Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?

A.

Vulnerability to crime

B.

Adjacent buildings and businesses

C.

Proximity to an airline flight path

D.

Vulnerability to natural disasters

In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?

A.

Communication

B.

Planning

C.

Recovery

D.

Escalation

An internal Service Level Agreement (SLA) covering security is signed by senior managers
and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?

A.

As part of the SLA renewal process

B.

Prior to a planned security audit

C.

Immediately after a security breach

D.

At regularly scheduled meetings

Why must all users be positively identified prior to using multi-user computers?

A.

To provide access to system privileges

B.

To provide access to the operating system

C.

To ensure that unauthorized persons cannot access the computers

D.

To ensure that management knows what users are currently logged on

In a basic SYN flood attack, what is the attacker attempting to achieve?

A.

Exceed the threshold limit of the connection queue for a given service

B.

Set the threshold to zero for a given service

C.

Cause the buffer to overflow, allowing root access

D.

Flush the register stack, allowing hijacking of the root account

An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

A.

A dictionary attack

B.

A Denial of Service (DoS) attack

C.

A spoofing attack

D.

A backdoor installation

What principle requires that changes to the plaintext affect many parts of the ciphertext?

A.

Diffusion

B.

Encapsulation

C.

Obfuscation

D.

Permutation

The goal of software assurance in application development is to

A.

enable the development of High Availability (HA) systems.

B.

facilitate the creation of Trusted Computing Base (TCB) systems.

C.

prevent the creation of vulnerable applications.

D.

encourage the development of open source applications

A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

A.

Encryption routines

B.

Random number generator

C.

Obfuscated code

D.

Botnet command and control

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

A.

Interface with the Public Key Infrastructure (PKI)

B.

Improve the quality of security software

C.

Prevent Denial of Service (DoS) attacks

D.

Establish a secure initial state

Which of the following is the FIRST step of a penetration test plan?

A.

Analyzing a network diagram of the target network

B.

Notifying the company's customers

C.

Obtaining the approval of the company's management

D.

Scheduling the penetration test during a period of least impact

At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted

A.

monthly.

B.

quarterly.

C.

annually.

D.

bi-annually.