The birthday attack is MOST effective against which one of the following cipher
technologies?

A.

Chaining block encryption

B.

Asymmetric cryptography

C.

Cryptographic hash

D.

Streaming cryptograph

Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?

A.

Simple Mail Transfer Protocol (SMTP) blacklist

B.

Reverse Domain Name System (DNS) lookup

C.

Hashing algorithm

D.

Header analysis

During an audit of system management, auditors find that the system administrator has not
been trained. What actions need to be taken at once to ensure the integrity of systems?

A.

A review of hiring policies and methods of verification of new employees

B.

A review of all departmental procedures

C.

A review of all training procedures to be undertaken

D.

A review of all systems by an experienced administrator

A practice that permits the owner of a data object to grant other users access to that object would usually provide

A.

Mandatory Access Control (MAC).

B.

owner-administered control.

C.

owner-dependent access control.

D.

Discretionary Access Control (DAC).

When implementing controls in a heterogeneous end-point network for an organization, it is critical that

A.

hosts are able to establish network communications.

B.

users can make modifications to their security software configurations.

C.

common software security components be implemented across all hosts.

D.

firewalls running on each host are fully customizable by the user

To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?

A.

Multiple-pass overwriting

B.

Degaussing

C.

High-level formatting

D.

Physical destruction

Which of the following statements is TRUE of black box testing?

A.

Only the functional specifications are known to the test planner.

B.

Only the source code and the design documents are known to the test planner.

C.

Only the source code and functional specifications are known to the test planner.

D.

Only the design documents and the functional specifications are known to the test planner.

Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?

A.

Physical

B.

Session

C.

Transport

D.

Data-Link

Which of the following is a security limitation of File Transfer Protocol (FTP)?

A.

Passive FTP is not compatible with web browsers.

B.

Anonymous access is allowed.

C.

FTP uses Transmission Control Protocol (TCP) ports 20 and 21.

D.

Authentication is not encrypted.

What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?

A.

Evaluating the efficiency of the plan

B.

BIdentifying the benchmark required for restoration

C.

Validating the effectiveness of the plan

D.

Determining the Recovery Time Objective (RTO)

Which of the following is the FIRST action that a system administrator should take when it
is revealed during a penetration test that everyone in an organization has unauthorized
access to a server holding sensitive data?

A.

Immediately document the finding and report to senior management.

B.

Use system privileges to alter the permissions to secure the server

C.

Continue the testing to its completion and then inform IT management

D.

Terminate the penetration test and pass the finding to the server management team

Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

A.

Data compression

B.

Data classification

C.

Data warehousing

D.

Data validation