Question 321
An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred?
A. Denial of Service (DoS) attack
B. Address Resolution Protocol (ARP) spoof
C. Buffer overflow
D. Ping flood attack
Question 322
Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?
A. Addresses and protocols of network-based logs are analyzed.
B. Host-based system logging has files stored in multiple locations.
C. Properly handled network-based logs may be more reliable and valid.
D. Network-based systems cannot capture users logging into the console.
Question 323
Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?
A. Transference
B. Covert channel
C. Bleeding
D. Cross-talk
Question 324
How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?
A. Use an impact-based approach.
B. Use a risk-based approach.
C. Use a criticality-based approach.
D. Use a threat-based approach.
Question 325
Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?
A. Tactical, strategic, and financial
B. Management, operational, and technical
C. Documentation, observation, and manual
D. Standards, policies, and procedures
Question 326
Which of the following restricts the ability of an individual to carry out all the steps of a particular process?
A. Job rotation
B. Separation of duties
C. Least privilege
D. Mandatory vacations
Question 327
Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item?
A. Property book
B. Chain of custody form
C. Search warrant return
D. Evidence tag
Question 328
What does the Maximum Tolerable Downtime (MTD) determine?
A. The estimated period of time a business critical database can remain down before customers are affected.
B. The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning
C. The estimated period of time a business can remain interrupted beyond which it risks never recovering
D. The fixed length of time in a DR process before redundant systems are engaged
Question 329
The PRIMARY purpose of accreditation is to:
A. comply with applicable laws and regulations.
B. allow senior management to make an informed decision regarding whether to accept the risk of operating the system.
C. protect an organization’s sensitive datA.
D. verify that all security controls have been implemented properly and are operating in the correct manner.
Question 330
Which of the following BEST describes a chosen plaintext attack?
A. The cryptanalyst can generate ciphertext from arbitrary text.
B. The cryptanalyst examines the communication being sent back and forth.
C. The cryptanalyst can choose the key and algorithm to mount the attack.
D. The cryptanalyst is presented with the ciphertext from which the original message is determined.
Question 331
What operations role is responsible for protecting the enterprise from corrupt or contaminated media?
A. Information security practitioner
B. Information librarian
C. Computer operator
D. Network administrator
Question 332
Which of the following BEST describes Recovery Time Objective (RTO)?
A. Time of application resumption after disaster
B. Time of application verification after disaster.
C. Time of data validation after disaster.
D. Time of data restoration from backup after disaster.
Question 333
How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?
A. Examines log messages or other indications on the system.
B. Monitors alarms sent to the system administrator
C. Matches traffic patterns to virus signature files
D. Examines the Access Control List (ACL)
Question 334
When writing security assessment procedures, what is the MAIN purpose of the test outputs and reports?
A. To force the software to fail and document the process
B. To find areas of compromise in confidentiality and integrity
C. To allow for objective pass or fail decisions
D. To identify malware or hidden code within the test results
Question 335
An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?
A. Revoke access temporarily.
B. Block user access and delete user account after six months.
C. Block access to the offices immediately.
D. Monitor account usage temporarily.
Question 336
Which of the following is the PRIMARY benefit of a formalized information classification program?
A. It minimized system logging requirements.
B. It supports risk assessment.
C. It reduces asset vulnerabilities.
D. It drives audit processes.
Question 337
Which of the following BEST represents the concept of least privilege?
A. Access to an object is denied unless access is specifically allowed.
B. Access to an object is only available to the owner.
C. Access to an object is allowed unless it is protected by the information security policy.
D. Access to an object is only allowed to authenticated users via an Access Control List (ACL).
Question 338
Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?
A. VPN bandwidth
B. Simultaneous connection to other networks
C. Users with Internet Protocol (IP) addressing conflicts
D. Remote users with administrative rights
Question 339
An organization’s information security strategic plan MUST be reviewed
A. whenever there are significant changes to a major application.
B. quarterly, when the organization’s strategic plan is updated.
C. whenever there are major changes to the business.
D. every three years, when the organization’s strategic plan is updated.
Question 340
Which of the following is a weakness of Wired Equivalent Privacy (WEP)?
A. Length of Initialization Vector (IV)
B. Protection against message replay
C. Detection of message tampering
D. Built-in provision to rotate keys