14. Effective means to incident prevention do not include which of the following?
a. Awareness
b. Logs and alerts
c. Compliance
d. Common sense
14. b. Effective means to incident prevention include awareness, compliance, and common sense. Logs and alerts are detective in nature.
15. Which of the following is used to distribute illegal content such as copies of copyrighted songs and movies?
a. Quarantine server
b. Remote access server
c. Warez server
d. E-mail server
15. c. A Warez server is a file server that is used to distribute illegal content such as copies of copyrighted songs and movies as well as pirated software.
16. Log monitoring cannot assist efforts in which of the following?
a. Incident handling
b. Policy violations
c. Auditing
d. Data sources
16. d. Various forensic tools and techniques can assist in log monitoring, such as analyzing log entries and correlating log entries across multiple systems. This can assist in incident handling, identifying policy violations, auditing, and other efforts. Data sources include desktops, laptops, servers, removable hard drives, and backup media. Data sources cannot assist in log monitoring.
17. Which of the following requires accountability of a data controller?
a. Organization for Economic Co-Operation and Development (OECD)
b. International organization for standards (ISO)
c. The Common Criteria (CC)
d. The Internet Engineering Task Force (IETF)
17. a. The Organization for Economic Co-Operation and Development (OECD) guidelines cover data collection limitations, quality of data, limitations on data use, information system security safeguards, and accountability of the data controller. The ISO, CC, and IETF do not require a data controller.
18. Regarding the United States import and export laws about using encryption in products exporting to trading partners in the world, which of the following is required to monitor internal communications or computer systems and to prepare for disaster recovery?
a. Key renewal
b. Key escrow
c. Key retrieval
d. Key transport
18. b. A key escrow system entrusts the two components (encryption and decryption) comprising a cryptographic key to two key component holders such as escrow agents. A key component is the two values from which a key can be derived. Key escrow is a recovery control to protect privacy and commerce in a way that preserves the U.S. law enforcement’s ability to monitor internal communications using computer systems in order to protect public safety and national security and to prepare for disaster recovery. Data cannot be recovered if either the encryption key or the decryption key is lost, damaged, or destroyed.
The other three choices are incorrect because they cannot help in key recovery. Key renewal is the process used to extend the validity period of a cryptographic key so that it can be used for an additional time period. Key retrieval helps to obtain a cryptographic key from active or archived electronic storage or from a backup facility. Key transport is the secure movement of cryptographic keys from one cryptographic module to another module.
19. Which of the following minimizes the potential for incident encroachment?
1. Firewalls
2. Laws
3. Separation of duties
4. Regulations
a. 1 and 2
b. 2 and 4
c. 1 and 3
d. 3 and 4
19. c. Firewalls and separation of duties minimize the potential for incident encroachment. A firewall is a technical safeguard that provides separation between activities, systems, or system components so that a security failure or weakness in one is contained and has no impact on other activities or systems (e.g., enforcing separation of the Internet from a local-area network).
The objective of separation of duties is to ensure that no single individual (acting alone) can compromise an application. In both cases, procedural and technical safeguards are used to enforce a basic security policy in that high risk activities should be segregated from low-risk activities and that one person should not be able to compromise a system. These two controls when combined provide a strong barrier for incidents to occur, which minimize the potential for incident encroachment.
Laws and regulations guide the security objectives and form the foundation for developing basic security policies and controls.
20. Which of the following Organization for Economic Co-Operation and Development’s (OECD’s) principles deal with so that the rights and legitimate interests of others are respected?
a. Accountability
b. Ethics
c. Awareness
d. Multidisciplinary
20. b. The ethics principle of OECD states that the information systems and the security of information systems should be provided and used in such a manner that the rights and legitimate interests of others are respected.
21. Which of the following establishes security layers to minimize incident impact?
1. Zoning
2. Need-to-know
3. Compartmentalization
4. Unique identifiers
a. 1 and 2
b. 2 and 4
c. 1 and 3
d. 3 and 4
21. c. Zoning and compartmentalization establish security layers to minimize incident impact. The need-to-know principle limits access to data and programs. The unique identifiers provide for individual accountability and facilitate access control.
22. Which of the following generally accepted systems’ security principles address the major purpose of computer security?
a. Computer security is an integral element of sound management.
b. Computer security requires a comprehensive and integrated approach.
c. Computer security supports the mission of the organization.
d. Computer security should be cost-effective.
22. c. The purpose of the computer security is to protect an organization’s valuable resources, such as data, information, hardware, people, and software. When valuable resources are protected, the organization’s mission is also accomplished.
23. Which of the following are the primary sources of computer security log data for most organizations?
1. Network-based security software logs
2. Host-based security software logs
3. Operating system logs
4. Application system logs
a. 1 and 2
b. 2 and 3