Untitled

__A__	1.	Regarding access control, a(n) ____ is a specific resource, such as a file or a hardware device.
a.	object	c.	operation
b.	subject	d.	asset


__B__	2.	Regarding access control, a(n) ____ is a user or a process functioning on behalf of the user who attempts to access an object.
a.	object	c.	operation
b.	subject	d.	asset


__C__	3.	Regarding access control, an example of a(n) ____ is when a user attempts to delete a file.
a.	object	c.	operation
b.	subject	d.	asset


__D__	4.	In the ____ model, the end user cannot implement, modify, or transfer any controls.
a.	Discretionary Access Control (DAC)	c.	Rule Based Access Control (RBAC)
b.	Role Based Access Control (RBAC)	d.	Mandatory Access Control (MAC)


__B__	5.	With the ____ model a subject has total control over any objects that he or she owns, along with the programs that are associated with those objects.
a.	RBAC	c.	RuBAC
b.	DAC	d.	MAC


__D__	6.	The ____ model is considered a more “real world” approach than the other models to structuring access control.
a.	Discretionary Access Control (DAC)	c.	Mandatory Access Control (MAC)
b.	Rule Based Access Control (RBAC)	d.	Role Based Access Control (RBAC)


__C__	7.	The ____ model can dynamically assign roles to subjects based on a set of rules defined by a custodian.
a.	Discretionary Access Control (DAC)	c.	Rule Based Access Control (RBAC)
b.	Role Based Access Control (RBAC)	d.	Mandatory Access Control (MAC)


__A__	8.	Known as ____, this practice requires that if the fraudulent application of a process could potentially result in a breach of security, then the process should be divided between two or more individuals.
a.	separation of duties	c.	least privilege
b.	job rotation	d.	implicit deny


__D__	9.	The principle of ____ in access control means that each user should be given only the minimal amount of privileges necessary to perform his or her job function.
a.	job rotation	c.	separation of duties
b.	implicit deny	d.	least privilege


__A__	10.	____ in access control means that if a condition is not explicitly met, then it is to be rejected.
a.	Implicit deny	c.	least privilege
b.	Separation of duties	d.	job rotation


__C__	11.	Generally a ____ is used to configure settings for systems that are not part of Active Directory.
a.	Group Policy	c.	Local Group Policy
b.	Group Policy Object	d.	Domain Group Policy


__B__	12.	____ accounts are user accounts that remain active after an employee has left an organization.
a.	Ghost	c.	Phantom
b.	Orphaned	d.	Floating


__A__	13.	____ is the process of setting a user’s account to expire.
a.	Account expiration	c.	Account restriction
b.	Time of day restriction	d.	Login expiration


__B__	14.	A ____ is a secret combination of letters and numbers that only the user knows.
a.	badge	c.	RFID tag
b.	password	d.	smartcard


__C__	15.	A ____ attack begins with the attacker creating hashes of common dictionary words, and compares those hashed dictionary words against those in a stolen password file.
a.	birthday	c.	dictionary
b.	brute force	d.	rainbow table


__D__	16.	____ make password attacks easier by creating a large pregenerated data set of hashes from nearly every possible password combination.
a.	Brute force attacks	c.	Birthday attacks
b.	Dictionary attacks	d.	Rainbow tables


__B__	17.	To address the security issues in the LM hash, Microsoft introduced the ____ hash.
a.	VLM	c.	ELM
b.	NTLM	d.	NETLM


__D__	18.	A ____ lock, also known as the key-in-knob lock, is the easiest to use because it requires only a key for unlocking the door from the outside.
a.	deadbolt	c.	tailgate
b.	cipher	d.	preset


__C__	19.	Known as a ____ lock, this lock extends a solid metal bar into the door frame for extra security.
a.	tailgate	c.	deadbolt
b.	preset	d.	cipher


__A__	20.	____ locks are combination locks that use buttons that must be pushed in the proper sequence to open the door.
a.	Cipher	c.	Preset
b.	Deadbolt	d.	Tailgate


__D__	21.	A ____ is a security device that monitors and controls two interlocking doors to a small room (a vestibule) that separates a nonsecured area from a secured area.
a.	CCTV	c.	cipher lock
b.	tailgate sensor	d.	mantrap


__B__	22.	____ is the presentation of credentials or identification, typically performed when logging on to a system.
a.	Authentication	c.	Authorization
b.	Identification	d.	Access


