Questions Flashcards by Scotty Barron

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that?

A. Determine the risk of a business interruption occurring
B. Determine the technological dependence of the business processes
C. Identify the operational impacts of a business interruption
D. Identify the financial impacts of a business interruption.

Correct Answer:

B. Determine the technological dependence of the business processes.

How well did you know this?

Not at all

Perfectly

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

A. Examine the device for physical tampering
B. Implement more stringent baseline configurations.
C. Purge or re-image the hard disk drive
D. Change access codes

Correct Answer:

B. Implement more stringent baseline configurations.

How well did you know this?

Not at all

Perfectly

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

A. Ensure the fire prevention and detection systems are sufficient to protect personnel
B. Review the architectural plans to determine how many emergence exits are present
C. Conduct a gap analysis of new facilities against existing security requirements.
D. Revise the Disaster REcovery and Business Continuity (DR/BC) plan

Correct Answer:

C: Conduct a gap analysis of a new facilities against existing security requirements

How well did you know this?

Not at all

Perfectly

Intellectual property rights are PRIMARY concerned with which of the following?

A. Owner’s ability to realize financial gain
B. Owner’s ability to maintain copyright
C. Right of the owner to enjoy their creation
D. Right of the owner to control delivery method

Correct Answer:

A. Owner’s ability to realize financial gain

How well did you know this?

Not at all

Perfectly

A Control to protect from a DoS attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

A. 25%
B. 50%
C. 75%
D. 100%

Correct Answer:

A. 25%

How well did you know this?

Not at all

Perfectly

What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?

A. Smurfing
B. Man-in-the-Middle (MITM) attack
C. Session redirect
D. Spoofing

Correct Answer

D. Spoofing

How well did you know this?

Not at all

Perfectly

Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

A. Security governance
B. Risk management
C. Security portfolio management
D. Risk Assessment

Correct Answer

B. Risk Management

How well did you know this?

Not at all

Perfectly

Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?

A. Memory review
B. Code review
C. Message division
D. Buffer division

Correct Answer

B. Code Review

How well did you know this?

Not at all

Perfectly

Which of the following is MOST important when assigning ownership of an asset of a department?

A. The department should report to the business owner
B. Ownership of the asset should be periodically reviewed
C. Individual accountability should be ensured
D. All member should be trained on their responsibilities

Correct Answer

B. Ownership of the asset should be periodically reviewed

How well did you know this?

Not at all

Perfectly

Which of the following BEST describes the responsibilities of a data owner?

A. Ensuring quality and validation through periodic audits for ongoing data integrity
B. Maintaining fundamental data availability, including data storage and archiving
C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
D. Determining the impact the information has on the mission of the organizaiton

Correct Answer

C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

How well did you know this?

Not at all

Perfectly

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests. Which contract is BEST in offloading the task from the IT staff?

A. Platform as a Service (PaaS)
B. Identity as a Service (IDaaS)
C. Desktop as a Service (DaaS)
D. Software as a Service (SaaS)

B. Identity as a Service (IDaaS)

How well did you know this?

Not at all

Perfectly

When implementing a data classification program, why is it important to avoid too much granularity?

A. The process will require too many resources
B. It will be difficult to apply to both hardware and software
C. It will be difficult to assign ownership to the data
D. The process will be perceived as having value

A. The process will require too many resources

How well did you know this?

Not at all

Perfectly

In a data classification scheme, the data is owned by the
A. system security managers
B. business managers
C. Information Technology (IT) managers
D. end users

B. business managers

How well did you know this?

Not at all

Perfectly

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
B. Data stewardship roles, data handling and storage standards, data lifecycle requirements
C. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements
D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements

How well did you know this?

Not at all

Perfectly

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

A. Log all activities associated with sensitive systems
B. Provide links to security policies
C. Confirm that confidentially agreements are signed
D. Employ strong access controls

D. Employ strong access controls

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

A. Erase
B. Sanitize
C. Encrypt
D. Degauss

B. Sanitize

How well did you know this?

Not at all

Perfectly

An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?

A. Diffle-Hellman (DH) algorithm
B. Elliptic Curve Cryptography (ECC) algorithm
C. Digital Signature algorithm (DSA)
D. Rivest-Shamir-Adleman (RSA) algorithm

A. Diffle-Hellman (DH) algorithm

How well did you know this?

Not at all

Perfectly

Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?

A. Inert gas fire suppression system
B. Halon gas fire suppression system
C. Dry-pipe sprinklers
D. Wet-pipe sprinklers

A. Inert gas fire suppression system

How well did you know this?

Not at all

Perfectly

Unused space in a disk cluster is important in media analysis because it may contain which of the following?
A. Residual data that has not been overwritten
B. Hidden viruses and Trojan horses
C. Information about the File Allocation table (FAT)
D. Information about patches and upgrades to the system

A. Residual data that has not been overwritten

How well did you know this?

Not at all

Perfectly

QUESTION 20
Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?
A. Triple Data Encryption Standard (3DES)
B. Advanced Encryption Standard (AES)
C. Message Digest 5 (MD5)
D. Secure Hash Algorithm 2(SHA-2)

B. Advanced Encryption Standard (AES)

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

A. Use Software as a Service (SaaS)
B. Whitelist input validation
C. Require client certificates
D. Validate data output

B. Whitelist input validation

How well did you know this?

Not at all

Perfectly

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

A. Hashing the data before encryption
B. Hashing the data after encryption
C. Compressing the data after encryption
D. Compressing the data before encryption

D. Compressing the data before encryption

How well did you know this?

