Group 11

Question 1

Management has decided that a core application will be used on personal cellular phones. As an implementation requirement, regularly scheduled analysis of the security posture needs to be conducted. Management has also directed that continuous monitoring be implemented. Which of the following is required to accomplish management’s directive?
A. Strict integration of application management, configuration management (CM), and phone management
B. Management application installed on user phones that tracks all application events and cellular traffic
C. Enterprise-level security information and event management (SIEM) dashboard that provides full visibility of cellular phone activity
D. Routine reports generated by the user’s cellular phone provider that detail security events

Answer 1

Answer: B

Question 2

What is the FIRST step prior to executing a test of an organisation’s disaster recovery (DR) or business continuity plan (BCP)?
A. identify key stakeholders,
B. Develop recommendations for disaster scenarios.
C. Identify potential failure points.
D. Develop clear evaluation criteria.

Answer 2

Answer: D

Question 3

Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?
A. Host-based intrusion prevention system (HIPS)
B. Access control list (ACL)
C. File integrity monitoring (FIM)
D. Data loss prevention (DLP)

Answer 3

Answer: B

Question 4

Before implementing an internet-facing router, a network administrator ensures that the equipment is baselined/hardened according to approved configurations and settings. This action provides protection against which of the following attacks?
A. Blind spoofing
B. Media Access Control (MAC) flooding
C. SQL injection (SQLI)
D. Ransomware

Answer 4

Answer: B

Question 5

A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three
months. The audit logging generates extremely high amount of logs. What is the MOST appropriate strategy for the log retention?
A. Keep last week’s logs in an online storage and the rest in a near-line storage.
B. Keep all logs in an online storage.
C. Keep all logs in an offline storage.
D. Keep last week’s logs in an online storage and the rest in an offline storage.

Answer 5

Answer: D

Question 6

Which of the following is the MOST comprehensive Business Continuity (BC) test?
A. Full functional drill
B. Full table top
C. Full simulation
D. Full interruption

Answer 6

Answer: C

Question 7

The disaster recovery (DR) process should always include
A. plan maintenance.
B. periodic vendor review.
C. financial data analysis.
D. periodic inventory review.

Answer 7

Answer: A

Question 8

Which of the following BEST describes the purpose of software forensics?
A. To perform cyclic redundancy check (CRC) verification and detect changed applications
B. To review program code to determine the existence of backdoors
C. To analyze possible malicious intent of malware
D. To determine the author and behavior of the code

Answer 8

Answer: D

Question 9

The security architect has been assigned the responsibility of ensuring integrity of the organization’s electronic records. Which of the following methods provides
the strongest level of integrity?
A. Time stamping
B. Encryption
C. Hashing
D. Digital signature

Answer 9

Answer: D

Question 10

An application is used for funds transfer between an organization and a third-party. During a security audit, an issue with the business continuity/disaster recovery policy and procedures for this application. Which of the following reports should the audit file with the organization?
A. Service Organization Control (SOC) 1
B. Statement on Auditing Standards (SAS) 70
C. Service Organization Control (SOC) 2
D. Statement on Auditing Standards (SAS) 70-1

Answer 10

Answer: C

Question 11

An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization’s dedicated environment with a cloud service provider. What is the BEST way to prevent and correct the software’s security weal
A. Implement a dedicated COTS sandbox environment
B. Follow the software end-of-life schedule
C. Transfer the risk to the cloud service provider
D. Examine the software updating and patching process

Answer 11

Answer: A

Question 12

Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users internal control over financial reporting?
A. Statement on Auditing Standards (SAS)70
B. Service Organization Control 1 (SOC1)
C. Service Organization Control 2 (SOC2)
D. Service Organization Control 3 (SOC3)

Answer 12

Answer: B

Question 13

The Chief Information Security Officer (CISO) is concerned about business application availability. The organization was recently subject to a ransomware attack that resulted in the unavailability of applications and services for 10 working days that required paper-based running of all main business processes. There are now aggressive plans to enhance the Recovery Time Objective (RTO) and cater for more frequent data captures. Which of the following solutions should be implemented to fully comply to the new business requirements?
A. Virtualization
B. Antivirus
C. Process isolation
D. Host-based intrusion prevention system (HIPS)

