Group 12

Question 1

What is the PRIMARY reason that a bit-level copy is more desirable than a file-level copy when replicating a hard drive’s contents for an e-discovery investigation?
A. Files that have been deleted will be transferred.
B. The file and directory structure is retained.
C. File-level security settings will be preserved.
D. The corruption of files is less likely.

Answer 1

Answer: A

Question 2

While reviewing the financial reporting risks of a third-party application, which of the following Service Organization Control (SOC) reports will be the MOST useful?
A. ISIsOC 1
B. SOC 2
C. SOC 3
D. SOC for cybersecurity

Answer 2

Answer: A

Question 3

A large manufacturing organization arranges to buy an industrial machine system to produce a new line of products. The system includes software provided to the vendor by a thirdparty organization. The financial risk to the manufacturing organization starting production is high. What step should the manufacturing organization take to minimize its financial risk in
the new venture prior to the purchase?
A. Hire a performance tester to execute offline tests on a system.
B. Calculate the possible loss in revenue to the organization due to software bugs and vulnerabilities, and compare that to the system’s overall price.
C. Place the machine behind a Layer 3 firewall.
D. Require that the software be thoroughly tested by an accredited independent software testing company.

Answer 3

Answer: B

Question 4

Which of the following types of hosts should be operating in the demilitarized zone (DMZ)?
A. Hosts intended to provide limited access to public resources
B. Database servers that can provide useful information to the public
C. Hosts that store unimportant data such as demographical information
D. File servers containing organizational data

Answer 4

Answer: A

Question 5

In systems security engineering, what does the security principle of modularity provide?
A. Documentation of functions
B. Isolated functions and data
C. Secure distribution of programs and data
D. Minimal access to perform a function

Answer 5

Answer: A

Question 6

Which of the following is MOST appropriate to collect evidence of a zero-day attack?
A. Firewall
B. Honeypot
C. Antispam
D. Antivirus

Answer 6

Answer: A

Question 7

Which of the following is required to verify the authenticity of a digitally signed document?
A. Digital hash of the signed document
B. Sender’s private key
C. Recipient’s public key
D. Agreed upon shared secret

Answer 7

Answer: A

Question 8

Which of the following is the BEST method to gather evidence from a computer’s hard drive?
A. Disk duplication
B. Disk replacement
C. Forensic signature
D. Forensic imaging

Answer 8

Answer: D

Question 9

Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?
A. The business owner
B. security subject matter expert (SME)
C. The application owner
D. A developer subject matter expert (SME)

Answer 9

Answer: B

Question 10

During a penetration test, what are the three PRIMARY objectives of the planning phase?
A. Determine testing goals, identify rules of engagement, and conduct an initial discovery scan.
B. Finalize management approval, determine testing goals, and gather port and service information.
C. Identify rules of engagement, finalize management approval, and determine testing goals.
D. Identify rules of engagement, document management approval, and collect system and application information.

Answer 10

Answer: D

Question 11

What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?
A. Configuration element
B. Asset register
C. Ledger item
D. Configuration item

Answer 11

Answer: D

Question 12

Which of the following Disaster recovery (DR) testing processes is LEAST likely to disrupt normal business operations?’
A. Parallel
B. Simulation
C. Table-top
D. Cut-over

Answer 12

Answer: C

Question 13

The Open Web Application Security Project’s (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a flexible software security strategy to
measure organizational impact based on what risk management aspect?
A. Risk tolerance
B. Risk exception
C. Risk treatment
D. Risk response

Answer 13

Answer: D

Question 14

The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?
A. Physically secured storage device
B. Encrypted flash drive
C. Public key infrastructure (PKI)
D. Trusted Platform Module (TPM)

Answer 14

Answer: C

Question 15

Which of the following is a common risk with fiber optical communications, and what is the associated mitigation measure?
A. Data emanation, deploying Category (CAT) 6 and higher cable wherever feasible
B. Light leakage, deploying shielded cable wherever feasible
C. Cable damage, deploying ring architecture wherever feasible
D. Electronic eavesdropping, deploying end-to-end encryption wherever feasible

