1. When an attacker sends unsolicited communication, it is an example of:

A. Spoofing

B. Spamming

C. Crackers

D. Sniffers

Ans: B


2. Masquerading is:


   A.  Attempting to hack a system through backdoors to an operating system or application

   B.  Pretending to be an authorized user 

   C.  Always done through IP spoofing

   D.  Applying a subnet mask to an internal IP range

Ans:  B


3. Integrity is protection of data from all of the following EXCEPT:


   A.  Unauthorized changes

   B.  Accidental changes

   C.  Data analysis 

   D.  Intentional manipulation

Ans: C


4. A security program cannot address which of the following business goals?


   A.  Accuracy of information 

   B.  Change control

   C.  User expectations

   D.  Prevention of fraud

Ans: A


5. In most cases, integrity is enforced through:


   A.  Physical security

   B.  Logical security

   C.  Confidentiality

   D.  Access controls 

Ans: D


6. A “well-formed transaction” is one that:


   A.  Has all the necessary paperwork to substantiate the transaction.

   B.  Is based on clear business objectives.

   C.  Ensures that data can be manipulated only by a specific set of programs. 

   D.  Is subject to duplicate processing.

Ans: C


7. In an accounting department, several people are required to complete a financial process. This is most likely an example of:


   A.  Segregation of duties 

   B.  Rotation of duties

   C.  Need-to-know

   D.  Collusion

Ans: A


8. Risk Management is commonly understood as all of the following EXCEPT:


   A.  Analyzing and assessing risk

   B.  Identifying risk

   C.  Accepting or mitigation of risk

   D.  Likelihood of a risk occurring 

Ans: D


9. The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as:


   A.  Exposure Factor (EF) 

   B.  Annualized Rate of Occurrence (ARO)

   C.  Vulnerability

   D.  Likelihood

Ans: A


10. The absence of a fire-suppression system would be best characterized as a(n):


   A.  Exposure

   B.  Threat

   C.  Vulnerability 

   D.  Risk

Ans: C


11. Risk Assessment includes all of the following EXCEPT:


   A.  Implementation of effective countermeasures 

   B.  Ensuring that risk is managed

   C.  Analysis of the current state of security in the target environment

   D.  Strategic analysis of risk

Ans: A


12. A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?


   A.  Automated tools 

   B.  Adoption of qualitative risk assessment processes

   C.  Increased reliance on internal experts for risk assessment

   D.  Recalculation of the work factor

Ans: A


13. Data classification can assist an organization in:


   A.  Eliminating regulatory mandates

   B.  Lowering accountability of data classifiers

   C.  Reducing costs for protecting data 

   D.  Normalization of databases

Ans: C


14. Who “owns” an organization’s data?


   A.  Information technology group

   B.  Users

   C.  Data custodians

   D.  Business units 

Ans: D


15. An information security policy does NOT usually include:


   A.  Authority for information security department

   B.  Guidelines for how to implement policy 

   C.  Basis for data classification

   D.  Recognition of information as an asset of the organization

Ans: B


16. The role of an information custodian should NOT include:


   A.  Restoration of lost or corrupted data

   B.  Regular backups of data

   C.  Establishing retention periods for data 

   D.  Ensuring the availability of data

Ans: C



17. A main objective of awareness training is:


   A.  Provide understanding of responsibilities 

   B.  Entertaining the users through creative programs

   C.  Overcoming all resistance to security procedures

   D.  To be repetitive to ensure accountability

Ans: A


18. What is a primary target of a person employing social engineering?


   A.  An individual 

   B.  A policy

   C.  Government agencies

   D.  An information system

Ans: A


19. Social engineering can take many forms EXCEPT:


   A.  Dumpster diving

   B.  Coercion or intimidation

   C.  Sympathy

   D.  Eavesdropping 

Ans: D


20. Incident response planning can be instrumental in:


   A.  Meeting regulatory requirements

   B.  Creating customer loyalty

   C.  Reducing the impact of an adverse event on the organization 

   D.  Ensuring management makes the correct decisions in a crisis

Ans: C


21)  A high profile company has been receiving a high volume of attacks on their web site. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. What should be implemented?


