1.

A computer is best described as being comprised of which components:

A. CPU + Hard Drive + RAM + Expansion Slots
B. CPU + Input/Output Devices + Secondary memory
C. CPU + Memory + Input/Output devices + Bus + Expansion slots
D. CPU + Memory + Input/Output devices + Bus
2. Which of the following is true about the CPU
A. It contains a control unit which processes information and coordinates as a
traffic cop for the CPU
B. It often implements a parity mechanism to detect unintentional errors
while transferring information
C. It connects to RAM using the memory mapper
D. Its registers and accumulators are always stored in RAM
3. Which option correctly specifies an order of cycles from longest cycle time to
shortest cycle time?
A. Machine, clock, instruction
B. Clock, interpretation, Machine
C. Execution, clock, machine
D. Machine, instruction, clock
4. Which of the following is not true about CISC and RISC processor architectures?
A. Long fetch times were the impetus for CISC architectures
B. CISC has multiple operation codes within a single instruction
C. RISC architectures often spend less time decoding instructions than CISC
architectures
D. Long fetch times were the impetus for RISC architectures
5. The ability for a CPU to fetch the next instruction while processing the existing
instruction is referred to as:
A. Pipelining
B. Just in time
C. Prefetching
D. Cycle sharing
6. The difference between scalar and superscalar CPUs is:
A. Superscalar CPUs can handle more instructions per second than a scalar
CPU
B. Superscalar CPUs can process more than one instruction at a time
C. Superscalar operate on vector operations while scalar operate on scalar
operations
D. Superscalar has added instructions to handle vector values whereas scalar
must use multiple instructions to handle vector values
7. Which is true about CPU states?
A. The CPU is in the wait state when the CPU does not have instructions to
process and is waiting for any application to need the CPU to process
instructions
B. The CPU is in the ready state after bootup of the computer
C. The CPU is often in the problem state after a parity error or memory
access error has occurred
 D. When the CPU is in a supervisory state, it can access all system
components
8. Which of the following refers to an ability to share a CPU between multiple
applications?
A. Multiprogramming
B. Multitasking
C. Multiprocessing
D. Multiprocess
9. Which of the following refers to a computer architecture with multiple CPUs
A. Multiprocessor
B. Multitasking
C. Multiprocessing
D. Multiprocess
10. Which of the following best describes an application that can accomplish multiple
tasks within one process?
A. Multithreaded
B. Multitasking
C. Multiprocessing
D. Multiprocess
11. If an application forks a child then the application would be?
A. Multithreaded
B. Multitasking
C. Multiprocessing
D. Multiprocess
12. A child that is forked from a parent will?
A. Inherent many attributes from the parent
B. Share memory space with the parent
C. Be a clone of the parent
D. Run slower than the parent because it lacks its relies on the parent for
processing
13. You have been asked to design a new DNS server that has high performance,
which of the following would be good choices?
A. Choose a multithreaded application so that multiple DNS queries can be
handled in parallel
B. Choose a multiprocessing application so that multiple DNS queries can be
handled in parallel
C. Choose a multiprocessor server so that the load can be handled among
multiple CPUs
D. Use a small amount of RAM on the server, as this will decrease the time
required to retrieve instructions from memory
14. Which type of memory can hold its contents after a power cycle?
A. DRAM
B. Static RAM
C. ROM
D. Cache memory
15. Which best describes a type of memory must be refreshed to renew the voltage in
capacitors?
A. NVRAM
B. DRAM
C. Static RAM
D. ROM
16. What is true about EEPROMs and Flash memory
A. EEPROM is volatile, Flash memory is not
B. Flash memory is volatile, EEPROM is not
C. EEPROMS must be erased one byte at a time whereas Flash memory must
be erased one block at a time
D. Flash memory is slower because it must be erased one byte at a time
17. A tape for a tape drive is considered to be which type of storage?
A. Primary
B. Tertiary
C. Sequential
D. Long term
18. Virtual storage is?
A. A remote storage mechanism, such as NFS which allows the applications
to assume that the storage is local
B. A swap file
C. The entire hard drive
D. Real storage and secondary storage
19. A program must use information that was supposed to be stored in RAM but was
stored on a hard drive instead. The name for this process is?