Not at all

Perfectly

Who in the organization is accountable for classification of data information assets?

A. Data owner
B. Data architect
C. Chief Information Security Officer (CISO)
D. Chief Information Officer (CIO)

A. Data owner

How well did you know this?

Not at all

Perfectly

The use of private and public encryption keys is fundamental in the implementation of which of the following?

A. Diffie-Hellman algorithm
B. Secure Sockets Layer (SSL)
C. Advanced Encryption Standard (AES)
D. Message Digest 5 (MD5)

A. Diffie-Hellman algorithm

How well did you know this?

Not at all

Perfectly

Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege? A. identity provisioning B. access recovery C. multi-factor authentication (MFA) D. user access review

A. identity provisioning

A minimal implementation of endpoint security includes which of the following? A. Trusted platforms B. Host-based firewalls C. Token-based authentication D. Wireless Access Points (AP)

B. Host-based firewalls

Why is planning in Disaster Recovery (DR) an interactive process? A. It details off-site storage plans B. It identifies omissions in the plan C. It defines the objectives of the plan D. It forms part of the awareness process

B. It identifies omissions in the plan

Mandatory Access Controls (MAC) are based on: A. security classification and security clearance B. data segmentation and data classification C. data labels and user access permissions D. user roles and data encryption

A. security classification and security clearance

Which security access policy contains fixed security attributes that are used by the system to determine a user’s access to a file or object? A. Mandatory Access Control (MAC) B. Access Control List (ACL) C. Discretionary Access Control (DAC) D. Authorized user control

A. Mandatory Access Control (MAC)

Which of the following is a common characteristic of privacy? A. Provision for maintaining an audit trail of access to the private data B. Notice to the subject of the existence of a database containing relevant credit card data C. Process for the subject to inspect and correct personal data on-site D. Database requirements for integration of privacy data

A. Provision for maintaining an audit trail of access to the private data

At a MINIMUM, audits of permissions to individual or group accounts should be scheduled A. annually B. to correspond with staff promotions C. to correspond with terminations D. continually

A. annually

In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs? A. Modifying source code without approval B. Promoting programs to production without approval C. Developers checking out source code without approval D. Developers using Rapid Application Development (RAD) methodologies without approval

B. Promoting programs to production without approval

Which of the following combinations would MOST negatively affect availability? A. Denial of Service (DoS) attacks and outdated hardware B. Unauthorized transactions and outdated hardware C. Fire and accidental changes to data D. Unauthorized transactions and denial of service attacks

A. Denial of Service (DoS) attacks and outdated hardware

Which of the following is a responsibility of a data steward? A. Ensure alignment of the data governance effort to the organization. B. Conduct data governance interviews with the organization. C. Document data governance requirements. D. Ensure that data decisions and impacts are communicated to the organization.

A. Ensure alignment of the data governance effort to the organization.

Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach? A. End-to-end data encryption for data in transit B. Continuous monitoring of potential vulnerabilities C. A strong breach notification process D. Limited collection of individuals’ confidential data

D. Limited collection of individuals’ confidential data

What is the MAIN goal of information security awareness and training? A. To inform users of the latest malware threats B. To inform users of information assurance responsibilities C. To comply with the organization information security policy D. To prepare students for certification

B. To inform users of information assurance responsibilities

Proven application security principles include which of the following? A. Minimizing attack surface area B. Hardening the network perimeter C. Accepting infrastructure security controls D. Developing independent modules

A. Minimizing attack surface area

From a security perspective, which of the following assumptions MUST be made about input to an application? A. It is tested B. It is logged C. It is verified D. It is untrusted

D. It is untrusted

What is the PRIMARY goal of fault tolerance? A. Elimination of single point of failure B. Isolation using a sandbox C. Single point of repair D. Containment to prevent propagation

A. Elimination of single point of failure

Which of the BEST internationally recognized standard for evaluating security products and systems? A. Payment Card Industry Data Security Standards (PCI-DSS) B. Common Criteria (CC) C. Health Insurance Portability and Accountability Act (HIPAA) D. Sarbanes-Oxley (SOX)

B. Common Criteria (CC)

Which one of the following data integrity models assumes a lattice of integrity levels? A. Take-Grant B. Biba C. Harrison-Ruzzo D. Bell-LaPadula

B. Biba

Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed? A. Truncating parts of the data B. Applying Access Control Lists (ACL) to the data C. Appending non-watermarked data to watermarked data D. Storing the data in a database

A. Truncating parts of the data

What is the purpose of an Internet Protocol (IP) spoofing attack? A. To send excessive amounts of data to a process, making it unpredictable B. To intercept network traffic without authorization C. To disguise the destination address from a target’s IP filtering devices D. To convince a system that it is communicating with a known entity

D. To convince a system that it is communicating with a known entity

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located? A. Link layer B. Physical layer C. Session layer D. Application layer

D. Application layer

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node? A. Transport layer B. Application layer C. Network layer D. Session layer

A. Transport layer

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats? A. Layer 2 Tunneling Protocol (L2TP) B. Link Control Protocol (LCP) C. Challenge Handshake Authentication Protocol (CHAP) D. Packet Transfer Protocol (PTP)

B. Link Control Protocol (LCP)

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model? A. Packet filtering B. Port services filtering C. Content filtering D. Application access control

A. Packet filtering

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information? A. Implement packet filtering on the network firewalls B. Install Host Based Intrusion Detection Systems (HIDS) C. Require strong authentication for administrators D. Implement logical network segmentation at the switches

D. Implement logical network segmentation at the switches

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control? A. Add a new rule to the application layer firewall B. Block access to the service C. Install an Intrusion Detection System (IDS) D. Patch the application source code