Answer 13

Answer: A

Question 14

Which of the following is the GREATEST risk of relying only on Capability Maturity Models (CMM) for software to guide process improvement and assess capabilities of acquired software?
A. Organizations can only reach a maturity level 3 when using CMMs
B. CMMs do not explicitly address safety and security
C. CMMs can only be used for software developed in-house
D. CMMs are vendor specific and may be biased

Answer 14

Answer: B

Question 15

Which of the following should exist in order to perform a security audit?
A. Industry framework to audit against
B. External (third-party) auditor
C. Internal certified auditor
D. Neutrality of the auditor

Answer 15

Answer: D

Question 16

Which of the following encryption technologies has the ability to function as a stream cipher?
A. Cipher Feedback (CFB)
B. Feistel cipher
C. Cipher Block Chaining (CBC) with error propagation
D. Electronic Code Book (ECB)

Answer 16

Answer: A

Question 17

An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim’s existing browser session with a web application is an example of which of the following types of attack?
A. Cross-Site Scripting (XSS)
B. Cross-site request forgery (CSRF)
C. Injection
D. Click jacking

Answer 17

Answer: B

Question 18

Which of the following is the BEST method to identify security controls that should be implemented for a web-based application while in development?
A. Application threat modeling
B. Secure software development.
C. Agile software development
D. Penetration testing

Answer 18

Answer: A

Question 19

A security professional has reviewed a recent site assessment and has noted that a server room on the second floor of a building has Heating, Ventilation, and Air Conditioning (HVAC)
intakes on the ground level that have ultraviolet light filters installed, Aero-K Fire suppression in the server room, and pre-action fire suppression on floors above the server
room. Which of the following changes can the security professional recommend to reduce risk associated with these conditions?
A. Remove the ultraviolet light filters on the HVAC intake and replace the fire suppression system on the upper floors with a dry system
B. Add additional ultraviolet light filters to the HVAC intake supply and return ducts and change server room fire suppression to FM-200
C. Apply additional physical security around the HVAC intakes and update upper floor fire suppression to FM-200.
D. Elevate the HVAC intake by constructing a plenum or external shaft over it and convert the server room fire suppression to a pre-action system

Answer 19

Answer: C

Question 20

An organization is setting a security assessment scope with the goal of developing a Security Management Program (SMP). The next step is to select an approach for conducting the risk assessment. Which of the following approaches is MOST effective for the SMP?
A. Data driven risk assessment with a focus on data
B. Security controls driven assessment that focuses on controls management
C. Business processes based risk assessment with a focus on business goals
D. Asset driven risk assessment with a focus on the assets

Answer 20

Answer: A

Question 21

Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?
A. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature: Rivest-Shamir-Adleman (RSA) (1024 bits)
B. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature: Digital Signature Algorithm (DSA) (>=2048 bits)
C. Diffie-hellman (DH) key exchange: DH (<= 1024 bits) Symmetric Key: Blowfish
Digital Signature: Rivest-Shamir-Adleman (RSA) (>=2048 bits)
D. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) < 128 bits
Digital Signature: Elliptic Curve Digital Signature Algorithm (ECDSA) (>=256 bits)

Answer 21

Answer: C

Question 22

An international trading organization that holds an International Organization for Standardization (ISO) 27001 certification is seeking to outsource their security monitoring to a managed security service provider (MSSP), The trading organization’s security officer is tasked with drafting the requirements that need to be included in the outsourcing contract.
Which of the following MUST be included in the contract?
A. A detailed overview of all equipment involved in the outsourcing contract
B. The MSSP having an executive manager responsible for information security
C. The right to perform security compliance tests on the MSSP’s equipment
D. The right to audit the MSSP’s security process

Answer 22

Answer: C

Question 23

Which of the following is the MOST effective measure for dealing with rootkit attacks?
A. Turing off unauthorized services and rebooting the system
B. Finding and replacing the altered binaries with legitimate ones
C. Restoring the system from the last backup
D. Reinstalling the system from trusted sources

Answer 23

Answer: D

Question 24

While classifying credit card data related to Payment Card Industry Data Security Standards (PCI-DSS), which of the following is a PRIMARY security requirement?
A. Processor agreements with card holders
B. Three-year retention of data
C. Encryption of data
D. Specific card disposal methodology

Answer 24

Answer: C

Question 25

Write Once, Read Many (WORM) data storage devices are designed to BEST support which of the following core security concepts?
A. lntegrity
B. Scalability
C. Availability
D. Confidentiality

