CISSP Practice Exams, Fourth Edition -

eBook PDF
Visit to download the full and correct content document:
https://ebooksecure.com/download/cissp-practice-exams-fourth-edition-ebook-pdf/
 ABOUT THE AUTHORS
Shon Harris, CISSP, was the founder and CEO of Shon Harris Security LLC and
Logical Security LLC, a security consultant, a former engineer in the Air Force’s
Information Warfare unit, an instructor, and an author. Shon owned and ran her own
training and consulting companies for 13 years prior to her death in 2014. She
consulted with Fortune 100 corporations and government agencies on extensive
security issues. She authored three best-selling CISSP books, was a contributing
author to Gray Hat Hacking: The Ethical Hacker’s Handbook and Security
Information and Event Management (SIEM) Implementation, and a technical editor
for Information Security Magazine.

Jonathan Ham, CISSP, GSEC, GCIA, GCIH, GMON, is an independent

consultant who specializes in large-scale enterprise security issues, from policy and
procedure, through team selection and training, to implementing scalable
prevention, detection, and response technologies and techniques. With a keen
understanding of ROI and TCO (and an emphasis on real-world practice over
products), he has helped his clients achieve greater success for over 20 years,
advising in both the public and private sectors, from small startups to the Fortune
50, and the U.S. Department of Defense across multiple engaged forces.
Mr. Ham has been commissioned to teach investigative techniques to the NSA,
has trained NCIS investigators how to use intrusion detection technologies, has
performed packet analysis from a facility more than 2,000 feet underground, and
has chartered and trained the CIRT for one of the largest U.S. civilian federal
agencies.
In addition to his professional certifications, Mr. Ham is a Certified Instructor
and Author with the SANS Institute, and is a member of the GIAC Advisory Board.
He has also consistently been the highest rated trainer at Black Hat events, teaching
his course on Network Forensics. His groundbreaking textbook on the topic
established him as a pioneer in the field.
A former combat medic with the U.S. Navy/Marine Corps, Mr. Ham has spent
over a decade practicing a different kind of emergency response, volunteering and
teaching for both the National Ski Patrol and the American Red Cross, as both a
Senior Patroller and Instructor and a Professional Rescuer.
 A Note from Jonathan
Shon and I never met in person, though my career has been inextricably linked
to hers for more than a decade. The first time I was ever asked to teach a class
for the SANS Institute was because Shon was scheduled and couldn’t make it. I
went on to teach SANS’ extremely popular CISSP prep course (Mgt414)
dozens of times, and my students routinely brought her books to my
classroom.
As a result, I’ve gone on to teach thousands of students at both the graduate
and post-graduate level, across six continents and in dozens of countries, and
involving content ranging from hacking techniques to forensic investigations.
Thanks to Shon, I am truly living the dream and giving it back in every way
that I can.
I am also extremely honored to have been asked by McGraw-Hill Education
to continue her work. We had so very many friends in common that nearly
everyone I know professionally encouraged me to do it. She will be
remembered with the respect of thousands of CISSPs.
And mine.

About the Technical Editor

Daniel Carter, CISSP, CCSP, CISM, CISA, has 20 years of experience in the IT
and security worlds, working in both the higher education and healthcare sectors, on
the state and federal levels. He is currently a Systems Security Officer in U.S.
Federal Healthcare for HP Enterprise. He has worked extensively on both security
and architecture for public web systems for the Centers for Medicare & Medicaid
Services (CMS), including official websites for Medicare and the Affordable Care
Act. Prior to work at HPE and CMS, Daniel worked in Enterprise Information
Systems for the University of Maryland on systems ranging from official university
websites, identity and authentication systems, e-mail and calendaring, and the
university’s PKI infrastructure.
Copyright © 2016 by McGraw-Hill Education. All rights reserved. Except as
permitted under the United States Copyright Act of 1976, no part of this publication
may be reproduced or distributed in any form or by any means, or stored in a data
base or retrieval system, without the prior written permission of the publisher.

ISBN: 978-1-25-958508-1
MHID: 1-25-958508-5

The material in this eBook also appears in the print version of this title: ISBN: 978-
1-25-958596-8, MHID: 1-25-958596-4.

eBook conversion by codeMantra

Version 1.0

All trademarks are trademarks of their respective owners. Rather than put a
trademark symbol after every occurrence of a trademarked name, we use names in
an editorial fashion only, and to the benefit of the trademark owner, with no
intention of infringement of the trademark. Where such designations appear in this
book, they have been printed with initial caps.

McGraw-Hill Education eBooks are available at special quantity discounts to use as

premiums and sales promotions or for use in corporate training programs. To
contact a representative, please visit the Contact Us page at
www.mhprofessional.com.

Information has been obtained by McGraw-Hill Education from sources believed to

be reliable. However, because of the possibility of human or mechanical error by
our sources, McGraw-Hill Education, or others, McGraw-Hill Education does not
guarantee the accuracy, adequacy, or completeness of any information and is not
responsible for any errors or omissions or the results obtained from the use of such
information.

TERMS OF USE

This is a copyrighted work and McGraw-Hill Education and its licensors reserve all
rights in and to the work. Use of this work is subject to these terms. Except as
permitted under the Copyright Act of 1976 and the right to store and retrieve one
copy of the work, you may not decompile, disassemble, reverse engineer,
reproduce, modify, create derivative works based upon, transmit, distribute,
disseminate, sell, publish or sublicense the work or any part of it without McGraw-
Hill Education’s prior consent. You may use the work for your own noncommercial
and personal use; any other use of the work is strictly prohibited. Your right to use
the work may be terminated if you fail to comply with these terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS

LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE
ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE
OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION
THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR
OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-
Hill Education and its licensors do not warrant or guarantee that the functions
contained in the work will meet your requirements or that its operation will be
uninterrupted or error free. Neither McGraw-Hill Education nor its licensors shall
be liable to you or anyone else for any inaccuracy, error or omission, regardless of
cause, in the work or for any damages resulting therefrom. McGraw-Hill Education
has no responsibility for the content of any information accessed through the work.
Under no circumstances shall McGraw-Hill Education and/or its licensors be liable
for any indirect, incidental, special, punitive, consequential or similar damages that
result from the use of or inability to use the work, even if any of them has been
advised of the possibility of such damages. This limitation of liability shall apply to
any claim or cause whatsoever whether such claim or cause arises in contract, tort
or otherwise.
It has been at the expense of my tribe that I have managed to continue Shon’s work. I
honor them by name here, as elsewhere:
436861726C6965204D617269652048616D0D0A
56696F6C65742044616E67657220576573740D0A
5468756E646572204772657920576573740D0A
50616F6C6120436563696C696120476172636961204A756172657A0D0A
They are beautiful and brilliant each, and loved more than they may ever know.
—Jonathan Ham, April 13, 2016
 CONTENTS

Preface
Introduction
Chapter 1 Security and Risk Management
Chapter 2 Asset Security
Chapter 3 Security Engineering
Chapter 4 Communication and Network Security
Chapter 5 Identity and Access Management
Chapter 6 Security Assessment and Testing
Chapter 7 Security Operations
Chapter 8 Software Development Security
Appendix About the Download
Index
 PREFACE

