Group 8

Question 1

An organization implements a Remote Access Server (RAS). Once users correct to the server, digital certificates are used to authenticate their identity. What type of Extensible Authentication Protocol (EAP) would the organization use dring this authentication?
A. Transport layer security (TLS)
B. Message Digest 5 (MD5)
C. Lightweight Extensible Authentication Protocol (EAP)
D. Subscriber Identity Module (SIM)

Answer 1

Answer: A

Question 2

Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?
A. Report using metrics.
B. Rank priorities as high, medium, or low.
C. Communicate compliance obstacles.
D. Report en employee activities

Answer 2

Answer: A

Question 3

A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host’s Operating System (OS) was not properly detected.
Where in the vulnerability assessment process did the erra MOST likely occur?
A. Detection
B. Enumeration
C. Reporting
D. Discovery

Answer 3

Answer: A

Question 4

Which of the following objects should be removed FIRST prior to uploading code to public code repositories?
A. Security credentials
B. Known vulnerabilities
C. Inefficient algorithms
D. Coding mistakes

Answer 4

Answer: A

Question 5

Which of the following is a common measure within a Local Area Network (LAN) to provide en additional level of security through segmentation?
A. Building Virtual Local Area Networks (VLAN)
B. Building Demilitarized Zones (DMZ)
C. Implementing a virus scanner
D. Implementing an Intrusion Detection System (IDS)

Answer 5

Answer: A

Question 6

What Is the FIRST step for a digital investigator to perform when using best practices to collect digital evidence from a potential crime scene?
A. Consult the lead investigate to team the details of the case and required evidence.
B. Assure that grounding procedures have been followed to reduce the loss of digital data due to static electricity discharge.
C. Update the Basic Input Output System (BIOS) and Operating System (OS) of any tools used to assure evidence admissibility.
D. Confirm that the appropriate warrants were issued to the subject of the investigation to eliminate illegal search claims.

Answer 6

Answer: D

Question 7

How can an attacker exploit overflow to execute arbitrary code?
A. Modify a function’s return address.
B. Alter the address of the stack.
C. Substitute elements in the stack.
D. Move the stack pointer.

Answer 7

Answer: A

Question 8

Which of the following is TRUE regarding equivalence class testing?
A. It is characterized by the stateless behavior of a process implemented In a function.
B. An entire partition can be covered by considering only one representative value from that partition.
C. Test inputs are obtained from the derived boundaries of the given functional specifications.
D. It is useful for testing communications protocols and graphical user interfaces.

Answer 8

Answer: C

Question 9

Which of the following is the BEST way to protect against structured Query language (SQL) injection?
A. Enforce boundary checking.
B. Restrict use of SELECT command.
C. Restrict Hyper Text Markup Language (HTNL) source code access.
D. Use stored procedures.

Answer 9

Answer: D

Question 10

Which of the following BEST describes the responsibilities of data owner?
A. Ensuing Quality and validation trough periodic audits for ongoing data integrity
B. Determining the impact the information has on the mission of the organization
C. Maintaining fundamental data availability, including data storage and archiving
D. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

Answer 10

Answer: B

Question 11

Which area of embedded devices are most commonly attacked?
A. Application
B. Firmware
C. Protocol
D. Physical Interface

Answer 11

Answer: A

Question 12

If virus infection is suspected, which of the following is the FIRST step for the user to take?
A. Unplug the computer from the network.
B. Save the opened files and shutdown the computer.
C. Report the incident to service desk.
D. Update the antivirus to the latest version.

Answer 12

Answer: C

Question 13

Which of the following MOST applies to session initiation protocal (SIP) security?
A. It leverages Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS).
B. It requires a Public Key Infrastructure (PKI).
C. It reuses security mechanisms derived from existing protocols.
D. It supports end-to-end security natively.

