Cuestionario de Diagnóstico

CISSP – DIAGNOSTICO

Question N° 1
In a discretionary mode, which of the following entities is authorized to grant
information access to other people?
A. Manager
B. Group leader
C. Security manager
D. User

Question N° 2
What term is used to describe code objects that act on behalf of a user while operating
in an unattended manner?
A. Agent
B. Worm
C. Applet
D. Browser

Question N° 3
What programming language(s) can be used to develop ActiveX controls for use on an
Internet site?
A. Visual Basic
B. C
C. Java
D. All of the above

Question N° 4
Within the realm of IT security, which of the following combinations best defines
risk?
A. Threat coupled with a breach.
B. Threat coupled with a vulnerability.
C. Vulnerability coupled with an attack.
D. Threat coupled with a breach of security.

Question N° 5
Which of the following would be the best reason for separating the test and
development environments?
A. To restrict access to systems under test.
B. To control the stability of the test environment.
C. To segregate user and development staff.
D. To secure access to systems under development.

1
Question N° 6
Which one of the following key types is used to enforce referential integrity between
database tables?
A. Candidate key
B. Primary key
C. Foreign key
D. Super key

Question N° 7
What type of information is used to form the basis of an expert system’s decision-
making process?
A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted according to past
performance
C. A series of “if/then” rules codified in a knowledge base
D. A biological decision-making process that simulates the reasoning process used by the
human mind

Question N° 8
Business Impact Analysis (BIA) does not:
A. Recommend the appropriate recovery solution.
B. Determine critical and necessary business functions and their resource dependencies.
C. Identify critical computer applications and the associated outage tolerance.
D. Estimate the financial impact of a disruption.

Question N° 9
Which access control model enables the owner of the resource to specify what subjects
can access specific resources?
A. Discretionary Access Control
B. Mandatory Access Control
C. Sensitive Access Control
D. Role-based Access Control

Question N° 10
What type of cable is used with 100Base-TX Fast Ethernet?
A. Fiber-optic cable
B. Four pairs of Category 3, 4 or 5 unshielded twisted-par (UTP) wires.
C. Two pairs of Category 5 unshielded twisted-pair (UTP) or Category 1 shielded twisted-
pair (STP) wires.
D. RG.58 cable.

2
Question N° 11
Which one of the following terms cannot be used to describe the main RAM of a
typical computer system?
A. Nonvolatile
B. Sequential access
C. Real memory
D. Primary memory

Question N° 12
Which of the following best describes the Secure Electronic Transaction (SET)
protocol?
A. Originated by VISA and MasterCard as an Internet credit card protocol.
B. Originated by VISA and MasterCard as an Internet credit card protocol using digital
signatures.
C. Originated by VISA and MasterCard as an Internet credit card protocol using the
transport layer.
D. Originated by VISA and MasterCard as an Internet credit card protocol using SSL.

Question N° 13
At which of the following phases of a software development life cycle are security and
access controls normally designed?
A. Coding
B. Product design
C. Software plans and requirements
D. Detailed design

Question N° 14
What is system certification?
A. Formal acceptance of a stated system configuration
B. A technical evaluation of each part of a computer system to assess its compliance with
security standards
C. A functional evaluation of the manufacturer’s goals for each hardware and software
component to meet integration standards
D. A manufacturer’s certificate stating that all components were installed and configured
correctly

Question N° 15
What does IPSec define?
A. All possible security classifications for a specific configuration
B. A framework for setting up a secure communication channel
C. The valid transition states in the Biba model
D. TCSEC security categories

3
Question N° 16
Which type of control would password management classify as?
A. Compensating control
B. Detective control
C. Preventive control
D. Technical control

Question N° 17
Which of the following backup methods is most appropriate for off-site archiving?
A. Incremental backup method.
B. Off-site backup method.
C. Full backup method.
D. Differential backup method.

Question N° 18
Which of the following is not a weakness of symmetric cryptography?
A. Limited security
B. Key distribution
C. Speed
D. Scalability

Question N° 19
Which of the following is not a defined layer in the TCP/IP protocol model?
A. Application layer
B. Session layer
C. Internet layer
D. Network access layer

Question N° 20
Which security models are built on a state machine model?
A. Bell-LaPadula and Take-Grant
B. Biba and Clark-Wilson
C. Clark-Wilson and Bell-LaPadula
D. Bell-LaPadula and Biba

Question N° 21
Which Bell-LaPadula property keeps lower-level subjects from accessing objects with
a higher security level?
A. * (star) Security Property
B. No write up property
C. No read up property
D. No read down property

4
Question N° 22
What term describes an entry point that only the developer knows about into a
system?
A. Maintenance hook
B. Covert channel
C. Buffer overflow
D. Trusted path

Question N° 23
Which one of the following is not a primary component or aspect of firewall systems?
A. Protocol filtering
B. Packet switching
C. Rule enforcement engine
D. Extended logging capability

Question N° 24
What are database views used for?
A. To ensure referential integrity.
B. To allow easier access to data in a database.
C. To restrict user access to data in a database.
D. To provide audit trails.

Question N° 25
Which of the following contains the primary goals and objectives of security?
A. A network’s border perimeter
B. The CIA Triad
C. A stand-alone system
D. The Internet

Question N° 26
Confidentiality is dependent upon which of the following?
A. Accountability
B. Availability
C. Nonrepudiation
D. Integrity

Question N° 27
They in form of credit card-size memory cards or smart cards, or those resembling
small calculators, are used to supply static and dynamic passwords are called?
A. Token Ring
B. Tokens
C. Token passing networks
D. Coupons

5
Question N° 28
Zip/Jaz drives, SyQuest, and Bemoulli boxes are very transportable and are often the
standard for?
A. Data exchange in many businesses.
B. Data change in many businesses.
C. Data compression in many businesses.
D. Data interchange in many businesses.

Question N° 29
Which of the following is typically not used as an identification factor?
A. Username
B. Smart card swipe
C. Fingerprint scan
D. A challenge/response token device

Question N° 30
Which of the following is typically not a characteristic considered when classifying
data?
A. Value
B. Size of object
C. Useful lifetime
D. National security implications

Question N° 31
Why does compiled code pose more risk than interpreted code?
A. Because malicious code can be embedded in the compiled code and can be difficult to
detect.
B. Because the browser can safely execute all interpreted applets.
C. Because compilers are not reliable.
D. It does not. Interpreted code poses more risk than compiled code.

Question N° 32
Phreakers are hackers who specialize in telephone fraud. What type of telephone
fraud simulates the tones of coins being deposited into a payphone?
A. Red Boxes
B. Blue Boxes
C. White Boxes
D. Black Boxes

Question N° 33
Which one of the following is not a goal of cryptographic systems?
A. Nonrepudiation
B. Confidentiality
C. Availability
D. Integrity

6
Question N° 34
What is the length of the cryptographic key used in the Data Encryption Standard
(DES) cryptosystem?
A. 56 bits
B. 128 bits
C. 192 bits
D. 256 bits

Question N° 35
IF an operating system permits executable objects to be used simultaneously by
multiple users without a refresh of the objects, what security problem is most likely to
exist?
A. Disclosure of residual data.
B. Unauthorized obtaining of a privileged execution state.
C. Data leakage through covert channels.
D. Denial of service through a deadly embrace.

Question N° 36
Why would anomaly detection IDSs often generate a large number of false positives?
A. Because they can only identify correctly attacks they already know about.
B. Because they are application-based are more subject to attacks.
C. Because they cant identify abnormal behavior.
D. Because normal patterns of user and system behavior can vary wildly.

Question N° 37
According to private sector data classification levels, how would salary levels and
medical information be classified?
A. Public
B. Sensitive
C. Private
D. Confidential

Question N° 38
In the RSA public key cryptosystem, which one of the following numbers will always
be largest?
A. e
B. n
C. p
D. q

Question N° 39
Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?
A. RSA
B. Diffie-Hellman
C. 3DES
D. IDEA

7
Question N° 40
The beginning and the end of each transfer during asynchronous communication data
transfer are marked by?
A. Start and Stop bits.
B. Start and End bits.
C. Begin and Stop bits.
D. Start and Finish bits.

Question N° 41
Most of unplanned downtime of information systems is attributed to which of the
following?
A. Hardware failure
B. Natural disaster
C. Human error
D. Software failure

Question N° 42
Which of the following statements pertaining to secure information processing
facilities is incorrect?
A. Walls should have an acceptable fire rating.
B. Windows should be protected by bars.
C. Doors must resist forcible entry.
D. Location and type of fire suppression systems should be known.

Question N° 43
Making sure that the data is accessible when and where it is needed is which of the
following?
A. Confidentiality
B. Integrity
C. Acceptability
D. Availability

Question N° 44
Business continuity plan development depends most on?
A. Directives of Senior Management
B. Business Impact Analysis (BIA)
C. Scope and Plan Initiation
D. Skills of BCP committee

Question N° 45
Which layer defines the X.25, V.35, X,21 and HSSI standard interfaces?
A. Transport layer
B. Network layer
C. Data link layer
D. Physical layer

8
Question N° 46
Which of the following statements pertaining to VPN protocol standards is false?
A. L2TP is a combination of PPTP and L2F.
B. L2TP and PPTP were designed for single point-to-point client to server communication.
C. L2TP operates at the network layer.
D. PPTP uses native PPP authentication and encryption services.

Question N° 47
The guarantee that the message sent is the message received, and that the message was
not intentionally or unintentionally altered is?
A. Integrity
B. Confidentiality
C. Availability
D. Identity

Question N° 48
Which of the following is a preventive control?
A. Motion detectors
B. Guard dogs
C. Audit logs
D. Intrusion detection systems

Question N° 49
What uses a key of the same length as the message?
A. Running key cipher
B. One-time pad
C. Steganography
D. Cipher block chaining

Question N° 50
Which of the following protocols operates at the session layer (layer 5)?
A. RPC
B. IGMP
C. IPX
D. SPX

9
 Information Security and Risk Management
CISSP – PARCIAL

Question Nº 1
Three major goals promoted by ISC2 include which of the following ?
A. Usability, integrity, and availability.
B. Integrity, confidentiality, and authenticity.
C. Accuracy, assurance, and accountability.
D. Confidentiality, integrity, and availability.

Question Nº 2
Residual risk is calculated as which of the following?
A. Known risks minus unknown risks.
B. Actual risks minus probable risks.
C. Probable risks minus possible risks.
D. Potential risks minus covered risks.

Question Nº 3
Which of the following is the correct equation in risk management?
A. Risk management = Risk research + Risk analysis.
B. Risk management = Risk analysis + Risk avoidance.
C. Risk management = Risk assessment + Risk mitigation.
D. Risk management = Risk transfer + Risk acceptance.

Question Nº 4
What can be done with the residual risk?
A. It can be either assigned or accepted.
B. It can be either identified or evaluated.
C. It can be either reduced or calculated.
D. It can be either exposed or assessed.

Question Nº 5
Which of the following is not part of risk analysis?
A. Assets.
B. Threats.
C. Vulnerabilities.
D. Countermeasures.

1
Question Nº 6
Ways of practicing due care. There are different ways management can choose to deal
with risks that have been identified and calculated. Which of the following is not a
responsible way of dealing with risk?
A. Accept
B. Reduce
C. Transfer or assign
D. Deny

Question Nº 7
Protects the company's intellectual property. A security control often initiated by
human resources, which involves a new employee or outside party being required to
sign a document stating that they will not share company information with anyone is
called a:
A. Employment-at-will doctrine
B. Nondisclosure agreement
C. Offer letter
D. Trade secret

Question Nº 8
Who is legally responsible for protecting data? Which of the following is an example
of an ultimate data owner?
A. Front-line employee
B. A customer accessing information via the Extranet
C. IT administrator
D. CIO

Question Nº 9
Can be available to a larger sub-set of people. Which of the following data
classifications provides the lowest level of protection?
A. Confidential
B. Sensitive
C. Private
D. Public

Question Nº 10
Used to educate and prepare employees. There are many different reasons that a
company should carry out security awareness for their employees. Security awareness
training provides all of the following except?
A. Stops attack attempts
B. Informs users of standards and procedures to follow
C. Modifies employees' attitudes and behaviors
D. Improves emergency response time

2
Question Nº 11
One pertains to the use of numeric values and the other is based on educated
opinions. What would be an appropriate difference between a qualitative and a
quantitative risk analysis?
A. Qualitative would be a subjective observation, while a quantitative approach defines
statistical costs associated with a threat.
B. Quantitative approach would be a subjective observation, while a qualitative approach
defines statistical costs associated with a threat.
C. Qualitative defines the overall appeal of a target or a resource, while quantitative is
defined as (threats x vulnerability x asset value) x controls gap.
D. Quantitative approach indicates the total cost of security implemented for protection.
Qualitative identifies the expected acceptance of the security policy from the organization.

Question Nº 12
Ultimately responsible. The ultimate responsibility for successful company security
falls on whose shoulders?
A. Security professional
B. Everyone in the company
C. IT organization
D. Senior management

Question Nº 13
Ensuring the integrity of business information is the PRIMARY concern of
A. Encryption Security
B. Procedural Security.
C. Logical Security
D. On-line Security

Question Nº 14
All of the following are basic components of a security policy EXCEPT the
A. definition of the issue and statement of relevant terms.
B. statement of roles and responsibilities
C. statement of applicability and compliance requirements.
D. statement of performance of characteristics and requirements.

Question Nº 15
John covertly learns the user ID and password of a higher-ranked technician and uses
the credentials to access certain areas of network. What term describes what John has
done?
A. Backdooring.
B. Masquerading.
C. IP Spoofing.
D. Data diddling.

3
Question Nº 16
Your company’s security director calls a meeting to stress the importance of data
integrity within the company. There is a concern because of several violations that
have been noticed lately. Of the examples below, which would not be considered an
integrity violation?
A. A senior IT analyst making deliberate and unauthorized changes to user accounts.
B. An unauthorized analyst performing a cost analysis on classified information.
C. An operations technician making a change to a mainframe configuration setting by
accident.
D. An unauthorized data processor making changes to a protected database.

Question Nº 17
Karen and her security team have been tasked with developing a security policy to be
presented to senior management for a new start-up organization. Of the factors listed
below, which is the most important in determining an effective security policy?
A. The cost/rate of return factor.
B. It is consistent with the mission of the company.
C. It reflects each person on the security team.
D. It concentrates on the assets closest to the CEO’s heart.

Question Nº 18
Cary is working on a risk management project and must determine the degree of
damage to a manufacturing facility downtown in the event of a flood. This degree of
damage is referred to as:
A. Its risk factor.
B. Its exposure factor.
C. Its depreciated value.
D. Its single loss expectancy.

Question Nº 19
Your company has hired a risk management firm to evaluate the organization’s
overall health and risks. One area that is quickly identified is a small warehouse in a
heavily populated area which holds valuable assets. The warehouse has no perimeter
defenses. This lack of protection would be characterized as a _________ .
A. Exposure factor.
B. Acceptable business practice as physical controls are not critical.
C. Threat.
D. Vulnerability.

Question Nº 20
In a heated debate between the IT department, operations, and the financial
department, the issue of who “owns” the financial data in question is raised. Of the
entities listed below, who is most likely the owner of this data?
A. Financial business unit manager.
B. All the users who consistently manipulate the data.
C. Operations department that develops the policies and integrates the procedures.
D. IT department that manages and maintains the data.

4
 Security Architecture and Design
CISSP – PARCIAL

Question Nº 1
Many PC operating systems provide functionality that enables them to support the
simultaneous execution of multiple applications on single-processor systems. What
term is used to describe this capability?
A. Multiprogramming
B. Multithreading
C. Multitasking
D. Multiprocessing

Question Nº 2
The Bell-LaPadula model addresses which one of the following items?
A. Covert channels.
B. The creation and destruction of subjects and objects.
C. Information flow from high to low.
D. Definition of a secure state transition.

Question Nº 3
What type of memory is directly available to the CPU and does not need to be loaded?
A. RAM
B. ROM
C. Register memory
D. Virtual memory

Question Nº 4
The Common Criteria terminology for the degree of examination of the product to be
tested is:
A. Target of Evaluation (TOE)
B. Protection Profile (PP)
C. Functionality (F)
D. Evaluation Assurance Level (EAL)

Question Nº 5
A difference between the Information Technology Security Evaluation Criteria
(ITSEC) and the Trusted Computer System Evaluation Criteria (TCSEC) is:
A. TCSEC addresses availability as well as confidentiality
B. ITSEC addresses confidentiality only
C. ITSEC addresses integrity and availability as well as confidentiality
D. TCSEC separates functionality and assurance

1
Question Nº 6
A small-town security office has recently installed a new computer system for their
staff of five. The system contains many levels of classified information and is set up to
allow each of the employees different access permissions. Which type of system does
this scenario describe?
A. Multilevel security system.
B. Hardware segmentation.
C. Dedicated mode system
D. Layering system.

Question Nº 7
John is asked by his manager to research an IDS for a new dispatching center. In his
research, he finds the top five products and compares them against each other based
upon their ratings. In order to get the most simplified and universal evaluation, which
of the following should John use to make his decision?
A. Orange Book
B. TCSEC
C. ITSEC
D. Common Criteria

Question Nº 8
What security principle helps prevent users from accessing memory spaces assigned
to applications being run by other users?
A. Separation of privilege
B. Layering
C. Process isolation
D. Least privilege

Question Nº 9
The Trusted Computer Security Evaluation Criteria (TCSEC) is based on which three
principles?
A. Assurance, Cost/Benefit Ratio, Funcionality.
B. Auditing, Cost/Benefit Ratio, Effectiveness.
C. Functionality, Effectiveness, Assurance.
D. Assurance, Auditing, Availability.

Question Nº 10
What is system certification?
A. Formal acceptance of a stated system configuration.
B. A technical evaluation of each part of a computer system to assess its compliance with
security standards.
C. A functional evaluation of the manufacturer’s goals for each hardware and software
component to meet integration standards.
D. A manufacturer’s certificate stating that all components were installed and configured
correctly.

2
Question Nº 11
What term describes an entry point that only the developer knows about into a
system?
A. Maintenance hook
B. Covert channel
C. Buffer overflow
D. Trusted path

Question Nº 12
Which security model(s) address(es) data confidentiality?
A. Bell-LaPadula
B. Biba
C. Clark-Wilson
D. Both A and B

Question Nº 13
What is a trusted computing base (TCB)?
A. Hosts on your network that support secure transmissions.
B. The operating system kernel and device drivers.
C. The combination of hardware, software, and controls that work together to enforce a
security policy.
D. The software and controls that certify a security policy.

Question Nº 14
What is the most common programmer-generated security flaw?
A. TOC/TOU vulnerability.
B. Buffer overflow.
C. Inadequate control checks.
D. Improper logon authentication.

