Deck 3: Certified Information Systems Security Professional

A) One-time authentication
B) Web based access management
C) Cross-certification model
D) Bridge model

A) The process will require too many resources
B) It will be difficult to apply to both hardware and software
C) It will be difficult to assign ownership to the data
D) The process will be perceived as having value

A) Logs may be unavailable when required
B) Timely review of the data is potentially difficult
C) Most systems and applications do not support logging
D) Logs do not provide sufficient details of system and individual activities

A) An internal audit is typically shorter in duration than an external audit.
B) The internal audit schedule is published to the organization well in advance.
C) The internal auditor reports to the Information Technology (IT) department
D) Management is responsible for reading and acting upon the internal audit results

A) To provide centralized administration
B) To reduce the number of changes
C) To reduce errors during upgrades
D) To provide consistency in security controls

A) Server Message Block (SMB)
B) Secure copy
C) Hypertext Transfer Protocol (HTTP)
D) Remote copy

A) Establish Maximum Tolerable Downtime (MTD) Information Systems (IS)
B) Define the variable cost for extended downtime scenarios
C) Identify potential threats to business availability
D) Establish personnel requirements for various downtime scenarios

A) To force the software to fail and document the process
B) To find areas of compromise in confidentiality and integrity
C) To allow for objective pass or fail decisions
D) To identify malware or hidden code within the test results

A) Transport Layer Security (TLS)
B) Secure Sockets Layer (SSL)
C) Pretty Good Privacy (PGP)
D) Secure Shell (SSH)

A) Patches are only available for a specific time
B) Attackers reverse engineer the exploit from the patch
C) Patches may not be compatible with proprietary software
D) Attackers may be conducting network analysis

A) Data leakage
B) Unfiltered channel
C) Data emanation
D) Covert channel

A) Time of application resumption after disaster
B) Time of application verification after disaster.
C) Time of data validation after disaster.
D) Time of data restoration from backup after disaster.

A) By the retention policies of each social media service
B) By the records retention policy of the organization
C) By the Chief Information Officer (CIO)
D) By the amount of available storage space

A) They often use sophisticated method to commit a crime.
B) It is often hard to collect and maintain integrity of digital evidence.
C) The crime is often committed from a different jurisdiction.
D) There is often no physical evidence involved.

A) Data at rest protection
B) Transport Layer Security (TLS)
C) Role Based Access Control (RBAC)
D) One-way encryption

A) Good communication throughout the organization
B) A completed Business Impact Analysis (BIA)
C) Formation of Disaster Recovery (DR) project team
D) Well-documented information asset classification

A) With the federation assurance level
B) Based on defined criteria by the Relying Party (RP)
C) Based on defined criteria by the Identity Provider (IdP)
D) With the identity assurance level

A) annually
B) to correspond with staff promotions
C) to correspond with terminations
D) continually

A) Ensure JavaScript and plugin support is disabled
B) Ensure that certificates are valid and fail closed
C) Ensure that tokens are sufficiently long, complex, and pseudo-random
D) Ensure that all UIWebView calls do not execute without proper input validation

A) Use limitation
B) Openness
C) Purpose specification
D) Individual participation

A) Enterprise asset management framework
B) Asset baseline using commercial off the shelf software
C) Asset ownership database using domain login records
D) A script to report active user logins on assets

A) Evacuating the disaster site
B) Activating the organization's hot site
C) Issuing a formal disaster declaration
D) Assessing the extent of damage following the disaster

A) Management support
B) Consideration of organizational need
C) Technology used for delivery
D) Target audience

A) Encrypt disks on personal laptops
B) Issue cable locks for use on personal laptops
C) Create policies addressing critical information on personal laptops
D) Monitor personal laptops for critical information

A) The signer verifies that the software being loaded is the software originated by the signer
B) The vendor certifies the software being loaded is free of malicious code and that it was originated by the signer
C) The signer verifies that the software being loaded is free of malicious code
D) Both vendor and the signer certify the software being loaded is free of malicious code and it was originated by the signer

A) Challenge Handshake Authentication Protocol (CHAP)
B) Message Authentication Code (MAC)
C) Transport Layer Security (TLS) handshake protocol
D) Challenge-response authentication mechanism

A) Verify the various data classification models implemented for different environments.
B) Determine the level of access for the data and systems.
C) Verify if confidential data is protected with cryptography.
D) Determine how data is accessed in the organization.