D. Patch the application source code

Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)? A. Minimize malicious attacks from third parties B. Manage resource privileges C. Share digital identities in hybrid cloud D. Define a standard protocol

D. Define a standard protocol

An organization has discovered that users are visiting unauthorized websites using anonymous proxies. Which of the following is the BEST way to prevent future occurrences? A. Remove the anonymity from the proxy B. Analyze Internet Protocol (IP) traffic for proxy requests C. Disable the proxy server on the firewall D. Block the Internet Protocol (IP) address of known anonymous proxies

B. Analyze Internet Protocol (IP) traffic for proxy requests ???

A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled. Why did the network architect likely design the VoIP system with gratuitous ARP disabled? A. Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1. B. Gratuitous ARP requires the use of insecure layer 3 protocols. C. Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone. D. Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

D. Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP). Which of the following represents a valid measure to help protect the network against unauthorized access? A. Implement path management B. Implement port based security through 802.1x C. Implement DHCP to assign IP address to server systems D. Implement change management

B. Implement port based security through 802.1x

Transport Layer Security (TLS) provides which of the following capabilities for a remote access server? A. Transport layer handshake compression B. Application layer negotiation C. Peer identity authentication D. Digital certificate revocation

C. Peer identity authentication

What does a Synchronous (SYN) flood attack do? A. Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state B. Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections C. Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections

D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections

A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols? A. Point-to-Point Protocol (PPP) and Internet Control Message Protocol (ICMP) B. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) C. Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) D. Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

B. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network? A. The second of two routers can periodically check in to make sure that the first router is operational. B. The second of two routers can better absorb a Denial of Service (DoS) attack knowing the first router is present. C. The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly. D. The first of two routers can better handle specific traffic, while the second handles the rest of the traffic seamlessly.

C. The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly.

The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data A. through a firewall at the Session layer B. through a firewall at the Transport layer C. in the Point-to-Point Protocol (PPP) D. in the Payload Compression Protocol (PCP)

C. in the Point-to-Point Protocol (PPP)

What protocol is often used between gateway hosts on the Internet? A. Exterior Gateway Protocol (EGP) B. Border Gateway Protocol (BGP) C. Open Shortest Path First (OSPF) D. Internet Control Message Protocol (ICMP)

B. Border Gateway Protocol (BGP)

From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system? A. Disable all recursive queries on the name servers B. Limit zone transfers to authorized devices C. Configure secondary servers to use the primary server as a zone forwarder D. Block all Transmission Control Protocol (TCP) connections

B. Limit zone transfers to authorized devices

“Stateful” differs from “Static” packet filtering firewalls by being aware of which of the following? A. Difference between a new and an established connection B. Originating network location C. Difference between a malicious and a benign packet payload D. Originating application session

A. Difference between a new and an established connection

Access to which of the following is required to validate web session management? A. Log timestamp B. Live session traffic C. Session state variables D. Test scripts

C. Session state variables

Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)? A. Reduce the probability of identification B. Detect further compromise of the target C. Destabilize the operation of the host D. Maintain and expand control

D. Maintain and expand control

Digital certificates used in Transport Layer Security (TLS) support which of the following? A. Information input validation B. Non-repudiation controls and data encryption C. Multi-Factor Authentication (MFA) D. Server identity and data confidentially

D. Server identity and data confidentially

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization? A. Trusted third-party certification B. Lightweight Directory Access Protocol (LDAP) . C. Security Assertion Markup language (SAML) D. Cross-certification

C. Security Assertion Markup language (SAML)

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary? A. Limit access to predefined queries B. Segregate the database into a small number of partitions each with a separate security level C. Implement Role Based Access Control (RBAC) D. Reduce the number of people who have access to the system for statistical purposes

C. Implement Role Based Access Control (RBAC)

What is the second step in the identity and access provisioning lifecycle? A. Provisioning B. Review C. Approval D. Revocation

B. Review

Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services? A. Mandatory Access Controls (MAC) B. Enterprise security architecture C. Enterprise security procedures D. Role Based Access Controls (RBAC)

D. Role Based Access Controls (RBAC)

Which of the following is of GREATEST assistance to auditors when reviewing system configurations? A. Change management processes B. User administration procedures C. Operating System (OS) baselines D. System backup documentation

A. Change management processes

In which of the following programs is it MOST important to include the collection of security process data? A. Quarterly access reviews B. Security continuous monitoring C. Business continuity testing D. Annual security training

B. Security continuous monitoring

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files? A. Host VM monitor audit logs B. Guest OS access controls C. Host VM access controls D. Guest OS audit logs

B. Guest OS access controls

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure? A. Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken B. Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability C. Management teams will understand the testing objectives and reputational risk to the organization D. Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

D. Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Which of the following could cause a Denial of Service (DoS) against an authentication system? A. Encryption of audit logs B. No archiving of audit logs C. Hashing of audit logs D. Remote access audit logs

B. No archiving of audit logs

When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network? A. Ping testing B. Mapping tools C. Asset register D. Topology diagrams

B. Mapping tools

Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization’s systems? A. Standardized configurations for devices B. Standardized patch testing equipment C. Automated system patching D. Management support for patching

A. Standardized configurations for devices

An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject’s data? A. Aggregate it into one database in the US B. Process it in the US, but store the information in France C. Share it with a third party D. Anonymize it and process it in the US

D. Anonymize it and process it in the US

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following? A. Known-plaintext attack B. Denial of Service (DoS) C. Cookie manipulation D. Structured Query Language (SQL) injection