Computer, information, and physical security are becoming more important at an

exponential rate. Over the last few years, the necessity for computer and
information security has grown rapidly as cyber attacks have increased, financial
information is being stolen at a rapid pace, cyber warfare is affecting countries
around the world, and today’s malware is growing exponentially in its
sophistication and dominating our threat landscape. The world’s continuous
dependency upon technology and the rapid increase in the complexities of these
technologies make securing them a challenging and important task. Companies have
had to spend millions of dollars to clean up the effects of these issues and millions
of dollars more to secure their perimeter and internal networks with equipment,
software, consultants, and education. Our networked environments no longer have
true boundaries; the integration of mobile devices has introduced more attack
surfaces; and the attackers are commonly well funded, organized, and focused on
their intended victims. The necessity and urgency for security have led to a new
paradigm emerging. It is slowly becoming apparent that governments, nations, and
societies are vulnerable to many different types of attacks that can happen over the
network wire and airwaves. Societies depend heavily on all types of computing
power and functionality, mostly provided by the public and private sectors. This
means that although governments are responsible for protecting their citizens, it is
becoming apparent that the citizens and their businesses must become more secure
to protect the nation as a whole.
This type of protection can really only begin through proper education and
understanding, and must continue with the dedicated execution of this knowledge.
This book is written to provide a foundation in the many different areas that make
up effective security. We need to understand all of the threats and dangers we are
vulnerable to and the steps that must be taken to mitigate these vulnerabilities.
 INTRODUCTION

The objective of this book is to prepare you for the CISSP exam by familiarizing
you with the more difficult types of questions that may come up on the exam. The
questions in this book delve into the more complex topics of the CISSP Common
Body of Knowledge (CBK) that you may be faced with when you take the exam.
This book has been developed to be used in tandem with the CISSP All-in-One
Exam Guide, Seventh Edition. The best approach to prepare for the exam using all
of the material available to you is outlined here:

1. Review the questions and answer explanations in each chapter.

2. If further review is required, read the corresponding chapter(s) in the CISSP
All-in-One Exam Guide, Seventh Edition.
3. Review all of the additional questions that are available. See the “Additional
Questions Available” section at the end of this introduction.

Because the primary focus of this book is to help you pass the exam, the
questions included cover all eight CISSP exam domains. Each question features a
detailed explanation as to why one answer choice is the correct answer and why
each of the other choices is incorrect. Because of this, we believe this book will
serve as a valuable professional resource after your exam.

In This Book
This book has been organized so that each chapter consists of a battery of practice
exam questions representing a single CISSP exam domain, appropriate for
experienced information security professionals. Each practice exam question
features answer explanations that provide the emphasis on the “why” as well as the
“how-to” of working with and supporting the technology and concepts.

In Every Chapter
Included in each chapter are features that call your attention to the key steps of the
testing and review process and that provide helpful exam-taking hints. Take a look
at what you’ll find in every chapter:
 • Every chapter includes practice exam questions from one CISSP CBK
Security Domain. Drill down on the questions from each domain that you will
need to know how to answer in order to pass the exam.
• The Practice Exam Questions are similar to those found on the actual CISSP
exam and are meant to present you with some of the most common and
confusing problems that you may encounter when taking the actual exam.
These questions are designed to help you anticipate what the exam will
emphasize. Getting inside the exam with good practice questions will help
ensure you know what you need to know to pass the exam.
• Each chapter includes a Quick Answer Key, which provides the question
number and the corresponding letter for the correct answer choice. This
allows you to score your answers quickly before you begin your review.
• Each question includes an In-Depth Answer Explanation—explanations are
provided for both the correct and incorrect answer choices and can be found
at the end of each chapter. By reading the answer explanations, you’ll
reinforce what you’ve learned from answering the questions in that chapter,
while also becoming familiar with the structure of the exam questions.

Additional Questions Available

In addition to the questions in each chapter, there are more than 1,000 multiple-
choice practice exam questions available to you. Also available are simulated
hotspot and drag-and-drop type questions. For more information on these question
types and how to access them, please refer to the appendix.
 CHAPTER 1
Security and Risk Management
This domain includes questions from the following topics:
• Security terminology and principles
• Protection control types
• Security frameworks, models, standards, and best practices
• Computer laws and crimes
• Intellectual property
• Data breaches
• Risk management
• Threat modeling
• Business continuity and disaster recovery
• Personnel security
• Security governance

A security professional’s responsibilities extend well beyond reacting to the latest

news headlines of a new exploit or security breach. The day-to-day responsibilities
of security professionals are far less exciting on the surface but are vital to keeping
organizations protected against intrusions so that they don’t become the next
headline. The role of security within an organization is a complex one, as it touches
every employee and must be managed companywide. It is important that you have an
understanding of security beyond the technical details to include management and
business issues, both for the CISSP exam and for your role in the field.