__A__	23.	____ is the verification of the credentials to ensure that they are genuine and not fabricated.
a.	Authentication	c.	Authorization
b.	Identification	d.	Access


__C__	24.	____ is granting permission for admittance.
a.	Authentication	c.	Authorization
b.	Identification	d.	Access


__D__	25.	____ is the right to use specific resources.
a.	Authentication	c.	Authorization
b.	Identification	d.	Access


__A__	26.	There are several types of OTPs. The most common type is a ____ OTP.
a.	time-synchronized	c.	token-based
b.	challenge-based	d.	biometric-based


__D__	27.	A ____ fingerprint scanner requires the user to place the entire thumb or finger on a small oval window on the scanner.
a.	cognitive	c.	physical
b.	dynamic	d.	static


__C__	28.	A ____ fingerprint scanner has a small slit or opening. Instead of placing the entire finger on the scanner the finger is swiped across the opening.
a.	static	c.	dynamic
b.	cognitive	d.	physical


__B__	29.	____ time is the time it takes for a key to be pressed and then released.
a.	Hit	c.	Flight
b.	Dwell	d.	Type


__D__	30.	____, such as using an OTP (what a person has) and a password (what a person knows), enhances security, particularly if different types of authentication methods are used.
a.	Standard biometrics	c.	Cognitive biometrics
b.	Federated identity management	d.	Two-factor authentication


__B__	31.	____ requires that a user present three different types of authentication credentials.
a.	Two-factor authentication	c.	Behavioral biometrics
b.	Three-factor authentication	d.	Cognitive biometrics


__C__	32.	____ is a feature of Windows that is intended to provide users with control of their digital identities while helping them to manage privacy.
a.	FMI	c.	Windows CardSpace
b.	Windows Live ID	d.	OpenID


__A__	33.	____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
a.	OpenID	c.	.NET Passport
b.	Windows CardSpace	d.	Windows Live ID


__B__	34.	____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
a.	RADIUS	c.	TACACS+
b.	Kerberos	d.	LDAP


__A__	35.	____ is an industry standard protocol specification that forwards username and password information to a centralized server.
a.	TACACS+	c.	RADIUS
b.	LDAP	d.	Kerberos


__C__	36.	The International Organization for Standardization (ISO) created a standard for directory services known as ____.
a.	X.400i	c.	X.500
b.	X.459	d.	X.589


__D__	37.	The ____, sometimes called X.500 Lite, is a simpler subset of DAP.
a.	Kerberos	c.	TACACS+
b.	RADIUS	d.	LDAP


__A__	38.	The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as the ____.
a.	EAP	c.	X.500
b.	LDAP	d.	TACACS+


__D__	39.	____ is a very basic authentication protocol that was used to authenticate a user to a remote access server or to an Internet service provider (ISP).
a.	MS-CHAP	c.	EAP-TLS
b.	EAP-MD5	d.	PAP


__C__	40.	____ refers to any combination of hardware and software that enables access to remote users to a local internal network.
a.	LDAP	c.	RAS
b.	EAP	d.	VPN


__B__	41.	A(n) ____ uses an unsecured public network, such as the Internet, as if it were a secure private network.
a.	RAS	c.	EAP
b.	VPN	d.	LDAP


__D__	42.	A(n) ____ is the end of the tunnel between VPN devices.
a.	concentrator	c.	VPN server
b.	demux	d.	endpoint


__B__	43.	In information security, a ____ is the likelihood that a threat agent will exploit a vulnerability.
a.	hole	c.	risk
b.	threat	d.	weakness


__A__	44.	____ generally denotes a potential negative impact to an asset.
a.	Risk	c.	Weakness
b.	Threat	d.	Vulnerability


__B__	45.	The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.
a.	risk modeling	c.	weakness modeling
b.	threat modeling	d.	vulnerability modeling


__D__	46.	Known as ____, this in effect takes a snapshot of the security of the organization as it now stands.
a.	risk identification	c.	threat identification
b.	risk mitigation	d.	vulnerability appraisal


__A__	47.	The ____ is the expected monetary loss every time a risk occurs.
a.	Single Loss Expectancy (SLE)	c.	Asset Value (AV)
b.	Exposure Factor (EF)	d.	Annualized Loss Expectancy (ALE)