Answer 25

Answer: A

Question 26

What is the MOST important factor in establishing an effective Information Security Awareness Program?
A. Obtain management buy-in.
B. Conduct an annual security awareness event.
C. Mandate security training.
D. Hang information security posters on the walls,

Answer 26

Answer: C

Question 27

Which of the following events prompts a review of the disaster recovery plan (DRP)?
A. New members added to the steering committee
B. Completion of the security policy review
C. Change in senior management
D. Organizational merger

Answer 27

Answer: D

Question 28

An organization plans to acquire @ commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization’s security team FIRST get involved in this acquisition’s life cycle?
A. When the system is being designed, purchased, programmed, developed, or otherwise constructed
B. When the system is verified and validated
C. When the system is deployed into production
D. When the need for a system is expressed and the purpose of the system Is documented

Answer 28

Answer: D

Question 29

A developer begins employment with an information technology (IT) organization. On the first day, the developer works through the list of assigned projects and finds that some files within those projects aren’t accessible, Other developers working on the same project have no trouble locating and working on the. What is the MOST likely for the discrepancy in access?
A. The IT administrator had failed to grant the developer privileged access to the servers.
B. The project files were inadvertently deleted.
C. The new developer’s computer had not been added to an access control list (ACL).
D. The new developer’s user account was not associated with the right roles needed for the projects.

Answer 29

Answer: A

Question 30

Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when traveling to high-risk countries?
A. Review applicable destination country laws, forensically clean devices prior to travel, and only download sensitive data over a virtual private network (VPN) upon arriving at the destination.
B. Keep laptops, external storage devices, and smartphones in the hotel room when not in use.
C. Leverage a Secure Socket Layer (SSL) connection over a virtual private network (VPN) to download sensitive data upon arriving at the destination.
D. Use multi-factor authentication (MFA) to gain access to data stored on laptops or external storage devices and biometric fingerprint access control isms to unlock smartphones.

Answer 30

Answer: D

Question 31

Which of the following implementations will achieve high availability in a website?
A. Multiple Domain Name System (DNS) entries resolving to the same web server and large amounts of bandwidth
B. Disk mirroring of the web server with redundant disk drives in a hardened data center
C. Disk striping of the web server hard drives and large amounts of bandwidth
D. Multiple geographically dispersed web servers that are configured for failover

Answer 31

Answer: D

Question 32

Which of the following phases in the software acquisition process does developing evaluation criteria take place?
A. Follow-On
B. Planning
C. Contracting
D. Monitoring and Acceptance

Answer 32

Answer: D

Question 33

Security Software Development Life Cycle (SDLC) expects application code to be written In a consistent manner to allow ease of auditing and which of the following?
A. Protecting
B. Executing
C. Copying
D. Enhancing

Answer 33

Answer: A

Question 34

In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?
A. Organizational Security Policy
B. Security Target (ST)
C. Protection Profile (PP)
D. Target of Evaluation (TOE)

Answer 34

Answer: C

Question 35

Which of the following is considered the FIRST step when designing an internal security control assessment?
A. Create a plan based on recent vulnerability scans of the systems in question.
B. Create a plan based on comprehensive knowledge of known breaches.
C. Create a plan based on a recognized framework of known controls.
D. Create a plan based on reconnaissance of the organization’s infrastructure.

Answer 35

Answer: D

Question 36

The Chief Executive Officer (CEO) wants to implement an internal audit of the company’s information security posture. The CEO wants to avoid any bias in the audit process; therefore, has assigned the Sales Director to conduct the audit. After significant interaction over a period of weeks the audit concludes that the company’s policies and procedures are sufficient, robust and well established. The CEO then moves on to engage an external penetration testing company in order to showcase the organization’s robust information security stance. This exercise reveals significant failings in several critical security controls and shows that the incident response processes remain undocumented. What is the MOST likely reason for this disparity in the results of the audit and the external penetration test?
A. The external penetration testing company used custom zero-day attacks that could not have been predicted.
B. The information technology (IT) and governance teams have failed to disclose relevant information to the internal audit team leading to an incomplete assessment being formulated.
C. The scope of the penetration test exercise and the internal audit were significantly different.
D. The audit team lacked the technical experience and training to make insightful and objective assessments of the data provided to them.

Answer 36

Answer: C

Question 37

A small office is running WiFi 4 APs, and neighboring offices do not want to increase the throughput to associated devices. Which of the following is the MOST cost-efficient way for the office to increase network performance?
A. Add another AP.
B. Disable the 2.4GHz radios
C. Enable channel bonding.
D. Upgrade to WiFi 5.

