Sarah and her security team have carried out many vulnerability tests over the years to locate the weaknesses and vulnerabilities within the systems on the network. The CISO has asked her to oversee the development of a threat model for the network. Which of the following best describes what this model is and what it would be used for? A threat model can help to assess the probability, the potential harm, and the priority of attacks, and thus help to minimize or eradicate the threats. A threat model combines the output of the various vulnerability tests and the penetration tests carried out to understand the security posture of the network as a whole. A threat model is a risk-based model that is used to calculate the probabilities of the various risks identified during the vulnerability tests. A threat model is used in software development practices to uncover programming errors.

Emily is listening to network traffic and capturing passwords as they are sent to the authentication server. She plans to use the passwords as part of a future attack. What type of attack is this? Brute-force attack Dictionary attack Social engineering attack Replay attack

Which of the following correctly describes a federated identity and its role within identity management processes? A nonportable identity that can be used across business boundaries A portable identity that can be used across business boundaries An identity that can be used within intranet virtual directories and identity stores An identity specified by domain names that can be used across business boundaries

Security countermeasures should be transparent to users and attackers. Which of the following does not describe transparency? User activities are monitored and tracked without negatively affecting system performance. User activities are monitored and tracked without the user knowing about the mechanism that is carrying this out. Users are allowed access in a manner that does not negatively affect business processes. Unauthorized access attempts are denied and logged without the intruder knowing about the mechanism that is carrying this out.

What markup language allows for the sharing of application security policies to ensure that all applications are following the same security rules? XML SPML XACML GML

A rule-based IDS takes a different approach than a signature-based or anomalybased system. Which of the following is characteristic of a rule-based IDS? Uses IF/THEN programming within expert systems Identifies protocols used outside of their common bounds Compares patterns to several activities at once Can detect new attacks

Of the following, what is the primary item that a capability listing is based upon? A subject An object A product An application

There are different ways that specific technologies can create one-time passwords for authentication purposes. What type of technology is illustrated in the graphic that follows? [*] Counter synchronous token Asynchronous token Mandatory token Synchronous token

Tom works at a large retail company that recently deployed radio-frequency identification (RFID) to better manage its inventory processes. Employees use scanners to gather product-related information instead of manually looking up product data. Tom has found out that malicious customers have carried out attacks on the RFID technology to reduce the amount they pay on store items. Which of the following is the most likely reason for the existence of this type of vulnerability? The company’s security team does not understand how to secure this type of technology. The cost of integrating security within RFID is cost prohibitive. The technology has low processing capabilities and encryption is very processor-intensive. RFID is a new and emerging technology, and the industry does not currently have ways to secure it.

A number of attacks can be performed against smart cards. Side-channel is a class of attacks that doesn’t try to compromise a flaw or weakness. Which of the following is not a side-channel attack? Differential power analysis Microprobing analysis Timing analysis Electromagnetic analysis

Which of the following does not describe privacy-aware role-based access control? It is an example of a discretionary access control model. Detailed access controls indicate the type of data that users can access based on the data’s level of privacy sensitivity. It is an extension of role-based access control. It should be used to integrate privacy policies and access control policies.

What was the direct predecessor to Standard Generalized Markup Language(SGML)? Hypertext Markup Language (HTML) Extensible Markup Language (XML) LaTeX Generalized Markup Language (GML)

Phishing and pharming are similar. Which of the following correctly describes the difference between phishing and pharming? Personal information is collected from victims through legitimate-looking Web sites in phishing attacks, while personal information is collected from victims via e-mail in pharming attacks. Phishing attacks point e-mail recipients to a form where victims input personal information, while pharming attacks use pop-up forms at legitimate Web sites to collect personal information from victims. Victims are pointed to a fake Web site with a domain name that looks similar to a legitimate site’s in a phishing attack, while victims are directed to a fake Web site as a result of a legitimate domain name being incorrectly translated by the DNS server Phishing is a technical attack, while pharming is a type of social engineering.

There are several types of intrusion detection systems (IDSs). What type of IDS builds a profile of an environment’s normal activities and assigns an anomaly score to packets based on the profile? State-based Statistical anomaly-based Misuse detection system Protocol signature-based

What type of markup language allows company interfaces to pass service requests and the receiving company provision access to these services? XML SPML SGML HTML

There are several different types of centralized access control protocols. Which of the following is illustrated in the graphic that follows? [*] Diameter Watchdog RADIUS TACACS+

There are several different types of single sign-on protocols and technologies in use today. What type of technology is illustrated in the graphic that follows? [*] Kerberos Discretionary access control SESAME Mandatory access control

Tanya is the security administrator for a large distributed retail company. The company’s network has many different network devices and software appliances that generate logs and audit data. Tanya and her staff have become overwhelmed with trying to review all of the log files when attempting to identify if anything suspicious is taking place within the network. Which of the following is the best solution for this company to implement? Security information and event management Event correlation tools Intrusion detection systems Security event correlation management tools

Sarah and her security team have carried out many vulnerability tests over the years to locate the weaknesses and vulnerabilities within the systems on the network. The CISO has asked her to oversee the development of a threat model for the network. Which of the following best describes what this model is and what it would be used for? A threat model can help to assess the probability, the potential harm, and the priority of attacks, and thus help to minimize or eradicate the threats. A threat model combines the output of the various vulnerability tests and the penetration tests carried out to understand the security posture of the network as a whole. A threat model is a risk-based model that is used to calculate the probabilities of the various risks identified during the vulnerability tests. A threat model is used in software development practices to uncover programming errors.

Which of the following does not correctly describe a directory service? It manages objects within a directory by using namespaces. It enforces security policy by carrying out access control and identity management functions. It assigns namespaces to each object in databases that are based on the X.509 standard and are accessed by LDAP. It allows an administrator to configure and manage how identification takes place within the network.

Hannah has been assigned the task of installing Web access management(WAM) software. What is the best description for what WAM is commonly used for? Control external entities requesting access through X.500 databases Control external entities requesting access to internal objects Control internal entities requesting access through X.500 databases Control internal entities requesting access to external objects