Which of the following is the FIRST step in protecting data's...
Which of the following is the WEAKEST authentication mechanism?
Behavioral-based systems are also known as?
A company outsources payroll services to a third party company. ...
This is a common security issue that is extremely hard to control in...
Which of the following groups represents the leading source of...
What can be done to ensure that software meets the customer's...
What method destroys the integrity of magnetic media, such as tapes or...
How would nonrepudiation be best classified as?
What is the number of columns in a table called?
What layer of the OSI/ISO model does Point-to-point tunneling protocol...
According to private sector data classification levels, how would...
What access control method weighs additional factors, such as time of...
Organizations should consider which of the following first before...
Tim's day to day responsibilities include monitoring health of...
What type of testing determines whether software meets various...
What is the main problem of the renewal of a root CA certificate?
What protocol is a common open protocol for interfacing and querying...
Which of the following is an IP address that is private (i.e. reserved...
When referring to the data structures of a packet, the term Protocol...
Who developed one of the first mathematical models of a...
Ensuring least privilege does not require:
Common Criteria 15408 generally outlines assurance and functional...
Which of the following protocols does not operate at the data link...
What service is known as cloud identity, which allows organizations to...
Which of the following is NOT an asymmetric key algorithm?
Which approach to a security program ensures people responsible for...
What uses a key of the same length as the message where each bit or...
What is an XML-based framework for exchanging security information,...
A criminal deduces that an organization is holding an offsite meeting...
You are the CISO (chief information security officer) of a large bank...
Which Security and Audit Framework has been adopted by some...
With regard to databases, which of the following has characteristics...
Which of the following characteristics pertaining to databases is not...
Which level of RAID does NOT provide additional reliability?
What describes a more agile development and support model, where...
Your company sells Apple iPods online and has suffered many...
Which of these terms is MOST closely related to confidentiality?
Maximum Tolerable Downtime (MTD) is comprised of which two metrics?
In SSL/TLS protocol, what kind of authentication is supported when you...
In biometric identification systems, at the beginning, it was soon...
You are the CISO (chief information security officer) of a large bank...
Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP...
With SQL Relational databases where is the actual data stored?
Your company sells Apple iPods online and has suffered many...
RADIUS incorporates which of the following services?
What is the access protection system that limits connections by...
When considering all the reasons that buffer overflow vulnerabilities...
In discretionary access environments, which of the following entities...
Which of the following is NOT a security characteristic we need to...
Which access control model would a lattice-based access control model...
What is the most secure type of EAP?
What can be defined as a table of subjects and objects indicating what...
Which of the following protocol was used by the INITIAL version of the...
Which of the following is an advantage of prototyping?
In biometrics, "one-to-many" search against database of...
Which of the following is true for digital signatures?
What metric describes how long it will take to recover a failed...
The best technique to authenticate to a system is to:
Which software development model is actually a meta-model that...
A network-based vulnerability assessment is a type of test also...
Which of the following security controls is intended to bring an...
There are parallels between the trust models in Kerberos and Public...
Which of the following are additional access control objectives?
Who should measure the effectiveness of Information System security...
What is the primary goal of setting up a honey pot?
What is the most secure type of firewall?
Two objects with the same name have different data. What OOP...
Debbie from finance called to tell you that she downloaded and...
What type of memory stores bits in small capacitors (like small...
Which of the following security controls is intended to avoid and...
Operations Security seeks to primarily protect against which of the...
A 'Pseudo flaw' is which of the following?
The description of the database is called a schema. The schema is...
What technique would raise the false accept rate (FAR) and lower the...
The authenticator within Kerberos provides a requested service to the...
Another example of Computer Incident Response Team (CIRT) activities...
Which of the following are WELL KNOWN PORTS assigned by the IANA?
SQL commands do not include which of the following?
Which security model introduces access to objects only through...
Which of the following authentication mechanisms creates a problem for...
Which canon of The (ISC)2 Code of Ethics should be considered the most...
Your company sells Apple iPods online and has suffered many...
Why would a database be denormalized?
In computing what is the name of a non-self-replicating type of...
Which plan details the steps required to restore normal business...
What is the BEST answer pertaining to the difference between the...
Complex applications involving multimedia, computer aided design,...
During an IS audit, one of your auditors has observed that some of the...
Kerberos can prevent which one of the following attacks?
The fact that a network-based IDS reviews packets payload and headers...
Which of the following is true about Kerberos?
In IPSec, if the communication is to be gateway-to-gateway or...
Which of the following is one of the oldest and most common problems...
Layer 2 of the OSI model has two sublayers. What are those sublayers,...
Which of the following statements pertaining to IPSec is incorrect?
Which of the following translates source code one command at a time...
Which of the following risk handling technique involves the practice...
Which of the following would provide the BEST stress testing...
What is the difference between Access Control Lists (ACLs) and...
