Question 1 | Why is it important to audit both failed events and successful events? -
A. It's not. You only need to audit failed events. -
B. Because they will reveal unauthorized access attempts. -
C. Because you can't just audit one. Both have to be activated. -
D. It's not. You only need to audit successful events. |
A1: | Answer B is correct. It is equally important to audit both failed and successful events because both may reveal unauthorized access or an unexpected escalation of access rights. Answer A and D are incorrect because it is important to audit both types of events. Answer C is incorrect because you can audit either successful or failed events if you choose. |
Question 2 | In which of the following vulnerability assessment tests would you evaluate a user 's ability to connect to a RAS server via telephony? -
A. Blind testing -
B. Knowledgeable testing -
C. Internet service testing -
D. Dial-up service testing -
E. Infrastructure testing |
A2: | Answer D is correct. Dial-up service testing involves attempting to penetrate a network's security through telephonic connectivity to a RAS server supporting modem dial-in access. Answers A and B are incorrect because they involve a general audit either with or without prior knowledge of the network, and they do not target remote access servers specifically. Answer C is incorrect because an Internet service test focuses on Internet-accessible avenues of penetration rather than dial-up access. Answer E is incorrect because an infrastructure test involves the analysis of networking, protocols, and distributed resources and services, without focusing specifically on RAS services. |
Question 3 | In which of the following policies would you detail what type of authorization is needed to perform a port scan of an organization's network? |
A3: | Answer B is correct. The audit policy includes specifications for external auditing and profiling, such as performing a port scan. Answer A is incorrect because the acceptable use policy details what constitutes acceptable use of computer equipment and resources. Answer C is incorrect because the NDA is used to obtain a user's agreement to not disclose sensitive information. This should be required of any agent performing an audit, but it does not directly provide the method for audit authorization. Answers D and E are incorrect because they specify access restrictions and minimum security configurations required for servers, including RAS servers. |
Question 4 | You are the primary investigator on a team that is investigating the theft of some important information from your network. You have collected and analyzed data and are preparing to present your information in court . What is the process called when presenting the path that the evidence took to the courtroom? -
A. Evidenced path -
B. Chain of custody -
C. Forensics -
D. Chain of evidence |
A4: | Answer B is correct. Verifying the path of evidence from the crime scene to the courtroom is called the chain of custody . Answers A and D are incorrect because they are made-up terms. Answer C is incorrect because forensics is the study of evidence. |
Question 5 | With Discretionary Access Control (DAC), what determines access rights to resources? -
A. Roles -
B. Rules -
C. Owner discretion -
D. Security labels |
A5: | Answer C is correct. DAC enables the owner of the resources to specify who can access those resources. Answer A is incorrect because roles are used to group access rights by role name ; the use of resources is restricted to those associated with an authorized role. Answer B is incorrect because rules are part of Mandatory Access Control. Answer D is incorrect because security labels are also used in Mandatory Access Control. |
Question 6 | In which of the following models would you require a centralized database of user accounts? [Choose the two best answers.] -
A. User based -
B. Group based -
C. Role based -
D. Risk based |
A6: | Answers B and C are correct. Both group-based and Role-Based Access Control models require a centralized database of user accounts and groups or roles through which permissions may be inherited. Answer A is incorrect because it is possible to have a user-based access control scenario within a peer-to-peer network. Answer D is not a valid model and is therefore incorrect. |
Question 7 | What is the name given to the activity that involves collecting information that will later be used for monitoring and review purposes? -
A. Logging -
B. Auditing -
C. Inspecting -
D. Vetting |
A7: | Answer A is correct. Logging is the process of collecting data to be used for monitoring and auditing purposes. Auditing is the process of verification that normally involves going through log files; therefore, answer B is incorrect. Typically, the log files are frequently inspected, and inspection is not the process of collecting the data; therefore, answer C is incorrect. Vetting is the process of thorough examination or evaluation; therefore, answer D is incorrect. |
Question 8 | Which of the following are important steps toward the education of users regarding security requirements? [Choose all correct answers.] |
A8: | Answers A, B, C, and E are correct. Education of users about security requirements may be performed during new employee orientation and on-the-job training sessions as well as through security flyers and published security policies. Answer D is incorrect because the documentation created during an infrastructure audit is not generally useful to most users. |
Question 9 | Risk is made up of which of the following components ? [Choose the three best answers.] -
A. Vulnerability -
B. Threat -
C. Probability -
D. Value |
A9: | Answers A, B, and C are correct. Risk can be defined as the probability of a threat exploiting a vulnerability. Answer D is incorrect because value is not a component of risk; however, value may affect your decision of whether to accept a risk. |
Question 10 | Your manager wants you to investigate a client/server system that allows your company's users to be able to log in to a central server to authenticate and then access other servers without having to authenticate again. What type of system should you research? -
A. Single sign-on -
B. RAS servers -
C. RADIUS -
D. PPTP |
A10: | Answer A is correct. Single sign-on provides the mechanism whereby a user only needs to authenticate to a system one time and can then access multiple systems without reauthenticating or maintaining separate usernames and passwords. Answer B is incorrect because Remote Access Server (RAS) is the system used to handle remote user access, and your manager wants a central server to communicate with these servers. Answer C is incorrect because Remote Authentication Dial-In User Service (RADIUS) is a client/server system that facilitates the communication between remote access servers and a central server. The central server will authenticate the dial-in users and authorize their access. Answer D is incorrect because PPTP is a tunneling protocol. |