Answered You can hire a professional tutor to get the answer.
DUE IN 4 HOURs In which testing is performed after a change to a system takes place, retesting to ensure functionality performance, and protection....
DUE IN 4 HOURs
In which testing is performed after a change to a system takes place, retesting to ensure functionality performance, and protection.
Question 128 options:
Integration testing
Unit testing
Acceptance testing
Regression testing
Question 129 (1 point)Intrusion Detection Systems (IDS) can be used to detect changes in the following sensors, except:
Question 129 options:
Motion
Sounds and vibrations
Beams of light
Temperature
Question 130 (1 point)Which of the following fire suppression methods was widely used but is no longer available due to the environmental issues it causes to the ozone.
Question 130 options:
FM-200
NAF-S-III
Halon
Argon
Question 131 (1 point)Which access control is based on each subject's role and/or functional position?
Question 131 options:
DAC
MAC
RBAC
Non-RBAC
Question 132 (1 point)Which of the following is not part of Risk management processes?
Question 132 options:
Risk assessment
Risk mitigation
Risk monitoring
Risk ignorance
Question 133 (1 point)Specific state changes take place with specific types of attacks. If an attacker will carry out a remote buffer overflow, the following state will change. Which one of the state is incorrect?
Question 133 options:
The remote user connects to the system
The remote user sends data to an application
The data are executed and overwrite the buffer and possibly other memory segments.
The network is slow due to congested bandwidth.
Question 134 (1 point)Another name for cryptography strength is ____________, which is an estimate of the effort and resources it would take an attacker to penetrate a cryptosystem. Fill in the blank.
Question 134 options:
Secrecy
Work factor
Cryptanalysis
Decryption
Question 135 (1 point)The objective of ___________________ is to ensure that one person acting alone cannot compromise the company's security in any way.
Question 135 options:
Due care
Due diligence
Separation of duties
Trusted recovery states
Question 136 (1 point)The BCP committee should include the following stakeholders except one:
Question 136 options:
Senior management
IT department
Security department
Independent auditor
Question 137 (1 point)During
a Business Impact Analysis effort, what characteristics should threats
be mapped to in order to assess the impacts on our assets?
Question 137 options:
Maximum tolerable downtime
Objective-to-task
Deadlines
Security Plan
Question 138 (1 point)TCSEC
provides a classification system that is divided into a hierarchical
division of assurance levels of the following. Select one that is not
part of these assurance levels.
Question 138 options:
Verified protection
Mandatory protection
Discretionary protection
Non-discretionary protection.
Question 139 (1 point)Which type of risk analysis weighs potential threats based on dollar figures?
Question 139 options:
Assumptive
Correlative
Qualitative
Quantitative
Recursive
Question 140 (1 point)________________
is all about ensuring that people, applications, equipment, and the
overall environment are properly and adequately secured. Fill in the
blank.
Question 140 options:
Cyber security
Operations security
Personal security
Environment security
Question 141 (1 point)In what testing phase verifies that components work together as outlined in design specifications.
Question 141 options:
Integration testing
Unit testing
Acceptance testing
Regression testing
Question 142 (1 point)_______________
is a systematic approach used to understand how different threats could
be realized and how a successful compromise could take place.
Question 142 options:
Privacy impact rating
Attack surface
Attack surface analysis
Threat modeling
Question 143 (1 point)What is the advantage of having striping?
Question 143 options:
Redundancy
Speed
Large size
Failover
Question 144 (1 point)Which
software development model emphasizes risk analysis per iteration and
is iterative in approach? This approach integrates customer feedback in
the development process.
Question 144 options:
Agile
Rapid application
Spiral
V-model
Question 145 (1 point)Which
one of the following is the assurance evaluation that assigns an
evaluation assurance level that provides a thorough and stringent
testing.
Question 145 options:
Information Technology Security Evaluation Criteria
Common Criteria
Accreditation
Trusted Platform Evaluation
Question 146 (1 point)To
protect personal information, vendors must adhere by the laws
established in each industry sector. Which one of the following personal
security protection activities the laws do not require organizations to
protect personal data?
Question 146 options:
Obtain consent when they collect, use, or disclose their personal information
Collect information by fair and lawful means
Store, transmit, and change the data as necessary.
Have personal information policies that are clear, understandable, and readily available.
Question 147 (1 point)________
is a methodical approach to standardize requirements discovery, design,
development, testing, and implementation in every phase of a system.
Question 147 options:
Certification
System development life cycle
Accreditation
Project management
Question 148 (1 point)Which calculation uses the formula AV × EF?
Question 148 options:
SLE
ARO
ALE
Cost-Benefit Analysis
Question 149 (1 point)Which
of the following security testings involves performing attacks on a
network and its systems with permission, in order to determine the
effectiveness of their security controls and processes.
Question 149 options:
Vulnerability testing
Disaster recovery testing
Penetration testing
Malware sandbox testing
Question 150 (1 point)Of the 3 types of offsite facilities a company can choose from for business continuity do not include which of the following:
Question 150 options:
Hot site
Cold site
Warm site
Alternate site
Question 151 (1 point)________ control is based on a user's role and responsibilities within the organization.