Answer 13

Answer: C

Question 14

Which layer of the Open systems Interconnection (OSI) model is being targeted in the event of a Synchronization (SYN) flood attack?
A. Session
B. Transport
C. Network
D. Presentation

Answer 14

Answer: B

Question 15

What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?
A. Business Impact Analysis (BIA)
B. Security Assessment Report (SAR)
C. Plan of Action and Milestones {POA&M)
D. Security Assessment Plan (SAP)

Answer 15

Answer: C

Question 16

When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs?
A. Regularity change the passwords,
B. implement a password vaulting solution.
C. Lock passwords in tamperproof envelopes in a safe.
D. Implement a strict access control policy.

Answer 16

Answer: B

Question 17

Which of the following actions MUST be performed when using secure multipurpose internet mail Extension (S/MIME) before sending an encrypted message to a recipient?
A. Digitally sign foe message.
B. Obtain the recipients private key.
C. Obtain the recipient’s digital certificate.
D. Encrypt attachments.

Answer 17

Answer: A

Question 18

Which type of test suite should be run for fast feedback during application develoment?
A. Full recession
B. End-to-end
C. Smoke
D. Specific functionality

Answer 18

Answer: C

Question 19

What are the roles within a scrum methodoligy?
A. System owner, scrum master, and development team
B. prduct owner, scrum master, and scrum team
C. Scrum master, requirements manager, and development team
D. Scrum master, quality assurance team, and scrum team

Answer 19

Answer: B

Question 20

What is the FIRST step required in establishing a records retention program?
A. Identify and inventory all records.
B. Identify and inventory all records storage locations
C. Classify records based on sensitivity.
D. Draft a records retention policy.

Answer 20

Answer: D

Question 21

Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?
A. Challenge Handshake Authentication Protocol (CHAP)
B. Point-to-Point Protocol (PPP)
C. Password Authentication Protocol (PAP)
D. Post Office Protocol (POP)

Answer 21

Answer: A

Question 22

An organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization’s general information technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?
A. Buffer overflow
B. Weak password able to lack of complexity rules
C. Distributed Denial of Service (DDoS)
D. Cross-Site Scripting (XSS)

Answer 22

Answer: A

Question 23

If a content management system (CMC) is implemented, which one of the following would occur?
A. Developers would no longer have access to production systems
B. The applications placed into production would be secure
C. Patching the systems would be completed more quickly
D. The test and production systems would be running the same software

Answer 23

Answer: D

Question 24

Which of the following is the BEST identity-as-a-service (IDaaS) solution for validating users?
A. Lightweight Directory Access Protocol (LDAP)
B. Security Assertion Markup Language (SAM.)
C. Single Sign-on (SSO)
D. Open Authentication (OAuth)

Answer 24

Answer: A

Question 25

Which layer handle packet fragmentation and reassembly in the Open system interconnection (OSI) Reference model?
A. Session
B. Transport
C. Data Link
D. Network

Answer 25

Answer: B

Question 26

What is the most effective form of media sanitization to ensure residual data cannot be retrieved?
A. Clearing
B. Destroying
C. Purging
D. Disposal

Answer 26

Answer: B

Question 27

Why is lexical obfuscation in software development discouraged by many organizations?
A. Problems writing test cases
B. Problems recovering systems after disaster
C. Problems compiling the code
D. Problems maintaining data connections

Answer 27

Answer: C

Question 28

What steps can be taken to prepare personally identifiable information (PII) for processing by a third party?
A. It is not necessary to protect PII as long as it is in the hands of the provider.
B. A security agreement with a Cloud Service Provider (CSP) was required so there is no concern.
C. The personal information should be maintained separately connected with a one-way reference.
D. The personal information can be hashed and then the data can be sent to an outside processor.

Answer 28

Answer: C

Question 29

Why are mobile devices something difficult to investigate in a forensic examination?
A. There are no forensics tools available for examination.
B. They may have proprietary software installed to protect them.
C. They may contain cryptographic protection.
D. They have password-based security at logon.