C. Cookie manipulation

Assessing a third party’s risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain. Which of the following is LEAST associated with the attack surface? A. Input protocols B. Target processes C. Error messages D. Access rights

C. Error messages

What are the steps of a risk assessment? A. identification, analysis, evaluation B. analysis, evaluation, mitigation C. classification, identification, risk management D. identification, evaluation, mitigation

A. identification, analysis, evaluation

After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT affect the network security posture? A. Conduct an Assessment and Authorization (A&A) B. Conduct a security impact analysis C. Review the results of the most recent vulnerability scan D. Conduct a gap analysis with the baseline configuration

B. Conduct a security impact analysis

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was this error MOST likely made? A. Enumeration B. Reporting C. Detection D. Discovery

C. Detection

Which of the following is a responsibility of the information owner? A. Ensure that users and personnel complete the required security training to access the Information System (IS) B. Defining proper access to the Information System (IS), including privileges or access rights C. Managing identification, implementation, and assessment of common security controls D. Ensuring the Information System (IS) is operated according to agreed upon security requirements

C. Managing identification, implementation, and assessment of common security controls

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause? A. Absence of a Business Intelligence (BI) solution B. Inadequate cost modeling C. Improper deployment of the Service-Oriented Architecture (SOA) D. Insufficient Service Level Agreement (SLA)

D. Insufficient Service Level Agreement (SLA)

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations? A. Walkthrough B. Simulation C. Parallel D. White box

C. Parallel

What is the PRIMARY reason for implementing change management? A. Certify and approve releases to the environment B. Provide version rollbacks for system changes C. Ensure that all applications are approved D. Ensure accountability for changes to the environment

D. Ensure accountability for changes to the environment

Which of the following is a PRIMARY advantage of using a third-party identity service? A. Consolidation of multiple providers B. Directory synchronization C. Web based logon D. Automated account management

D. Automated account management

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions? A. Continuously without exception for all security controls B. Before and after each change of the control C. At a rate concurrent with the volatility of the security control D. Only during system implementation and decommissioning

B. Before and after each change of the control

A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following? A. Guaranteed recovery of all business functions B. Minimization of the need decision making during a crisis C. Insurance against litigation following a disaster D. Protection from loss of organization resources

D. Protection from loss of organization resources

When is a Business Continuity Plan (BCP) considered to be valid? A. When it has been validated by the Business Continuity (BC) manager B. When it has been validated by the board of directors C. When it has been validated by all threat scenarios D. When it has been validated by realistic exercises

D. When it has been validated by realistic exercises

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following? A. Hardware and software compatibility issues B. Applications’ critically and downtime tolerance C. Budget constraints and requirements D. Cost/benefit analysis and business objectives

D. Cost/benefit analysis and business objectives

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours? A. Warm site B. Hot site C. Mirror site D. Cold site

A. Warm site

Who is accountable for the information within an Information System (IS)? A. Security manager B. System owner C. Data owner D. Data processor

B. System owner

A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and communications are established. What MUST be considered or evaluated before performing the next step? A. Notifying law enforcement is crucial before hashing the contents of the server hard drive B. Identifying who executed the incident is more important than how the incident happened C. Removing the server from the network may prevent catching the intruder D. Copying the contents of the hard drive to another storage device may damage the evidence

C. Removing the server from the network may prevent catching the intruder

Due to system constraints, a group of system administrators must share a high-level access set of credentials. Which of the following would be MOST appropriate to implement? A. Increased console lockout times for failed logon attempts B. Reduce the group in size C. A credential check-out process for a per-use basis D. Full logging on affected systems

C. A credential check-out process for a per-use basis

Which of the following is the MOST efficient mechanism to account for all staff during a speedy non-emergency evacuation from a large security facility? A. Large mantrap where groups of individuals leaving are identified using facial recognition technology B. Radio Frequency Identification (RFID) sensors worn by each employee scanned by sensors at each exit door C. Emergency exits with push bars with coordinates at each exit checking off the individual against a predefined list D. Card-activated turnstile where individuals are validated upon exit

B. Radio Frequency Identification (RFID) sensors worn by each employee scanned by sensors at each exit door

What does electronic vaulting accomplish? A. It protects critical files. B. It ensures the fault tolerance of Redundant Array of Independent Disks (RAID) systems C. It stripes all database records D. It automates the Disaster Recovery Process (DRP)

A. It protects critical files.

A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user’s desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst’s next step? A. Send the log file co-workers for peer review B. Include the full network traffic logs in the incident report C. Follow organizational processes to alert the proper teams to address the issue. D. Ignore data as it is outside the scope of the investigation and the analyst’s role.

C. Follow organizational processes to alert the proper teams to address the issue.

What is the MAIN purpose of a change management policy? A. To assure management that changes to the Information Technology (IT) infrastructure are necessary B. To identify the changes that may be made to the Information Technology (IT) infrastructure C. To verify that changes to the Information Technology (IT) infrastructure are approved D. To determine the necessary for implementing modifications to the Information Technology (IT) infrastructure

C. To verify that changes to the Information Technology (IT) infrastructure are approved

Which of the following is the PRIMARY risk with using open source software in a commercial software construction? A. Lack of software documentation B. License agreements requiring release of modified code C. Expiration of the license agreement D. Costs associated with support of the software

D. Costs associated with support of the software

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)? A. System acquisition and development B. System operations and maintenance C. System initiation D. System implementation

B. System operations and maintenance

What is the BEST approach to addressing security issues in legacy web applications? A. Debug the security issues B. Migrate to newer, supported applications where possible C. Conduct a security assessment D. Protect the legacy application with a web application firewall

