CISSP Exam Dumps | Which Security and Audit Framework has been adopted by some organizations working towards Sarbanes -

<< Prev Question Next Question >>

Question 985/1299

Which Security and Audit Framework has been adopted by some organizations working towards Sarbanes
- Oxley Section 404 compliance?

A. Committee of Sponsoring Organizations of the Treadway Commission (COSO)

B. BIBA

C. National Institute of Standards and Technology Special Publication 800-66 (NIST SP 800-66)

D. CCTA Risk Analysis and Management Method (CRAMM)

Question List (1299q): Question 1: Which of the following best describes the Secure Electronic ...; Question 2: Which of the following security controls is intended to brin...; Question 3: In discretionary access environments, which of the following...; Question 4: External consistency ensures that the data stored in the dat...; Question 5: Which of the following is most concerned with personnel secu...; 1 commentQuestion 6: Mark's manager has tasked him with researching an intrusion ...; Question 7: Organizations should consider which of the following first b...; Question 8: Related to information security, integrity is the opposite o...; Question 9: Business rules can be enforced within a database through the...; Question 10: The fact that a network-based IDS reviews packets payload an...; Question 11: Which of the following term BEST describes a weakness that c...; Question 12: You have been tasked with developing a Business Continuity P...; Question 13: Under the principle of culpable negligence, executives can b...; Question 14: Which of the following services is NOT provided by the digit...; Question 15: RADIUS incorporates which of the following services?...; Question 16: Which of the following rules is LEAST likely to support the ...; Question 17: Which of the following is NOT an example of an operational c...; Question 18: What assesses potential loss that could be caused by a disas...; Question 19: What is the primary reason why some sites choose not to impl...; Question 20: Transport Layer Security (TLS) is a two-layered socket layer...; Question 21: What is the percentage at which the False Rejection Rate equ...; Question 22: Which of the following is the MOST important aspect relating...; Question 23: What best describes a scenario when an employee has been sha...; Question 24: Which one of the following factors is NOT one on which Authe...; Question 25: Remote Procedure Call (RPC) is a protocol that one program c...; Question 26: Which of the following statements relating to Distributed Co...; Question 27: Which of the following computer recovery sites is only parti...; Question 28: Which of the following is not a one-way hashing algorithm?...; Question 29: What is called the formal acceptance of the adequacy of a sy...; Question 30: What can be described as a measure of the magnitude of loss ...; Question 31: If an employee's computer has been used by a fraudulent empl...; Question 32: Which of the following is an example of discretionary access...; Question 33: In a stateful inspection firewall, data packets are captured...; Question 34: Suppose that you are the COMSEC - Communications Security cu...; Question 35: Which of the following algorithms is used today for encrypti...; Question 36: Which of the following is a drawback of fiber optic cables?...; Question 37: Physical security is accomplished through proper facility co...; Question 38: Which of the following is commonly used for retrofitting mul...; Question 39: Which one of the following is NOT one of the outcomes of a v...; Question 40: An Intrusion Detection System (IDS) is what type of control?...; Question 41: The RSA algorithm is an example of what type of cryptography...; Question 42: What security model implies a central authority that defines...; Question 43: What is the difference between the OCSP (Online Certificate ...; Question 44: The Domain Name System (DNS) is a global network of:...; Question 45: Which port does the Post Office Protocol Version 3 (POP3) ma...; Question 46: Which of the following would be an example of the BEST passw...; Question 47: Which of the following statements pertaining to Kerberos is ...; Question 48: The only difference between RAID 3 and RAID 4 is that level ...; Question 49: The description of the database is called a schema. The sche...; Question 50: Which of the following focuses on sustaining an organization...; Question 51: What are the four domains that make up CobiT?...; Question 52: In an organization, an Information Technology security funct...; Question 53: Which of the following biometric devices has the lowest user...; Question 54: If an internal database holds a number of printers in every ...; Question 55: The DMZ does not normally contain:...; Question 56: In which phase of Internet Key Exchange (IKE) protocol is pe...; Question 57: When referring to the data structures of a packet, the term ...; Question 58: The MOST common threat that impacts a business's ability to ...; Question 59: Which layer of the OSI/ISO model handles physical addressing...; Question 60: Which of the following backup method must be made regardless...; Question 61: Which of the following statements pertaining to protection r...; Question 62: Which of the following is given the responsibility of the ma...; Question 63: In IPSec, if the communication is to be gateway-to-gateway o...; Question 64: Java is not:; Question 65: Which Network Address Translation (NAT) is the MOST convenie...; Question 66: Which of the following is NOT a common integrity goal?...; Question 67: The security of a computer application is MOST effective and...; Question 68: Another type of access control is lattice-based access contr...; Question 69: Why would a database be denormalized?...; Question 70: ICMP and IGMP belong to which layer of the OSI model?...; Question 71: Which of the following is the most important consideration i...; Question 72: Which of the following characteristics pertaining to databas...; Question 73: Which answer BEST describes a computer software attack that ...; Question 74: In this type of attack, the intruder re-routes data traffic ...; Question 75: Which of the following describes a logical form of separatio...; Question 76: Communications and network security relates to transmission ...; Question 77: 2 According to ISC , what should be the fire rating for the ...; Question 78: Which of the following establishes the minimal national stan...; Question 79: Which IPSec operational mode encrypts the entire data packet...; Question 80: While using IPsec, the ESP and AH protocols both provide int...; Question 81: Because ordinary cable introduces a toxic hazard in the even...; Question 82: Configuration Management is a requirement for the following ...; Question 83: Which of the following can best be defined as a key distribu...; Question 84: RAID Level 1 is commonly called which of the following?...; Question 85: Which of the following assertions is NOT true about pattern ...; Question 86: Which of the following tools is NOT likely to be used by a h...; Question 87: Which of the following is less likely to accompany a conting...; Question 88: A prolonged power supply that is below normal voltage is a:...; Question 89: Which type of risk assessment is the formula ALE = ARO x SLE...; Question 90: When RAID runs as part of the operating system on the file s...; Question 91: Failure of a contingency plan is usually:...; Question 92: Which of the following is NOT true of the Kerberos protocol?...; Question 93: What mechanism automatically causes an alarm originating in ...; Question 94: A server cluster looks like a:; Question 95: What is the highest amount a company should spend annually o...; Question 96: Which of the following is NOT a system-sensing wireless prox...; Question 97: What security problem is most likely to exist if an operatin...; Question 98: When should a post-mortem review meeting be held after an in...; Question 99: If an organization were to deploy only one Intrusion Detecti...; Question 100: What is the role of IKE within the IPsec protocol?...; Question 101: What is the BEST definition of SQL injection?...; Question 102: Which of the following statements pertaining to air conditio...; Question 103: What kind of encryption technology does SSL utilize?...; Question 104: Kerberos is vulnerable to replay in which of the following c...; Question 105: Which of the following could be BEST defined as the likeliho...; Question 106: The Secure Hash Algorithm (SHA-1) creates:...; Question 107: A hardware RAID implementation is usually:...; Question 108: A prolonged electrical power supply that is below normal vol...; Question 109: Which of the following risk handling technique involves the ...; Question 110: Many approaches to Knowledge Discovery in Databases (KDD) ar...; Question 111: What is considered the MOST important type of error to avoid...; Question 112: Passwords can be required to change monthly, quarterly, or a...; Question 113: Which of the following is not a form of passive attack?...; Question 114: Which of the following outlined how senior management are re...; Question 115: How often should a Business Continuity Plan be reviewed?...; Question 116: System reliability is increased by:...; Question 117: Which of the following models does NOT include data integrit...; Question 118: Which of following is NOT a service provided by AAA servers ...; Question 119: A packet containing a long string of NOP's followed by a com...; Question 120: What would BEST define risk management?...; Question 121: Unshielded Twisted Pair cabling is a:...; Question 122: At which temperature does damage start occurring to magnetic...; Question 123: The scope and focus of the Business continuity plan developm...; Question 124: What is the MOST critical piece to disaster recovery and con...; Question 125: The RSA Algorithm uses which mathematical concept as the bas...; Question 126: The Loki attack exploits a covert channel using which networ...; Question 127: A database view is the results of which of the following ope...; Question 128: What is the process that RAID Level 0 uses as it creates one...; Question 129: 2 Which of the following is the most important ISC Code of E...; Question 130: What is the essential difference between a self-audit and an...; Question 131: Which software development model is actually a meta-model th...; Question 132: Which of the following elements is NOT included in a Public ...; Question 133: Which of the following should be allowed through a firewall ...; Question 134: Which cable technology refers to the CAT3 and CAT5 categorie...; Question 135: What can be defined as a momentary low voltage?...; Question 136: Which of the following Common Data Network Services is used ...; Question 137: What is an error called that causes a system to be vulnerabl...; Question 138: Detective/Technical measures:; Question 139: All of the following can be considered essential business fu...; Question 140: In telephony different types of connections are being used. ...; Question 141: 2 The ISC Code of Ethics does not include which of the follo...; Question 142: Which of the following statements pertaining to key manageme...; Question 143: Which of the following is NOT true concerning Application Co...; Question 144: Which of the following can BEST eliminate dial-up access thr...; Question 145: Which of the following item would best help an organization ...; Question 146: In a database management system (DBMS), what is the "cardina...; Question 147: Which Orange Book evaluation level is described as "Structur...; Question 148: A central authority determines what subjects can have access...; Question 149: Which type of control is concerned with restoring controls?...; Question 150: Which one of the following is a key agreement protocol used ...; Question 151: Who should DECIDE how a company should approach security and...; Question 152: Which of the following biometrics devices has the highest Cr...; Question 153: Which of the following is an IDS that acquires data and defi...; Question 154: Which of the following computer recovery sites is the least ...; Question 155: Which of the following would be the MOST serious risk where ...; Question 156: Business Impact Analysis (BIA) is about:...; Question 157: What is NOT true about a one-way hashing function?...; Question 158: When a possible intrusion into your organization's informati...; Question 159: The owner of a system