A) White box
B) Static
C) Black box
D) Stress

A) The risk culture of the organization
B) The impact of the control
C) The nature of the risk
D) The cost of the control

A) Lack of software documentation
B) License agreements requiring release of modified code
C) Expiration of the license agreement
D) Costs associated with support of the software

A) Signing the NDA always gives consent to the developer to access tools and privileged company information to do their work.
B) Signing the NDA allows the developer to use their developed coding methods.
C) Signing the NDA protects confidential, technical, or Intellectual Property (IP) from disclosure to others.
D) Signing the NDA is legally binding for up to one year of employment.

A) Systems owner
B) Authorizing Official (AO)
C) Information owner
D) Security officer

A) A common design flaw in telephone modems
B) Speed and reliability issues between dial-up users and Internet Service Providers (ISP)
C) Compatibility issues with personal computers and web browsers
D) The security of dial-up connections to remote networks

A) require an update of the Protection Profile (PP).
B) require recertification.
C) retain its current EAL rating.
D) reduce the product to EAL 3.

A) When major changes occur on systems
B) When personnel changes occur
C) Before and after Disaster Recovery (DR) tests
D) At planned intervals

A) The manufacturer can state what configuration of the product is to be evaluated
B) The product can be evaluated by labs in other countries
C) The Target of Evaluation's (TOE) testing environment is identical to the operating environment
D) The evaluations are expensive and time-consuming to perform

A) Recovery Point Objective (RPO)
B) Recovery Time Objective (RTO)
C) Business Impact Analysis (BIA)
D) Return on Investment (ROI)

A) Issuing a smart card with a user-selected Personal Identification Number (PIN)
B) Requiring users to enter a Personal Identification Number (PIN) and a password
C) Performing a palm and retinal scan
D) Issuing a smart card and a One Time Password (OTP) token

A) Validity of digital certificates
B) Validity of the authorization rules
C) Proof of authenticity of the message
D) Proof of integrity of the message

A) User awareness
B) Two-factor authentication
C) Anti-phishing software
D) Periodic vulnerability scan

A) comply with applicable laws and regulations.
B) allow senior management to make an informed decision regarding whether to accept the risk of operating the system.
C) protect an organization's sensitive data.
D) verify that all security controls have been implemented properly and are operating in the correct manner.

A) Security
B) Privacy
C) Access
D) Availability

A) WEP uses a small range Initialization Vector (IV)
B) WEP uses Message Digest 5 (MD5)
C) WEP uses Diffie-Hellman
D) WEP does not use any Initialization Vector (IV)

A) Implement processes for automated removal of access for terminated employees.
B) Delete employee network and system IDs upon termination.
C) Manually remove terminated employee user-access to all systems and applications.
D) Disable terminated employee network ID to remove all access.

A) Remote Authentication Dial-In User Service (RADIUS)
B) Terminal Access Controller Access Control System Plus (TACACS+)
C) Open Authorization (OAuth)
D) Security Assertion Markup Language (SAML)

A) Transport and Session
B) Data-Link and Transport
C) Network and Session
D) Physical and Data-Link

A) interconnected systems and their implemented security controls.
B) standards for security assessment, testing, and process evaluation.
C) system weakness for remediation.
D) security analyses needed to make a risk-based decision.

A) Limit external connections to the network
B) Disable the account after a limited number of unsuccessful attempts
C) Force the password to be changed after an invalid password has been entered
D) Require a combination of letters, numbers, and special characters in the password

A) Implement packet filtering on the network firewalls
B) Install Host Based Intrusion Detection Systems (HIDS)
C) Require strong authentication for administrators
D) Implement logical network segmentation at the switches

A) Redundant hardware, disk spanning, and patching
B) Load balancing, power reserves, and disk spanning
C) Backups, clustering, and power reserves
D) Clustering, load balancing, and fault-tolerant options

A) System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
B) Data stewardship roles, data handling and storage standards, data lifecycle requirements
C) Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements
D) System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

A) Perform formal reviews of security incidents.
B) Work with senior management to meet business goals.
C) Ensure security policies are issued to all employees.
D) Manage a program of security audits.

