1.
Which of the following access control models enables a person who creates or owns objects to define permissions to access those objects?
Correct Answer
D. Discretionary access control model
Explanation
The correct answer is the Discretionary access control model. This model allows the owner or creator of an object to have control over defining permissions for accessing that object. In this model, the owner can grant or revoke access permissions to other users or entities based on their discretion. This gives the owner the flexibility to determine who can access their objects and what level of access they have.
2.
During which type of assessment would penetration testers not have any knowledge about the network and network defenders have no knowledge of the test itself?
Correct Answer
C. Double-blind test
Explanation
A double-blind test refers to an assessment in which both the penetration testers and the network defenders have no prior knowledge or information about each other. In this type of test, the penetration testers simulate an attack on the network without any prior understanding of its infrastructure or security measures. Similarly, the network defenders are unaware that a test is being conducted, ensuring that their responses and defenses are genuine and not influenced by any knowledge of the test. This type of assessment provides a realistic and unbiased evaluation of the network's security posture.
3.
Which of the following processes is concerned with validating credentials?
Correct Answer
B. Authentication
Explanation
Authentication is the process concerned with validating credentials. It verifies the identity of a user or entity by validating the provided credentials, such as usernames and passwords. This process ensures that only authorized individuals or entities are granted access to a system or resource. Authentication is an essential step in ensuring the security and integrity of a system, as it prevents unauthorized access and protects against potential threats or breaches.
4.
Your organization is concerned that employees might e-mail proprietary information to themselves at their private addresses. Which of the following would be most effective at catching that particular effort?
Correct Answer
B. Content filter
Explanation
A content filter would be most effective at catching employees who are attempting to email proprietary information to themselves at their private addresses. A content filter can analyze the content of emails and identify any sensitive or proprietary information that is being sent. It can also detect keywords or patterns that are commonly associated with such information. By implementing a content filter, the organization can monitor and prevent the unauthorized transfer of proprietary information through email.
5.
Which of the following methods of log management involves visiting each individual host to review its log files?
Correct Answer
C. Decentralized
Explanation
Decentralized log management involves visiting each individual host to review its log files. In this method, log files are stored locally on each host, and administrators need to manually access each host to review and analyze the logs. This approach can be time-consuming and inefficient, especially in large-scale environments with numerous hosts. Centralized log management, on the other hand, involves collecting and storing log files from multiple hosts in a central location, making it easier to search, analyze, and monitor logs from a single interface. SIEM (Security Information and Event Management) is a type of centralized log management system that provides advanced security analytics and threat detection capabilities. Syslog is a protocol used for forwarding log messages across a network, which can be used in both centralized and decentralized log management systems.
6.
You are trying to determine the appropriate level of high availability for a server. The server must be available on a constant basis, and downtime in a given year cannot exceed 1 hour. It normally takes you about 45 minutes to bring down and restart the server for maintenance. Which of the following reflects the level of availability you require?
Correct Answer
C. 99.99 percent availability
Explanation
The level of availability required is 99.99 percent. This means that the server should be available for 99.99 percent of the time in a year, with a maximum downtime of 52.56 minutes. Since it takes about 45 minutes to bring down and restart the server for maintenance, this level of availability would allow for the required uptime and maintenance time without exceeding the 1-hour downtime limit.
7.
Which of the following ports would be most likely to allow secure remote access into a system within a data center?
Correct Answer
B. TCP port 1701
Explanation
TCP port 1701 would be most likely to allow secure remote access into a system within a data center. TCP (Transmission Control Protocol) is a reliable and connection-oriented protocol, which is commonly used for secure communication. Port 1701 is specifically associated with the Layer 2 Tunneling Protocol (L2TP), which is often used for creating virtual private networks (VPNs) and establishing secure remote access to systems. Therefore, TCP port 1701 is the most appropriate choice for secure remote access into a system within a data center.
8.
Which of the following secure protocols protects traffic during transmission and uses TCP port 443?
Correct Answer(s)
C. TLS
D. SSL
Explanation
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are both secure protocols that provide encryption and authentication for internet communications. They protect traffic during transmission by encrypting the data, making it unreadable to anyone who intercepts it. These protocols are commonly used for secure communication over the internet, such as for secure websites (HTTPS). They use TCP port 443, which is the standard port for secure HTTP connections. SCP, SSH, and TFTP are also secure protocols, but they do not specifically use TCP port 443 for transmission.
9.
All of the following are valid methods to secure static hosts in an organization, except:
Correct Answer
D. User-dependent security
Explanation
User-dependent security is not a valid method to secure static hosts in an organization because it relies on the actions and behavior of individual users to ensure security. This approach is not reliable as users may make mistakes, fall victim to social engineering attacks, or intentionally bypass security measures. Instead, organizations should implement measures such as layered security, network segmentation, and application level firewalls to protect static hosts from external threats and unauthorized access. These methods provide more robust and effective security controls that are not dependent on user actions.
10.
Wissa is updating a printer driver on a Windows system. She downloads the latest driver from the manufacturer's Web site. When installing the driver, Windows warns that the driver is unsigned. To which of the following threats is Wissa exposing her system?
Correct Answer
C. Refactoring
Explanation
By updating a printer driver on a Windows system with an unsigned driver, Wissa is exposing her system to the threat of refactoring. Refactoring refers to the process of restructuring existing code without changing its external behavior. In this context, it suggests that the unsigned driver may have been modified or tampered with, potentially introducing malicious code or compromising the system's security.