should have the confidence that the sy...; Question 160: Which of the following identifies the encryption algorithm s...; Question 161: Which of the following will a Business Impact Analysis NOT i...; Question 162: Which Orange book security rating introduces security labels...; Question 163: Which integrity model defines a constrained data item, an in...; Question 164: What category of law deals with regulatory standards that re...; Question 165: Which of the following ciphers is a subset on which the Vige...; Question 166: Which of the following places the Orange Book classification...; Question 167: Which of the following would not correspond to the number of...; Question 168: Which of the following represents the rows of the table in a...; Question 169: Which of the following enables the person responsible for co...; Question 170: This type of backup management provides a continuous on-line...; Question 171: The ideal operating humidity range is defined as 40 percent ...; Question 172: Which of the following groups represents the leading source ...; Question 173: Frame relay and X.25 networks are part of which of the follo...; Question 174: Computer-generated evidence is considered:...; Question 175: Which of the following is considered the weakest link in a s...; Question 176: In what LAN topology do all the transmissions of the network...; Question 177: In which of the following security models is the subject's c...; Question 178: This type of attack is generally most applicable to public-k...; Question 179: The criteria for evaluating the legal requirements for imple...; Question 180: How should a doorway of a manned facility with automatic loc...; Question 181: Which of the following is NOT appropriate in addressing obje...; Question 182: Who of the following is responsible for ensuring that proper...; Question 183: Which of the following answers presents the MOST significant...; Question 184: The environment that must be protected includes all personne...; Question 185: Which of the following phases of a software development life...; Question 186: Which of the following organizations PRODUCES and PUBLISHES ...; Question 187: Which of the following protocol was used by the INITIAL vers...; Question 188: Which of the following ensures that security is NOT breached...; Question 189: A confidential number used as an authentication factor to ve...; Question 190: Which of the following biometric parameters are better suite...; Question 191: What is the name of the protocol use to set up and manage Se...; Question 192: Which of the following is TRUE of two-factor authentication?...; Question 193: A DMZ is also known as a:; Question 194: Which of the following type of cryptography is used when bot...; Question 195: Which of the following usually provides reliable, real-time ...; Question 196: Which of the following is NOT a form of detective technical ...; Question 197: Which of the following Common Data Network Services is used ...; Question 198: Debbie from finance called to tell you that she downloaded a...; Question 199: What is the maximum key size for the RC5 algorithm?...; Question 200: Which of the following questions is LESS likely to help in a...; Question 201: Which type of attack is based on the probability of two diff...; Question 202: In the context of access control, locks, gates, guards are e...; Question 203: Which of the following security-focused protocols has confid...; Question 204: When an outgoing request is made on a port number greater th...; Question 205: Which of the following protocol is PRIMARILY used to provide...; Question 206: What enables users to validate each other's certificate when...; Question 207: If your property Insurance has Actual Cash Valuation (ACV) c...; Question 208: Which of the following Kerberos components holds all users' ...; Question 209: When referring to a computer crime investigation, which of t...; Question 210: The deliberate planting of apparent flaws in a system for th...; Question 211: Which of the following statements pertaining to Secure Socke...; Question 212: The "vulnerability of a facility" to damage or attack may be...; Question 213: Which of the following is NOT an example of preventive contr...; Question 214: Prior to a live disaster test also called a Full Interruptio...; Question 215: Controlling access to information systems and associated net...; Question 216: Complete the blanks. When using PKI, I digitally sign a mess...; Question 217: Which must bear the primary responsibility for determining t...; Question 218: What is the 802.11 standard related to?...; Question 219: The US department of Health, Education and Welfare developed...; Question 220: Under what conditions would the use of a Class C fire exting...; Question 221: Which fire class can water be most appropriate for?...; Question 222: One purpose of a security awareness program is to modify:...; Question 223: Which of the following is an advantage of prototyping?...; Question 224: Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP)...; Question 225: Making sure that only those who are supposed to access the d...; Question 226: Of the following, which multiple access method for computer ...; Question 227: What is the proper term to refer to a single unit of IP data...; Question 228: An Ethernet address is composed of how many bits?...; Question 229: What is the main problem of the renewal of a root CA certifi...; Question 230: In the physical security context, a security door equipped w...; Question 231: Which of the following is not an EPA-approved replacement fo...; Question 232: Which of the following was NOT designed to be a proprietary ...; Question 233: It is a violation of the "separation of duties" principle wh...; Question 234: Ding Ltd. is a firm specialized in intellectual property bus...; Question 235: Which of the following is a NOT a guideline necessary to enh...; Question 236: What would be the Annualized Rate of Occurrence (ARO) of the...; Question 237: An intranet provides more security and control than which of...; Question 238: Under the Business Exemption Rule to the hearsay evidence, w...; Question 239: Frame relay uses a public switched network to provide:...; Question 240: Which of the following logical access exposures involvers ch...; Question 241: Which of the following does not address Database Management ...; Question 242: Which of the following choices is NOT normally part of the q...; Question 243: Keeping in mind that these are objectives that are provided ...; Question 244: Which of the following ensures that a TCB is designed, devel...; Question 245: Degaussing is used to clear data from all of the following m...; Question 246: Which backup method usually resets the archive bit on the fi...; Question 247: Which of the following is NOT a disadvantage of Single Sign ...; Question 248: What refers to legitimate users accessing networked services...; Question 249: Which of the following is NOT a type of motion detector?...; Question 250: Which of the following classes is the first level (lower) de...; Question 251: The first step in the implementation of the contingency plan...; Question 252: Which of the following is NOT an example of corrective contr...; Question 253: How do you distinguish between a bridge and a router?...; Question 254: Which of the following represents the columns of the table i...; Question 255: The National Institute of Standards and Technology (NIST) st...; Question 256: Which of the following DoD Model layer provides non-repudiat...; Question 257: At which of the Orange Book evaluation levels is configurati...; Question 258: Which of the following should be emphasized during the Busin...; Question 259: Valuable paper insurance coverage does cover damage to which...; Question 260: A Differential backup process:; Question 261: What is a password called that is the same for each log-on s...; Question 262: In biometric identification systems, the parts of the body c...; Question 263: Which of the following media is MOST resistant to EMI interf...; Question 264: Which of the following is NOT a true statement regarding the...; Question 265: Which type of algorithm is considered to have the highest st...; Question 266: Which of the following is NOT a characteristic or shortcomin...; Question 267: What mechanism does a system use to compare the security lab...; Question 268: What principle focuses on the uniqueness of separate objects...; Question 269: Which type of password provides maximum security because a n...; Question 270: The Diffie-Hellman algorithm is used for:...; Question 271: What is one disadvantage of content-dependent protection of ...; Question 272: Which category of law is also referenced as a Tort law?...; Question 273: The copyright law ("original works of authorship") protects ...; Question 274: A server farm consisting of multiple similar servers seen as...; Question 275: What is Kerberos?; Question 276: In the UTP category rating, the tighter the wind:...; Question 277: What is the most correct choice below when talking about the...; Question 278: Which of the following control helps to identify an incident...; Question 279: Which of the following is a tool often used to reduce the ri...; Question 280: Which Orange book security rating introduces the object reus...; Question 281: An Architecture where there are more than two execution doma...; Question 282: Which of the following server contingency solutions offers t...; Question 283: What algorithm was DES derived from?...; Question 284: According to the Orange Book, which security level is the fi...; Question 285: The viewing of recorded events after the fact using a closed...; Question 286: Which of the following is a transaction redundancy implement...; Question 287: Which of the following is BEST at defeating frequency analys...; Question 288: If an organization were to monitor their employees' e-mail, ...; Question 289: Which of the following can best be defined as a cryptanalysi...; Question 290: Which of the following would provide the BEST stress testing...; Question 291: Which of the following is used to interrupt the opportunity ...; Question 292: Which of the following statements pertaining to a Criticalit...; Question 293: Which of the following European Union (EU) principles pertai...; Question 294: Related to information security, availability is the opposit...; Question 295: Which type of control is concerned with avoiding occurrences...; Question 296: Which of the following tasks is NOT usually part of a Busine...; Question 297: Which of the following can prevent hijacking of a web sessio...; Question 298: There are basic goals of Cryptography. Which of the followin...; Question 299: Which of the following can best be defined as a key recovery...; Question 300: Which of the following is NOT part of user provisioning?...; Question 301: The most prevalent cause of computer center fires is which o...; Question 302: An access system that grants users only those rights necessa...; Question 303: Which of the following statements do apply to a hot site?...; Question 304: At what Orange Book evaluation levels are design specificati...; Question 305: Which of the following offers security to wireless communica...; Question 306: What does the Clark-Wilson security model focus on?...; Question 307: Which of the following computer crime is MORE often associat...; Question 308: Which of the following asymmetric encryption algorithms is b...; Question 309: Which of the following is currently the most recommended wat...; Question 310: Which approach to a security program ensures people responsi...; Question 311: You are a security consultant who is required to perform pen...; Question 312: Which Orange book security rating is the FIRST to be concern...; Question 313: Which of the following statements pertaining to software tes...; Question 314: How many bits is the effective length of the key of the Data...; Question 315: Which of the following is not a method to protect objects an...; Question 316: Which of the following is based on the premise that the qual...; Question 317: Examine the following characteristics and identify which ans...; Question 318: What is a sequence of characters that is usually longer than...; Question 319: Which access control model was proposed for enforcing access...; Question 320: Within the OSI model, at what layer are some of the SLIP, CS...; Question 321: Which xDSL flavor, appropriate for home or small offices, de...; Question 