What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?

A.

Man-in-the-Middle (MITM) attack

B.

Smurfing

C.

Session redirect

D.

Spoofing

Which of the following is an attacker MOST likely to target to gain privileged access to a system?

A.

Programs that write to system resources

B.

Programs that write to user directories

C.

Log files containing sensitive information

D.

Log files containing system calls

Logical access control programs are MOST effective when they are

A.

approved by external auditors.

B.

combined with security token technology.

C.

maintained by computer security officers.

D.

made part of the operating system.

What is the MOST effective countermeasure to a malicious code attack against a mobile system?

A.

Sandbox

B.

Change control

C.

Memory management

D.

Public-Key Infrastructure (PKI)

The process of mutual authentication involves a computer system authenticating a user and authenticating the

A.

user to the audit process.

B.

computer system to the user.

C.

user's access to all authorized objects.

D.

computer system to the audit process

The Hardware Abstraction Layer (HAL) is implemented in the

A.

system software.

B.

system hardware.

C.

application software.

D.

network hardware.

By allowing storage communications to run on top of Transmission Control
Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

A.

confidentiality of the traffic is protected.

B.

opportunity to sniff network traffic exists.

C.

opportunity for device identity spoofing is eliminated.

D.

storage devices are protected against availability attacks.

What is an effective practice when returning electronic storage media to third parties for repair?

A.

Ensuring the media is not labeled in any way that indicates the organization's name.

B.

Disassembling the media and removing parts that may contain sensitive datA.

C.

Physically breaking parts of the media that may contain sensitive datA.

D.

Establishing a contract with the third party regarding the secure handling of the mediA

What maintenance activity is responsible for defining, implementing, and testing updates to application systems?

A.

Program change control

B.

Regression testing

C.

Export exception control

D.

User acceptance testing

The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

A.

log auditing.

B.

code reviews.

C.

impact assessments.

D.

static analysis.

Why is a system's criticality classification important in large organizations?

A.

It provides for proper prioritization and scheduling of security and maintenance tasks.

B.

It reduces critical system support workload and reduces the time required to apply patches.

C.

It allows for clear systems status communications to executive management.

D.

It provides for easier determination of ownership, reducing confusion as to the status of the asset.

The FIRST step in building a firewall is to

A.

assign the roles and responsibilities of the firewall administrators.

B.

define the intended audience who will read the firewall policy.

C.

identify mechanisms to encourage compliance with the policy.

D.

perform a risk analysis to identify issues to be addressed.