Domain 1: Access Control Systems and Methodologies

1. Which of the following represents the type of access given to a user?

1. Permissions

2. Subjects

3. Objects

4. Rights

The correct option is A

Permissions regulate the type of access a subject is given to an object. Common permissions include: read, write, delete, and execute.

2. The most widely adopted access control method is

1. Discretionary access control.

2. Mandatory access control.

3. Rule-based access control.

4. Role-based access control.

The correct option is A

Discretionary Access Control is the predominant access control technique in use today. Most commodity systems implement some form of DAC.

3. No read up and no write down are properties of

1. Discretionary access control.

2. Mandatory access control.

3. Rule-based access control.

4. Role-based access control.

The correct option is B

This is the basic functionality of Mandatory Access Control. The fundamental principles of MAC prevent a subject from reading up and writing down between classifications.

4. Access control for proprietary distributable content is best protected using

1. Discretionary access control.

2. Digital rights management.

3. Distributed access control.

4. Originator controlled.

The correct option is B

Among the options given, only DRM provides a means to control proprietary content.

5. When designing a system that uses least privilege, a security architect should focus on

1. Business requirements.

2. Organizational mission.

3. Affected usability.

4. Disaster recovery.

The correct option is D

Disasters are unlikely; therefore, least privilege should not be designed with limitations.

6. Separation of duties is BEST implemented using

1. roles.

2. permissions.

3. rights.

4. workflows.

The correct option is A

Separation of duties is best implemented with roles composed of granular rights and permissions.

7. Which of the following is the BEST supplemental control for weak separation of duties?

1. Intrusion detection

2. Biometrics

3. Auditing

4. Training

The correct option is C

Accountability becomes more important when separation of duties is weak or unachievable. Auditing is paramount. Consider implementing object-level auditing for individuals with multiple roles. Identify key areas where abuse might occur, and implement multiple methods to monitor for violations.

8. Centralized access control

1. Is only implemented in network equipment.

2. Implements authentication, authorization, and accounting.

3. Is implemented closest to the resources it is designed to protect.

4. Is designed to consider and accept business partner authentication tokens.

The correct option is B

Authentication, authorization, and accounting are important aspects of centralized access control.

9. Firewalls typically employ

1. Centralized access control.

2. Decentralized access control.

3. Federated access control.

4. Role-based access control.

The correct option is A

A firewall with an integrated authentication mechanism is an example of a centralized access control device using the gatekeeper approach. This type of approach is primarily used to control access to resources and services at particular locations within the protected network.

10. A feature that distinguishes decentralized from centralized access control is its

1. audit logging.

2. proxy capability.

3. security kernel.

4. shared database.

The correct option is D

Decentralized access control relies on shared databases.

11. Federated access control

1. is implemented with RADIUS.

2. is designed to be mutually exclusive with single sign-on.

3. is implemented closest to the resources it is designed to protect.

4. is designed to consider and accept business partner authentication tokens.

The correct option is D

Federated Access Control enables a business partner type of single sign-on.

12. Lightweight Directory Access Control is specified in

1. X.509

2. X.500

3. RFC 4510

4. RFC 4422

The correct option is C

RFC 4510 describes a simplified X.500 Directory Access Control protocol.

13. This technique is commonly used to collect audit logs:

1. Polling

2. Triggers

3. Workflows

4. Aggregation

The correct option is A

Polling by a centralized server is commonly used to query other servers to periodically collect events.

14. A word processing application, governed by Discretionary Access Control (DAC), executes in the security context of the

1. end user.

2. process itself.

3. administrator.

4. system kernel.

The correct option is A

In DAC, non-system processes run in the memory space owned by the end user.

15. Peer-to-peer applications are problematic primarily because they

1. are prohibited by policy.

2. may be able to access all the user’s files.

3. are a new technology that is difficult to evaluate.

4. may be derived from untrustworthy open source projects.

The correct option is B

Vulnerabilities in the design or implementation could enable network penetration.

16. Business rules can BEST be enforced within a database through the use of

1. A proxy.

2. redundancy.

3. views.

4. authentication.

The correct option is C

Views can be used as a type of access control for designated users or database requests.

17. A well-designed demilitarized zone (DMZ) prevents

1. direct access to the DMZ from the protected network.

2. access to assets within the DMZ to unauthenticated users.

3. insiders on the protected network from conducting attacks.

4. uncontrolled access to the protected network from the DMZ.

The correct option is D

The goal of a DMZ is to prevent or control information flow from outside to inside.

18. Dual control is primarily implemented to

1. complement resource-constrained separation of duties.

2. distribute trust using a rigid protocol.

3. support internal workflows.

4. supplement least privilege.

The correct option is B

Dual control requires explicit separation of duties and protocols.

19. A well-designed security test

1. requires penetration testing.

2. is documented and repeatable.

3. relies exclusively on automated tools.

4. foregoes the need for analysis of the results.

The correct option is B

The results of a test that is not documented or repeatable are questionable.

Domain 2: Communications and Network Security

1. Compare the frequency range of a person’s voice to the size of the passband in a voice communications channel obtained over the telephone. Which of the following accounts for the difference between the two?

1. The telephone company uses Gaussian filters to remove frequencies below 300 Hz and above 3300 Hz because the primary information of a voice conversation occurs in the passband.

2. The telephone company uses low-pass and high-pass filters to remove frequencies below 300 Hz and above 3300 Hz because the primary information of a voice conversation occurs in the passband.

3. The telephone company uses packet filters to remove frequencies below 500 Hz and above 4400 Hz because the primary information of a voice conversation occurs in the passband.

4. The telephone company uses low-pass and high-pass filters to remove frequencies below 500 Hz and above 4400 Hz because the primary information of a voice conversation occurs in the passband.

The correct option is B

The frequency range of a person’s voice typically varies between 0 and 20 kHz, while a telephone channel has a passband of 3 kHz. The telephone company uses low-pass and high-pass filters to remove frequencies below 300 Hz and above 3300 Hz because the primary information of a voice conversation occurs in the passband. This allows more channels to be multiplexed onto a wideband circuit.

2. What is the data rate of a PCM-encoded voice conversation?

1. 128 kbps

2. 64 kbps

3. 256 kbps

4. 512 kbps

The correct option is B

The data rate of PCM-encoded voice conversation is 64 kbps.