322: What is the PRIMARY goal of incident handling?...; Question 323: How should a risk be handled when the cost of the countermea...; Question 324: Kerberos can prevent which one of the following attacks?...; Question 325: Which of the following is NOT a precaution you can take to r...; Question 326: Which of the following answers BEST indicates the most impor...; Question 327: During an IS audit, one of your auditors has observed that s...; Question 328: What is the main focus of the Bell-LaPadula security model?...; Question 329: The Logical Link Control sub-layer is a part of which of the...; Question 330: Which of the following items is a benefit of cold sites?...; Question 331: In addition to the Legal Department, with what company funct...; Question 332: Which one of the following is NOT a check for Input or Infor...; Question 333: What is NOT included in a data dictionary?...; Question 334: Which of the following best describes signature-based detect...; Question 335: What Cloud Deployment model consist of a cloud infrastructur...; Question 336: Which of the following protection devices is used for spot p...; Question 337: Devices that supply power when the commercial utility power ...; Question 338: Which of the following phases of a system development life-c...; Question 339: Which of the following is NOT a critical security aspect of ...; Question 340: What is used to bind a document to its creation at a particu...; Question 341: You are part of a security staff at a highly profitable bank...; Question 342: Which of the following statements pertaining to packet filte...; Question 343: Risk reduction in a system development life-cycle should be ...; Question 344: Which one of the following authentication mechanisms creates...; Question 345: Which of the following algorithms is a stream cipher?...; Question 346: Which of the following is NOT an example of an asymmetric ke...; Question 347: What is the maximum length of cable that can be used for a t...; Question 348: Which of the following is an issue with signature-based intr...; Question 349: Which one of the following is used to provide authentication...; Question 350: What is an IP routing table?; Question 351: Technical controls such as encryption and access control can...; Question 352: An access control policy for a bank teller is an example of ...; Question 353: For which areas of the enterprise are business continuity pl...; Question 354: Which of the following is NOT a part of a risk analysis?...; Question 355: Why would anomaly detection IDSs often generate a large numb...; Question 356: Which of the following results in the most devastating busin...; Question 357: Which of the following describes a technique in which a numb...; Question 358: Which security model uses division of operations into differ...; Question 359: Which of the following countermeasures would be the most app...; Question 360: Single Sign-on (SSO) is characterized by which of the follow...; Question 361: Which of the following is one of the oldest and most common ...; Question 362: In a dry pipe system, there is no water standing in the pipe...; Question 363: Making sure that the data is accessible when and where it is...; Question 364: What protocol is used on the Local Area Network (LAN) to obt...; Question 365: Another name for a VPN is a:; Question 366: What is the primary role of cross certification?...; Question 367: What is RAD?; Question 368: Which of the following should be used as a replacement for T...; Question 369: Which backup method is additive because the time and tape sp...; Question 370: What is a trusted shell?; Question 371: Which of the following is the most complete disaster recover...; Question 372: Related to information security, the prevention of the inten...; Question 373: Which of the following is an extension to Network Address Tr...; Question 374: Which of the following questions is LESS likely to help in a...; Question 375: What can be defined as an abstract machine that mediates all...; Question 376: Which of the following would be used to implement Mandatory ...; Question 377: Which of the following is a large hardware/software backup s...; Question 378: Which of the following can best define the "revocation reque...; Question 379: In the Open Systems Interconnect (OSI) Reference Model, at w...; Question 380: In SSL/TLS protocol, what kind of authentication is supporte...; Question 381: Which of the following concerning the Rijndael block cipher ...; Question 382: Organizations should not view disaster recovery as which of ...; Question 383: Which International Organization for Standardization standar...; Question 384: Which of the following type of traffic can easily be filtere...; Question 385: What is it called when a computer uses more than one CPU in ...; Question 386: Which of the following are the two commonly defined types of...; Question 387: During a test of a disaster recovery plan the IT systems are...; Question 388: Which of the following protocols is designed to send individ...; Question 389: Which of the following is NOT defined in the Internet Archit...; Question 390: What is the framing specification used for transmitting digi...; Question 391: Which ISO/OSI layer establishes the communications link betw...; Question 392: When planning for disaster recovery it is important to know ...; Question 393: An application layer firewall is also called a:...; Question 394: The BEST technique to authenticate to a system is to:...; Question 395: SMTP can best be described as:; Question 396: The equation used to calculate the total number of symmetric...; Question 397: What is the main issue with media reuse?...; Question 398: Which of the following items is NOT primarily used to ensure...; Question 399: A system file that has been patched numerous times becomes i...; Question 400: Legacy single sign on (SSO) is:...; Question 401: Which of the following backup methods is most appropriate fo...; Question 402: Which of the following was developed by the National Compute...; Question 403: Java follows which security model:...; Question 404: CobiT was developed from the COSO framework. Which of the ch...; Question 405: Which of the following can be defined as the process of reru...; Question 406: What does the * (star) integrity axiom mean in the Biba mode...; Question 407: Which of the following is NOT an advantage that TACACS+ has ...; Question 408: How many rounds are used by DES?...; Question 409: Which layer of the TCP/IP protocol model defines the IP data...; Question 410: Which of the following can be defined as a framework that su...; Question 411: What is the RESULT of a hash algorithm being applied to a me...; Question 412: Which of the following is NOT a preventive operational contr...; Question 413: Which authentication technique BEST protects against hijacki...; Question 414: In regards to information classification what is the main re...; Question 415: A momentary power outage is a:; Question 416: Which virus category has the capability of changing its own ...; Question 417: Which of the following is used to create parity information?...; Question 418: Which of the following statements pertaining to secure infor...; Question 419: You work in a police department forensics lab where you exam...; Question 420: Which of the following are additional terms used to describe...; Question 421: The steps of an access control model should follow which log...; Question 422: Which of the following was developed to address some of the ...; Question 423: Which access control model would a lattice-based access cont...; Question 424: What is the PRIMARY use of a password?...; Question 425: The older coaxial cable has been widely replaced with twiste...; Question 426: Of the various types of "Hackers" that exist, the ones who a...; Question 427: Which of the following specifically addresses cyber-attacks ...; Question 428: A host-based IDS is resident on which of the following?...; Question 429: Referential Integrity requires that for any foreign key attr...; Question 430: Due care is not related to:; Question 431: Which of the following floors would be MOST appropriate to l...; Question 432: Which of the following does NOT concern itself with key mana...; Question 433: Which of the following is NOT a correct notation for an IPv6...; Question 434: The Orange Book states that "Hardware and software features ...; Question 435: Which of the following security controls might force an oper...; Question 436: What is the PRIMARY reason to maintain the chain of custody ...; Question 437: Which of the following is an important part of database desi...; Question 438: What do the ILOVEYOU and Melissa virus attacks have in commo...; Question 439: What is Dumpster Diving?; Question 440: A network-based vulnerability assessment is a type of test a...; Question 441: This is a common security issue that is extremely hard to co...; Question 442: The Data Encryption Algorithm performs how many rounds of su...; Question 443: Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI st...; Question 444: Which of the following control is intended to discourage a p...; Question 445: What are user interfaces that limit the functions that can b...; Question 446: Which of the following is an Internet IPsec protocol to nego...; Question 447: Which of the following was designed as a more fault-tolerant...; Question 448: A contingency plan should address:...; Question 449: Which of the following would best describe secondary evidenc...; Question 450: How would nonrepudiation be BEST classified as?...; Question 451: Which of the following NAT firewall translation modes offers...; Question 452: What does "System Integrity" mean?...; Question 453: A 'Pseudo flaw' is which of the following?...; Question 454: What is the difference between Advisory and Regulatory secur...; Question 455: To control access by a subject (an active entity such as ind...; Question 456: In a security context what are database views used for?...; Question 457: A packet filtering firewall looks at the data packet to get ...; Question 458: One of the following statements about the differences betwee...; Question 459: Which of the following BEST describes an exploit?...; Question 460: Which of the following is not a property of the Rijndael blo...; Question 461: Under United States law, an investigator's notebook may be u...; Question 462: Which of the following services is provided by S-RPC?...; Question 463: Controls like guards and general steps to maintain building ...; Question 464: If your property Insurance has Replacement Cost Valuation (R...; Question 465: Which of the following is LESS likely to be used today in cr...; Question 466: There is no way to completely abolish or avoid risks, you ca...; Question 467: What kind of encryption is realized in the S/MIME-standard?...; Question 468: Which of the following cloud computing service model is a pr...; Question 469: Which of the following is often the GREATEST challenge of di...; Question 470: What security model is dependent on security labels?...; Question 471: Which of the following statements pertaining to disaster rec...; Question 472: Which of the following should NOT be performed by an operato...; Question 473: What is the primary difference between FTP and TFTP?...; Question 474: The typical computer fraudsters are usually persons with whi...; Question 475: Which of the following is an advantage of a qualitative over...; Question 476: Which of the following is related to physical security and i...; Question 477: What type of key would you find within a browser's list of t...; Question 478: Which of the following control pairings include: organizatio...; Question 479: In an SSL session between a client and a server, who is resp...; Question 480: Readable is to unreadable just as plain text is to:...; Question 481: At what stage of the applications development process should...; Question 482: Which of the following provides enterprise management with a...; Question 483: Which term BEST describes a practice used to detect fraud fo...; Question 484: Controls are implemented to:; Question 485: For competitive reasons, the customers of a large shipping c...; Question 486: Common Criteria has assurance level from EAL 1 to EAL 7 rega...; Question 487: A business continuity plan should list and prioritize the se...; Question 488: Asynchronous Communication transfers data by sending:...; Question 489: Which of the following is the marriage of