1. Sanitize all volatile information storage components
2. Remove all nonvolatile storage media
3. Physically disconnect the storage media from the system
4. Properly secure the storage media with physical or logical access controls
a. 1 only
b. 2 only
c. 2, 3, and 4
d. 1, 2, 3, and 4
12. d. All four items are adequate controls to reduce the risk resulting from maintenance vendor personnel’s access to classified information. For handling classified information, maintenance personnel should possess security clearance levels equal to the highest level of security required for an information system.
13. A security configuration checklist is referred to as which of the following?
1. Lockdown guide
2. Hardening guide
3. Security guide
4. Benchmark guide
a. 1 and 2
b. 1 and 3
c. 2 and 3
d. 1, 2, 3, and 4
13. d. A security configuration checklist is referred to as several names, such as a lockdown guide, hardening guide, security technical implementation guide, or benchmark guide. These guides provide a series of instructions or procedures for configuring an information system’s components to meet operational needs and regulatory requirements.
14. Regarding the verification of correct operation of security functions, which of the following is the correct order of alternative actions when anomalies are discovered?
1. Report the results.
2. Notify the system administrator.
3. Shut down the system.
4. Restart the system.
a. 1, 2, 3, and 4
b. 3, 4, 2, and 1
c. 2, 1, 3, and 4
d. 2, 3, 4, and 1
14. d. The correct order of alternative actions is notify the system administrator, shut down the system, restart the system, and report the results of security function verification.
15. The audit log does not include which of the following?
a. Timestamp
b. User’s identity
c. Object’s identity
d. The results of action taken
15. d. The audit log includes a timestamp, user’s identity, object’s identity, and type of action taken, but not the results from the action taken. The person reviewing the audit log needs to verify that the results of the action taken were appropriate.
16. Which of the following fault tolerance metrics are most applicable to the proper functioning of redundant array of disks (RAID) systems?
1. Mean time between failures (MTBF)
2. Mean time to data loss (MTTDL)
3. Mean time to recovery (MTTR)
4. Mean time between outages (MTBO)
a. 1 and 2
b. 1 and 3
c. 2 and 3
d. 3 and 4
16. c. Rapid replacement of RAID’s failed drives or disks and rebuilding them quickly is important, which is facilitated specifically and mostly through applying MTTDL and MTTR metrics. The MTTDL metric measures the average time before a loss of data occurred in a given disk array. The MTTR metric measures the amount of time it takes to resume normal operation, and includes the time to replace a failed disk and the time to rebuild the disk array. Thus, MTTDL and MTTR metrics prevent data loss and ensure data recovery.
MTBF and MTBO metrics are incorrect because they are broad measures of providing system reliability and availability respectively, and are not specifically applicable to RAID systems. The MTBF metric measures the average time interval between system failures and the MTBO metric measures the mean time between equipment failures.
17. All the following have redundancy built in except:
a. Fast Ethernet
b. Fiber distributed data interface
c. Normal Ethernet
d. Synchronous optical network
17. c. Normal Ethernet does not have a built-in redundancy. Fast Ethernet has built-in redundancy with redundant cabling for file servers and network switches. Fiber distributed data interface (FDDI) offers an optional bypass switch at each node for addressing failures. Synchronous optical network (SONET) is inherently redundant and fault tolerant by design.
18. Which of the following go hand-in-hand?
a. Zero-day warez and content delivery networks
b. Zero-day warez and ad-hoc networks
c. Zero-day warez and wireless sensor networks
d. Zero-day warez and converged networks
18. a. Zero-day warez (negative day or zero-day) refers to software, games, music, or movies (media) unlawfully released or obtained on the day of public release. An internal employee of a content delivery company or an external hacker obtains illegal copies on the day of the official release. Content delivery networks distribute such media from the content owner. The other three networks do not distribute such media.
Bluetooth mobile devices use ad-hoc networks, wireless sensor networks monitor security of a building perimeter and environmental status in a building (temperature and humidity), and converged networks combine two different networks such as voice and data.
19. Which of the following provides total independence?
a. Single-person control
b. Dual-person control
c. Two physical keys
d. Two hardware tokens
19. a. Single-person control means total independence because there is only one person performing a task or activity. In the other three choices, two individuals or two devices (for example, keys and tokens) work together, which is difficult to bypass unless collusion is involved.
20. The use of a no-trespassing warning banner at a computer system’s initial logon screen is an example of which of the following?
a. Correction tactic
b. Detection tactic
c. Compensating tactic
d. Deterrence tactic
20. d. The use of no-trespassing warning banners on initial logon screens is a deterrent tactic to scare system intruders and to provide legal evidence. The other three choices come after the deterrence tactic.
21. Countermeasures applied when inappropriate and/or unauthorized modifications have occurred to security functions include:
1. Reversing the change
2. Halting the system
3. Triggering an audit alert
4. Reviewing the records of change
a. 1 only
b. 2 only
c. 3 only
d. 1, 2, 3, and 4
21. d. Safeguards and countermeasures (controls) applied when inappropriate and/or unauthorized modifications have occurred to security functions and mechanisms include reversing the change, halting the system, triggering an audit alert, and reviewing the records of change. These countermeasures would reduce the risk to an information system.