Group 5 Flashcards
What should happen when an emergency change to a system must be performed?
A. The change must be given priority at the next meeting of the change control board.
B. Testing and approvals must be performed quickly.
C. The change must be performed immediately and then submitted to the change board.
D. The change is performed and a notation is made in the system log.
Answer: B
Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?
A. Ensure end users are aware of the planning activities
B. Validate all regulatory requirements are known and fully documented
C. Develop training and awareness programs that involve all stakeholders
D. Ensure plans do not violate the organization’s cultural objectives and goals
Answer: C
Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments? Click on the correct specification in the image below.
WS-Federation
Which of the following has the GREATEST impact on an organization’s security posture?
A. International and country-specific compliance requirements
B. Security violations by employees and contractors
C. Resource constraints due to increasing costs of supporting security
D. Audit findings related to employee access and permissions process
Answer: A
The application of which of the following standards would BEST reduce the potential for data breaches?
A. ISO 9000
B. ISO 20121
C. ISO 26000
D. ISO 27001
Answer: D
In order for a security policy to be effective within an organization, it MUST include
A. strong statements that clearly define the problem.
B. a list of all standards that apply to the policy.
C. owner information and date of last revision.
D. disciplinary measures for non compliance.
Answer: D
Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?
A. Data Custodian
B. Data Owner
C. Data Creator
D. Data User
Answer: B
To protect auditable information, which of the following MUST be configured to only allow read access?
A. Logging configurations
B. Transaction log files
C. User account configurations
D. Access control lists (ACL)
Answer: B
What type of encryption is used to protect sensitive data in transit over a network?
A. Payload encryption and transport encryption
B. Authentication Headers (AH)
C. Keyed-Hashing for Message Authentication
D. Point-to-Point Encryption (P2PE)
Answer: A
Which of the following entities is ultimately accountable for data remanence vulnerabilities with data replicated by a cloud service provider?
A. Data owner
B. Data steward
C. Data custodian
D. Data processor
Answer: A
Which of the following is a recommended alternative to an integrated email encryption system?
A. Sign emails containing sensitive data
B. Send sensitive data in separate emails
C. Encrypt sensitive data separately in attachments
D. Store sensitive information to be sent in encrypted drives
Answer: C
In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
A. Application Layer
B. Physical Layer
C. Data-Link Layer
D. Network Layer
Answer: B
What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?
A. Integrity
B. Confidentiality
C. Accountability
D. Availability
Answer: A
While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following is the correct procedure for handling such equipment?
A. They should be recycled to save energy.
B. They should be recycled according to NIST SP 800-88.
C. They should be inspected and sanitized following the organizational policy.
D. They should be inspected and categorized properly to sell them for reuse.
Answer: C
The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it
A. exploits weak authentication to penetrate networks.
B. can be detected with signature analysis.
C. looks like normal network activity.
D. is commonly confused with viruses or worms.
Answer: C
Which of the following is generally indicative of a replay attack when dealing with biometric authentication?
A. False Acceptance Rate (FAR) is greater than 1 in 100,000
B. False Rejection Rate (FRR) is greater than 5 in 100
C. Inadequately specified templates
D. Exact match
Answer: D
During a fingerprint verification process, which of the following is used to verify identity and authentication?
A. A pressure value is compared with a stored template
B. Sets of digits are matched with stored values
C. A hash table is matched to a database of stored value
D. A template of minutiae is compared with a stored template
Answer: D
The BEST example of the concept of “something that a user has” when providing an authorized user access to a computing system is
A. the user’s hand geometry.
B. a credential stored in a token.
C. a passphrase.
D. the user’s face.
Answer: B
A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?
A. Access is based on rules.
B. Access is determined by the system.
C. Access is based on user’s role.
D. Access is based on data sensitivity.
Answer: C
Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?
A. Discretionary Access Control (DAC) procedures
B. Mandatory Access Control (MAC) procedures
C. Data link encryption
D. Segregation of duties
Answer: D
Order the below steps to create an effective vulnerability management process.
Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?
A. External
B. Overt
C. Internal
D. Covert
Answer: D
What is the MOST effective method of testing custom application code?
A. Negative testing
B. White box testing
C. Penetration testing
D. Black box testing
Answer: B
Which one of the following is a common risk with network configuration management?
A. Patches on the network are difficult to keep current.
B. It is the responsibility of the systems administrator.
C. User ID and passwords are never set to expire.
D. Network diagrams are not up to date.
Answer: D
What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?
A. Parallel
B. Walkthrough
C. Simulation
D. Tabletop
Answer: C
How can lessons learned from business continuity training and actual recovery incidents BEST be used?
A. As a means for improvement
B. As alternative options for awareness and training
C. As indicators of a need for policy
D. As business function gap indicators
Answer: A
Which Web Services Security (WS-Security) specification handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below.
WS-Authorization
An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred?
A. Denial of Service (DoS) attack
B. Address Resolution Protocol (ARP) spoof
C. Buffer overflow
D. Ping flood attack
Answer: A
In configuration management, what baseline configuration information MUST be maintained for each computer system?
A. Operating system and version, patch level, applications running, and versions.
B. List of system changes, test reports, and change approvals
C. Last vulnerability assessment report and initial risk assessment report
D. Date of last update, test report, and accreditation certificate
Answer: A
Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?
A. Transference
B. Covert channel
C. Bleeding
D. Cross-talk
Answer: D
An organization’s information security strategic plan MUST be reviewed
A. whenever there are significant changes to a major application.
B. quarterly, when the organization’s strategic plan is updated.
C. whenever there are major changes to the business.
D. every three years, when the organization’s strategic plan is updated.
Answer: C
When building a data classification scheme, which of the following is the PRIMARY concern?
A. Purpose
B. Cost effectiveness
C. Availability
D. Authenticity
Answer: D
Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?
A. Notification tool
B. Message queuing tool
C. Security token tool
D. Synchronization tool
Answer: C
What is an advantage of Elliptic Curve Cryptography (ECC)?
A. Cryptographic approach that does not require a fixed-length key
B. Military-strength security that does not depend upon secrecy of the algorithm
C. Opportunity to use shorter keys for the same level of security
D. Ability to use much longer keys for greater security
Answer: C
Backup information that is critical to the organization is identified through a
A. Vulnerability Assessment (VA).
B. Business Continuity Plan (BCP).
C. Business Impact Analysis (BIA).
D. data recovery analysis.
Answer: D
When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?
A. Into the options field
B. Between the delivery header and payload
C. Between the source and destination addresses
D. Into the destination address
Answer: B
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is
A. organization policy.
B. industry best practices.
C. industry laws and regulations.
D. management feedback.
Answer: A
Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a
A. clear-text attack.
B. known cipher attack.
C. frequency analysis.
D. stochastic assessment.
Answer: C
During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?
A. Calculate the value of assets being accredited.
B. Create a list to include in the Security Assessment and Authorization package.
C. Identify obsolete hardware and software.
D. Define the boundaries of the information system.
Answer: A
When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?
A. Accept the risk on behalf of the organization.
B. Report findings to the business to determine security gaps.
C. Quantify the risk to the business for product selection.
D. Approve the application that best meets security requirements.
Answer: C