Question 151 options:
Discretionary access
Mandatory access
Administrative access
Role-based access
Question 152 (1 point)The
____________ is the earliest time period and a service level within
which a business process must be restored after a disaster to avoid
unacceptable consequences associated with a break in business
continuity. The ____________ is the acceptable amount of data loss
measured in time. This value represents the earliest point in time at
which data must be recovered.
Question 152 options:
RTO, RPO
RPO, RTO
MTD, Recovery
RPO, MTD
Question 153 (1 point)Companies can choose from the following outsourced DR site. Which site is considered most expensive?
Question 153 options:
Hot site
Mirror site
Warm site
Cold site
Question 154 (1 point)____________
means that an individual should have just enough permission and rights
to fulfill his roles and responsibilities in the company and no more.
Question 154 options:
Least privilege
Job rotation
Mandatory vacations
Collusion
Question 155 (1 point)What type of malware is self-replicating?
Question 155 options:
Trojan
Worm
Clone
Spam
Virus
Question 156 (1 point)Which access control model is based on an operating system enforcing the system's policy through the use of security labels?
Question 156 options:
DAC
MAC
RBAC
Non-RBAC
Question 157 (1 point)As
part of disk configuration, we can configure data stripped over several
disk drives without any redundancy or parity bits involved. What is
this technique?
Question 157 options:
Mirroring
Stripping
Hamming
Stripping with parity.
Question 158 (1 point)A multi-factor authentication includes the following. Select all correct answers.
Question 158 options:
What you know
What you have
What you are
What you used to do (behavioral).
Question 159 (1 point)Which of the following is the most commonly used physical security control?
Question 159 options:
Fences
Door Locks
CCTV
Security guards
Question 160 (1 point)What e-mail protocol is commonly used for the sending of Internet e-mail.
Question 160 options:
POP
FTP
SMTP
HTTP
Question 161 (1 point)The
total combination of protection mechanisms in a computer system to
include hardware software, firmware, and procedures is a(n):
Question 161 options:
Trusted computing base
Security baseline
Security template
Evaluation standard
None of the above
Question 162 (1 point)Which law governs disclosure of financial data for proper financial reporting?
Question 162 options:
Computer Fraud and Abuse Act of 1986
Graham-Leach Bliley Act of 1999
Health Insurance Portability and Accountability of 1996
Sarbanes-Oxley Act of 2002
None of the above
Question 163 (1 point)A PKI can be made up of any of the following entities and functions except
Question 163 options:
Certification authority
Timestamping
Certificate revocation system
X.500 Directory
Question 164 (1 point)Which access control method is based on the jobs a user is allowed to perform within an organization?
Question 164 options:
Discretionary Access Control (DAC)
Lattice Model
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
All of the above
Question 165 (1 point)________________
ensures that the necessary level of secrecy is enforced at each
junction of data processing and prevents any unauthorized disclosure.
Fill in the blank.
Question 165 options:
Availability
Integrity
Confidentiality
Authentication
Question 166 (1 point)Auditing
can collect logs from various levels. Which one of the following is not
commonly collected events unless assigned to a specific device?
Question 166 options:
System level events
Application level events
User level events
Network level events
Question 167 (1 point)An
attacker sends multiple service requests to the victim's computer until
these service requests eventually overwhelm the target system, causing
it to freeze, reboot, and ultimately unable to perform regular tasks.
What is this called?
Question 167 options:
Mail bombing
Ping of death
DOS attack
Man in the middle attack
Question 168 (1 point)Which one of the attacks is a common covert channel attack using the ICMP protocol?
Question 168 options:
JohntheRipper
Pass the Hash
Loki
DoS
Question 169 (1 point)Which threat agent group includes malicious users?
Question 169 options:
Natural
Human
Technical
Operational
Question 170 (1 point)Simultaneous execution of more than one program by a single OS is called _____________. Fill in the blank.
Question 170 options:
interrupt
Multitasking
Multiprocessing
Preemptive multitasking
Question 171 (1 point)An
______________ is a methodical approach to standardize requirement
discovery, design, development, testing, and implementation in every
phase of a system. ___________ is the technical testing of a system.
_________________ is the formal authorization given by management to
allow a system to operate in a specific environment. Fill in the blanks.
Question 171 options:
Accreditation, Certification, SDLC
Certification, SDLC, Accreditation
SDLC, Accreditation, Certification
SDLC, Certification, Accreditation
Question 172 (1 point)During emergency if one can't get to the organization's data, which security objectives has been compromised?
Question 172 options:
Availability
Integrity
Confidentiality
Authentication
Question 173 (1 point)Discretionary access control is determined by _____________. Fill in the blank.
Question 173 options:
Administrator
Object owner
Users
Custodian
Question 174 (1 point)Symmetric key algorithm requires the following number of keys.
Question 174 options:
N(N-1)/2
N(N*2)/3
N/2
N*2/3
Question 175 (1 point)What type of network device is responsible for determining the best route from the source to the destination?
