Organizations should consider which of the following first before...
Who developed one of the first mathematical models of a...
A company outsources payroll services to a third party company. ...
What method destroys the integrity of magnetic media, such as tapes or...
What access control method weighs additional factors, such as time of...
What protocol is a common open protocol for interfacing and querying...
What can be done to ensure that software meets the customer's...
What type of testing determines whether software meets various...
Which of the following is the FIRST step in protecting data's...
Which of the following is the WEAKEST authentication mechanism?
This is a common security issue that is extremely hard to control in...
Ensuring least privilege does not require:
How would nonrepudiation be best classified as?
Tim's day to day responsibilities include monitoring health of...
When referring to the data structures of a packet, the term Protocol...
Which of the following is an IP address that is private (i.e. reserved...
What layer of the OSI/ISO model does Point-to-point tunneling protocol...
Which of the following protocols does not operate at the data link...
Behavioral-based systems are also known as?
Which of the following groups represents the leading source of...
According to private sector data classification levels, how would...
Common Criteria 15408 generally outlines assurance and functional...
What is the number of columns in a table called?
What is the main problem of the renewal of a root CA certificate?
What service is known as cloud identity, which allows organizations to...
Which of the following is NOT an asymmetric key algorithm?
What is an XML-based framework for exchanging security information,...
Which approach to a security program ensures people responsible for...
What uses a key of the same length as the message where each bit or...
A criminal deduces that an organization is holding an offsite meeting...
You are the CISO (chief information security officer) of a large bank...
Which Security and Audit Framework has been adopted by some...
With regard to databases, which of the following has characteristics...
Your company sells Apple iPods online and has suffered many...
Which level of RAID does NOT provide additional reliability?
What describes a more agile development and support model, where...
Which of the following characteristics pertaining to databases is not...
Maximum Tolerable Downtime (MTD) is comprised of which two metrics?
In biometric identification systems, at the beginning, it was soon...
In SSL/TLS protocol, what kind of authentication is supported when you...
Which of these terms is MOST closely related to confidentiality?
In discretionary access environments, which of the following entities...
Your company sells Apple iPods online and has suffered many...
You are the CISO (chief information security officer) of a large bank...
What is the access protection system that limits connections by...
RADIUS incorporates which of the following services?
When considering all the reasons that buffer overflow vulnerabilities...
Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP...
With SQL Relational databases where is the actual data stored?
Which of the following is true for digital signatures?
What is the most secure type of EAP?
What metric describes how long it will take to recover a failed...
Which of the following is NOT a security characteristic we need to...
In biometrics, "one-to-many" search against database of...
What can be defined as a table of subjects and objects indicating what...
Which access control model would a lattice-based access control model...
Which of the following protocol was used by the INITIAL version of the...
Which of the following is an advantage of prototyping?
The best technique to authenticate to a system is to:
There are parallels between the trust models in Kerberos and Public...
What type of memory stores bits in small capacitors (like small...
What is the most secure type of firewall?
Two objects with the same name have different data. What OOP...
Which of the following security controls is intended to avoid and...
What is the primary goal of setting up a honey pot?
Which of the following are additional access control objectives?
A network-based vulnerability assessment is a type of test also...
Who should measure the effectiveness of Information System security...
Which of the following security controls is intended to bring an...
Which software development model is actually a meta-model that...
Debbie from finance called to tell you that she downloaded and...
What technique would raise the false accept rate (FAR) and lower the...
Operations Security seeks to primarily protect against which of the...
A 'Pseudo flaw' is which of the following?
The description of the database is called a schema. The schema is...
The authenticator within Kerberos provides a requested service to the...
Another example of Computer Incident Response Team (CIRT) activities...
Which of the following authentication mechanisms creates a problem for...
Your company sells Apple iPods online and has suffered many...
Which canon of The (ISC)2 Code of Ethics should be considered the most...
Which security model introduces access to objects only through...
Which of the following are WELL KNOWN PORTS assigned by the IANA?
SQL commands do not include which of the following?
Kerberos can prevent which one of the following attacks?
Which plan details the steps required to restore normal business...
The fact that a network-based IDS reviews packets payload and headers...
During an IS audit, one of your auditors has observed that some of the...
What is the BEST answer pertaining to the difference between the...
In computing what is the name of a non-self-replicating type of...
Complex applications involving multimedia, computer aided design,...
Why would a database be denormalized?
Which of the following is true about Kerberos?
Layer 2 of the OSI model has two sublayers. What are those sublayers,...
Which of the following statements pertaining to IPSec is incorrect?
In IPSec, if the communication is to be gateway-to-gateway or...
Which of the following is one of the oldest and most common problems...
What term describes a black-box testing method that seeks to identify...
Kerberos is vulnerable to replay in which of the following...
What is the difference between Access Control Lists (ACLs) and...
You wish to make use of "port knocking" technologies. How...