3. How many digitized voice channels can be transported on a T1 line?

1. Up to 48

2. Up to 12

3. Up to 60

4. Up to 24

The correct option is D

There can be up to 24 digitized voice channels on a T1 line.

4. How many T1 lines can be transported on a T3 circuit?

1. 12

2. 18

3. 24

4. 36

The correct option is C

Up to 24 T1 lines can be transported on a T3 circuit.

5. The three advantages accruing from the use of a packet network in comparison to the use of the switched telephone network are a potential lower cost of use, a lower error rate as packet network nodes perform error checking and correction, and

1. the ability of packet networks to automatically reserve resources.

2. the greater security of packet networks.

3. the ability of packet networks to automatically reroute data calls.

4. packet networks establish a direct link between sender and receiver.

The correct option is C

Three advantages associated with the use of packet networks in comparison to the use of the public switched telephone network include a potential lower cost of use, a lower error rate as packet network nodes perform error checking and correction, and the ability of packet networks to automatically reroute data calls.

6. Five VoIP architecture concerns include

1. the end-to-end delay associated with packets carrying digitized voice, jitter, the method of voice digitization used, the packet loss rate, and security.

2. the end-to-end delay associated with packets carrying digitized voice, jitter, attenuation, the packet loss rate, and security.

3. the end-to-end delay associated with packets carrying digitized voice, jitter, the amount of fiber in the network, the packet loss rate, and security.

4. the end-to-end delay associated with packets carrying digitized voice, jitter, the method of voice digitization used, attenuation, and security.

The correct option is A

Five VoIP architecture concerns include the end-to-end delay associated with packets carrying digitized voice, jitter, the method of voice digitization used, the packet loss rate, and security.

7. What is the major difference between encrypting analog and digitized voice conversations?

1. Analog voice is encrypted by shifting portions of frequency, making the conversation unintelligible.

2. Digitized voice is generated by the matrix addition of a fixed key to each digitized bit of the voice conversation.

3. Analog voice is encrypted by shifting portions of amplitude to make the conversation unintelligible.

4. Digitized voice is encrypted by the modulo-2 addition of a fixed key to each digitized bit of the voice conversation.

The correct option is A

Analog voice is encrypted by shifting portions of frequency to make the conversation unintelligible. In comparison, the encryption of digitized voice occurs by the modulo-2 addition of a random key to each digitized bit of the voice conversation.

8. In communications, what is the purpose of authentication?

1. Establishing a link between parties in a conversation or transaction.

2. Ensuring that data received has not been altered.

3. Securing wireless transmission.

4. Verifying the other party in a conversation or transaction.

The correct option is D

Authentication is the process of verifying the other party in a conversation or transaction.

9. What is the purpose of integrity?

1. Integrity is a process that ensures data received has not been altered.

2. Integrity is a process that ensures a person stands by his beliefs.

3. Integrity is a process that ensures that the amount of data sent equals the amount of data received.

4. Integrity is a process that ensures data received has been encrypted.

The correct option is A

Integrity is a process that ensures data received has not been altered.

10. The key purpose of the Session Initiation Protocol (SIP) is to

1. define the protocol required to establish and tear down communications, including voice and video calls flowing over a packet network.

2. define the signaling required to establish and tear down communications, including voice and video calls flowing over a PSTN.

3. define the protocol required to establish and tear down communications, including voice and video calls flowing over a circuit-switched network.

4. define the signaling required to establish and tear down communications, including voice and video calls flowing over a packet network.

The correct option is D

SIP defines the signaling required to establish and tear down communications to include voice and video calls flowing over a packet network.

11. Briefly describe the H.323 protocol.

1. It represents an umbrella recommendation from the ITU that covers a variety of standards for audio, video, and data communications across circuit-switched networks.

2. It provides port-based authentication, requiring a wireless device to be authenticated prior to its gaining access to a LAN and its resources.

3. It defines the protocol required to establish and tear down communications, including voice and video calls flowing over a packet network.

4. It represents an umbrella recommendation from the ITU that covers a variety of standards for audio, video, and data communications across packet-based networks and, more specifically, IP-based networks.

The correct option is D

The H.323 standard can be considered to represent an umbrella recommendation from the International Telecommunications Union (ITU) that covers a variety of standards for audio, video, and data communications across packet-based networks and, more specifically, IP-based networks such as the Internet and corporate Intranets.

12. What is the difference between RTP and RTCP?

1. RTP defines a standardized port for delivering audio and video over the Internet, while the RTCP provides out-of-band control information for an RTP port.

2. RTP defines the protocol required to establish and tear down communications, including voice and video calls flowing over a packet network, while the RTCP provides out-of-band control information for an RTP port.

3. RTP defines a standardized packet format for delivering audio and video over the Internet, while the RTCP provides out-of-band control information for an RTP flow.

4. RTP defines a standardized port for delivering audio and video over the Internet, while the RTCP defines the protocol required to establish and tear down communications, including voice and video calls flowing over a packet network.

The correct option is C

The Real Time Protocol (RTP) defines a standardized packet format for delivering audio and video over the Internet, while the Real Time Control Protocol (RTCP) provides out-of-band control information for an RTP flow.

13. List the components defined by the H.323 standard.

1. Terminal, gateway, gatekeeper, multipoint control unit (MCU), multipoint controller, multipoint processor, and H.323 proxy

2. Path, gateway, gatekeeper, multipoint control unit (MCU), multipoint controller, multipoint processor, and H.323 proxy

3. Terminal, gateway, gatekeeper, multipoint control unit (MCU), multipoint transmitter, multipoint receiver, and H.323 proxy

4. Protocol, terminal, gatekeeper, multipoint control unit (MCU), multipoint controller, multipoint processor, and H.323 proxy

The correct option is A

The H.323 standard defines the following components: Terminal, Gateway, Gatekeeper, MCU (Multipoint Control Unit), Multipoint Controller, Multipoint Processor, and H.323 Proxy.

14. What are some of the major functions performed by a security modem?

1. Allows remote access to occur from trusted locations, may encrypt data, and may support Caller ID to verify the calling telephone number.

2. Allows remote access to occur from any location, may encrypt data, and may support Caller ID to verify the calling telephone number.