D. Protect the legacy application with a web application firewall

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs? A. Check arguments in function calls B. Test for the security patch level of the environment C. Include logging functions D. Digitally sign each application module

B. Test for the security patch level of the environment

An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred? A. Denial of Service (DoS) attack B. Address Resolution Protocol (ARP) spoof C. Buffer overflow D. Ping flood attack

A. Denial of Service (DoS) attack

Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage? A. Transference B. Covert channel C. Bleeding D. Cross-talk

D. Cross-talk

What is an advantage of Elliptic Curve Cryptography (ECC)? A. Cryptographic approach that does not require a fixed-length key B. Military-strength security that does not depend upon secrecy of the algorithm C. Opportunity to use shorter keys for the same level of security D. Ability to use much longer keys for greater security

C. Opportunity to use shorter keys for the same level of security

Backup information that is critical to the organization is identified through a A. Vulnerability Assessment (VA). B. Business Continuity Plan (BCP). C. Business Impact Analysis (BIA). D. data recovery analysis.

C. Business Impact Analysis (BIA).

When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted? A. Into the options field B. Between the delivery header and payload C. Between the source and destination addresses D. Into the destination address

B. Between the delivery header and payload

During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory? A. Calculate the value of assets being accredited. B. Create a list to include in the Security Assessment and Authorization package. C. Identify obsolete hardware and software. D. Define the boundaries of the information system.

A. Calculate the value of assets being accredited.

When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security? A. Accept the risk on behalf of the organization. B. Report findings to the business to determine security gaps. C. Quantify the risk to the business for product selection. D. Approve the application that best meets security requirements.

C. Quantify the risk to the business for product selection.

The goal of a Business Impact Analysis (BIA) is to determine which of the following? A. Cost effectiveness of business recovery B. Cost effectiveness of installing software security patches C. Resource priorities for recovery and Maximum Tolerable Downtime (MTD) D. Which security measures should be implemented

C. Resource priorities for recovery and Maximum Tolerable Downtime (MTD)

An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern? A. Ownership B. Confidentiality C. Availability D. Integrity

C. Availability

What does the Maximum Tolerable Downtime (MTD) determine? A. The estimated period of time a business critical database can remain down before customers are affected. B. The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning C. The estimated period of time a business can remain interrupted beyond which it risks never recovering D. The fixed length of time in a DR process before redundant systems are engaged

C. The estimated period of time a business can remain interrupted beyond which it risks never recovering

What is a characteristic of Secure Sockets Layer (SSL) and Transport Layer Security (TLS)? A. SSL and TLS provide a generic channel security mechanism on top of Transmission Control Protocol (TCP). B. SSL and TLS provide nonrepudiation by default. C. SSL and TLS do not provide security for most routed protocols. D. SSL and TLS provide header encapsulation over HyperText Transfer Protocol (HTTP).

A. SSL and TLS provide a generic channel security mechanism on top of Transmission Control Protocol (TCP).

How does a Host Based Intrusion Detection System (HIDS) identify a potential attack? A. Examines log messages or other indications on the system. B. Monitors alarms sent to the system administrator C. Matches traffic patterns to virus signature files D. Examines the Access Control List (ACL)

A. Examines log messages or other indications on the system.

Which of the following BEST represents the concept of least privilege? A. Access to an object is denied unless access is specifically allowed. B. Access to an object is only available to the owner. C. Access to an object is allowed unless it is protected by the information security policy. D. Access to an object is only allowed to authenticated users via an Access Control List (ACL).

A. Access to an object is denied unless access is specifically allowed.

Which of the following is an advantage of on-premise Credential Management Systems? A. Lower infrastructure capital costs B. Control over system configuration C. Reduced administrative overhead D. Improved credential interoperability

B. Control over system configuration

Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives? A. Delete every file on each drive. B. Destroy the partition table for each drive using the command line. C. Degauss each drive individually. D. Perform multiple passes on each drive using approved formatting methods.

D. Perform multiple passes on each drive using approved formatting methods.

Which of the following BEST describes Recovery Time Objective (RTO)? A. Time of application resumption after disaster B. Time of application verification after disaster. C. Time of data validation after disaster. D. Time of data restoration from backup after disaster.

A. Time of application resumption after disaster

The PRIMARY purpose of accreditation is to: A. comply with applicable laws and regulations. B. allow senior management to make an informed decision regarding whether to accept the risk of operating the system. C. protect an organization’s sensitive data. D. verify that all security controls have been implemented properly and are operating in the correct manner.

B. allow senior management to make an informed decision regarding whether to accept the risk of operating the system.

Which of the following is a weakness of Wired Equivalent Privacy (WEP)? A. Length of Initialization Vector (IV) B. Protection against message replay C. Detection of message tampering D. Built-in provision to rotate keys

A. Length of Initialization Vector (IV)

Which of the following is the MAIN reason for using configuration management? A. To provide centralized administration B. To reduce the number of changes C. To reduce errors during upgrades D. To provide consistency in security controls

D. To provide consistency in security controls

Which of the following is MOST important when deploying digital certificates? A. Validate compliance with X.509 digital certificate standards B. Establish a certificate life cycle management framework C. Use a third-party Certificate Authority (CA) D. Use no less than 256-bit strength encryption when creating a certificate

B. Establish a certificate life cycle management framework

A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in place. Which is the MOST suitable approach that the administrator should take? A. Administrator should request data owner approval to the user access B. Administrator should request manager approval for the user access C. Administrator should directly grant the access to the non-sensitive files D. Administrator should assess the user access need and either grant or deny the access

A. Administrator should request data owner approval to the user access

A proxy firewall operates at what layer of the Open System Interconnection (OSI) model? A. Transport B. Data link C. Network D. Application

D. Application

Which of the following restricts the ability of an individual to carry out all the steps of a particular process? A. Job rotation B. Separation of duties C. Least privilege D. Mandatory vacations

B. Separation of duties

Although code using a specific program language may not be susceptible to a buffer overflow attack. A. most calls to plug-in programs are susceptible. B. most supporting application code is susceptible. C. the graphical images used by the application could be susceptible. D. the supporting virtual machine could be susceptible.

