2.
A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy is a(n) __________.
Correct Answer
A. Vulnerability
Explanation
A vulnerability refers to a flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. It represents a potential entry point for attackers to compromise the system's integrity, confidentiality, or availability. Identifying and addressing vulnerabilities is crucial in maintaining the security of a system and preventing unauthorized access or malicious activities.
3.
A(n) _________ is an attempt to learn or make use of information from the system that does not affect system resources.
Correct Answer
A. Passive attack
Explanation
A passive attack refers to an attempt to learn or make use of information from a system without affecting system resources. In this type of attack, the attacker does not actively alter or disrupt the system but rather observes or intercepts data. This can include activities such as eavesdropping, monitoring network traffic, or analyzing data to gain unauthorized access or obtain sensitive information. Unlike active attacks, passive attacks do not directly impact or manipulate system resources.
4.
A________ level breach of security could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
Explanation
A high-level breach of security refers to a situation where there is a severe or catastrophic adverse effect on organizational operations, assets, or individuals. This means that the breach has significant consequences and can cause substantial damage to the organization or individuals involved. It indicates that the breach is not minor or insignificant, but rather has a major impact on the overall functioning and well-being of the organization or individuals affected.
5.
From a security point of view, which of the following actions should be done upon the termination of an employee?
Correct Answer
A. All of the above
Explanation
Upon the termination of an employee, it is important from a security point of view to take all of the mentioned actions. Removing the person's name from all lists of authorized access ensures that they no longer have any privileges or permissions within the organization's systems. Recovering all assets, including employee ID, disks, documents, and equipment, helps to prevent any unauthorized use or access to sensitive information. Removing all personal access codes ensures that the former employee cannot use their credentials to gain entry into any systems or networks. Taking all of these actions collectively helps to mitigate security risks and protect the organization's assets and information.
6.
Data items to capture for a security audit trail include
Correct Answer
A. All of the above
Explanation
A security audit trail is a record of events and activities related to the security mechanisms on a system. It includes capturing data items such as events related to the operating system access and remote access. Therefore, the correct answer is "all of the above" as it encompasses all the mentioned data items that need to be captured for a security audit trail.
7.
An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is a(n) __________.
Explanation
An assault on system security that derives from an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system is referred to as an "attack". This term is commonly used in the context of cybersecurity to describe intentional actions taken to compromise the security of a system or network. Attacks can take various forms, such as malware infections, unauthorized access attempts, or social engineering techniques, and they are aimed at exploiting vulnerabilities in order to gain unauthorized access or cause harm to the targeted system.
8.
______ is a benefit of security awareness, training, and education programs to organizations.
Correct Answer
A. All of the above
Explanation
Security awareness, training, and education programs provide several benefits to organizations. Firstly, they help in improving employee behavior by educating them about potential security risks and teaching them how to identify and respond to such threats. Secondly, these programs increase the organization's ability to hold employees accountable for their actions by establishing clear guidelines and consequences for security breaches. Lastly, these programs also help in mitigating the liability of the organization for an employee's behavior by demonstrating that necessary measures were taken to educate and train employees on security protocols. Therefore, all of the given options are correct benefits of security awareness, training, and education programs.
9.
A(n) __________ is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that correct action can be taken.
Correct Answer
A. Countermeasure
Explanation
A countermeasure is a method or strategy that is used to reduce or prevent a threat, vulnerability, or attack. It can be an action, device, procedure, or technique that aims to eliminate or minimize the harm caused by the threat or attack. Countermeasures can also involve discovering and reporting the threat or attack so that appropriate action can be taken to address it.
10.
CERT stands for ___________.
Correct Answer
A. Computer Emergency Response Team
Explanation
CERT stands for Computer Emergency Response Team. This team is responsible for responding to and handling computer security incidents and emergencies. They work to prevent, detect, and respond to cyber threats and vulnerabilities. The term "emergency" implies the urgency and critical nature of their work, as they are tasked with quickly addressing and mitigating any potential risks or damages caused by cyber attacks or other security incidents.
11.
Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. System integrity
Correct Answer
A. System integrity
Explanation
System integrity refers to the assurance that a system operates as intended without any unauthorized manipulation. It ensures that the system functions smoothly and is not compromised intentionally or unintentionally. This includes protecting the system from any unauthorized access, modification, or disruption that could potentially affect its performance or compromise its intended function. System integrity is crucial for maintaining the reliability and trustworthiness of a system.
12.
A loss of _________ is the unauthorized disclosure of information.
Correct Answer
A. Confidentiality
Explanation
Confidentiality refers to the protection of sensitive information from being accessed or disclosed to unauthorized individuals. A loss of confidentiality occurs when this information is disclosed without proper authorization. Therefore, it is the correct answer for the given question.
13.
__________ is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Correct Answer
A. Traffic padding
Explanation
Traffic padding is the insertion of bits into gaps in a data stream to frustrate traffic analysis attempts. By adding extra bits, the data stream becomes less predictable and harder to analyze, making it difficult for attackers or surveillance systems to gather meaningful information about the traffic. This technique helps to protect the privacy and security of the data being transmitted.
14.
_______ are ways for an awareness program to promote the security message to employees
Correct Answer
A. All of the above
Explanation
Posters, newsletters, and workshops and training sessions are all effective ways for an awareness program to promote the security message to employees. Posters can be displayed in common areas to catch employees' attention and remind them of important security practices. Newsletters can be distributed regularly to provide updates, tips, and reminders about security measures. Workshops and training sessions allow for more interactive and in-depth learning experiences, where employees can actively participate and ask questions. By utilizing all of these methods, the awareness program can effectively reach and engage employees, ensuring that the security message is effectively communicated and understood.
15.
An example of __________ is an attempt by an unauthorized user to gain access to a system by posing as an authorized user.
Correct Answer
A. Masquerade
Explanation
The correct answer is masquerade because it refers to the act of pretending to be someone else in order to deceive or gain unauthorized access. In this context, an unauthorized user is attempting to gain access to a system by posing as an authorized user, which is a clear example of masquerade.
16.
_________ audit trails may be used to detect security violations within an application or to detect flaws in the application’s interaction with the system
Correct Answer
A. Application-level
Explanation
Application-level audit trails are used to track and record the activities and events within an application. These audit trails help in detecting security violations, such as unauthorized access or changes to sensitive data, within the application. They also help in identifying flaws or vulnerabilities in the application's interaction with the system. System-level audit trails, on the other hand, monitor and record system-level activities and events, while user-level audit trails track and record individual user actions. Therefore, the correct answer is Application-level.
17.
______ software is a centralized logging software package similar to, but much more complex than, syslog
Explanation
SIEM stands for Security Information and Event Management. It is a centralized logging software package that collects and analyzes log data from various sources within an organization's network. SIEM is designed to provide real-time monitoring, threat detection, and incident response capabilities. It offers more advanced features and functionality compared to syslog, making it a suitable choice for organizations that require complex and comprehensive logging and analysis capabilities.
18.
A threat action in which sensitive data are directly released to an unauthorized entity is __________.
Correct Answer
A. Exposure
Explanation
Exposure refers to a threat action where sensitive data is directly released to an unauthorized entity. This means that the data is made accessible to someone who should not have access to it, potentially leading to unauthorized use or disclosure. This can occur due to various factors such as weak security measures, human error, or malicious intent. It is important to prevent exposure of sensitive data to protect the privacy and security of individuals and organizations.
19.
The _________ prevents or inhibits the normal use or management of communications facilities.
Correct Answer
A. Denial of service
Explanation
Denial of service refers to a type of cyber attack where the attacker intentionally disrupts or hinders the normal functioning of communication facilities, such as networks, servers, or websites. This can be achieved by overwhelming the target system with excessive traffic or by exploiting vulnerabilities to crash or disable the system. The objective is to prevent legitimate users from accessing or using the services provided by the targeted system.
20.
A __________ is any action that compromises the security of information owned by an organization.
Correct Answer
A. Security atatck
Explanation
A security attack is any action that compromises the security of information owned by an organization. This can include unauthorized access, data breaches, malware infections, or any other malicious activity that puts the confidentiality, integrity, or availability of information at risk. Security attacks can be intentional or unintentional, and they can originate from both internal and external sources. It is important for organizations to have robust security measures in place to detect, prevent, and mitigate the impact of security attacks.