3. Allows remote access to occur from a mobile location, may encrypt data, and may support Caller ID to verify the calling telephone number.

4. Allows remote access to occur from trusted locations, may encrypt data, and may identify the calling telephone number.

The correct option is A

A security modem represents a special type of modem that allows remote access to occur from trusted locations, may encrypt data, and may support caller ID to verify the calling telephone number.

15. The major difference between a router and firewall lies in three areas:

1. The transfer of packets based on routing tables, the degree of packet inspection, and ensuring that the header data is correct.

2. The transfer of packets based on absolute addresses, the degree of packet inspection, and acting as an intermediate device by hiding the address of clients from users on the Internet.

3. The transfer of packets based on routing tables, the degree of packet inspection, and acting as an intermediate device by hiding the address of clients from users on the Internet.

4. The transfer of packets based on routing tables, the degree of packet inspection, and creating a DMZ behind Internet-facing applications.

The correct option is C

The major difference between a router and firewall lies in three areas: the transfer of packets based on routing tables, the degree of packet inspection, and acting as an intermediate device by hiding the address of clients from users on the Internet, a technique referred to as acting as a proxy.

16. What is the purpose of an intrusion detection system (IDS)?

1. To hide the address of clients from users on the Internet.

2. To detect unwanted attempts to access, manipulate, and even disable networking hardware and computers connected to a network.

3. To detect and respond to predefined events.

4. To prevent unauthorized access to controlled areas within a site or a building.

The correct option is B

An IDS represents hardware or software that is specifically designed to detect unwanted attempts at accessing, manipulating, and even disabling networking hardware and computers connected to a network. In comparison, an IPS represents an active system that detects and responds to predefined events. Thus, the IPS represents technology built on an IDS system. This means that the ability of the IPS to prevent intrusions from occurring is highly dependent on the underlying IDS.

17. What are the two methods that can be used for wireless LAN communications?

1. Peer-to-peer and infrastructure

2. Peer-to-peer and cloud

3. Cloud and infrastructure

4. Peer-to-peer and remote

The correct option is A

Wireless LANs can communicate is two different ways referred to as peer-to-peer and infrastructure.

18. What is the benefit of WPA over WEP for enhancing wireless LAN security?

1. WPA permits the equivalent of wired network privacy and includes the use of TKIP to enhance data encryption.

2. WPA implements a large portion of the IEEE 802.11i and includes the use of TKIP to enhance data encryption.

3. WPA implements a large portion of the IEEE 802.11i and includes the use of IKE to enhance data encryption.

4. WPA implements IEEE 802.11a and g and includes the use of IKE to enhance data encryption.

The correct option is B

The original security for wireless LANs, referred to as Wired Equivalent Privacy (WEP), permits the equivalent of wired network privacy and nothing more. WEP was broken by several persons many years ago. WPA represents a security protocol created by the Wi-Fi Alliance to secure wireless transmission and was created in response to the security weakness of WEP. This protocol implements a large portion of the IEEE wireless security standard referred to as 802.11i and WPA included the use of the Temporal Key Integrity Protocol (TKIP) to enhance data encryption.

19. What is the purpose of the IEEE 802.1X standard?

1. To provide port-based authentication.

2. To provide port-based authorization.

3. To detect and respond to predefined events.

4. To secure wireless transmission.

The correct option is A

The IEEE 802.1X standard provides port-based authentication, requiring a wireless device to be authenticated prior to its gaining access to a LAN and its resources. Under this standard, the client node is referred to as a supplicant while the authenticator is usually an access point or a wired Ethernet switch.

Domain 3: Cryptography

1. What cryptographic hash function would be the acceptable replacement for MD4?

1. MD5

2. RIPEMD

3. RIPEMD-160

4. SHA-1

The correct option is C

This strengthened version of RIPEMD was successfully developed as a collision-resistant replacement for other hash functions including MD4, MD5 (Option a), and RIPEMD (Option b) [Collisions]. Because collisions were also announced in SHA-1 (Option d) [SHA-1 Collisions], RIPEMD-160 would be the acceptable replacement [RIPEMD-160].

2. An IPSec Security Association (SA) is a relationship between two or more entities that describes how they will use security services to communicate. Which values can be used in an SA to provide greater security through confidentiality protection of the data payload?

1. Use of AES within AH

2. SHA-1 combined with HMAC

3. Using ESP

4. AH and ESP together

The correct option is C

Encapsulating Security Protocol (ESP) also provides data origin authentication and data integrity, and also offers confidentiality for the IP payload it protects.

3. Suppose a secure extranet connection is required to allow an application in an external trusted entity’s network to securely access server resources in a corporate DMZ. Assuming IPSec is being configured to use ESP in tunnel mode, which of the following is the most accurate?

1. Encryption of data packets and data origin authentication for the packets sent over the tunnel can both be provided.

2. ESP must be used in transport mode in order to encrypt both the packets sent as well as encrypt source and destination IP Addresses of the external entity’s network and of the corporate DMZ network.

3. Use of AH is necessary in order to provide data origin authentication for the packets sent over the tunnel.

4. Source and destination IP Addresses of the external entity’s network and of the corporate DMZ network are not encrypted.

The correct option is A

ESP optionally provides a means of data origin authentication, and while it can be nested within AH, ESP does not require AH for this (Option c) [RFC 2406]. With ESP operating in transport mode (Option b), the original IP headers are not encapsulated within the ESP header, and the original IP addresses (source and destination IP addresses of the external entity’s network and of the corporate DMZ network) are in fact not encrypted. With ESP operating in tunnel mode, the original IP addresses are actually encrypted (Option d).

[ESP: Encapsulating Security Protocol provides data origin authentication and data integrity, and also offers confidentiality for the IP payload it protects.].

4. What is the BEST reason a network device manufacturer might include the RC4 encryption algorithm within an IEEE 802.11 wireless component?

1. They would like to use AES, but they require compatibility with IEEE 802.11i.

2. Their product must support the encryption algorithm WPA2 uses.

3. RC4 is a stream cipher with an improved key-scheduling algorithm that provides stronger protection than other ciphers.