A. Paging
B. Relocating
C. Rearranging
D. Data dumping
20. Which type of memory addressing is being used when a program knows of a
particular memory location, but this location holds a reference to another memory
location?
A. Reflexive
B. Indexed
C. Indirect
D. Absolute
21. Firmware refers to?
A. Software under a strict license so that it cannot be freely modified
B. Software loaded into ROM
C. Software that is compiled
D. Software that is unchangeable
22. Which type of I/O requires the CPU to generate a special signal on the bus to alert
that the instruction is for a I/O device rather than the memory?
A. Isolated
B. Memory-mapped
C. Direct Notification
 D. Marked
23. Which of the following memory management operations does an operating
system often not perform?
A. Purge contents of memory
B. Manage swapping between primary and secondary storage
C. Track memory locations that are available for use
D. De-allocate memory
24. Which of the following are true about a compiled program that was compiled for
a Sparc workstation and was attempted to be run natively on an Intel platform?
A. If the software was written in C, which has been ported to multiple
architectures, then it would run natively
B. The machine codes are different for each architecture, so the program
would not run
C. Sparc workstations have more memory and there would be memory size
issues
D. Sparc workstatsions are faster than Intel platforms and the increase in
speed would cause the program to be misinterpreted
25. What is the purpose of a disassembler?
A. Disassemble assembly code into machine code
B. Translate machine code into byte code
C. Translate assembly code into source code
D. Translate machine code into assembly code
26. What is the purpose of a cross assembler?
A. Ease assembly by creating a platform neutral assembly code
B. Create bytecode
C. Convert assembly to machine code, but conduct this process on a
computer with a different type of assembly
D. Convert machine code to assembly, but conduct this process on a
computer with a different type of machine code
27. Which of the following will compile one line of source code at a time each time a
program is run?
A. Cross compiler
B. Interpreter
C. Disassembler
D. Assembler
28. Which of the following is an example of a 3GL language?
A. Fortran
B. SQL
C. Assembly
D. LISP
29. TCB is?
A. The product being evaluated for accreditation
B. The list of security mechanisms enforcing security within a computer
system
C. A term created by the common criteria
D. A laundry list of requirements
30. Which of the following is an abstract concept that mediates all access between
subjects and objects?