Question Nº 15
Which Bell-LaPadula property keeps lower-level subjects from accessing objects with
a higher security level?
A. * (star) Security Property
B. No write up property
C. No read up property
D. No read down property

Question Nº 16
Kim is asked to provide a technical review of a newly-installed network system that
includes multiple workstations, servers, and databases that have been integrated into
a network operations center. Her review must conclude that the established security
requirements have been met. What task is Kim performing?
A. Audit
B. Accreditation
C. Security evaluation
D. Certification

3
Question Nº 17
An activity that alters the state of a system is called a ______.
A. State transition.
B. Unauthorized intrusion.
C. Moving data from memory segment to the CPU’s registers.
D. Moving data from the CPU’s registers to the correct memory address.

Question Nº 18
Which of the following concepts states that a subject cannot send requests to a subject
at a higher security level, but only with subjects at an equal or lower level?
A. *-property rule
B. Information flow
C. Invocation property
D. Separation of duties

Question Nº 19
The term “Clearance” is most often associated with which of the following?
A. Processes
B. Requests
C. Subjects
D. Objects

Question Nº 20
A secret clearance operations group works on a private network in a remote location.
The security policy for the network design and operations group reads as follows:
Each user on this network must a) have an approved clearance level for all
information on the network, b) have formal access approval for and have assigned a
NDA for all information on the network, and c) a need-to-know for all information on
the network. What type of operating mode is this exclusive group working from?
A. Controlled
B. Dedicated security
C. Compartmentalized
D. Multi-level

4
 Cryptography
CISSP – PARCIAL

Question Nº 1
Which of the following is NOT an example of a symmetric key encryption algorithm?
A. Rijndael
B. DES
C. 3DES
D. RSA

Question Nº 2
Bob wants to send a private message to Mary and wants no one else to be able to read
it. He also wants Mary to be able to know that it came from him. He both signs and
encrypts the message. The following keys are used in which manner?

A. Bob uses Mary’s public key to encrypt the message and his own private key to sign it.
B. Bob uses Mary’s private key to encrypt the message and his own public key to sign it.
C. Bob uses Mary’s public key to encrypt the message and his own public key to sign it.
D. Bob uses Mary’s private key to encrypt the message and her public key to sign it.

Question Nº 3
A one-way transformation that cannot be reversed is a what?
A. MAC
B. Hash
C. Ciphertext
D. Plaintext

Question Nº 4
A way to establish that a key belongs to a particular user is to use which of the
following?
A. One-time cipher
B. Digital certificate
C. Digital signature
D. Hash

Question Nº 5
Which of the following is a type of attack in which encrypted information is taken and
played back at a later point in time?
A. Replay attack
B. Brute-force attack
C. Man-in-the-middle attack
D. Meet-in-the-middle attack

1
Question Nº 6
What does DES stand for?
A. Data Encryption System
B. Data Encryption Standard
C. Data Encoding Standard
D. Data Encryption Signature

Question Nº 7
How many bits make up the effective DES key?
A. 56
B. 64
C. 32
D. 16

Question Nº 8
What do the message digest algorithms MD2, MD4, and MD5 have in common?
A.They all take a message of arbitrary length and produce a message digest of 160-bits.
B.They all take a message of arbitrary length and produce a message digest of 128-bits.
C.They are all optimized for 32-bit machines.
D.They are all used in the Secure Hash Algorithm (SHA).

Question Nº 9
Who was involved in developing the first public key encryption system?
A. Adi Shamir
B. Ross Anderson
C. Bruce Schneier
D. Martin Hellman

Question Nº 10
DES performs how many rounds of permutation and sustitution?
A. 16
B. 32
C. 64
D. 56

Question Nº 11:
Which of the following is a true statement pertaining to data encryption when it is
used to protect data?
A. It verifies the integrity and accuracy of the data
B. It requires carefull key management
C. It does not require much system overhead in resources
D. It requires keys to be escrowed

2
Question Nº 12
If different keys generates the same ciphertext for the same message, what is this
called?
A. Collision
B. Secure hashing
C. MAC
D. Key clustering

Question Nº 13
What is the definition of an algorithm’s work factor?
A. Time it takes to encrypt and decrypt the same plain text
B. Time it takes to break the encryption
C. Time it takes to implement 16 rounds of computation
D. Time it takes to aply sustitution functions

Question Nº 14
What is the minimum number of cryptographic keys required for
secure two-way communications in asymmetric key cryptography?
A. One
B. Two
C. Three
D. Four

Question Nº 15
What is the minimum number of cryptographic keys required for secure two-way
communications in symmetric key cryptography?
A. One
B. Two
C. Three
D. Four

Question Nº 16
Which one of the following Data Encryption Standard (DES) operating modes can be
used for large messages without the worry that an error early in the encryption /
decryption process will spoil results throughout the communication?
A. Cipher Block Chaining (CBC)
B. Electronic Codebook (ECB)
C. Cipher Feedback (CFB)
D. Output Feedback (OFB)

Question 17
What encryption algorithm is used by the Clipper chip, which supports the escrowed
encryption standard sponsored by the U.S. government?
A. Data Encryption Standard (DES)
B. Advanced Encryption Standard (AES)
C. Skipjack
D. IDEA

3
Question Nº 18
Which one of the following message digest algorithms is the current U.S. government
standard in use by secure federal information processing systems?
A. SHA-1
B. MD2
C. MD4
D. MD5

Question Nº 19
John would like to produce a message digest of a 2048-byte message he plans to send
to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for
this particular message be?
A. 160 bits
B. 512 bits
C. 1024 bits
D. 2048 bits

Question Nº 20
Which International Telecommunications Union (ITU) standard governs the creation
and endorsement of digital certificates for secure electronic communication?
A. X.500
B. X.509
C. X.900
D. X.905

4
 Telecommunications and Network Security
CISSP – PARCIAL

Question N° 1
Which OSI layer is primarily responsible for negotiating dialog control between
systems and applications?
A. Application layer
B. Transport layer
C. Session layer
D. Internet layer

Question N° 2
Routers are devices which function at which layer of the OSI Model?
A. Data Link layer
B. Internet layer
C. Physical layer
D. Network layer

Question N° 3
Coaxial cable is typically used in which LAN topology?
A. Mesh
B. Linear bus
C. Star
D. Tree

Question N° 4
What is the minimum UTP cable specification that supports transmitting of data at
100Mbps speeds?
A. Category 3
B. Category 5
C. Category 5e
D. 10BASE-T

Question N° 5
What is the single point of failure in a star topology?
A. The cable
B. The computer
C. The hub or switch
D. The NIC

1
Question N° 6
Which device is responsible for separating broadcast domains?
A. Router
B. Switch
C. Bridge
D. Repeater

Question N° 7
What is used at the Data Link layer for the delivery of data to hosts?
A. IP address
B. IPX address
C. ARP
D. Hardware address

Question N° 8
Ethernet uses which access method?
A. Carrier Sense, Multiple Access/Collision Avoidance
B. Token passing
C. Carrier Sense, Multiple Access/Collision Detection
D. LAN emulation

Question N° 9
Sending and receiving data at the same time is an example of which type of
communication?
A. Simplex
B. Multicast
C. Full-Duplex
D. Half-Duplex

Question N° 10
A device that keeps track of the connection state of conversations is known as a(n)
___________?
A. Application proxy
B. NAT device
C. Stateful inspection firewall
D. Packet filtering firewall

Question N° 11
Using a perimeter network to secure internal resources from external sources, while
still providing limited access to devices on the perimeter network is an example of a
_______?
A. Packet filtering firewall design
B. Screened subnet firewall design
C. Screened host firewall design
D. Dual homed host firewall design

2
Question: 12
T1 lines are typically used for which type of WAN connection?
A. Circuit-switched
B. Cell-switched
C. Remote access
D. Dedicated

Question: 13
CHAP and PAP Authentication can be used with which type of technology?
A. HDLC
B. X.25
C. Dedicated WAN connections
D. PPP

Question N° 14
What is used as the underlying connection for establishing a VPN connection?
A. Dial-up remote access
B. The Internet
C. Circuit-switched connections
D. Dedicated connections

Question N° 15
What is used for providing connection-oriented delivery in the TCP/IP protocol suite?
A. SNMP
B. UDP
C. IP
D. TCP

Question N° 16
What does ARP do?
A. Resolves known IP addresses to MAC addresses
B. Resolves known MAC addresses to IP addresses
C. Resolves NetBIOS names
D. Resolves hostnames

Question N° 17
Which of the following is not a routing protocol?
A. OSPF
B. BGP
C. RPC
D. RIP

3
Question N° 18
Which of the following is not defined in RFC 1918 as one of the
private IP address ranges that are not routed on the Internet?
A. 169.172.0.0–169.191.255.255
B. 192.168.0.0–192.168.255.255
C. 10.0.0.0–10.255.255.255
D. 172.16.0.0–172.31.255.255

Question N° 19
Which of the following is not true?
A. Tunneling employs encapsulation.
B. All tunneling uses encryption.
C. Tunneling is used to transmit data over an intermediary network.
D. Tunneling can be used to bypass firewalls, gateways, proxies, or
other traffic control devices.

Question N° 20
Which of the following is not a VPN protocol?
A. PPTP
B. L2F
C. SLIP
D. IPSec

4
 Access Control
CISSP – PARCIAL

Question Nº 1
What is access?
A. Functions of an object
B. Information flow from objects to subjects
C. Unrestricted admittance of subjects on a system
D. Administration of ACLs

Quesion N° 2
Which of the following is true?
A. A subject is always a user account.
B. The subject is always the entity that provides or hosts the information or data.
C. The subject is always the entity that receives information about or data from the object.
D. The roles of subject and object are never reversed.

Question N° 3
Which of the following access controls uses fences, security policies, security
awareness training, and antivirus software to stop an unwanted or unauthorized
activity from occurring?
A. Preventative
B. Detective
C. Corrective
D. Authoritative

Question N° 4
___________________ access controls are the hardware or software mechanisms used
to manage access to resources and systems and to provide protection for those
resources and systems.
A. Administrative
B. Logical/technical
C. Physical
D. Preventative

Question N° 5
What is the first step of access control?
A. Accountability logging
B. ACL verification
C. Subject authorization
D. Subject identification

1
Question N° 6
Which of the following is an example of a Type 2 authentication factor?
A. Something you have, such as a smart card, ATM card, token device, memory card, etc.
B. Something you are, such as fingerprints, voice print, retina pattern, iris pattern, face
shape, palm topology, hand geometry, etc.
C. Something you do, such as type a pass phrase, sign your name, speak a sentence, etc.
D. Something you know, such as a password, personal identification number (PIN), lock
combination, pass phrase, mother’s name, favorite color, etc.

Question N° 7
What does the Crossover Error Rate (CER) for a biometric device indicate?
A. The sensitivity is tuned too high.
B. The sensitivity is tuned too low.
C. The False Rejection Rate and False Acceptance Rate are equal.
D. The biometric device is not properly configured.

Question N° 8
Which if the following is not an example of an SSO mechanism?
A. Kerberos
B. Scripts
C. TACACS
D. SESAME

Question N° 9
Which of the following types of IDS is only effective against known attack methods?
A. Host-based
B. Network-based
C. Knowledge-based
D. Behavior-based

Question N° 10
¿Which of the following does not complement intrusion detection systems?
A. Honey pots.
B. Inference cells.
C. Padded cells.
D. Vulnerability analysis.

Question N° 11
An organization is experiencing excessive rotation of employees. Which of the
following is the best access control technique under these situations?
A. Rule-based access control.
B. Mandatory access control.
C. Role-based access control.
D. Discretionary access control

2
Question N° 12
¿The “principle of least privilege” supports which of the following?
A. All or nothing privileges.
B. Super-user privileges.
C. Appropriate privileges.
D. Creeping privileges.

Question N° 13
Password management is an example of a:
A. Directive control.
B. Preventive control.
C. Detective control.
D. Corrective control.

Question N° 14
Impersonating a user or system is called a:
A. Snooping attack.
B. Spoofing attack.
C. Sniffing attack.
D. Spamming attack.

Question N° 15
¿Which one of the following access control mechanisms uses security labels?
A. DAC.
B. MAC.
C. RBAC.
D. ACLs.

Question N° 16
Honey Pot systems do not contain which of the following?
A. Event triggers.
B. Sensitive monitors
C. Sensitive data.
D. Event loggers.

Question N° 17
Which of the following is a fake network designed to tempt intruders with unpatched
and unprotected security vulnerabilities and false data?
A. IDS
B. Honey pot
C. Padded cell
D. Vulnerability scanner

3
Question N° 18
When a padded cell is used by a network for protection from intruders, which of the
following is true?
A. The data offered by the padded cell is what originally attracts the attacker.
B. Padded cells are a form of entrapment.
C. The intruder is seamlessly transitioned into the padded cell once they are detected.
D. Padded cells are used to test a system for known vulnerabilities.

Question N° 19
Which of the following is true regarding vulnerability scanners?
A. They actively scan for intrusion attempts.
B. They serve as a form of enticement.
C. They locate known security holes.
D. They automatically reconfigure a system to a more secured state.

Question N° 20
When using penetration testing to verify the strength of your security policy, which of
the following is not recommended?
A. Mimicking attacks previously perpetrated against your system
B. Performing the attacks without management consent
C. Using manual and automated attack tools
D. Reconfiguring the system to resolve any discovered vulnerabilities

4
 Application Security
CISSP – PARCIAL

Question Nº 1
Which of the following characteristics can be used to differentiate worms from
viruses?
A. Worms infect a system by overwriting data in the Master Boot Record of a storage
device.
B. Worms always spread from system to system without user intervention.
C. Worms always carry a malicious payload that impacts infected systems.
D. All of the above.

Question Nº 2
Richard believes that a database user is misusing his privileges to gain information
about the company’s overall business trends by issuing queries that combine data
from a large number of records. What process is the database user taking advantage
of?
A. Inference
B. Contamination
C. Polyinstantiation
D. Aggregation

Question Nº 3
Which software development life cycle model allows for multiple iterations of the
development process, resulting in multiple prototypes, each produced according to a
complete design and testing process?
A. Software Capability Maturity Model
B. Waterfall model
C. Development cycle
D. Spiral model

Question Nº 4
Which database security risk occurs when data from a higher classification level is
mixed with data from a lower classification level?
A. Aggregation
B. Inference
C. Contamination
D. Polyinstantiation

Question Nº 5
TCP SYN Flood Attack:
A. is not something system users would notice.
B. may result in elevation of privileges.
C. takes advantage of the way a TCP session is established.
D. requires a synchronized effort by multiple attackers.

1
Question Nº 6
Why do buffer overflows happen?
A. Because of insufficient system memory.
B. Because they are an easy weakness to exploit.
C. Because input data is not checked for appropriate length at time of input.
D. Because buffers can only hold so much data.

Question Nº 7
In configuration management, a configuration item is:
A. The version of the operating system that is operating on the work station that provides
information security services.
B. A component whose state is to be recorded and against which changes are to be
progressed.
C. The network architecture used by the organization.
D. A series of files that contain sensitive information.

Question Nº 8
What database technique can be used to prevent unauthorized users from
determining classified information by noticing the absence of information normally
available to them?
A. Inference
B. Manipulation
C. Polyinstantiation
D. Aggregation

Question Nº 9
In the software life cycle, verification:
A. Evaluates the product in development against real-world requirements
B. Evaluates the product in development against similar products
C. Evaluates the product in development against general baselines
D. Evaluates the product in development against the specification

Question Nº 10
What is searching for data correlations in the data warehouse called?
A. Data warehousing
B. Data mining
C. A data dictionary
D. Configuration management

Question Nº 11
What is a method in an object-oriented system?
A. The means of communication among objects
B. A guide to the programming of objects
C. The code defining the actions that the object performs in response to a message
D. The situation where a class inherits the behavioral characteristics of more than one
parent class

2
Question Nº 12
A system that exhibits reasoning similar to that of humans knowledgeable in a
particular field to solve a problem in that field is called:
A. A “smart” system.
B. A data warehouse.
C. A neural network.
D. An expert system.

Question Nº 13
Which of the following is NOT a common term in object-oriented systems?
A. Behavior
B. Message
C. Method
D. Function

Question Nº 14
A distributed object model that has similarities to the Common Object Request
Broker Architecture (CORBA) is:
A. Distributed Component Object Model (DCOM).
B. The Chinese Wall Model.
C. Inference Model.
D. Distributed Data Model.

Question Nº 15
A computer program in which malicious or harmful code is contained inside
apparently harmless programming or data in such as way that it can get control and
do damage is a:
A. Virus
B. Worm
C. Trojan Horse
D. Trap door

Question Nº 16
What does normalizing data in a data warehouse mean?
A. Redundant data is removed.
B. Numerical data is divided by a common factor.
C. Data is converted to a symbolic representation.
D. Data is restricted to a range of values.

Question Nº 17
Which of the following is an example of mobile code?
A. Embedded code in control systems
B. Embedded code in PCs
C. Java and ActiveX code downloaded into a Web browser from the World Wide Web
(WWW)
D. Code derived following the spiral model

3
Question Nº 18
SQL commands do not include which of the following?
A. Select, Update
B. Grant, Revoke
C. Delete, Insert
D. Add, Replace

Question Nº 19
Which of the following would be the best reason for separating the test and
development environments?
A. To restrict access to systems under test.
B. To control the stability of the test environment.
C. To segregate user and development staff
D. To secure access to systems under development.

Question Nº 20
In an object-oriented system, the situation wherein objects with a common name
respond differently to a common set of operations is called:
A. Delegation.
B. Polyresponse.
C. Polymorphism.
D. Polyinstantiation.

4
 Physical (Environmental) Security
CISSP – PARCIAL

Question Nº 1
Physical security often follows which of the following models?
A. High-security defense model
B. Deterrent-based security model
C. Layered defense model
D. Trusted systems security model

Question Nº 2
Crime prevention through environmental design builds on the strategies of access
control, natural surveillance, and:
A. Possession
B. Territoriality
C. Isolation
D. Obscurity

Question Nº 3
Site location should consider all of the following EXCEPT:
A. Lighting
B. Crime
C. Natural disaster
D. Emergency response facilities

Question Nº 4
A fault is a:
A. Electrostatic discharge
B. Momentary loss of power
C. A spike in voltage
D. Transient noise

Question Nº 5
The greatest risk to most organizations through portable computing is:
A. Loss of expensive hardware
B. Vulnerability of remote access
C. Loss of confidential data
D. Tracking and inventory of equipment

Question Nº 6
What is an emergency panic bar on a door designed to do?
A. Eliminate the shrinkage or cracking of the doorframe due to excessive use.
B. Indicate whether the door is open or closed.
C. Allow instant exit, but controlled entrance.
D. Reinforce the hinge frame, so the door cannot be kicked in or pried open.