Answer 15

Answer: B

Question 16

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?
A. Planning
B. Operation
C. Assessment
D. Improvement

Answer 16

Answer: B

Question 17

What is the BEST reason to include supply chain risks in a corporate risk register?
A. Risk registers help fund corporate supply chain risk management (SCRM) systems.
B. Risk registers classify and categorize risk and allow risks to be compared to corporate risk appetite.
C. Risk registers can be used to illustrate residual risk across the company.
D. Risk registers allow for the transfer of risk to third parties.

Answer 17

Answer: B

Question 18

An employee’s home address should be categorized according to which of the following references?
A. The consent form terms and conditions signed by employees
B. The organization’s data classification model
C. Existing employee data classifications
D. An organization security plan for human resources

Answer 18

Answer: B

Question 19

Why is authentication by ownership stronger than authentication by knowledge?
A. It is easier to change.
B. It can be kept on the user’s person.
C. It is more difficult to duplicate.
D. It is simpler to control.

Answer 19

Answer: B

Question 20

A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?
A. Intrusion detection system (IDS)
B. Circuit-Level Proxy
C. Application-Level Proxy
D. Host-based Firewall

Answer 20

Answer: B

Question 21

Which of the following is the BEST way to protect an organization’s data assets?
A. Monitor and enforce adherence to security policies.
B. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.
C. Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.
D. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).

Answer 21

Answer: B

Question 22

Which of the following would qualify as an exception to the “right to be forgotten” of the General Data Protection Regulation’s (GDPR)?
A. For the establishment, exercise, or defense of legal claims
B. The personal data has been lawfully processed and collected
C. The personal data remains necessary to the purpose for which it was collected
D. For the reasons of private interest

Answer 22

Answer: C

Question 23

Which of the following is the name of an individual or group that is impacted by a change?
A. Change agent
B. Stakeholder
C. Sponsor
D. End User

Answer 23

Answer: B

Question 24

What is the MINIMUM standard for testing a disaster recovery plan (DRP)?
A. Semi-annually and in alignment with a fiscal half-year business cycle
B. Annually or less frequently depending upon audit department requirements
C. Quarterly or more frequently depending upon the advice of the information security manager
D. As often as necessary depending upon the stability of the environment and business requirements

Answer 24

Answer: D

Question 25

What is the MOST significant benefit of role-based access control (RBAC)?
A. Reduction in authorization administration overhead
B. Reduces inappropriate access
C. Management of least privilege
D. Most granular form of access control

Answer 25

Answer: A

Question 26

A software development company found odd behavior in some recently developed software, creating a need for a more thorough code review. What is the MOST effective argument for a more thorough code review?
A. It will increase flexibility of the applications developed.
B. It will increase accountability with the customers.
C. It will impede the development process.
D. lt will reduce the potential for vulnerabilities.

Answer 26

Answer: D

Question 27

A new site’s gateway isn’t able to form a tunnel to the existing site-to-site Internet Protocol Security (IPsec) virtual private network (VPN) device at headquarters. Devices at the new site have no problem accessing resources on the Internet. When testing connectivity between the remote site’s gateway, it was observed that the external Internet Protocol (IP) address of the gateway was set to 192.168.1.1. and was configured to send outbound traffic to the Internet Service Provider (ISP) gateway at4 192.168.1.2. Which of the following would be the BEST way to resolve the issue and get the remote site connected?
A. Enable IPSec tunnel mode on the VPN devices at the new site and the corporate headquarters.
B. Enable Layer 2 Tunneling Protocol (L2TP) on the VPN devices at the new site and the corporate headquarters.
C. Enable Point-to-Point Tunneling Protocol (PPTP) on the VPN devices at the new site and the corporate headquarters.
D. Enable Network Address Translation (NAT) - Traversal on the VPN devices at the new site and the corporate headquarters.

