What determines the assignment of data classifications in a Mandatory Access Control (MAC) system?
Anonymous Quiz
3%
a. Analysis of the users in conjunction with the audit department
10%
b. Assessment by the information security department
14%
c. User’s evaluation of a particular information element
73%
d. Organization’s published security policy for data classification
An access control system that grants users only those rights necessary for them to perform their work is operating on which security principle?
Anonymous Quiz
5%
a. Discretionary Access
83%
b. Least Privilege
6%
c. Mandatory Access
5%
d. Separation of Duties
Single Loss Expectancy (SLE) is calculated by using:
Anonymous Quiz
15%
a. Asset Value (AV) & Annualized Rate of Occurrence (ARO)
2%
b. Asset Value (AV) & Local Annual Frequency Estimate (LAFE)
81%
c. Asset Value (AV) & Exposure Factor (EF)
2%
d. Local Annual Frequency Estimate (LAFE) & Annualized Rate of Occurrence (ARO)
Governance involves:
Anonymous Quiz
12%
a. the regulations that affect a company within a state or country
8%
b. the risk management processes and procedures within a company
74%
c. the organization structure that includes standards, procedures, and policies
6%
d. the organizational chart that describes who reports to whom as defined for a company
CEO trying to decide the appropriate investment value for a countermeasure that will protect their assets valued at $1 million from a potential threat that has an annualized rate of occurrence (ARO) of once every 5 years & an exposure factor (EF) of 10%
Anonymous Quiz
18%
a. $100,000
68%
b. $20,000
12%
c. $200,000
3%
d. $40,000
IT admin calls you to ask you about a memorandum they have found on a loan laptop, which is written to a competitor containing sensitive info about a new product to be released. Based on the (ISC)2 Code of Ethics, what is the first action you recommend?
Anonymous Quiz
3%
a. Deleting the memorandum from the laptop to ensure no one else will see it
13%
b. Contacting the author of the memorandum to let him/her know the memorandum was on the laptop
69%
c. Informing management of your findings and its potential ramifications
14%
d. Beginning a Forensic Analysis of the laptop to try & establish the legitimacy of the memorandum
Which one of the following cannot be identified by a Business Impact Analysis (BIA)?
Anonymous Quiz
9%
a. Analyzing the threats associated with each functional area
12%
b. Determining risks associated with threats
15%
c. Identifying major functional areas of information
64%
d. Determining team members associated with disaster planning
You are collaborating with auditors to facilitate auditing activities to ensure compliance with information security policy. Which of the following is least commonly adopted?
Anonymous Quiz
48%
A. Employing the Delphi method
18%
B. Interviewing with senior management
14%
C. Reviewing data backup policy
20%
D. Sending questionnaires to the target group
You are reviewing the performance of security operations. Which of the following is most likely out of the review scope?
Anonymous Quiz
41%
A. Development progress of the business continuity plan
14%
B. Walkthrough result of the disaster recovery plan
12%
C. The efficiency of the incident response
32%
D. The validity of backup data
You are evaluating security control frameworks to mitigate risks and enforce security.
Which of the following is least likely to be included in a security control framework?
Which of the following is least likely to be included in a security control framework?
Anonymous Quiz
22%
A. Residual risk after implementing controls
17%
B. Audit procedure or assessment methods
40%
C. The process to eliminate controls from baselines
20%
D. Implementation guidance for access control
You are preparing the data policy and considering the data classification scheme.
You prefer the classification criteria that cover widespread concerns. Which of the following classification criteria best meets your requirement?
You prefer the classification criteria that cover widespread concerns. Which of the following classification criteria best meets your requirement?
Anonymous Quiz
31%
A. Sensitivity
20%
B. Criticality
43%
C. Business value
6%
D. Recovery cost
As the password attack is one of the most common attacks, example, brute force attack, dictionary attack, rainbow table etc.
For experienced, ethical hackers, which of the following passwords most likely takes the highest cryptanalysis work factor?
For experienced, ethical hackers, which of the following passwords most likely takes the highest cryptanalysis work factor?
Anonymous Quiz
2%
A. 0000
34%
B. uTqD3S^#
17%
C. !@#$%^&*
47%
D. 4a7d1ed414474e4033ac29ccb8653d9b
Your company is constructing a new building with a structured cable system topology per the standard EIA/TIA 568. As a network engineer, you are designing an 802.3 network with hundreds of nodes. Which of the following is the least concern of your design?
Anonymous Quiz
26%
A. Attenuation
14%
B. ARP Attack (Address Resolution Protocol)
16%
C. CAM Table Overflows (Content Addressable Memory)
44%
D. Teardrop Attack
Which of the following BEST describes fundamental methods of encrypting data?
Anonymous Quiz
11%
a. Cipher and Stream
2%
b. 3DES and PGP
77%
c. Symmetric and Asymmetric
10%
d. DES and AES
The TCSEC identifies two types of covert channels, what are they?
Anonymous Quiz
9%
a. Storage and Boundary
11%
b. Boundary and Timing
16%
c. Timing and Monitoring
11%
d. Monitoring and Storage
46%
e. Storage and Timing
7%
f. Boundary and Timing
In the Common Criteria Evaluation and Validation Scheme (CCEVS), requirements for future products are defined by:
Anonymous Quiz
38%
a. Protection Profile (PP)
30%
b. Target of Evaluation (ToE)
14%
c. Evaluation Assurance Level (EAL) 3
18%
d. Evaluation Assurance Level (EAL) 7
Which of the following entities is ultimately responsible for information security within an organization?
Anonymous Quiz
14%
a. IT Security Officer
1%
b. Project Managers
6%
c. Department Directors
80%
d. Senior Management
Which of the following cryptanalytic attacks occurs where an adversary has the least amount of information to work with?
Anonymous Quiz
14%
a. Known-plaintext
53%
b. Ciphertext-only
13%
c. Plaintext-only
20%
d. Chosen-ciphertext
A company is constructing a new building with a structured cable system topology per the standard EIA/TIA 568
As a network engineer, you are designing an 802.3 network with hundreds of nodes. Which of the following is the least concern of your design?
As a network engineer, you are designing an 802.3 network with hundreds of nodes. Which of the following is the least concern of your design?
Anonymous Quiz
20%
A. Attenuation
9%
B. ARP Attack (Address Resolution Protocol)
9%
C. CAM Table Overflows (Content Addressable Memory)
62%
D. Teardrop Attack
If the HTTP response is encoded and rendered as a JSON Web Token (JWT) payload, which of the following layers of the ISO Open Systems Interconnection model best describes this design?
Anonymous Quiz
48%
A. Application
26%
B. Presentation
21%
C. Session
6%
D. Transport
Which of the following best describes the protocol or standard the website supports?
Anonymous Quiz
11%
A. Federated Identity Management (FIM)
55%
B. Security Assertion Markup Language (SAML)
20%
C. OIDC (OpenID Connect)
14%
D. SSO (Single Sign-On)