object-oriented an...; Question 490: Which of the following is NOT a Generally Accepted System Se...; Question 491: Which of the following is NOT an asymmetric key algorithm?...; Question 492: At which OSI/ISO layer is an encrypted authentication betwee...; Question 493: Which of the following access control techniques BEST gives ...; Question 494: Which type of fire extinguisher is MOST appropriate for a di...; Question 495: Which of the following statements do not apply to a hot site...; Question 496: Which of the following is an advantage of proxies?...; Question 497: Which of the following encryption methods is known to be unb...; Question 498: Which of the following statements relating to the Biba secur...; Question 499: Which of the following is an advantage of using a high-level...; Question 500: A one-way hash provides which of the following?...; Question 501: Which of the following is a class A fire?...; Question 502: Which of the following would be the BEST criterion to consid...; Question 503: When two or more separate entities (usually persons) operati...; Question 504: Which of the following packets should NOT be dropped at a fi...; Question 505: Crackers today are MOST often motivated by their desire to:...; Question 506: What is defined as the hardware, firmware and software eleme...; Question 507: Which of the following is used in database information secur...; Question 508: A message can be encrypted and digitally signed, which provi...; Question 509: Which of the following statements pertaining to software tes...; Question 510: Which type of encryption is considered to be unbreakable if ...; Question 511: What is NOT an authentication method within IKE and IPsec?...; Question 512: The ISO/IEC 27001:2005 is a standard for:...; Question 513: What is called the act of a user professing an identity to a...; Question 514: Identity Management solutions include such technologies as D...; Question 515: Which of the following should NOT normally be allowed throug...; Question 516: What is the percentage of valid subjects that are falsely re...; Question 517: Which of the following components are considered part of the...; Question 518: Which of the following is a class C fire?...; Question 519: Which of the following is TRUE about link encryption?...; Question 520: What is the BEST answer pertaining to the difference between...; Question 521: Which of the following should be performed by an operator?...; Question 522: Which of the following is BEST practice to employ in order t...; Question 523: The Internet Architecture Board (IAB) characterizes which of...; Question 524: Which of the following is NOT a technical control?...; Question 525: What is NOT true with pre shared key authentication within I...; Question 526: Which of the following classes is defined in the TCSEC (Oran...; Question 527: Ensuring least privilege does NOT require:...; Question 528: Which of the following methods of providing telecommunicatio...; Question 529: Under what conditions would the use of a "Class C" hand-held...; Question 530: Which of the following statements pertaining to biometrics i...; Question 531: What is the MOST important step in business continuity plann...; Question 532: Knowledge-based Intrusion Detection Systems (IDS) are more c...; Question 533: Which of the following BEST defines add-on security?...; Question 534: Which of the following protocols that provide integrity and ...; Question 535: You are a criminal hacker and have infiltrated a corporate n...; Question 536: Which of the following statements pertaining to VPN protocol...; Question 537: To be admissible in court, computer evidence must be which o...; Question 538: A business continuity plan is an example of which of the fol...; Question 539: Why is infrared generally considered to be more secure to ea...; Question 540: Which RAID level concept is considered more expensive and is...; Question 541: How can an individual/person BEST be identified or authentic...; Question 542: Which of the following questions is less likely to help in a...; Question 543: Which of the following protocols would BEST mitigate threats...; Question 544: Which of the following would be LESS likely to prevent an em...; Question 545: A potential problem related to the physical installation of ...; Question 546: Which of the following backup sites is the most effective fo...; Question 547: Like the Kerberos protocol, SESAME is also subject to which ...; Question 548: Which of the following BEST explains why computerized inform...; Question 549: Why do buffer overflows happen? What is the main cause?...; Question 550: Which of the following is TRUE about digital certificate?...; Question 551: Which of the following statements pertaining to using Kerber...; Question 552: In Operations Security trusted paths provide:...; Question 553: Which of the following reviews system and event logs to dete...; Question 554: Which service usually runs on port 25?...; Question 555: During the salvage of the Local Area Network and Servers, wh...; Question 556: With regard to databases, which of the following has charact...; Question 557: Which of the following translates source code one command at...; Question 558: What is called an attack in which an attacker floods a syste...; Question 559: In biometric identification systems, at the beginning, it wa...; Question 560: In what way could Java applets pose a security threat?...; Question 561: Which access control model is also called Non-Discretionary ...; Question 562: Which of the following is responsible for MOST of the securi...; Question 563: Which of the following is the most costly countermeasure to ...; Question 564: Address Resolution Protocol (ARP) interrogates the network b...; Question 565: Which of the following monitors network traffic in real time...; Question 566: What is the MOST critical characteristic of a biometric iden...; Question 567: Which BEST describes a tool (i.e. keyfob, calculator, memory...; Question 568: Which of the following would best describe the difference be...; Question 569: Operations Security seeks to PRIMARILY protect against which...; Question 570: Which of the following is the MOST secure form of triple-DES...; Question 571: Kerberos depends upon what encryption method?...; Question 572: Which of the following describes the major disadvantage of m...; Question 573: Why would a memory dump be admissible as evidence in court?...; Question 574: Which of the following was developed as a simple mechanism f...; Question 575: Which of the following cloud deployment model operates solel...; Question 576: Which of the following is an advantage in using a bottom-up ...; Question 577: Which of the following can be defined as a unique identifier...; Question 578: What level of assurance for a digital certificate verifies a...; Question 579: Which of the following is often implemented by a one-for-one...; Question 580: Which of the following is the preferred way to suppress an e...; Question 581: Covert Channel Analysis is FIRST introduced at what level of...; Question 582: Which of the following is most relevant to determining the m...; Question 583: The Orange Book requires auditing mechanisms for any systems...; Question 584: Which of the following cloud computing service model provide...; Question 585: Which of the following would BEST describe a Concealment cip...; Question 586: Which of the following is a method of multiplexing data wher...; Question 587: Which of the following is true of biometrics?...; Question 588: In a hierarchical PKI the highest CA is regularly called Roo...; Question 589: Which of the following cloud deployment model can be shared ...; Question 590: Of the following, which is a specific loss criteria that sho...; Question 591: Which of the following is TRUE about Kerberos?...; Question 592: In the statement below, fill in the blank: Law enforcement a...; Question 593: Which of the following is the most critical item from a disa...; Question 594: Which of the following recovery plan test results would be m...; Question 595: Which model, based on the premise that the quality of a soft...; Question 596: Which of the following can be defined as THE unique attribut...; Question 597: Which of the following statements pertaining to fire suppres...; Question 598: Authentication Headers (AH) and Encapsulating Security Paylo...; Question 599: The exact requirements for the admissibility of evidence var...; Question 600: The Computer Security Policy Model the Orange Book is based ...; Question 601: Which of the following is the SIMPLEST type of firewall?...; Question 602: Which of the following would describe a type of biometric er...; Question 603: Which of the following protects Kerberos against replay atta...; Question 604: The object-relational and object-oriented models are better ...; Question 605: Making sure that the data has not been changed unintentional...; Question 606: Which of the following is needed for System Accountability?...; Question 607: Which of the following category of UTP cables is specified t...; Question 608: Which of the following is NOT a responsibility of an informa...; Question 609: What attack involves the perpetrator sending spoofed packet(...; Question 610: According to private sector data classification levels, how ...; Question 611: Which of the following statements pertaining to firewalls NO...; Question 612: Which of the following provides coordinated procedures for m...; Question 613: Communications devices must operate:...; Question 614: Which of the following is not a DES mode of operation?...; Question 615: Which of the following is used to create and modify the stru...; Question 616: In which of the following models are Subjects and Objects id...; Question 617: For maximum security design, what type of fence is most effe...; Question 618: Which of the following is NOT a way to secure a wireless net...; Question 619: Which of the following Orange Book ratings represents the hi...; Question 620: What is the most effective means of determining that control...; Question 621: How often should tests and disaster recovery drills be perfo...; Question 622: You wish to make use of "port knocking" technologies. How ca...; Question 623: Risk mitigation and risk reduction controls for providing in...; Question 624: Which of the following is immune to the effects of electroma...; Question 625: Which of the following would BEST be defined as an absence o...; Question 626: In order to enable users to perform tasks and duties without...; Question 627: When first analyzing an intrusion that has just been detecte...; Question 628: Which of the following technologies is a target of XSS or CS...; Question 629: Who should measure the effectiveness of Information System s...; Question 630: Which of the following devices enables more than one signal ...; Question 631: The ideal operating humidity range is defined as 40 percent ...; Question 632: 2 Regarding codes of ethics covered within the ISC CBK, with...; Question 633: What physical characteristic does a retinal scan biometric d...; Question 634: Which of the following steps is NOT one of the eight detaile...; Question 635: What is the Maximum Tolerable Downtime (MTD)?...; Question 636: What Orange Book security rating is reserved for systems tha...; Question 637: Which of the following statements pertaining to block cipher...; Question 638: Which of the following answers is directly related to provid...; Question 639: Data which is properly secured and can be described with ter...; Question 640: Which of the following refers to the data left on the media ...; Question 641: Crime Prevention Through Environmental Design (CPTED) is a d...; Question 642: What does "residual risk" mean?...; Question 643: What is the name for a substitution cipher that shifts the a...; Question 644: How is Annualized Loss Expectancy (ALE) derived from a threa...; Question 645: Which of the following virus types changes some of its chara...; Question 646: Which of the following is NOT a specific loss criteria that ...; Question 647: During which phase of an IT system life cycle are security r...; Question 648: What is defined as inference of information from other, inte...; Question 649: What is the main concern with single sign-on?...; Question 650: As per the Orange Book, what are two types of system assuran...; Question 651: You are an information systems security officer at a mid-siz...; Question 652: PGP uses which of the following to encrypt