Answer 27

Answer: A

Question 28

Which of the following examples is BEST to minimize the attack surface for a customer’s private information?
A. Obfuscation
B. Collection limitation
C. Authentication
D. Data masking

Answer 28

Answer: A

Question 29

What are the essential elements of a Risk Assessment Report (RAR)?
A. Table of contents, testing criteria, and index
B. Table of contents, chapters, and executive summary
C. Executive summary, graph of risks, and process
D. Executive summary, body of the report, and appendices

Answer 29

Answer: D

Question 30

What is the PRIMARY benefit of incident reporting and computer crime investigations?
A. Providing evidence to law enforcement
B. Repairing the damage and preventing future occurrences
C. Appointing a computer emergency response team
D. Complying with security policy

Answer 30

Answer: D

Question 31

Which of the following determines how traffic should flow based on the status of the infrastructure layer?
A. Traffic plane
B. Application plane
C. Data plane
D. Control plane

Answer 31

Answer: A

Question 32

In a multi-tenant cloud environment, what approach will secure logical access to assets?
A. Hybrid cloud
B. Transparency/Auditability of administrative access
C. Controlled configuration management (CM)
D. Virtual private cloud (VPC)

Answer 32

Answer: D

Question 33

A company hired an external vendor to perform a penetration test ofa new payroll system. The company’s internal test team had already performed an in-depth application
and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive
personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?
A. Failure to perform interface testing
B. Failure to perform negative testing
C. Inadequate performance testing
D. Inadequate application level testing

Answer 33

Answer: A

Question 34

Which of the following is the MOST effective method of detecting vulnerabilities in web-based applications early in the secure Software Development Life Cycle (SDLC)?
A. Web application vulnerability scanning
B. Application fuzzing
C. Code review
D. Penetration testing

Answer 34

Answer: C

Question 35

A malicious user gains access to unprotected directories on a web server. Which of the following is MOST likely the cause for this information disclosure?
A. Security misconfiguration
B. Cross-site request forgery (CSRF)
C. Structured Query Language injection (SQLi)
D. Broken authentication management

Answer 35

Answer: A

Question 36

Which of the following security objectives for industrial control systems (ICS) can be adapted to securing any Internet of Things (IoT) system?
A. Prevent unauthorized modification of data.
B. Restore the system after an incident.
C. Detect security events and incidents.
D. Protect individual components from exploitation

Answer 36

Answer: D

Question 37

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?
A. Secure Shell (SSH)
B. Internet Protocol Security (IPsec)
C. Secure Sockets Layer (SSL)
D. Extensible Authentication Protocol (EAP)

Answer 37

Answer: A

Question 38

A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?
A. Open source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild.
B. Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited.
C. Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.
D. Open source libraries contain unknown vulnerabilities, so they should not be used.

Answer 38

Answer: A

Question 39

According to the (ISC)? ethics canon “act honorably, honestly, justly, responsibly, and legally,” which order should be used when resolving conflicts?
A. Public safety and duties to principals, individuals, and the profession
B. Individuals, the profession, and public safety and duties to principals
C. Individuals, public safety and duties to principals, and the profession
D. The profession, public safety and duties to principals, and individuals

Answer 39

Answer: A

Question 40

When conducting a remote access session using Internet Protocol Security (IPSec), which Open Systems Interconnection (OSI) model layer does this connection use?
A. Transport
B. Network
C. Data link
D. Presentation

Answer 40

Answer: B

Question 41

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?
A. ross-Site Scripting (XSS)
B. Cross-Site request forgery (CSRF)
C. Cross injection
D. Broken Authentication And Session Management

Answer 41

Answer: B

Question 42

When reviewing the security logs, the password shown for an administrative login event was ‘ OR ‘ ‘1’=’1’ –. This is an example of which of the following kinds of attack?
A. Brute Force Attack
B. Structured Query Language (SQL) Injection
C. Cross-Site Scripting (XSS)
D. Rainbow Table Attack