__D__	48.	The ____ is the expected monetary loss that can be expected for an asset due to a risk over a one-year period.
a.	Single Loss Expectancy (SLE)	c.	Asset Value (AV)
b.	Exposure Factor (EF)	d.	Annualized Loss Expectancy (ALE)


__B__	49.	In a ____, the risk is spread over all of the members of the pool.
a.	retained risk	c.	joined risk
b.	risk retention pool	d.	cooperative risk


__C__	50.	Identifying vulnerabilities through a(n) ____ determines the current security weaknesses that could expose assets to threats.
a.	asset identification	c.	vulnerability appraisal
b.	threat identification	d.	risk mitigation


__D__	51.	Most communication in TCP/IP involves the exchange of information between a program running on one device (known as a ____) and the same or a corresponding process running on another device.
a.	port	c.	scanner
b.	socket	d.	process


__C__	52.	TCP/IP uses a numeric value as an identifier to applications and services on the systems. These are known as the ____.
a.	process	c.	port number
b.	socket	d.	protocol


__B__	53.	____ are typically used to determine the state of a port to know what applications are running and could be exploited.
a.	Network scanners	c.	Port testers
b.	Port scanners	d.	Network testers


__A__	54.	A(n) ____ port means that the application or service assigned to that port is listening.
a.	open	c.	blocked
b.	closed	d.	listening


__C__	55.	A(n) ____ port indicates that no process is listening at this port.
a.	listening	c.	closed
b.	open	d.	blocked


__A__	56.	A(n) ____ port means that the host system does not reply to any inquiries to this port number.
a.	blocked	c.	open
b.	closed	d.	listening


__B__	57.	____ are software tools that can identify all the systems connected to a network.
a.	Port scanners	c.	ICMP mappers
b.	Network mappers	d.	ICMP scanners


__D__	58.	____ provides support to IP in the form of ICMP messages that allow different types of communication to occur between IP devices.
a.	SNMP	c.	HTTP
b.	SMTP	d.	ICMP


__A__	59.	The key feature of a protocol analyzer is that it places the computer’s network interface card (NIC) adapter into ____, meaning that NIC does not ignore packets intended for other systems and shows all network traffic.
a.	promiscuous mode	c.	traffic mode
b.	listening mode	d.	sniffing mode


__D__	60.	____ is a generic term that refers to a range of products that look for vulnerabilities in networks or systems.
a.	Port scanner	c.	Ping
b.	Network mapper	d.	Vulnerability scanner


__B__	61.	____ is a “common language” for the exchange of information regarding security vulnerabilities.
a.	XML	c.	SQL
b.	OVAL	d.	HTML


__C__	62.	____ programs use the file of hashed passwords and then attempts to break the hashed passwords offline.
a.	ICMP scanner	c.	Password cracker
b.	Port scanner	d.	Network mapper


__D__	63.	____ is a method of evaluating the security of a computer system or network by simulating a malicious attack instead of just scanning for vulnerabilities.
a.	Vulnerability scanning	c.	Port scanning
b.	Network mapping	d.	Penetration testing


__B__	64.	____ is the process of assigning and revoking privileges to objects; that is, it covers the procedures of managing object authorizations.
a.	Privilege assignment	c.	Privilege auditing
b.	Privilege management	d.	Privilege configuration


__C__	65.	The ____ is typically defined as the person responsible for the information, who determines the level of security needed for the data, and delegates security duties as required.
a.	guardian	c.	owner
b.	manager	d.	custodian


__A__	66.	The ____ is the individual to whom day-to-day actions have been assigned by the owner and who periodically reviews security settings and maintains records of access by end users.
a.	custodian	c.	manager
b.	guardian	d.	owner


__D__	67.	The Windows file and folder ____ permission allows files or folders to be opened as read-only and to be copied.
a.	Write	c.	Modify
b.	Read and Execute	d.	Read


__C__	68.	The Windows file and folder ____ permission allows the creation of files and folders, and allows data to be added to or removed from files.
a.	Modify	c.	Write
b.	Read and Execute	d.	Read


__D__	69.	The Microsoft ____ infrastructure is a mechanism to centrally configure and secure a common set of computer and user configurations and security settings to Windows servers, desktops, and users in an AD.
a.	Security Template	c.	Auditing
b.	Baseline	d.	Group Policy


__A__	70.	____ is part of the pre-trial phase of a lawsuit in which each party through the law of civil procedure can request documents and other evidence from other parties or can compel the production of evidence by using a subpoena.
a.	Discovery	c.	Interview
b.	Interrogation	d.	Retention