Which one of these statements about the key elements of a good...
The object-relational and object-oriented models are better suited to...
Which of the following protocols offers native encryption?
You wish to make use of "port knocking" technologies. How...
Which of the following is true about link encryption?
Kerberos is vulnerable to replay in which of the following...
Which of the following is not an element of a relational database...
The Clipper Chip utilizes which concept in public key cryptography?
Which of the following is not a property of the Rijndael block cipher...
What term describes a black-box testing method that seeks to identify...
Java is not:
Cryptography does NOT help in:
Under which type of cloud service level would Linux hosting be...
What is NOT true with pre shared key authentication within IKE / IPsec...
What is the primary purpose of using redundant array of inexpensive...
The throughput rate is the rate at which individuals, once enrolled,...
Which managerial role is responsible for the actual computers that...
Which of the following technologies has been developed to support...
Which ISO/OSI layer establishes the communications link between...
Which of the following is addressed by Kerberos?
In a known plaintext attack, the cryptanalyst has knowledge of which...
What type of relatively expensive and fast memory uses small latches...
How many layers are defined within the US Department of Defense (DoD)...
Which of the following biometrics devices has the highest Crossover...
A database contains an entry with an empty primary key. What database...
A potential problem related to the physical installation of the Iris...
What ensures that the control mechanisms correctly implement the...
Unshielded Twisted Pair cabling is a:
Which of the following was developed to address some of the weaknesses...
Remote Procedure Call (RPC) is a protocol that one program can use to...
Which of the following is the most reliable authentication method for...
Transport Layer Security (TLS) is a two-layered socket layer security...
Accessing an IPv6 network via an IPv4 network is called what?
Which of the following is less likely to be included in the change...
Which of the following represents the best programming?
Virus scanning and content inspection of SMIME encrypted e-mail...
In an online transaction processing system (OLTP), which of the...
Which of the following is the MOST important aspect relating to...
Which of the following biometric parameters are better suited for...
External consistency ensures that the data stored in the database is:
Which of the following statements pertaining to PPTP (Point-to-Point...
The IP header contains a protocol field. If this field contains the...
Which of the following choices is a valid Public Key Cryptography...
What is NOT an authentication method within IKE and IPsec?
What does "System Integrity" mean?
Restricting Bluetooth device discovery relies on the secrecy of what?
In what way could Java applets pose a security threat?
Brute force attacks against encryption keys have increased in potency...
In regards to the query function of relational database operations,...
What protocol is used on the Local Area Network (LAN) to obtain an IP...
Which of the following is a symmetric encryption algorithm?
A code, as it pertains to cryptography:
Most access violations are:
Like the Kerberos protocol, SESAME is also subject to which of the...
What is the act of obtaining information of a higher sensitivity by...
In the days before CIDR (Classless Internet Domain Routing), networks...
Which of the following offers security to wireless communications?
Which of the following can be classified as objects?
The Widget Company decided to take their company public and while they...
Which of the following is the primary security feature of a proxy...
Which of the following is most appropriate to notify an internal user...
EMI such as crosstalk primarily impact which aspect of security?
Which of the following is NOT a property of the Rijndael block cipher...
Which of the following is best practice to employ in order to reduce...
In which phase of the System Development Lifecycle (SDLC) is Security...
Which of the following is the correct set of assurance requirements...
What metric describes the moment in time in which data must be...
To control access by a subject (an active entity such as individual or...
Which of the following best allows risk management results to be used...
When an outgoing request is made on a port number greater than 1023,...
Which of the following statements is NOT true of IPSec Transport mode?
In a SSL session between a client and a server, who is responsible for...
The IP header contains a protocol field. If this field contains the...
A Differential backup process will:
A central authority determines what subjects can have access to...
What can be defined as: It confirms that users' needs have been met by...
Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses...
Which of the following is true about link encryption?
Which of the following cable types is limited in length to 185 meters?
When a station communicates on the network for the first time, which...
Which of the following is the act of performing tests and evaluations...
Which of the following was designed to support multiple network types...
Which of the following is a LAN transmission method?
Which of the following services is provided by S-RPC?
Which of the following is NOT a known type of Message Authentication...
What level of assurance for a digital certificate verifies a...
Which vulnerability allows a third party to redirect static content...
Which of the following is the most secure firewall implementation?
Which of the following activities would not be included in the...
What can be defined as a list of subjects along with their access...
Who of the following is responsible for ensuring that proper controls...
In Mandatory Access Control, sensitivity labels attached to an object...
Password management falls into which control category?
Which of the following methods of providing telecommunications...
Which of the following best ensures accountability of users for the...
Which of the following best describes the Secure Electronic...
What kind of encryption is realized in the S/MIME-standard?
One of the following statements about the differences between PPTP and...
Many approaches to Knowledge Discovery in Databases (KDD) are used to...
Which of the following would be the best reason for separating the...