234 Chapter 10 ■ Practice Test 2
- What is the final stage of the Software Capability Maturity Model (SW-CMM)?
A. Repeatable
B. Defined
C. Managed
D. Optimizing - Angie is configuring egress monitoring on her network to provide added security. Which
one of the following packet types should Angie allow to leave the network headed for the
Internet?
A. Packets with a source address from Angie’s public IP address block
B. Packets with a destination address from Angie’s public IP address block
C. Packets with a source address outside Angie’s address block
D. Packets with a source address from Angie’s private address block - Matt is conducting a penetration test against a Linux server and successfully gained access
to an administrative account. He would now like to obtain the password hashes for use in
a brute-force attack. Where is he likely to find the hashes, assuming the system is config-
ured to modern security standards?
A. /etc/passwd
B. /etc/hash
C. /etc/secure
D. /etc/shadow - Theresa is implementing a new access control system and wants to ensure that developers
do not have the ability to move code from development systems into the production envi-
ronment. What information security principle is she most directly enforcing?
A. Separation of duties
B. Two-person control
C. Least privilege
D. Job rotation - Which one of the following tools may be used to achieve the goal of nonrepudiation?
A. Digital signature
B. Symmetric encryption
C. Firewall
D. IDS