A) Length of Initialization Vector (IV)
B) Protection against message replay
C) Detection of message tampering
D) Built-in provision to rotate keys

A) Single Sign-On (SSO) authentication support  
B) Privileged user authentication support
C) Password reset service support
D) Terminal Access Controller Access Control System (TACACS) authentication support

A) Directory traversal
B) Structured Query Language (SQL) injection  
C) Cross-Site Scripting (XSS)
D) Shellcode injection

A) It verifies the integrity of the file.
B) It checks the file for malware.
C) It ensures the entire file downloaded.
D) It encrypts the entire file.

A) Risk analysis
B) Patch management
C) Threat analysis
D) Backup management

A) The test results must be cost-effective.
B) The test result must be authorized.
C) The test results must be quantifiable.
D) The test results must be reproducible.

A) Derived credential
B) Temporary security credential
C) Mobile device credentialing service
D) Digest authentication

A) After the system preliminary design has been developed and the data security categorization has been performed
B) After the vulnerability analysis has been performed and before the system detailed design begins
C) After the system preliminary design has been developed and before the data security categorization begins
D) After the business functional analysis and the data security categorization have been performed

A) Cipher
B) Encryption
C) Hash
D) Entropy

A) Authenticates the IP payload and selected portions of the IP header
B) Encrypts and optionally authenticates the complete IP packet
C) Encrypts and optionally authenticates the IP header, but not the IP payload
D) Encrypts and optionally authenticates the IP payload, but not the IP header

A) Media Access Control (MAC) filtering
B) 802.1X authentication
C) Application layer filtering
D) Network Address Translation (NAT)

A) Logging and audit trail controls to enable forensic analysis
B) Security incident response lessons learned procedures
C) Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system
D) Transactional controls focused on fraud prevention

A) Assigned security label
B) Multilevel Security (MLS) architecture
C) Minimum query size
D) Passage of time

A) Wi-Fi Protected Access (WPA) + Temporal Key Integrity Protocol (TKIP)
B) Wi-Fi Protected Access 2 (WPA2) + Advanced Encryption Standard (AES)
C) Wi-Fi Protected Access 2 (WPA2) + Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
D) Wired Equivalent Privacy (WEP) + Advanced Encryption Standard (AES)

A) They ensure that the organization meets its security objectives.
B) They provide an appropriate framework for Information Technology (IT) governance.
C) They speed up the process of quantitative risk assessment.
D) They quantify the effectiveness of security processes.

A) Bluebugging
B) Focused ion-beam
C) Bluejacking
D) Power analysis

A) Physical barriers impeding unauthorized access and security guards at each entrance
B) Physical barriers and the ability to identify people as they enter the workplace
C) Security guards and metal detectors posted at each entrance
D) Metal detectors and the ability to identify people as they enter the workplace

A) Confirm that all platforms are supported and function properly
B) Evaluate whether systems or components pass data and control correctly to one another
C) Verify compatibility of software, hardware, and network connections
D) Examine error conditions related to external interfaces to prevent application details leakage

A) Erase
B) Sanitize
C) Encrypt
D) Degauss

A) Directive
B) Detective
C) Corrective
D) Preventative

A) Triple Data Encryption Standard (3DES)
B) Advanced Encryption Standard (AES)
C) Digital Signature Algorithm (DSA)
D) Rivest-Shamir-Adleman (RSA)

A) They are high-resolution source discrimination and identification tools
B) They are fast and flexible, and protect against Internet Protocol (IP) spoofing
C) They are fast, flexible, and transparent
D) They enforce strong user authentication and audit log generation

A) Host VM monitor audit logs
B) Guest OS access controls
C) Host VM access controls
D) Guest OS audit logs

A) No, because the encryption solution is internal to the cloud provider.
B) Yes, because the cloud provider meets all regulations requirements.
C) Yes, because the cloud provider is GDPR compliant.
D) No, because the cloud provider is not certified to host government data.

A) Awareness activities should be used to focus on security concerns and respond to those concerns accordingly
B) Awareness is not an activity or part of the training but rather a state of persistence to support the program
C) Awareness is training. The purpose of awareness presentations is to broaden attention of security.
D) Awareness is not training. The purpose of awareness presentation is simply to focus attention on security.

A) Limit access to predefined queries
B) Segregate the database into a small number of partitions each with a separate security level
C) Implement Role Based Access Control (RBAC)
D) Reduce the number of people who have access to the system for statistical purposes

A) Application Manager
B) Database Administrator
C) Privacy Officer
D) Finance Manager