4. Their release strategy planning includes maintaining some degree of backward compatibility with earlier protocols.

The correct option is D

RC4 is widely used, and the manufacturer wants to make its product compatible with WPA or even WEP, which use RC4. This does not mean they do not include AES; in fact, they would likely do so in the case of a new product, because IEEE 802.11i does in fact use AES for encryption (Option a). Option b is incorrect because WPA2, which is based on IEEE 802.11i, uses AES. Option c is incorrect because while RC4 is a stream cipher, it has a weak key-scheduling algorithm and offers less protection than other ciphers such as AES [WPA].

5. What is true about the Diffie-Hellman (DH) key agreement protocol?

1. The protocol requires initial exchange of a shared secret.

2. The protocol depends on a secure communication channel for key exchange.

3. The protocol needs other mechanisms such as digital signatures to provide authentication of the communicating parties.

4. The protocol is based on a symmetric cryptosystem.

The correct option is C

It is true that the original Diffie-Hellman key exchange protocol does not provide authentication of the sender and receiver. Other protocols such as digital signatures or HMAC must be used for this [RFC4650]. The Diffie-Hellman (DH) protocol involves computing a shared secret based on exchange of a public key (Option a), and is intended to be performed over insecure channels (Option b). DH is based on public-key cryptography because it involves deriving a shared secret based on the sender and receiver each having private keys and sharing public keys, and the property of the discrete logarithm problem, which makes it computationally infeasible to derive the private key from the public key [SCHNEIER].

6. What is the main security service a cryptographic hash function provides, and what is the main security property a cryptographic hash function must exhibit?

1. Integrity and ease of computation

2. Integrity and collision resistance

3. Message authenticity and collision resistance

4. Integrity and computational infeasibility

The correct option is B

Message authentication codes and digital signatures provide message authenticity (Option c). While ease of computation is important (Option a), cryptographic hash algorithms are build on one-way functions, and their primary function is to produce a unique message digest. Computational infeasibility may be important in general, but collision resistance is the more specific property of hash algorithms, thus excluding Option

7. What is necessary on the receiving side in order to verify a digital signature?

1. The message, message digest, and the sender’s private key

2. The message, message digest, and the sender’s public key

3. The message, the MAC, and the sender’s public key

4. The message, the MAC, and the sender’s private key

The correct option is B

Verifying a digital signature is performed by decrypting the message digest using the sender’s public key. Exposing the private key would mean that anyone with the private key could now forge the signature (Option a). Message authentication codes (MACs) do not use public key encryption, but produce a hash of the combined message input and a secret key (Options c and d).

8. What is a known plaintext attack used against DES to show that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single DES key?

1. Meet-in-the-middle attack

2. Man-in-the-middle attack

3. Replay attack

4. Related-key attack

The correct option is A

This attack applies to double encryption schemes such as 2DES by encrypting known plaintext using each possible key and comparing results obtained “in the middle” from decrypting the corresponding ciphertext using each possible key. Option b is a network-based cryptanalytic attack involving intercepting and forwarding a modified version of a transmission between two parties. Option c is also a network-based attack involving capturing and retransmitting a legitimate transmission between two parties. Option d, a related-keys attack, is often employed against stream ciphers and involves the relationships between keys that become known or are chosen while observing differences in plaintext and ciphertext when a different key is used.

9. What is among the most important factors in validating the cryptographic key design in a public key cryptosystem?

1. Ability of a random number generator to introduce entropy during key generation

2. Preimage resistance

3. Confidentiality of key exchange protocol

4. Crypto period

The correct option is A

The purpose of randomness in the key or keystream is to make it less likely that cryptanalysts will be able to guess or deduce the key. A random number generator that does not exhibit the property of randomness or entropy in its output will produce weak keys. Option b applies to cryptographic hash functions and is known as the “one-way” property of hash functions. Because the question asks about public-key cryptosystems, Option c is less valid because public keys can be exchanged without loss of the private key. Option d applies more to the operation and management of keys, because the crypto period is the time span during which an actual key can remain valid for use.

10. What factor would be most important in the design of a solution that is required to provide at-rest encryption in order to protect financial data in a restricted-access file sharing server?

1. Encryption algorithm used

2. Cryptographic key length

3. Ability to encrypt the entire storage array or file system versus ability to encrypt individual files

4. Individual user access and file-level authorization controls

The correct option is D

The encryption algorithm, key length, and scope of encryption provided (Options a, b, and c) are generally less important than the access controls that the at-rest encryption solution will require. Storage encryption is typically performed in order to ensure confidentiality, and is tied to an access control mechanism because those individuals or entities who must be able to decrypt the data will need authorized access to do so.

11. A large bank with a more than one million customer base implements PKI to support authentication and encryption for online Internet transactions. What is the best method to validate certificates in a timely manner?

1. CRL over LDAP

2. CRLDP over LDAP

3. OCSP over HTTP

4. CRLDP over ODBC

The correct option is C

Options a, b, and d are CRL-based methods that require significant network traffic between the verifying party and the LDAP or DB server where the CRL is published. It is most significant with a large base of subscribers whose certificates may point to different CRLDP and require pulling many different CRL fragments from the points of publication.

12. A car rental company is planning to implement wireless communication between the cars and rental support centers. Customers will be able to use these centers as concierge services, and rental centers will be able to check the car’s status if necessary. PKI certificates will be used to support authentication, non-repudiation, and confidentiality of transactions. Which asymmetric cryptography is a better fit?

1. RSA 1024

2. AES 256

3. RSA 4096

4. ECC 160

The correct option is D

Option b refers to a symmetric algorithm that does not support non-repudiation. The algorithms in Options a and c have significantly longer keys than the algorithm in Option d, which has equivalent strength. For wireless communication, a smaller key length is an important factor.

13. A key management system of a government agency’s PKI includes a backup and recovery (BR) module. PKI issues and manages separate certificates for encryption and verification. What is the right BR strategy?

1. Back up all certificates and private keys

2. Back up all private keys and verification certificates

3. Back up decryption keys and all certificates

4. Back up signing keys and all certificates

The correct option is C

Options a and b assume backing up signing keys, which is wrong. Option d assumes signing keys, which is wrong, and does not include decryption keys, which is wrong, too.

14. A company needs to comply with FIPS 140-2 level 3, and decided to use split knowledge for managing storage encryption keys. What is the right method for storing and using the key?