A. Access controller
B. Security kernel
C. Access control matrix
D. Reference Monitor
31. Which of the following is correct?
A. Elements in protection ring 3 can access all objects in ring 3,2,1, and 0
B. Elements in protection ring 2 can access all objects in ring 2 and 3
C. IO drivers are usually in protection ring 3
D. The kernel is in protection ring 3
32. The orange book is a common name for?
A. TCSEC
B. ITSEC
C. Common Criteria
D. The rainbow series
33. The orange book defines?
A. Four levels of trust to be placed in a computer system
B. Four levels of security that a computer system can have
C. Standards for specific technologies to use to achieve a given rating
D. Baselines for vendor products that should be adhered to in order to achieve
a given rating
34. Of the following, which is the lowest Orange book rating?
A. A1
B. B3
C. C2
D. C1
35. Who is the intended audience for a trusted facility manual?
A. System administrators
B. Data owners
C. Senior management
D. Facility maintenance crew
36. Which is the lowest level rating where a computer system must implement labels?
A. D
B. C2
C. B1
D. B3
37. The difference between the highest B rating and the highest A rating is?
A. Computer systems must have multiple labels
B. Computer systems must implement database views
C. Computer systems must create more granular and encompassing audit
trails
D. Computer systems must be built and tested with greater amounts of
verification, which includes testing against formal models
38. The red book is the common name for?
A. TCSEC
 B. TDI
C. TNI
D. Common Criteria
39. The red book unlike the orange book does discuss?
A. Integrity
B. Confidentiality
C. Accountability
D. Documentation
40. A major difference between TCSEC and ITSEC is?
A. One relates to trust the other to security
B. ITSEC has two grades for any evaluated system, while TCSEC has one
C. ITSEC was developed by a different group within the united states
D. TCSEC is better than ITSEC
41. Which is not true about the implementation of a reference monitor?
A. The implementation is referred to as the security kernel
B. The implementation should enforce the policy for every possible access
C. The implementation should not be isolated so that application can notify
the implementation of policy changes
D. The implementation should be as small as possible

42. If a rating of F5 + E5 = B3 what would A1 be equal to?

A. F4 + E4
B. F6 + E6
C. F6 + E5
D. F5 + E6
43. Which is true of certification and accreditation?
A. The same people conduct the process
B. The process is the same, just with different people
C. Certification is more technically oriented and thus is performed by more
technical people
D. Accreditation is performed prior to certification
44. Which is a standard for accreditation and certification?
A. DITSCAP
B. NICAP
C. TCSEC
D. CAPGEM
45. For the Bell-Lapadula model, what is the * property?
A. A subject at a lower level of clearance cannot access information at a
higher level of classification
B. A subject at a higher level of clearance cannot write information at a lower
level of classification
C. A subject at a lower level of integrity cannot write information at a higher
level of integrity
D. A subject at a higher level of integrity cannot read information at a lower
level of integrity
46. For which security mode do all users have clearance at or above all information
inside a system but may not have the authorization or need to know for all
information inside the system?
A. System High
B. Multilevel Security
C. Dedicated
D. Compartmented
47. What does positive flow for water and gas lines refer to?
A. Water and gas should have particles of positive polarization added to them
to minimize fire risks
B. Water and gas should flow outside unless desired to flow inside
C. Water and gas should flow inside unless desired to flow outside
D. Water and gas should have particles of negative polarization added to
minimize fire risks
48. Which of the following is the most important resource to protect?
A. Mainframes
B. Databases and tape backups
C. Power Circuits
D. People
49. Which is not an administrative control that can improve physical security?
A. Access Log for facility entry/exit
B. Fencing around perimeter
C. Emergency procedures
D. Pre-employment screening
50. What is the difference between EMI and RFI with regards to cabling?
A. RFI will interfere with availability while EMI will not
B. EMI is always at the frequency that the desired signal operates at while
RFI is not
C. Opposite of option B
D. EMI is produced internal to cabling, RFI is produced by sources outside of
cabling
51. Which is associated with a power loss?
A. Fault
B. Brownout
C. Sag
D. Surge
52. Which is the type of UPS system which always supplies power to equipment
regardless of the state of the primary power source?
A. Concurrent
B. Online
C. Steady State
D. Constant
53. At what temperature will paper products become damaged?
A. 50F
B. 175F
C. 400F
 D. 350F
54. Which is true about humidity?
A. The lower the humidity the more problems with static electricity
B. A hydrometer is used to measure humidity
C. The optimal humidity range for computer systems is between 10 and 20%
D. None of the above
55. Statistically, most fires are caused by?
A. Nature
B. Smoking
C. Arsonists
D. Electrical failures
56. Which fire detection method detects changes in light?
A. Smoke Actuated
B. Flame Actuated
C. Heat Actuated
D. All of the above
57. For which class of fire would soda acid be appropriate?
A. A
B. B
C. C
D. All of the above
58. For which of the following suppression methods it be most necessary to have a
delay mechanism?
A. Water
B. Halon
C. CO2
D. Soda Acid
59. Since Halon was found to have a negative effect on ozone, what is the most
common replacement?
A. NAF-S-III
B. FM-200
C. Water
D. Hydrogen
60. Which of the following water sprinklers should you use in a cold environment?
A. Deluge
B. Dry
C. Wet
D. None. Use another type of fire suppression.
61. For building emergency exit doors, what type of locks would be appropriate?
A. Fail Safe
B. Fail Soft
C. No locks
D. None of the above
62. When people must go through an area with two sets of doors (one behind and one
in front) so that a guard can check credentials, we refer to this as?