11.
Which of the following types of factors could be used to describe a fingerprint-based method of logging in and authenticating to a touchscreen device?
Correct Answer
C. Something you are.
Explanation
The correct answer is "Something you are." In a fingerprint-based method of logging in and authenticating to a touchscreen device, the factor being used is the unique physical characteristic of the user's fingerprint, which is a part of who they are. This factor relies on biometric authentication to verify the identity of the user, making it a "something you are" factor rather than "something you know" (such as a password), "something you have" (such as a key or card), or "something you do" (such as a specific action or behavior).
12.
Which of the following technologies allows devices to communicate with each other at very close range through radio signals by using a special chip implanted in the device, and may be vulnerable to eavesdropping and man-in-the-middle attacks?
Correct Answer
C. Near-field communication (NFC)
Explanation
Near-field communication (NFC) is a technology that enables devices to communicate with each other at close range using radio signals. This is achieved through a special chip implanted in the device. NFC is vulnerable to eavesdropping and man-in-the-middle attacks because the communication range is limited to a few centimeters, making it easier for attackers to intercept and manipulate the data being transmitted. Therefore, NFC technology is not considered secure for transmitting sensitive information over longer distances.
13.
Which of the following is an application designed to create and initiate files on a host to provide a fully functional virtual machine?
Correct Answer
B. Hypervisor
Explanation
A hypervisor is an application designed to create and initiate files on a host to provide a fully functional virtual machine. It is responsible for managing and controlling the virtualization environment, allowing multiple operating systems to run on a single physical machine. The hypervisor creates and manages virtual machines (guest operating systems) on the host operating system, enabling efficient resource allocation and isolation between different virtual machines. It provides the necessary abstraction layer to enable the virtualization of hardware resources and ensures that each virtual machine operates independently and securely. A load balancer, on the other hand, is responsible for distributing network traffic across multiple servers to optimize performance and availability.
14.
How many rounds does DES perform when it encrypts plaintext?
Correct Answer
A. 16
Explanation
DES (Data Encryption Standard) performs 16 rounds when it encrypts plaintext. Each round involves several operations including substitution, permutation, and key mixing, which collectively contribute to the security and complexity of the encryption process. By repeating these rounds 16 times, DES ensures a high level of encryption strength and resistance against various cryptographic attacks.
15.
Which of the following secure e-mail protocols is carried over an SSL or TLS connection and uses TCP port 993?
Correct Answer
C. IMAPS
Explanation
IMAPS is the correct answer because it is an email protocol that is carried over an SSL or TLS connection. It uses TCP port 993 for secure communication. SMTP is used for sending email, POP3 is used for retrieving email, and IMAP4 is an older version of IMAP. Therefore, they are not the correct answers for this question.
16.
Which of the following are true statements regarding the relationships of functionality, security, and available resources?
Correct Answer(s)
B. As security increases, functionality decreases.
D. As resources decrease, both functionality and security decrease.
Explanation
As security increases, functionality decreases because implementing more security measures often requires adding restrictions and limitations to the system, which can reduce its overall functionality.
As resources decrease, both functionality and security decrease because when there are fewer resources available, it becomes more challenging to maintain the same level of functionality and security. Limited resources may prevent the implementation of necessary security measures and can also impact the system's performance and functionality.
17.
During which stage of a secure development model would you normally find steps such as requirements gathering, analysis, and diagram development?
Correct Answer
C. Security requirements
Explanation
During the stage of security requirements in a secure development model, steps such as requirements gathering, analysis, and diagram development are typically found. This stage focuses on identifying and defining the specific security requirements that need to be implemented in the software or system. It involves understanding the security needs, risks, and constraints and translating them into specific requirements. This stage sets the foundation for the secure design and implementation phases by ensuring that the necessary security measures are identified and documented before proceeding further.
18.
Risk assessment means evaluating which of the following elements?
Correct Answer(s)
A. Probability
D. Impact
Explanation
Risk assessment involves evaluating the probability and impact of potential risks. Probability refers to the likelihood of a risk occurring, while impact refers to the potential consequences or severity of the risk. By assessing both probability and impact, organizations can prioritize and manage risks effectively. This allows them to allocate resources and implement appropriate measures to mitigate or control the identified risks.
19.
Which of the following is a protocol used to obtain the status of digital certificates in public keys?
Correct Answer
C. OCSP
Explanation
OCSP (Online Certificate Status Protocol) is a protocol used to obtain the status of digital certificates in public keys. It allows clients to verify the current status of a certificate, such as whether it has been revoked or is still valid. This protocol provides a more efficient and real-time method of checking certificate status compared to traditional Certificate Revocation Lists (CRLs). Therefore, OCSP is the correct answer for the given question.
20.
All of the following are supporting elements of authorization, except:
Correct Answer
A. Credential validation
Explanation
Credential validation is not a supporting element of authorization because it is a part of the authentication process. Authorization is the process of granting or denying access to resources based on the authenticated user's permissions and privileges. Credential validation, on the other hand, involves verifying the authenticity of the credentials provided by the user, such as username and password, to ensure that the user is who they claim to be. While credential validation is important for establishing the identity of the user, it is not directly related to determining the user's level of access to resources, which is the main focus of authorization.