Which of the following protocols offers native encryption?
Which one of these statements about the key elements of a good...
Which of the following risk handling technique involves the practice...
The object-relational and object-oriented models are better suited to...
Which of the following is not an element of a relational database...
Which of the following translates source code one command at a time...
Which of the following would provide the BEST stress testing...
Java is not:
The Clipper Chip utilizes which concept in public key cryptography?
Which of the following is true about link encryption?
Which of the following is not a property of the Rijndael block cipher...
Cryptography does NOT help in:
Under which type of cloud service level would Linux hosting be...
What is NOT true with pre shared key authentication within IKE / IPsec...
What is the primary purpose of using redundant array of inexpensive...
Which managerial role is responsible for the actual computers that...
The throughput rate is the rate at which individuals, once enrolled,...
Which of the following technologies has been developed to support...
Which ISO/OSI layer establishes the communications link between...
A potential problem related to the physical installation of the Iris...
What type of relatively expensive and fast memory uses small latches...
A database contains an entry with an empty primary key. What database...
Which of the following is addressed by Kerberos?
Which of the following biometrics devices has the highest Crossover...
How many layers are defined within the US Department of Defense (DoD)...
In a known plaintext attack, the cryptanalyst has knowledge of which...
Which of the following was developed to address some of the weaknesses...
What ensures that the control mechanisms correctly implement the...
Unshielded Twisted Pair cabling is a:
Which of the following is the most reliable authentication method for...
Accessing an IPv6 network via an IPv4 network is called what?
Remote Procedure Call (RPC) is a protocol that one program can use to...
Transport Layer Security (TLS) is a two-layered socket layer security...
Which of the following represents the best programming?
Which of the following is less likely to be included in the change...
Virus scanning and content inspection of SMIME encrypted e-mail...
External consistency ensures that the data stored in the database is:
Which of the following biometric parameters are better suited for...
Which of the following is the MOST important aspect relating to...
In an online transaction processing system (OLTP), which of the...
Which of the following can be classified as objects?
Restricting Bluetooth device discovery relies on the secrecy of what?
Like the Kerberos protocol, SESAME is also subject to which of the...
Most access violations are:
The IP header contains a protocol field. If this field contains the...
In the days before CIDR (Classless Internet Domain Routing), networks...
What is NOT an authentication method within IKE and IPsec?
What protocol is used on the Local Area Network (LAN) to obtain an IP...
Which of the following offers security to wireless communications?
Which of the following statements pertaining to PPTP (Point-to-Point...
Which of the following is the primary security feature of a proxy...
The Widget Company decided to take their company public and while they...
What does "System Integrity" mean?
In regards to the query function of relational database operations,...
What is the act of obtaining information of a higher sensitivity by...
In what way could Java applets pose a security threat?
Brute force attacks against encryption keys have increased in potency...
Which of the following choices is a valid Public Key Cryptography...
Which of the following is a symmetric encryption algorithm?
A code, as it pertains to cryptography:
EMI such as crosstalk primarily impact which aspect of security?
Which of the following is most appropriate to notify an internal user...
Which of the following is the correct set of assurance requirements...
Which of the following is best practice to employ in order to reduce...
In which phase of the System Development Lifecycle (SDLC) is Security...
What metric describes the moment in time in which data must be...
To control access by a subject (an active entity such as individual or...
When an outgoing request is made on a port number greater than 1023,...
Which of the following best allows risk management results to be used...
Which of the following statements is NOT true of IPSec Transport mode?
Which of the following is NOT a property of the Rijndael block cipher...
A central authority determines what subjects can have access to...
A Differential backup process will:
The IP header contains a protocol field. If this field contains the...
In a SSL session between a client and a server, who is responsible for...
What can be defined as: It confirms that users' needs have been met by...
Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses...
Which of the following is true about link encryption?
Which vulnerability allows a third party to redirect static content...
Which of the following is a LAN transmission method?
Which of the following services is provided by S-RPC?
When a station communicates on the network for the first time, which...
Which of the following cable types is limited in length to 185 meters?
Which of the following was designed to support multiple network types...
Which of the following is the act of performing tests and evaluations...
What level of assurance for a digital certificate verifies a...
Which of the following is NOT a known type of Message Authentication...
Which of the following is the most secure firewall implementation?
Which of the following activities would not be included in the...
In Mandatory Access Control, sensitivity labels attached to an object...
What can be defined as a list of subjects along with their access...
Password management falls into which control category?
Who of the following is responsible for ensuring that proper controls...
You are the CISO (chief information security officer) of a large bank...
Which of the following best ensures accountability of users for the...
In the Bell-LaPadula model, the Star-property is also called:
What kind of encryption is realized in the S/MIME-standard?
One of the following statements about the differences between PPTP and...
Which of the following methods of providing telecommunications...
Which of the following best describes the Secure Electronic...