Question 101: Many privacy laws dictate which of the following rules?
A. Individuals have a right to remove any data they do not want others to know.
B. Agencies do not need to ensure that the data is accurate.
C. Agencies need to allow all government agencies access to the data.
D. Agencies cannot use collected data for a purpose different from what they were collected for.
Correct Answer: D. Agencies cannot use collected data for a purpose different from what they were collected for.
Explanation: The Federal Privacy Act of 1974 and the European Union Principles on Privacy were created to protect citizens from government agencies that collect personal data. These acts have many stipulations, including that the information can only be used for the reason for which it was collected.
Question 102: Which of the following is not addressed by the data retention policy?
A. What data to keep
B. For whom data is kept
C. How long data is kept
D. Where data is kept
Correct Answer: B. For whom data is kept
Explanation: The data retention policy should address what data to keep, where to keep it, how to store it, and for how long to keep it. The policy is not concerned with “for whom” the data is kept.
Question 103: Which of the following best describes the mitigation of data remanence by an overwriting process?
A.Replacing the 1’s and 0’s that represent data on storage media with random or fixed patterns of 1’s and 0’s
B. Converting the 1’s and 0’s that represent data with the output of a cryptographic function
C. Removing or reducing the magnetic field patterns on conventional disk drives or tapes
D. Exposing storage media to caustic or corrosive chemicals that render it unusable
Correct Answer: A.Replacing the 1’s and 0’s that represent data on storage media with random or fixed patterns of 1’s and 0’s
Explanation: Data remanence can be mitigated by overwriting every bit on the storage medium. This is normally accomplished by writing all 0’s, or all 1’s, or a fixed pattern of them, or a random sequence of them. Better results can be obtained by repeating the process with different patterns multiple times.
Question 104: What feature enables code to be executed without the usual security checks?
A. Temporal isolation
B. Maintenance hook
C. Race conditions
D. Process multiplexing
Correct Answer: B. Maintenance hook
Explanation: Maintenance hooks get around the system’s or application’s security and access control checks by allowing whoever knows the key sequence to access the application and most likely its code. Maintenance hooks should be removed from any code before it gets into production.
Question 105: What is an advantage of RSA over DSA?
A. It can provide digital signature and encryption functionality.
B. It uses fewer resources and encrypts faster because it uses symmetric keys.
C. It is a block cipher rather than a stream cipher.
D. It employs a one-time encryption pad.
Correct Answer: A. It can provide digital signature and encryption functionality.
Explanation: RSA can be used for data encryption, key exchange, and digital signatures. DSA can only be used for digital signatures.
Question 106: Which of the following proxies cannot make access decisions based upon protocol commands?
A. Application
B. Packet filtering
C. Circuit
D. Stateful
Correct Answer: C. Circuit
Explanation: Application and circuit are the only types of proxy-based firewall solutions listed here. The others do not use proxies. Circuit-based firewalls make decisions based on header information, not the protocol’s command structure. Application-based proxies are the only ones that understand this level of granularity about the individual protocols.
Question 107: Alice wants to send a message to Bob, who is several network hops away from her. What is the best approach to protecting the confidentiality of the message?
A. PPTP
B. S/MIME
C. Link encryption
D. SSH
Correct Answer: B. S/MIME
Explanation: Secure Multipurpose Internet Mail Extensions (S/MIME) is a standard for encrypting and digitally signing e-mail and for providing secure data transmissions using public key infrastructure (PKI).
Question 108: Which item is not part of a Kerberos authentication implementation?
A. Message authentication code
B. Ticket granting service
C. Authentication service
D. Users, programs, and services
Correct Answer: A. Message authentication code
Explanation: Message authentication code (MAC) is a cryptographic function and is not a key component of Kerberos. Kerberos is made up of a KDC, a realm of principals (users, services, applications, and devices), an authentication service, tickets, and a ticket granting service.
Question 109: Which of the following has the correct term-to-definition mapping?
i. Brute-force attacks: Performed with tools that cycle through many possible character, number, and symbol combinations to uncover a password.
ii. Dictionary attacks: Files of thousands of words are compared to the user’s password until a match is found.
iii. Social engineering: An attacker falsely convinces an individual that she has the necessary authorization to access specific resources.
iv. Rainbow table: An attacker uses a table that contains all possible passwords already in a hash format.
A. i, ii
B. i, ii, iv
C. i, ii, iii, iv
D. i, ii, iii
Correct Answer: C. i, ii, iii, iv
Explanation: The list has all the correct term-to-definition mappings.
Question 110: Synthetic transactions are best described as
A. Real user monitoring (RUM)
B. Transactions that fall outside the normal purpose of a system
C. Transactions that are synthesized from multiple users’ interactions with the system
D. A way to test the behavior and performance of critical services
Correct Answer: D. A way to test the behavior and performance of critical services
Explanation: Synthetic transactions are those that simulate the behavior of real users, but are not the result of real user interactions with the system. They allow an organization to ensure that services are behaving properly without having to rely on user complaints to detect problems.