302 Chapter 12 ■ Practice Test 4
6 7. Something you know is an example of what type of authentication factor?
A. Typ e 1
B. Typ e 2
C. Typ e 3
D. Typ e 4- Saria is the system owner for a healthcare organization. What responsibilities does she
have related to the data that resides on or is processed by the systems she owns?
A. She has to classify the data.
B. She has to make sure that appropriate security controls are in place to protect the
data.
C. She has to grant appropriate access to personnel.
D. She bears sole responsibility for ensuring that data is protected at rest, in transit, and
in use. - During software testing, Jack diagrams how a hacker might approach the application he
is reviewing and determines what requirements the hacker might have. He then tests how
the system would respond to the attacker’s likely behavior. What type of testing is Jack
conducting?
A. Misuse case testing
B. Use case testing
C. Hacker use case testing
D. Static code analysis - When a vendor develops a product that they wish to submit for Common Criteria evalua-
tion, what do they complete to describe the claims of security for their product?
A. PP
B. ITSEC
C. TCSEC
D. ST - Chris has been assigned to scan a system on all of its possible TCP and UDP ports. How
many ports of each type must he scan to complete his assignment?
A. 6 5,536 TCP ports and 32,768 UDP ports
B. 1 024 common TCP ports and 32,768 ephemeral UDP ports
C. 6 5,536 TCP and 65,536 UDP ports
D. 1 6,384 TCP ports, and 16,384 UDP ports - CVE and the NVD both provide information about what?
A. Vulnerabilities
B. Markup languages