Q QUESTIONS

1. Which of the following best describes the relationship between COBIT and
ITIL?
A. COBIT is a model for IT governance, whereas ITIL is a model for
corporate governance.
 B. COBIT provides a corporate governance roadmap, whereas ITIL is a
customizable framework for IT service management.
C. COBIT defines IT goals, whereas ITIL provides the process-level steps
on how to achieve them.
D. COBIT provides a framework for achieving business goals, whereas
ITIL defines a framework for achieving IT service-level goals.
2. Global organizations that transfer data across international boundaries must
abide by guidelines and transborder information flow rules developed by an
international organization that helps different governments come together
and tackle the economic, social, and governance challenges of a globalized
economy. What organization is this?
A. Committee of Sponsoring Organizations of the Treadway Commission
B. The Organisation for Economic Co-operation and Development
C. COBIT
D. International Organization for Standardization
3. Steve, a department manager, has been asked to join a committee that is
responsible for defining an acceptable level of risk for the organization,
reviewing risk assessment and audit reports, and approving significant
changes to security policies and programs. What committee is he joining?
A. Security policy committee
B. Audit committee
C. Risk management committee
D. Security steering committee
4. Which of the following is not included in a risk assessment?
A. Discontinuing activities that introduce risk
B. Identifying assets
C. Identifying threats
D. Analyzing risk in order of cost or criticality
5. The integrity of data is not related to which of the following?
A. Unauthorized manipulation or changes to data
B. The modification of data without authorization
 C. The intentional or accidental substitution of data
D. The extraction of data to share with unauthorized entities
6. As his company’s CISO, George needs to demonstrate to the board of
directors the necessity of a strong risk management program. Which of the
following should George use to calculate the company’s residual risk?
A. threats × vulnerability × asset value = residual risk
B. SLE × frequency = ALE, which is equal to residual risk
C. (threats × vulnerability × asset value) × controls gap = residual risk
D. (total risk – asset value) × countermeasures = residual risk
7. Capability Maturity Model Integration (CMMI) came from the software
engineering world and is used within organizations to help lay out a pathway
of how incremental improvement can take place. This model is used by
organizations in self-assessment and to develop structured steps that can be
followed so an organization can evolve from one level to the next and
constantly improve its processes. In the CMMI model graphic shown, what is
the proper sequence of the levels?
A. Initial, Defined, Managed, Quantitatively Managed, Optimizing
B. Initial, Defined, Quantitatively Managed, Optimizing, Managed
 C. Defined, Managed, Quantitatively Managed, Optimizing
D. Initial, Repeatable, Defined, Quantitatively Managed, Optimizing
8. Risk assessment has several different methodologies. Which of the
following official risk methodologies was not created for the purpose of
analyzing security risks?
A. FAP
B. OCTAVE
C. AS/NZS 4360
D. NIST SP 800-30
9. Which of the following is not a characteristic of a company with a security
governance program in place?
A. Board members are updated quarterly on the company’s state of security.
B. All security activity takes place within the security department.
C. Security products, services, and consultants are deployed in an informed
manner.
D. The organization has established metrics and goals for improving
security.
10. There are four ways of dealing with risk. In the graphic that follows, which
method is missing and what is the purpose of this method?
 A. Risk transference. Share the risk with other entities.
B. Risk reduction. Reduce the risk to an acceptable level.
C. Risk rejection. Accept the current risk.
D. Risk assignment. Assign risk to a specific owner.
11. The following graphic contains a commonly used risk management
scorecard. Identify the proper quadrant and its description.
 A. Top-right quadrant is high impact, low probability.
B. Top-left quadrant is high impact, medium probability.
C. Bottom-left quadrant is low impact, high probability.
D. Bottom-right quadrant is low impact, high probability.
12. What are the three types of policies that are missing from the following
graphic?
 A. Regulatory, Informative, Advisory
B. Regulatory, Mandatory, Advisory
C. Regulatory, Informative, Public
D. Regulatory, Informative, Internal Use
13. List in the proper order from the table shown the learning objectives that are
missing and their proper definitions.
A. Understanding, recognition and retention, skill
B. Skill, recognition and retention, skill
C. Recognition and retention, skill, understanding
D. Skill, recognition and retention, understanding
14. What type of risk analysis approach does the following graphic provide?
 A. Quantitative
B. Qualitative
C. Operationally Correct
D. Operationally Critical
15. ISO/IEC 27000 is part of a growing family of ISO/IEC information security
management systems (ISMS) standards. It comprises information security
standards published jointly by the International Organization for
Standardization (ISO) and the International Electrotechnical Commission
(IEC). Which of the following provides an incorrect mapping of the
individual standards that make up this family of standards?
A. ISO/IEC 27002: Code of practice for information security management
B. ISO/IEC 27003: Guideline for ISMS implementation
C. ISO/IEC 27004: Guideline for information security management
measurement and metrics framework
D. ISO/IEC 27005: Guideline for bodies providing audit and certification of
information security management systems

The following scenario applies to questions 16 and 17.

Sam is the security manager of a company that makes most of its revenue from its
intellectual property. Sam has implemented a process improvement program that
has been certified by an outside entity. His company received a Level 2 during an
appraisal process, and he is putting in steps to increase this to a Level 3. A year ago
when Sam carried out a risk analysis, he determined that the company was at too
much of a risk when it came to potentially losing trade secrets. The countermeasure
his team implemented reduced this risk, and Sam determined that the annualized loss
expectancy of the risk of a trade secret being stolen once in a hundred-year period is
now $400.

16. Which of the following is the criteria Sam’s company was most likely
certified under?
A. SABSA
B. Capability Maturity Model Integration
C. Information Technology Infrastructure Library
D. Prince2
17. What is the associated single loss expectancy value in this scenario?
 A. $65,000
B. $400,000
C. $40,000
D. $4,000
18. The NIST organization has defined best practices for creating continuity
plans. Which of the following phases deals with identifying and prioritizing
critical functions and systems?
A. Identify preventive controls.
B. Develop the continuity planning policy statement.
C. Create contingency strategies.
D. Conduct the business impact analysis.
19. As his company’s business continuity coordinator, Matthew is responsible
for helping recruit members to the business continuity planning (BCP)
committee. Which of the following does not correctly describe this effort?
A. Committee members should be involved with the planning stages, as well
as the testing and implementation stages.
B. The smaller the team, the better to keep meetings under control.
C. The business continuity coordinator should work with management to
appoint committee members.
D. The team should consist of people from different departments across the
company.
20. A business impact analysis is considered a functional analysis. Which of the
following is not carried out during a business impact analysis?
A. A parallel or full-interruption test
B. The application of a classification scheme based on criticality levels
C. The gathering of information via interviews
D. Documentation of business functions
21. Which of the following steps comes first in a business impact analysis?
A. Calculate the risk for each different business function.
B. Identify critical business functions.
C. Create data-gathering techniques.
 D. Identify vulnerabilities and threats to business functions.
22. It is not unusual for business continuity plans to become out of date. Which
of the following is not a reason why plans become outdated?
A. Changes in hardware, software, and applications
B. Infrastructure and environment changes
C. Personnel turnover
D. That the business continuity process is integrated into the change
management process
23. Preplanned business continuity procedures provide organizations a number
of benefits. Which of the following is not a capability enabled by business
continuity planning?
A. Resuming critical business functions
B. Letting business partners know your company is unprepared
C. Protecting lives and ensuring safety
D. Ensuring survivability of the business
24. Management support is critical to the success of a business continuity plan.
Which of the following is the most important to be provided to management
to obtain their support?
A. Business case
B. Business impact analysis
C. Risk analysis
D. Threat report
25. Which of the following is a critical first step in disaster recovery and
contingency planning?
A. Plan testing and drills.
B. Complete a business impact analysis.
C. Determine offsite backup facility alternatives.
D. Organize and create relevant documentation.
26. Which of the following is not a reason to develop and implement a disaster
recovery plan?
A. Provide steps for a post-disaster recovery.
 B. Extend backup operations to include more than just backing up data.
C. Outline business functions and systems.
D. Provide procedures for emergency responses.
27. With what phase of a business continuity plan does a company proceed when
it is ready to move back into its original site or a new site?
A. Reconstitution phase
B. Recovery phase
C. Project initiation phase
D. Damage assessment phase
28. What is the missing second step in the graphic that follows?
 A. Identify continuity coordinator
B. Business impact analysis
C. Identify BCP committee
D. Dependency identification
29. Different threats need to be evaluated and ranked based upon their severity of
business risk when developing a BCP. Which ranking approach is illustrated
in the graphic that follows?

Choose the following statement that best describes the effect on this
business unit/cost center should there be an unplanned interruption of
normal business operations.

8 hours of an interruption. This business unit/cost center is Vital.

24 hours of an interruption. This business unit/cost center is
Critical.
3 days of an interruption. This business unit/cost center is Essential.
5 days of an interruption. This business unit/cost center is
Important.
10 days of an interruption. This business unit/cost center is
Noncritical.
30 days of an interruption. This business unit/cost center is
Deferrable.