D. the supporting virtual machine could be susceptible.

What is the BEST way to encrypt web application communications? A. Secure Hash Algorithm 1 (SHA-1) B. Secure Sockets Layer (SSL) C. Cipher Block Chaining Message Authentication Code (CBC-MAC) D. Transport Layer Security (TLS)

D. Transport Layer Security (TLS)

Which of the following are effective countermeasures against passive network-layer attacks? A. Federated security and authenticated access controls B. Trusted software development and run time integrity controls C. Encryption and security enabled applications D. Enclave boundary protection and computing environment defense

C. Encryption and security enabled applications

What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)? A. Management support B. Consideration of organizational need C. Technology used for delivery D. Target audience

A. Management support

A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action? A. Ignore the request and do not perform the change. B. Perform the change as requested, and rely on the next audit to detect and report the situation. C. Perform the change, but create a change ticket regardless to ensure there is complete traceability. D. Inform the audit committee or internal audit directly using the corporate whistleblower process.

D. Inform the audit committee or internal audit directly using the corporate whistleblower process.

Which of the following is the MOST important goal of information asset valuation? A. Developing a consistent and uniform method of controlling access on information assets B. Developing appropriate access control policies and guidelines C. Assigning a financial value to an organization’s information assets D. Determining the appropriate level of protection

D. Determining the appropriate level of protection

Which of the following BEST describes a chosen plaintext attack? A. The cryptanalyst can generate ciphertext from arbitrary text. B. The cryptanalyst examines the communication being sent back and forth. C. The cryptanalyst can choose the key and algorithm to mount the attack. D. The cryptanalyst is presented with the ciphertext from which the original message is determined.

A. The cryptanalyst can generate ciphertext from arbitrary text.

For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies? A. Alert data B. User data C. Content data D. Statistical data

D. Statistical data

The PRIMARY outcome of a certification process is that it provides documented A. interconnected systems and their implemented security controls. B. standards for security assessment, testing, and process evaluation. C. system weakness for remediation. D. security analyses needed to make a risk-based decision.

D. security analyses needed to make a risk-based decision.

A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized? A. Confidentiality B. Integrity C. Availability D. Accessibility

A. Confidentiality Explanation: Mandatory Access Control (MAC) is system-enforced access control based on a subject’s clearance and an object’s labels. Subjects and Objects have clearances and labels, respectively, such as confidential, secret, and top secret. A subject may access an object only if the subject’s clearance is equal to or greater than the object’s label. Subjects cannot share objects with other subjects who lack the proper clearance, or “write down” objects to a lower classification level (such as from top secret to secret). MAC systems are usually focused on preserving the confidentiality of data.

A vulnerability in which of the following components would be MOST difficult to detect? A. Kernel B. Shared libraries C. Hardware D. System application

C. Hardware

During which of the following processes is least privilege implemented for a user account? A. Provision B. Approve C. Request D. Review

A. Provision

Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item? A. Property book B. Chain of custody form C. Search warrant return D. Evidence tag

B. Chain of custody form

Which of the following is needed to securely distribute symmetric cryptographic keys? A. Officially approved Public-Key Infrastructure (PKI) Class 3 or Class 4 certificates B. Officially approved and compliant key management technology and processes C. An organizationally approved communication protection policy and key management plan D. Hardware tokens that protect the user’s private key.

C. An organizationally approved communication protection policy and key management plan

Reciprocal backup site agreements are considered to be A. a better alternative than the use of warm sites. B. difficult to test for complex systems. C. easy to implement for similar types of organizations. D. easy to test and implement for complex systems.

C. easy to implement for similar types of organizations.

In order to assure authenticity, which of the following are required? A. Confidentiality and authentication B. Confidentiality and integrity C. Authentication and non-repudiation D. Integrity and non-repudiation

D. Integrity and non-repudiation

At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled? A. Transport Layer B. Data-Link Layer C. Network Layer D. Application Layer

C. Network Layer

An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective? A. Third-party vendor with access to the system B. System administrator access compromised C. Internal attacker with access to the system D. Internal user accidentally accessing data

B. System administrator access compromised

A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually? A. Asset Management, Business Environment, Governance and Risk Assessment B. Access Control, Awareness and Training, Data Security and Maintenance C. Anomalies and Events, Security Continuous Monitoring and Detection Processes D. Recovery Planning, Improvements and Communications

A. Asset Management, Business Environment, Governance and Risk Assessment

What is the difference between media marking and media labeling? A. Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures. B. Media labeling refers to the use of human-readable security attributes, while media marking refers to the use of security attributes in internal data structures. C. Media labeling refers to security attributes required by public policy/law, while media marking refers to security required by internal organizational policy. D. Media marking refers to security attributes required by public policy/law, while media labeling refers to security attributes required by internal organizational policy.

A. Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures.