1
Question Nº 7
What is the best type of water-based fire suppression system for a computer facility?
A. Wet pipe system
B. Dry pipe system
C. Preaction system
D. Deluge system

Question Nº 8
What type of physical security controls focus on facility construction and selection,
site management, personnel controls, awareness training, and emergency response
and procedures?
A. Technical
B. Physical
C. Administrative
D. Logical

Question Nº 9
Which of the following is a double set of doors that is often protected by a guard and
is used to contain a subject until their identity and authentication is verified?
A. Gate
B. Turnstile
C. Mantrap
D. Proximity detector

Question Nº 10
What type of motion detector senses changes in the electrical or magnetic field
surrounding a monitored object?
A. Wave
B. Photoelectric
C. Heat
D. Capacitance

Question Nº 11
What is the most important goal of all security solutions?
A. Prevention of disclosure
B. Maintaining integrity
C. Human safety
D. Sustaining availability

Question Nº 12
A Type B fire extinguisher may use all but which of the following suppression
mediums?
A. Water
B. CO2
C. Halon
D. Soda acid

2
Question Nº 13
What is the ideal humidity range for a computer room?
A. 20–40 percent
B. 40–60 percent
C. 60–75 percent
D. 80–95 percent

Question Nº 14
Which of the following is not a physical control for physical security?
A. Lighting
B. Fences
C. Training
D. Facility construction materials

Question Nº 15
Physical security is accomplished through proper facility construction, fire and water
protection, anti-theft mechanisms, intrusion detection systems, and security
procedures that are adhered to and enforced. Which of the following is not a
component that achieves this type of security?
A. Administrative control mechanisms
B. Integrity control mechanisms
C. Technical control mechanisms
D. Physical control mechanisms

Question Nº 16
Which is the last line of defense in a physical security sense?
A. People
B. Interior barriers
C. exterior barriers
D. perimeter barriers

Question Nº 17
A prolonged power supply that is below normal voltage is a:
A. Brownout
B. Blackout
C. Surge
D. Fault

Question Nº 18
Which of the following related to physical security is not considered a technical
control?
A. Access controls
B. Intrusion Detection
C. Fire detection and suppression
D. Locks

3
Question Nº 19
Guards are appropriate whenever the function required by the security program
involves which of the following?
A. The use of discriminating judgment
B. The use of physical force
C. The operation of access control devices
D. The need to detect unauthorized access

Question Nº 20
The recording of events with a closed-circuit TV camera is considered a:
A. Preventative control
B. Detective control
C. Compensating control
D. Corrective control

4
 Operations Security
CISSP - PARCIAL

Question Nº 1
Personnel management a form of what type of control?
A. Administrative
B. Technical
C. Logical
D. Physical

Question N° 2
What is the most common means of distribution for viruses?
A. Unapproved software
B. E-mail
C. Websites
D. Commercial software

Question N° 3
Which of the following causes the vulnerability of being affected by viruses to
increase?
A. Length of time the system is operating
B. The classification level of the primary user
C. Installation of software
D. Use of roaming profiles

Question N° 4
In areas where technical controls cannot be used to prevent virus infections, what
should focus on preventing them?
A. Security baselines
B. Awareness training
C. Traffic filtering
D. Network design

Question N° 5
Which of the following is not an illegal activity that can be performed over a computer
network?
A. Theft
B. Destruction of assets
C. Waste of resources
D. Espionage

1
Question N° 6
Who does not need to be informed when records about their activities on a network
are being recorded and retained?
A. Administrators
B. Normal users
C. Temporary guest visitors
D. Everyone should be informed

Question N° 7
Which of the following is an effective means of preventing and detecting the
installation of unapproved software?
A. Workstation change
B. Separation of duties
C. Discretionary access control
D. Job responsibility restrictions

Question N° 8
What is the requirement to have access to, knowledge about, or possession of data or a
resource to perform specific work tasks commonly known as?
A. Principle of least privilege
B. Prudent man theory
C. Need to know
D. Role-based access control

Question N° 9
Which are activities that require special access to be performed within a secured IT
environment?
A. Privileged operations functions
B. Logging and auditing
C. Maintenance responsibilities
D. User account management

Question N° 10
What is the most important aspect of marking media?
A. Date labeling
B. Content description
C. Electronic labeling
D. Classification

Question N° 11
Sanitation can be unreliable due to which of the following?
A. No media can be fully swept clean of all data remnants.
B. Even fully incinerated media can offer extractable data.
C. The process can be performed improperly.
D. Stored data is physically etched into the media.

2
Question N° 12
When possible, operations controls should be ________________ .
A. Simple
B. Administrative
C. Preventative
D. Transparent

Question N° 13
What is the primary goal of change management?
A. Personnel safety
B. Allowing rollback of changes
C. Ensuring that changes do not reduce security
D. Auditing privilege access

Question N° 14
What is a methodical examination or review of an environment to ensure compliance
with regulations and to detect abnormalities, unauthorized occurrences, or crimes?
A. Penetration testing
B. Auditing
C. Risk analysis
D. Superzapping

Question N° 15
Which of the following is not considered a type of auditing activity?
A. Recording of event data
B. Data reduction
C. Log analysis
D. Deployment of countermeasures

Question N° 16
What provide(s) data for re-creating step-by-step the history of an event, intrusion, or
system failure?
A. Security policies
B. Log files
C. Audit reports
D. Business continuity planning

Question N° 17
Which term below BEST describes the concept of "least privilege"?
A. Each user is granted the lowest clearance required for their tasks.
B. A formal separation of command, program, and interface functions.
C. A combination of classification and categories that represents the sensitivity of
information.
D. Active monitoring of facility entry access points.

3
Question N° 18
Which statement below is the BEST definition of "need-to-know"?
A. Need-to-know ensures that no single individual (acting alone) can compromise security
controls.
B. Need-to-know grants each user the lowest clearance required for their tasks.
C. Need-to-know limits the time an operator performs a task.
D. Need-to-know requires that the operator have the minimum knowledge of the system
necessary to perform his task.

Question N° 19
Which media control below is the BEST choice to prevent data remanence on
magnetic tapes or floppy disks?
A. Overwriting the media with new application data
B. Degaussing the media
C. Applying a concentration of hydriodic acid (55% to 58% solution) to the gamma ferric
oxide disk surface
D. Erasing data using OS functions

Question N° 20
Which choice below is NOT a security goal of an audit mechanism?
A. Deter perpetrators' attempts to bypass the system protection mechanisms
B. Review employee production output records
C. Review patterns of access to individual objects
D. Discover when a user assumes a functionality with privileges greater than his own

4
 Business Continuity and Disaster Recovery Planning
CISSP – PARCIAL

Question Nº 1
The first step in contingency planning is to perform:
A. A hardware backup
B. A data backup
C. An operating system software backup
D. Legal and regulatory assessment

Question N° 2
What will be the major resource consumed by the BCP process during the BCP
planning phase?
A. Hardware
B. Software
C. Processing time
D. Personnel

Question N° 3
Which of the following tasks is NOT usually part of a Business Impact Analysis
(BIA)?
A. Identify the type and quantity of resources required for the recovery.
B. Identify critical business processes and the dependencies between them.
C. Identify organizational risks.
D. Develop a mission statement.

Question N° 4
Which disaster recovery plan test involves functional representatives meeting to
review the plan in detail?
A. Simulation test
B. Checklist test
C. Parallel test
D. Structured walk-through test

Question N° 5
Which resource should you protect first when designing continuity plan provisions
and processes?
A. Physical plant
B. Infrastructure
C. Financial
D. People

Question N° 6
Which of the following enables the person responsible for contingency planning to
focus risk management efforts and resources in a prioritized manner only on the
identified risks?
A. Risk Assessment
B. Residual risk
C. Security controls
D. Business units

1
Question N° 7
Which of the following specifically addresses cyber attacks against an organization's
IT systems?
A. Continuity of support plan
B. Business continuity plan
C. Incident response plan
D. Continuity of operations plan

Question N° 8
Which of the following statements pertaining to disaster recovery planning is
incorrect?
A. Every organization needs a disaster recovery plan
B. A disaster recovery plan contains actions to be taken before, during and after a
disruptive even.
C. The major goal of disaster recovery planning is to provide an organized way to make
decisions if a disruptive event occurs.
D. A disaster recovery plan should cover return from alternate facilities to primary
facilities.

Question N° 9
Which of the following statements pertaining to the maintenance of an IT contingency
plan is incorrect?
A. The plan should be reviewed at least once a year for accuracy and completeness.
B. The Contingency Planning Coordinator should make sure that every employee gets an
up-to-date copy of the plan.
C. Strict version control should be maintained.
D. Copies of the plan should be provided to recovery personnel for storage at home and
office.

Question N° 10
Which of the following computer recovery sites is only partially equipped with
processing equipment?
A. Hot site
B. Rolling hot site
C. Warm site
D. Cold site

Question N° 11
What is the end goal of Disaster Recovery Planning?
A. Preventing business interruption
B. Setting up temporary business operations
C. Restoring normal business activity
D. Minimizing the impact of a disaster

Question N° 12
When backing up an applications system's data, which of the following is a key
question to be answered first?
A. When to make backups
B. Where to keep backups
C. What records to backup
D. How to store backups
2
Question N° 13
Which one of the following statements about Business Continuity Planning and
Disaster Recovery Planning is not correct?
A. Business Continuity Planning is focused on keeping business functions uninterrupted
when a disaster strikes.
B. Organizations can choose whether to develop Business Continuity Planning or Disaster
Recovery Planning plans.
C. Business Continuity Planning picks up where Disaster Recovery Planning leaves off.
D. Disaster Recovery Planning guides an organization through recovery of normal
operations at the primary facility.

Question N° 14
In which one of the following database recovery techniques is an exact, up to date
copy of the database maintained at an alternative location?
A. Transaction logging
B. Remote journaling
C. Electronic vaulting
D. Remote mirroring

Question N° 15
What disaster recovery principle best protects your organization against hardware
failure?
A. Consistency
B. Efficiency
C. Redundancy
D. Primacy

Question N° 16
What Business Continuity Planning technique can help you prepare the business unit
prioritization task of Disaster Recovery Planning?
A. Vulnerability Analysis
B. Business Impact Assessment
C. Risk Management
D. Continuity Planning

Question N° 17
Which of the following questions is less likely to help in assessing an organization's
contingency planning controls?
A. Is damaged media stored and/or destroyed?
B. Are the backup storage site and alternate site geographically removed from the primary
site?
C. Is there an up-to-date copy of the plan stored securely off-site?
D. Is the location of stored backups identified?

Question N° 18
Which one of the following items is a characteristic of hot sites but not a characteristic
of warm sites?
A. Communications circuits
B. Workstations
C. Servers
D. Current data
3
Question N° 19
What combination of backup strategies provides the fastest backup restoration time?
A. Full backups and differential backups
B. Partial backups and incremental backups
C. Full backups and incremental backups
D. Incremental backups and differential backups

Question N° 20
What type of disaster recovery plan test fully evaluates operations at the backup
facility but does not shift primary operations responsibility from the main site?
A. Structured walk-through
B. Parallel test
C. Full-interruption test
D. Simulation test

4
 Legal, Regulations, Compliance and Investigations
CISSP – PARCIAL

Question Nº 1
What is the primary goal of incident handling?
A. Successfully retrieve all evidence that can be used to prosecute.
B. Improve the company's ability to be prepared for threats and disasters.
C. Improve the company's disaster recovery plan.
D. Contain and repair any damage caused by an event.

Question Nº 2
What are ethics?
A. Mandatory actions required to fulfill job requirements.
B. Professional standards of regulations.
C. Regulations set forth by a professional organization.
D. Rules of personal behavior.

Question Nº 3
Which element must computer evidence have to be admissible in court?
A. It must be relevant.
B. It must be annotated.
C. It must be printed.
D. It must contain source code.

Question Nº 4
What would be a valid argument for not immediately removing power from a
machine when an incident is discovered?
A. All of the damage has been done. Turning the machine off would not stop additional
damage.
B. There is no other system that can replace this one if it is turned off.
C. Too many users are logged in and using the system.
D. Valuable evidence in memory will be lost.

Question Nº 5
What is the reason many incidents are never reported?
A. It involves too much paperwork.
B. Reporting too many incidents could hurt an organization’s reputation.
C. The incident is never discovered.
D. Too much time has passed and the evidence is gone.

Question Nº 6
What is the best way to recognize abnormal and suspicious behavior on your system?
A. Be aware of the newest attacks.
B. Configure your IDS to detect and report all abnormal traffic.
C. Know what your normal system activity looks like.
D. Study the activity signatures of the main types of attacks.

1
Question Nº 7
Why should you avoid deleting log files on a daily basis?
A. An incident may not be discovered for several days and valuable evidence could be lost.
B. Disk space is cheap and log files are used frequently.
C. Log files are protected and cannot be altered.
D. Any information in a log file is useless after it is several hours old.

Question Nº 8
According to the (ISC)2 Code of Ethics, how are CISSPs expected to act?
A. Honestly, diligently, responsibly, and legally.
B. Honorably, honestly, justly, responsibly, and legally.
C. Upholding the security policy and protecting the organization.
D. Trustworthy, loyally, friendly, courteously.

Question Nº 9
Which of the following actions are considered unacceptable and unethical according
to RFC 1087, “Ethics and the Internet?”
A. Actions that compromise the privacy of classified information.
B. Actions that compromise the privacy of users.
C. Actions that disrupt organizational activities.
D. Actions in which a computer is used in a manner inconsistent with a stated security
policy.

Question Nº 10
Under Civil Law, the victim is NOT entitled to which of the following types of
damages?
A. Statutory
B. Punitive
C. Compensatory
D. Imprisonment of the offender

Question Nº 11
Because of the nature of information that is stored on the computer, the investigation
and prosecution of computer criminal cases have specific characteristics, one of which
is:
A. Investigators and prosecutors have a longer time frame for the investigation.
B. The information is intangible.
C. The investigation does not usually interfere with the normal conduct of the business of
an organization.
D. Evidence is usually easy to gather.

2
Question 12
The ISC2 Code of Ethics does not include which of the following behaviors for a
CISSP:
A. Moral
B. Ethical
C. Legal
D. Control

Question Nº 13
One important tool of computer forensics is the disk image backup. The disk image
backup is:
A. Copying the system files.
B. Conducting a bit-level copy, sector by sector.
C. Copying the disk directory.
D. Copying and authenticating the system files.

Question Nº 14
Which of the following alternatives should NOT be used by law enforcement to gain
access to a password?
A. Using password "cracker" software.
B. Compelling the suspect to provide the password.
C. Contacting the developer of the software for information to gain access to the computer
or network through a back door.
D. Data manipulation and trial procedures applied to the original version of the system hard
disk.

Question Nº 15
The Internet Activities Board (IAB) considers which of the following behaviors
relative to the Internet as unethical?
A. Negligence in the conduct of Internet experiments.
B. Record-keeping whose very existence is secret.
C. Record-keeping in which an individual cannot find out what information concerning that
individual is in the record.
D. Improper dissemination and use of identifiable personal data.

Question Nº 16
What category of law deals with regulatory standards that regulate performance and
conduct?
A. Tort law
B. Conduct law
C. Criminal law
D. Administrative law

3
Question Nº 17
What is the primary reason for the chain of custody of evidence?
A. To ensure that no evidence is lost.
B. To ensure that all possible evidence is gathered.
C. To ensure that it will be admissible in court.
D. To ensure that incidents were handled with due care and due diligence.

Question Nº 18
Phreakers are hackers who specialize in telephone fraud. What type of telephone
fraud simulates the tones of coins being deposited into a payphone?
A. Red Box
B. Blue Box
C. White Box
D. Black Box

Question Nº 19
What is the most important rule to follow when collecting evidence?
A. Do not turn off a computer until you photograph the screen.
B. List all people present while collecting evidence.
C. Never modify evidence during the collection process.
D. Transfer all equipment to a secure storage location.

Question Nº 20
Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her
partner, Joe, she has developed a special oil that will dramatically improve the widget
manufacturing process. To keep the formula secret, Mary and Joe plan to make large
quantities of the oil by themselves in the plant after the other workers have left. They
would like to protect this formula for as long as possible. What type of intellectual
property protection best suits their needs?
A. Copyright
B. Trademark
C. Patent
D. Trade secret

4
INCORRECT.
Question:
Which of the following is NOT an example of two-factor authentication?
(A) personal ID and password
(B) smart card & fingerprint
(C) retina scan & password
(D) smart card & voice print
(E) ATM card & PIN

Your Answer(s):

The correct answer(s):

(A) personal ID and password

Explanation:

Authentication is based on three factor types:

1) Something you know, i.e. such as a personal identification number

2) Something you have, such as an ATM card
3) Something you are, such as a fingerprint or retina scan, voice print

Two-factor authentication is a security process in which the user provides two means of identification,
one of which is typically a physical token, such as a ATM card, and the other of which is typically
something memorized, such as a security code / PIN.

Some security procedures now require three-factor authentication, which involves possession of a
physical token and a password, used in conjunction with biometric data, such as fingerprint scanning or
a voiceprint.

On the other hand, a personal ID / password or PIN / password combo is NOT considered two-factor
authentication, as they only involve one factor of authentication. (something you know).

Copyright (c) CertGear Systems Page 1 12:19:04 PM ACT

INCORRECT.
Question:
Which of the following statements are true regarding the various performance metrics used in evaluating
the accuracy of a biometric system?
(A) FRR represents the percentage of invalid subjects that are incorrectly accepted.
(B) The lower the CER, the higher the accuracy of the biometric system
(C) FAR represents the percentage of valid subjects that are incorrectly rejected
(D) The clipping level determines the sensitivity level of a biometric system

Your Answer(s):

The correct answer(s):

(B) The lower the CER, the higher the accuracy of the biometric system

Explanation:

A biometric security system predetermines the threshold values for its false acceptance rate and its false
rejection rate, and when the rates are equal, the common value is referred to as the crossover error rate.
The value indicates that the proportion of false acceptances is equal to the proportion of false rejections.
The lower the crossover error rate value, the higher the accuracy of the biometric system.

The false rejection rate (FRR) represents the percentage of valid subjects that are incorrectly rejected.
The false acceptance rate (FAR) represents the percentage of invalid subjects that are incorrectly
accepted.

On the other hand, a clipping level is a parameter defining the threshold of the event to be logged. A
clipping level can be used to reduce the amount of data to be analyzed in audit logs. Setting thresholds
can reduce the number of errors logged.