A. Mean time to repair

B. Mean time between failures
C. Maximum critical downtime
D. Maximum tolerable downtime
30. Sean has been hired as business continuity coordinator. He has been told by
his management that he needs to ensure that the company is in compliance
with the ISO/IEC standard that pertains to technology readiness for business
continuity. He has also been instructed to find a way to transfer the risk of
being unable to carry out critical business functions for a period of time
because of a disaster. Which of the following is most likely the standard that
 Sean has been asked to comply with?
A. ISO/IEC 27031
B. ISO/IEC 27005
C. ISO/IEC BS7799
D. ISO/IEC 2899
31. Which organization has been developed to deal with economic, social, and
governance issues and with how sensitive data is transported over borders?
A. European Union
B. Council of Europe
C. Safe Harbor
D. Organisation for Economic Co-operation and Development
32. Widgets, Inc., wishes to protect its logo from unauthorized use. Which of the
following will protect the logo and ensure that others cannot copy and use
it?
A. Patent
B. Copyright
C. Trademark
D. Trade secret
33. Which of the following means that a company did all it could have
reasonably done to prevent a security breach?
A. Downstream liability
B. Responsibility
C. Due diligence
D. Due care
34. Which of the following is a U.S. copyright law that criminalizes the
production and dissemination of technology, devices, or services that
circumvent access control measures put into place to protect copyright
material?
A. Copyright law
B. Digital Millennium Copyright Act
 C. Federal Privacy Act
D. SOPA
35. What role does the Internet Architecture Board play regarding technology
and ethics?
A. It creates criminal sentencing guidelines.
B. It issues ethics-related statements concerning the use of the Internet.
C. It edits Request for Comments.
D. It maintains the Ten Commandments of Computer Ethics.
36. As a CISSP candidate, you must sign a Code of Ethics. Which of the
following is from the (ISC)2 Code of Ethics for the CISSP?
A. Information should be shared freely and openly; thus, sharing
confidential information should be ethical.
B. Think about the social consequences of the program you are writing or
the system you are designing.
C. Act honorably, honestly, justly, responsibly, and legally.
D. Do not participate in Internet-wide experiments in a negligent manner.
37. Which of the following was the first international treaty seeking to address
computer crimes by coordinating national laws and improving investigative
techniques and international cooperation?
A. Council of Global Convention on Cybercrime
B. Council of Europe Convention on Cybercrime
C. Organisation for Economic Co-operation and Development
D. Organisation for Cybercrime Co-operation and Development
38. Lee is a new security manager who is in charge of ensuring that his company
complies with the European Union Principles on Privacy when his company
is interacting with their European partners. The set of principles that deals
with transmitting data considered private is encompassed within which of
the following laws or regulations?
A. Data Protection Directive
B. Organisation for Economic Co-operation and Development
C. Federal Private Bill
 D. Privacy Protection Law
39. Brandy could not figure out how Sam gained unauthorized access to her
system, since he has little computer experience. Which of the following is
most likely the attack Sam used?
A. Dictionary attack
B. Shoulder surfing attack
C. Covert channel attack
D. Timing attack
40. Jane has been charged with ensuring that the privacy of clients’ personal
health information is adequately protected before it is exchanged with a new
European partner. What data security requirements must she adhere to?
A. HIPAA
B. NIST SP 800-66
C. Safe Harbor
D. European Union Principles on Privacy
41. Sue has been tasked with implementing a number of security controls,
including antivirus and antispam software, to protect the company’s e-mail
system. What type of approach is her company taking to handle the risk
posed by the system?
A. Risk mitigation
B. Risk acceptance
C. Risk avoidance
D. Risk transference
42. A number of factors should be considered when assigning values to assets.
Which of the following is not used to determine the value of an asset?
A. The asset’s value in the external marketplace
B. The level of insurance required to cover the asset
C. The initial and outgoing costs of purchasing, licensing, and supporting
the asset
D. The asset’s value to the organization’s production operations
43. The Zachman Architecture Framework is often used to set up an enterprise
 security architecture. Which of the following does not correctly describe the
Zachman Framework?
A. A two-dimensional model that uses communication interrogatives
intersecting with different levels
B. A security-oriented model that gives instructions in a modular fashion
C. Used to build a robust enterprise architecture versus a technical security
architecture
D. Uses six perspectives to describe a holistic information infrastructure
44. John has been told to report to the board of directors with a vendor-neutral
enterprise architecture framework that will help the company reduce
fragmentation that results from the misalignment of IT and business
processes. Which of the following frameworks should he suggest?
A. DoDAF
B. CMMI
C. ISO/IEC 42010
D. TOGAF
45. The Information Technology Infrastructure Library (ITIL) consists of five
sets of instructional books. Which of the following is considered the core
set and focuses on the overall planning of the intended IT services?
A. Service Operation
B. Service Design
C. Service Transition
D. Service Strategy
46. Sarah and her security team have carried out many vulnerability tests over
the years to locate the weaknesses and vulnerabilities within the systems on
the network. The CISO has asked her to oversee the development of a threat
model for the network. Which of the following best describes what this
model is and what it would be used for?
A. A threat model can help to assess the probability, the potential harm, and
the priority of attacks, and thus help to minimize or eradicate the threats.
B. A threat model combines the output of the various vulnerability tests and
the penetration tests carried out to understand the security posture of the
network as a whole.
C. A threat model is a risk-based model that is used to calculate the
probabilities of the various risks identified during the vulnerability tests.
D. A threat model is used in software development practices to uncover
programming errors.
QUICK ANSWER KEY

1. C
2. B
3. D
4. A
5. D
6. C
7. D
8. C
9. B
10. A
11. D
12. A
13. C
14. B
15. D
16. B
17. C
18. D
19. B
20. A
21. C
22. D
23. B
24. A
25. B
26. C
27. A
28. B
29. D
30. A
31. D
32. C
33. D
34. B
35. B
36. C
37. B
38. A
39. B
40. C
41. A
42. B
43. B
44. D
45. D
46. A