Question 175 options:
Switch
Repeater
Bridge
Router
Question 176 (1 point)In
SDLC model, _________________ determines "the why" create this
software, the "what" the software will do, and the "for whom" the
software will be created.
Question 176 options:
Requirement gathering
Design
Testing
Maintenance
Question 177 (1 point)Which one of the security objectives is not part of the fundamental principles of security?
Question 177 options:
Availability
Integrity
Confidentiality
Authentication
Question 178 (1 point)What type of control reacts to changes in an environment or process that deviates from a normal or accepted pattern?
Question 178 options:
Preventative Control
Corrective Control
Detective Control
Observant Control
Question 179 (1 point)____________
is the readable version of a message. After an encryption process, the
resulting text is referred to as _______________. Fill in the blanks.
Question 179 options:
Plaintext, key
Plaintext, ciphertext
Ciphertext, key
Ciphertext, plaintext
Question 180 (1 point)What is the level of risk an organization is willing to accept?
Question 180 options:
Baseline
Minimum configuration
Acceptable risk
Risk appetite
Question 181 (1 point)The
Business continuity plan should include a team to assess the damage
once a disaster has taken place. The assessment include the following
action but one.
Question 181 options:
Determine the cause of the disaster
Contact the outsourced DR vendor
Determine the potential for further damage
Identify the level of functionality for the critical resources.
Question 182 (1 point)What would a high level software program language be defined as?
Question 182 options:
Generation two
Generation three
Generation four
High Generation
Question 183 (1 point)______________ means that over time, more than one person fulfills the tasks of one position within the company.
Question 183 options:
Least privilege
Job rotation
Mandatory vacation
Collusion
Question 184 (1 point)Which of the following is not an application protocol?
Question 184 options:
SMTP
HTTP
SNMP
ICMP
Question 185 (1 point)Doors that are designed to stay locked during power outages are described as:
Question 185 options:
Fail safe
Fail Secure
Fault Tolerant
UPS
Fail Closed
Question 186 (1 point)In
_______________ cryptography, a single secret key is used between
entities, whereas in public key systems, each entity has different keys,
or _____________. The two different keys are mathematically related. If
a message is encrypted by one key, the other key is required in order
to decrypt the message.
Question 186 options:
Asymmetric key, symmetric key
Symmetric key, Asymmetric key
Cipher Algorithm, Cryptanalysis
Steganography, Symmetric key
Question 187 (1 point)Which of the following services does cryptosystems not provide?
Question 187 options:
Confidentiality
Integrity
Authentication
Identification
Question 188 (1 point)The one-time pad encryption is deemed unbreakable only if the following are true about the implementation process except one:
Question 188 options:
The pad must be used only one time
The pad must be as long as the message
The pad must be securely distributed and protected at its destination
The pad must be made up of truly non-random values
Question 189 (1 point)Mandatory access control requires which of the following?
Question 189 options:
User and application
Data classification and encryption
Data classification and security clearance
Data classification and storage
Question 190 (1 point)________________ determines if the product accurately represents and meets the specifications.
Question 190 options:
Privacy impact rating
Attack surface
Attack surface analysis
Verification
Question 191 (1 point)Which type of proxy can distinguish between an FTP GET and a FTP PUT command?
Question 191 options:
Circuit-level proxy
Kernal proxy
Application-level
Multihomed
Question 192 (1 point)This is a form of hiding data within another medium in order to elude detection of its existence.
Question 192 options:
Steganography
Cryptography
Encryption
Hashing
Question 193 (1 point)Determining
the value of assets is useful to an organization's security risk
assessment. However, which one of the following is not the primary
reasons?
Question 193 options:
To perform an effective cost/benefit analysis
To select specific countermeasures and safeguards
To understand what exactly is at risk
To accurately appropriate the insurance premium
Question 194 (1 point)Which of the following is not non-volatile?
Question 194 options:
ROM
PROM
EPROM
RAM
Question 195 (1 point)Which of the following is an enterprise security architecture framework?
Question 195 options:
MODAF
TOGAF
ITIL
SABSA
Question 196 (1 point)A fixed-length value used as a message fingerprint is called a __________?
Question 196 options:
Message Authentication Code (MAC)
Hash Value
Message Number
Digital Signature
Question 197 (1 point)Protection
rings in an Operating System provide support for availability,
integrity and confidentiality. Which protection ring does the Operating
System operates in?
Question 197 options:
Ring 0
Ring 1
Ring 2
Ring 3
Question 198 (1 point)The cryptography mechanism which hides information within images is known as?
Question 198 options:
Cryptography
Cryptanalysis
Steganography
Encryption
Transposition
Question 199 (1 point)A secret key that is used for data encryption only one time is called a _______?
Question 199 options:
Public Key
Asymmetric Key
Private Key
Session Key
Question 200 (1 point)When
comparing different biometric systems, one of the most important
metrics used is called the _________, which represents the point at
which the false rejection rate equals the false acceptance rate.
Question 200 options:
Biometric analytical equation
Crossover error rate
Type I error
Type II error
Due in 4 hours