data?...; Question 653: All hosts on an IP network have a logical ID called a(n):...; Question 654: What can best be defined as high-level statements, beliefs, ...; Question 655: Cryptography does NOT concern itself with which of the follo...; Question 656: When a station communicates on the network for the first tim...; Question 657: Regarding risk reduction, which of the following answers is ...; Question 658: What is called an event or activity that has the potential t...; Question 659: Which of the following are placeholders for literal values i...; Question 660: Who should direct short-term recovery actions immediately fo...; Question 661: What would you call the process that takes advantages of the...; Question 662: Which of the following is NOT an example of a detective cont...; Question 663: Electrical systems are the lifeblood of computer operations....; Question 664: Which of the following fire extinguishing systems incorporat...; Question 665: Which of the following tools is less likely to be used by a ...; Question 666: Which of the following access control models requires defini...; Question 667: Tim is a network administrator of Acme Inc. He is responsibl...; Question 668: In terms or Risk Analysis and dealing with risk, which of th...; Question 669: Which type of attack involves hijacking a session between a ...; Question 670: Of the seven types of Access Control Categories, which is de...; Question 671: Computer security should be first and foremost which of the ...; Question 672: During an IS audit, auditor has observed that authentication...; Question 673: A copy of evidence or oral description of its contents; whic...; Question 674: In a known plaintext attack, the cryptanalyst has knowledge ...; Question 675: Which of the following defines when RAID separates the data ...; Question 676: Fault tolerance countermeasures are designed to combat threa...; Question 677: This OSI layer has a service that negotiates transfer syntax...; Question 678: Sam is the security Manager of a financial institute. Senior...; Question 679: Which of the following answers is the BEST example of Risk T...; Question 680: Which of the following is NOT a known type of Message Authen...; Question 681: A prolonged high voltage is a:; Question 682: Which of the following exemplifies proper separation of duti...; Question 683: A public key algorithm that does both encryption and digital...; Question 684: Which of the following statements relating to the Bell-LaPad...; Question 685: In regards to the query function of relational database oper...; Question 686: Which RAID implementation is commonly called mirroring?...; Question 687: Which of the following IEEE standards defines the token ring...; Question 688: Which of the following steps should be one of the FIRST step...; Question 689: Which of the following is a fraud detection method whereby e...; Question 690: Within the context of the CBK, which of the following provid...; Question 691: Which of the following would best describe certificate path ...; Question 692: What allows a relation to contain multiple rows with a same ...; Question 693: The Orange Book is founded upon which security policy model?...; Question 694: Which of the following attack includes social engineering, l...; Question 695: Which of the following is BEST provided by symmetric cryptog...; Question 696: Related to information security, the guarantee that the mess...; Question 697: Which of the following is defined as an Internet, IPsec, key...; Question 698: To be in compliance with the Montreal Protocol, which of the...; Question 699: Which of the following is a true statement pertaining to mem...; Question 700: Which of the following can be used as a covert channel?...; Question 701: Which of the following RAID levels is not used in practice a...; Question 702: In the Bell-LaPadula model, the *-property (Star-property) i...; Question 703: Critical areas should be lighted:...; Question 704: The IP header contains a protocol field. If this field conta...; Question 705: Which of the following is best defined as an administrative ...; Question 706: A persistent collection of interrelated data items can be de...; Question 707: At which OSI layer does SSL reside in?...; Question 708: When attempting to establish liability, which of the followi...; Question 709: Which layer of the TCP/IP protocol stack corresponds to the ...; Question 710: When we encrypt or decrypt data there is a basic operation i...; Question 711: Which of the following is defined as a key establishment pro...; Question 712: What is the percentage of invalid subjects that are falsely ...; Question 713: Which of the following is a reasonable response from the Int...; Question 714: A weakness or lack of a safeguard, which may be exploited by...; Question 715: Which of the following is a problem regarding computer inves...; Question 716: The MAIN issue with Level 1 of RAID is which of the followin...; Question 717: Which of the following would constitute the BEST example of ...; Question 718: At which of the basic phases of the System Development Life ...; Question 719: Which of the following protocols offers native encryption?...; Question 720: Memory management in TCSEC levels B3 and A1 operating system...; Question 721: What does it mean to say that sensitivity labels are "incomp...; Question 722: Which of the following is NOT a characteristic of a host-bas...; Question 723: Which of the following can be defined as the set of allowabl...; Question 724: Which one of the following is usually not a benefit resultin...; Question 725: Which of the following is electromagnetic interference (EMI)...; Question 726: Which of the following rules pertaining to a Business Contin...; Question 727: What uses a key of the same length as the message where each...; Question 728: Which of the following is NOT a valid reason to use external...; Question 729: The standard server port number for HTTP is which of the fol...; Question 730: Which type of attack involves the altering of a systems Addr...; Question 731: Which of the following embodies all the detailed actions tha...; Question 732: What setup should an administrator use for regularly testing...; Question 733: Which division of the Orange Book deals with discretionary p...; Question 734: What can be BEST defined as the examination of threat source...; Question 735: What is a limitation of TCP Wrappers?...; Question 736: The Reference Validation Mechanism that ensures the authoriz...; Question 737: Application Layer Firewalls operate at the:...; Question 738: Which of the following statements pertaining to PPTP (Point-...; Question 739: Which property ensures that only the intended recipient can ...; Question 740: Which of the following is more suitable for a hardware imple...; Question 741: Which of the following represents the best programming?...; Question 742: One drawback of Application Level Firewall is that it reduce...; Question 743: Which of the following controls related to physical security...; Question 744: A group of independent servers, which are managed as a singl...; Question 745: Secure Sockets Layer (SSL) is very heavily used for protecti...; Question 746: The basic language of modems and dial-up remote access syste...; Question 747: With SQL Relational databases where is the actual data store...; Question 748: Which security model introduces access to objects only throu...; Question 749: Which of the following protocols does not operate at the dat...; Question 750: Which of the following is NOT a property of a one-way hash f...; Question 751: Which of the following is NOT a security characteristic we n...; Question 752: Which of the following is an IP address that is private (i.e...; Question 753: Within the realm of IT security, which of the following comb...; Question 754: Which disaster recovery plan test involves functional repres...; Question 755: Which of the following is NOT a common weakness of packet fi...; Question 756: Pin, Password, Passphrases, Tokens, smart cards, and biometr...; Question 757: In which mode of DES, will a block of plaintext and a key al...; Question 758: An electrical device (AC or DC) which can generate coercive ...; Question 759: What is the effective key size of DES?...; Question 760: Which of the following can be best defined as computing tech...; Question 761: Layer 2 of the OSI model has two sublayers. What are those s...; Question 762: Which of the following backup methods makes a complete backu...; Question 763: Which of the following is TRUE related to network sniffing?...; Question 764: Which of the following categories of hackers poses the great...; Question 765: Which of the following backup methods is primarily run when ...; Question 766: Which of the following biometrics methods provides the HIGHE...; Question 767: Which of the following attack is also known as Time of Check...; Question 768: The DES algorithm is an example of what type of cryptography...; Question 769: Several analysis methods can be employed by an IDS, each wit...; Question 770: Looking at the choices below, which ones would be the most s...; Question 771: What is used to protect programs from all unauthorized modif...; Question 772: Which of the following was the FIRST mathematical model of a...; Question 773: Suppose you are a domain administrator and are choosing an e...; Question 774: Business Continuity Planning (BCP) is not defined as a prepa...; Question 775: What can be defined as secret communications where the very ...; Question 776: Which of the following is the act of performing tests and ev...; Question 777: Which of the following statements pertaining to RAID technol...; Question 778: Controls provide accountability for individuals who are acce...; Question 779: In access control terms, the word "dominate" refers to which...; Question 780: What is the main purpose of Corporate Security Policy?...; Question 781: RAID levels 3 and 5 run:; Question 782: Which of the following are additional access control objecti...; Question 783: According to Requirement 3 of the Payment Card Industry's Da...; Question 784: Phreakers are hackers who specialize in telephone fraud. Wha...; Question 785: In which of the following cloud computing service model are ...; Question 786: What is the appropriate role of the security analyst in the ...; Question 787: Which RAID implementation stripes data and parity at block l...; Question 788: Which of the following addresses a portion of the primary me...; Question 789: Which of the following is a CHARACTERISTIC of a decision sup...; Question 790: Which of the following was developed in order to protect aga...; Question 791: The type of discretionary access control (DAC) that is based...; Question 792: What is the Biba security model concerned with?...; Question 793: An employee ensures all cables are shielded, builds concrete...; Question 794: The computations involved in selecting keys and in encipheri...; Question 795: Where in a PKI infrastructure is a list of revoked certifica...; Question 796: Which access control model achieves data integrity through w...; Question 797: Which of the following statements pertaining to IPSec NOT tr...; Question 798: What is a security policy?; Question 799: How many bits is the address space reserved for the source I...; Question 800: Which access control model enables the OWNER of the resource...; Question 801: Risk analysis is MOST useful when applied during which phase...; Question 802: In what way can violation of clipping levels assist in viola...; Question 803: Which of the following Common Data Network Services is used ...; Question 804: Which of the following Confidentiality, Integrity, Availabil...; Question 805: Which of the following statements pertaining to disaster rec...; Question 806: Ensuring that printed reports reach proper users and that re...; Question 807: Which of the following is BEST defined as a physical control...; Question 808: Which of the following division is defined in the TCSEC (Ora...; Question 809: Why does fiber optic communication technology have significa...; Question 810: Which of the following are the steps usually followed in the...; Question 811: The number of violations that will be accepted or forgiven b...; Question 812: Which of the following BEST ensures accountability of users ...; Question 813: An incremental backup process; Question 814: You have been approached by one of your clients. They are in...; Question 815: Which common backup method