Copyright (c) CertGear Systems Page 1 12:19:28 PM ACT

INCORRECT.
Question:
Which of the following is considered the weakest form of authentication?
(A) smart cards
(B) voice print
(C) retina scans
(D) fingerprint scans
(E) passwords

Your Answer(s):

The correct answer(s):

(E) passwords

Explanation:

Although passwords are the most widely used form of authentication, they are considered the weakest
form of authentication. Passwords are considered insecure because people generally chose weak
passwords and password-based authentication systems are prone to simple attacks such as password
guessing and dictionary attacks.

Copyright (c) CertGear Systems Page 1 12:20:01 PM ACT

INCORRECT.
Question:
Which of the following is an acceptable throughput rate for a biometric system?
(A) 4 subjects per minute
(B) 2 subjects per minute
(C) 10 subjects per minute
(D) 5 minutes per subject
(E) 2 minutes per subject

Your Answer(s):

The correct answer(s):

(C) 10 subjects per minute

Explanation:

An acceptable throughput rate for a biometric system is 6 - 10 seconds per subject, which corresponds to
6 to 10 subjects per minute.

References: http://www.ccert.edu.cn/education/cissp/Intro1.pdf

Copyright (c) CertGear Systems Page 1 12:20:20 PM ACT

INCORRECT.
Question:
With regards to Kerberos, all of the following information is contained in the TGT (Ticket Granting
Ticket) EXCEPT:
(A) ticket validity period
(B) client / TGS session key
(C) client network address
(D) client ID
(E) preauthentication key

Your Answer(s):

The correct answer(s):

(E) preauthentication key

Explanation:

Kerberos is a computer network authentication protocol which allows individuals communicating over
an insecure network to prove their identity to one another in a secure manner. Kerberos primarily
address the confidentiality / integrity of network communication & messages, and protects against
replay and eavesdropping attacks.

The Ticket Granting Ticket is a Kerberos ticket for the Ticket Granting Service. When a user first
authenticates to Kerberos, the user talks to the Authentication Service on the KDC (Key Distribution
Center) to get a Ticket Granting Ticket. This ticket is encrypted with the user's password.

When the user wants to talk to a "Kerberized service", the user uses the Ticket Granting Ticket to talk
to the Ticket Granting Service (which also runs on the KDC). The Ticket Granting Service verifies the
user's identity using the Ticket Granting Ticket and issues a ticket for the desired service.

The Ticket Granting Ticket exists so that a user does NOT have to enter in their password every time
they wish to connect to a Kerberized service or keep a copy of their password around. If the Ticket
Granting Ticket is compromised, an attacker can only masquerade as a user until the ticket expires.

The TGT contains the following information: client ID, client network address, ticket validity period,
and client / TGS session key. However, the TGT does NOT contain a preauthentication key.

References: http://web.mit.edu/kerberos/www/
References: http://en.wikipedia.org/wiki/Kerberos_(protocol)

Copyright (c) CertGear Systems Page 1 12:20:45 PM ACT

INCORRECT.
Question:
Which of the following is NOT an example of two-factor authentication?
(A) ATM card & PIN
(B) ATM card & smart card
(C) smart card & fingerprint
(D) smart card & voice print
(E) retina scan & password

Your Answer(s):

The correct answer(s):

(B) ATM card & smart card

Explanation:

Authentication is based on three factor types:

1) Something you know, i.e. such as a personal identification number

2) Something you have, such as an ATM card, smart card
3) Something you are, such as a fingerprint or retina scan, voice print

Two-factor authentication is a security process in which the user provides two means of identification,
one of which is typically a physical token, such as a ATM card, and the other of which is typically
something memorized, such as a security code / PIN.

Some security procedures now require three-factor authentication, which involves possession of a
physical token and a password, used in conjunction with biometric data, such as fingerprint scanning or
a voiceprint.

On the other hand, an ATM card / smart card combo is NOT considered two factor authentication, as it
only involves one factor of authentication. (something you have).

Copyright (c) CertGear Systems Page 1 12:21:05 PM ACT

INCORRECT.
Question:
All of the following are detective / administrative controls EXCEPT:
(A) environmental control systems
(B) vacation scheduling
(C) security awareness training
(D) job rotation
(E) background checks

Your Answer(s):

The correct answer(s):

(A) environmental control systems

Explanation:

Detective / administrative controls include background checks, security awareness training, job rotation,
and vacation scheduling.

On the other hand, environmental control systems are a preventive / physical control.

Copyright (c) CertGear Systems Page 1 12:21:29 PM ACT

INCORRECT.
Question:
All of the following are examples of a single-sign on service EXCEPT:
(A) KryptoKnight
(B) SESAME
(C) RADIUS
(D) Kerberos

Your Answer(s):

The correct answer(s):

(C) RADIUS

Explanation:

Kerberos, SESAME (Secure European System for Applications in a Multi-Vendor Environment), and
KryptoKnight are all single-sign on services. On the other hand, RADIUS is a remote authentication dial-in
service.

Copyright (c) CertGear Systems Page 1 12:21:54 PM ACT

INCORRECT.
Question:
All of the following statements are true regarding Role Based Access Control EXCEPT:
(A) RBAC is NOT suited for environments where there are frequent changes to personnel
(B) Users are granted membership into roles based on their competencies and responsibilities
(C) Operations that a user is permitted to perform is based on the user's role
(D) User membership can be revoked easily and new memberships established as job assignments dictate

Your Answer(s):

The correct answer(s):

(A) RBAC is NOT suited for environments where there are frequent changes to personnel

Explanation:

According to NIST, role based access control "are based on the roles that individual users have as part
of an organization. Users take on assigned roles (such as doctor, nurse, teller, manager). The process of
defining roles should be based on a thorough analysis of how an organization operates and should
include input from a wide spectrum of users in an organization."

Users are granted membership into roles based on their competencies and responsibilities and Operations
that a user is permitted to perform is based on the user's role. RBAC is suited for environments where
there are frequent changes to personnel as user membership can be revoked easily and new
memberships established as job assignments dictate.

On the other hand, mandatory access control, NOT RBAC, is a means of restricting access to objects
based on the sensitivity (as represented by a label, such as Top Secret) of information contained in the
objects.

References: http://csrc.nist.gov/rbac/NIST-ITL-RBAC-bulletin.html

Copyright (c) CertGear Systems Page 1 12:22:14 PM ACT

INCORRECT.
Question:
Which of the following statements are FALSE regarding the various performance metrics used in
evaluating the accuracy of a biometric system?
(A) None of the choices are correct
(B) FRR represents the percentage of valid subjects that are incorrectly rejected.
(C) FAR represents the percentage of invalid subjects that are incorrectly accepted.
(D) The higher the CER, the higher the accuracy of the biometric system

Your Answer(s):

The correct answer(s):

(D) The higher the CER, the higher the accuracy of the biometric system

Explanation:

A biometric security system predetermines the threshold values for its false acceptance rate and its false
rejection rate, and when the rates are equal, the common value is referred to as the crossover error rate.
The value indicates that the proportion of false acceptances is equal to the proportion of false rejections.
The lower the crossover error rate value, the higher the accuracy of the biometric system.

The false rejection rate (FRR) represents the percentage of valid subjects that are incorrectly rejected.
The false acceptance rate (FAR) represents the percentage of invalid subjects that are incorrectly
accepted.

Copyright (c) CertGear Systems Page 1 12:22:35 PM ACT

INCORRECT.
Question:
All of the following are potential factors used in context-dependent access control EXCEPT:
(A) location
(B) time of day
(C) information contained in item being accessed
(D) previous access history

Your Answer(s):

The correct answer(s):

(C) information contained in item being accessed

Explanation:

Context-dependent access control is concerned with the environment or the context of the data. It can
includes factors such as location, time of day, and previous access history. On the other hand,
content-dependent access control is concerned with the information contained in the items being accessed.

Copyright (c) CertGear Systems Page 1 12:22:59 PM ACT

INCORRECT.
Question:
A database view can be used to implement:
(A) labeling of sensitive materials
(B) referential integrity
(C) data normalization
(D) span of control
(E) least privilege

Your Answer(s):

The correct answer(s):

(E) least privilege

Explanation:

The principle of least privilege requires that users are only granted the most restricted (i.e. least privilege)
set of access privileges that are needed for them to perform their job functions. Database views can be
used to restrict access to certain information in the database, hide sensitive information, and enforce
content-dependent access restrictions. A view can be considered a virtual table that is dynamically derived
from the data from other tables through database operations, such as select's and join's.

Copyright (c) CertGear Systems Page 1 12:23:20 PM ACT

INCORRECT.
Question:
Which of the following BEST describes a clipping level?
(A) timing of secondary sign-on operations
(B) a trusted path
(C) a parameter defining the threshold of the event to be logged
(D) asynchronous dynamic token
(E) crossover error rate

Your Answer(s):

The correct answer(s):

(C) a parameter defining the threshold of the event to be logged

Explanation:

A clipping level is a parameter defining the threshold of the event to be logged. A clipping level can be used
to reduce the amount of data to be analyzed in audit logs. Setting thresholds can reduce the number of
errors logged.

Copyright (c) CertGear Systems Page 1 12:23:41 PM ACT

INCORRECT.
Question:
All of the following statements are true regarding Mandatory Access Control EXCEPT:
(A) Mandatory access control determines access decisions by examining the label of a process and the
label of an object.
(B) With mandatory access control, a user is not permitted to grant less restrictive access to their
resources than the administrator specifies.
(C) Mandatory access control is a technique to protect and contain computer processes, data, and
system devices from misuse.
(D) With mandatory access control, a user can fully control the access to resources that they create.

Your Answer(s):

The correct answer(s):

(D) With mandatory access control, a user can fully control the access to resources that they create.

Explanation:

Mandatory access control (MAC) is a technique to protect and contain computer processes, data, and
system devices from misuse.

Mandatory access control determines access decisions by examining the label of a process and the label
of an object. "To read an object, the label of the subject must dominate the label of the object. Reading
an object not only includes trying to read the contents of the file, but also trying to read any attribute
portion associated with the file, i.e., the access control information, the privilege information, the
contents of a directory, directory manipulation, etc. To alter an object, the label of the subject must
dominate the label of the object."

The most important feature of MAC is that the user CANNOT fully control the access to resources that
they create. Instead, the system security policy, which is usually set by the administrator, determines
the level of access that is to be granted. With MAC, a user is NOT permitted to grant less restrictive
access to their resources than the administrator specifies.

References: http://csrc.nist.gov/publications/nistpubs/800-7/node35.html
References: http://en.wikipedia.org/wiki/Mandatory_access_control

Copyright (c) CertGear Systems Page 1 12:24:00 PM ACT

INCORRECT.
Question:
Which of the following authentication protocol provides a simple method for the peer to establish its
identity using a 2-way handshake where the passwords are sent over the circuit "in the clear", and there
is no protection from playback or repeated trial and error attacks?
(A) PAP
(B) Kerberos
(C) TACAS
(D) CHAP
(E) RADIUS

Your Answer(s):

The correct answer(s):

(A) PAP

Explanation:

PAP (Password Authentication Protocol) is a simple method for the peer to establish its identity using a
2-way handshake where the passwords are sent over the circuit "in the clear", and there is no protection
from playback or repeated trial and error attacks. It is an access control protocol for dialing into a
network that provides only basic functionality. When the client logs onto the network, the network
access server (NAS) requests the username and password from the client and sends it to the
authentication server for verification. Since the password is sent over the line unencrypted from the
client, it provides password checking, but is not secure from eavesdropping

On the other hand, CHAP applies a three-way handshaking procedure. After the link is established, the
server sends a "challenge" message to the originator. The originator responds with a value calculated
using a one-way hash function. The server checks the response against its own calculation of the
expected hash value. If the values match, the authentication is acknowledged; otherwise the connection
is usually terminated.

CHAP provides protection against playback attack through the use of an incrementally changing
identifier and a variable challenge value. The authentication can be repeated any time while the
connection is open limiting the time of exposure to any single attack, and the server is in control of the
frequency and timing of the challenges.

References: http://www.faqs.org/rfcs/rfc1334.html

Copyright (c) CertGear Systems Page 1 12:24:24 PM ACT

INCORRECT.
Question:
An access control matrix can be used to define the access control rules. Which of the following aspects
of an access control matrix describes the level of access a user will have over specific resources?
(A) views
(B) rows
(C) access control list
(D) rows and columns
(E) columns
(F) schema

Your Answer(s):

The correct answer(s):

(B) rows

Explanation:

An access control matrix can be used to define the access control rules. An access control matrix lists
the users, groups and roles down the left-hand side, and all the resources and functions across the top.
Specifically, the rows of an access control matrix will describe the level of access a user will have over
specific resources, while the columns describe the access control list.

References: http://www.owasp.org/docroot/owasp/img/columns/jeffwilliams/acm.png

Copyright (c) CertGear Systems Page 1 12:24:46 PM ACT

INCORRECT.
Question:
In a mandatory access control environment, access decisions are dependent upon:
(A) domain
(B) labels
(C) roles
(D) tokens
(E) lattice

Your Answer(s):

The correct answer(s):

(B) labels

Explanation:

Mandatory access control (MAC) is a technique to protect and contain computer processes, data, and
system devices from misuse.

Mandatory access control determines access decisions by examining the label of a process and the label
of an object. "To read an object, the label of the subject must dominate the label of the object. Reading
an object not only includes trying to read the contents of the file, but also trying to read any attribute
portion associated with the file, i.e., the access control information, the privilege information, the
contents of a directory, directory manipulation, etc. To alter an object, the label of the subject must
dominate the label of the object."

The most important feature of MAC is that the user CANNOT fully control the access to resources that
they create. Instead, the system security policy, which is usually set by the administrator, determines
the level of access that is to be granted. With MAC, a user is NOT permitted to grant less restrictive
access to their resources than the administrator specifies.

References: http://csrc.nist.gov/publications/nistpubs/800-7/node35.html
References: http://en.wikipedia.org/wiki/Mandatory_access_control

Copyright (c) CertGear Systems Page 1 12:25:03 PM ACT

INCORRECT.
Question:
Which of the following access control mechanisms is BEST suited for a dynamic environment where
users should have full control to determine the level of access granted to their resources?
(A) rule-based access control
(B) content-dependent access control
(C) mandatory access control
(D) discretionary access control

Your Answer(s):

The correct answer(s):

(D) discretionary access control

Explanation:

Discretionary access control (DAC) systems are BEST suited for a dynamic environment where users
should have full control to determine the level of access granted to their resources. DAC permit users to
entirely determine the level of access granted to their resources.

The Telecom Glossary defines DAC as "A means of restricting access to objects based on the identity
and need-to-know of users and/or groups to which the object belongs. Controls are discretionary in the
sense that a subject with a certain access permission is capable of passing that permission (directly or
indirectly) to any other subject."

On the other hand, mandatory access control determines access decisions by examining the label of a
process and the label of an object. "To read an object, the label of the subject must dominate the label of
the object. Reading an object not only includes trying to read the contents of the file, but also trying to
read any attribute portion associated with the file, i.e., the access control information, the privilege
information, the contents of a directory, directory manipulation, etc. To alter an object, the label of the
subject must dominate the label of the object."

The most important feature of MAC is that the user CANNOT fully control the access to resources that
they create. Instead, the system security policy, which is usually set by the administrator, determines
the level of access that is to be granted. With MAC, a user is NOT permitted to grant less restrictive
access to their resources than the administrator specifies.

A rule-based access control system is a type of mandatory access control because the administrator
sets the rules and the users cannot edit the controls.

References: http://www.atis.org/tg2k/_discretionary_access_control.html
References: http://csrc.nist.gov/publications/nistpubs/800-7/node35.html
References: http://en.wikipedia.org/wiki/Mandatory_access_control

Copyright (c) CertGear Systems Page 1 12:25:22 PM ACT

INCORRECT.
Question:
All of the following statements regarding statistical anomaly based intrusion detection systems are true
EXCEPT:
(A) Anomaly based IDS analyze data to create baselines of normal operating profiles
(B) Anomaly based IDS examines ongoing traffic, activity, transactions, or behavior for matches with
known patterns of events specific to known attacks.
(C) Anomaly based IDS can detect when current operating behavior deviates statistically from the norm
(D) Anomaly-based IDS examines ongoing traffic, activity, and transactions for anomalies that may
indicate an attack

Your Answer(s):

The correct answer(s):

(B) Anomaly based IDS examines ongoing traffic, activity, transactions, or behavior for matches with
known patterns of events specific to known attacks.

Explanation:

Anomaly-based intrusion detection systems examine ongoing traffic, activity, and transactions for
anomalies that may indicate an attack. Anomaly based IDS analyze data to create baselines of normal
operating profiles and can detect when current operating behavior deviates statistically from the norm.

On the other hand, signature-based IDS, not anomaly based IDS, examines ongoing traffic, activity,
transactions, or behavior for matches with known patterns of events specific to known attacks.

References: http://netsecurity.about.com/cs/hackertools/a/aa030504.htm

Copyright (c) CertGear Systems Page 1 12:25:41 PM ACT

INCORRECT.
Question:
All of the following statements regarding RADIUS are true EXCEPT:
(A) RADIUS can be configured to support AAA services, such as authentication, accounting, and
authorization services
(B) RADIUS allows a company to maintain user profiles in a central database that all remote servers can
share
(C) RADIUS supports authentication schemes such as PAP, CHAP or EAP.
(D) RADIUS is an authentication protocol usually used for single-sign on services
(E) RADIUS is considered a centralized access control mechanism

Your Answer(s):

The correct answer(s):

(D) RADIUS is an authentication protocol usually used for single-sign on services

Explanation:

RADIUS (Remote Authentication Dial-In User Service) is a client/server authentication protocol that
enables remote access servers to communicate with a central server to authenticate / authorize dial-in
users. RADIUS provides a centralized (not decentralized) access control mechanism that allows a
company to maintain user profiles in a central database that all remote servers can share. RADIUS can
be configured to support AAA services, such as authentication, accounting, and authorization services,
and can be used to keep track of billing and network usage statistics. Lastly, RADIUS supports
authentication schemes such as PAP, CHAP or EAP.

However, RADIUS is NOT a single-sign-on service (SSO).

References: http://www.ietf.org/rfc/rfc2865.txt
References: http://en.wikipedia.org/wiki/RADIUS
References: http://www.cisco.com/warp/public/480/10.html#comp_udp_tcp

Copyright (c) CertGear Systems Page 1 12:25:57 PM ACT

INCORRECT.
Question:
You like to implement an access control mechanism that only allows access to sensitive data during
normal work hours from the main corporate office. Which of the following access control mechanisms
is BEST suited for your requirements?
(A) content-dependent access control
(B) context-dependent access control
(C) discretionary access control
(D) mandatory access control
(E) lattice-based access control

Your Answer(s):

The correct answer(s):

(B) context-dependent access control

Explanation:

Context-dependent access control is concerned with the environment or the context of the data. It can
includes factors such as location, time of day, and previous access history. On the other hand,
content-dependent access control is concerned with the information contained in the items being
accessed.

