CBK Review Seminar Sample Test

Questions and Answers

Which one of the following is the MOST effective method for reducing security vulnerabilities associated with building entrances?

Brightly illuminate the entrances

Install tamperproof hinges and glass

Use solid metal doors and frames (correct)

Minimize the number of entrances

Why is projection lighting mounted at the same height as the barbed wire topping of a fence?

It lowers the height and cost of observation towers.

It increases the field of view for those observing the scene.

It blinds the approaching intruder's view of the scene. (correct)

It makes it easier to observe an intruder climbing over the fence.

International Organization for Standardization (ISO) standard 27002 provides guidance for vendor compliance by outlining

financial soundness and business viability metrics.

guidelines and practices of security controls. (correct)

standard best practice for procurement policy.

contract agreement writing standards.

Which of the following is the MAIN advantage of having an application gateway?

To log and control incoming and outgoing application traffic

Which of the following backup processing alternatives describes a computing facility with telecommunications equipment, some systems, but minimal data?

Cold site

Important documents that have been soaked in water during fire suppression efforts should be restored by

document recovery specialists.

In a discretionary mode, who has delegation authority to grant access to information?

Owner

Which of the following is an industry specific standard that PRIMARILY deals with privacy matters?

European Union Principles

What is the purpose of the Encapsulating Security Payload (ESP) in the Internet Protocol (IP) Security Architecture for Internet Protocol Security (IPSec)?

To provide integrity and confidentiality for IP transmissions

The best practice to prevent logging clutter in application security is to

catch and log exceptions only at points at which exceptions are actually handled.

What physical characteristics does a retinal scan biometric device measure?

The pattern of blood vessels on the retina

Which of the following defines the intent of a system security policy?

A brief high-level statement defining what is and is not permitted in the operation of the system

To support legacy applications that rely on risky protocols (e.g., plain text passwords), which one of the following can be implemented to mitigate the risks on a corporate network?

Implement a Virtual Private Network (VPN) with controls on workstations joining the VPN

What is the recommended frequency that a system recovery plan be tested in a stable data processing environment?

Quarterly or semiannually

While evaluating the effectiveness of several new devices, the security professional should expect that a biometric device becomes more sensitive when

the FAR decreases while the FRR increases.