ANSWERS A
1. Which of the following best describes the relationship between COBIT and
ITIL?
A. COBIT is a model for IT governance, whereas ITIL is a model for
corporate governance.
B. COBIT provides a corporate governance roadmap, whereas ITIL is a
customizable framework for IT service management.
C. COBIT defines IT goals, whereas ITIL provides the process-level steps
on how to achieve them.
 D. COBIT provides a framework for achieving business goals, whereas
ITIL defines a framework for achieving IT service-level goals.
C. The Control Objectives for Information and related Technology
(COBIT) is a framework developed by ISACA (formerly the Information
Systems Audit and Control Association) and the IT Governance Institute
(ITGI). It defines goals for the controls that should be used to properly
manage IT and to ensure IT maps to business needs, not specifically just
security needs. The Information Technology Infrastructure Library (ITIL)
is the de facto standard of best practices for IT service management. A
customizable framework, ITIL provides the goals, the general activities
necessary to achieve these goals, and the input and output values for each
process required to meet these determined goals. In essence, COBIT
addresses “what is to be achieved,” and ITIL addresses “how to achieve
it.”
A is incorrect because, although COBIT can be used as a model for IT
governance, ITIL is not a model for corporate governance. Actually,
Committee of Sponsoring Organizations of the Treadway Commission
(COSO) is a model for corporate governance. COBIT is derived from the
COSO framework. You can think of COBIT as a way to meet many of the
COSO objectives, but only from the IT perspective. In order to achieve
many of the objectives addressed in COBIT, an organization can use
ITIL, which provides process-level steps for achieving IT service
management objectives.
B is incorrect because, as previously stated, COBIT can be used as a
model for IT governance, not corporate governance. COSO is a model
for corporate governance. The second half of the answer is correct. ITIL
is a customizable framework that is available either as a series of books
or online for IT service management.
D is incorrect because COBIT defines goals for the controls that should
be used to properly manage IT and ensure IT maps to business needs, not
just IT security needs. ITIL provides steps for achieving IT service
management goals as they relate to business needs. ITIL was created
because of the increased dependence on information technology to meet
business needs.
2. Global organizations that transfer data across international boundaries must
abide by guidelines and transborder information flow rules developed by an
international organization that helps different governments come together
and tackle the economic, social, and governance challenges of a globalized
Another random document with
no related content on Scribd:
“A regular untamed young colt,” he observed. “Never saw anything
just like him. He’s a bird, Merriwell. I’m afraid you’ll have hard work
breaking him to the saddle.”
Hodge had brought some baseballs, two bats, and a catcher’s mitt
from Denver, and the following day the three young men got out in a
clear place in the valley and began to practise.
Felicia saw them first, and she ran to Dick with an account of what
they were doing.
“Why, they throw the ball at each other just as hard as they can,” she
said, “and they catch it in their hands, just as easy. It’s fun to watch
them. Come and see them, Dick.”
“No,” said Dick.
“And they have got a stick that they hit it with,” she went on. “One of
them takes the ball, gives it a little toss, then strikes it with the stick
and knocks it so high in the air that you can hardly see it.”
“I’ll bet they don’t catch it then,” said Dick.
“But they do,” asserted the girl. “Then others run and get under it,
and catch it with their bare hands.”
“It must be soft,” said the boy.
His curiosity was aroused, and, after a time, he permitted Felicia to
lure him down to the open valley, where they could watch Frank,
Bart, and Jack practising.
In short order Dick became intensely interested, and it was not long
before he ventured out where the trio were, Felicia following now.
Indeed, it seemed rather surprising that the ball could be batted so
far into the air and caught with such ease, even though the one who
caught it sometimes had to run with all his might to get under it when
it came down.
“Could you do that, Dick?” asked Felicia.
“Of course I could!” he answered, for he did not wish her to think
there was any such accomplishment possessed by these tenderfoots
that he did not also have.
Now, it happened that Jack Ready heard the question and the
answer.
“What, ho!” he cried. “Here is another player for our ball-team. Stand
forth, Richard, and show your skill.”
“No,” said Dick, shaking his head.
“Ah, ha!” exclaimed Jack. “Methinks thou art fearful as to the result.
In other words, you’re putting up a bluff.”
This was too much, so Dick walked out to catch the ball. Jack
himself seized the bat, observing:
“I’ll place the sphere in your fingers, Richard, my son. Let us see if
you can freeze to it.”
Then he knocked a comparatively easy one. Dick got under it, but,
when the ball struck his hands, it immediately bounced out and
dropped to the ground.
And it hurt his hands in a most surprising manner, for he found it
almost as hard as a stone.
Dick did not betray that he was hurt.
“You must squeeze it, young man,” chirped Ready. “That is one of
the first things to learn. When a ball strikes in your hands, close your
fingers on it and squeeze it hard.”
Angry and disgusted, Dick caught up the ball and threw it straight at
Ready with all his strength.
Now, the boy could throw a round stone with remarkable accuracy,
as well as great speed, and he had used all his strength in this case.
Imagine his surprise when Ready carelessly thrust out one hand and
caught the whizzing ball as if the feat was the simplest thing in the
world.
Dick looked at Frank. If Merriwell had laughed then, it is possible the
boy would have stopped in a perfect tempest of anger; but Frank
stood aside, looking quite grave and interested.
“I will catch it!” thought the lad. “I’ll show him that I can catch it!”
Then he cried for Jack to hit out another one.
“Well, that’s the stuff from which heroes and ball-players are made,”
said Ready, as he complied.
This time Jack did not bat the ball directly into Dick’s hands, and the
latter was forced to run after it a little. Again he got his hands on it,
and this time he managed to catch it.
“Good!” cried Frank approvingly. “That was well done!”
To the amazement of Dick himself, he thrilled with satisfaction on
hearing those words of praise from Frank. But he would not try to
catch any more then.
“That’s right,” laughed Ready. “You have a level head, for you know
when to retire on your laurels. I wish I knew as much. I would have
retired long ago.”
Then Bart Hodge put on the big mitt, while Ready stood up to strike
the ball. A flat stone was the plate, and from it Frank paced off the
regular pitching-distance.
Then, with great speed, Frank pitched the ball. Ready fanned, and
Bart caught it, close under the bat.
Dick Merriwell caught his breath, and watched with still greater
interest.
“Fooled me that time,” said Jack. “Put ’em over now, and I’ll drive out
a three-bagger.”
“What is a three-bagger, Dick?” asked Felicia, who had found his
side again.
“I don’t know,” he was forced to admit.
“You did catch the ball, didn’t you?” she said proudly.
“Yes,” was all he answered.
“But it wasn’t near so high as they knocked it before.”
Dick shrugged his shoulders, declaring:
“If I had some practise, I could catch it just as high as anybody.”
“But it must be dangerous. You won’t do it, will you, Dick?”
Now, danger was the very thing that served as a lure to lead the boy
on, and he retorted:
“Oh, I’m going to try it some more. I like it.”
Frank sent in another swift one, and again Jack failed to hit it, though
he struck at it handsomely.
“The double-shoot!” he shouted. “Oh, Laura! but that was a peach! It
twisted both ways as quick as a flash.”
“What is he talking about?” muttered Dick. “I didn’t see it twist.”
He moved around to get another position, and chance happened to
lead him behind Bart, at some distance.
Then, when Frank pitched again, Dick saw the ball come whistling
straight ahead, and suddenly dart off to one side, while Ready
missed it a third time.
“Nothing but an out!” said Jack, in disgust. “And I thought it was
going to be another double.”
“No wonder he can’t hit it,” thought Dick. “Why, the ball didn’t go
straight! I wonder what made it go off to one side like that.”
The next one, however, amazed him more than anything else he had
seen, for it seemed to start curving one way, and then suddenly
change and curve the other.
“Another double-shoot!” exploded Ready, in disgust. “Say, stop it, will
you! You’re the only pitcher in the country who can throw the ball, so
I don’t care to practise batting against it. Give me just the plain,
ordinary curves.”
“All right,” laughed Frank. “I was trying it simply to see if I had good
control and command of it. Next one will be of the ordinary kind.”
It was an in shoot, but Jack hit it a good crack, and joyously cried:
“Safe hit! Oh, me! oh, my! Wasn’t that clever of me?”
“You’d never got a hit like that off him in a game, and you know it,”
said Hodge, while Merry was after the ball. “He’s the greatest pitcher
who ever came out of a college in this country.”
“Admitted, my boy,” nodded Jack. “And he has a reputation from the
Atlantic to the Pacific. He’s a wonder, and everybody knows it.”
Again Dick Merriwell felt a strange thrill of satisfaction and pride, and
to himself he unconsciously whispered:
“He’s my brother!”
 CHAPTER XX.
WINNING HIS WAY.