Answer 37

Answer: C

Question 38

An engineer notices some late collisions on a half-duplex link. The engineer verifies that the devices on both ends of the connection are configured for half duplex. Which of the following is the MOST likely cause of this issue?
A. The link is improperly terminated
B. One of the devices is misconfigured
C. The cable length is excessive.
D. One of the devices has a hardware issue.

Answer 38

Answer: A

Question 39

Which of the following VPN configurations should be used to separate Internet and corporate traffic?
A. Split-tunnel
B. Remote desktop gateway
C. Site-to-site
D. Out-of-band management

Answer 39

Answer: A

Question 40

A technician wants to install a WAP in the center of a room that provides service in a radius surrounding a radio. Which of the following antenna types should the AP utilize?
A. Omni
B. Directional
C. Yagi
D. Parabolic

Answer 40

Answer: A

Question 41

To comply with industry requirements, a security assessment on the cloud server should identify which protocols and weaknesses are being exposed to attackers on the Internet.
Which of the following tools is the MOST appropriate to complete the assessment? A Use tcpdump and parse the output file in a protocol analyzer.
B. Use an IP scanner and target the cloud WAN network addressing
C. Run netstat in each cloud server and retrieve the running processes.
D. Use nmap and set the servers’ public IPs as the targets.

Answer 41

Answer: D

Question 42

Which of the following uses the destination IP address to forward packets?
A. A bridge
B. A Layer 2 switch
C. A router
D. A repeater

Answer 42

Answer: C

Question 43

Which of the following would need to be configured to ensure a device with a specific MAC address is always assigned the same IP address from DHCP?
A. Scope options
B. Reservation
C. Dynamic assignment
D. Exclusion
E. Static assignment

Answer 43

Answer: B

Question 44

Wireless users are reporting intermittent Internet connectivity. Connectivity is restored when the users disconnect and reconnect, utilizing the web authentication process each time.
The network administrator can see the devices connected to the APs at all times. Which of the following steps will MOST likely determine the cause of the issue?
A. Verify the session time-out configuration on the captive portal settings
B. Check for encryption protocol mismatch on the client’s wireless settings.
C. Confirm that a valid passphrase is being used during the web authentication.
D. Investigate for a client’s disassociation caused by an evil twin AP

Answer 44

Answer: A

Question 45

A fiber link connecting two campus networks is broken. Which of the following tools should an engineer use to detect the exact break point of the fiber link?
A. OTDR
B. Tone generator
C. Fusion splicer
D. Cable tester
E. PoE injector

Answer 45

Answer: A

Question 46

Two remote offices need to be connected securely over an untrustworthy MAN. Each office needs to access network shares at the other site. Which of the following will BEST provide this functionality?
A. Client-to-site VPN
B. Third-party VPN service
C. Site-to-site VPN
D. Split-tunnel VPN

Answer 46

Answer: C

Question 47

An IT technician suspects a break in one of the uplinks that provides connectivity to the core switch. Which of the following command-line tools should the technician use to determine where the incident is occurring?
A. nslookup
B. show config
C. netstat
D. show interface
E. show counters

Answer 47

Answer: D

Question 48

Which of the following needs to be tested to achieve a Cat 6a certification for a company’s data cabling?
A. RJ11
B. LC ports
C. Patch panel
D. F-type connector

Answer 48

Answer: C

Question 49

A technician is troubleshooting a client’s report about poor wireless performance. Using a client monitor, the technician notes the following information:

Which of the following is MOST likely the cause of the issue?
A. Channel overlap
B. Poor signal
C. Incorrect power settings
D. Wrong antenna type

Answer 49

Answer: A

Question 50

Which of the following types of devices can provide content filtering and threat protection, and manage multiple IPSec site-to-site connections?
A. Layer 3 switch
B. VPN headend
C. Next-generation firewall
D. Proxy server
E. Intrusion prevention

Answer 50

Answer: C

Question 51

A network administrator is designing a new datacenter in a different region that will need to communicate to the old datacenter with a secure connection. Which of the following access
methods would provide the BEST security for this new datacenter?
A. Virtual network computing
B. Secure Socket Shell
C. in-band connection
D. Site-to-site VPN