What balance MUST be considered when web application developers determine how informative application error messages should be constructed? A. Risk versus benefit B. Availability versus auditability C. Confidentiality versus integrity D. Performance versus user satisfaction

A. Risk versus benefit

What operations role is responsible for protecting the enterprise from corrupt or contaminated media? A. Information security practitioner B. Information librarian C. Computer operator D. Network administrator

B. Information librarian

In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ? A. Reduced risk to internal systems. B. Prepare the server for potential attacks. C. Mitigate the risk associated with the exposed server. D. Bypass the need for a firewall.

A. Reduced risk to internal systems.

Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine? A. Addresses and protocols of network-based logs are analyzed. B. Host-based system logging has files stored in multiple locations. C. Properly handled network-based logs may be more reliable and valid. D. Network-based systems cannot capture users logging into the console.

A. Addresses and protocols of network-based logs are analyzed.

Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device? A. Transport and Session B. Data-Link and Transport C. Network and Session D. Physical and Data-Link

C. Network and Session

Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test? A. Reversal B. Gray box C. Blind D. White box

C. Blind

Which of the following countermeasures is the MOST effective in defending against a social engineering attack? A. Mandating security policy acceptance B. Changing individual behavior C. Evaluating security awareness training D. Filtering malicious e-mail content

C. Evaluating security awareness training

A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance? A. Enterprise asset management framework B. Asset baseline using commercial off the shelf software C. Asset ownership database using domain login records D. A script to report active user logins on assets

A. Enterprise asset management framework

In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of A. systems integration. B. risk management. C. quality assurance. D. change management.

D. change management.

As a best practice, the Security Assessment Report (SAR) should include which of the following sections? A. Data classification policy B. Software and hardware inventory C. Remediation recommendations D. Names of participants

B. Software and hardware inventory

Which of the following media sanitization techniques is MOST likely to be effective for an organization using public cloud services? A. Low-level formatting B. Secure-grade overwrite erasure C. Cryptographic erasure D. Drive degaussing

B. Secure-grade overwrite erasure

What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack? A. Radio Frequency (RF) attack B. Denial of Service (DoS) attack C. Data modification attack D. Application-layer attack

B. Denial of Service (DoS) attack

Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring? A. Logging and audit trail controls to enable forensic analysis B. Security incident response lessons learned procedures C. Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system D. Transactional controls focused on fraud prevention

C. Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system

Which of the following is a remote access protocol that uses a static authentication? A. Point-to-Point Tunneling Protocol (PPTP) B. Routing Information Protocol (RIP) C. Password Authentication Protocol (PAP) D. Challenge Handshake Authentication Protocol (CHAP)

C. Password Authentication Protocol (PAP)

Determining outage costs caused by a disaster can BEST be measured by the A. cost of redundant systems and backups. B. cost to recover from an outage. C. overall long-term impact of the outage. D. revenue lost during the outage.

C. overall long-term impact of the outage.

Which of the following is considered a secure coding practice? A. Use concurrent access for shared variables and resources B. Use checksums to verify the integrity of libraries C. Use new code for common tasks D. Use dynamic execution functions to pass user supplied data

B. Use checksums to verify the integrity of libraries

As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed? A. Use a web scanner to scan for vulnerabilities within the website. B. Perform a code review to ensure that the database references are properly addressed. C. Establish a secure connection to the web server to validate that only the approved ports are open. D. Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.

D. Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.

Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals? A. Senior management B. Information security department C. Audit committee D. All users

C. Audit committee

Which of the following alarm systems is recommended to detect intrusions through windows in a high-noise, occupied environment? A. Acoustic sensor B. Motion sensor C. Shock sensor D. Photoelectric sensor

C. Shock sensor

Which of the following is the MOST effective practice in managing user accounts when an employee is terminated? A. Implement processes for automated removal of access for terminated employees. B. Delete employee network and system IDs upon termination. C. Manually remove terminated employee user-access to all systems and applications. D. Disable terminated employee network ID to remove all access.

D. Disable terminated employee network ID to remove all access.

Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations? A. Having emergency contacts established for the general employee population to get information B. Conducting business continuity and disaster recovery training for those who have a direct role in the recovery C. Designing business continuity and disaster recovery training programs for different audiences D. Publishing a corporate business continuity and disaster recovery plan on the corporate website

C. Designing business continuity and disaster recovery training programs for different audiences

What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique? A. Purging B. Encryption C. Destruction D. Clearing

A. Purging

Which one of the following considerations has the LEAST impact when considering transmission security? A. Network availability B. Node locations C. Network bandwidth D. Data integrity

C. Network bandwidth

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase? A. System acquisition and development B. System operations and maintenance C. System initiation D. System implementation

D. System implementation

Which of the following is the BEST reason for the use of security metrics? A. They ensure that the organization meets its security objectives. B. They provide an appropriate framework for Information Technology (IT) governance. C. They speed up the process of quantitative risk assessment. D. They quantify the effectiveness of security processes.