Study Notes

CBK Review Seminar Sample Test - Study Notes

• Question 1: Minimizing the number of building entrances is the most effective method for reducing security vulnerabilities.
• Question 2: Projection lighting is mounted at the same height as barbed wire to provide a clear view of intruders climbing over the fence.
• Question 3: ISO standard 27002 offers guidelines and practices for security controls, not financial metrics, procurement policy, or contract agreement standards.
• Question 4: An application gateway's primary advantage is logging and controlling incoming/outgoing application traffic.
• Question 5: A warm site backup processing alternative has telecommunications equipment, but minimal data.
• Question 6: Document recovery specialists should restore documents soaked in water during fire suppression.
• Question 7: In discretionary access control, security officers have the delegation authority to grant access to information.
• Question 8: Control Objectives for Information and Related Technology (COBIT) is an industry-specific standard; it does not deal primarily with privacy.
• Question 9: Encapsulating Security Payload (ESP) provides integrity and confidentiality for Internet Protocol (IP) transmissions, not non-repudiation or key management.
• Question 10: Catching and logging exceptions at points where they are handled, rather than wrapping exceptions with others, minimizes logging clutter.
• Question 11: Retinal scan biometric devices measure the pattern of blood vessels on the retina, not the amount or reflection of light.
• Question 12: A security policy defines what is and is not permitted in system operation.
• Question 13: VPNs with workstation controls, and ensuring audit logging are used to mitigate legacy application security risks.
• Question 14: System recovery plans should be tested quarterly or semi-annually in a stable environment.
• Question 15: False Acceptance Rate (FAR) and False Rejection Rate (FRR) both increase when a biometric device is becoming more sensitive.
• Question 16: Crossover Error Rate (CER) is where False Acceptance Rate (FAR) and False Rejection Rate (FRR) are balanced.
• Question 17: Vulnerable processes are affected by shared memory corruption, poor locking strategies, poor data validation or race conditions.
• Question 18: Peer-to-peer (P2P) is the appropriate networking model for small, inexpensive, and less secure environments.
• Question 19: Automated risk analysis methodologies are valuable because they minimize training requirements, require little computer experience and reduce the time required for subsequent analysis.
• Question 20: ISO 15408 is an assurance oriented process, while ITSEC is a process-oriented evaluation method.
• Question 21: Initial and ongoing authentication mitigates spoofing and tampering network attacks.
• Question 22: Content-dependent access control provides granular control that confines access to authorized users, rather than preventing data locking.
• Question 23: Proximity cards are vulnerable to duplication or loss, therefore are not the best method of access control.
• Question 24: The Bell-LaPadula model addresses information flow control and security levels, but not access modes.
• Question 25: Conducting a business impact analysis (BIA) and having a leader who understands the plan are key components of an effective incident response plan.
• Question 26: Organizational security strategies must reflect the needs of employees, and alignment with operational and safety processes, to be complete.
• Question 27: Attaching to a communication line and injecting data is electronic piggybacking.
• Question 28: Computer-generated evidence is unreliable because it can be stored on volatile media, and is often too complex for jurors to understand.
• Question 29: Successful dictionary attacks require access to the target system and the password file, in order to read or write the contents of the file (not just read access).
• Question 30: WEP uses the RC4 cipher, not RSA, 3DES, or AES.
• Question 31: Limiting connectivity by means of well-managed access controls is the best defense against worms.
• Question 32: Implementing change management processes is focused on improving IT staff, making the environment free of mistakes, and ensuring safe environments.
• Question 33: Information security plans assure data/information protection and align employee behavior with organizational goals.
• Question 34: A protected subsystem is an application program that operates outside the operating system within a group, that protects data from misuse, and contains some common data for all users.
• Question 35: A reference monitor is an abstract machine mediating subject-to-object access.
• Question 36: A covert timing channel involves modulating a signal to allow communication of information without detection.
• Question 37: Sutherland is an integrity model, and Bell-Lapuda, Clark-Wilson, and Biba are all information integrity models.
• Question 38: The Authentication Header (AH) in IPSec provides authentication of the sender.
• Question 39: Successful business continuity planning follows a specific chronological sequence of steps starting with BIA, risk analysis and Plan and maintenance, etc.
• Question 40: Time-Division Multiplexing (TDM) combines multiple conversations into a single data stream for transmission.
• Question 41: A hostile applet attempts to monopolize and exploit system resources.
• Question 42: User input validation is a key method of counteracting SQL injection.
• Question 43: Patch management needs accurate asset information to be successful.
• Question 44: Subject's digital signature is not a part of X.509 V.3.
• Question 45: HMAC is an addition to a message digest algorithm to increase cryptographic strength.
• Question 46: Integrity models focus on preventing unauthorized modifications, making data current, and verifying that all modifications can be tracked/reported.
• Question 47: Fiber optic communications have a security advantage due to greater difficulty in interception.
• Question 48: Data classification in MAC systems is determined by organization security policy requirements.
• Question 49: Log file reviews can be useful for identifying security issues and potential vulnerabilities.
• Question 50: An effective Trojan horse countermeasure is a Host-based Intrusion Prevention System (HIPS)
• Question 51: When investigating computer crime the investigation is complex because evidence may be destroyed, and the actions/intent of the user are difficult to discern.
• Question 52: Web applets can pose security threats by removing security layers, performing unintentional attacks during client execution or impacting data/application access.
• Question 53: Traffic analysis examines frequency, length, and origin/destination patterns of network communications.
• Question 54: Secure Sockets Layer (SSL) features are certificate-based authentication of web servers and clients, and data confidentiality between both.
• Question 55: File wipe programs should overwrite flash drives, hard drives, and optical drives, not only tape drives.
• Question 56: Organizations should implement a continuous compliance program to effectively prepare for audits.
• Question 57: Internet Key Exchange (IKE) is an industry standard for VPN key exchange.
• Question 58: Standalone surge protectors can overload the electrical circuits on a network causing damage.
• Question 59: Recovering services during a disaster should prioritize those with the most impact.
• Question 60: Verification of vendor compliance is done by documenting their practices and input from privacy and safety professionals.
• Question 61: The ability for the enterprise to monitor and maintain sufficient resources and employee awareness is the most important factor in enterprise security success.
