How well do you know security?

1. What role does biometrics have in logical access control?
Identification Authorization Authentication Confirmation

2. Which of the following could be considered a single point of failure within single sign-on?
The user's workstation The authentication server The application server The login script

3. The type of penetration testing used to discover whether numerous usercode/password combinations can be attempted without detection is called
keystroke capture testing access validation testing brute force testing accountability testing

4. Which of the following procedures could be utilized to maintain control over privileged-entity access to system resources?
Periodic review and recertification by management of privileged usercodes to determine continued need.
Automatic revocation of access privileges for any usercode that has not been utilized within 30 days.
Revoke automated processes where personnel can grant access to others to their files.
Ensure that the audit log records all system access changes made to usercodes throughout the enterprise.

TELECOMMUNICATIONS & NETWORK SECURITY

5. Which of the following voice transmission techniques is easily monitored?
Cellular ISDN POTS PCS

6. Which technique can be used to defeat a callback security system?
Brute force password attack Call forwarding Sequence guessing Passive wiretap

7. Why is traffic across a packet switched network (e.g. frame relay, X.25) difficult to monitor?
Packets are link encrypted by the carrier
Government regulations forbid monitoring
Packets are transmitted on multiple paths
The work factor is too high

8. Which of the following is NOT a passive network attack method?
Wiretapping Spoofing Packet sniffer Traffic analysis

SECURITY MANAGEMENT PRACTICES

9. When is it acceptable for the manager overseeing the execution of a risk analysis review to not take action on an identified risk?
When responsibility for the conditions that cause the risk to arise is outside their department.
When the cost of taking action outweighs the potential cost of the risk being realized.
When the risk reduction measures may affect the productivity of the business.
Never -- action should always be taken to reduce or eliminate an identified risk.

10. What is the most critical factor to the success of enterprise security?
Effectiveness of security management
Budget available for security staff
Senior management support
Complete security awareness plans

11. What are the three basic purposes of security management?
Authorization, confidentiality, and accuracy
Availability, confidentiality, and integrity
Accuracy, integrity, and availability
Accuracy, confidentiality, and availability

12. Into what set of three areas are information risks commonly categorized?
Profit, loss, R.O.I.
Intentional, accidental, natural disaster
Assets, personnel, services provided
Destruction, modification, disclosure

APPLICATION & SYSTEMS DEVELOPMENT SECURITY

13. A shareware graphics program is downloaded from a Web site. It is later discovered that this program is also recording network login attempts. Which type of malicious code does this represent?
Virus Worm Trojan Horse Logic Bomb

14. At what stage of applications development should the security department become involved?
Prior to the implementation
Prior to systems testing
During unit testing During requirements development

15. Which of the following mechanisms is most effective in the restriction of views in a database?
Integrity enforcement
Preventative enforcement
Secrecy enforcement
Detective enforcement

16. Which of the following would NOT prevent a statistical inference attack?
Partitioning
Small query sets
Noise and perturbation
Cell suppression

CRYPTOGRAPHY

17. Which of the following is NOT a part of the Kerberos authentication scheme? Authentication server
Ticket granting service
Users and programs
Message authentication code

18. Which type of cryptographic attack would enable an attacker to encrypt any desired plaintext and capture the corresponding ciphertext?
Ciphertext only attack
Chosen plaintext attack
Known plaintext attack
Key exhaustion attack

19. Which of the following describes the process of creating a DES session key? Key clustering
Key escrow
Key signing
Key exchange

20. Which of the following is NOT a property of a one-way hash function?
It converts a message of a fixed length into a message digest of arbitrary length.
It is computationally infeasible to construct two different messages with the same digest.
It converts a message of arbitrary length into a message digest of a fixed length.
Given a digest value, it is computationally infeasible to find the corresponding message.

SECURITY ARCHITECTURE & MODELS 21. Which of the following is required to implement IPSEC? Cyclic Redundancy Check
Authentication Header
RSA Encryption
Key Distribution Center

22. Which one of the following models does NOT include data integrity?
Biba
Clark-Wilson
Bell-LaPadula
Brewer-Nash

23. What system flaw allows stack overflows and other memory bounds attacks to succeed?
Inadequate confinement properties
Compartmentalization not enforced
Insufficient parameter checking
Applications execute in privileged mode

24. What is the process that provides system assurance by controlling modifications to a system's hardware, firmware, software, and documentation?
Configuration control
Reference monitor
Maintenance window
System audit

LAW, INVESTIGATIONS & ETHICS

25. The Internet Activities Board characterizes which of the following as unethical behavior for Internet users?
Writing computer viruses
Monitoring data traffic
Wasting computer resources
Concealing unauthorized access

26. Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches If the company is not a multi-national corporation
They have not exercised due care protecting computing resources
They have failed to properly insure computer resources against loss
The company does not prosecute the hacker that caused the breach

27. Before powering off a system, the computer crime investigator should record the contents of the monitor and
Save the contents of the spooler queue
Dump the memory contents to disk
Backup the hard drive
Remove the hard drive

28. Why does the collection and submission of computer related evidence present a significant challenge to the information technology security professional?
Magnetic media data retention is poor
Strong encryption limits discovery
System complexity often causes evidence loss
The evidence is mostly intangible