On the other hand, mandatory access control determines access decisions by examining the label of a
process and the label of an object. "To read an object, the label of the subject must dominate the label of
the object. Reading an object not only includes trying to read the contents of the file, but also trying to
read any attribute portion associated with the file, i.e., the access control information, the privilege
information, the contents of a directory, directory manipulation, etc. To alter an object, the label of the
subject must dominate the label of the object."

The most important feature of MAC is that the user CANNOT fully control the access to resources that
they create. Instead, the system security policy, which is usually set by the administrator, determines
the level of access that is to be granted. With MAC, a user is NOT permitted to grant less restrictive
access to their resources than the administrator specifies.

On the other hand, discretionary access control (DAC) systems is BEST suited for a dynamic
environment where users should have full control to determine the level of access granted to their
resources. DAC permit users to entirely determine the level of access granted to their resources.

The Telecom Glossary defines DAC as "A means of restricting access to objects based on the identity
and need-to-know of users and/or groups to which the object belongs. Controls are discretionary in the
sense that a subject with a certain access permission is capable of passing that permission (directly or
indirectly) to any other subject."

Copyright (c) CertGear Systems Page 1 12:26:18 PM ACT

INCORRECT.
Question:
An identity-based access control is BEST described as a type of:
(A) context-dependent access control
(B) discretionary access control
(C) non-discretionary access control
(D) mandatory access control

Your Answer(s):

The correct answer(s):

(B) discretionary access control

Explanation:

An identity-based access control system is a type of discretionary access control. The Telecom
Glossary defines DAC as "A means of restricting access to objects based on the identity and
need-to-know of users and/or groups to which the object belongs. Controls are discretionary in the
sense that a subject with a certain access permission is capable of passing that permission (directly or
indirectly) to any other subject."

Discretionary access control (DAC) systems is BEST suited for a dynamic environment where users
should have full control to determine the level of access granted to their resources. DAC permit users to
entirely determine the level of access granted to their resources.

On the other hand, mandatory access control determines access decisions by examining the label of a
process and the label of an object. "To read an object, the label of the subject must dominate the label of
the object. Reading an object not only includes trying to read the contents of the file, but also trying to
read any attribute portion associated with the file, i.e., the access control information, the privilege
information, the contents of a directory, directory manipulation, etc. To alter an object, the label of the
subject must dominate the label of the object."

The most important feature of MAC is that the user CANNOT fully control the access to resources that
they create. Instead, the system security policy, which is usually set by the administrator, determines
the level of access that is to be granted. With MAC, a user is NOT permitted to grant less restrictive
access to their resources than the administrator specifies.

References: http://csrc.nist.gov/publications/nistpubs/800-7/node35.html
References: http://en.wikipedia.org/wiki/Mandatory_access_control

Copyright (c) CertGear Systems Page 1 12:26:38 PM ACT

INCORRECT.
Question:
Which of the following access control mechanisms determines access decisions by examining the label
of a process and the label of an object?
(A) Lattice-based access control
(B) Mandatory access control
(C) Role-based access control
(D) Discretionary access control

Your Answer(s):

The correct answer(s):

(B) Mandatory access control

Explanation:

Mandatory access control (MAC) is a technique to protect and contain computer processes, data, and
system devices from misuse.

Mandatory access control determines access decisions by examining the label of a process and the label
of an object. "To read an object, the label of the subject must dominate the label of the object. Reading
an object not only includes trying to read the contents of the file, but also trying to read any attribute
portion associated with the file, i.e., the access control information, the privilege information, the
contents of a directory, directory manipulation, etc. To alter an object, the label of the subject must
dominate the label of the object."

The most important feature of MAC is that the user CANNOT fully control the access to resources that
they create. Instead, the system security policy, which is usually set by the administrator, determines
the level of access that is to be granted. With MAC, a user is NOT permitted to grant less restrictive
access to their resources than the administrator specifies.

References: http://csrc.nist.gov/publications/nistpubs/800-7/node35.html
References: http://en.wikipedia.org/wiki/Mandatory_access_control

Copyright (c) CertGear Systems Page 1 12:27:00 PM ACT

INCORRECT.
Question:
Which of the following metrics BEST determines the accuracy of a bio-metric system?
(A) false acceptance rate
(B) crossover error rate
(C) sensitivity levels
(D) false rejection rate

Your Answer(s):

The correct answer(s):

(B) crossover error rate

Explanation:

A biometric security system predetermines the threshold values for its false acceptance rate and its false
rejection rate, and when the rates are equal, the common value is referred to as the crossover error rate.
The value indicates that the proportion of false acceptances is equal to the proportion of false rejections.
The lower the crossover error rate value, the higher the accuracy of the biometric system.

References: http://www.sibelle.info/oped4.htm
References: http://www.findbiometrics.com/Pages/lead3.html

Copyright (c) CertGear Systems Page 1 12:27:16 PM ACT

INCORRECT.
Question:
All of the following statements regarding RADIUS are true EXCEPT:
(A) RADIUS does not provide for multi-protocol support, such as NetBIOS Frame Protocol Control
protocol.
(B) RADIUS is considered a centralized access control mechanism
(C) RADIUS uses TCP
(D) RADIUS supports authentication schemes such as PAP, CHAP or EAP.
(E) RADIUS can be configured to support AAA services, such as authentication, accounting, and
authorization services

Your Answer(s):

The correct answer(s):

(C) RADIUS uses TCP

Explanation:

RADIUS (Remote Authentication Dial-In User Service) is a client/server authentication protocol that
enables remote access servers to communicate with a central server to authenticate / authorize dial-in
users. RADIUS provides a centralized (not decentralized) access control mechanism that allows a
company to maintain user profiles in a central database that all remote servers can share. RADIUS can
be configured to support AAA services, such as authentication, accounting, and authorization services,
and can be used to keep track of billing and network usage statistics. Lastly, RADIUS supports
authentication schemes such as PAP, CHAP or EAP.

In addition, RADIUS does NOT support these protocols:

AppleTalk Remote Access (ARA) protocol

NetBIOS Frame Protocol Control protocol
Novell Asynchronous Services Interface (NASI)
X.25 PAD connection

However, TACACS+ uses the Transmission Control Protocol (TCP - port 49) while RADIUS uses the
User Datagram Protocol (UDP).

References: http://www.cisco.com/warp/public/614/7.html
References: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094ea4.shtml
References: http://www.cisco.com/warp/public/480/10.html#comp_udp_tcp

Copyright (c) CertGear Systems Page 1 12:27:36 PM ACT

INCORRECT.
Question:
Kerberos is an example of:
(A) capability-based system
(B) content-dependent access control
(C) rule-based system
(D) discretionary access control

Your Answer(s):

The correct answer(s):

(A) capability-based system

Explanation:

Kerberos is a computer network authentication protocol which allows individuals communicating over an
insecure network to prove their identity to one another in a secure manner. Kerberos primarily address the
confidentiality / integrity of network communication & messages, and protects against replay and
eavesdropping attacks.

Kerberos is an example of a capability-based system. Specifically, in a Kerberos environment, a user is

issued a ticket (capability table), which is bound to the user and dictates the level of access granted to
various computing resources.

Copyright (c) CertGear Systems Page 1 12:27:57 PM ACT

INCORRECT.
Question:
All of the following statements are true regarding Kerberos EXCEPT:
(A) Since the KDC holds all of the passwords for all of the principals in a realm, if host security on the
KDC is compromised, then the entire realm is compromised
(B) If a user's Kerberos password is stolen by an attacker, then the attacker can impersonate that user.
(C) If an attacker breaks into a multi-user machine and steals all of the tickets stored on that machine,
he can impersonate the users who have tickets stored on that machine for an indefinite period of time.
(D) Kerberos makes no provisions for host security; it assumes that it is running on trusted hosts with
an untrusted network

Your Answer(s):

The correct answer(s):

(C) If an attacker breaks into a multi-user machine and steals all of the tickets stored on that machine,
he can impersonate the users who have tickets stored on that machine for an indefinite period of time.

Explanation:

Kerberos is a computer network authentication protocol which allows individuals communicating over
an insecure network to prove their identity to one another in a secure manner. Kerberos primarily
address the confidentiality / integrity of network communication & messages, and protects against
replay and eavesdropping attacks.

Kerberos primarily address the confidentiality / integrity of network communication & messages, and
protects against replay and eavesdropping attacks. Kerberos assumes that network communications are
insecure and vulnerable to compromise, such as through eavesdropping and replay attacks.

However, Kerberos makes no provisions for host security; it assumes that it is running on trusted hosts
with an untrusted network. If the host security is compromised, then Kerberos is compromised as well.

Furthermore, if a user's Kerberos password is stolen by an attacker, then the attacker can impersonate
that user.

In addition, since the KDC holds all of the passwords for all of the principals in a realm, if host security
on the KDC is compromised, then the entire realm is compromised.

On the other hand, if an attacker breaks into a multi-user machine and steals all of the tickets stored on
that machine, he can impersonate the users who have tickets stored on that machine. However, the
attacker will only be able to impersonate the users for a limited period of time, only until the tickets
expire.

References: http://web.mit.edu/kerberos/www/
References: http://en.wikipedia.org/wiki/Kerberos_(protocol)
Copyright (c) CertGear Systems Page 1 12:28:17 PM ACT
INCORRECT.
Question:
Which of the following is NOT a performance metric used in evaluating the accuracy of a biometric
system?
(A) False Rejection Rate
(B) Crossover Error Rate
(C) Clipping levels
(D) False Acceptance Rate

Your Answer(s):

The correct answer(s):

(C) Clipping levels

Explanation:

A biometric security system predetermines the threshold values for its false acceptance rate and its false
rejection rate, and when the rates are equal, the common value is referred to as the crossover error rate.
The value indicates that the proportion of false acceptances is equal to the proportion of false rejections.
The lower the crossover error rate value, the higher the accuracy of the biometric system.

The false rejection rate (FRR) represents the percentage of valid subjects that is incorrectly rejected.
The false acceptance rate (FAR) represents the percentage of invalid subjects that are incorrectly
accepted.

On the other hand, a clipping level is a parameter defining the threshold of the event to be logged. A
clipping level can be used to reduce the amount of data to be analyzed in audit logs. Setting thresholds
can reduce the number of errors logged.

Copyright (c) CertGear Systems Page 1 12:28:33 PM ACT

INCORRECT.
Question:
Which of the following services contains a copy of every encryption key associated with every principal
and stores the principals in a database, also known as the Kerberos database?
(A) TGS
(B) LSA
(C) AS
(D) KDC
(E) TGT

Your Answer(s):

The correct answer(s):

(D) KDC

Explanation:

Kerberos is a computer network authentication protocol which allows individuals communicating over
an insecure network to prove their identity to one another in a secure manner. Kerberos primarily
address the confidentiality / integrity of network communication & messages, and protects against
replay and eavesdropping attacks.

The KDC is service which implements Kerberos authentication via the Authentication Service (AS) and
the Ticket Granting Service (TGS). The KDC has a copy of every encryption key associated with every
principal. Most KDC implementations store the principals in a database, also known as the Kerberos
database.

On the other hand, the AS (Authentication Service) service runs on the Key Distribution Centre (KDC)
server. It authenticates a client logon and issues a Ticket Granting Ticket (TGT) for future
authentication.

The TGS (Ticket Granting Service) service runs on the KDC server. It grants tickets to TGT holding
clients for a specific application server or resource.

Kerberos is an example of a capability-based system. Specifically, in a Kerberos environment, a user is

issued a ticket (capability table), which is bound to the user and dictates the level of access granted to
various computing resources.

References: http://web.mit.edu/kerberos/www/
References: http://en.wikipedia.org/wiki/Kerberos_(protocol)

Copyright (c) CertGear Systems Page 1 12:28:52 PM ACT

INCORRECT.
Question:
All of the following statements regarding RADIUS are true EXCEPT:
(A) RADIUS supports authentication schemes such as PAP, CHAP or EAP.
(B) RADIUS can be configured to support AAA services, such as authentication, accounting, and
authorization services
(C) RADIUS is an authentication protocol usually used for dial-up users
(D) RADIUS is considered a decentralized access control mechanism
(E) RADIUS allows a company to maintain user profiles in a central database that all remote servers can
share

Your Answer(s):

The correct answer(s):

(D) RADIUS is considered a decentralized access control mechanism

Explanation:

RADIUS (Remote Authentication Dial-In User Service) is a client/server authentication protocol that
enables remote access servers to communicate with a central server to authenticate / authorize dial-in
users. RADIUS provides a centralized (not decentralized) access control mechanism that allows a
company to maintain user profiles in a central database that all remote servers can share. RADIUS can
be configured to support AAA services, such as authentication, accounting, and authorization services,
and can be used to keep track of billing and network usage statistics. Lastly, RADIUS supports
authentication schemes such as PAP, CHAP or EAP.

References: http://www.ietf.org/rfc/rfc2865.txt
References: http://en.wikipedia.org/wiki/RADIUS

Copyright (c) CertGear Systems Page 1 12:29:11 PM ACT

INCORRECT.
Question:
All of the following statements are true regarding Role Based Access Control EXCEPT:
(A) Operations that a user is permitted to perform is based on the user's role
(B) Users are granted membership into roles based on their competencies and responsibilities
(C) RBAC is suited for environments where there are frequent changes to personnel
(D) RBAC is a means of restricting access to objects based on the sensitivity of information contained
in the objects
(E) User membership can be revoked easily and new memberships established as job assignments dictate

Your Answer(s):

The correct answer(s):

(D) RBAC is a means of restricting access to objects based on the sensitivity of information contained
in the objects

Explanation:

According to NIST, role based access control "are based on the roles that individual users have as part
of an organization. Users take on assigned roles (such as doctor, nurse, teller, manager). The process of
defining roles should be based on a thorough analysis of how an organization operates and should
include input from a wide spectrum of users in an organization."

Users are granted membership into roles based on their competencies and responsibilities and operations
that a user is permitted to perform is based on the user's role. RBAC is suited for environments where
there are frequent changes to personnel as user membership can be revoked easily and new
memberships established as job assignments dictate.

On the other hand, mandatory access control, NOT RBAC, is a means of restricting access to objects
based on the sensitivity (as represented by a label, such as Top Secret) of information contained in the
objects.

References: http://csrc.nist.gov/rbac/NIST-ITL-RBAC-bulletin.html

Copyright (c) CertGear Systems Page 1 12:29:29 PM ACT

INCORRECT.
Question:
All of the following can be used to prevent electronic eavesdropping of signal emanations of electronic
devices EXCEPT:
(A) CCTV
(B) white noise
(C) control zones
(D) TEMPEST

Your Answer(s):

The correct answer(s):

(A) CCTV

Explanation:

When modern electrical devices operate they generate electromagnetic fields. Digital computers, radio
equipment, typewriters, and so on generate massive amounts of electromagnetic signals which if
properly intercepted and processed will allow certain amounts of information to be reconstructed based
on these "compromising emanations".

TEMPEST is an official acronym for "Telecommunications Electronics Material Protected From

Emanating Spurious Transmissions" and includes technical security countermeasures and standards to
shield / masks signals that are radiated from electronic devices.

Alternatives to TEMPEST include using white noise to generate random electric signals to prevent an
attacker from deciphering the real signal / information from the randomly generated signals. In addition,
control zones can be constructed using special materials to shield electric signals within the facility to
prevent attackers from being able to access the electric signals.

On the other hand, CCTV (closed-circuit television) will NOT prevent electronic eavesdropping of
signal emanations.

References: http://www.shmoo.com/tempest/emr.pdf
References: http://www.tscm.com/TSCM101tempest.html

Copyright (c) CertGear Systems Page 1 12:29:51 PM ACT

INCORRECT.
Question:
Which of the following BEST describes asynchronous dynamic password tokens?
(A) None of the choices are correct
(B) a new and unique password that is generated without regards to a fixed time window
(C) sequence of characters that is usually longer than the allotted number of characters for a password
(D) a new and unique password that is generated at fixed time intervals

Your Answer(s):

The correct answer(s):

(B) a new and unique password that is generated without regards to a fixed time window

Explanation:

Synchronous dynamic password tokens: The synchronous dynamic password tokens generate new
passwords at certain time intervals that are synched with the main system. The password is generated
on a small device similar to a pager or a calculator that can often be attached to the user's key ring.
Each password is only valid for a certain time period, typing in the wrong password in the wrong time
period will invalidate the authentication. The time factor can also be the systems downfall. If a clock on
the system or the password token device becomes out of synch, a user can have troubles authenticating
themselves to the system.

Asynchronous dynamic password tokens: The asynchronous dynamic password tokens work on the
same principal as the synchronous one, but unlike synchronous dynamic password tokens, it is NOT
dependent upon a fixed time window. Instead, an asynchronous token may use a challenge-response
mechanism to determine whether the user is valid.

Pass phrase: sequence of characters that is usually longer than the allotted number of characters for a
password

Challenge Response Tokens: Challenge-Response is an authentication process that requires a correct

reply be provided as response to a given challenge. The response is usually a value computed from an
unpredictable challenge value. After the user enters the identification value, the authentication server
sends a challenge value. The user then enters that value into the token device, which then returns a
value called a token. The user sends that value back to the server, which validates the token against the
username.

References: http://www.mcmcse.com/comptia/security/guide.shtml

Copyright (c) CertGear Systems Page 1 12:30:10 PM ACT

INCORRECT.
Question:
Which of the following is an example of two-factor authentication?
(A) ATM card
(B) personal ID and password
(C) ATM card & PIN
(D) PIN and password
(E) smart card

Your Answer(s):

The correct answer(s):

(C) ATM card & PIN

Explanation:

Authentication is based on three factor types:

1) Something you know, i.e. such as a personal identification number

2) Something you have, such as an ATM card
3) Something you are, such as a fingerprint or retina scan, voice print

Two-factor authentication is a security process in which the user provides two means of identification,
one of which is typically a physical token, such as a ATM card, and the other of which is typically
something memorized, such as a security code / PIN.

Some security procedures now require three-factor authentication, which involves possession of a
physical token and a password, used in conjunction with biometric data, such as fingerprint scanning or
a voiceprint.

On the other hand, a personal ID / password or PIN / password combo is NOT considered two-factor
authentication, as they only involve one factor of authentication. (something you know).

Copyright (c) CertGear Systems Page 1 12:30:28 PM ACT

INCORRECT.
Question:
All of the following are examples of administrative controls EXCEPT:
(A) security awareness training
(B) backing up of files
(C) policies and procedures
(D) background checks
(E) review of vacation history

Your Answer(s):

The correct answer(s):

(B) backing up of files

Explanation:

Administrative controls include policies and procedures, background checks, review of vacation history,
and security awareness training.