Answer 42

Answer: B

Question 43

An organization’s internal audit team performed a security audit on the company’s system and reported that the manufacturing application is rarely updated along with other issues categorized as minor. Six months later, an external audit team reviewed the same system with the same scope, but identified severe weaknesses in the manufacturing application’s security controls. What is MOST likely to be the root cause of the internal audit team’s failure in detecting these security issues?
A. Inadequate test coverage analysis
B. Inadequate security patch testing
C. Inadequate log reviews
D. Inadequate change control procedures

Answer 43

Answer: A

Question 44

Which audit type is MOST appropriate for evaluating the effectiveness of a security program?
A. Threat
B. Assessment
C. Analysis
D. Validation

Answer 44

Answer: B

Question 45

The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the team taken into consideration?
A. biometric data cannot be changed.
B. Separate biometric data streams require increased security.
C. The biometric devices are unknown.
D. Biometric data must be protected from disclosure.

Answer 45

Answer: A

Question 46

An attacker has intruded into the source code management system and is able to download but not modify the code. Which of the following aspects of the code theft has the HIGHEST security impact?
A. The attacker could publicly share confidential comments found in the stolen code.
B. Competitors might be able to steal the organization’s ideas by looking at the stolen code.
C. A competitor could run their own copy of the organization’s website using the stolen code.
D. Administrative credentials or keys hard-coded within the stolen code could be used to access sensitive data.

Answer 46

Answer: A

Question 47

Which of the following statements BEST describes least privilege principle in a cloud environment?
A. Network segments remain private if unneeded to access the internet.
B. Internet traffic is inspected for all incoming and outgoing packets.
C. A single cloud administrator is configured to access core functions.
D. Routing configurations are regularly updated with the latest routes.

Answer 47

Answer: B

Question 48

Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) confidentiality category?
A. Data processing
B. Storage encryption
C. File hashing
D. Data retention policy

Answer 48

Answer: C

Question 49

The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?
A. It determines the security requirements.
B. It affects other steps in the certification and accreditation process.
C. It determines the functional and operational requirements.
D. The system engineering process works with selected security controls.

Answer 49

Answer: B

Question 50

Which of the following vulnerabilities can be BEST detected using automated analysis?
A. Valid cross-site request forgery (CSRF) vulnerabilities
B. Multi-step process attack vulnerabilities
C. Business logic flaw vulnerabilities
D. Typical source code vulnerabilities

Answer 50

Answer: D

Question 51

An organization wants to migrate to Session Initiation Protocol (SIP) to save on telephony expenses.
Which of the following security related statements should be considered in the decision-making process?
A. Cloud telephony is less secure and more expensive than digital telephony services.
B. SIP services are more secure when used with multi-layer security proxies.
C. H.323 media gateways must be used to ensure end-to-end security tunnels.
D. Given the behavior of SIP traffic, additional security controls would be required.

Answer 51

Answer: C

Question 52

An organization’s retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan.
Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?
A. Update the Network Address Translation (NAT) table.
B. Update Domain Name System (DNS) server addresses with domain registrar.
C. Update the Border Gateway Protocol (BGP) autonomous system number.
D. Update the web server network adapter configuration.

Answer 52

Answer: B

Question 53

Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?
A. To provide each manager with precise direction on selecting an appropriate recovery alternative
B. To demonstrate to the regulatory bodies that the company takes business continuity seriously
C. To demonstrate to the board of directors that senior management is committed to continuity recovery efforts
D. To provide a formal declaration from senior management as required by internal audit to demonstrate sound business practices

Answer 53

Answer: D

Question 54

Which of the following activities should a forensic examiner perform FIRST when determining the priority of digital evidence collection at a crime scene?
A. Gather physical evidence,
B. Establish order of volatility.
C. Assign responsibilities to personnel on the scene.
D. Establish a list of files to examine.

Answer 54

Answer: C

Question 55

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?
A. The actual origin and tools used for the test can be hidden.
B. Information may be found on related breaches and hacking.
C. Vulnerabilities can be tested without impact on the tested environment.
D. Information may be found on hidden vendor patches.