21.
The assets of a computer system can be categorized as hardware, software, communication lines and networks, and _________.
Correct Answer
Data, data
Explanation
The assets of a computer system can be categorized as hardware, software, communication lines and networks, and data. Data is an essential asset in a computer system as it refers to the information or facts that are stored and processed by the system. It can include various types of information such as documents, files, databases, and user input. Data is crucial for the functioning of a computer system as it is used by the software to perform tasks and provide output to the users. Additionally, data can also be transmitted and shared through communication lines and networks, making it an integral part of the system's assets.
22.
___________ scan critical system files, directories, and services to ensure they have not been changed without proper authorization
Correct Answer
A. System integrity verification tools
Explanation
System integrity verification tools are designed to scan critical system files, directories, and services to ensure that they have not been changed without proper authorization. These tools help to detect any unauthorized modifications or tampering with the system, which could indicate a potential security breach or compromise. By regularly scanning and verifying the integrity of these system components, organizations can ensure the overall security and stability of their systems.
23.
System conditions requiring immediate attention is a(n) _______ severity
Explanation
The correct answer is "alert" because an alert severity indicates that there are system conditions that require immediate attention. This severity level implies that there may be critical issues or potential threats that need to be addressed urgently in order to prevent further problems or damage to the system.
24.
A(n) _________ assessment is periodically assessing the risk to organizational operations, organizational assets, and individuals, resulting from the operation of organizational information systems and the associated processing, storage, or transmission or organizational information.
Correct Answer
risk, Risk
Explanation
The given answer is correct because it accurately identifies that the assessment being referred to is related to the evaluation of risk. This assessment involves periodically assessing the potential risks that can affect organizational operations, assets, and individuals. These risks can arise from the operation of information systems and the associated processing, storage, or transmission of organizational information. The repetition of the word "risk" in both lowercase and uppercase emphasizes the importance and significance of this assessment in identifying and mitigating potential risks.
25.
________ is explicitly required for all employees
Correct Answer
A. Security awareness
Explanation
Security awareness is explicitly required for all employees because it ensures that they have the knowledge and understanding of potential security risks and threats. By being aware of security best practices, employees can actively contribute to maintaining a secure work environment and protecting sensitive information. This includes being aware of common attack vectors, understanding the importance of strong passwords, being cautious of phishing attempts, and knowing how to report any suspicious activities. Security awareness helps to create a culture of security within an organization and empowers employees to be proactive in safeguarding company assets.
26.
A _____________is a characteristic of a piece of technology that can be exploited to perpetrate a security incident
Correct Answer
vulnerability
Explanation
A vulnerability refers to a characteristic or weakness in a piece of technology that can be exploited by malicious individuals or entities to carry out a security incident. It is a flaw or loophole in the system that can be taken advantage of to gain unauthorized access, cause damage, or steal information. Identifying and addressing vulnerabilities is crucial in maintaining the security and integrity of technology systems.
27.
The assurance that data received are exactly as sent by an authorized entity is __________.
Correct Answer
A. Traffic integrity
Explanation
Traffic integrity refers to the assurance that data received is exactly as sent by an authorized entity. It ensures that the data has not been tampered with or altered during transmission. Authentication, traffic control, and traffic routing are not directly related to ensuring the integrity of the data.
28.
Security implementation involves four complementary courses of action: prevention, detection, response, and _________.
Correct Answer
recovery, Recovery
Explanation
The question is asking for the missing complementary course of action in security implementation, which is recovery. Recovery is an essential step in security implementation as it involves restoring systems and data to their normal functioning state after a security incident or breach. It focuses on recovering lost or compromised data, repairing any damage caused, and ensuring that systems are secure and operational again. Recovery is crucial to minimize the impact of security incidents and to restore normalcy in the organization's operations.
29.
The ________ is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail
Correct Answer
A. Audit trail collector
Explanation
The audit trail collector is a module on a centralized system that gathers audit trail records from various other systems and consolidates them into a single audit trail. This allows for centralized monitoring and analysis of the audit trail data, providing a comprehensive view of system activity and facilitating compliance with regulatory requirements.
30.