A. Trap door
 B. Containment unit
C. Man trap
D. Visitors Desk
63. When using lights for perimeter protection, the candle is recommended to be ____
by the NIST?
A. 10 ft high, 2 ft wide
B. 8 ft high, 2 ft wide
C. 10 ft high, 3 ft wide
D. 8 ft high, 3 ft wide
64. Which of the following types of wireless proximity readers does not have a
internal power supply?
A. Directed
B. Passive
C. Field-powered
D. Transponders
65. Which of the following is not a detection mechanism?
A. CCTV (Closed Circuit TV)
B. Photoelectric (beam of light)
C. Wave pattern (send wave and expect known reflection)
D. Accoustical-seismic (monitor sounds and vibrations)
66. Which is the term used to describe the process of evaluating an encryption
algorithm for weaknesses?
A. Cryptology
B. Crypto Forensics
C. Cryptanalysis
D. Hacking
67. The initial communication between a web browser and web server is encrypted
with which category of encryption?
A. Asymmetric cryptography
B. Symmetric cryptography
C. RSA
D. Stream Cipher
68. What can be said about FBI being cleartext and ELI being ciphertext?
A. Transposition did not happen
B. Substitution happened
C. Substitution and transposition must have happened
D. The cipher must have been a block cipher
69. The Ceasar cipher and the ROT13 cipher are similar in which respects?
A. Both rely on transposition
B. Both rely on substitution
C. Both rely on substitution and the substitution is always based on the
position/order of letters in an alphabet
D. Both relay on transposition and the transposition is always based on the
position/order of letters in the alphabet
70. Bob will verify alices digital signature by?
A. Using his private key to decrypt the signed hash value
 B. Using his public key to decrypt the signed hash value
C. Using her public key to decrypt the signed hash value
D. Using her private key to decrypt the signed hash value
71. Which of the following provides non-repudiation
A. Secret key encryption
B. Asymmetric encryption
C. MAC
D. Hash
72. XOR 1011 with 0011 and the result is?
A. 1111
B. 0100
C. 1011
D. 1000
73. Which of the following is known as unconditionally secure because no matter the
amount of ciphertext is uncovered, the scheme cannot be broken?
A. Strong Encryption
B. One-time PAD
C. XOR
D. Stream Ciphers
74. A large block size decreases the performance of a block cipher, why?
A. More rounds are required to achieve the same level of confusion and
diffusion
B. The avalanche effect doesnt happen with large block sizes so more
rounds are required
C. Since the block size is larger there will be more cleartext to encrypt
D. None of the above
75. The main difference between digital signatures and MACs is?
A. MACs dont use hashes
B. Digital signatures dont use hashes
C. MACs do not provide any encryption of data
D. Digital signatures use asymmetric encryption algorithms while MACs use
symmetric
76. The receiver verifies that a message with a MAC has not been tampered with by?
A. Decrypt the secret key that the sender sends with the message
B. Decrypt the MAC with a shared secret, unhash the hash value, and
compare to original message
C. Decrypt the MAC with a shared secret, hash the message sent and
compare this hash with the hash sent
D. Decrypt the MAC with the private key of the receivers private/public key
pair, unhash the hash value, and compare to the original message
77. Which of the following examples is an early form of a stream cipher?
A. UK-TYPEX
B. Japan-Purple
C. Germany-Enigma
D. Haeglin
78. A hacker has fabricated a few messages to send across an encrypted link and has
sniffed the wire to determine the corresponding ciphertext. The hacker will now
attempt to determine the cleartext version of some ciphertext he/she did not
create. This type of attack is called?