1. Store the key components on the encrypted media.

2. Create a master key and store it on external media owned by the first security officer.

3. Store key components on separate external media owned by a different security officer.

4. Publish key components on an LDAP server and protect them by officers’ asymmetric keys encryption.

The correct option is C

Storing key components on the same media (Option a) will expose them to one administrator or officer. One officer is in possession of all components (Option b) and can recreate the whole key. Storing secret keys on intermediate storage (Option d) is not acceptable.

15. An agency is using symmetric AES 128 cryptography for distributing confidential data. Because of its growth and key distribution problems, the agency decided to move to asymmetric cryptography and X.509 certificates. Which of the following is the BEST strength asymmetric cryptography to match the strength of the current symmetric cryptography?

1. RSA 2048

2. ECC 160

3. ECC 256

4. RSA 7680

The correct option is C

According to NISTSP800-57, ECC 256 cryptographic strength is equivalent to AES 128. Options a and b are wrong because they are weaker than AES 128; Option d is stronger than required and comes with impractically long keys.

16. One very large company created a business partnership with another, much smaller company. Both companies have their own PKI in-house. Employees need to use secure messaging and secure file transfer for their business transactions. What is the BEST strategy to implement this?

1. The larger company creates a PKI hierarchical branch for the smaller company, so all parties have a common root of trust.

2. The larger company enrolls all employees of the smaller company and issues their certificates, so all parties have a common root of trust.

3. Companies should review each other’s CP and CPS, cross-certify each other, and let each other access each other’s search database.

4. Employ an external third-party CA and have both company’s employees register and use their new certificates for secure transactions.

The correct option is C

Options a, b, and d either partially or completely disregard existing PKI infrastructure and require significant expenses for restructuring PKI or hiring an outside service.

17. When applications of cross-certified PKI subscribers validate each other’s digitally signed messages, they have to perform the following steps:

1. The signature is cryptographically correct, and sender’s validation certificate and sender’s CA cross-certificate are valid.

2. Validate CRL and ARL.

3. Validate sender’s encryption certificate, ARL, and CRL.

4. The signature is cryptographically correct, and sender’s CA certificate is valid.

The correct option is A

Option b is incorrect because CRL and ARL just verify revocation status without crypto and validity period validation; Option c is incorrect because signature verification requires verification certificate validation rather than encryption; Option d is incorrect because verification of signature verification certificate is missing.

18. A company implements three-tier PKI, which will include a root CA, several sub-CAs, and a number of regional issuing CAs under each sub-CA. How should the life span of the CA’s certificates be related?

1. Root CA = 10 years; sub-CA = 5 years; issuing CA = 1 year

2. Root CA = sub-CA = issuing CAs = 5 years

3. Root CA = 1 year; sub-CA = 5 years; issuing CA = 10 years

4. Root CA = 5 years; sub-CA = 10 years; issuing CA = 1 year

The correct option is A

In a hierarchical PKI, the upper CA should issue certificates to the subordinate CAs with a longer life span than those subordinates issue certificates to their subordinates. Otherwise, the chain will be expiring before the intermediate CA and entity certificates expire.

19. Management and storage of symmetric data encryption keys most importantly must provide

1. Integrity, confidentiality, and archiving for the time period from key generation through the life span of the data they protect or the duration of the crypto period, whichever is longer.

2. Confidentiality for the time period from key generation through the life span of the data they protect or duration of crypto period, whichever is longer.

3. Integrity, confidentiality, and archiving for the duration of the key’s crypto period.

4. Integrity, confidentiality, non-repudiation and archiving for the time period from key generation through the life span of the data they protect or duration of crypto period, whichever is longer.

The correct option is A

Option b is incorrect because without an integrity requirement a key may be tampered with. Option c is incorrect because if an encryption key crypto period expires before the encrypted data life span, the key destruction may leave data that is never possible to decrypt. Option d is incorrect because non-repudiation is not relevant to symmetric cryptography.

20. Management and storage of public signature verification keys most importantly must provide

1. Integrity, confidentiality, and archiving for the time period from key generation until no protected data needs to be verified.

2. Integrity and archiving for the time period from key generation until no protected data needs to be verified.

3. Integrity, confidentiality and archiving for the time period from key generation through the life span of the data they protect or the duration of crypto period, whichever is longer.

4. Integrity and confidentiality for the time period from key generation until no protected data needs to be verified.

The correct option is B

Options a, c, and d are incorrect because confidentiality is not required for public keys.

Domain 4: Security Architecture Analysis

1. The approach in which policies, procedures, technology, and personnel are considered in the system security development process is called

1. defense in depth.

2. requirements analysis.

3. risk assessment.

4. attack vectors.

The correct option is A

Best security practices should include an architecture that provides defense in depth where layers of technology are designed and implemented to provide data protection. These layers include people, technology, and operations (including processes and procedures). Defense in depth includes

Protect—preventative controls and mechanisms

Detect—identify attacks, expect attacks

React—respond to attacks, recover

2. Software that adds hidden components to a system without end user knowledge is

1. Virus.

2. Spyware.

3. Adware.

4. Malware.

The correct option is B

Spyware is software that adds hidden components to your system on the sly.

3. Risk is assessed by which of the following formulas?

1. Risk = Vulnerability × Threat × Impact Divided by Countermeasure

2. Risk = Annual Loss Opportunity ÷ Single Loss Expectancy

3. Risk = Exposure Facture divided by Asset Value

4. Risk = Vulnerability × Annual Loss Expectancy

The correct option is A

Option a is correct the others are mixed-up derivatives of risk management.

4. Requirements definition is a process that should be completed in the following order:

1. Document, identify, verify, and validate.

2. Identify, verify, validate, and document.

3. Characterize, analyze, validate, and verify.

4. Analyze, verify, validate, and characterize.

The correct option is B

The proper order for completing the Requirements Definition phase is OptionDocumentation would not be done first, thus eliminating Option “Characterize” in Options c or d is not correct.

5. A path by which a malicious actor gains access to a computer or network in order to deliver a malicious payload is a

1. penetration test.

2. attack vector.

3. vulnerability assessment.

4. risk assessment.

The correct option is B

Option b is the definition of an attack vector. Risk and vulnerability assessments and penetration testing deal with ways of analyzing and protecting the system.

6. Which of the following is BEST as a guide for the development, evaluation, and/or procurement of IT products with security functionality?