Answer 51

Answer: D

Question 52

Which of the following types of datacenter architectures will MOST likely be used in a large SDN and can be extended beyond the datacenter?
A. iSCSI
B. FCoE
C. Three-tiered network
D. Spine and leaf
E Top-of-rack switching

Answer 52

Answer: B

Question 53

At the destination host, which of the following OSI model layers will discard a segment with a bad checksum in the UDP header?
A. Network
B. Data link
C. Transport
D. Session

Answer 53

Answer: C

Question 54

A network administrator is configuring a database server and would like to ensure the database engine is listening on a certain port. Which of the following commands should the administrator use to accomplish this goal?
A. nslookup
B. netstat -a
C. ipeonfig /a
D. arp -a

Answer 54

Answer: B

Question 55

Which of the following routing protocols is used to exchange route information between public autonomous systems?
A. OSPF
B. BGP
C. EIGRP
D. RIP

Answer 55

Answer: B

Question 56

Where can the Open Web Application Security Project (OWASP) list of associated vulnerabilities be found?
A. OWASP Top 10 Project
B. OWASP Software Assurance Maturity Model (SAMM) Project
C. OWASP Guide Project
D. OWASP Mobile Project

Answer 56

Answer: A

Question 57

What is the BEST approach to anonymizing personally identifiable information (PII) in a test environment?
A. Randomizing data
B. Swapping data
C. Encrypting data
D. Encoding data

Answer 57

Answer: C

Question 58

A customer continues to experience attacks on their email, web, and File Transfer Protocol (FTP) servers. These attacks are impacting their business operations. Which of the following is the BEST recommendation to make?
A. Configure an intrusion detection system (IDS).
B. Create a demilitarized zone (DMZ).
C. Deploy a bastion host.
D. Setup a network firewall.

Answer 58

Answer: C

Question 59

Which security feature fully encrypts code and data as it passes to the servers and only decrypts below the hypervisor layer?
A. File-system level encryption
B. Transport Layer Security (TLS)
C. Key management service
D. Trusted execution environments

Answer 59

Answer: D

Question 60

Which of the following techniques evaluates the secure Bet principles of network or software architectures?
A. Threat modeling
B. Risk modeling
C. Waterfall method
D. Fuzzing

Answer 60

Answer: A

Question 61

Which of the following is security control volatility?
A. A reference to the stability of the security control.
B. A reference to how unpredictable the security control is.
C. A reference to the impact of the security control.
D. A reference to the likelihood of change in the security control.

Answer 61

Answer: D

Question 62

When performing an investigation with the potential for legal action, what should be the analyst’s FIRST consideration?
A. Chain-of-custody
B. Authorization to collect
C. Court admissibility
D. Data decryption

Answer 62

Answer: A

Question 63

Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?
A. Proper security controls, security goals, and fault mitigation are properly conducted.
B. Proper security controls, security objectives, and security goals are properly initiated.
C. Security goals, proper security controls, and validation are properly initiated.
D. Security objectives, security goals, and system test are properly conducted.

Answer 63

Answer: B

Question 64

An organization needs a general purpose document to prove that its internal controls properly address security, availability, processing integrity, confidentiality or privacy risks. Which of the following reports is required?
A. A Service Organization Control (SOC) 3 report
B. The Statement on Standards for Attestation Engagements No. 18 (SSAE 18)
C. A Service Organization Control (SOC) 2 report
D. The International Organization for Standardization (ISO) 27001

Answer 64

Answer: C

Question 65

What is the BEST design for securing physical perimeter protection?
A. Crime Prevention through Environmental Design (CPTED)
B. Barriers, fences, gates, and walls
C. Business continuity planning (BCP)
D. Closed-circuit television (CCTV)

Answer 65

Answer: B

Question 66

Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other. The first machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address of 192.168.1.3/30 and the second machine has an IP/CIDR address 192.168.1.6/30. Which of the following is correct?
A. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network bridge in order to communicate.
B. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network bridge in order to communicate.
C. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network router in order to communicate.
D. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network router in order to communicate.