Answer 29

Answer: B

Question 30

Which of the following is a characteristic of a challenge/response authentication process?
A. Presenting distorted graphics of text for authentication
B. Transmitting a hash based on the user’s password
C. Using a password history blacklist
D. Requiring the use of non-consecutive numeric characters

Answer 30

Answer: A

Question 31

Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?
A. Whole device encryption with key escrow
B. Mobile Device Management (MDMJ with device wipe
C. Mobile device tracking with geolocation
D. Virtual Private Network (VPN) with traffic encryption

Answer 31

Answer: B

Question 32

Which of the following will help identify the source internet protocol (IP) address of malware being exected on a computer?
A. List of open network connections
B. Display Transmission Control Protocol/Internet Protocol (TCP/IP) network configuration information.
C. List of running processes
D. Display the Address Resolution Protocol (APP) table.

Answer 32

Answer: A

Question 33

Which of the following is critical if an empolyee is dismissed due to violation of an organization’s acceptable use policy (Aup) ?
A. Appropriate documentation
B. privilege suspension
C. proxy records
D. Internet access logs

Answer 33

Answer: A

Question 34

Which of the following findings would MOST likely indicate a high risk in a vulnerability assessment report?
A. Transmission control protocol (TCP) port 443 open
B. Non-standard system naming convention used
C. Unlicensed software installed
D. End of life system detected

Answer 34

Answer: A

Question 35

Digital certificates used transport Layer security (TLS) support which of the following?
A. Server identify and data confidentially
B. Information input validation
C. Multi-Factor Authentication (MFA)
D. Non-reputation controls and data encryption

Answer 35

Answer: A

Question 36

Which would result in the GREATEST import following a breach to a cloud environment?
A. The hypervisor host Is poorly seared
B. The same Logical Unit Number (LLN) is used for ail VMs
C. Insufficient network segregation
D. Insufficient hardening of Virtual Machines (VM)

Answer 36

Answer: C

Question 37

Which of the following in the BEST way to reduce the impact of an externally sourced flood attack?
A. Stock the source address at the firewall.
B. Have this service provide block the source address.
C. Block all inbound traffic until the flood ends.
D. Have the source service provider block the address

Answer 37

Answer: A

Question 38

Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?
A. Cloud directory
B. Directory synchronization
C. Assurance framework
D. Lightweight Directory Access Protocol (LDAP)

Answer 38

Answer: B

Question 39

Which of the following will have the MOST influence on the definition and creation of data classification and data ownership policies?
A. Data access control policies
B. Threat modeling
C. Common Criteria (CC)
D. Business Impact Analysis (BIA)

Answer 39

Answer: A

Question 40

A corporate security policy specifies that all devices on the network must have updated operating system patches and anti-malware software. Which technology should be used to enforce this policy?
A. Network Address Translation (NAT)
B. Stateful Inspection
C. Packet filtering
D. Network Access Control (NAC)

Answer 40

Answer: D

Question 41

When designing on Occupent Emergency plan (OEP) for United states (US) Federal government facilities, what factor must be considered?
A. location of emergency exits in building
B. Average age of the agency employees
C. Geographical location and structural design of building
D. Federal agency for which plan is being drafted

Answer 41

Answer: A

Question 42

Why should Open Web Application Security Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application?
A. ASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats.
B. Opportunistic attackers will look for any easily exploitable vulnerable applications.
C. Most regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications.
D. Securing applications at ASVS Level 1 provides adequate protection for sensitive data.