1. ISO/IEC 27001

2. FIPS 140-2

3. Common Criteria

4. SEI-CMM

The correct option is C

FIPS 140-2 deals with assessing type 2 encryption, SEI-CMM is the capability maturity model, and ISO/IEC 27001 deals with the overall system security posture based on best practice implementation.

7. Which of the following BEST defines evaluation criteria for Protection Profile (PP) and Security Target (ST) and presents evaluation assurance levels rating assurance for the TOE?

1. Part 3—Security assurance requirements

2. Part 2—Security functional requirements

3. Part 1—Introduction and general model

4. Part 4—History and previous versions

The correct option is A

Parts 2 and 1 deal with other security requirements and general CC model and part 4 does not exist.

8. The National Voluntary Laboratory Accreditation Program (NVLAP) must be in full conformance with which of the following standards?

1. ISO/IEC 27001 and 27002

2. ISO/IEC 17025 and Guide 58

3. NIST SP 800-53A

4. ANSI/ISO/IEC Standard 17024

The correct option is B

Option a deals with best practice implementation on the system. Option c provides IA controls for federal government systems, and Option d is the standard for certifications such as the CISSP^®.

9. A software application in combination with an operating system, a workstation, smart card integrated circuit, or cryptographic processor would be considered examples of a

1. Functional Communications (FCO)

2. Functional Trusted Path (FTP)

3. Target of Evaluation (TOE)

4. Security Target (ST)

The correct option is C

Options a and b refer to families of security functions, and Option d refers to the evaluation criteria that TOE (Option c) will be assessed by.

10. A security architect requires a device with a moderate level of independently assured security, and a thorough investigation of the TOE and its development without substantial reengineering. It should be evaluated at which CC EAL?

1. EAL6

2. EAL5

3. EAL4

4. EAL3

The correct option is D

Option d refers to the criteria for EAL3 evaluation by definition. EAL6 is semiformally verified design and tested, EAL5 is semiformally designed but not verified, and EAL4 is methodically designed, tested, and reviewed.

11. At which Common Criteria EAL would a security architect select a device appropriate for application in extremely high-risk situations or where the high value of the assets justifies the higher costs?

1. EAL4

2. EAL5

3. EAL6

4. EAL7

The correct option is D

Again, Option d refers to the criteria for EAL 7 evaluation by definition. EAL6 is semiformally verified design and tested, EAL 5 is semiformally designed but not verified, and EAL 4 is methodically designed, tested, and reviewed. Options a, b, or c would not be appropriate for extremely high-risk situations.

12. A list of Common Criteria-evaluated products can be found on the Internet on the site at the

1. NIAP

2. CCEVS

3. IASE

4. CERIS

The correct option is B

NIAP is the partnership between NIST and NSA for the evaluation of products, and IASE is the site run by DISA to promote best security practices. CERIS is a consortium run by the University of Notre Dame Computer Science and Information Security department. CCEVS is the site that lists all evaluated products, those in the evaluation process, and those that have been removed or superseded.

13. Which of the following describes the purpose of the Capability Maturity Model?

1. Determine business practices to ensure creditability for the company’s commitment to quality and excellence.

2. Provide assurance through active investigation and evaluation of the IT product in order to determine its security properties.

3. Establish a metric to judge in a repeatable way the maturity of an organization’s software process as compared to the state of the industry practice.

4. Provide an overview of standards related to the Information Security Management family for uniformity and consistency of fundamental terms and definitions.

The correct option is C

Options a and d are from ISO/IEC 27001, and Option b is from the Common Criteria.

14. Which one of the following describes the key practices that correspond to a range of maturity levels 1-5?

1. Common Criteria

2. SEI-CMM

3. ISO/IEC 27002

4. IATF v3

The correct option is B

It is the only option that discusses maturity levels. Options a, c, and d are standards and processes.

15. Which of the following CMMI levels include quantitative process management and software quality management as the capstone activity?

1. CMMI Level 5

2. CMMI Level 4

3. CMMI Level 3

4. CMMI Level 2

The correct option is B

CMMI Level 4 includes quantitative process management and software quality management as the capstone activity.

16. Where can the general principles of the OSI Reference Model architecture be found that describes the OSI layers and what layering means?

1. Clause 3

2. Clause 5

3. Clause 7

4. Clause 9

The correct option is B

ISO 7498 discusses the OSI model. Within the model are clauses that describe the basis reference model. Clause 7 provides the description of the specific layers, and Clause 9 specifies compliance and consistency with the OSI reference model. Clause 3 does not exist.

17. A privately held toy company processing, storing, or transmitting payment card data must be compliant with which of the following?

1. Gramm–Leach–Bliley Act (GLBA)

2. Health Insurance Portability and Accountability Act (HIPAA)

3. Sarbanes-Oxley Act of 2002

4. PCI-DSS

The correct option is D

Options a, b and c do not have anything to do with card payment or credit card data.

18. In which phase of the IATF does formal risk assessment begin?

1. Assess effectiveness

2. Design system security architecture

3. Define system security requirements

4. Discover information protection needs

The correct option is B

Although risk assessment occurs during the assess effectiveness process after each stage, a formal risk assessment is conducted at the end of the Design System Security Architecture phase.

19. Which of the following describes a methodical examination of a work product by the author’s coworkers to comment, identify, and categorize defects in the work product?

1. Formal inspection

2. Structured walkthrough

3. Critique

4. Peer review

The correct option is D

The overall methodical examination of the work is called the peer review. The others are specific types of peer review.

20. Which of the following is a critical element in the design validation phase?

1. Develop security test and evaluation plan

2. Develop protection needs elicitation

3. Develop the concept of operation

4. Requirements analysis

The correct option is A

Design validation culminates with the development of test and evaluation plans. It requires elicitation, requirements analysis, and concept of operations to be done in the early stages before the design is developed.

Domain 5: Technology-Related Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)

1. Which phrase BEST defines a business continuity/disaster recovery plan?

1. A set of plans for preventing a disaster.

2. An approved set of preparations and sufficient procedures for responding to a disaster.

3. A set of preparations and procedures for responding to a disaster without management approval.

4. The adequate preparations and procedures for the continuation of all business functions.

The correct option is D

The plan needs to be written for the recovery of all business operations and the technology that supports them.