A. Wireline Snooping
B. Eavesdropping
C. Chosen Plaintext
D. Birthday attack
79. Which of the following is true?
A. With confusion the key will be scrambled, with diffusion, it will not
B. Diffusion relates to stream ciphers while confusion related to block
ciphers
C. Confusion corresponds to a single change in a key creating a significant
change in ciphertext
D. Diffusion relates to a single change in a key creating a significant change
in ciphertext.
80. An attack where the attacker finds two messages that generate the same hash
value in order to replace the one that is eventually signed with the one that he/she
would actually like to send is called?
A. Collision attack
B. Birthday Attack
C. Salami Attack
D. Avalanche Attack
81. What can be done to minimize the probability of a hash function creating the
same hash value for two different messages?
A. Change the size of the hash value
B. Increase the hash functions upper level
C. Decrease the hash functions lower level
D. All of the above
82. Which of the following is true about key management?
A. Keys may not be in plaintext form
B. Keys may be in plaintext form while inside a cryptographic module
C. Split knowledge procedures increase the risk of misuse
D. Usually full keys are stored at an escrow agency
83. For which of the following is the actual session key sent with an encrypted
message?
A. Key escrow at a single agency
B. Key escrow at multiple agencies
C. Key recovery
D. All of the above
84. Which best describes a special class of block ciphers where the ciphertext is
calculated from the plaintext by repeated application of the same function with
each iteration using a separate sub-key?
A. DES ciphers
B. Feistel ciphers
C. IDEA
 D. Lucifer
85. How many rounds does DES use?
A. 18
B. 6
C. 16
D. 8
86. What is the most common block size for block ciphers?
A. 64 bytes
B. 32 bits
C. 4 bytes
D. 64 bits
87. 6 bits are presented as input to DESs S-boxes, how many bits are in the output?
A. 6 bits
B. 16 bits
C. 4 bits
D. 1 bit
88. What is the physical number of bits in a DES key?
A. 56
B. 64
C. 128
D. 48
89. How many bits long are DES subkeys?
A. 40
B. 128
C. 64
D. 48
90. Which block cipher modes will produce the same ciphertext given the same
plaintext?
A. CBC
B. ECB
C. CFB
D. OFB
91. Which of the following block cipher modes simulates a stream cipher?
A. CBC
B. OFB
C. ECB
D. All of the above
92. 2DES was not considered significantly more secure than DES because?
A. Salami attack
B. Man in the middle attacks
C. Birthday attacks
D. Meet in the middle attacks
93. Which of the following is true about 3DES?
A. The algorithm has 16 rounds
B. Two or three keys can be used to implement the algorithm
C. It is now the AES
 D. 3DES algorithm used in 3DES was only slightly modified to compensate
for the larger key size
94. Bruce Schneier is well known for which of the following encryption algorithms?
A. IDEA
B. CAST
C. 3DES
D. Blowfish
95. Which of the following has a single key size?
A. CAST
B. RC5
C. IDEA
D. None of the above
96. The AES is which type of encryption algorithm?
A. Asymmetric block cipher
B. Asymmetric stream cipher
C. Symmetric block cipher
D. Asymmetric stream cipher
97. Which algorithm was adopted as AES?
A. 3DES
B. Twofish
C. Rijndael
D. RC6
98. Which of the following algorithms was used in the clipper chip?
A. DES
B. 3DES
C. Skipjack
D. Safer
99. Which of the following hash functions has the least probability of encountering a
collision?
A. MD2
B. SHA-1
C. MD5
D. HMAC
100. Which encryption algorithm does SHA-1 use?
A. DES
B. RSA
C. Blowfish
D. None of the above
101. Which is the most common standard for defining the structure of digital
certificates?
A. X.500
B. X.400
C. LDAP
D. X.509
102. When generating a new certificate to be signed by a certificate
authority?
