To comply with the secure design principle of fail-safe defaults, what must a system do if it receives an instruction it does not understand? The system should:

A. send the instruction to a peer server, to see if the peer can execute.

B. not attempt to execute the instruction.

C. close the connection, and refuse all further traffic from the originator.

D. not launch its debugging features, and attempt to resolve the instruction.

E. search for a close match in the instruction set it understands.

_______ is the process of confirming that implemented security safeguards work as expected.

A. Penetration testing

B. Exploitation

C. Baselining

D. A vulnerability

E. A countermeasure

A _______ attack uses multiple systems to launch a coordinated attack.

A. Distributed denial-of-service

B. Teardrop

C. Birthday

D. FTP Bounce

E. Salami

Which of the following entities review partner-extranet requirements?

A. Information systems

B. Shipping and receiving

C. Marketing

D. Requesting department

E. Chief Information Officer

Which of the following are common failures that should be addressed in an organization's Business Continuity Plan (BCP) ? (Choose THREE.)

A. Connectivity failures

B. Accounting failures

C. Hardware failures

D. Utility failures

E. Personal failures

Which of the following statements about encryption's benefits is false? Encryption can: (Choose TWO.)

A. significantly reduce the chance information will be modified by unauthorized entities.

B. only be used to protect data in transit. Encryption provides no protection to stored data.

C. allow private information to be sent over public networks, in relative safety.

D. significantly reduce the chance information will be viewed by unauthorized entities.

E. prevent information from being destroyed by malicious entities, while in transit.

Which principle of secure design states that a security mechanism's methods must be testable?

A. Separation of privilege

B. Least common mechanism

C. Complete mediation

D. Open design

E. Economy of mechanism

Which of the following is an example of a simple, physical-access control?

A. Lock

B. Access control list

C. Background check

D. Token

E. Firewall

Which encryption algorithm has the highest bit strength?

A. AES

B. Blowfish

C. DES

D. CAST

E. Triple DES

A(n) _______________ is an abstract machine, which mediates all access subjects have to objects.

A. ACL

B. Reference monitor

C. State machine

D. TCB

E. Router