Answer 55

Answer: D

Question 56

Which of the following is the top barrier for companies to adopt cloud technology?
A. Migration period
B. Data integrity
C. Cost
D. Security

Answer 56

Answer: D

Question 57

In which of the following scenarios is locking server cabinets and limiting access to keys preferable to locking the server room to prevent unauthorized access?
A. Server cabinets are located in an unshared workspace.
B. Server cabinets are located in an isolated server farm.
C. Server hardware is located in a remote area.
D. Server cabinets share workspace with multiple projects.

Answer 57

Answer: D

Question 58

Which of the following criteria ensures information is protected relative to its importance to the organization?
A. The value of the data to the organization’s senior management
B. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification
C. Legal requirements determined by the organization headquarters’ location
D. Organizational stakeholders, with classification approved by the management board

Answer 58

Answer: D

Question 59

What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?
A. Publish a social media guidelines document.
B. Publish an acceptable usage policy.
C. Document a procedure for accessing social media sites.
D. Deliver security awareness training.

Answer 59

Answer: A

Question 60

Which of the following is an indicator that a company’s new user security awareness training module has been effective?
A. There are more secure connections to the internal database servers.
B. More incidents of phishing attempts are being reported.
C. There are more secure connections to internal e-mail servers.
D. Fewer incidents of phishing attempts are being reported.

Answer 60

Answer: B

Question 61

An access control list (ACL) on a router is a feature MOST similar to which type of firewall?
A. Packet filtering firewall
B. Application gateway firewall
C. Heuristic firewall
D. Stateful firewall

Answer 61

Answer: B

Question 62

Which of the following is the BEST way to protect privileged accounts?
A. Quarterly user access rights audits
B. Role-based access control (RBAC)
C. Written supervisory approval
D. Multi-factor authentication (MFA)

Answer 62

Answer: D

Question 63

Which of the following is the FIRST step for defining Service Level Requirements (SLR)?
A. Creating a prototype to confirm or refine the customer requirements
B. Drafting requirements for the service level agreement (SLA)
C. Discussing technology and solution requirements with the customer
D. Capturing and documenting the requirements of the customer

Answer 63

Answer: D

Question 64

Which software defined networking (SDN) architectural component is responsible for translating network requirements?
A. SDN Application
B. SDN Data path
C. SDN Controller
D. SDN Northbound Interfaces

Answer 64

Answer: D

Question 65

When MUST an organization’s information security strategic plan be reviewed?
A. Quarterly, when the organization’s strategic plan is updated
B. Whenever there are significant changes to a major application
C. Every three years, when the organization’s strategic plan is updated
D. Whenever there are major changes to the business

Answer 65

Answer: D

Question 66

A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?
A. Federated identity
B. Cloud Active Directory (AD)
C. Security Assertion Markup Language (SAML)
D. Single sign-on (SSO)

Answer 66

Answer: A

Question 67

Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?
A. Message digest (MD)
B. Asymmetric
C. Symmetric
D. Hashing

Answer 67

Answer: A

Question 68

Which is the PRIMARY mechanism for providing the workforce with the information needed to protect an agency’s vital information resources?
A. Incorporating security awareness and training as part of the overall information security program
B. An information technology (IT) security policy to preserve the confidentiality, integrity, and availability of systems
C. Implementation of access provisioning process for coordinating the creation of user accounts
D. Execution of periodic security and privacy assessments to the organization

Answer 68

Answer: A

Question 69

The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?
A. Separation of environments
B. Program management
C. Mobile code controls
D. Change management

Answer 69

Answer: D

Question 70

What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?
A. Establish an ISCM technical architecture.
B. Collect the security-related information required for metrics, assessments, and reporting.
C. Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.
D. Define an ISCM strategy based on risk tolerance.

Answer 70

Answer: D

Question 71

Which of the following minimizes damage to information technology (IT) equipment stored in a data center when a false fire alarm event occurs?
A. A pre-action system is installed.
B. An open system is installed.
C. A dry system is installed.
D. A wet system is installed.