__B__	71.	ILM strategies are typically recorded in ____ policies.
a.	user security	c.	data confidentiality
b.	storage and retention	d.	group


__D__	72.	____ assigns a level of business importance, availability, sensitivity, security and regulation requirements to data.
a.	Usage auditing	c.	Usage classification
b.	Security auditing	d.	Data classification


__B__	73.	____ means permissions given to a higher level “parent” will also be inherited by a lower level “child.”
a.	Delegation	c.	Transition
b.	Inheritance	d.	Classification


__A__	74.	____ is the process for generating, transmitting, storing, analyzing, and disposing of computer security log data.
a.	Log management	c.	Event management
b.	Log auditing	d.	Event auditing


__C__	75.	____ servers are intermediate hosts through which Web sites are accessed.
a.	NIDS	c.	Proxy
b.	Authentication	d.	HIPS


__B__	76.	____ logs can be used to determine whether new IP addresses are attempting to probe the network and if stronger firewall rules are necessary to block them.
a.	Proxy servers	c.	Authentication servers
b.	Firewall	d.	DNS


__C__	77.	A(n) ____ is an occurrence within a software system that is communicated to users or other programs outside the operating system.
a.	thread	c.	event
b.	entry	d.	call


__A__	78.	____ are operational actions that are performed by the operating system, such as shutting down the system or starting a service.
a.	System events	c.	System functions
b.	System calls	d.	System processes


__D__	79.	Logs based on ____ are the second common type of security-related operating system logs.
a.	event records	c.	event logs
b.	system events	d.	audit records


__C__	80.	____ refers to a methodology for making changes and keeping track of those changes, often manually.
a.	Event auditing	c.	Change management
b.	Event management	d.	Log management


__D__	81.	____ monitoring is designed for detecting statistical anomalies.
a.	Signature-based	c.	Time-based
b.	Behavior-based	d.	Anomaly-based


__A__	82.	____ monitoring compares activities against a predefined signature.
a.	Signature-based	c.	Behavior-based
b.	Anomaly-based	d.	Time-based


__B__	83.	A ____ baseline is a reference set of data established to create the “norm” of performance for a system or systems.
a.	configuration	c.	system
b.	performance	d.	monitoring


__D__	84.	A ____ monitor is typically a low-level system program that uses a notification engine designed to monitor and track down hidden activity on a desktop system, server, or even personal digital assistant (PDA) or cell phone.
a.	performance	c.	behavior
b.	baseline	d.	system


__A__	85.	Changing the original text to a secret message using cryptography is known as ____.
a.	encryption	c.	ciphertext
b.	decryption	d.	cleartext


__D__	86.	Data that is in an unencrypted form is called ____ data.
a.	plaintext	c.	hidetext
b.	caesartext	d.	cleartext


__C__	87.	____, also called a one-way hash, is a process for creating a unique “signature” for a set of data.
a.	Digital signing	c.	Hashing
b.	Decrypting	d.	Encrypting


__B__	88.	____ is a relatively recent cryptographic hash function that has received international recognition and adoption by standards organizations.
a.	MD5	c.	SHA-1
b.	Whirlpool	d.	MD2


__D__	89.	Symmetric encryption is also called ____ key cryptography.
a.	open	c.	public
b.	close	d.	private


__B__	90.	The simplest type of stream cipher is a ____ cipher. It simply substitutes one letter or character for another.
a.	transposition	c.	permutation
b.	substitution	d.	homoalphabetic


__C__	91.	A ____ substitution cipher maps a single plaintext character to multiple ciphertext characters.
a.	polyalphabetic	c.	homoalphabetic
b.	monoalphabetic	d.	random


__A__	92.	A ____ cipher rearranges letters without changing them.
a.	transposition	c.	substitution
b.	monoalphabetic	d.	homoalphabetic


__B__	93.	A ____ cipher manipulates an entire block of plaintext at one time.
a.	substitution	c.	stream
b.	block	d.	transposition


__A__	94.	____ was approved by the NIST in late 2000 as a replacement for DES.
a.	AES	c.	Twofish
b.	3DES	d.	Blowfish


__C__	95.	____ is a block cipher that processes blocks of 64 bits.
a.	SHA-1	c.	RC2
b.	RC4	d.	MD5


__D__	96.	The ____ algorithm dates back to the early 1990s and is used in European nations.
a.	Blowfish	c.	RC4
b.	Twofish	d.	IDEA