What he had seen and heard that day wrought a change in Dick
Merriwell. Although he had never witnessed a game of baseball, he
began to feel an intense longing to see one. He pictured it in his
mind, and the picture was far from correct, but it served to add to his
growing desire.
He heard Frank say that he had written to several of his friends, and
the trio of young athletes began to discuss the possibility of getting
enough of the old crowd together to form a ball-team. They spoke of
the excitement of the games and the sport they could have, and Dick
Merriwell’s interest increased steadily as he listened.
“I’d give anything to see one of those games!” he told himself.
When the three went out to practise Dick accompanied them, and,
after that first day, he did not hesitate to try to catch the batted balls.
To him it seemed that these efforts were rather discouraging, for he
often muffed or misjudged them; but he did not know that both
Ready and Hodge had told Merry that the way in which he handled
himself and clung to the ball was astonishing for a chap of his years
who had never seen a ball before.
Inwardly Frank was well pleased about the interest Dick was taking,
but he did not betray his feelings, nor did he praise the boy. Instead
of praising, he sometimes criticized. However, he did not permit his
criticism to savor of ridicule.
Merry well knew that some natures can be much better spurred on
by criticism than by praise, and it is often the case that praise seems
positively harmful to a growing boy or a developing youth. He had
seen many good ball-players spoiled by praise, while few had been
harmed, to his knowledge, by criticism.
Occasionally a lad may be able to stand praise, which may serve to
spur him on; and, once in a while, severe criticism is absolutely
harmful. Once in a while a boy may be ridiculed into doing his best,
but always ridicule is a last resort, for it generally does more harm
than good.
Frank knew that a proud and sensitive lad like Dick could not stand
ridicule, although what seemed like honest criticism would arouse his
nature and lead him to persistent effort. So Merry avoided any show
of ridicule when he spoke freely of Dick’s failings.
Ready would have praised the lad openly, but Merriwell took care to
warn Jack against doing so. Hodge did not need such a warning, as
he was not in the habit of praising anybody, with the single exception
of Frank.
Merry’s critical words cut Dick deeply, seeming to arouse a tempest
of anger within him.
“He thinks I’m not as smart as the boys who go to schools!” the
indignant lad told Felicia one day.
“What makes you think that?” she asked.
“Oh, I know—I can tell! He doesn’t think me very smart. He doesn’t
think I could ever play ball if I tried, but I’d like to show him!”
Now this was the very feeling that Frank had sought to awaken in his
spirited brother, for he knew it would serve to spur the boy on.
Sometimes Frank, Bart, and Jack talked of old times and the
excitement of the baseball-games in which they had participated,
and then, if he fancied himself unobserved, Dick would linger near
and listen, though he pretended to take no interest whatever in what
they were saying.
More and more the desire grew within him to witness a regular ball-
game. He was a boy who loved excitement, and he pictured the
dashing, desperate struggle of two baseball-nines, with the cheering
spectators to urge them on.
One day Frank left the valley, with Dick for a companion, and rode to
Urmiston. They were mounted on two spirited horses, and the lad
took delight in giving Merry a hard race to the little town, but found
that the “tenderfoot” was pretty nearly a perfect horseman.
At Urmiston, Merriwell received two letters which seemed to give him
considerable satisfaction, but, after reading them, he thrust them
both into his pocket, saying nothing at that time of their contents. On
the way back to Pleasant Valley, however, Merry suddenly observed:
“Well, Dick, I am going away soon.”
“Are you?” said the boy. “That is good!”
“I thought you would be glad of it. A number of my friends are
coming from the East, and we are going to organize a baseball-
team. We’ll play such clubs as we can get games with, and so pass
the summer.”
Dick said nothing.
“We’ll have lots of sport this summer,” Merry went on. “It’s too bad
you can’t see some of the games. But, then, I don’t suppose you
care anything about them?”
The heart of the boy gave a strange throb. Then Frank had decided
to go away and leave him behind!
“Why won’t I see any of them?” he asked. “You are going to make
me go with you, aren’t you?”
“No,” was the quiet answer.
“But—you—said——” Then Dick choked and stopped, his mixed
emotions getting the mastery of him.
“I might have taken you with us if I had not found that you were so
set against it,” Frank said. “But I have come to the conclusion that it
will be better to leave you behind. Then I shall not be bothered with
you.”
The face of the lad flushed with angry indignation, and his dark eyes
flashed.
“Oh, that is it!” he cried scornfully. “You pretended at first that you
were so greatly interested in me that you were ready to do anything
for me, but now I know that it was all pretense, and that you simply
wanted to make me uncomfortable. Father said that you were to take
care of me and see that I received proper training, but, just as soon
as you think I may be a little bother to you, you are ready to drop me.
That shows what kind of a brother you are! I’m glad I’ve found out! I
wouldn’t go with you now if you wanted me to! You couldn’t make me
go with you!”
“It’s true,” said Frank quietly, “that father wanted me to take care of
you, but it may be that he did not know the kind of a task he was
imposing on me. If you were the right kind of a boy, I’d do everything
in my power to your advantage, no matter how much trouble it cost
me; but it is evident that you prefer to run wild and come up in any
old way. You choose your ignorance in preference to all the
advantages I could give you. I fear I could not make much of a man
of you, anyhow, so why should I try?”
The lad trembled from his head to his feet with the intensity of his
rage. Then, all at once, he savagely cried:
“You can’t throw me over that way! I won’t let you! You’re getting
tired of me, but I’ll make you do just what father said you were to do!
You shall not go away and leave me here! I’ll go with you! I will! I will!
I will!”
“Don’t get so excited about it,” advised Frank. “That’s where you
show a weak spot. If you ever become a successful man in this
world, you must learn to govern your temper. You let yourself——”
But Dick refused to listen longer, and, fiercely cutting his horse with
his quirt, he went dashing madly toward the distant valley, Frank
following behind.
There was a satisfied smile on Merriwell’s face, for he felt that he
was winning in his struggle with the obstinate spirit of the boy. But he
took care not to let Dick see that smile.
When they arrived at the cabin home of Juan Delores, Old Joe
Crowfoot was there, sitting with his back against the wall, grimly
smoking his pipe.
He did not even look up as they approached.
 CHAPTER XXI.
FROM THE JAWS OF DEATH.

