|________________ refers to software that allows for the automated development of software, which can come in the form of program editors, debuggers, code analyzers, version control mechanisms, and more. Privacy impact rating CASE Attack surface analysis Threat modeling.
In which testing phase ensures that the code meets customer requirements? Integration testing Unit testing Acceptance testing Regression testing.
Incident response procedures include the following activities, but of which stage can be difficult in case of a virus attack. Incident identification Containment Tracking Recovery.
Phreaking is a type of hacking primarily concerned with what type of systems? LAN Telephony SCADA Ethernet.
Which of the following is the most secure form of DES implementations? DES-EEE3 3DES-EEE3 DES-EDE2 DES-EEE5.
Which one of the security objectives is not part of the fundamental principles of security? Availability Integrity Confidentiality Authentication.
Symmetric key algorithm requires the following number of keys. N(N-1)/2 N(N*2)/3 N/2 N*2/3.
You are told by your supervisor to maintain evidence for later use during a legal proceeding. What process do you need to document referring to the proper handling of the evidence? Chain of custody Due Diligence Escalation of Privilege Incident response Order of volatility.
What type of network device is responsible for determining the best route from the source to the destination? Switch Repeater Bridge Router.
The strength of an encryption is determined by many components. However, one of the following does not contribute to the strength of an encryption. The secrecy of the key The length of the key The initialization vector The cryptanalyst skills.
Which risk handling method defines the acceptable risk level the organization can tolerate and reduces the risk to that level? Risk avoidance Risk transfer Risk mitigation Risk acceptance.
What type of security classification level requires higher than normal assurance of accuracy and completeness? Public Private Top Secret Sensitive.
What is a major disadvantage of a wet pipe system? Expensive and difficult to maintain Water in pipes can freeze in cold climates Does not function when electricity fails Cannot be used in a data processing environment.
Simultaneous execution of more than one program by a single OS is called _____________. Fill in the blank. interrupt Multitasking Multiprocessing Preemptive multitasking.
What type of malware is self-replicating? Trojan Worm Clone Spam Virus.
_________________ identifies and reduces the amount of code accessible to untrusted users. Privacy impact rating Attack surface Attack surface analysis Threat modeling.
Companies can set predefined threshold for the number of certain types of errors that will be allowed before the activity is considered suspicious. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised. This baseline is called___________. Sensitive level Clipping level Baseline Alarm.
What is RAID 5? Stripping Mirroring Stripping with parity Clustering.
Which access control model is based on an operating system enforcing the system's policy through the use of security labels? DAC MAC RBAC NON-RBAC.
What type of evidence is not viewed as reliable and strong in proving innocence or guilt when compared to best evidence? Circumstantial Evidence Secondary Evidence Corroborative Evidence Opinion Evidence.
Which of the following Hash Algorithms is a more secure Hash Algorithm? MD4 SHA HAVAL RIPEMD.
Different functionalities of security controls are applied to produce the desired security outcomes. Which of the following security controls is intended to fix components or systems after an incident has occurred? Detective Compensating Corrective Preventive.
What height of fence is recommended to deter determined intruders? 4 ft. 6 ft. 8 ft. 10 ft.
Companies can choose from the following outsourced DR site. Which site is considered most expensive? Hot site Mirror site Warm site Cold site.
The BCP committee must identify the threats to the company and map them to the following but one. Maximum tolerable downtime and disruption for activities. Operational disruption and productivity Third party relationship Reputation.
Which of the following is not an application protocol? SMTP HTTP SNMP ICMP.
Cryptography algorithms are either __________ algorithms, which use private keys, or ____________ algorithms, which use public & private keys. Fill in the blanks. Asymmetric, symmetric Symmetric, asymmetric Hashing, key exchange PKI, Integrity.
An intruder injects him/herself into an ongoing dialog between two computers so that he/she can intercept and read messages being passed back and forth. What is this attack? Mail bombing Ping of death DOS attack Man in the middle attack.
The ____________ is the earliest time period and a service level within which a business process must be restored after a disaster to avoid unacceptable consequences associated with a break in business continuity. The ____________ is the acceptable amount of data loss measured in time. This value represents the earliest point in time at which data must be recovered. RTO, RPO RPO, RTO MTD, Recovery RPO, MTD.
Software is usually developed for _______________ first, not ___________ first. To get the best of both worlds, security and functionality would have to be designed and integrated into the individual phases of the SDLC. Fill in the blanks. Security, functionality Functionality, security Requirement, functionality Functionality, requirement.
What is RAID 1? Stripping Mirroring Stripping with parity Clustering.
What is the level of risk an organization is willing to accept? Baseline Minimum configuration Acceptable risk Risk appetite.
In SDLC model, _________________ deploys the software and then ensures that it is properly configured, patched, and monitored. Requirement gathering Design Testing Maintenance.
____________ means that an individual should have just enough permission and rights to fulfill his roles and responsibilities in the company and no more. Least privilege Job rotation Mandatory vacations Collusion.
What protocol provides reliable data transfer and connection-oriented data management? User Datagram Protocol (UDP) Transmission Control Protocol (TCP) Simple File Transfer Protocol (SFTP) BROADCAST.
During emergency if one can't get to the organization's data, which security objectives has been compromised? Availability Integrity Confidentiality Authentication.
Which of the following is not part of the risk assessment processes? Asset inventory Vulnerability assessment Risk mitigation Risk monitoring.