__A__	97.	____ encryption uses two keys instead of one. These keys are mathematically related and are known as the public key and the private key.
a.	Asymmetric	c.	Private
b.	Symmetric	d.	Open


__D__	98.	The asymmetric algorithm ____ was published in 1977 and patented by MIT in 1983.
a.	AES	c.	SHA
b.	Diffie-Hellman	d.	RSA


__C__	99.	The strength of the ____ algorithm is that it allows two users to share a secret key securely over a public network.
a.	DES	c.	Diffie-Hellman
b.	RSA	d.	AES


__B__	100.	A similar program known as ____ is a PGP open-source product.
a.	FreePGP	c.	PGPx
b.	GPG	d.	PGPnix


__D__	101.	Microsoft’s ____ is a cryptography system for Windows operating systems that use the Windows NTFS file system.
a.	GPG	c.	PGP
b.	AES	d.	EFS


__B__	102.	Cryptography can also be applied to entire disks. This is known as ____ encryption.
a.	symmetric	c.	file system
b.	whole disk	d.	EFS


__C__	103.	To protect data stored on a hard drive, Microsoft Windows Vista includes ____ drive encryption.
a.	IDEA	c.	BitLocker
b.	TPM	d.	AES


__A__	104.	____ is a hardware-enabled data encryption feature.
a.	BitLocker	c.	AES
b.	EFS	d.	DES


__B__	105.	____ is essentially a chip on the motherboard of the computer that provides cryptographic services.
a.	EFS	c.	BitLocker
b.	TPM	d.	AES


__C__	106.	Some organizations set up a subordinate entity, called a ____, to handle some CA tasks such as processing certificate requests and authenticating users.
a.	Remote Authority (RA)	c.	Registration Authority (RA)
b.	Delegation Authority (DA)	d.	Handle Authority (HA)


__D__	107.	____ digital certificates are issued by a CA or RA directly to individuals.
a.	Server	c.	Single-sided
b.	Software publisher	d.	Personal


__B__	108.	____ digital certificates are often issued from a Web server to a client, although they can be distributed by any type of server, such as a mail server.
a.	Software publisher	c.	Personal
b.	Server	d.	Organizational


__A__	109.	When Bob sends one digital certificate to Alice along with his message, that is known as a ____ certificate.
a.	single-sided	c.	dual-sided
b.	software publisher	d.	server


__D__	110.	In one type of trust model, ____ trust, a relationship exists between two individuals because one person knows the other person.
a.	indirect	c.	discrete
b.	third party	d.	direct


__A__	111.	A(n) ____ trust refers to a situation in which two individuals trust each other because each trusts a third party.
a.	third party	c.	indirect
b.	direct	d.	discrete


__B__	112.	The ____ trust model assigns a single hierarchy with one master CA called the root.
a.	web of 	c.	direct
b.	hierarchical	d.	third party


__C__	113.	The ____ trust model has multiple CAs that sign digital certificates.
a.	direct	c.	distributed
b.	web of	d.	hierarchical


__A__	114.	The ____ trust model is the basis for digital certificates issued by Internet users.
a.	distributed	c.	direct
b.	hierarchical	d.	web of


__C__	115.	With the ____ trust model, there is one CA that acts as a “facilitator” to interconnect all other CAs.
a.	web of	c.	bridge
b.	distributed	d.	hierarchical


__B__	116.	The ____ provides recommended baseline security requirements for the use and operation of CA, RA, and other PKI components.
a.	certificate practice statement	c.	baseline policy
b.	certificate policy	d.	CA policy


__D__	117.	A ____ describes in detail how the CA uses and manages certificates.
a.	CA policy	c.	baseline policy
b.	certificate policy	d.	certificate practice statement


__C__	118.	____ refers to a situation in which keys are managed by a third party, such as a trusted CA.
a.	Expiration	c.	Key escrow
b.	Renewal	d.	Revocation


__D__	119.	____ is used to connect to an FTP server, much in the same way that HTTP links to a Web server.
a.	SSH	c.	SSL
b.	PKCS	d.	FTP


__B__	120.	____ is a protocol that guarantees privacy and data integrity between applications communicating over the Internet.
a.	FTP	c.	HTTP
b.	TLS	d.	CRL