_________ audit trails are generally used to monitor and optimize system performance
Correct Answer
A. System-level
Explanation
System-level audit trails are generally used to monitor and optimize system performance. This is because system-level audit trails provide a comprehensive overview of all activities and events occurring within the system. By monitoring these audit trails, system administrators can identify bottlenecks, detect performance issues, and make necessary optimizations to improve the overall performance of the system. User-level and physical-level audit trails, on the other hand, focus on individual user activities and physical access to the system, respectively, and may not provide the same level of insight into system performance.
31.
Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
Correct Answer
A. Privacy
Explanation
Privacy refers to the assurance that individuals have control or influence over the collection, storage, and disclosure of their personal information. It ensures that individuals can determine who has access to their data and how it is used. Privacy is crucial in maintaining the confidentiality and security of personal information, protecting individuals from unauthorized access or misuse of their data. It also promotes trust and transparency between individuals and organizations handling their information.
32.
The ________ is a module that transmits the audit trail records from its local system to the centralized audit trail collector
Correct Answer
A. Audit dispatcher
Explanation
The audit dispatcher is a module that is responsible for transmitting the audit trail records from its local system to the centralized audit trail collector. It acts as a mediator between the local system and the collector, ensuring that all the necessary audit trail records are sent and received accurately. The audit analyzer, on the other hand, is not involved in the transmission process but rather analyzes the collected audit trail records for further analysis and reporting. Therefore, the correct answer is audit dispatcher.
33.
Release of message contents and traffic analysis are two types of _________ attacks.
Correct Answer
passive, Passive
Explanation
Passive attacks refer to the interception and monitoring of communication without altering or disrupting it. Release of message contents involves unauthorized access to the actual message, while traffic analysis involves analyzing patterns and metadata of the communication to gain information. Both these attacks fall under the category of passive attacks as they do not actively manipulate the communication.
34.
A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.
Correct Answer
A. Inline sensor
Explanation
An inline sensor is inserted into a network segment to ensure that the traffic being monitored must pass through the sensor. Unlike other types of sensors, such as LAN sensors or analysis sensors, an inline sensor is specifically designed to be placed directly in the network path, allowing it to intercept and analyze all traffic passing through. This ensures comprehensive monitoring and analysis of network traffic, making it an effective tool for network security and performance monitoring. A passive sensor, on the other hand, would only listen to the traffic without actively intercepting it.
35.
A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so
Correct Answer
A. Security intrusion
Explanation
A security intrusion refers to a security event where an unauthorized person gains access to a system. This unauthorized access is considered a security incident as it violates the system's authorization requirements. It is important to identify and address security intrusions promptly to prevent further damage and protect sensitive information.
36.
__________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.
Correct Answer
A. Signature detection
Explanation
Signature detection involves defining a set of rules or attack patterns that can be used to determine if a behavior is that of an intruder. This method relies on known signatures or patterns of malicious activity to identify and block potential threats. By comparing network traffic or system behavior against a database of known signatures, signature detection can effectively detect and prevent intrusions.
37.
_______are decoy systems that are designed to lure a potential attacker away from critical systems.
Correct Answer
honeypots, Honeypots
Explanation
Honeypots are decoy systems that are specifically created to divert potential attackers from accessing critical systems. These systems are designed to mimic real networks or applications, enticing attackers to interact with them instead of the actual valuable assets. By luring attackers to these honeypots, organizations can gather information about their tactics, techniques, and intentions, allowing them to enhance their overall security measures and protect their critical systems effectively.
38.
Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees’ knowledge of their ________ and of potential penalties
Correct Answer
A. Accountability
Explanation
Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees' knowledge of their accountability and of potential penalties. By understanding their responsibilities and the consequences of their actions, employees are less likely to engage in fraudulent activities or actions that could harm the organization. This knowledge creates a sense of responsibility and encourages employees to act ethically and in compliance with regulations, reducing the risk of fraud and misconduct.
39.
Employees have no expectation of _________in their use of company-provided e-mail or Internet access, even if the communication is personal in nature
Correct Answer
privacy
Explanation
Employees have no expectation of privacy in their use of company-provided e-mail or Internet access, even if the communication is personal in nature. This means that employees should not assume that their personal communications are private when using company resources. Employers have the right to monitor and access these communications for various reasons, such as ensuring compliance with company policies, protecting sensitive information, and preventing misuse of company resources. Therefore, employees should exercise caution and use company-provided resources responsibly and professionally.