The following day, guided by Old Joe, a party set out on a journey to
the mountains, in a secluded valley of which, the old Indian declared,
John Swiftwing lived with his half-blood wife. The party was made up
of Frank, Bart, Jack, Dick, and the old redskin.
They did not start till past midday, and it was their plan to camp out
for at least one night. All were well mounted and armed and
prepared for roughing it.
Dick had dressed himself in the half-Mexican finery he was wearing
the first time Frank saw him. Those were the clothes in which Juan
Delores delighted to see the lad attired.
Dick bade Felicia an affectionate adieu, promising to return within
two days. At first she had feared he was going away for good, and
the thought had nearly broken her heart; but she was relieved when
Frank gave her his word that they would return.
That night they camped by a stream that came down from the
mountains and flowed out through a broad valley, in which a great
herd of cattle was grazing.
Old Joe had discovered “antelope sign” some hours before, and he
set out to shoot one of the creatures. But Merriwell took a fancy to
see what he could do, and, by skirting a ridge that kept him from
view of the antelopes, he reached a point where he could obtain a
good shot at them when they were alarmed by the Indian and took to
flight.
Thus it happened, much to Dick’s amazement, that Frank brought in
the antelope, while Old Joe returned empty-handed.
This seemed something like a marvel to the lad, but, if possible, Old
Joe was even more astonished, and, although he tried to conceal it,
he felt deeply chagrined over the outcome of the affair.
Joe, however, insisted on cooking the juicy steak cut from the slain
antelope, and, though he felt that he could do it quite as well himself,
Merry did not refuse the old fellow this privilege.
The smoke of their camp-fire rose in a blue column. Behind them
rose the cottonwoods by the stream, and the majestic mountains
towered close at hand. Soon the coffee-pot was simmering on some
coals raked out from the fire, sending forth a delightful odor that gave
every one a feeling of ravenous hunger.
Wrapped in his old red blanket, Crowfoot squatted by the fire and
broiled the antelope steak, smoking his pipe.
No one observed that Dick had slipped away. They were talking of
college days, and the conversation served to make them forgetful of
their romantic surroundings.
“Alas!” sighed Ready, “old Yale will not seem like it used to be, now
that Merry has taken himself hence, his radiant brow wreathed in
undying laurels.”
“I’m glad I’m through,” asserted Bart. “I couldn’t stay there another
year.”
“It’ll be hard on me,” confessed Jack. “But I’ll have to stand it. There
is one satisfaction in the thought that there will be no one in Yale to
dispute my claim to the honor of being the most beautiful and highly
intellectual chap on the campus. But the football-games—oh, my!
And the baseball-games—oh, me! What will they be without Merry?
Oh, Lud! I shall think with breaking heart of the days gone by, when
the only and original Frank Merriwell reigned. I shall listen in vain for
the acclaiming populace to thunder forth his name. Nevermore! ah,
nevermore!”
Then, as Jack pretended to weep, there came a sudden and startling
interruption. There was a clatter of hoofs, a shout, and a cry of
warning.
They started and turned. Bearing down upon them was a wild-eyed
steer, and, astride the back of the animal, they saw Dick Merriwell!
“Look out! Jump!” cried Frank, as, with lowered head, the frightened
steer charged straight for the fire.
“Make way for the gentleman!” cried Ready, scrambling aside in
ludicrous haste.
Bart Hodge got out of the way without a word.
And right through the smoke, leaping over the fire, went the steer,
while a wild peal of laughter came from the lips of the daredevil boy
astride the back of the creature.
“Oh, ha! ha! ha! ha!” shouted the lad. “Ha! ha! ha! Ha! ha! ha!”
“Talk about your untamed catamounts!” gurgled Ready. “Why, that
boy is the worst yet!”
“Ugh!” grunted Old Joe. “Him got Injun heart.”
But Frank said not a word, as he leaped to his feet and ran toward
the spot where his horse was picketed.
Merry knew Dick was in danger, for the wild steer might run at that
mad pace for miles and miles, and there was no telling what might
happen when the lad got off the creature’s back.
Merry’s horse snorted as he came up, backing away and flinging up
its head; but he seized the picket-rope and quickly had the beast by
the head.
Up came the picket, and Frank quickly flung himself on the back of
the horse, without stopping to saddle his mount. Then he whirled the
horse’s head toward the spot where he could see the steer careering
down the valley, and gave the bronco the end of the rope.
He was off in pursuit, wondering how it happened that Dick had
managed to get astride the steer.
The explanation was simple enough. Dick had wandered away to the
stream, where he climbed into the lower branches of a tree. The
steer came along to drink, and the reckless youngster dropped
astride his back.
Merriwell urged the horse to its fastest pace, guiding it with the
picket-rope. He did not look back to see if any of the others followed,
but kept his eyes on the steer that was bearing the boy away.
The herd of cattle at a distance looked up in alarm as the frightened
steer approached. Merry feared they might stampede, with the steer
ridden by the boy at their head.
As the animal approached the rest of the cattle, it suddenly swerved
to one side and made a half-circle. Then it partly stopped, and,
seizing the opportunity, Dick slipped from its back to the ground.
Frank lashed his horse still harder, for he knew that Dick was now in
the greatest peril of all. The cattle of the plains are used to the sight
of mounted men, whom they respect and fear; but the spectacle of a
human being on foot attracts them, first arousing their curiosity and
then their rage. Woe to the hapless man who is thus discovered by a
herd of cattle, for, unless he can quickly find shelter of some sort, he
is almost certain to be charged upon, gored, and trampled.
Knowing this, Merry raced to the rescue of his brother, his heart in
his throat.
The steer ran a short distance, and then turned and looked at the
boy, pawing the ground. The cattle began to approach, gathering in
on the lad.
“Keep still!” muttered Frank, as he again lashed his horse. “Face
them, Dick—face them!”
The boy did face them at first, but they gathered thicker and thicker.
One after another they began to bellow and paw the ground. Their
eyes glared, and their aspect was awesome indeed.
The boy turned and moved away, upon which the herd started after
him. He looked back over his shoulder and saw them coming. The
bright colors in his clothes aided in arousing them. Then Dick saw
Frank racing toward him, and he turned in that direction.
“Keep still!” shouted Merry. “Don’t run! don’t run!”
But the only word Dick understood was:
“Run!”
Immediately he started running toward the approaching horseman.
In a moment the great herd was moving after him, faster, faster,
faster. There rose a rumble of hoofs that was terrifying, a clatter of
horns like musketry, and behind the mass of cattle floated upward a
dust-cloud that resembled the smoke of battle.
Frank Merriwell urged his horse to its utmost, bending forward and
seeking to estimate the possibility of reaching the boy in time.
Dick ran for his life, well knowing that certain death was seeking to
overtake him.
Nearer, nearer, nearer! Then Frank shouted:
“Stand still! Make ready!”
It seemed that the rushing herd must sweep them both down, but
Frank charged athwart the crest of the mass of animals.
Fortunately the boy heard and understood this time. He stopped and
partly lifted his arms, but, knowing that to pick him up while dashing
at full speed on horseback was a feat worthy of a most experienced
and expert cowboy, there was doubt and fear in his heart.
Frank leaned over, clinging to the neck of the horse. It seemed that
he meant to run the boy down, he went so close to Dick. As he
passed, he made a clutch at the strong sash of the lad—caught it—
held fast.
The boy was lifted by Frank’s powerful arm. He felt himself raised
and flung across the horse in front of his brother, and then the doubly
burdened horse wheeled and swept away from beneath the very
noses of the cattle.
The herd did not follow far. The cattle seemed surprised at the
sudden disappearance of their intended victim, and they quickly
settled down and stopped.
When they were safely away, Frank lifted Dick, holding an arm about
him. The lad looked at Merry’s face and saw it was very pale, but
strong, and resolute, and masterful.
“That was a close call, Dick,” said Frank quietly. “I was afraid once
that I’d not get there in time.”
Not a word of reproach or reproof. In that moment the heart of Dick
Merriwell went out to his brother in a great leap of affection.
“Frank,” he said, his voice not quite steady, “I—I want to stay with
you—always.”
“You shall, Dick!” promised Frank.
 CHAPTER XXII.
CHALLENGED.