Answer 42

Answer: B

Question 43

Which of the following controls is the most for a system identified as critical in terms of data and function to the organization?
A. Preventive controls
B. Monitoring control
C. Cost controls
D. Compensating controls

Answer 43

Answer: B

Question 44

An organization operates a legacy Industrial Control System (ICS) to support its core business service, which carrot be replaced. Its management MUST be performed remotely through an administrative console software, which in tum depends on an old version of the Java Runtime Environment (JPE) known to be vulnerable to a number of attacks, How is this risk BEST managed?
A. Isolate the full ICS by moving It onto its own network segment
B. Air-gap and harden the host used for management purposes
C. Convince the management to decommission the ICS and mitigate to a modem technology
D. Deploy a restrictive proxy between all clients and the vulnerable management station

Answer 44

Answer: B

Question 45

Which of the following steps is performed during the forensic data analysis phase?
A. Collect known system files
B. search for relevant strings.
C. Create file lists
D. Recover deleted data.

Answer 45

Answer: B

Question 46

Which of the following practices provides the development of security and identification of threats in designing software?
A. Stakeholder review
B. Requirements review
C. Penetration testing
D. Threat modeling

Answer 46

Answer: D

Question 47

Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another
A. Sending assertions to an identity provider
B. Requesting Identity assertions from the partners domain
C. defining the identity mapping scheme
D. Having the resource provider query the Identity provider

Answer 47

Answer: C

Question 48

The adoption of an enterprise-wide business continuity program requires Which of the following?
A. Good communication throughout the organization
B. Formation of Disaster Recovery (DP) project team
C. A completed Business Impact Analysis (BIA)
D. Well-documented information asset classification

Answer 48

Answer: D

Question 49

Which of the following is the MOST important reason for using a chain of custody from?
A. To document those who were In possession of the evidence at every point In time
B. To collect records of all digital forensic professionals working on a case
C. To document collected digital evidence
D. To ensure that digital evidence is not overlooked during the analysis

Answer 49

Answer: A

Question 50

When conducting a security assessment of access controls , Which activity is port of the data analysis phase?
A. Collect logs and reports.
B. Present solutions to address audit exceptions.
C. Categorize and Identify evidence gathered during the audit
D. Conduct statiscal sampling of data transactions.

Answer 50

Answer: C

Question 51

The core component of Role Based Access control (RBAC) must be constructed of defined data elements. Which elements are required?
A. Users, permissions, operators, and protected objects
B. Users, rotes, operations, and protected objects
C. Roles, accounts, permissions, and protected objects
D. Roles, operations, accounts, and protected objects

Answer 51

Answer: B

Question 52

Which of the following should be included in a hardware retention policy? Which of the following should be included in a hardware retention policy?
A. The use of encryption technology to encrypt sensitive data prior to retention
B. Retention of data for only one week and outsourcing the retention to a third-party vendor
C. Retention of all sensitive data on media and hardware
D. A plan to retain data required only for business purposes and a retention schedule

Answer 52

Answer: A

Question 53

Individuals have been identified and determined as having a need-to-know for the information. Which of the following access control methods MUST include a consistent set of rules for controlling and limiting access?
A. Attribute Based Access Control (ABAC)
B. Role-Based Access Control (RBAC)
C. Discretionary Access Control (DAC)
D. Mandatory Access Control (MAC)

Answer 53

Answer: D

Question 54

When can a security program be considered effective?
A. Audits are rec/party performed and reviewed.
B. Vulnerabilities are proactively identified.
C. Risk is lowered to an acceptable level.
D. Badges are regulatory performed and validated

Answer 54

Answer: C

Question 55

Which of the following is the MOST important activity an organization performs to ensure that securiy is part of the overall organization culture?
A. Ensue security policies are issued to all employees
B. Perform formal reviews of security Incidents.
C. Manage a program of security audits.
D. Work with senior management to meet business goals.

Answer 55

Answer: C

Question 56

What is the PRIMARY benefit of analyzing the partition layout of a hard disk volume when performing forensic analysis?
A. Sectors which are not assigned to a perform may contain data that was purposely hidden.
B. Volume address information for he hard disk may have been modified.
C. partition tables which are not completely utilized may contain data that was purposely hidden
D. Physical address information for the hard disk may have been modified.