__A__	121.	The TLS ____ Protocol allows authentication between the server and the client and the negotiation of an encryption algorithm and cryptographic keys before any actual data is transmitted.
a.	Handshake	c.	Transport
b.	Record	d.	Packing


__D__	122.	The TLS ____ Protocol is used to encapsulate higher-level protocols.
a.	Packing	c.	Transport
b.	Handshake	d.	Record


__A__	123.	____ is actually a suite of three utilities—slogin, scp, and ssh—that are secure versions of the unsecure UNIX counterpart utilities rlogin, rcp, and rsh.
a.	SSH	c.	SSL
b.	TLS	d.	SFTP


__B__	124.	____ is the most widely deployed tunneling protocol.
a.	SSL	c.	TLS
b.	PPTP	d.	NAS


__C__	125.	One variation of PPP that is used by broadband Internet providers with DSL or cable modem connections is ____.
a.	TLS	c.	PPPoE
b.	LCP	d.	PPTP


__C__	126.	One of the most common e-mail transport protocols is ____.
a.	S/MIME	c.	TLS
b.	SSL	d.	IPsec


__A__	127.	A Class ____ fire includes common combustibles.
a.	A	c.	C
b.	B	d.	D


__B__	128.	____ systems spray the fire area with pressurized water.
a.	Dry chemical	c.	Chemical agent
b.	Water sprinkler	d.	Clean agent


__D__	129.	____ systems disperse a fine, dry powder over the fire.
a.	Clean agent	c.	Water sprinkler
b.	Clean chemical	d.	Dry chemical


__C__	130.	____ fire suppression systems do not harm people, documents, or electrical equipment in the room.
a.	Water sprinkler	c.	Clean agent
b.	Clean sprinkler	d.	Dry chemical


__B__	131.	In a(n) ____ server cluster, a standby server exists only to take over for another server in the event of its failure.
a.	network	c.	redundant
b.	asymmetric	d.	symmetric


__C__	132.	In a(n) ____ server cluster, every server in the cluster performs useful work. If one server fails, the remaining servers continue to perform their normal work as well as that of the failed server.
a.	asymmetric	c.	symmetric
b.	redundant	d.	network


__D__	133.	A system of hard drives based on redundancy can be achieved through using a technology known as ____, which uses multiple hard disk drives for increased reliability and performance.
a.	MTBF	c.	ESD
b.	VPN	d.	RAID


__A__	134.	____ partitions the storage space of each hard drive into smaller sections, which can be as small as 512 bytes or as large as several megabytes.
a.	Striping	c.	Duplexing
b.	Mirroring	d.	Segmenting


__C__	135.	Disk ____ involves connecting multiple drives in the server to the same disk controller card.
a.	segmenting	c.	mirroring
b.	stripping	d.	duplexing


__A__	136.	Instead of having a single disk controller card that is attached to all hard drives, disk ____ has separate cards for each disk.
a.	duplexing	c.	mirroring
b.	segmenting	d.	stripping


__D__	137.	RAID Level 5 distributes ____ data (a type of error checking) across all drives instead of using a separate drive to hold the parity error checking information.
a.	mirroring	c.	segmenting
b.	stripping	d.	parity


__B__	138.	A(n) ____ UPS is always running off its battery while the main power runs the battery charger.
a.	battery	c.	off-line
b.	on-line	d.	mirroring


__A__	139.	A ____ site is generally run by a commercial disaster recovery service that allows a business to continue computer and network operations to maintain business continuity.
a.	hot	c.	cold
b.	warm	d.	cool


__B__	140.	A ____ site provides office space but the customer must provide and install all the equipment needed to continue operations.
a.	cool	c.	warm
b.	cold	d.	hot


__D__	141.	A ____ site has all of the equipment installed but does not have active Internet or telecommunications facilities, and does not have current backups of data.
a.	cold	c.	cool
b.	hot	d.	warm


__C__	142.	Backup software can internally designate which files have already been backed up by setting a(n) ____ in the properties of the file.
a.	archive sector	c.	archive bit
b.	backup bit	d.	backup sector


__A__	143.	The ____ is defined as the maximum length of time that an organization can tolerate between backups.
a.	RPO	c.	D2D
b.	RTO	d.	D2D2T


__C__	144.	The ____ is simply the length of time it will take to recover the data that has been backed up.
a.	D2D2T	c.	RTO
b.	RPO	d.	D2D