 A. The CA creates the public/private key pair
B. The end user creates the public/private key pair
C. The end user usually creates the public/private key pair but in some
instances the CA creates the public/private key pair
D. The escrow service creates the public/private key pair
103. The CA will sign a CSR with?
A. Your public key
B. Their public key
C. Their private key
D. Your private key
104. Which of the following is Neal Koblitz responsible for?
A. Asymmetric Encryption
B. Elliptical Curve Encryption
C. Hacking into companies like Nokia and Sun Microsystems
D. Invention of the first rotor encryption machine
105. Which of the following technologies is not e-mail related?
A. S-SMTP
B. PEM
C. MOSS
D. PGP
106. Which of the following is a standard created by Visa and Mastercard?
A. S-HTTP
B. HTTPS
C. SET
D. SSH
107. Which of the following IPSEC modes protects the payload only?
A. Transport
B. Embedded
C. Tunnel
D. Selective
108. When sending TCP traffic from one location to another across an IPSEC
VPN, how many SPIs and SAs are needed?
A. 1 and 2
B. 1 and 1
C. 2 and 2
D. 2 and 1
109. Which of the following is used to automatically share keys between two
IPSEC peers?
A. Out of Band mechanisms
B. IKE
C. SSH
D. EXPECT
110. Which of the following activities would result in step by step procedures
for handling an earthquake?
A. BCP
B. BIA
 C. DRP
D. DRI
111. Once the business is operating as usual after a disaster, the are in ____
mode?
A. Recovery
B. Resumption
C. Restoration
D. Reliance
112. Which is the component that will describe how the business would be
affected after a particular disaster?
A. BCP
B. DRP
C. BIA
D. DRI
113. Reciprocal Agreements for disaster recovery are?
A. Excellent means to guarantee redundancy
B. Mostly used by companies without adequate budgets to use other
strategies
C. Are enforceable
D. All of the above
114. Warm sites for disaster recovery ?
A. Usually do not have WAN links provisioned
B. Usually have all of the hardware installed, but not turned on
C. Usually have special delivery contracts/agreements with vendors
D. None of the above
115. Software backups should?
A. Be tested for backup and restore functionality on a periodic basis
B. not be stored in a fire resistant safe
C. A single backup should be made for each backup required and the backup
should be stored offsite
116. Which is not true about DRP testing?
A. Management will often need to be convinced of its need
B. Should be conducted at least once a year
C. Will demonstrate the ability of the DRP plan to actually recover from a
significant loss
D. Should not cause any downtime, as meticulous documentation is required
prior to executing the tests
117. The IAB is largely concerned with ethical issues surrounding?
A. International exportation
B. The Internet
C. Intelligence leakage
D. Reciprocal Agreements
118. With regards to MOM, motivation refers to?
A. Where and when of a crime
B. Capabilities of a criminal to commit crime
C. Who and why of a crime
 D. None of the above
119. Which of the following is a group of phreakers that public a quarterly
mangazine?
A. 414 club
B. 2600 group
C. Phrack
D. Chaos club
120. Which group was responsible for Back Orifice?
A. The humble guys
B. Phrack
C. 414 club
D. Cult of the Dead Cow
121. The reason why many cyber crimes have not be caught or stopped is?
A. Difficulty in identifying hackers
B. Often there are no laws pertaining the cyber crimes, which makes
prosecution much more difficult
C. Investigations are often handled poorly and evidence is lost or not
admissible in court
D. All of the above
122. Which of the following is a true statement about liability?
A. As long as due care is made, the business is not risk of being sued
B. A company that allows its computer resources to be used to enter another
company is always held liable based on downstream liability
C. Management must adhere to the prudent man rule in order to minimize
their liability
D. None of the above
123. Civil (tort) law deals with?
A. Government agencies, and the regulations that pertain to them
B. Individual activities that violate government laws and breaking such laws
will usually result in a jail sentence.
C. Wrongs against individuals or companies that usually result in financial
restitution
D. None of the above
124. Which of the following protects from unauthorized distribution or
modification of original work?