is the fastest on a daily basis?...; Question 816: Researchers have recently developed a tool that imitates a 1...; Question 817: In the context of Biometric authentication, there is a quick...; Question 818: Which of the following is not a physical control for physica...; Question 819: In which LAN transmission method is a source packet copied a...; Question 820: An area of the Telecommunications and Network Security domai...; Question 821: Access control is the collection of mechanisms that permits ...; Question 822: Which of the following is a set of data processing elements ...; Question 823: What are cognitive passwords?; Question 824: What is used to hide data from unauthorized users by allowin...; Question 825: Which type of password token involves time synchronization?...; Question 826: When you update records in multiple locations or you make a ...; Question 827: Which answer BEST describes information access permissions w...; Question 828: What is the minimum static charge able to cause disk drive d...; Question 829: The primary purpose for using one-way hashing of user passwo...; Question 830: What would you call a network security control deployed in l...; Question 831: Which of the following statements regarding trade secrets is...; Question 832: A deviation from an organization-wide security policy requir...; Question 833: In the CIA triad, what does the letter A stand for?...; Question 834: The Physical Security domain focuses on three areas that are...; Question 835: Which of the following is best defined as a circumstance in ...; Question 836: Which of the following statements pertaining to the trusted ...; Question 837: Which of the following is NOT a preventive login control?...; Question 838: Attributable data should be:; Question 839: In which layer of the OSI Model are connection-oriented prot...; Question 840: What size is an MD5 message digest (hash)?...; Question 841: Which of the following offers advantages such as the ability...; Question 842: In non-discretionary access control using Role Based Access ...; Question 843: Pervasive Computing and Mobile Computing Devices have to sac...; Question 844: During the initial stage of configuration of your firewall, ...; Question 845: Which of the following plan provides procedures for sustaini...; Question 846: Which of the following algorithms does NOT provide hashing?...; Question 847: Access Control techniques do NOT include which of the follow...; Question 848: What ensures that the control mechanisms correctly implement...; Question 849: In the course of responding to and handling an incident, you...; Question 850: What kind of certificate is used to validate a user identity...; Question 851: Which conceptual approach to intrusion detection system is t...; Question 852: Which of the following terms can be described as the process...; Question 853: Which of the following statements pertaining to message dige...; Question 854: Which of the following access control models is based on sen...; Question 855: John is the product manager for an information system. His p...; Question 856: Which one of these statements about the key elements of a go...; Question 857: Which of the following is NOT true about IPSec Tunnel mode?...; Question 858: What does the simple security (ss) property mean in the Bell...; Question 859: Which of the following is NOT an example of a block cipher?...; Question 860: The control of communications test equipment should be clear...; Question 861: A Business Continuity Plan should be tested:...; Question 862: What is the name of a one way transformation of a string of ...; Question 863: The controls that usually require a human to evaluate the in...; Question 864: One of the following assertions is NOT a characteristic of I...; Question 865: Which of the following is a proximity identification device ...; Question 866: Which of the following is the correct set of assurance requi...; Question 867: MOST access violations are:; Question 868: The US-EU Safe Harbor process has been created to address wh...; Question 869: What is the length of an MD5 message digest?...; Question 870: In the days before CIDR (Classless Internet Domain Routing),...; Question 871: The control measures that are intended to reveal the violati...; Question 872: A site that is owned by the company and mirrors the original...; Question 873: Which of the following method is recommended by security pro...; Question 874: A DMZ is located:; Question 875: What can be defined as: It confirms that users' needs have b...; Question 876: Rule-Based Access Control (RuBAC) access is determined by ru...; Question 877: At which layer of ISO/OSI does the fiber optics work?...; Question 878: Which of the following statements pertaining to quantitative...; Question 879: Which security model uses an access control triple and also ...; Question 880: Out of the steps listed below, which one is not one of the s...; Question 881: Which of the following activities would not be included in t...; Question 882: Which of the following is the lowest TCSEC class wherein the...; Question 883: Which of the following pairings uses technology to enforce a...; Question 884: Which of the following services relies on UDP?...; Question 885: What is called an exception to the search warrant requiremen...; Question 886: What is the purpose of Trusted Distribution?...; Question 887: Which of the following is NOT an encryption algorithm?...; Question 888: Which backup type run at regular intervals would take the le...; Question 889: Which of the following questions is LEAST likely to help in ...; Question 890: What would you call a microchip installed on the motherboard...; Question 891: Which of the following media is MOST resistant to tapping?...; Question 892: Which of the following access control models introduces user...; Question 893: Which of the following would BEST classify as a management c...; Question 894: Which of the following is the primary security feature of a ...; Question 895: Which of the following is MOST appropriate to notify an inte...; Question 896: Who is ultimately responsible for the security of computer b...; Question 897: A momentary high voltage is a:; Question 898: Which one of the following represents an ALE calculation?...; Question 899: In biometrics, "one-to-many" search against database of stor...; Question 900: SQL commands do not include which of the following?...; Question 901: Which of the following is a symmetric encryption algorithm?...; Question 902: What can be defined as a list of subjects along with their a...; Question 903: Which of the following attack could be avoided by creating m...; Question 904: Which layer deals with Media Access Control (MAC) addresses?...; Question 905: What would you call an attack where an attacker can influenc...; Question 906: Which of the following is an example of an active attack?...; Question 907: Why are coaxial cables called "coaxial"?...; Question 908: Which of the following testing method examines the functiona...; Question 909: Which of the following statements pertaining to a security p...; Question 910: Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) ...; Question 911: Which of the following proves or disproves a specific act th...; Question 912: The absence of a safeguard, or a weakness in a system that m...; Question 913: There are parallels between the trust models in Kerberos and...; Question 914: Which of the following remote access authentication systems ...; Question 915: Which of the following best allows risk management results t...; Question 916: FIPS-140 is a standard for the security of which of the foll...; Question 917: What is the MAIN objective of proper separation of duties?...; Question 918: The IP header contains a protocol field. If this field conta...; Question 919: Complete the following sentence. A digital signature is a:...; Question 920: Which of the following is NOT a common backup method?...; Question 921: Which of the following questions is less likely to help in a...; Question 922: Which of the following is TRUE regarding Transmission Contro...; Question 923: Which of the following is the most reliable authentication m...; Question 924: Matches between which of the following are important because...; Question 925: This type of supporting evidence is used to help prove an id...; Question 926: The International Organization for Standardization / Open Sy...; Question 927: Which OSI/ISO layer defines how to address the physical devi...; Question 928: Which of the following is a LAN transmission method?...; Question 929: In a Public Key Infrastructure, how are public keys publishe...; Question 930: Which of the following statements pertaining to Kerberos is ...; Question 931: Which of the following choices describe a condition when RAM...; Question 932: Which of the following NAT firewall translation modes allows...; Question 933: What is called the number of columns in a table?...; Question 934: Which of the following is the BEST way to detect software li...; Question 935: A business impact assessment is one element in business cont...; Question 936: You have been tasked to develop an effective information cla...; Question 937: Which element must computer evidence have to be admissible i...; Question 938: What attribute is included in a X.509-certificate?...; Question 939: Who can best decide what are the adequate technical security...; Question 940: Which of the following is NOT a proper component of Media Vi...; Question 941: Which of the following technologies has been developed to su...; Question 942: Which of the following is required in order to provide accou...; Question 943: Which of the following is an IP address that is private (i.e...; Question 944: To mitigate the risk of fire in your new data center, you pl...; Question 945: Which of the following statements pertaining to link encrypt...; Question 946: In a SSL session between a client and a server, who is respo...; Question 947: The preliminary steps to security planning include all of th...; Question 948: Which of the following security control is intended to avoid...; Question 949: Which of the following is NOT a security goal for remote acc...; Question 950: Business Continuity Planning (BCP) is defined as a preparati...; Question 951: Which of the following standards concerns digital certificat...; Question 952: Which access control model is BEST suited in an environment ...; Question 953: Logical or technical controls involve the restriction of acc...; Question 954: Which of the following is not one of the three goals of Inte...; Question 955: What can be defined as a digital certificate that binds a se...; Question 956: When backing up an applications system's data, which of the ...; Question 957: Which of the following are the three classifications of RAID...; Question 958: Which of the following security models does NOT concern itse...; Question 959: Which of the following would be MOST important to guarantee ...; Question 960: Which of the following statements is NOT true of IPSec Trans...; Question 961: Which of the following is not classified as "Security and Au...; Question 962: The Clipper Chip utilizes which concept in public key crypto...; Question 963: Which of the following is NOT a basic component of security ...; Question 964: Which of the following is an unintended communication path t...; Question 965: A demilitarized zone is:; Question 966: An effective information security policy should NOT have whi...; Question 967: Which of the following is NOT part of the Kerberos authentic...; Question 968: Business Continuity and Disaster Recovery Planning (Primaril...; Question 969: What is the primary role of smartcards in a PKI?...; Question 970: Which backup method only copies files that have been recentl...; Question 971: Which of the following determines that the product developed...; Question 972: What are the three MOST important functions that Digital Sig...; Question 973: Step-by-step instructions used to satisfy control requiremen...; Question 974: Which of the following would be best suited to oversee the d...; Question 975: Which of the following is the BIGGEST concern with firewall ...; Question 976: The property of a system or a system resource being accessib...; Question 977: Which of the following attack is MOSTLY performed by an atta...; Question 978: Controls such as job rotation, the sharing of responsibiliti...; Question 979: When companies come together to work in an integrated