On the other hand, backing up of files is a physical control, NOT an administrative control.

Copyright (c) CertGear Systems Page 1 12:30:48 PM ACT

INCORRECT.
Question:
Which of the following database features can be used to enforce the principle of least privilege?
(A) stored procedures
(B) primary keys
(C) views
(D) relations
(E) triggers

Your Answer(s):

The correct answer(s):

(C) views

Explanation:

The principle of least privilege requires that users are only granted the most restricted (i.e. least privilege)
set of access privileges that are needed for them to perform their job functions. Database views can be
used to restrict access to certain information in the database, hide sensitive information, and enforce
content-dependent access restrictions. A view can be considered a virtual table that is dynamically derived
from the data from other tables through database operations, such as select's and join's.

Copyright (c) CertGear Systems Page 1 12:31:14 PM ACT

INCORRECT.
Question:
All of the following are preventive/technical controls EXCEPT:
(A) constrained user interfaces
(B) labeling of sensitive materials
(C) smart cards
(D) database views
(E) call-back systems

Your Answer(s):

The correct answer(s):

(B) labeling of sensitive materials

Explanation:

Preventive / technical controls enforce access control policies through technology implementation. Such
controls include callback systems, constrained user interfaces, database views, and smart cards.

On the other hand, labeling of sensitive materials is a preventive / administrative control, and NOT a
preventive / technical control.

Copyright (c) CertGear Systems Page 1 12:31:33 PM ACT

INCORRECT.
Question:
All of the following are examples of technical or logical controls EXCEPT:
(A) access control lists
(B) smart cards
(C) thermal detectors
(D) encryption

Your Answer(s):

The correct answer(s):

(C) thermal detectors

Explanation:

Logical or technical controls include encryption, smart cards, and access control lists. On the other hand,
thermal detectors are a physical control.

Copyright (c) CertGear Systems Page 1 12:31:49 PM ACT

INCORRECT.
Question:
All of the following statements are true regarding Role Based Access Control EXCEPT:
(A) Operations that a user is permitted to perform is based on the user's role
(B) Users are granted membership into roles based on their competencies and responsibilities
(C) RBAC is a type of discretionary access control
(D) RBAC is suited for environments where there are frequent changes to personnel

Your Answer(s):

The correct answer(s):

(C) RBAC is a type of discretionary access control

Explanation:

According to NIST, role based access control "are based on the roles that individual users have as part
of an organization. Users take on assigned roles (such as doctor, nurse, teller, manager). The process of
defining roles should be based on a thorough analysis of how an organization operates and should
include input from a wide spectrum of users in an organization."

Users are granted membership into roles based on their competencies and responsibilities and Operations
that a user is permitted to perform is based on the user's role. RBAC is suited for environments where
there are frequent changes to personnel as user membership can be revoked easily and new
memberships established as job assignments dictate.

On the other hand, role-based access control is a form of non-discretionary access control, as a central
authority determines what subjects can have access to objects based on the individual's role in the
organization.

References: http://csrc.nist.gov/rbac/NIST-ITL-RBAC-bulletin.html

Copyright (c) CertGear Systems Page 1 12:32:09 PM ACT

INCORRECT.
Question:
All of the following statements regarding statistical anomaly based intrusion detection systems are true
EXCEPT:
(A) Anomaly based IDS analyze data to create baselines of normal operating profiles
(B) Anomaly based IDS can detect when current operating behavior deviates statistically from the norm
(C) Anomaly based IDS must be constantly updated to be able to compare and match activities against
large collections of attack signatures
(D) Anomaly-based IDS examines ongoing traffic, activity, and transactions for anomalies that may
indicate an attack

Your Answer(s):

The correct answer(s):

(C) Anomaly based IDS must be constantly updated to be able to compare and match activities against
large collections of attack signatures

Explanation:

Anomaly-based intrusion detection systems examine ongoing traffic, activity, and transactions for
anomalies that may indicate an attack. Anomaly based IDS analyze data to create baselines of normal
operating profiles and can detect when current operating behavior deviates statistically from the norm.

On the other hand, signature-based IDS, not anomaly based IDS, must be constantly updated to be able
to compare and match activities against large collections of attack signatures.

References: http://netsecurity.about.com/cs/hackertools/a/aa030504.htm

Copyright (c) CertGear Systems Page 1 12:32:26 PM ACT

INCORRECT.
Question:
Which of the following authentication protocols applies a three-way handshaking procedure where the
server sends a "challenge" message to the originator, after the link is established?
(A) TACAS
(B) Kerberos
(C) RADIUS
(D) PAP
(E) CHAP

Your Answer(s):

The correct answer(s):

(E) CHAP

Explanation:

CHAP applies a three-way handshaking procedure. After the link is established, the server sends a
"challenge" message to the originator. The originator responds with a value calculated using a one-way
hash function. The server checks the response against its own calculation of the expected hash value. If
the values match, the authentication is acknowledged; otherwise the connection is usually terminated.

CHAP provides protection against playback attack through the use of an incrementally changing
identifier and a variable challenge value. The authentication can be repeated any time while the
connection is open limiting the time of exposure to any single attack, and the server is in control of the
frequency and timing of the challenges.

CHAP is defined in RFC 1334.

On the other hand, PAP (Password Authentication Protocol) is an access control protocol for dialing
into a network that provides only basic functionality. When the client logs onto the network, the
network access server (NAS) requests the username and password from the client and sends it to the
authentication server for verification. Since the password is sent over the line unencrypted from the
client, it provides password checking, but is not secure from eavesdropping

References: http://www.networksorcery.com/enp/protocol/CHAP.htm
References: http://www.faqs.org/rfcs/rfc1334.html

Copyright (c) CertGear Systems Page 1 12:32:42 PM ACT

INCORRECT.
Question:
Which of the following statements are true regarding asynchronous dynamic password tokens?
(A) Asynchronous dynamic password tokens are a means of identifying or authenticating the identity of
a living person based on psychological or behavioral characteristics.
(B) If a clock on the system or the password token device becomes out of synch, a user can have
trouble authenticating themselves to the system.
(C) None of the statements are correct
(D) Asynchronous dynamic password tokens generate new passwords at certain time intervals that are
synched with the main system.

Your Answer(s):

The correct answer(s):

(C) None of the statements are correct

Explanation:

Synchronous dynamic password tokens: The synchronous dynamic password tokens generate new
passwords at certain time intervals that are synched with the main system. The password is generated
on a small device similar to a pager or a calculator that can often be attached to the user's key ring.
Each password is only valid for a certain time period, typing in the wrong password in the wrong time
period will invalidate the authentication. The time factor can also be the systems downfall. If a clock on
the system or the password token device becomes out of synch, a user can have troubles authenticating
themselves to the system.

Asynchronous dynamic password tokens: The asynchronous dynamic password tokens work on the
same principal as the synchronous one, but unlike synchronous dynamic password tokens, it is NOT
dependent upon a fixed time window. Instead, an asynchronous token may use a challenge-response
mechanism to determine whether the user is valid.

Pass phrase: sequence of characters that is usually longer than the allotted number of characters for a
password

Challenge Response Tokens: Challenge-Response is an authentication process that requires a correct

reply be provided as response to a given challenge. The response is usually a value computed from an
unpredictable challenge value. After the user enters the identification value, the authentication server
sends a challenge value. The user then enters that value into the token device, which then returns a
value called a token. The user sends that value back to the server, which validates the token against the
username.

References: http://www.mcmcse.com/comptia/security/guide.shtml

Copyright (c) CertGear Systems Page 1 12:33:02 PM ACT

INCORRECT.
Question:
Which of the following statements are true regarding CHAP authentication protocol?
(A) CHAP provides password checking, but is NOT secure from eavesdropping
(B) CHAP provides protection against playback attack through the use of an incrementally changing
identifier and a variable challenge value
(C) CHAP stands for Confidential Handshake Authentication Protocol
(D) CHAP is a simple method for the peer to establish its identity using a 2-way handshake

Your Answer(s):

The correct answer(s):

(B) CHAP provides protection against playback attack through the use of an incrementally changing
identifier and a variable challenge value

Explanation:

CHAP (Challenge Handshake Authentication Protocol) applies a three-way handshaking procedure. After
the link is established, the server sends a "challenge" message to the originator. The originator responds
with a value calculated using a one-way hash function. The server checks the response against its own
calculation of the expected hash value. If the values match, the authentication is acknowledged;
otherwise the connection is usually terminated.

CHAP provides protection against playback attack through the use of an incrementally changing
identifier and a variable challenge value. The authentication can be repeated any time while the
connection is open limiting the time of exposure to any single attack, and the server is in control of the
frequency and timing of the challenges.

On the other hand, PAP (Password Authentication Protocol) is a simple method for the peer to establish
its identity using a 2-way handshake where the passwords are sent over the circuit "in the clear", and
there is no protection from playback or repeated trial and error attacks. It is an access control protocol
for dialing into a network that provides only basic functionality. When the client logs onto the network,
the network access server (NAS) requests the username and password from the client and sends it to
the authentication server for verification. Since the password is sent over the line unencrypted from the
client, it provides password checking, but is not secure from eavesdropping

References: http://www.faqs.org/rfcs/rfc1334.html
References: http://www.networksorcery.com/enp/protocol/CHAP.htm

Copyright (c) CertGear Systems Page 1 12:33:23 PM ACT

INCORRECT.
Question:
All of the following are types of restricted interfaces EXCEPT:
(A) shells
(B) database views
(C) menus
(D) capability tables
(E) keypads

Your Answer(s):

The correct answer(s):

(D) capability tables

Explanation:

Constrained user interfaces provide a mechanism of access control by limiting / restricting user's abilities
to perform certain functions or view sensitive information. Types of restricted interfaces include menus
and shells, database views, and physically constrained interfaces. Physically constrained interfaces
including keypads that only provide certain functions and keys.

On the other hand, capability tables are NOT a type of restricted interface. Instead, capability tables
describe the level of access a particular subject has over various resources.

Copyright (c) CertGear Systems Page 1 12:33:44 PM ACT

INCORRECT.
Question:
You organization is in the process of adopting a biometric system to use as part of user-authentication.
Your team is currently evaluating different biometric systems, such as fingerprint scans, retina scans,
and voice recognition systems. You are comparing the FRR of the different systems. One of the
systems has a high FRR. Which of the following is TRUE?
(A) The higher the FRR, the higher the accuracy of the biometric system.
(B) A high FRR indicates that a small number of valid subjects are incorrectly rejected.
(C) A high FRR indicates that a small number of invalid subjects are incorrectly accepted
(D) A high FRR indicates that a large number of invalid subjects are incorrectly accepted
(E) A high FRR indicates that a large number of valid subjects are incorrectly rejected.

Your Answer(s):

The correct answer(s):

(E) A high FRR indicates that a large number of valid subjects are incorrectly rejected.

Explanation:

A biometric security system predetermines the threshold values for its false acceptance rate and its false
rejection rate, and when the rates are equal, the common value is referred to as the crossover error rate.
The value indicates that the proportion of false acceptances is equal to the proportion of false rejections.
The lower the crossover error rate value, the higher the accuracy of the biometric system.

The false rejection rate (FRR) represents the percentage of valid subjects that are incorrectly rejected.
The false acceptance rate (FAR) represents the percentage of invalid subjects that are incorrectly
accepted.

Hence, a high FRR indicates that a large number of valid subjects are incorrectly rejected.

Copyright (c) CertGear Systems Page 1 12:34:05 PM ACT

INCORRECT.
Question:
All of the following are valid types of intrusion detection systems EXCEPT:
(A) HIDS
(B) anomaly-based
(C) NIDS
(D) stateful-inspection
(E) signature-based

Your Answer(s):

The correct answer(s):

(D) stateful-inspection

Explanation:

An intrusion detection system (IDS) monitors network traffic and monitors for suspicious activity and
alerts the system or network administrator. The following are types of IDS systems:

NIDS - network based intrusion detection systems

HIDS - host-based intrusion detection systems

Anomaly-based IDS - examine ongoing traffic, activity, and transactions for anomalies that may indicate
an attack.

Signature-based IDS - examines ongoing traffic, activity, transactions, or behavior for matches with
known patterns of events specific to known attacks.

On the other hand, stateful-inspection is a type of firewall, and NOT IDS.

References: http://netsecurity.about.com/cs/hackertools/a/aa030504.htm

Copyright (c) CertGear Systems Page 1 12:34:44 PM ACT

INCORRECT.
Question:
Kerberos makes certain assumptions about the environment in which it is deployed. All of the following
are assumptions made by Kerberos EXCEPT:
(A) Assumes that the network is not vulnerable to replay attacks.
(B) Assumes that network connections are vulnerable to compromise
(C) Assumes that workstations are secured against physical attacks
(D) Assumes that users won't choose weak passwords

Your Answer(s):

The correct answer(s):

(A) Assumes that the network is not vulnerable to replay attacks.

Explanation:

Kerberos is an authentication service developed at MIT that allows users and services to authenticate
themselves to each other. Kerberos was designed to eliminate the need to demonstrate possession of
private or secret information (the password) by divulging the information itself. Kerberos is based on
the key distribution model developed by Needham and Schroeder. A key is used to encrypt and decrypt
short messages, and is itself typically a short sequence of bytes. Keys provide the basis for the
authentication in Kerberos.

Kerberos primarily address the confidentiality / integrity of network communication & messages, and
protects against replay and eavesdropping attacks. Kerberos assumes that network communications are
insecure and vulnerable to compromise, such as through eavesdropping and replay attacks.

However, Kerberos does NOT directly protect against attacks involving the physical security of the
machine or dictionary attacks against weak passwords chosen by the user. Instead, Kerberos assumes
that users won't choose weak passwords and that workstations are secured against physical attacks.

References: http://web.mit.edu/kerberos/www/
References: http://en.wikipedia.org/wiki/Kerberos_(protocol)

Copyright (c) CertGear Systems Page 1 12:35:03 PM ACT

INCORRECT.
Question:
Which of the following is an acceptable enrollment time for a biometric system?
(A) 2 subjects per minute
(B) 2 minutes per subject
(C) 5 minutes per subject
(D) 4 subjects per minute

Your Answer(s):

The correct answer(s):

(B) 2 minutes per subject

Explanation:

An acceptable enrollment time for a biometric system is 2 minutes per subject.

Copyright (c) CertGear Systems Page 1 12:35:32 PM ACT

INCORRECT.
Question:
You organization is in the process of adopting a biometric system to use as part of user-authentication.
Your team is currently evaluating different biometric systems, such as fingerprint scans, retina scans,
and voice recognition systems. You are comparing the FAR of the different systems. One of the
systems has a high FAR. Which of the following is TRUE?
(A) A high FAR indicates that a large number of invalid subjects are incorrectly accepted
(B) A high FAR indicates that a small number of invalid subjects are incorrectly accepted
(C) A high FAR indicates that a small number of valid subjects that are incorrectly rejected.
(D) A high FAR indicates that a large number of valid subjects that are incorrectly rejected.
(E) The higher the FAR, the higher the accuracy of the biometric system.

Your Answer(s):

The correct answer(s):

(A) A high FAR indicates that a large number of invalid subjects are incorrectly accepted

Explanation:

A biometric security system predetermines the threshold values for its false acceptance rate and its false
rejection rate, and when the rates are equal, the common value is referred to as the crossover error rate.
The value indicates that the proportion of false acceptances is equal to the proportion of false rejections.
The lower the crossover error rate value, the higher the accuracy of the biometric system.

The false rejection rate (FRR) represents the percentage of valid subjects that are incorrectly rejected.
The false acceptance rate (FAR) represents the percentage of invalid subjects that are incorrectly
accepted.

Hence, a high FAR indicates that a large number of invalid subjects are incorrectly accepted.

Copyright (c) CertGear Systems Page 1 12:35:53 PM ACT

 INCORRECT.
Question:
You are in the process of implementing an access control model throughout your organization. Your
environment requires a higher security level and you want to ensure that only the administrator grants
access control. Which of the following access control model is the BEST choice?
(A) discretionary access control
(B) lattice-based access control
(C) mandatory access control
(D) context-dependent access control
(E) content-dependent access control

Your Answer(s):

The correct answer(s):

(C) mandatory access control

Explanation:

Mandatory access control determines access decisions by examining the label of a process and the label
of an object. "To read an object, the label of the subject must dominate the label of the object. Reading
an object not only includes trying to read the contents of the file, but also trying to read any attribute
portion associated with the file, i.e., the access control information, the privilege information, the
contents of a directory, directory manipulation, etc. To alter an object, the label of the subject must
dominate the label of the object."

The most important feature of MAC is that the user CANNOT fully control the access to resources that
they create. Instead, the system security policy, which is usually set by the administrator, determines
the level of access that is to be granted. With MAC, a user is NOT permitted to grant less restrictive
access to their resources than the administrator specifies.

If the environment requires a higher security level where only the administrator can grant access
control, then mandatory access control is the best choice.

On the other hand, discretionary access control (DAC) systems is BEST suited for a dynamic
environment where users should have full control to determine the level of access granted to their
resources. DAC permit users to entirely determine the level of access granted to their resources.

The Telecom Glossary defines DAC as "A means of restricting access to objects based on the identity
and need-to-know of users and/or groups to which the object belongs. Controls are discretionary in the
sense that a subject with a certain access permission is capable of passing that permission (directly or
indirectly) to any other subject."

Context-dependent access control is concerned with the environment or the context of the data. It can
includes factors such as location, time of day, and previous access history. On the other hand,
content-dependent access control is concerned with the information contained in the items being
accessed.

References: http://www.atis.org/tg2k/_discretionary_access_control.html
References: http://csrc.nist.gov/publications/nistpubs/800-7/node35.html

Copyright (c) CertGear Systems Page 1 12:36:17 PM ACT

INCORRECT.
Question:
Which of the following BEST describes technology that is used to shield signal emanations to prevent
electronic eavesdropping?
(A) Honeypot
(B) TACACS
(C) TEMPEST
(D) RADIUS
(E) IDS

Your Answer(s):

The correct answer(s):

(C) TEMPEST

Explanation:

When modern electrical devices operate they generate electromagnetic fields. Digital computers, radio
equipment, typewriters, and so on generate massive amounts of electromagnetic signals which if
properly intercepted and processed will allow certain amounts of information to be reconstructed based
on these "compromising emanations".

TEMPEST is an official acronym for "Telecommunications Electronics Material Protected From

Emanating Spurious Transmissions" and includes technical security countermeasures and standards to
shield / masks signals that are radiated from electronic devices.