• Question 62: Digital certificates and digital signatures provide authentication and confidentiality in conjunction for email messages.
• Question 63: Validating a vendor's security policies is important to ensure they don't pose financial or operational liabilities for the organization, but not necessarily their corporate strategy/vision statement.
• Question 64: Validating implementation with the design is the first step in source code auditing.
• Question 65: Using logs with clipping levels or maximum size limits is used to keep data manageable for analysis.
• Question 66: Patch management processes are not usually standardized for all organizations.
• Question 67: Security managers are primarily responsible for determining classification levels, not users, owners, or auditors.
• Question 68: Achieving Level 4 of CMMI Integration shows a well-defined and documented processes for software engineering.
• Question 69: End-to-end encryption has the advantage of only the communicating parties having cleartext access.
• Question 70: Everyone in an organization is responsible for computer security.
• Question 71: Backup program should track initial usage and usage number for system serviceability.
• Question 72: The most important goal of security awareness programs is to inform and ensure user comprehension/acceptance of security policies.
• Question 73: Using a quality management process is the most effective method for handling changes in requirements.
• Question 74: High humidity can increase electrostatic buildup which can lead to data loss from static discharge.
• Question 75: Employee involuntary termination processes should include details of all information given to them to protect the company's intellectual property from unauthorized use.
• Question 76: Diffie-Hellman is a cryptographic technique for key exchange, NOT encryption.
• Question 77: One disadvantage of content-dependent access control is increased processing overhead.
• Question 78: Categorizing information and systems enables a clear structure when conducting initial certification and accreditation efforts.
• Question 79: The most significant consequence of buffer overflow is a denial-of-service attack.
• Question 80: A partition table contains information about the location of operating partitions on a computer drive, which can be used as a benchmark for consistency checks.
• Question 81: Denial of service is a likely result from internet worms, not confidentiality breaches.
• Question 82: To mitigate risk, taking vacations of a specified duration reduces stress and risk of fraud occurrences, without severely impacting operations.
• Question 83: Applying SDLC methodologies increase the quality of the software product, not the number of vulnerabilities.
• Question 84: ISO/IEC 27002 documents best practices for information security management.
• Question 85: Lack of validation of user input is a common cause of security vulnerabilities, not necessarily in patches.
• Question 86: Analyzing full network traffic, rather than simply alerts, is the most effective way to identify and analyze cyberattacks.
• Question 87: People are the most important link in the security chain as they either protect or compromise the network.
• Question 88: The first step of any ethical situation is to contact the appropriate management about the discovery.
• Question 89: Intellectual property rights issues between nations require a consideration of international trade agreements.
• Question 90: Regularly testing incident response plans ensures accuracy, is a compliance requirement, and helps prevent future incidents through identification of weaknesses.
• Question 91: A critical step for conducting a BIA is identifying acceptable or permissible recovery times.
• Question 92: An effective security policy should consider the effect it has on organizational capacity.
• Question 93: The least important part of logging a security violation is the user's name. UserID, type of violation and the timestamp are of greater importance.
• Question 94: Software development analysis methodologies are used to look for vulnerabilities.
• Question 95: Non-repudiation of message delivery is achieved with digitally signed messages using the recipient's public key, rather than just computing a digest, etc.
• Question 96: A cryptoperiod is the length of time that a cryptographic key is used.
• Question 97: The affected system’s RTO should not be of least concern. RTO is a BIPA concern and should be considered during an incident response.
• Question 98: The protocol based IDS should be placed in the DMZ to control access and provide security.
• Question 99: Recovery Point Objective (RPO) is used to determine the maximum amount of data loss acceptable during a system recovery process.
• Question 100: Dilution is a strategy, not in itself a threat.
• Question 101: A security policy should convey management commitment and be accessible/understandable.
• Question 102: Security policies should include, definition, roles/responsibilities, applicability statements, and requirements.
• Question 103: Effective security is achieved through policies, standards, procedures, vulnerability management and administrative and procedural considerations
• Question 104: Loss expectancy describes the cost of a risk, but vulnerability describes a weakness in a security measure.
• Question 105: Asking the CEO to email a private key is a form of social engineering.
• Question 106: Hardening is about improving system security.
• Question 107: Symmetric key cryptography requires sharing a secure key to make transfers.
• Question 108: Symmetric networks provide redundancy which improves security, not all LAN segments.
• Question 109: Security control costs need to be balanced against the security the control provides.
• Question 110: Access review processes should validate continued access needs.
• Question 111: Policies and standards define a common understanding.
• Question 112: Understanding international challenges is a key component of risk management, but not of secondary importance in the analysis.
• Question 113: Loss expectancy is measured using asset value.
• Question 114: Minimizing the Security Kernel makes it easier to verify and maintain software for security.
• Question 115: Small Trusted Computer Bases allow easier analysis of security functionality.
• Question 116: A token serial number is a series of characters used to identify a user.
• Question 117: The object's label should match subject's clearance level to correctly implement the least privilege principle.
• Question 118: A large number of waivers indicates the policy may be misapplied or inappropriate.
• Question 119: IPSec, S-HTTP, and SSL are security protocols dealing with internet security.
• Question 120: Multi-factor authentication and mandatory access control are ways of increasing system security.
• Question 121: Password-protected files are a secure system for storing user passwords.
• Question 122: When ethical conflicts arise, resolving them in favor of public safety, principals, and professionals, in that order, is the best approach.
• Question 123: Disaster recovery planning and access control requirements are part of a comprehensive security program, not installation security.
• Question 124: Traffic is blocked by default, unless configuration is modified to allow access to the interface.
• Question 125: File-level backups and exact bit-by-bit copies provide the most reliable evidence in court.

Description

Test your knowledge with this sample quiz for the CBK Review Seminar. The questions cover various topics related to security vulnerabilities, standards, application gateways, and access controls. Enhance your understanding and preparation for the examination.