A. Patent
B. Trademark
C. Trade Secret
D. Copyright
125. Which of the following is not a group formed to battle software piracy?
A. FAST
B. BSA
C. SPA
D. BBR
126. Which is not a correct step when conducting forensics activities?
A. Make duplicates of hard drives
 B. Reboot first to prevent an attacker from continuing activities
C. Tag all evidence
D. Maintain the chain of custody and chain of custody logs
127. What is the main difference between interviewing and interrogating?
A. Interrogation and interviewing are the same, just performed by different
people
B. Interviewing has a goal of discovering information and obtaining a
confession, while interrogation has a goal of collecting evidence for a trial
C. Interviewing cannot be conducted so poorly that the interviewer can be
held liable
D. None of the above
128. Which legislation requires that financial institutions implement risk
management?
A. HIPPA
B. CIPA
C. Gramm Leach Bliley
D. G8
129. Which international effort to fight computer crime was formed in part
because of the success of the ILOVEYOU virus?
A. Interpol
B. Europol
C. G8
D. None of the above
130. Which type of phreaking box simulates the sound of coins dropping?
A. Blue Box
B. Red Box
C. Black Box
131. The main difference between a data warehouse and a database is?
A. A data warehouse houses all data in an organization
B. A data warehouse centralizes data from multiple databases
C. Databases are slower than data warehouses
D. None of the above
132. What does normalizing data in a data warehouse mean?
A. Redundant data is removed
B. Numerical data is divided by a common factor
C. Data is restricted by a user interface
D. Data is converted into information
133. What is a neural network?
A. Hardware and/or software that emulate the reasoning of an expert
B. A large network serving hospital centers
C. Hardware or software that emulate the biological function of neurons
D. None of the above
134. In a object oriented system, polymorphism denotes:
A. When objects have the same method but the method returns different
results
B. When a class inherits attributes and operations from a parent or superclass
 C. When different objects have the same method and the method returns the
same results
D. None of the above
135. The most common software development cycle found in the government
is?
A. Spiral
B. Prototype
C. Waterfall
D. Incremental
136. What is searching for correlations in data within a data warehouse referred
to as?
A. Building a data dictionary
B. Data mining
C. Configuration management
D. Data indexing
137. Which of the following implements a centralized authorization service?
A. Corba
B. ActiveX
C. COM
D. DCE
138. Which is the term used to describe when a database has the multiple
copies of the same primary key each stored with respect to a classification level?
A. Database views
B. Polyinstantiation
C. Inheritance
D. Normalization
139. Malware that relies on other code in order to propagate and infect is
called?
A. Trojan
B. Virus
C. Worm
D. All of the above
140. A buffer overflow vulnerability is caused by?
A. Backdoors
B. Trapdoors
C. Trojans
D. Improper bounds checking
141. Which type of virus infects more than one location in a computer?
A. Diverse
B. Stealth
C. Multipartite
D. Duplicative
142. The OMG is responsible for which object oriented technology?
A. Corba
B. DOM
C. DCOM
 D. DCE
143. An instance of a class is referred to as?
A. A subclass
B. An object
C. An inheritance
D. A for loop
144. At which stage of the application development lifecycle should the
security department become involved?
A. Prior to implementation
B. Planning and Requirments
C. System testing
D. Unit testing
145. What security concern is related to applications created by a third party?
A. Maintenance hooks
B. They operate in privileged mode
C. Their source code is verifiable
D. They bypass the security kernel
146. Which is commonly used to retrofit security into a database system?
A. Trusted back-end
B. Audit trail
C. Trusted front-end
D. Controller
147. When a database error has been detected which requires a backout
process, a mechanism that allows the database to backout to a particular moment
in time is?
A. Restarter
B. Reboot
C. Journal
D. Checkpoint
148. A shareware file download and sharing utility is downloaded from a
website. It is later discovered that this application was sending all keystrokes to a
remote computer. This type of malware is referred to as?
A. Virus
B. Worm
C. Trojan Horse
D. Logic Bomb
149. Why are shared user IDs detrimental in the review of audit trails?
A. They show which files were altered
B. They dont hinder the review
C. They prevent the attacker from being narrowed down to a single user
D. They minimize the chance of determining the actual identify of a hacker