manner...; Question 980: The authenticator within Kerberos provides a requested servi...; Question 981: A code, as is pertains to cryptography:...; Question 982: What can be defined as a table of subjects and objects indic...; Question 983: Which of the following items is NOT a benefit of cold sites?...; Question 984: What is called an attack where the attacker spoofs the sourc...; Question 985: Which Security and Audit Framework has been adopted by some ...; Question 986: Which of the following cryptographic attacks describes when ...; Question 987: Which type of security control is also known as "Logical" co...; Question 988: What is surreptitious transfer of information from a higher ...; Question 989: When considering all the reasons that buffer overflow vulner...; Question 990: Which of the following LAN devices only operates at the phys...; Question 991: Which of the following access control models requires securi...; Question 992: Secure Sockets Layer (SSL) uses a Message Authentication Cod...; Question 993: Which of the following issues is not addressed by digital si...; Question 994: Which of the following is NOT a technique used to perform a ...; Question 995: What is the name of the FIRST mathematical model of a multi-...; Question 996: What can be defined as a data structure that enumerates digi...; Question 997: What is defined as the rules for communicating between compu...; Question 998: Who first described the DoD multilevel military security pol...; Question 999: Which of the following is best defined as a mode of system t...; Question 1000: What can be defined as the maximum acceptable length of time...; Question 1001: What is the maximum number of different keys that can be use...; Question 1002: Which layer of the TCP/IP protocol model would BEST correspo...; Question 1003: How many layers are defined within the US Department of Defe...; Question 1004: What is a common problem when using vibration detection devi...; Question 1005: Which of the following is NOT a symmetric key algorithm?...; Question 1006: Which of the following is biggest factor that makes Computer...; Question 1007: Of the three types of alternate sites: hot, warm or cold, wh...; Question 1008: Password management falls into which control category?...; Question 1009: According to the Orange Book, which security level is the fi...; Question 1010: Which of the following is used to monitor network traffic or...; Question 1011: What does the * (star) property mean in the Bell-LaPadula mo...; Question 1012: Individual accountability does not include which of the foll...; Question 1013: What would BEST define a covert channel?...; Question 1014: What is the primary goal of setting up a honey pot?...; Question 1015: In what type of attack does an attacker try, from several en...; Question 1016: Another example of Computer Incident Response Team (CIRT) ac...; Question 1017: Which of the following transmission media would NOT be affec...; Question 1018: Behavioral-based systems are also known as?...; Question 1019: Attributes that characterize an attack are stored for refere...; Question 1020: Hierarchical Storage Management (HSM) is commonly employed i...; Question 1021: Which of the following cable types is limited in length to 1...; Question 1022: Smart cards are an example of which type of control?...; Question 1023: The Open Web Application Security Project (OWASP) Top Ten li...; Question 1024: Which of the following does NOT apply to system-generated pa...; Question 1025: The Information Technology Security Evaluation Criteria (ITS...; Question 1026: Which of the following statements pertaining to ethical hack...; Question 1027: Who is responsible for providing reports to the senior manag...; Question 1028: Which access control method allows the data owner (the perso...; Question 1029: What is the most secure way to dispose of information on a C...; Question 1030: The act of requiring two of the three factors to be used in ...; Question 1031: The International Standards Organization / Open Systems Inte...; Question 1032: What is the access protection system that limits connections...; Question 1033: An attack initiated by an entity that is authorized to acces...; Question 1034: Compared to RSA, which of the following is true of Elliptic ...; Question 1035: What does the directive of the European Union on Electronic ...; Question 1036: In order to ensure the privacy and integrity of the data, co...; Question 1037: What algorithm has been selected as the AES algorithm, repla...; Question 1038: An X.509 public key certificate with the key usage attribute...; Question 1039: Public key infrastructure (PKI) consists of programs, data f...; Question 1040: What works as an E-mail message transfer agent?...; Question 1041: Virus scanning and content inspection of S/MIME encrypted e-...; Question 1042: In the process of gathering evidence from a computer attack,...; Question 1043: Which of the following statements pertaining to IPSec is NOT...; Question 1044: Which of the following offers confidentiality to an e-mail m...; Question 1045: The Data Encryption Standard (DES) encryption algorithm has ...; Question 1046: Qualitative loss resulting from the business interruption do...; Question 1047: Which of the following is a cryptographic protocol and infra...; Question 1048: In Mandatory Access Control, sensitivity labels attached to ...; Question 1049: In which of the following phases of system development life ...; Question 1050: In order to be able to successfully prosecute an intruder:...; Question 1051: Which backup method does not reset the archive bit on files ...; Question 1052: Domain Name Service is a distributed database system that is...; Question 1053: What are the four basic elements of Fire?...; Question 1054: Which of the following are suitable protocols for securing V...; Question 1055: Which is NOT a suitable method for distributing certificate ...; Question 1056: Which of the following is NOT a common category/classificati...; Question 1057: Which access control type has a central authority that deter...; Question 1058: Which of the following is the best reason for the use of an ...; Question 1059: Normalizing data within a database could include all or some...; Question 1060: Which backup method is used if backup time is critical and t...; Question 1061: What is a decrease in amplitude as a signal propagates along...; Question 1062: Which protocol is used to send email?...; Question 1063: Which of the following can be defined as an attribute in one...; Question 1064: Which of the following BEST describes Configuration Manageme...; Question 1065: Which of the following choices is a valid Public Key Cryptog...; Question 1066: The spare drives that replace the failed drives are usually ...; Question 1067: Which of the following is NOT a transaction redundancy imple...; Question 1068: Which of the following is a Wide Area Network that was origi...; Question 1069: Which of the following statements is MOST accurate regarding...; Question 1070: Which of the following teams should NOT be included in an or...; Question 1071: Which of the following encryption algorithms does NOT deal w...; Question 1072: What is the PRIMARY purpose of using redundant array of inex...; Question 1073: Which of the following would be the best reason for separati...; Question 1074: Which of the following statements pertaining to the Bell-LaP...; Question 1075: IT security measures should:; Question 1076: Which of the following cloud deployment model is provisioned...; Question 1077: Considerations of privacy, invasiveness, and psychological a...; Question 1078: Which of the following teams should be included in an organi...; Question 1079: What is a hot-site facility?; Question 1080: Which of the following stripes the data and the parity infor...; Question 1081: Which of the following suppresses combustion by disrupting a...; Question 1082: When preparing a business continuity plan, who of the follow...; Question 1083: Of the reasons why a Disaster Recovery plan gets outdated, w...; Question 1084: Which security model ensures that actions that take place at...; Question 1085: Which of the following is the MOST secure firewall implement...; Question 1086: Which of the following statements pertaining to the maintena...; Question 1087: What is called the probability that a threat to an informati...; Question 1088: In computing what is the name of a non-self-replicating type...; Question 1089: Which of the following is the most reliable, secure means of...; Question 1090: Which of the following statements pertaining to stream ciphe...; Question 1091: The communications products and services, which ensure that ...; Question 1092: Which of the following is NOT a countermeasure to traffic an...; Question 1093: Preservation of confidentiality within information systems r...; Question 1094: What is the goal of the Maintenance phase in a common develo...; Question 1095: Which of the following test makes sure the modified or new s...; Question 1096: Contracts and agreements are often times unenforceable or ha...; Question 1097: An attack that involves a fraudster tricking a user into mak...; Question 1098: A circuit level proxy is ____________ when compared to an ap...; Question 1099: Which TCSEC (Orange Book) rating or level requires the syste...; Question 1100: The International Standards Organization / Open Systems Inte...; Question 1101: Which of the following is TRUE of network security?...; Question 1102: Public Key Infrastructure (PKI) uses asymmetric key encrypti...; Question 1103: To understand the 'whys' in crime, many times it is necessar...; Question 1104: RAID level 10 is created by combining which of the following...; Question 1105: What layer of the OSI/ISO model does Point-to-point tunnelin...; Question 1106: Buffer overflow and boundary condition errors are subsets of...; Question 1107: What can be defined as an event that could cause harm to the...; Question 1108: Which of the following Common Data Network Services allocate...; Question 1109: Which of the following statements is TRUE about data encrypt...; Question 1110: Physically securing backup tapes from unauthorized access is...; Question 1111: Within the legal domain what rule is concerned with the lega...; Question 1112: Which of the following describes the sequence of steps requi...; Question 1113: During the testing of the business continuity plan (BCP), wh...; Question 1114: Which layer defines how packets are routed between end syste...; Question 1115: Which of the following defines the software that maintains a...; Question 1116: Which of the following is NOT a disadvantage of symmetric cr...; Question 1117: Which access model is most appropriate for companies with a ...; Question 1118: What is called the use of technologies such as fingerprint, ...; Question 1119: Brute force attacks against encryption keys have increased i...; Question 1120: Which of the following best describes remote journaling?...; Question 1121: What is called the type of access control where there are pa...; Question 1122: A security analyst asks you to look at the traffic he has ga...; Question 1123: Which access control model provides upper and lower bounds o...; Question 1124: Which of the following is less likely to be included in the ...; Question 1125: Which of the following would NOT violate the Due Diligence c...; Question 1126: An intranet is an Internet-like logical network that uses:...; Question 1127: Which of the following is NOT a VPN communications protocol ...; Question 1128: Recovery Site Strategies for the technology environment depe...; Question 1129: Tim's day to day responsibilities include monitoring health ...; Question 1130: Which of the following keys has the SHORTEST lifespan?...; Question 1131: What is the greatest danger from DHCP?...; Question 1132: Which of the following binds a subject name to a public key ...; Question 1133: Which Orange Book evaluation level is described as "Verified...; Question 1134: Which of the following answer specifies the correct sequence...; Question 1135: A security evaluation report and an accreditation statement ...; Question 1136: While referring to physical security, what does positive pre...; Question 1137: Which of the following are well known ports assigned by the ...; Question 1138: Which of the following cannot be undertaken in conjunction o...; Question 1139: What is the maximum allowable key size of the Rijndael encry...; Question 1140: Which