Answer 56

Answer: A

Question 57

Which of the following System and Organization Controls (SOC) report types should an organization request if they require a period of time report covering security and availability for a particular system?
A. SOC 1 Type1
B. SOC 1Type2
C. SOC 2 Type 1
D. SOC 2 Type 2

Answer 57

Answer: D

Question 58

Which of the following is the MOST important action regarding authentication?
A. Granting access rights
B. Enrolling in the system
C. Establishing audit controls
D. Obtaining executive authorization

Answer 58

Answer: B

Question 59

Which of the following is the BEST statement for a professional to include as port of business continuity (BC) procedure?
A. A full data backup must be done upon management request.
B. An incremental data backup must be done upon management request.
C. A full data backup must be done based on the needs of the business.
D. In incremental data backup must be done after each system change.

Answer 59

Answer: D

Question 60

Additional padding may be added to the Encapsulating security protocol (ESP) trailer to provide which of the following?
A. Data origin authentication
B. Partial traffic flow confidentiality
C. protection ao>ainst replay attack
D. Access control

Answer 60

Answer: C

Question 61

After a breach incident, investigators narrowed the attack to a specific network administrator’s credentials. However, there was no evidence to determine how the hackers obtained the credentials. Much of the following actions could have BEST avoided the above breach per the investigation described above?
A. A periodic review of network access loos
B. A periodic review of active users en the network
C. A periodic review of all privileged accounts actions
D. A periodic review of password strength of all users across the organization

Answer 61

Answer: C

Question 62

Which of the following is a characteristic of convert security testing?
A. Induces less risk than over testing
B. Tests staff knowledge and Implementation of the organization’s security policy
C. Focuses an Identifying vulnerabilities
D. Tests and validates all security controls in the organization

Answer 62

Answer: B

Question 63

copyright provides protection for which of the following?
A. Discoveries of natural phenomena
B. New and non-obvious invention
C. A particular expression of an idea
D. Ideas expressed n literary works

Answer 63

Answer: C

Question 64

An organization is required to comply with the Payment Card Industry Data Security Standard (PCI- DSS), what is the MOST effective approach to safeguard digital and paper media that contains cardholder data?
A. Use and regularity update antivirus software.
B. Maintain strict control over storage of media
C. Mandate encryption of cardholder data.
D. Configure firewall rules to protect the data.

Answer 64

Answer: C

Question 65

A vehicle of a private courier company that transports backup data for offsite storage was robbed while in transport backup data for offsite was robbed while in transit. The incident management team is now responsible to estimate the robbery, which of the following would help the incident management team to MOST effectively analyze the business impact of the robbery?
A. Log of backup administrative actions
B. Log of the transported media and its classification marking
C. Log of the transported media and Its detailed contents
D. Log of backed up data and their respective data custodians

Answer 65

Answer: B

Question 66

When should an application invoke re-authentication in addition to initial user authentication?
A. At the application sign-off
B. Periodically during a session
C. After a period of inactivity
D. For each business process

Answer 66

Answer: C

Question 67

Which of the following is the MOST important reason for timely installation of software patches?
A. Attackers may be conducting network analysis.
B. Patches ere only available for a specific time.
C. Attackers reverse engineer the exploit from the patch.
D. Patches may not be compatible with proprietary software

Answer 67

Answer: C

Question 68

Which of the following is a method of attacking internet (IP) v6 Layer 3 and Layer 4 ?
A. Synchronize sequence numbers (SVN) flooding
B. Internet Control Message Protocol (IOP) flooring
C. Domain Name Server [DNS) cache poisoning
D. Media Access Control (MAC) flooding

Answer 68

Answer: A

Question 69

Which of the following would present the higher annualized loss expectancy (ALE)?
A. Fire
B. Earthquake
C. Windstorm
D. Flood