   A.  DMZ (Demilitarized Zone)

   B.  A honey pot 

   C.  A firewall

   D.  A new subnet

Ans: B


22) You are running cabling for a network through a boiler room where the furnace and some other heavy machinery reside. You are concerned about interference from these sources. Which of the following types of cabling provides the best protection from interference in this area?


   A.  STP

   B.  UTP

   C.  Coaxial

   D.  Fiber-optic 


Ans:  D


23) In order for a user to obtain a certificate from a trusted CA Certificate Authority), the user must present proof of identity and a?

   A.  Private Key

   B.  Public Key  

   C.  Password

   D.  Kerberos Key

Ans: B


24)  while performing a routing site audit of your wireless network, you discover an unauthorized Access Point placed on your network under the desk of Accounting department security. When questioned, she denies any knowledge of it, but informs you that her new boyfriend has been to visit her several times, including taking her to lunch one time. What type of attack have you just become a victim of?


   A.  Piggybacking

   B.  Masquerading

   C.  Man-in-da-middle attack

   D.  Social Engineering  

Ans: D


25)  when visiting an office adjacent to the server room, you discover the lock to the window is broken. Because it is not your office you tell the resident of the office to contact the maintenance person and have it fixed. After leaving, you fail to follow up on whether the windows were actually repaired. What affect will this have on the likelihood of a threat associated with the vulnerability actually occurring? 


   A.  If the window is repaired, the likelihood of the threat occurring will increase. 

   B.  If the window is repaired, the likelihood of the threat occurring will remain constant.

   C.  If the window is not repaired the, the likelihood of the threat occurring will decrease.

   D.  If the window is not repaired, the likelihood of the threat occurring will increase.


Ans: A


26)  a company consists of a main building with two smaller branch offices at opposite ends of the city. The main building and branch offices are connected with fast links so that all employees have good connectivity to the network. Each of the buildings has security measures that require visitors to sign in, and all employees are required to wear identification badges at all times. You want to protect servers and other vital equipment so that the company has the best level of security at the lowest possible cost. Which of the following will you do to achieve this objective?

    A.  Centralize servers and other vital components in a single room of the main building, and add security measures to this room so that they are well protected. 

   B.  Centralize most servers and other vital components in a single room of the main building, and place servers at each of the branch offices. Add security measures to areas where the servers and other components are located.

   C.  Decentralize servers and other vital components, and add security measures to areas where the servers and other components are located.

   D.  main building. Because the building prevents unauthorized access to visitors and other persons, there is no need to implement physical security in the server room.

Ans: A


27)  You are explaining SSL to a junior administrator and come up to the topic of handshaking. How many steps are employed between the client and server in the SSL handshake process?

   A.  Five

   B.  Six  

   C.  Seven

   D.  Eight

Ans: B


28)  You have been alerted to the possibility of someone using an application to capture and manipulate packets as they are passing through your network. What type of threat does this represent?

   A.  DDos

   B.  Trojan Horse

   C.  Logic Bomb

   D.  Man-in-the-middle 

Ans: D


29)  A problem with air conditioning is causing fluctuations in temperature in the server room. The temperature is rising to 90 degrees when the air conditioner stops working, and then drops to 60 degrees when it starts working again. The problem keeps occurring over the next two days. What problem may result from these fluctuations?

    A.  Electrostatic discharge

   B.  Power outages

   C.  Chip creep 

   D.  Poor air quality

Ans: C


30) While connected from home to an ISP (Internet Service Provider), a network administrator performs a port scan against a corporate server and encounters four open TCP (Transmission Control Protocol) ports: 25, 110, 143 and 389. Corporate users in the organization must be able to connect from home, send and receive messages on the Internet, read e-mail by beams of the IMAPv.4 (Internet Message Access Protocol version 4) protocol, and search into a directory services database for user e-mail addresses, and digital certificates. All the e-mail relates services, as well as the directory server, run on the scanned server. Which of the above ports can be filtered out to decrease unnecessary exposure without affecting functionality?

   A.  25

   B.  110  

   C.  143

   D.  389

  Ans: B


31) Asymmetric key cryptography is used for all of the following except:

   A.  Encryption of data

   B.  Access control

   C.  Nonrepudiation

   D.  Steganography 

 Ans: D


32) The most common forms of asymmetric key cryptography include

   A.  Diffie–Hellman 

   B.  Rijndael

   C.  Blowfish

   D.  SHA-256

 Ans: A


33) What is an important disadvantage of using a public key algorithm compared to a symmetric algorithm?

