of the following binds a subject name to a public key ...; Question 1133: Which Orange Book evaluation level is described as "Verified...; Question 1134: Which of the following answer specifies the correct sequence...; Question 1135: A security evaluation report and an accreditation statement ...; Question 1136: While referring to physical security, what does positive pre...; Question 1137: Which of the following are well known ports assigned by the ...; Question 1138: Which of the following cannot be undertaken in conjunction o...; Question 1139: What is the maximum allowable key size of the Rijndael encry...; Question 1140: Which of the following service is not provided by a public k...; Question 1141: What is a characteristic of using the Electronic Code Book m...; Question 1142: The three classic ways of authenticating yourself to the com...; Question 1143: Which of the following is NOT a component of an Operations S...; Question 1144: Cryptography does NOT help in:; Question 1145: Which of the following is most affected by denial-of-service...; Question 1146: What would be considered the biggest drawback of Host-based ...; Question 1147: Which of the following statements pertaining to biometrics i...; Question 1148: At which of the OSI/ISO model layer is IP implemented?...; Question 1149: Good security is built on which of the following concept?...; Question 1150: What can be defined as an instance of two different keys gen...; Question 1151: Which of the following security models introduced the idea o...; Question 1152: Which of the following statements pertaining to access contr...; Question 1153: What is the key size of the International Data Encryption Al...; Question 1154: A shared resource matrix is a technique commonly used to loc...; Question 1155: Which of the following best defines a Computer Security Inci...; Question 1156: Which of the following is NOT true of Secure Sockets Layer (...; Question 1157: A prolonged complete loss of electric power is a:...; Question 1158: This type of control is used to ensure that transactions are...; Question 1159: Which of the following is a Microsoft technology for communi...; Question 1160: In an online transaction processing system (OLTP), which of ...; Question 1161: What sort of attack is described by the following: An attack...; Question 1162: Which of the following is implemented through scripts or sma...; Question 1163: What does the simple integrity axiom mean in the Biba model?...; Question 1164: What can be defined as a value computed with a cryptographic...; Question 1165: The Diffie-Hellman algorithm is primarily used to provide wh...; Question 1166: A smart Card that has two chips with the Capability of utili...; Question 1167: Which of the following is not an element of a relational dat...; Question 1168: A Packet Filtering Firewall system is considered a:...; Question 1169: Where parties do not have a shared secret and large quantiti...; Question 1170: Which of the following describes a computer processing archi...; Question 1171: Which of the following tape formats can be used to backup da...; Question 1172: In the days before CIDR (Classless Internet Domain Routing),...; Question 1173: Proxies work by transferring a copy of each accepted data pa...; Question 1174: How many bits compose an IPv6 address?...; Question 1175: Complete the following sentence. A message can be encrypted,...; Question 1176: When referring to the Cloud Computing Service models. What w...; Question 1177: What is the verification that the user's claimed identity is...; Question 1178: Which encryption algorithm is BEST suited for communication ...; Question 1179: Which answer BEST describes a secure cryptoprocessor that ca...; Question 1180: Which of the following is most appropriate to notify an exte...; Question 1181: In regards to relational database operations using the Struc...; Question 1182: Which is the last line of defense in a physical security sen...; Question 1183: What are the three FUNDAMENTAL principles of security?...; Question 1184: Which of the following is a not a preventative control?...; Question 1185: Which of the following statements regarding an off-site info...; Question 1186: You are a manager for a large international bank and periodi...; Question 1187: Examples of types of physical access controls include all EX...; Question 1188: Which protocol makes USE of an electronic wallet on a custom...; Question 1189: A Differential backup process will:...; Question 1190: This baseline sets certain thresholds for specific errors or...; Question 1191: Who is responsible for implementing user clearances in compu...; Question 1192: Which of the following would best define a digital envelope?...; Question 1193: In Mandatory Access Control, sensitivity labels attached to ...; Question 1194: Which type of attack would a competitive intelligence attack...; Question 1195: Which of the following statements pertaining to packet switc...; Question 1196: The throughput rate is the rate at which individuals, once e...; Question 1197: A periodic review of user account management should NOT dete...; Question 1198: Which key agreement scheme uses implicit signatures?...; Question 1199: 2 Which of the following statements is not listed within the...; Question 1200: Which of the following type of lock uses a numeric keypad or...; Question 1201: If any server in the cluster crashes, processing continues t...; Question 1202: Which of the following is the WEAKEST authentication mechani...; Question 1203: The Telecommunications Security Domain of information securi...; Question 1204: Which of the following answers BEST describes the Bell La-Pa...; Question 1205: Which of the following is true about a "dry pipe" sprinkler ...; Question 1206: Common Criteria 15408 generally outlines assurance and funct...; Question 1207: You've decided to authenticate the source who initiated a pa...; Question 1208: Which of the following phases of a system development life-c...; Question 1209: Which of the following phases of a software development life...; Question 1210: Sensitivity labels are an example of what application contro...; Question 1211: The Orange Book describes four hierarchical levels to catego...; Question 1212: When considering an IT System Development Life-cycle, securi...; Question 1213: What key size is used by the Clipper Chip?...; Question 1214: The information security staff's participation in which of t...; Question 1215: Which of the following effectively doubles the amount of har...; Question 1216: Guards are appropriate