40.
Replay, masquerade, modification of messages, and denial of service are example of _________ attacks.
Correct Answer
active, Active
Explanation
The given correct answer for this question is "active, Active". This is because replay, masquerade, modification of messages, and denial of service are all examples of active attacks. Active attacks involve an attacker actively interfering with the communication process, such as intercepting and altering messages, impersonating legitimate users, or disrupting the availability of a service. These attacks are characterized by the attacker's direct involvement in manipulating or disrupting the communication flow.
41.
_________ is a document that describes the application level protocol for exchanging data between intrusion detection entities
Correct Answer
A. RFC 4767
Explanation
RFC 4767 is the correct answer because it is a document that describes the application level protocol for exchanging data between intrusion detection entities. The RFC (Request for Comments) series is a collection of documents that define various protocols, procedures, and standards for the internet. RFC 4767 specifically focuses on the protocol for exchanging data between intrusion detection entities, making it the appropriate choice for this question.
42.
________ can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits
Correct Answer
A. Artifacts
Explanation
The term "artifacts" refers to various types of malicious software that can harm computer systems, such as computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits. These artifacts are designed to exploit vulnerabilities in computer systems and can cause significant damage if not detected and addressed promptly.
43.
A _______ policy states that the company may access, monitor, intercept, block access, inspect, copy, disclose, use, destroy, or recover using computer forensics any data covered by this policy
Correct Answer
A. Company rights
Explanation
This policy states that the company has the rights to access, monitor, intercept, block access, inspect, copy, disclose, use, destroy, or recover any data covered by this policy. This implies that the company has the authority to take these actions in order to enforce its rights and protect its interests regarding the data.
44.
Windows is equipped with three types of event logs: system event log, security event log, and _________event log.
Correct Answer
application
Explanation
Windows is equipped with three types of event logs: system event log, security event log, and application event log. The application event log is responsible for recording events related to applications running on the Windows operating system. It tracks various types of information such as application crashes, errors, warnings, and informational events. This log is useful for troubleshooting and diagnosing issues with specific applications on the system.
45.
A(n) _________ is a threat that is carried out and, if successful, leads to an undesirable violation of security, or threat consequence.
Correct Answer
Attack, attack
Explanation
The given correct answer is "Attack, attack". An attack refers to a deliberate action taken with the intention to compromise security. It is a threat that, if successful, results in an undesirable violation of security or threat consequence. The repetition of the word "attack" in the question and answer might be a typographical error or redundancy.
46.
________ is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling
Explanation
Triage is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling. This term is commonly used in medical contexts, where it refers to the assessment and prioritization of patients based on the severity of their condition. However, triage can also be applied to other situations, such as emergency response or customer support, where quick decision-making and prioritization are necessary. The goal of triage is to efficiently allocate resources and attention to the most urgent or critical cases first.
47.
A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency is called a ______.
Correct Answer
A. All of the above
Explanation
A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency can be referred to by any of the terms CIRT, CIRC, or CSIRT. These terms are interchangeable and can be used to describe the same concept. Therefore, the correct answer is "all of the above" as they all represent the same capability.
48.
With _________ the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffected
Correct Answer
A. Dynamically linked shared libraries
Explanation
Dynamically linked shared libraries allow for the linking to shared library routines to be deferred until load time. This means that any changes made to the library will not affect any program that references it. Statically linked shared libraries, on the other hand, are linked at compile time and any changes made to the library will require recompilation of the program. System linked shared libraries refer to libraries that are provided by the operating system. Therefore, the correct answer is dynamically linked shared libraries, as they provide the desired behavior of deferring linking until load time.
49.
___________is UNIX’s general-purpose logging mechanism found on all UNIX variants and Linux.
Correct Answer
Syslog , syslog
Explanation
Syslog is a general-purpose logging mechanism that can be found on all UNIX variants and Linux. It is used to collect and store log messages from various sources within the system. Syslog allows administrators to centralize and manage log data, making it easier to monitor and troubleshoot system issues. The lowercase "syslog" is simply a variant of the term, referring to the specific implementation of the logging mechanism.