   A.  A symmetric algorithm provides better access control.

   B.  A symmetric algorithm is a faster process. 

   C.  A symmetric algorithm provides nonrepudiation of delivery.

   D.  A symmetric algorithm is more difficult to implement.

Ans: B


34) When a user needs to provide message integrity, what options may be best?

   A.  Send a digital signature of the message to the recipient

   B.  Encrypt the message with a symmetric algorithm and send it

   C.  Encrypt the message with a private key so the recipient can decrypt with the corresponding public key

   D.  Create a checksum, append it to the message, encrypt the message, then send to recipient. 

Ans: D


35) A certificate authority provides what benefits to a user?

    A.  Protection of public keys of all users

   B.  History of symmetric keys

   C.  Proof of nonrepudiation of origin

   D.  Validation that a public key is associated with a particular user 

Ans: D


36) What is the output length of a RIPEMD-160 hash?

   A.  160 bits 

   B.  150 bits

   C.  128 bits

   D.  104 bits

 Ans:  A


37) ANSI X9.17 is concerned primarily with

   A.  Protection and secrecy of keys 

   B.  Financial records and retention of encrypted data

   C.  Formalizing a key hierarchy

   D.  The lifespan of key-encrypting keys (KKMs)

Ans: A


38) When a certificate is revoked, what is the proper procedure?

    A.  Setting new key expiry dates

   B.  Updating the certificate revocation list 

   C.  Removal of the private key from all directories

   D.  Notification to all employees of revoked keys

 Ans: B


39) What is not true about link encryption?

   A.  Link encryption encrypts routing information.

   B.  Link encryption is often used for Frame Relay or satellite links.

   C.  Link encryption is suitable for high-risk environments. 

   D.  Link encryption provides better traffic flow confidentiality.

Ans: C


40) A_________ is the sequence that controls the operation of the cryptographic algorithm.

    A.  Encoder

   B.  Decoder wheel

   C.  Cryptovariable 

   D.  Cryptographic routine

 Ans:  C  


41) The process used in most block ciphers to increase their strength is

    A.  Diffusion

   B.  Confusion

   C.  Step function

   D.  SP-network 

 Ans: D


42) The two methods of encrypting data are

    A.  Substitution and transposition

   B.  Block and stream

   C.  Symmetric and asymmetric 

   D.  DES and AES

Ans: C


43) Cryptography supports all of the core principles of information security except

    A.  Availability

   B.  Confidentiality

   C.  Integrity

   D.  Authenticity 

Ans: D


44) A way to defeat frequency analysis as a method to determine the key is to use

    A.  Substitution ciphers

   B.  Transposition ciphers

   C.  Polyalphabetic ciphers 

   D.  Inversion ciphers

Ans: C


45) The running key cipher is based on

    A.  Modular arithmetic 

   B.  XOR mathematics

   C.  Factoring

   D.  Exponentiation

Ans: A


46) The only cipher system said to be unbreakable by brute force is

   A.  AES

   B.  DES

   C.  One-time pad 

   D.  Triple DES

 Ans: C


47) Messages protected by steganography can be transmitted to

    A.  Picture files

   B.  Music files

   C.  Video files

   D.  All of the above 

Ans: D


48) a significant action has a state that enables actions on an ADP system to be traced to individuals who may then be held responsible. The action does NOT include:

   A.  Violations of security policy.

   B.  Attempted violations of security policy.

   C.  Non-violations of security policy.

   D.  Attempted violations of allowed actions. 

Ans: D


49) Which of the following embodies all the detailed actions that personnel are required to follow?

   A.  Standards

   B.  Guidelines

   C.  Procedures 

   D.  Baselines

Ans: C


50) which of the following choices is NOT part of a security policy?

   A.  definition of overall steps of information security and the importance of security

   B.  statement of management intend, supporting the goals and principles of information security

   C.  definition of general and specific responsibilities for information security management

   D.  .description of specific technologies used in the field of information security 

Ans: D