whenever the function required by the...; Question 1217: Which of the following would MOST likely ensure that a syste...; Question 1218: Network-based Intrusion Detection systems:...; Question 1219: What is the act of obtaining information of a higher sensiti...; Question 1220: Related to information security, confidentiality is the oppo...; Question 1221: In which phase of the System Development Lifecycle (SDLC) is...; Question 1222: Which of the following issues is NOT addressed by Kerberos?...; Question 1223: Which of the following is not a defined maturity level withi...; Question 1224: The main issue with RAID Level 1 is that the one-for-one rat...; Question 1225: Which of the following testing method examines internal stru...; Question 1226: Which of the following is NOT a property of the Rijndael blo...; Question 1227: Whose role is it to assign classification level to informati...; Question 1228: Which layer of the DoD TCP/IP model controls the communicati...; Question 1229: The primary service provided by Kerberos is which of the fol...; Question 1230: Which protocol's primary function is to facilitate file and ...; Question 1231: Which of the following answer BEST relates to the type of ri...; Question 1232: Which of the following represents a relation, which is the b...; Question 1233: Which of the following service is a distributed database tha...; Question 1234: Which of the following biometric devices offers the LOWEST C...; Question 1235: Which of the following allows two computers to coordinate in...; Question 1236: Which expert system operating mode allows determining if a g...; Question 1237: After a company is out of an emergency state, what should be...; Question 1238: Which of the following is addressed by Kerberos?...; Question 1239: Which of the following is NOT an administrative control?...; Question 1240: In an organization where there are frequent personnel change...; Question 1241: Which of the following protects a password from eavesdropper...; Question 1242: What is electronic vaulting?; Question 1243: Once evidence is seized, a law enforcement officer should em...; Question 1244: Which RAID Level often implements a one-for-one disk to disk...; Question 1245: Which of the following is NOT a media viability control used...; Question 1246: Which of the following answers best describes the type of pe...; Question 1247: A virus is a program that can replicate itself on a system b...; Question 1248: Within Crime prevention through Environmental Design (CPTED)...; Question 1249: RAID Level 1 mirrors the data from one disk or set of disks ...; Question 1250: Who is responsible for initiating corrective measures and ca...; Question 1251: Which of the following best describes what would be expected...; Question 1252: What can be defined as a batch process dumping backup data t...; Question 1253: Under intellectual property law what would you call informat...; Question 1254: The major objective of system configuration management is wh...; Question 1255: Of the multiple methods of handling risks which we must unde...; Question 1256: Who developed one of the first mathematical models of a mult...; Question 1257: Packet Filtering Firewalls can also enable access for:...; Question 1258: Which of the following BEST describes a function relying on ...; Question 1259: When a biometric system is used, which error type deals with...; Question 1260: Which of the following questions is LESS likely to help in a...; Question 1261: Which of the following is a Hashing Algorithm?...; Question 1262: Complete the following sentence. A message can be encrypted,...; Question 1263: Which of the following best describes the purpose of debuggi...; Question 1264: Notifying the appropriate parties to take action in order to...; Question 1265: Which of the following Operation Security controls is intend...; Question 1266: Which of the following is defined as the most recent point i...; Question 1267: Who vouches for the binding between the data items in a digi...; Question 1268: Which of the following are required for Life-Cycle Assurance...; Question 1269: Complex applications involving multimedia, computer aided de...; Question 1270: What is the three-way handshake sequence used to initiate TC...; Question 1271: Which of the following attacks could capture network user pa...; Question 1272: The Widget Company decided to take their company public and ...; Question 1273: Which device acting as a translator is used to connect two n...; Question 1274: Which of the following is NOT a component of IPSec?...; Question 1275: Which of the following is from the Internet Architecture Boa...; Question 1276: Which of the following would be true about Static password t...; Question 1277: What are the components of an object's sensitivity label?...; Question 1278: The main risks that physical security components combat are ...; Question 1279: Which of the following modes of DES is MOST likely used for ...; Question 1280: View the image below and identify the attack (Exhibit)...; Question 1281: During a business impact analysis it is concluded that a sys...; Question 1282: In Synchronous dynamic password tokens:...; Question 1283: Which of the following is covered under Crime Insurance Poli...; Question 1284: Which of the following protocols operates at the session lay...; Question 1285: The BIGGEST difference between System High Security Mode and...; Question 1286: When submitting a passphrase for authentication, the passphr...; Question 1287: Which OSI/ISO layer is the Media Access Control (MAC) sublay...; Question 1288: When it comes to magnetic media sanitization, what differenc...; Question 1289: What is the difference between Access Control Lists (ACLs) a...; Question 1290: You are using an open source packet analyzer called Wireshar...; Question 1291: The end result of implementing the principle of least privil...; Question 1292: A channel within a computer system or network that is design...; Question 1293: Which of the following is NOT a two-factor authentication me...; Question 1294: Which of the following risk handling technique involves the ...; Question 1295: Which of the following is NOT a factor related to Access Con...; Question 1296: Which of the following was designed to support multiple netw...; Question 1297: What IDS approach relies on a database of known attacks?...; Question 1298: The high availability of multiple all-inclusive, easy-to-use...; Question 1299: Why does compiled code pose more of a security risk than int...

Question 361/1299

LEAVE A REPLY

Download PDF File