B. They provide an appropriate framework for Information Technology (IT) governance.

Which of the following are important criteria when designing procedures and acceptance criteria for acquired software? A. Code quality, security, and origin B. Architecture, hardware, and firmware C. Data quality, provenance, and scaling D. Distributed, agile, and bench testing

A. Code quality, security, and origin

An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses? A. The Data Protection Authority (DPA) B. The Cloud Service Provider (CSP) C. The application developers D. The data owner

D. The data owner

What capability would typically be included in a commercially available software package designed for access control? A. Password encryption B. File encryption C. Source library control D. File authentication

A. Password encryption

An organization plan on purchasing a custom software product developed by a small vendor to support its business model. Which unique consideration should be made part of the contractual agreement potential long-term risks associated with creating this dependency? A. A source code escrow clause B. Right to request an independent review of the software source code C. Due diligence form requesting statements of compliance with security requirements D. Access to the technical documentation

B. Right to request an independent review of the software source code

Which of the following is the MOST important security goal when performing application interface testing? A. Confirm that all platforms are supported and function properly B. Evaluate whether systems or components pass data and control correctly to one another C. Verify compatibility of software, hardware, and network connections D. Examine error conditions related to external interfaces to prevent application details leakage

B. Evaluate whether systems or components pass data and control correctly to one another

Which of the following is the MOST common method of memory protection? A. Compartmentalization B. Segmentation C. Error correction D. Virtual Local Area Network (VLAN) tagging

B. Segmentation

Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)? A. The likelihood and impact of a vulnerability B. Application interface entry and endpoints C. Countermeasures and mitigations for vulnerabilities D. A data flow diagram for the application and attack surface analysis

D. A data flow diagram for the application and attack surface analysis

Continuity of operations is BEST supported by which of the following? A. Confidentiality, availability, and reliability B. Connectivity, reliability, and redundancy C. Connectivity, reliability, and recovery D. Confidentiality, integrity, and availability

B. Connectivity, reliability, and redundancy

Which of the following is true of Service Organization Control (SOC) reports? A. SOC 1 Type 2 reports assess the security, confidentiality, integrity, and availability of an organization’s controls B. SOC 2 Type 2 reports include information of interest to the service organization’s management C. SOC 2 Type 2 reports assess internal controls for financial reporting D. SOC 3 Type 2 reports assess internal controls for financial reporting

B. SOC 2 Type 2 reports include information of interest to the service organization’s management

What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities? A. Manual inspections and reviews B. Penetration testing C. Threat modeling D. Source code review

C. Threat modeling

Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security? A. Peer authentication B. Payload data encryption C. Session encryption D. Hashing digest

C. Session encryption

What is the MOST common component of a vulnerability management framework? A. Risk analysis B. Patch management C. Threat analysis D. Backup management

B. Patch management

A new Chief Information Officer (CIO) created a group to write a data retention policy based on applicable laws. Which of the following is the PRIMARY motivation for the policy? A. To back up data that is used on a daily basis B. To dispose of data in order to limit liability C. To reduce costs by reducing the amount of retained data D. To classify data according to what it contains

B. To dispose of data in order to limit liability

What determines the level of security of a combination lock? A. Complexity of combination required to open the lock B. Amount of time it takes to brute force the combination C. The number of barrels associated with the internal mechanism D. The hardness score of the metal lock material

A. Complexity of combination required to open the lock

A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3) to it. Which of the following is the MOST likely reason for doing so? A. It verifies the integrity of the file. B. It checks the file for malware. C. It ensures the entire file downloaded. D. It encrypts the entire file.

A. It verifies the integrity of the file.

Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services? A. The acquiring organization B. The service provider C. The risk executive (function) D. The IT manager

C. The risk executive (function)

Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues? A. Test B. Assessment C. Review D. Peer review

C. Review

Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host? A. An Intrusion Detection System (IDS) has dropped the packets. B. The network is connected using switches. C. The network is connected using hubs. D. The network’s firewall does not allow sniffing.

B. The network is connected using switches.

Which of the following is the PRIMARY mechanism used to limit the range of objects available to a given subject within different execution domains? A. Process isolation B. Data hiding and abstraction C. Use of discrete layering and Application Programming Interfaces (API) D. Virtual Private Network (VPN)

C. Use of discrete layering and Application Programming Interfaces (API)

Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized? A. Information Owner (IO) B. System Administrator C. Business Continuity (BC) Manager D. Chief Information Officer (CIO)

A. Information Owner (IO)

What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators? A. Isolate and contain the intrusion. B. Notify system and application owners. C. Apply patches to the Operating Systems (OS). D. Document and verify the intrusion.

B. Notify system and application owners.

Which of the following needs to be taken into account when assessing vulnerability? A. Risk identification and validation B. Threat mapping C. Risk acceptance criteria D. Safeguard selection

A. Risk identification and validation

For the purpose of classification, which of the following is used to divide trust domain and trust boundaries? A. Network architecture B. Integrity C. Identity Management (IdM) D. Confidentiality management

A. Network architecture

Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/Internet Protocol (TCP/IP) traffic? A. Packet-filter firewall B. Content-filtering web proxy C. Stateful inspection firewall D. Application-level firewall

C. Stateful inspection firewall

An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of? A. Reasonable data B. Population of required fields C. Allowed number of characters D. Session testing

C. Allowed number of characters

An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application? A. Reasonable data testing B. Input validation testing C. Web session testing D. Allowed data bounds and limits testing

B. Input validation testing

Which of the following techniques BEST prevents buffer overflows? A. Boundary and perimeter offset B. Character set encoding C. Code auditing D. Variant type and bit length

B. Character set encoding

A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system? A. Intrusion Prevention System (IPS) B. Denial of Service (DoS) protection solution C. One-time Password (OTP) token D. Web Application Firewall (WAF)

A. Intrusion Prevention System (IPS)

What principle requires that changes to the plaintext affect many parts of the ciphertext? A. Encapsulation B. Permutation C. Diffusion D. Obfuscation

C. Diffusion

Which of the following BEST describes how access to a system is granted to federated user accounts? A. With the federation assurance level B. Based on defined criteria by the Relying Party (RP) C. Based on defined criteria by the Identity Provider (IdP) D. With the identity assurance level

C. Based on defined criteria by the Identity Provider (IdP)

Questions Flashcards

(200 cards)