2. Which of the following statements BEST describes the extent to which an organization should address business continuity or disaster recovery planning?

1. Continuity planning is a significant corporate issue and should include all parts or functions of the company.

2. Continuity planning is a significant technology issue, and the recovery of technology should be its primary focus.

3. Continuity planning is required only where there is complexity in voice and data communications.

4. Continuity planning is a significant management issue and should include the primary functions specified by management.

The correct option is A

Recovering from an expected disruption to normal operations requires a plan addressing all parts of the organization.

3. Risk analysis is performed to identify

1. the impacts of a threat to the business operations.

2. the exposures to loss of the organization.

3. the impacts of a risk on the company.

4. the way to eliminate threats.

The correct option is B

Risk Analysis identifies the different risk exposures a company has so that mitigation plans can be identified and agreed on, including a Business Continuity Plan.

4. During the risk analysis phase of the planning, which of the following actions could manage threats or mitigate the effects of an event?

1. Modifying the exercise scenario.

2. Developing recovery procedures.

3. Increasing reliance on key individuals.

4. Implementing procedural controls.

The correct option is D

Implementing procedural controls is one method of managing an identified risk.

5. The reason to implement additional controls or safeguards is to

1. deter or remove the risk.

2. remove the risk and eliminate the threat.

3. reduce the impact of the threat.

4. identify the risk and the threat.

The correct option is C

You cannot eliminate a threat; you can only reduce the impact a threat can have on your organization.

6. Which of the following statements BEST describe business impact analysis?

1. Risk analysis and business impact analysis are two different terms describing the same project effort.

2. A business impact analysis calculates the probability of disruptions to the organization.

3. A business impact analysis is critical to development of a business continuity plan.

4. A business impact analysis establishes the effect of disruptions on the organization.

The correct option is D

A business impact analysis identifies what would happen to the organization if a risk occurred, despite whatever controls were in place.

7. The term disaster recovery commonly refers to:

1. The recovery of the business operations.

2. The recovery of the technology environment.

3. The recovery of the manufacturing environment.

4. The recovery of the business and technology environments.

The correct option is B

Disaster recovery has been commonly used to define the process and procedures used to recover the technology supporting the business operations.

8. Which of the following terms BEST describe the effort to determine the consequences of disruptions that could result from a disaster?

1. Business impact analysis

2. Risk analysis

3. Risk assessment

4. Project problem definition

The correct option is A

A business impact analysis identifies what would happen to the organization if a risk occurred, despite whatever controls were in place.

9. The BEST advantage of using a cold site as a recovery option is that it

1. is a less expensive recovery option.

2. can be configured and operationalized for any business function.

3. is preconfigured for communications and can be customized for business functions.

4. is the most available option for testing server recovery and communications restorations.

The correct option is A

A cold site is less expensive because it is commonly a space to house recovery but without any infrastructure in place. Everything is recovered at the time of disaster.

10. The term RTO means:

1. Recovery time for operations

2. Return to order

3. Resumption time order

4. Recovery time objective

The correct option is D

RTO refers to the time the technology or business operation is planned to be operational following a disruption.

11. If a company wants the fastest time to restore from tape backup, it should perform their backup using the following method:

1. Full backup

2. Incremental backup

3. Partial backup

4. Differential backup

The correct option is A

A full backup copies all of the data each time it is run. When you recover from a full backup, no other backups are needed. In contrast, when an incremental backup is used in recovery, the full backup must be restored first, and then each incremental backup since the last full backup was made of the data must be sequentially restored before the data can be used.

12. One of the advantages of a hot site recovery solution is

1. Lowered expense

2. High availability

3. No downtime

4. No maintenance required

The correct option is B

A hot site has all the technology in place for recovery, so the time from the point where the disaster is declared and the time when the recovery is complete is much shorter.

13. Which of the following methods is not acceptable for exercising the business continuity plan?

1. Tabletop exercise

2. Call exercise

3. Simulated exercise

4. Halting a production application or function

The correct option is D

It is important not to create a disaster in the business when testing for the recovery from one.

14. Which of the following is the primary desired result of any well-planned business continuity exercise?

1. Identification of plan strengths and weaknesses.

2. Satisfaction of management requirements.

3. Compliance with auditor’s requirements.

4. Maintenance of shareholder confidence.

The correct option is A

The purpose of conducting any exercise is to find out what works and what does not so that any weaknesses can be addressed before an actual event.

15. A business continuity plan should be updated and maintained

1. immediately following an exercise.

2. following a major change in personnel.

3. after installing new software.

4. on an ongoing basis.

The correct option is D

The plan needs to be updated regularly in order to maintain its viability to recover the business in a real event.

16. The primary reason to build a business continuity and disaster recovery plan is

1. to continue the business.

2. to restore the data center.

3. to meet regulatory environments.

4. because the customers expect it.

The correct option is A

The primary purpose of business continuity and disaster recovery is to make sure the business survives.

17. A company would chose to use synchronous remote replication for its data recovery strategy if

1. it wanted to replace point-in-time backups.

2. it wanted to minimize the amount of time taken to recover.

3. time to recovery and data loss are important to the business.

4. distance limitations existed.

The correct option is C

Synchronous remote replication is used to support business operations when the loss incurred by downtime is so substantial that it justifies the expense of implementing this solution.

18. One of the reasons asynchronous replication differs from synchronous replication is

1. because it can impact production.

2. because it can be done over greater distances.

3. because it involves less loss of data.

4. because it improves recovery time.

The correct option is B

Because asynchronous replication does not require that the data be written at the remote site at the same time as the production site, network latency is not as critical as it is in synchronous replication. It can therefore occur over greater distances.

19. The purpose of doing a cost-benefit analysis on the different recovery strategies is

1. to make certain the cost of protection does not exceed the cost of the risk it is protecting.

2. to determine the cost of implementing the recovery strategy.

3. to determine that the strategy will be effective.

4. to analyze the cost of the different strategies.

The correct option is A

The recovery strategies implemented should match the business being protected.

Domain 6: Physical Security Considerations

1. The primary function of a physical protection system is to

1. determine, direct, and dispatch.

2. deter, detection, delay, and response.

3. display, develop, initiate, and apprehend.

4. evaluate, dispatch, and detain.

The correct option is B

A physical protection system typically has a number of elements that fall into the pattern of deter-detect-delay-respond.