“For the love of goodness!”

“What’s the matter?”
“Look at this!”
Bart Hodge did not often get excited and express his feelings by
ejaculations, but now he was the first speaker. Merriwell was the one
who asked the question, and Bart thrust the paper he had been
reading toward Frank as he said, “Look at this.”
“Where?” asked Merry.
“There!” said Bart, pointing his index-finger at the article that had
excited his astonishment. “Just read that, will you!”
The matter under observation was headed, “Baseball Challenge,”
and read as follows:
“It is reported that Frank Merriwell, late captain of the Yale
baseball and football-team, is in the vicinity of Denver,
having brought with him a picked ball-team, with which he
proposes to wipe up the earth with anything and
everything he can find west of the Mississippi. Such being
the case, as manager of the Denver Reds, the champion
independent baseball-team of the State of Colorado, I
challenge Merriwell’s team to a game of ball, to be played
in Denver any time within ten days, for a purse and the
entire gate-receipts.
“I am confident that my team can show the collegians a
few points in our great national game, and I believe that as
a pitcher Merriwell has been greatly overrated. Everybody
with sense knows that the story that he can throw a ball
 that will curve both in and out before reaching the batter is
perfectly ridiculous, and, in case he has sufficient courage
to accept this challenge, the Reds have the utmost
confidence that they can bat him out of the box before the
end of the third inning.
“It is admitted that last season he did manage an
independent team that won a number of victories,
defeating a Denver club, but I contend that the majority of
the nines playing against him were made up of the rankest
amateurs, and that not one team in the list was in the
same class with the Reds. Not knowing Mr. Merriwell’s
present address, I take this means of placing my
challenge before him, but I sadly fear that he will not have
sufficient courage to accept.
“David Morley, Mgr. Denver Reds.”
They were sitting in the lobby of the Metropole Hotel in the city of
Denver, where they had met Browning, Rattleton, Gamp, and Carker
that day by appointment.
The expedition that had set out to find Swiftwing had not been
successful. They had found only his deserted shanty. The Indian and
his wife were gone.
When he had finished reading the challenge, Frank laughed quietly,
but, on looking up, saw Hodge was scowling blackly.
“That’s a case of unbounded confidence, isn’t it, Bart?”
“Unbounded insolence, I call it!” growled Hodge. “Why, that
challenge is almost an insult—it is an insult!”
“It’s pretty plain language,” Frank admitted.
“Plain! It’s rank! Why, the fellow says you haven’t courage enough to
accept!”
“Well, it is an easy matter to convince him that he has made a
mistake.”
“But he sneers at your pitching.”
“Possibly I may be able to take some of his sneering out of him in a
game, if I happen to be in form.”
“I know you can, Merriwell, but the crust of it is what galls me. He
says you have been overrated.”
“Probably he thinks so.”
“Well, he’s got another think coming to him.”
“This is exactly what we are looking for, Hodge. We have pulled
ourselves together to play ball, and we——”
“We haven’t had any practise.”
“Morley gives us enough time for that. We can play him any time
within ten days.”
“Besides, we are two men short, and I don’t see how we are going to
fill out the nine. Stubbs can’t come, and Mason’s mother died at just
the time to prevent him from joining us, and here we are. It’s out that
you have a ball-team, and this duffer flings us a challenge.”
Bart’s warm blood had been stirred by the offensive challenge in the
Denver paper, and he was not in a pleasant mood.
“If we had found Swiftwing——” Merry began.
“But we didn’t,” Hodge cut in.
“I’d give a little to know where he has gone.”
“Old Joe said he would find him. And that’s the last we have heard of
Old Joe. I don’t believe we’ll ever see anything of that old vagrant
again.”
“Somehow I have a fancy that Old Joe will turn up with news of
Swiftwing.”
“What if he does? He may not turn up in time to do any good, and
you can’t remain idle and wait for something that may happen. You
must accept that challenge, Frank.”
“I intend to,” came quietly from Merry’s lips.
“Without the two men needed?”
“I’ll have to pick up men somehow. Now, there’s Berlin Carson——”
“Speaking of me, Merriwell?”
Both Frank and Bart started and turned as the words fell on their
ears. Toward them advanced a prepossessing youth, who had
observed them sitting there as he was passing through the lobby.
“Carson, as I live!” exclaimed Frank, in deep satisfaction, as he
quickly rose and extended his hand.
With a long, quick stride, the newcomer approached and grasped the
proffered hand, his blue eyes beaming with pleasure.
“Merriwell, I am overjoyed!” he declared. “I heard you were
somewhere in Colorado, but I had not the least idea of running
across you here. It’s lucky the governor sent me into town on
business at this time.”
“Lucky for us,” nodded Frank, as Carson and Hodge shook hands.
“You are the eighth man for our ball-team, if we can get you to come
in with us.”
The eyes of the Colorado lad showed his satisfaction.
“You can count on me for anything, Merriwell,” he asserted. “The
governor is sure to let me join you, for he thinks you are just about
the proper thing, and he has thought so ever since he first met you.
He knows I’d never made the varsity nine if it hadn’t been for you,
and that makes him think all the more of you. You may count on me.
Where are your other men?”
“They’re out looking the city over.”
“Who are they?”
Frank told him.
“All good men but Carker,” said Carson; “and he can put up a good
game when he gets right down to it.”
“But we’re still a man short,” said Hodge. “Merriwell has a brother, a
perfect little wonder; but he’s too young—only thirteen.”
“A brother?” exclaimed Carson, who knew nothing of recent
developments in connection with Frank.
Then Merriwell briefly outlined the whole strange story, having a very
interested listener.
“He’s a wonder,” Hodge again declared, referring to Dick Merriwell;
“but he has never seen a regular game of ball in his life. He had
some balls, mitts, and a bat out there in Pleasant Valley, where he
has always lived, and you should have seen him get after the ball.
Why, that boy has more sand than any fellow I ever saw, and he is
made up of determination. He just sets his teeth and catches
anything that is tossed up to him. Merry has begun to teach him to
pitch.”
“Yes,” laughed Frank, “and he is furious because he can’t get onto
the trick of throwing the double-shoot. He swears he’ll do it if he lives
long enough.”
“That’s the true Merriwell stuff,” nodded Carson. “I’ve never seen
him, but I’ll bet my life he’ll make a bird.”
“But it’s useless to think of playing him,” said Merriwell. “Besides
being too young, he knows next to nothing about the game. I’m
going to take him round with me this summer and give him all the
education in the ball-playing line that I can.”
“Well, we’ll have to find a man,” said Berlin. “I know some players,
and I’ll——”
Just then something happened that caused the trio to wheel about
instantly.