The formula for assessing the severity of a risk is:

A. Probability divided by impact

B. Probability divided by number of occurrences
C. Probability multiplied by impact
D. Probability multiplied by number of occurrences
A full-service Kerberos environment consisting of a Kerberos server, a number of clients and a
number of application servers requires the:
A. Kerberos server to share a public key with each server
B. application servers to share a public key with each server
C. Kerberos server to share a secret key with each server
D. Kerberos server to share the entered password with each server
Which one of the following best describes a mesh configuration used to set up a virtual private
network (VPN) for connecting three or more networks or individuals?
A. Each participant (network, router or computer) in the VPN has an approved
relationship, called a security association (SA), with every other participant.
B. Any LANs or computers in the VPN only need to connect to the central server, not
to any other machine in the VPN.
C. The VPN starts out as a star or hub-and-spoke design and evolves into the mixture
of these two common configurations.
D. Each peer-to-peer (P2P) participant (node or peer) operates in an overlay network
to communicate with each other in a secure manner.
A company is about to migrate to the newest operating system. Despite all of the planning, there
could be a short period of time the network could be down if the migration fails. What is the
name of the risk that cannot be mitigated?
A. Acceptable
B. Collateral
C. Residual

D. Unavoidable
First responders are principally involved in which phase of an incident response plan?
A. Detection
B. Eradication
C. Recovery
D. Follow-Up
Separating responsibilities or duties in a fashion designed to reduce the possibility of employee
fraud or theft cannot prevent such action if employee:
A. Knowledge of the safeguards exists
B. Collusion exists
C. Lack of training exists
D. Irresponsibility exists
An evidence collection sheet is designed to assist an investigator in:
A. Establishing and maintaining the chain of custody
B. Understanding the nature of the crime
C. Tracking activities for subsequent billing purposes
D. Enabling law enforcement to understand the nature of the evidence
An administrator is attempting to prevent a hacker from using a rainbow table to crack hashed
passwords. What can the administrator do to make it too time consuming to use a rainbow table?
A. Compress the hashes
B. Make the passwords more difficult
C. Salt the hashes

D. Virtualize the hashes

Secure Hypertext Transfer Protocol (S-HTTP) and Secure Sockets Layer (SSL) are two protocols
that can be used independently or together designed to:
A. Enable secure network communications across the Internet via different
mechanisms
B. Use digital signatures based on public key cryptosystem to secure email
communications
C. Encrypt credit card information transfers and RSA for key exchange for secure
credit card transactions
D. Use the RC4 cipher stream to encrypt each electronic packet using a 64-bit key for
securing wireless networks
Which of the following would BEST prevent the unauthorized disclosure of information?
A. Securely erasing a hard drive
B. Copying customer data to a USB drive
C. Disposing of printouts in the waste
D. Recycling old cellphones
A crypto-system that operates on one digit at a time is called?
A. Stream cipher encryption
B. Asymmetric encryption
C. Symmetric encryption
D. Block cipher encryption
What security technique can be used to filter ActiveX and JavaScript, block downloads based on
file types, filter mail headers (like "Subject:") to either classify and accept or reject a message
type based on the output of the filter?
A. Firewall filtering
B. Context filtering
C. Content filtering

D. Message filtering
When securing data in transit by using hashing and encryption, how does the function of hashing
differ from the function of encryption?
A. Encryption algorithms provide message integrity by generating a message digest
that can be used to detect message modification while hashing algorithms provide
confidentiality by using asymmetric and/or symmetric methods.
B. Hashing algorithms provide message integrity by generating a message digest that
can be used to encrypt and decrypt message while encryption algorithms provide
confidentiality by detecting message modification.
C. Encryption algorithms provide message integrity while hashing algorithms provide
confidentiality by using asymmetric and/or symmetric methods.
D. Hashing algorithms provide message integrity by generating a message digest that
can be used to detect message modification while encryption algorithms provide
confidentiality by using asymmetric and/or symmetric methods.
What security term describes the weakness of an asset that can be exploited?
A. Vulnerability
B. Threat
C. Threat agent
D. Countermeasure
When conducting a quantitative risk assessment, how should the total risk of an asset be defined
mathematically?
A. Total threat, divided by Total vulnerability, multiplied by Total asset value
B. Total threat, multiplied by Total vulnerability, multiplied by Total asset value
C. Total threat, multiplied by Total vulnerability, divided by Total asset value
D. Total threat, multiplied by Total vulnerability in addition to Total asset value
Which of the following biometric methods is considered the most accurate?
A. Fingerprint
B. Palm scan

C. Iris scan
D. Voice recognition
Which one of the following packet filtering methods is an accurate description of its function?
A. Filtering by ICMP message type uses TCP or UDP port numbers to filter SMTP
and POP email messages and DNS requests.
B. Filtering by ACK flag uses the ACK bit or ACK flag in a TCP packet to examine
both the contents of packets and headers for signs that they are legitimate.
C. Filtering by TCP or UDP port number admits or denies ICMP packets based on
message types.
D. Filtering suspicious inbound packets denies a packet that arrived at the firewall
from the external network but contains an IP address that is inside the network.
What protocol is used to monitor large numbers of systems and devices for operational issues?
A. File Transfer Protocol (FTP)
B. Simple Mail Transfer Protocol (SMTP)
C. Simple Network Management Protocol (SNMP)
D. Hyper Text Transfer Protocol (HTTP)
When planning a security program for an organization, what is the major objective of security
awareness and training ?
A. Helps the organization employees to be more security conscious
B. Helps the organization security polices to be more easily understood
C. Helps the organization to meet internal security objective and
regulatory compliance
D. Helps the organization create more effective security policies
The Domain Name System (DNS) works through a set of servers beginning with the:
A. Local servers
B. Root servers
C. Primary name servers

D. Secondary name servers

Which one of the following focuses on cracking known passwords?
A. Spoofing
B. Rainbow attack
C. Dictionary attack
D. Phreaking
Which of these ciphers provide confidentiality by using the same key for encryption and
decryption?
A. Data Encryption Standard (DES), Rivest Cipher (RC), DiffieHellman key
exchange (DH)
B. Data Encryption Standard (DES), Rivest Cipher (RC), Blowfish
C. Blowfish, digital signature algorithm (DSA), Cipher-Block Chaining (CBC
algorithm)
D. Rivest-Shamir-Adleman (RSA algorithm), digital signature algorithm (DSA),
DiffieHellman key exchange (DH)
When two distinct pieces of data have an identical hash value, it is called a hash
A. Clash
B. Collision
C. Commonality
D. Comparative
When should an organization be advised to accept a security risk?
A. When there is no time to implement the control
B. When the skills are absent to implement the control
C. When an organization needs to save cost
D. When the cost of the control outweighs the value of the asset

Creating or issuing secure identities should include three key aspects. The three aspects include
all of the following EXCEPT:
A. Uniqueness
B. Nondescriptive
C. Issuance
D. Descriptive