|
Question 1.
Which of the following is NOT a restriction, for partners accessing internal corporate resources through an extranet?
A. Preventing modification of restricted information
B. Using restricted programs, to access databases and other information resources
C. Allowing access from any location
D. Preventing access to any network resource, other than those explicitly permitted
E. Viewing inventory levels for partner products only
Answer: C
Question 2.
Which type of Business Continuity Plan (BCP) test involves practicing aspects of the BCP, without actually interrupting operations or bringing an alternate site on-line?
A. Structured walkthrough
B. Checklist
C. Simulation
D. Full interruption
E. Parallel
Answer: C
Question 3.
Which of the following equations results in the Single Loss Expectancy for an asset?
A. Asset Value x %Of Loss From Realized Exposure
B. Asset Value x % Of Loss From Realized Threat
C. Annualized Rate of Occurrence / Annualized Loss Expectancy
D. Asset Value x %Of Loss From Realized Vulnerability
E. Annualized Rate of Occurrence x Annualized Loss Expectancy
Answer: B
Question 4.
Which of the following is an integrity requirement for Remote Offices/Branch Offices (ROBOs)?
A. Private data must remain internal to an organization.
B. Data must be consistent between ROBO sites and headquarters.
C. Users must be educated about appropriate security policies.
D. Improvised solutions must provide the level of protection required.
E. Data must remain available to all remote offices.
Answer: B
Question 5.
Operating-system fingerprinting uses all of the following, EXCEPT ______, to identify a target operating system.
A. Sequence Verifier
B. Initial sequence number
C. Address spoofing
D. Time to Live
E. IP ID field
Answer: C
Question 6.
Internal intrusions are loosely divided into which categories? (Choose TWO.)
A. Attempts by insiders to perform appropriate acts, on information assets to which they have
been given rights or permissions.
B. Attempts by insiders to access resources, without proper access rights
C. Attempts by insiders to access external resources, without proper access rights.
D. Attempts by insiders to perform inappropriate acts, on external information assets to which
They have been given rights or permissions.
E. Attempts by insiders to perform inappropriate acts, on information assets to which they have
been given rights or permissions.
Answer: B, E
Question 7.
_________ occurs when an individual or process acquires a higher level of privilege. Or access, than originally intended.
A. Security Triad
B. Privilege aggregation
C. Need-to-know
D. Privilege escalation
E. Least privilege
Answer: D
Question 8.
Which encryption algorithm has the highest bit strength?
A. AES
B. Blowfish
C. DES
D. CAST
E. Triple DES
Answer: A
Question 9.
How is bogus information disseminated?
A. Adversaries sort through trash to find information.
B. Adversaries use anomalous traffic patterns as indicators of unusual activity. They will employ
other methods, such as social engineering, to discover the cause of the noise.
C. Adversaries use movement patterns as indicators of activity.
D. Adversaries take advantage of a person's trust and goodwill.
E. Seemingly, unimportant pieces of data may yield enough information to an adversary, for him
to disseminate incorrect information and sound authoritative,
Answer: E
Question 10.
Which type of Business Continuity Plan (BCP) test involves shutting down z on-line, and moving all operations to the alternate site?
A. Parallel
B. Full interruption
C. Checklist
D. Structured walkthrough
E. Simulation
Answer: B
Question 11.
What must system administrators do when they cannot access a complete i testing?
A. Extrapolate results from a limited subset.
B. Eliminate the testing phase of change control.
C. Request additional hardware and software.
D. Refuse to implement change requests.
E. Deploy directly to the production environment.
Answer: A
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.