__D__	145.	An alternative to using magnetic tape is to back up to magnetic disk, such as a large hard drive or RAID configuration. This is known as ____.
a.	RTO	c.	D2D2T
b.	RPO	d.	D2D


__B__	146.	A solution that combines the best of magnetic tape and magnetic disk is ____. This technology uses the magnetic disk as a temporary storage area.
a.	D2D	c.	RTO
b.	D2D2T	d.	RPO


__C__	147.	____ is the application of science to questions that are of interest to the legal profession.
a.	Chain of custody	c.	Forensics
b.	RTO	d.	RPO


__D__	148.	At its core, a(n) ____ policy is a document that outlines the protections that should be enacted to ensure that the organization’s assets face minimal risks.
a.	safety	c.	change management
b.	acceptable use	d.	security


__C__	149.	A ____ is a collection of requirements specific to the system or procedure that must be met by everyone.
a.	recommendation	c.	standard
b.	guideline	d.	policy


__A__	150.	A ____ is a collection of suggestions that should be implemented.
a.	guideline	c.	policy
b.	recommendation	d.	standard


__B__	151.	A ____ is a document that outlines specific requirements or rules that must be met.
a.	standard	c.	guideline
b.	policy	d.	recommendation


__C__	152.	____ determines the items that have a positive economic value and may include data, hardware, personnel, physical assets, and software.
a.	Risk assessment	c.	Asset identification
b.	Threat identification	d.	Vulnerability appraisal


__B__	153.	____ takes a snapshot of the security of the organization as it now stands.
a.	Risk mitigation	c.	Risk assessment
b.	Vulnerability appraisal	d.	Threat identification


__A__	154.	____ involves determining the damage that would result from an attack and the likelihood that the vulnerability is a risk to the organization.
a.	Risk assessment	c.	Vulnerability appraisal
b.	Risk mitigation	d.	Asset identification


__D__	155.	A(n) ____ policy establishes guidelines for effectively reducing the threat of computer viruses on the organization’s network and computers.
a.	acceptable encryption	c.	automated forwarded e-mail
b.	dial-in access	d.	anti-virus


__B__	156.	A(n) ____ policy outlines the requirements and provides the authority for an information security team to conduct audits and risk assessments, investigate incidents, to ensure conformance to security policies, or to monitor user activity.
a.	database credentials coding	c.	automatically forwarded e-mail
b.	audit vulnerability scanning	d.	analog line


__D__	157.	A(n) ____ policy defines requirements for storing and retrieving database usernames and passwords.
a.	analog line	c.	e-mail retention
b.	dial-in access	d.	database credentials coding


__A__	158.	A(n) ____ policy helps employees determine what information sent or received by e-mail should be retained and for how long.
a.	e-mail retention	c.	router security
b.	extranet	d.	information sensitivity


__C__	159.	A(n) ____ policy establishes requirements for Remote Access IPSec or L2TP Virtual Private Network (VPN) connections to the organization’s network.
a.	extranet	c.	VPN security
b.	server security	d.	demilitarized zone security


__D__	160.	Many organizations have a ____ policy that outlines how the organization uses personal information it collects.
a.	security-related human resource	c.	disposal and destruction
b.	password management and complexity	d.	personally identifiable information


__C__	161.	Most organizations have a ____ policy that addresses the disposal of resources that are considered confidential.
a.	security-related human resource	c.	disposal and destruction
b.	password management and complexity	d.	personally identifiable information


__A__	162.	A ____ policy is designed to produce a standardized framework for classifying information assets.
a.	classification of information	c.	service level agreement
b.	change management	d.	disposal and destruction


__B__	163.	____ refers to a methodology for making changes and keeping track of those changes, often manually.
a.	Classification of information	c.	Destruction and disposal
b.	Change management	d.	Service level agreement


__C__	164.	____ are a person’s fundamental beliefs and principles used to define what is good, right, and just.
a.	Norms	c.	Values
b.	Morals	d.	Ethics


__B__	165.	____ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong.
a.	Ethics	c.	Codes
b.	Morals	d.	Norms


__A__	166.	____ can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments.
a.	Ethics	c.	Values
b.	Codes	d.	Morals


__D__	167.	____ relies on tricking and deceiving someone to provide secure information.
a.	Worm	c.	Trojan horse
b.	Virus	d.	Social engineering


__B__	168.	One of the most common forms of social engineering is ____, or sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.
a.	dumpster diving	c.	computer hoax
b.	phishing	d.	pharming