of the following service is not provided by a public k...; Question 1141: What is a characteristic of using the Electronic Code Book m...; Question 1142: The three classic ways of authenticating yourself to the com...; Question 1143: Which of the following is NOT a component of an Operations S...; Question 1144: Cryptography does NOT help in:; Question 1145: Which of the following is most affected by denial-of-service...; Question 1146: What would be considered the biggest drawback of Host-based ...; Question 1147: Which of the following statements pertaining to biometrics i...; Question 1148: At which of the OSI/ISO model layer is IP implemented?...; Question 1149: Good security is built on which of the following concept?...; Question 1150: What can be defined as an instance of two different keys gen...; Question 1151: Which of the following security models introduced the idea o...; Question 1152: Which of the following statements pertaining to access contr...; Question 1153: What is the key size of the International Data Encryption Al...; Question 1154: A shared resource matrix is a technique commonly used to loc...; Question 1155: Which of the following best defines a Computer Security Inci...; Question 1156: Which of the following is NOT true of Secure Sockets Layer (...; Question 1157: A prolonged complete loss of electric power is a:...; Question 1158: This type of control is used to ensure that transactions are...; Question 1159: Which of the following is a Microsoft technology for communi...; Question 1160: In an online transaction processing system (OLTP), which of ...; Question 1161: What sort of attack is described by the following: An attack...; Question 1162: Which of the following is implemented through scripts or sma...; Question 1163: What does the simple integrity axiom mean in the Biba model?...; Question 1164: What can be defined as a value computed with a cryptographic...; Question 1165: The Diffie-Hellman algorithm is primarily used to provide wh...; Question 1166: A smart Card that has two chips with the Capability of utili...; Question 1167: Which of the following is not an element of a relational dat...; Question 1168: A Packet Filtering Firewall system is considered a:...; Question 1169: Where parties do not have a shared secret and large quantiti...; Question 1170: Which of the following describes a computer processing archi...; Question 1171: Which of the following tape formats can be used to backup da...; Question 1172: In the days before CIDR (Classless Internet Domain Routing),...; Question 1173: Proxies work by transferring a copy of each accepted data pa...; Question 1174: How many bits compose an IPv6 address?...; Question 1175: Complete the following sentence. A message can be encrypted,...; Question 1176: When referring to the Cloud Computing Service models. What w...; Question 1177: What is the verification that the user's claimed identity is...; Question 1178: Which encryption algorithm is BEST suited for communication ...; Question 1179: Which answer BEST describes a secure cryptoprocessor that ca...; Question 1180: Which of the following is most appropriate to notify an exte...; Question 1181: In regards to relational database operations using the Struc...; Question 1182: Which is the last line of defense in a physical security sen...; Question 1183: What are the three FUNDAMENTAL principles of security?...; Question 1184: Which of the following is a not a preventative control?...; Question 1185: Which of the following statements regarding an off-site info...; Question 1186: You are a manager for a large international bank and periodi...; Question 1187: Examples of types of physical access controls include all EX...; Question 1188: Which protocol makes USE of an electronic wallet on a custom...; Question 1189: A Differential backup process will:...; Question 1190: This baseline sets certain thresholds for specific errors or...; Question 1191: Who is responsible for implementing user clearances in compu...; Question 1192: Which of the following would best define a digital envelope?...; Question 1193: In Mandatory Access Control, sensitivity labels attached to ...; Question 1194: Which type of attack would a competitive intelligence attack...; Question 1195: Which of the following statements pertaining to packet switc...; Question 1196: The throughput rate is the rate at which individuals, once e...; Question 1197: A periodic review of user account management should NOT dete...; Question 1198: Which key agreement scheme uses implicit signatures?...; Question 1199: 2 Which of the following statements is not listed within the...; Question 1200: Which of the following type of lock uses a numeric keypad or...; Question 1201: If any server in the cluster crashes, processing continues t...; Question 1202: Which of the following is the WEAKEST authentication mechani...; Question 1203: The Telecommunications Security Domain of information securi...; Question 1204: Which of the following answers BEST describes the Bell La-Pa...; Question 1205: Which of the following is true about a "dry pipe" sprinkler ...; Question 1206: Common Criteria 15408 generally outlines assurance and funct...; Question 1207: You've decided to authenticate the source who initiated a pa...; Question 1208: Which of the following phases of a system development life-c...; Question 1209: Which of the following phases of a software development life...; Question 1210: Sensitivity labels are an example of what application contro...; Question 1211: The Orange Book describes four hierarchical levels to catego...; Question 1212: When considering an IT System Development Life-cycle, securi...; Question 1213: What key size is used by the Clipper Chip?...; Question 1214: The information security staff's participation in which of t...; Question 1215: Which of the following effectively doubles the amount of har...; Question 1216: Guards are appropriate whenever the function required by the...; Question 1217: Which of the following would MOST likely ensure that a syste...; Question 1218: Network-based Intrusion Detection systems:...; Question 1219: What is the act of obtaining information of a higher sensiti...; Question 1220: Related to information security, confidentiality is the oppo...; Question 1221: In which phase of the System Development Lifecycle (SDLC) is...; Question 1222: Which of the following issues is NOT addressed by Kerberos?...; Question 1223: Which of the following is not a defined maturity level withi...; Question 1224: The main issue with RAID Level 1 is that the one-for-one rat...; Question 1225: Which of the following testing method examines internal stru...; Question 1226: Which of the following is NOT a property of the Rijndael blo...; Question 1227: Whose role is it to assign classification level to informati...; Question 1228: Which layer of the DoD TCP/IP model controls the communicati...; Question 1229: The primary service provided by Kerberos is which of the fol...; Question 1230: Which protocol's primary function is to facilitate file and ...; Question 1231: Which of the following answer BEST relates to the type of ri...; Question 1232: Which of the following represents a relation, which is the b...; Question 1233: Which of the following service is a distributed database tha...; Question 1234: Which of the following biometric devices offers the LOWEST C...; Question 1235: Which of the following allows two computers to coordinate in...; Question 1236: Which expert system operating mode allows determining if a g...; Question 1237: After a company is out of an emergency state, what should be...; Question 1238: Which of the following is addressed by Kerberos?...; Question 1239: Which of the following is NOT an administrative control?...; Question 1240: In an organization where there are frequent personnel change...; Question 1241: Which of the following protects a password from eavesdropper...; Question 1242: What is electronic vaulting?; Question 1243: Once evidence is seized, a law enforcement officer should em...; Question 1244: Which RAID Level often implements a one-for-one disk to disk...; Question 1245: Which of the following is NOT a media viability control used...; Question 1246: Which of the following answers best describes the type of pe...; Question 1247: A virus is a program that can replicate itself on a system b...; Question 1248: Within Crime prevention through Environmental Design (CPTED)...; Question 1249: RAID Level 1 mirrors the data from one disk or set of disks ...; Question 1250: Who is responsible for initiating corrective measures and ca...; Question 1251: Which of the following best describes what would be expected...; Question 1252: What can be defined as a batch process dumping backup data t...; Question 1253: Under intellectual property law what would you call informat...; Question 1254: The major objective of system configuration management is wh...; Question 1255: Of the multiple methods of handling risks which we must unde...; Question 1256: Who developed one of the first mathematical models of a mult...; Question 1257: Packet Filtering Firewalls can also enable access for:...; Question 1258: Which of the following BEST describes a function relying on ...; Question 1259: When a biometric system is used, which error type deals with...; Question 1260: Which of the following questions is LESS likely to help in a...; Question 1261: Which of the following is a Hashing Algorithm?...; Question 1262: Complete the following sentence. A message can be encrypted,...; Question 1263: Which of the following best describes the purpose of debuggi...; Question 1264: Notifying the appropriate parties to take action in order to...; Question 1265: Which of the following Operation Security controls is intend...; Question 1266: Which of the following is defined as the most recent point i...; Question 1267: Who vouches for the binding between the data items in a digi...; Question 1268: Which of the following are required for Life-Cycle Assurance...; Question 1269: Complex applications involving multimedia, computer aided de...; Question 1270: What is the three-way handshake sequence used to initiate TC...; Question 1271: Which of the following attacks could capture network user pa...; Question 1272: The Widget Company decided to take their company public and ...; Question 1273: Which device acting as a translator is used to connect two n...; Question 1274: Which of the following is NOT a component of IPSec?...; Question 1275: Which of the following is from the Internet Architecture Boa...; Question 1276: Which of the following would be true about Static password t...; Question 1277: What are the components of an object's sensitivity label?...; Question 1278: The main risks that physical security components combat are ...; Question 1279: Which of the following modes of DES is MOST likely used for ...; Question 1280: View the image below and identify the attack (Exhibit)...; Question 1281: During a business impact analysis it is concluded that a sys...; Question 1282: In Synchronous dynamic password tokens:...; Question 1283: Which of the following is covered under Crime Insurance Poli...; Question 1284: Which of the following protocols operates at the session lay...; Question 1285: The BIGGEST difference between System High Security Mode and...; Question 1286: When submitting a passphrase for authentication, the passphr...; Question 1287: Which OSI/ISO layer is the Media Access Control (MAC) sublay...; Question 1288: When it comes to magnetic media sanitization, what differenc...; Question 1289: What is the difference between Access Control Lists (ACLs) a...; Question 1290: You are using an open source packet analyzer called Wireshar...; Question 1291: The end result of implementing the principle of least privil...; Question 1292: A channel within a computer system or network that is design...; Question 1293: Which of the following is NOT a two-factor authentication me...; Question 1294: Which of the following risk handling technique involves the ...; Question 1295: Which of the following is NOT a factor related to Access Con...; Question 1296: Which of the following was designed to support multiple netw...; Question 1297: What IDS approach relies on a database of known attacks?...; Question 1298: The high availability of multiple all-inclusive, easy-to-use...; Question 1299: Why does compiled code pose more of a security risk than int...

Question 985/1299

LEAVE A REPLY

Download PDF File