2. The single most important goal in planning a site is

1. protection of life, property, and operations.

2. threat definition, conflict control, and facility characterization.

3. risk assessment, threat identification, and incident review.

4. threat identification, vulnerability appraisal, and access review.

The correct option is A

The single most important goal in planning a site is the protection of life, property, and operations.

3. The strategy of forming layers of protection around an asset or facility is known as

1. secured perimeter.

2. defense in depth.

3. reinforced barrier deterrent.

4. reasonable asset protection.

The correct option is B

With defense in depth, barriers are arranged in layers with the level of security growing progressively higher as one comes closer to the center or the highest protective area.

4. The regulation of movement into, from, and within a designated building or area is called

1. restricted access.

2. access control.

3. security access.

4. security control.

The correct option is B

Access control is the regulation of movement into, from, and within a designated building or area. The primary objective of controlling entry into a facility or area is to ensure that only authorized persons are allowed to enter.

5. The key to a successful physical protection system is the integration of

1. people, process, and technology.

2. technology, risk assessment, and human interaction.

3. protecting, offsetting, and transferring risk.

4. detection, deterrence, and response.

The correct option is A

The key to a successful physical protection system is the integration of people, process, and technology.

6. What is the primary objective of controlling entry into a facility or area?

1. Provide time management controls for all employees.

2. Ensure that only authorized persons are allowed to enter.

3. Keep out potential hazards and dangerous material that could be used to commit sabotage.

4. Identification purposes.

The correct option is B

The primary objective of controlling entry into a facility or area is to ensure that only authorized persons are allowed to enter.

7. The BEST way to test your physical security operation is by

1. observation.

2. penetration test.

3. security survey.

4. social engineering.

The correct option is B

A penetration test is the best way to test your security operation.

8. CCTV technologies make possible three distinct yet complementary functions. The first is visual assessment of an alarm or other event. What are the other two functions of CCTV?

1. Surveillance and deterrence.

2. Intrusion detection and response.

3. Optical and lighting.

4. Monitoring and inspection.

The correct option is A

CCTV provides a highly flexible method of monitoring surveillance and deterrence.

9. High-tech integrated technologies not only offer greater protection opportunities but also help minimize cost by

1. reducing electrical costs.

2. reducing reliance on multiple operators and guard force.

3. providing government tax incentives for increased physical protection systems.

4. increasing capital value of property.

The correct option is B

The correct option isThe ability to leverage integrated technology allows a business to “do more with less”, typically enabling a reduction in staffing as a result, which lowers costs.

10. During a vulnerability assessment tour of a facility the team should be looking to

1. Determine where all the fire exits are located.

2. Examine the locations of physical protection system components.

3. Count the number of employees within the facility.

4. Determine the structural strength of the perimeter walls.

The correct option is B

A vulnerability assessment tour of a facility is designed to gather information regarding the general layout of the facility, the location of key assets, information about facility operations and production capabilities, and locations and types of physical protection systems.

11. Designing a new building to mitigate threats is simpler and more cost-effective than retrofitting an existing building. An obvious example of this is planning for

1. limiting the number of entrances to the site that must be monitored, staffed, and protected.

2. reducing the cost associated with energy needs in providing the physical protection system.

3. giving employees easy access to the facility without their knowledge of the security components used in monitoring their activities.

4. blast reinforcement film on all perimeter windows.

The correct option is A

Planning to create a limited number of entrances to a building PRIOR to construction is always more cost effective then having to retrofit the building after construction. Limiting the number of entrances that have to be monitored and protected will mitigate multiple threats, whereas option b is only a cost savings measure. Option c does not serve to reduce costs, and may or may not be effective in mitigating threats. Option d would mitigate a specific threat, that of damage due to a close proximity blast, but It would not mitigate a variety of threats.

12. How must classified material and sensitive information be disposed of?

1. Torn in half and thrown in the trash can.

2. It should be shredded.

3. Removed to a decontamination room.

4. Marked declassified and thrown in a trash can.

The correct option is B

There are several methods for proper destruction of information. An organization can contract with a licensed and bonded shredding company, which will come to the site with a mobile shredding truck and dispose of classified material and sensitive information. One can watch the process and verify the destruction, or the documents can be shredded on site, depending on the volume of information that needs to be destroyed. Shredding services can also destroy hard drives and physical components.

13. Effective security solutions call for the systematic integration of

1. design, technology, and facility operations and management.

2. reducing vulnerability by protecting, offsetting, or transferring the risk.

3. operational readiness, physical protection systems, standard operating processes.

4. increase awareness, environmental design, and physical security.

The correct option is A

Effective building security requires careful planning, design, and management of the physical protection system, integrating people, procedures, and equipment; the foundation of all facility security operations.

14. In which order should the designing of a security plan for a new complex progress?

1. Outer perimeter, interior, exterior

2. Interior, outer perimeter, exterior

3. Interior, exterior, outer perimeter

4. Exterior, interior, outer perimeter

The correct option is C

The design process of a security plan for a new facility should begin with the interior, then the exterior, and finally the outer perimeter.

15. Physical security measures to prevent or minimize theft, unauthorized access, or destruction of property are applied by using

1. layers.

2. methods.

3. varieties.

4. types.

The correct option is A

In the concept of defense in depth, barriers are arraigned in layers, with the level of security growing progressively higher as one comes closer to the center or the highest protective area. Defending an asset with a multiple posture can reduce the likelihood of a successful attack; if one layer of defense fails, another layer of defense will hopefully prevent the attack, and so on. This design requires the attacker to circumvent multiple defensive mechanisms to gain access to the targeted asset.

16. Two functions that employee badges serve are

1. identify and credit.

2. payroll and identification.

3. identification and access.

4. access and personal information.

The correct option is C

Employee badges are an excellent method of control for both identification and access.

17. Which security control is most effective in curtailing and preventing “piggybacking” or “tailgating” as a means of unauthorized access?

1. Cameras

2. Turnstiles

3. Security guards

4. Mantraps

The correct option is D

A common and frustrating loophole in an otherwise secure access control system can be the ability of an unauthorized person to follow through a checkpoint behind an authorized person; this is called “piggybacking” or “tailgating.” The traditional solution is an airlock-style arrangement called a mantrap.