Answer 66

Answer: B

Question 67

The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?
A. Data loss protection (DLP)
B. Intrusion detection
C. Vulnerability scanner
D. Information Technology Asset Management (ITAM)

Answer 67

Answer: D

Question 68

A corporation does not have a formal data destruction policy. During which phase of a criminal legal proceeding will this have the MOST impact?
A. Arraignment
B. Trial
C. Sentencing
D. Discovery

Answer 68

Answer: D

Question 69

Which of the following is the MOST common use of the Online Certificate Status Protocol (OCSP)?
A. To obtain the expiration date of an X.509 digital certificate
B. To obtain the revocation status of an X.509 digital certificate
C. To obtain the author name of an X.509 digital certificate
D. To verify the validity of an X.509 digital certificate

Answer 69

Answer: D

Question 70

Why would a system be structured to isolate different classes of information from one another and segregate them by user jurisdiction?
A. The organization can avoid e-discovery processes in the event of litigation.
B. The organization’s infrastructure is clearly arranged and scope of responsibility is simplified.
C. The organization can vary its system policies to comply with conflicting national laws.
D. The organization is required to provide different services to various third-party organizations.

Answer 70

Answer: C

Question 71

A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?
A. Bitlocker
B. Trusted Platform Module (TPM)
C. Virtual storage array network (VSAN)
D. Hardware security module (HSM)

Answer 71

Answer: D

Question 72

What method could be used to prevent passive attacks against secure voice communications between an organization and its vendor?
A. Encryption in transit
B. Configure a virtual private network (VPN)
C. Configure a dedicated connection
D. Encryption at rest

Answer 72

Answer: A

Question 73

What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?
A. Reset all passwords.
B. Shut down the network.
C. Warn users of a breach.
D. Segment the network.

Answer 73

Answer: D

Question 74

A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?
A. System analyst
B. System security officer
C. System processor
D. System custodian

Answer 74

Answer: D

Question 75

Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?
A. Information Security Management System (ISMS)
B. Information Sharing & Analysis Centers (ISAC)
C. Risk Management Framework (RMF)
D. Information Security Continuous Monitoring (ISCM)

Answer 75

Answer: D

Question 76

Which of the following is a secure design principle for a new product?
A. Build in appropriate levels of fault tolerance.
B. Utilize obfuscation whenever possible.
C. Do not rely on previously used code.
D. Restrict the use of modularization.

Answer 76

Answer: A

Question 77

An application developer receives a report back from the security team showing their automated tools were able to successfully enter unexpected data into the organization’s customer service portal, causing the site to crash. This is an example of which type of testing?
A. Non-functional
B. Positive
C. Performance
D. Negative

Answer 77

Answer: D

Question 78

An organization has determined that its previous waterfall approach to software development is not keeping pace with business demands. To adapt to the rapid changes required for product delivery, the organization has decided to move towards an Agile software development and release cycle. In order to ensure the success of the Agile methodology, who is MOST critical in creating acceptance tests or acceptance criteria for each release?
A. Project managers
B. Software developers
C. Independent testers
D. Business customers

Answer 78

Answer: D

Question 79

A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?
A. Use limitation
B. Individual participation
C. Purpose specification
D. Collection limitation

Answer 79

Answer: D

Question 80

When designing a new Voice over Internet Protocol (VoIP) network, an organization’s top concern is preventing unauthorized users accessing the VoIP network. Which of the following will BEST help secure the VoIP network?
A. Transport Layer Security (TLS)
B. 802.1x
C. 802.119
D. Web application firewall (WAF)

Answer 80

Answer: A

Question 81

What is the PRIMARY objective of the post-incident phase of the incident response process in the security operations center (SOC)?
A. improve the IR process.
B. Communicate the IR details to the stakeholders.
C. Validate the integrity of the IR.
D. Finalize the IR.

Answer 81

Answer: A

Question 82

An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the following compliance standards should the organization use to assess the international code security and data privacy of the solution?
A. Health Insurance Portability and Accountability Act (HIPAA)
B. Service Organization Control (SOC) 2
C. Payment Card Industry (PCI)
D. Information Assurance Technical Framework (IATF)

Answer 82

Answer: B

Question 83

Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?
A. Check the technical design.
B. Conduct a site survey.
C. Categorize assets.
D. Choose a suitable location.

Answer 83

Answer: A

Question 84

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?
A. Network is flooded with communication traffic by the attacker.
B. Organization loses control of their network devices.
C. Network management communications is disrupted.
D. Attacker accesses sensitive information regarding the network topology.

Answer 84

Answer: B

Question 85

A Certified Information Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to4 perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC)? Code of Professional Ethics, which of the following should the CISSP do?
A. Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it
B. Review the PCI requirements before performing the vulnerability assessment
C. Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent and qualified
D. Since they are CISSP certified, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a timely manner

Answer 85

Answer: C

Question 86

A large organization’s human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?
A. Implement a role-based access control (RBAC) system.
B. Implement identity and access management (IAM) platform.
C. Implement a Privileged Access Management (PAM) system.
D. Implement a single sign-on (SSO) platform.

