1) When receiving an email from an unknown contact that has an attachment, you should:
Open the attachment and view the contents
Delete the email
Report the email as Phishing
Forward to your personal email
2) Triage encompasses which of the following incident response sub-phases?
Collection, transport, testimony
Traceback, feedback, loopback
Detection, identification, notification
Confidentiality, integrity, availability
3) In the OSI reference model, on which layer is Ethernet?
Layer 1 - Physical layer
Layer 2 - Data-link layer
Layer 3 - Network layer
Layer 4 - Transport layer
4) What best describes two-factor authentication?
A hard token and a smart card
A user name and a PIN
A password and a PIN
A PIN and a hard token
5) If speed is preferred over resilience, which of the following RAID configurations is best?
Raid 1
Raid 10
Raid 5
Raid 0
6) Which item is not part of a Kerberos authentication implementation?
Message authentication code
Ticket granting service
Authentication service
Users, programs, and services
7) What is the CIA triad?
Confidentiality, Integrity, and Availability
Confidentiality, Integrity, and Awesomeness
Confidentiality, Inaudible, and Availability
Capacity, Integrity, and Availability
8) Which of the following best determines access of an individual?
Role
Clearance
Partnership with security team
Job rank or title
9) Formal acceptance of an evaluated system by management is known as what?
Authorization
Verification
Certification
Validation
10) Which is concerned with identifying the root cause but also addressing the underlying issue?
Change management
Incident management
Configuration management
Problem management
11) When selecting a security testing method or tool, the practitioner needs to consider many different things, such as:
Surface and supported technology
Security roles and responsibilities for staff
Culture of the organization and likelihood of exposure
Local annual frequency estimate and standard annual frequency estimate
12) Who should receive business continuity plan training in an organization?
Those with specific business continuity roles
First responders
Senior executives
Everyone
13) Which phase best defines a business disaster recovery plan?
An approved set of preparations and procedures for responding to a disaster
A set of plans for preventing a disaster
The adequate preparation and procedures for the continuation of all organization functions
A set of preparations and procedures for responding to a disaster without management approval
14) The doors of a data center spring open in the event of a fire. This is an example of?
Fail-safe
Fail-secure
Fail-proof
Fail-closed
15) What is the process of making digital data unreadable to unauthorized users?
VPN
Encryption
FTP
Deserialization
16) Single loss expectancy (SLE) is calculated by using?
Asset value and annualized rate of occurrence (ARO)
Asset value, local annual frequency estimate (LAFE), and standard annual frequency estimate (SAFE)
Asset value and exposure factor
Local annual frequency estimate and annualized rate of occurrence
17) The best way to ensure that no data remanence of sensitive information that was stored on a DVD-R media is by
Deletion
Destruction
Overwritting
Degaussing
18) What is an advantage of RSA over DSA?
It can provide digital signature and encryption functionality
It uses fewer resources and encrypts faster because it uses symmetric keys
It is a block cipher rather than a stream cipher
It employs a one-time encryption pad
19) Many privacy laws dictate which of the following rules?
Individuals have a right to remove any data they do not want others to know
Agencies do not need to ensure that the data is accurate
Agencies need to allow all government agencies access to the data
Agencies cannot use collected data for a purpose different from what they were collected for
20) What is the right time to plan for security?
Pre-deployment
Post-deployment
Testing Phase
Monitoring Phase