References: http://www.shmoo.com/tempest/emr.pdf
References: http://www.tscm.com/TSCM101tempest.html

Copyright (c) CertGear Systems Page 1 12:36:41 PM ACT

INCORRECT.
Question:
All of the following statements regarding TACACS+ are true EXCEPT:
(A) TACACS+ provides multi-protocol support, such as NetBIOS Frame Protocol Control protocol
(B) TACACS+ provides access control for routers, network access servers and other networked
computing devices
(C) TACACS+ does not provide support for Kerberos
(D) TACACS+ uses the Transmission Control Protocol (TCP) while RADIUS uses the User Datagram
Protocol (UDP)
(E) TACACS+ provides separate authentication, authorization and accounting services

Your Answer(s):

The correct answer(s):

(C) TACACS+ does not provide support for Kerberos

Explanation:

TACACS+ is a protocol which provides access control for routers, network access servers and other
networked computing devices and provides separate authentication, authorization and accounting
services. TACACS+ is considered a centralized (not decentralized) access control mechanism which
provides AAA (authentication, authorization and accounting) services through one or more centralized
servers. TACACS+ uses the Transmission Control Protocol (TCP - port 49) while RADIUS uses the
User Datagram Protocol (UDP).

TACACS+ provides support for various authentication schemes, including Kerberos as well as dynamic
passwords using security tokens. In addition, TACAS+ provides multi-protocol support, such as
support for NetBIOS Frame Protocol Control protocol.

References: http://www.cisco.com/warp/public/614/7.html
References: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094ea4.shtml
References: http://www.cisco.com/warp/public/480/10.html#comp_udp_tcp

Copyright (c) CertGear Systems Page 1 12:37:04 PM ACT

INCORRECT.
Question:
All of the following statements regarding TACACS+ are true EXCEPT:
(A) TACACS+ utilizes TCP port 49.
(B) TACACS+ provides separate authentication, authorization and accounting services
(C) TACACS+ provides access control for routers, network access servers and other networked
computing devices
(D) TACACS+ uses the Transmission Control Protocol (TCP) while RADIUS uses the User Datagram
Protocol (UDP)
(E) TACACS+ is considered a decentralized access control mechanism

Your Answer(s):

The correct answer(s):

(E) TACACS+ is considered a decentralized access control mechanism

Explanation:

TACACS+ is a protocol which provides access control for routers, network access servers and other
networked computing devices and provides separate authentication, authorization and accounting
services. TACACS+ is considered a centralized (not decentralized) access control mechanism which
provides AAA (authentication, authorization and accounting) services through one or more centralized
servers. TACACS+ uses the Transmission Control Protocol (TCP - port 49) while RADIUS uses the
User Datagram Protocol (UDP).

References: http://www.cisco.com/warp/public/614/7.html
References: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094ea4.shtml

Copyright (c) CertGear Systems Page 1 12:37:28 PM ACT

INCORRECT.
Question:
Which of the following BEST describes a token that generates new passwords at certain time intervals
that are synched with the main system?
(A) synchronous dynamic password token
(B) time-sensitive dynamic password token
(C) challenge response token
(D) challenge handshake authentication protocol
(E) asynchronous dynamic password token

Your Answer(s):

The correct answer(s):

(A) synchronous dynamic password token

Explanation:

Synchronous dynamic password tokens: The synchronous dynamic password tokens generate new
passwords at certain time intervals that are synched with the main system. The password is generated
on a small device similar to a pager or a calculator that can often be attached to the user's key ring.
Each password is only valid for a certain time period, typing in the wrong password in the wrong time
period will invalidate the authentication. The time factor can also be the systems downfall. If a clock on
the system or the password token device becomes out of synch, a user can have troubles authenticating
themselves to the system.

Asynchronous dynamic password tokens: The asynchronous dynamic password tokens work on the
same principal as the synchronous one, but unlike synchronous dynamic password tokens, it is NOT
dependent upon a fixed time window. Instead, an asynchronous token may use a challenge-response
mechanism to determine whether the user is valid.

Pass phrase: sequence of characters that is usually longer than the allotted number of characters for a
password

Challenge Response Tokens: Challenge-Response is an authentication process that requires a correct

reply be provided as response to a given challenge. The response is usually a value computed from an
unpredictable challenge value. After the user enters the identification value, the authentication server
sends a challenge value. The user then enters that value into the token device, which then returns a
value called a token. The user sends that value back to the server, which validates the token against the
username.

References: http://www.mcmcse.com/comptia/security/guide.shtml

Copyright (c) CertGear Systems Page 1 12:37:50 PM ACT

INCORRECT.
Question:
All of the following are preventive / physical controls EXCEPT:
(A) biometrics for identification
(B) fences
(C) man-trap
(D) video cameras
(E) environmental control systems

Your Answer(s):

The correct answer(s):

(D) video cameras

Explanation:

Preventive / physical controls include controls that are intended to restrict physical access to critical areas.
Such controls include fences, man-trap, environmental control systems, and biometrics.

On the other hand, video cameras are a detective / physical control.

Copyright (c) CertGear Systems Page 1 12:38:12 PM ACT

INCORRECT.
Question:
All of the following are weakness / vulnerabilities in the Kerberos protocol EXCEPT:
(A) Kerberos does NOT protect against denial of service attacks
(B) Kerberos does NOT protect against replay attacks
(C) Kerberos does NOT protect against physical attacks against the client
(D) Password guessing can be used to impersonate a client
(E) Kerberos does NOT protect against dictionary attacks

Your Answer(s):

The correct answer(s):

(B) Kerberos does NOT protect against replay attacks

Explanation:

Kerberos is a computer network authentication protocol which allows individuals communicating over
an insecure network to prove their identity to one another in a secure manner. Kerberos primarily
address the confidentiality / integrity of network communication & messages, and protects against
replay and eavesdropping attacks.

However, Kerberos makes no provisions for host security; it assumes that it is running on trusted hosts
with an untrusted network. If the host security is compromised, then Kerberos is compromised as well.

Furthermore, if a user's Kerberos password is stolen by an attacker, then the attacker can impersonate
that user. In addition, password guessing can be used to impersonate a client.

Kerberos also does NOT address the availability of systems, and will NOT protect against denial of
service attacks.

Lastly, another weakness in Kerberos is the ability to do an offline dictionary attacks by requested a
TGT for a user and just trying different passwords until you find one that decrypts the TGT
successfully.

References: http://web.mit.edu/kerberos/www/
References: http://en.wikipedia.org/wiki/Kerberos_(protocol)

Copyright (c) CertGear Systems Page 1 12:38:37 PM ACT

INCORRECT.
Question:
All of the following are weakness / vulnerabilities in the Kerberos protocol EXCEPT:
(A) Password guessing can be used to impersonate a client
(B) Kerberos does NOT protect against physical attacks against the client
(C) None of the choices are correct
(D) The KDC is a single point of failure
(E) Kerberos does NOT protect against dictionary attacks

Your Answer(s):

The correct answer(s):

(C) None of the choices are correct

Explanation:

Kerberos is a computer network authentication protocol which allows individuals communicating over
an insecure network to prove their identity to one another in a secure manner. Kerberos primarily
address the confidentiality / integrity of network communication & messages, and protects against
replay and eavesdropping attacks.

However, Kerberos makes no provisions for host security; it assumes that it is running on trusted hosts
with an untrusted network. If the host security is compromised, then Kerberos is compromised as well.

Furthermore, if a user's Kerberos password is stolen by an attacker, then the attacker can impersonate
that user. In addition, password guessing can be used to impersonate a client.

Kerberos also does NOT address the availability of systems, and will NOT protect against denial of
service attacks. The KDC is a single point of failure. In fact, if the KDC is down, no one will be able to
access computing resources.

Lastly, another weakness in Kerberos is the ability to do an offline dictionary attacks by requested a
TGT for a user and just trying different passwords until you find one that decrypts the TGT
successfully.

References: http://web.mit.edu/kerberos/www/
References: http://en.wikipedia.org/wiki/Kerberos_(protocol)

Copyright (c) CertGear Systems Page 1 12:39:07 PM ACT

INCORRECT.
Question:
A rule-based access control system is BEST described as a type of:
(A) context-dependent access control
(B) discretionary access control
(C) non-discretionary access control
(D) mandatory access control

Your Answer(s):

The correct answer(s):

(D) mandatory access control

Explanation:

A rule-based access control system is a type of mandatory access control because the administrator
sets the rules and the users cannot edit the controls. Mandatory access control determines access
decisions by examining the label of a process and the label of an object. "To read an object, the label of
the subject must dominate the label of the object. Reading an object not only includes trying to read the
contents of the file, but also trying to read any attribute portion associated with the file, i.e., the access
control information, the privilege information, the contents of a directory, directory manipulation, etc.
To alter an object, the label of the subject must dominate the label of the object."

The most important feature of MAC is that the user CANNOT fully control the access to resources that
they create. Instead, the system security policy, which is usually set by the administrator, determines
the level of access that is to be granted. With MAC, a user is NOT permitted to grant less restrictive
access to their resources than the administrator specifies.

On the other hand, discretionary access control (DAC) systems is BEST suited for a dynamic
environment where users should have full control to determine the level of access granted to their
resources. DAC permit users to entirely determine the level of access granted to their resources.

The Telecom Glossary defines DAC as "A means of restricting access to objects based on the identity
and need-to-know of users and/or groups to which the object belongs. Controls are discretionary in the
sense that a subject with a certain access permission is capable of passing that permission (directly or
indirectly) to any other subject."

References: http://www.atis.org/tg2k/_discretionary_access_control.html
References: http://csrc.nist.gov/publications/nistpubs/800-7/node35.html
References: http://en.wikipedia.org/wiki/Mandatory_access_control

Copyright (c) CertGear Systems Page 1 12:39:27 PM ACT

 INCORRECT.
Question:
Which of the following statements regarding discretionary access control system is TRUE?
(A) In DAC, a user with a certain access permission is capable of passing that permission (directly or
indirectly) to any other subject
(B) DAC determines access decisions by examining the label of a process and the label of an object.
(C) In DAC, a user is NOT permitted to grant less restrictive access to their resources than the
administrator specifies.
(D) Discretionary access control is NOT suited for a dynamic environment where users should have
full control to determine the level of access granted to their resources

Your Answer(s):

The correct answer(s):

(A) In DAC, a user with a certain access permission is capable of passing that permission (directly or
indirectly) to any other subject

Explanation:

Discretionary access control (DAC) systems are BEST suited for a dynamic environment where users
should have full control to determine the level of access granted to their resources. DAC permit users to
entirely determine the level of access granted to their resources.

The Telecom Glossary defines DAC as "A means of restricting access to objects based on the identity
and need-to-know of users and/or groups to which the object belongs. Controls are discretionary in the
sense that a subject with a certain access permission is capable of passing that permission (directly or
indirectly) to any other subject."

On the other hand, mandatory access control determines access decisions by examining the label of a
process and the label of an object. "To read an object, the label of the subject must dominate the label of
the object. Reading an object not only includes trying to read the contents of the file, but also trying to
read any attribute portion associated with the file, i.e., the access control information, the privilege
information, the contents of a directory, directory manipulation, etc. To alter an object, the label of the
subject must dominate the label of the object."

The most important feature of MAC is that the user CANNOT fully control the access to resources that
they create. Instead, the system security policy, which is usually set by the administrator, determines
the level of access that is to be granted. With MAC, a user is NOT permitted to grant less restrictive
access to their resources than the administrator specifies.

A rule-based access control system is a type of mandatory access control because the administrator
sets the rules and the users cannot edit the controls.

References: http://www.atis.org/tg2k/_discretionary_access_control.html
References: http://csrc.nist.gov/publications/nistpubs/800-7/node35.html
Copyright (c) CertGear Systems Page 1 12:39:49 PM ACT
INCORRECT.
Question:
All of the following factors would affect the how often passwords should be changed EXCEPT:
(A) the importance of the information being safeguarded
(B) the frequency of password usage
(C) the type of operating system
(D) the roles and responsibilities of the user

Your Answer(s):

The correct answer(s):

(C) the type of operating system

Explanation:

A password aging policy describes how often passwords should be changed. The password aging policy
should account for the frequency of password usage, the importance of the information being safeguarded,
and the roles and responsibilities of the user.

On the other hand, the type of operating system is NOT a factor that affects the password aging policy.

Copyright (c) CertGear Systems Page 1 12:40:10 PM ACT

INCORRECT.
Question:
Which of the following BEST describes the difference between capability tables and access control lists?
(A) A capability table is bound to a subject, while an access control list is bound to an object
(B) They is no functional difference between capability tables and access control lists
(C) A capability table is bound to an object, while an access control list is bound to a subject
(D) A capability table is a table of objects and subjects describing what actions can be performed by
individual subjects

Your Answer(s):

The correct answer(s):

(A) A capability table is bound to a subject, while an access control list is bound to an object

Explanation:

A capability table describes the access privileges that a specific subject possesses with respect to
specific objects.

An access control matrix is a table of objects and subjects describing what actions can be performed by
individual subjects.

The primary difference between a capability table and an access control list is that a capability table is
bound to a subject, while an access control list is bound to an object.

Copyright (c) CertGear Systems Page 1 12:40:36 PM ACT

INCORRECT.
Question:
With regards to Kerberos, all of the following information is contained in the TGT (Ticket Granting
Ticket) EXCEPT:
(A) client network address
(B) authorization key
(C) client ID
(D) client / TGS session key
(E) ticket validity period

Your Answer(s):

The correct answer(s):

(B) authorization key

Explanation:

Kerberos is a computer network authentication protocol which allows individuals communicating over
an insecure network to prove their identity to one another in a secure manner. Kerberos primarily
address the confidentiality / integrity of network communication & messages, and protects against
replay and eavesdropping attacks.

The Ticket Granting Ticket is a Kerberos ticket for the Ticket Granting Service. When a user first
authenticates to Kerberos, the user talks to the Authentication Service on the KDC (Key Distribution
Center) to get a Ticket Granting Ticket. This ticket is encrypted with the user's password.

When the user wants to talk to a "Kerberized service", the user uses the Ticket Granting Ticket to talk
to the Ticket Granting Service (which also runs on the KDC). The Ticket Granting Service verifies the
user's identity using the Ticket Granting Ticket and issues a ticket for the desired service.

The Ticket Granting Ticket exists so that a user does NOT have to enter in their password every time
they wish to connect to a Kerberized service or keep a copy of their password around. If the Ticket
Granting Ticket is compromised, an attacker can only masquerade as a user until the ticket expires.

The TGT contains the following information: client ID, client network address, ticket validity period,
and client / TGS session key. However, the TGT does NOT contain a preauthentication key.

References: http://web.mit.edu/kerberos/www/
References: http://en.wikipedia.org/wiki/Kerberos_(protocol)

Copyright (c) CertGear Systems Page 1 12:41:09 PM ACT

 KillTest
*KIJGT  3 WCNKV [   $ GV V GT  5 GT X KE G

Q&A

NZZV ]]]QORRZKYZIUS

=KULLKXLXKK[VJGZKYKX\OIKLUXUTK_KGX
 The safer , easier way to help you pass any IT exams.

Exam : CISSP

Title : Certified Information

Systems Security
Professional (CISSP)

Version : Demo

1/7
 The safer , easier way to help you pass any IT exams.

1.All of the following are basic components of a security policy EXCEPT the

A. definition of the issue and statement of relevant terms.

B. statement of roles and responsibilities
C. statement of applicability and compliance requirements.
D. statement of performance of characteristics and requirements.
Answer: D

2.A security policy would include all of the following EXCEPT

A. Background
B. Scope statement
C. Audit requirements
D. Enforcement
Answer: B

3.Which one of the following is an important characteristic of an information security policy?

A. Identifies major functional areas of information.

B. Quantifies the effect of the loss of the information.
C. Requires the identification of information owners.
D. Lists applications that support the business function.
Answer: A

4.Ensuring the integrity of business information is the PRIMARY concern of

A. Encryption Security
B. Procedural Security.
C. Logical Security
D. On-line Security
Answer: B

5.Which of the following would be the first step in establishing an information security
program?
A.) Adoption of a corporate information security policy statement
B.) Development and implementation of an information security standards manual
C.) Development of a security awareness-training program
D.) Purchase of security access control software

Answer: A

6.Which of the following department managers would be best suited to oversee the
development of an information security policy?
A.) Information Systems

2/7
 The safer , easier way to help you pass any IT exams.

B.) Human Resources

C.) Business operations
D.) Security administration

Answer: C

7.What is the function of a corporate information security policy?

A. Issue corporate standard to be used when addressing specific security problems.

B. Issue guidelines in selecting equipment, configuration, design, and secure operations.
C. Define the specific assets to be protected and identify the specific tasks which must be completed to

secure them.
D. Define the main security objectives which must be achieved and the security framework to meet
business

objectives.
Answer: D

8.Why must senior management endorse a security policy?

A. So that they will accept ownership for security within the organization.
B. So that employees will follow the policy directives.
C. So that external bodies will recognize the organizations commitment to security.
D. So that they can be held legally accountable.
Answer: A

9.In which one of the following documents is the assignment of individual roles and
responsibilities MOST appropriately defined?

A. Security policy
B. Enforcement guidelines
C. Acceptable use policy
D. Program manual
Answer: C

10.Which of the following defines the intent of a system security policy?

A. A definition of the particular settings that have been determined to provide optimum security.
B. A brief, high-level statement defining what is and is not permitted during the operation of the system.
C. A definition of those items that must be excluded on the system.
D. A listing of tools and applications that will be used to protect the system.
Answer: A

3/7
 The safer , easier way to help you pass any IT exams.

11.When developing an information security policy, what is the FIRST step that should be taken?

A. Obtain copies of mandatory regulations.

B. Gain management approval.
C. Seek acceptance from other departments.
D. Ensure policy is compliant with current working practices.
Answer: B

12.Which one of the following should NOT be contained within a computer policy?

A. Definition of management expectations.

B. Responsibilities of individuals and groups for protected information.
C. Statement of senior executive support.
D. Definition of legal and regulatory controls.
Answer: B

13.Which one of the following is NOT a fundamental component of a Regulatory Security Policy?

A. What is to be done.
B. When it is to be done.
C. Who is to do it.
D. Why is it to be done
Answer: C

14.Which one of the following statements describes management controls that are instituted to
implement a security policy?

A. They prevent users from accessing any control function.

B. They eliminate the need for most auditing functions.
C. They may be administrative, procedural, or technical.
D. They are generally inexpensive to implement.
Answer: C

15.Which must bear the primary responsibility for determining the level of protection needed
for information systems resources?
A.) IS security specialists
B.) Senior Management
C.) Seniors security analysts
D.) system auditors
Answer: B

16.Which of the following choices is NOT part of a security policy?