Answer 86

Answer: B

Question 87

A healthcare insurance organization chose a vendor to develop a software application. Upon review of the draft contract, the information security professional notices that software security is not addressed. What is the BEST approach to address the issue?
A. Update the service level agreement (SLA) to provide the organization the right to audit the vendor.
B. Update the service level agreement (SLA) to require the vendor to provide security capabilities.
C. Update the contract so that the vendor is obligated to provide security capabilities.
D. Update the contract to require the vendor to perform security code reviews.

Answer 87

Answer: C

Question 88

Which of the following is MOST important to follow when developing information security controls for an organization?
A. Exercise due diligence with regard to all risk management information to tailor appropriate controls.
B. Perform a risk assessment and choose a standard that addresses existing gaps.
C. Use industry standard best practices for security controls in the organization.
D. Review all local and international standards and choose the most stringent based on location.

Answer 88

Answer: C

Question 89

Which of the following is the MAIN difference between a network-based firewall and a host-based firewall?
A. A network-based firewall is stateful, while a host-based firewall is stateless.
B. A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device.
C. A network-based firewall verifies network traffic, while a host-based firewall verifies processes and applications.
D. A network-based firewall blocks network intrusions, while a host-based firewall blocks malware.

Answer 89

Answer: B

Question 90

Which of the following system components enforces access controls on an object?
A. Security perimeter
B. Access control matrix
C. Trusted domain
D. Reference monitor

Answer 90

Answer: B

Question 91

Building blocks for software-defined networks (SDN) require which of the following?
A. The SDN is mostly composed of virtual machines (VM).
B. The SDN is composed entirely of client-server pairs.
C. Virtual memory is used in preference to random-access memory (RAM).
D. Random-access memory (RAM) is used in preference to virtual memory.

Answer 91

Answer: C

Question 92

An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?
A. Facility provides an acceptable level of risk
B. Facility provides disaster recovery (DR) services
C. Facility provides the most cost-effective solution
D. Facility has physical access protection measures

Answer 92

Answer: C

Question 93

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?
A. Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.
B. Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.
C. Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.
D. implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices and applications.

Answer 93

Answer: D

Question 94

While performing a security review for a new product, an information security professional discovers that the organization’s product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?
A. Customer identifiers should be a variant of the user’s government-issued ID number.
B. Customer identifiers that do not resemble the user’s government-issued ID number should be used.
C. Customer identifiers should be a cryptographic hash of the user’s government-issued ID number.
D. Customer identifiers should be a variant of the user’s name, for example, “jdoe” or “john.doe.”

Answer 94

Answer: C

Question 95

Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?
A. Employee evaluation of the training program
B. Internal assessment of the training program’s effectiveness
C. Multiple choice tests to participants
D. Management control of reviews

Answer 95

Answer: B

Question 96

What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high- performance data reads and writes?
A. RAID-0
B. RAID-1
C. RAID-5
D. RAID-6

Answer 96

Answer: A

Question 97

A retail company is looking to start a development project that will utilize open source components in its code for the first time. The development team has already acquired several
‘open source components and utilized them in proof of concept (POC) code. The team recognizes that the legal and operational risks are outweighed by the benefits of open-source
software use. What MUST the organization do next?
A. Mandate that all open-source components be approved by the Information Security Manager (ISM).
B. Scan all open-source components for security vulnerabilities.
C. Establish an open-source compliance policy.
D. Require commercial support for all open-source components.

Answer 97

Answer: C

Question 98

Upon commencement of an audit within an organization, which of the following actions is MOST important for the auditor(s) to take?
A. Understand circumstances which may delay the overall audit timelines.
B. Review all prior audit results to remove all areas of potential concern from the audit scope.
C. Meet with stakeholders to review methodology, people to be interviewed, and audit scope.
D. Meet with stakeholders to understand which types of audits have been completed.

Answer 98

Answer: C

Question 99

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?
A. Functional test
B. Unit test
C. Grey box
D. White box

Answer 99

Answer: C

Question 100

An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take
to ensure data is properly protected from public release?
A. Implement a data classification policy.
B. Implement a data encryption policy.
C. Implement a user training policy.
D. Implement a user reporting policy.

Answer 100

Answer: C