Answer 71

Answer: C

Question 72

Which of the following is the MOST effective corrective control to minimize the effects of a physical intrusion?
A. Automatic videotaping of a possible intrusion
B. Rapid response by guards or police to apprehend a possible intruder
C. Activating bright lighting to frighten away a possible intruder
D. Sounding a loud alarm to frighten away a possible intruder

Answer 72

Answer: C

Question 73

Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee records?
A. Discretionary access control (DAC)
B. Mandatory access control (MAC)
C. Role-based access control (RBAC)
D. Attribute-based access control (ABAC)

Answer 73

Answer: C

Question 74

Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization?
A. Maintaining the inventory through a combination of desktop configuration, administration management, and procurement management tools
B. Maintaining the inventory through a combination of asset owner interviews, open-source system management, and open-source management tools
C. Maintaining the inventory through a combination of on-premise storage configuration, cloud management, and partner management tools
D. Maintaining the inventory through a combination of system configuration, network management, and license management tools

Answer 74

Answer: C

Question 75

Which of the following is a correct feature of a virtual local area network (VLAN)?
A. A VLAN segregates network traffic therefore information security is enhanced significantly.
B. Layer 3 routing is required to allow traffic from one VLAN to another.
C. VLAN has certain security features such as where the devices are physically connected.
D. There is no broadcast allowed within a single VLAN due to network segregation.

Answer 75

Answer: A

Question 76

In the “Do” phase of the Plan-Do-Check-Act model, which of the following is performed?
A. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement.
B. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review.
C. Ensure the business continuity policy, controls, processes, and procedures have been implemented.
D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.

Answer 76

Answer: D

Question 77

Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?
A. Vendors take on the liability for COTS software vulnerabilities.
B. In-house developed software is inherently less secure.
C. Exploits for COTS software are well documented and publicly available.
D. COTS software is inherently less secure.

Answer 77

Answer: C

Question 78

What is the correct order of execution for security architecture?
A. Governance, strategy and program management, project delivery, operations
B. Strategy and program management, governance, project delivery, operations
C. Governance, strategy and program management, operations, project delivery
D. Strategy and program management, project delivery, governance, operations

Answer 78

Answer: A

Question 79

Which of the following is the PRIMARY purpose of due diligence when an organization embarks on a merger or acquisition?
A. Assess the business risks.
B. Formulate alternative strategies.
C. Determine that all parties are equally protected.
D. Provide adequate capability for all parties.
D. Strategy and program management, project delivery, governance, operations

Answer 79

Answer: A

Question 80

What should be used to determine the risks associated with using Software as a Service (SaaS) for collaboration and email?
A. Cloud access security broker (CASB)
B. Open Web Application Security Project (OWASP)
C. Process for Attack Simulation and Threat Analysis (PASTA)
D. Common Security Framework (CSF)

Answer 80

Answer: A

Question 81

A federal agency has hired an auditor to perform penetration testing on a critical system as part of the mandatory, annual Federal Information Security Management Act (FISMA) security assessments. The auditor is new to this system but has extensive experience with all types of penetration testing.
The auditor has decided to begin with
sniffing network traffic. What type of penetration testing is the auditor conducting?
A. White box testing
B. Black box testing
C. Gray box testing
D. Red box testing

Answer 81

Answer: C

Question 82

A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is MOST likely to achieve this goal?
A. Statically typed
B. Weakly typed
C. Strongly typed
D. Dynamically typed

Answer 82

Answer: D

Question 83

A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language (SAML). What is the
PRIMARY security benefit in switching to SAML?
A. It uses Transport Layer Security (TLS) to address confidentiality.
B. it enables single sign-on (SSO) for web applications.
C. The users’ password Is not passed during authentication.
D. It limits unnecessary data entry on web forms.