A.) definition of overall steps of information security and the importance of security
B.) statement of management intend, supporting the goals and principles of information security

4/7
 The safer , easier way to help you pass any IT exams.

C.) definition of general and specific responsibilities for information security management
D.) description of specific technologies used in the field of information security

Answer: D

17.In an organization, an Information Technology security function should:

A.) Be a function within the information systems functions of an organization
B.) Report directly to a specialized business unit such as legal, corporate security or insurance
C.) Be lead by a Chief Security Officer and report directly to the CEO
D.) Be independent but report to the Information Systems function

Answer: C

18.Which of the following embodies all the detailed actions that personnel are required to
follow?
A.) Standards
B.) Guidelines
C.) Procedures
D.) Baselines

Answer: C

19.A significant action has a state that enables actions on an ADP system to be traced to individuals
who may then be held responsible. The action does NOT include:

A. Violations of security policy.

B. Attempted violations of security policy.
C. Non-violations of security policy.
D. Attempted violations of allowed actions.
Answer: D

20.Network Security is a
A.) Product
B.) protocols
C.) ever evolving process
D.) quick-fix solution

Answer: C

21.Security is a process that is:

A. Continuous
B. Indicative
C. Examined

5/7
 The safer , easier way to help you pass any IT exams.

D. Abnormal
Answer: A

22.What are the three fundamental principles of security?

A.) Accountability, confidentiality, and integrity
B.) Confidentiality, integrity, and availability
C.) Integrity, availability, and accountability
D.) Availability, accountability, and confidentiality

Answer: B

23.Which of the following prevents, detects, and corrects errors so that the integrity,
availability, and confidentiality of transactions over networks may be maintained?
A.) Communications security management and techniques
B.) Networks security management and techniques
C.) Clients security management and techniques
D.) Servers security management and techniques
Answer: A

24.Making sure that the data is accessible when and where it is needed is which of the
following?
A.) Confidentiality
B.) integrity
C.) acceptability
D.) availability
Answer: D

25.Which of the following describes elements that create reliability and stability in networks
and systems and which assures that connectivity is accessible when needed?
A.) Availability
B.) Acceptability
C.) Confidentiality
D.) Integrity
Answer: A

26.Most computer attacks result in violation of which of the following security properties?

A. Availability
B. Confidentiality
C. Integrity and control
D. All of the choices.
Answer: D

27.Which of the following are objectives of an information systems security program?

6/7
 The safer , easier way to help you pass any IT exams.

A. Threats, vulnerabilities, and risks

B. Security, information value, and threats
C. Integrity, confidentiality, and availability.
D. Authenticity, vulnerabilities, and costs.
Answer: C

28.An area of the Telecommunications and Network Security domain that directly affects the
Information Systems Security tenet of Availability can be defined as:
A.) Netware availability
B.) Network availability
C.) Network acceptability
D.) Network accountability
Answer: B

29.The Structures, transmission methods, transport formats, and security measures that are
used to provide integrity, availability, and authentication, and confidentiality for
transmissions over private and public communications networks and media includes:
A.) The Telecommunications and Network Security domain
B.) The Telecommunications and Netware Security domain
C.) The Technical communications and Network Security domain
D.) The Telnet and Security domain
Answer: A

30.Which one of the following is the MOST crucial link in the computer security chain?

A. Access controls
B. People
C. Management
D. Awareness programs
Answer: C

7/7
CNET 56A Summer 2009 Final Exam

Multiple Choice
Identify the choice that best completes the statement or answers the question.

____ 1. ____ is the verification of the credentials to ensure that they are genuine and not fabricated.
a. Authentication c. Authorization
b. Identification d. Access

____ 2. ____ is granting permission for admittance.

a. Authentication c. Authorization
b. Identification d. Access

____ 3. ____ time is the time it takes for a key to be pressed and then released.
a. Hit c. Flight
b. Dwell d. Type

____ 4. ____, such as using an OTP (what a person has) and a password (what a person knows), enhances security,
particularly if different types of authentication methods are used.
a. Standard biometrics c. Cognitive biometrics
b. Federated identity management d. Two-factor authentication

____ 5. In information security, a ____ is the likelihood that a threat agent will exploit a vulnerability.
a. hole c. risk
b. threat d. weakness

____ 6. The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks
might occur.
a. risk modeling c. weakness modeling
b. threat modeling d. vulnerability modeling

____ 7. TCP/IP uses a numeric value as an identifier to applications and services on the systems. These are known as
the ____.
a. process c. port number
b. socket d. protocol

____ 8. ____ are software tools that can identify all the systems connected to a network.
a. Port scanners c. ICMP mappers
b. Network mappers d. ICMP scanners

____ 9. The key feature of a protocol analyzer is that it places the computer’s network interface card (NIC) adapter
into ____, meaning that NIC does not ignore packets intended for other systems and shows all network
traffic.
a. promiscuous mode c. traffic mode
b. listening mode d. sniffing mode

____ 10. ____ is a generic term that refers to a range of products that look for vulnerabilities in networks or systems.
a. Port scanner c. Ping
b. Network mapper d. Vulnerability scanner

1
CNET 56A Final Exam

____ 11. ____ is a method of evaluating the security of a computer system or network by simulating a malicious attack
instead of just scanning for vulnerabilities.
a. Vulnerability scanning c. Port scanning
b. Network mapping d. Penetration testing

____ 12. ____ is the process of assigning and revoking privileges to objects; that is, it covers the procedures of
managing object authorizations.
a. Privilege assignment c. Privilege auditing
b. Privilege management d. Privilege configuration

____ 13. The Microsoft ____ infrastructure is a mechanism to centrally configure and secure a common set of
computer and user configurations and security settings to Windows servers, desktops, and users in an AD.
a. Security Template c. Auditing
b. Baseline d. Group Policy

____ 14. ____ is part of the pre-trial phase of a lawsuit in which each party through the law of civil procedure can
request documents and other evidence from other parties or can compel the production of evidence by using a
subpoena.
a. Discovery c. Interview
b. Interrogation d. Retention

____ 15. ILM strategies are typically recorded in ____ policies.

a. user security c. data confidentiality
b. storage and retention d. group

____ 16. ____ assigns a level of business importance, availability, sensitivity, security and regulation requirements to
data.
a. Usage auditing c. Usage classification
b. Security auditing d. Data classification

____ 17. ____ is the process for generating, transmitting, storing, analyzing, and disposing of computer security log
data.
a. Log management c. Event management
b. Log auditing d. Event auditing

____ 18. A ____ monitor is typically a low-level system program that uses a notification engine designed to monitor
and track down hidden activity on a desktop system, server, or even personal digital assistant (PDA) or cell
phone.
a. performance c. behavior
b. baseline d. system

____ 19. Symmetric encryption is also called ____ key cryptography.

a. open c. public
b. close d. private

____ 20. A ____ cipher rearranges letters without changing them.

a. transposition c. substitution
b. monoalphabetic d. homoalphabetic

2
CNET 56A Final Exam

____ 21. A ____ cipher manipulates an entire block of plaintext at one time.
a. substitution c. stream
b. block d. transposition

____ 22. ____ was approved by the NIST in late 2000 as a replacement for DES.
a. AES c. Twofish
b. 3DES d. Blowfish

____ 23. ____ encryption uses two keys instead of one. These keys are mathematically related and are known as the
public key and the private key.
a. Asymmetric c. Private
b. Symmetric d. Open

____ 24. The strength of the ____ algorithm is that it allows two users to share a secret key securely over a public
network.
a. DES c. Diffie-Hellman
b. RSA d. AES

____ 25. Microsoft’s ____ is a cryptography system for Windows operating systems that use the Windows NTFS file
system.
a. GPG c. PGP
b. AES d. EFS

____ 26. ____ is essentially a chip on the motherboard of the computer that provides cryptographic services.
a. EFS c. BitLocker
b. TPM d. AES

____ 27. Some organizations set up a subordinate entity, called a ____, to handle some CA tasks such as processing
certificate requests and authenticating users.
a. Remote Authority (RA) c. Registration Authority (RA)
b. Delegation Authority (DA) d. Handle Authority (HA)

____ 28. The ____ trust model is the basis for digital certificates issued by Internet users.
a. distributed c. direct
b. hierarchical d. web of

____ 29. The ____ provides recommended baseline security requirements for the use and operation of CA, RA, and
other PKI components.
a. certificate practice statement c. baseline policy
b. certificate policy d. CA policy

____ 30. ____ refers to a situation in which keys are managed by a third party, such as a trusted CA.
a. Expiration c. Key escrow
b. Renewal d. Revocation

____ 31. ____ is a protocol that guarantees privacy and data integrity between applications communicating over the
Internet.
a. FTP c. HTTP
b. TLS d. CRL

3
CNET 56A Final Exam

____ 32. ____ systems spray the fire area with pressurized water.
a. Dry chemical c. Chemical agent
b. Water sprinkler d. Clean agent

____ 33. ____ systems disperse a fine, dry powder over the fire.
a. Clean agent c. Water sprinkler
b. Clean chemical d. Dry chemical

____ 34. In a(n) ____ server cluster, every server in the cluster performs useful work. If one server fails, the remaining
servers continue to perform their normal work as well as that of the failed server.
a. asymmetric c. symmetric
b. redundant d. network

____ 35. A system of hard drives based on redundancy can be achieved through using a technology known as ____,
which uses multiple hard disk drives for increased reliability and performance.
a. MTBF c. ESD
b. VPN d. RAID

____ 36. RAID Level 5 distributes ____ data (a type of error checking) across all drives instead of using a separate
drive to hold the parity error checking information.
a. mirroring c. segmenting
b. stripping d. parity

____ 37. A(n) ____ UPS is always running off its battery while the main power runs the battery charger.
a. battery c. off-line
b. on-line d. mirroring

____ 38. A ____ site is generally run by a commercial disaster recovery service that allows a business to continue
computer and network operations to maintain business continuity.
a. hot c. cold
b. warm d. cool

____ 39. A ____ site provides office space but the customer must provide and install all the equipment needed to
continue operations.
a. cool c. warm
b. cold d. hot

____ 40. The ____ is defined as the maximum length of time that an organization can tolerate between backups.
a. RPO c. D2D
b. RTO d. D2D2T

____ 41. The ____ is simply the length of time it will take to recover the data that has been backed up.
a. D2D2T c. RTO
b. RPO d. D2D

____ 42. An alternative to using magnetic tape is to back up to magnetic disk, such as a large hard drive or RAID
configuration. This is known as ____.
a. RTO c. D2D2T
b. RPO d. D2D

4
CNET 56A Final Exam

____ 43. ____ is the application of science to questions that are of interest to the legal profession.
a. Chain of custody c. Forensics
b. RTO d. RPO

____ 44. At its core, a(n) ____ policy is a document that outlines the protections that should be enacted to ensure that
the organization’s assets face minimal risks.
a. safety c. change management
b. acceptable use d. security

____ 45. A ____ is a document that outlines specific requirements or rules that must be met.
a. standard c. guideline
b. policy d. recommendation

____ 46. ____ involves determining the damage that would result from an attack and the likelihood that the
vulnerability is a risk to the organization.
a. Risk assessment c. Vulnerability appraisal
b. Risk mitigation d. Asset identification

____ 47. ____ are a person’s fundamental beliefs and principles used to define what is good, right, and just.
a. Norms c. Values
b. Morals d. Ethics

____ 48. ____ can be defined as the study of what a group of people understand to be good and right behavior and how
people make those judgments.
a. Ethics c. Values
b. Codes d. Morals

____ 49. ____ relies on tricking and deceiving someone to provide secure information.
a. Worm c. Trojan horse
b. Virus d. Social engineering

____ 50. One of the most common forms of social engineering is ____, or sending an e-mail or displaying a Web
announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into
surrendering private information.
a. dumpster diving c. computer hoax
b. phishing d. pharming

5
 Lesson/Domain 5: Telecommunications and
networking
Quiz questions
1. Trunk lines are used in which one of the following scenarios?
A. Remote office ISDN wiring for an employee
B. Communication between two switches at a central office
C. Internal wiring in a token ring architecture
D. Communication between terminals for different classes of traffic

2. There are different types of Internet connection technologies with different

characteristics. Which of the following is an “always on” technology?
A. BRI
B. PRI
C. Dial-up
D. DSL

3. Which is not true about Trivial File Transfer Protocol (TFTP)?

A. It has a smaller subset of commands compared to FTP.
B. It has less functionality than FTP.
C. It could allow any user read and write privileges.
D. Encrypted passwords provide the only form of security.

4. Because ARP does not perform authentication, it is vulnerable to what two

types of attacks?
A. Table poisoning
B. Masquerading
C. Fragment
D. Birthday

5. What protocol protects the IP header as well as the upper-layer protocol

headers above IP?
A. RARP
B. IPSec
C. FDDI
D. SLIP

6. Which is not considered a firewall architecture used to protect networks?

A. Screened host
1
 B. Screened subnet
C. NAT gateway
D. Dual-homed host

7. When a router modifies an unregistered IP address of a computer into a

registered IP address to send out through an external link, it is performing
____________.
A. Network Address Translation
B. Polling
C. Address Resolution Protocol
D. Multiplexing

8. Which polling protocol is used mainly to communicate with IBM mainframe

systems?
A. PDLC
B. SDLC
C. SMDS
D. X.25

9. HDLC improves upon SDLC in which two ways?

A. It works over asynchronous lines.
B. It is bit-oriented.
C. It provides a higher throughput.
D. It supports full-duplex transmissions.

10. A SONET architecture used to connect internal networks in each building of a

large university is an example of what?
A. WAN
B. LAN
C. MAN
D. Extranet

11. The Internet Protocol has gone through different generations. IP Version 6 is
being slowly deployed in the U.S. and more quickly in Asia. IP Version 6 has
how many address bits?
A. 16
B. 32
C. 64
D. 128

12. What takes place at the session layer?

A. Dialog control
B. Routing
C. Packet sequencing
D. Addressing

13. All of the following are true statements about bastion hosts except which?
A. Bastion hosts are locked-down systems.
2
 B. Bastion hosts are often the first device to be tampered with by hackers.
C. Bastion hosts contain no unnecessary applications.
D. Bastion hosts are protected by the DMZ and have internal user
accounts.

14. How does data encapsulation and the protocol stack work?
A. Each protocol or service at each layer in the OSI model multiplexes
other packets to the data as it is passed down the protocol stack.
B. Each protocol or service at each layer in the OSI model adds its own
information to the data as it is passed down the protocol stack.
C. The packet is encapsulated and grows as it hops from router to router.
D. The packet is encapsulated and grows when it is passed up the protocol
stack.

15. Internet Protocol Security (IPSec) is actually a suite of protocols. Each

protocol within the suite provides different functionality. Collectively, IPSec
does everything except which of the following?
A. Encrypt
B. Work at the data link layer
C. Authenticate
D. Protect the payload and the headers

Answers

1. B
Trunks are used to connect multiple switches for traffic of the same class. The
best example of a trunk is the communication channel between two voice
switches at a local phone company’s central office. The other answers refer to
links or lines that connect endpoints to a larger network.

2. D
Digital Subscriber Line (DSL) has a continuous connection, which offers
convenience to a user, but can also offer security concerns since it is “always
on” for potential hackers to infiltrate. Basic Rate Interface (BRI) and Primary
Rate Interface (PRI) are different flavors of ISDN. Cable modems also use an
“always on” technology.

3. D
TFTP is an insecure protocol with much less functionality than FTP. It has no
encryption or authentication capabilities and exists simply to transfer files.
The use of passwords with FTP is insecure, as they are sent in cleartext.

4. A and B
ARP table poisoning is a type of masquerading attack that takes advantage of
the weakness in the ARP protocol. An attacker who successfully “poisons” an
ARP table will replace the victim’s MAC address with his own. Now the IP
address that is mapped to its assigned MAC address is actually being mapped
to the attacker’s address.
3
5. B
Internet Protocol Security (IPSec) can be applied in two distinct ways:
transport mode or tunnel mode. Transport mode refers to protecting just the
data payload. In tunnel mode, the headers and data payload are protected. The
other protocols do not provide protection and also work at the data link layer.

6. C
The other answers describe basic firewall architectures, meaning where they
can be placed within an environment. Network address translation (NAT)
maps public to private addresses and does not provide traffic monitoring
capabilities. Some firewalls provide NAT services, but the goals of the
services are different.

7. A
Network Address Translation (NAT) helps to conserve the use of registered IP
addresses. Companies use private addresses to communicate internally and
use NAT to change them to public addresses when connecting with the
outside world.

8. B
Synchronous Data Link Control (SDLC) enables secondary devices to
communicate with the primary stations or mainframes in an IBM architecture.
SDLC is the original IBM proprietary protocol. HDLC provides basically the
same functionality and more, and it is an open protocol.

9. C and D
HDLC is based upon the SDLC protocol. Both are bit-oriented, and both work
over synchronous lines. However, HDLC supports full-duplex connections,
and thus can provide a higher throughput. Like SDLC, HDLC provides
polling, enabling secondary units to communicate with primary units.

10. C
A metropolitan area network (MAN) is a backbone network that joins together
local area networks. In this example, each building’s network is a LAN. The
LANs communicate with one another through the SONET network or MAN.

11. D
IP Version 6, which is slowly replacing the current Version 4, offers 128-bit
addresses. The additional bits will dramatically increase the number of
available addresses, thus solving one of the major limitations of Version 4.
Other benefits of Version 6 include improved quality-of-service and IPSec.

12. A
The session layer is responsible for controlling how applications
communicate, not how computers communicate. Not all applications use
protocols that work at the session layer, so this layer is not always used in
networking functions. A session layer protocol will set up the connection to
4
 the other application logically and control the dialog going back and forth.
Session layer protocols allow applications to keep state of the dialog.

13. D
The demilitarized zone (DMZ) is a buffer zone between two networks.
Devices in the area, like the bastion host, are extremely vulnerable to hacking.
Because of this, no unnecessary programs, user information, utilities or
subsystems should be placed on them. Bastion hosts should not have internal
user accounts. They should only have the accounts necessary to carry out their
tasks.

14. B
Data encapsulation means that a piece of data is put inside another type of
data. This usually means that individual protocols apply their own instruction
set in the form of headers and trailers. As a data package goes down the OSI
or protocol stack of a system, each protocol that is involved adds its own
instructions. This process is reversed at the destination.

15. B
IPSec is a protocol used to provide VPN functionality that boasts strong
encryption and authentication functionality. It can protect in two different
modes: tunnel mode (payload and headers are protected) or in transport mode
(payload protection only). IPSec works at the network layer, not the data link
layer.

Return to SearchSecurity.com’s Security School for CISSP training:

CISSP Essentials library:
http://www.searchsecurity.com/CISSPessentials

Class 5 briefing:
http://www.searchsecurity.com/Class5briefing