Answer 83

Answer: B

Question 84

What is the MOST common security risk of a mobile device?
A. Insecure communications link
B. Data leakage
C. Malware infection
D. Data spoofing

Answer 84

Answer: C

Question 85

Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?
A. Payload encryption
B. Sender confidentiality
C. Sender non-repudiation
D. Multi-factor authentication (MFA)

Answer 85

Answer: C

Question 86

Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when disposing of an office printer or copier?
A. The device could contain a document with PII on the platen glass
B. Organizational network configuration information could still be present within the device
C. A hard disk drive (HDD) in the device could contain PII
D. The device transfer roller could contain imprints of PII

Answer 86

Answer: B

Question 87

Which of the following is a key responsibility for a data steward assigned to manage an enterprise data lake?
A. Ensure proper business definition, value, and usage of data collected and stored within the enterprise data lake.
B. Ensure proper and identifiable data owners for each data element stored within an enterprise data lake.
C. Ensure adequate security controls applied to the enterprise data lake.
D. Ensure that any data passing within remit is being used in accordance with the rules and regulations of the business.

Answer 87

Answer: A

Question 88

Which of the following are the three MAIN categories of security controls?
A. Administrative, technical, physical
B. Corrective, detective, recovery
C. Confidentiality, integrity, availability
D. Preventative, corrective, detective

Answer 88

Answer: A

Question 89

What part of an organization’s strategic risk assessment MOST likely includes information on items affecting the success of the organization?
A. Key Risk Indicator (KRI)
B. Threat analysis
C. Vulnerability analysis
D. Key Performance Indicator (KPI)

Answer 89

Answer: A

Question 90

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?
A. Application firewall
B. Port security
C. Strong passwords
D. Two-factor authentication (2FA)

Answer 90

Answer: D

Question 91

What is the BEST way to restrict access to a file system on computing systems?
A. Allow a user group to restrict access.
B. Use a third-party tool to restrict access.
C. Use least privilege at each level to restrict access.
D. Restrict access to all users.

Answer 91

Answer: C

Question 92

During testing, where are the requirements to inform parent organizations, law enforcement, and a computer incident response team documented?
A. Unit test results
B. Security assessment plan
C. System integration plan
D. Security Assessment Report (SAR)

Answer 92

Answer: D

Question 93

What is static analysis intended to do when analyzing an executable file?
A. Collect evidence of the executable file’s usage, including dates of creation and last use.
B. Search the documents and files associated with the executable file.
C. Analyze the position of the file in the file system and the executable file’s libraries.
D. Disassemble the file to gather information about the executable file’s function.

Answer 93

Answer: D

Question 94

In addition to life, protection of which of the following elements is MOST important when planning a data center site?
A. Data and hardware
B. Property and operations
C. Profits and assets
D. Resources and reputation

Answer 94

Answer: D

Question 95

In an IDEAL encryption system, who has sole access to the decryption key?
A. System owner
B. Data owner
C. Data custodian
D. System administrator

Answer 95

Answer: B

Question 96

Which of the following roles is responsible for ensuring that important datasets are developed, maintained, and are accessible within their defined specifications?
A. Data Reviewer
B. Data User
C. Data Custodian
D. Data Owner

Answer 96

Answer: D

Question 97

What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?
A. Capturing an image of the system
B. Maintaining the chain of custody
C. Complying with the organization’s security policy
D. Outlining all actions taken during the investigation

Answer 97

Answer: A

Question 98

A user’s credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?
A. Validate passwords using a stored procedure.
B. Allow only the application to have access to the password field in order to verify user authentication.
C. Use a salted cryptographic hash of the password.
D. Encrypt the entire database and embed an encryption key in the application.

Answer 98

Answer: C

Question 99

What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?
A. Save security costs for the organization.
B. Improve vulnerability assessment capabilities.
C. Standardize specifications between software security products.
D. Achieve organizational compliance with international standards.

Answer 99

Answer: C

Question 100

What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?
A. ICS often do not have availability requirements.
B. ICS are often isolated and difficult to access.
C. ICS often run on UNIX operating systems.
D. ICS are often sensitive to unexpected traffic.

Answer 100

Answer: B