Answer 69

Answer: A

Question 70

An organization wants to enable uses to authenticate across multiple security domains. To accomplish this they have decided to use Federated Identity Management (F1M). Which of the following is used behind the scenes in a FIM deployment?
A. Standard Generalized Markup Language (SGML)
B. Extensible Markup Language (XML)
C. Security Assertion Markup Language (SAML)
D. Transaction Authority Markup Language (XAML)

Answer 70

Answer: C

Question 71

Which of the following is the GREATEST security risk associated with the user of identity as a service (IDaaS) when an organization its own software?
A. Incompatibility with Federated Identity Management (FIM)
B. Increased likelihood of confidentiality breach
C. Denial of access due to reduced availability
D. Security Assertion Markup Language (SAM) integration

Answer 71

Answer: B

Question 72

In the common criteria (CC) for information technology (IT) security evaluation, increasing Evaluation Assurance Levels (EAL) results in which of the following?
A. Increased functionality
B. Increased interoperability
C. Increase in resource requirement
D. Increase in evaluated systems

Answer 72

Answer: B

Question 73

Which of the following initiates the system recovery phase of a disaster recovery plan?
A. Evacuating the disaster site
B. Assessing the extent of damage following the disaster
C. Issuing a formal disaster declaration
D. Activating the organization’s hot site

Answer 73

Answer: C

Question 74

Given a file containing ordered number, i.e. “123456789,” match each of the following redundant Array of independent Disks (RAID) levels to the corresponding visual representation visual representation. Note: P() = parity.
Drag each level to the appropriate place on the diagram.

Answer 74

Question 75

Which of the following will help prevent improper session handling?
A. Ensure that all UlWebView calls do not execute without proper input validation.
B. Ensure that tokens are sufficiently long, complex, and pseudo-random.
C. Ensure JavaScript and plugin support is disabled.
D. Ensure that certificates are valid and fail closed.

Answer 75

Answer: B

Question 76

An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third- party information technology (IT) systems. During the due diligence process, the third party provides previous audit report on its IT system.
Which of the following MUST be considered by the organization in order for the audit reports to be acceptable?
A. The audit assessment has been conducted by an independent assessor.
B. The audit reports have been signed by the third-party senior management.
C. The audit reports have been issued in the last six months.
D. The audit assessment has been conducted by an international audit firm.

Answer 76

Answer: A

Question 77

Utilizing a public wireless Local Area network (WLAN) to connect to a private network should be done only in which of the following situations?
A. Extensible Authentication Protocol (EAP) is utilized to authenticate the user.
B. The client machine has a personal firewall and utilizes a Virtual Private Network (VPN) to connect to the network.
C. The client machine has antivirus software and has been seamed to determine if unauthorized ports are open.
D. The wireless Access Point (AP) is placed in the internal private network.

Answer 77

Answer: A

Question 78

Which of the following technologies would provide the BEST alternative to anti-malware software?
A. Host-based Intrusion Detection Systems (HIDS)
B. Application whitelisting
C. Host-based firewalls
D. Application sandboxing

Answer 78

Answer: B

Question 79

Which of the following is MOST critical in a contract in a contract for data disposal on a hard drive with a third party?
A. Authorized destruction times
B. Allowed unallocated disk space
C. Amount of overwrites required
D. Frequency of recovered media

Answer 79

Answer: C

Question 80

Which of the following attributes could be used to describe a protection mechanism of an open design methodology?
A. lt must be tamperproof to protect it from malicious attacks.
B. It can facilitate independent confirmation of the design security.
C. It can facilitate blackbox penetration testing.
D. It exposes the design to vulnerabilities and malicious attacks.

Answer 80

Answer: A

Question 81

What is a common mistake in records retention?
A. Having the organization legal department create a retention policy
B. Adopting a retention policy based on applicable organization requirements
C. Having the Human Resource (HR) department create a retention policy
D. Adopting a retention policy with the longest requirement period

Answer 81

Answer: C

Question 82

Which inherent password weakness does a One Time Password (OTP) generator overcome?
A. Static passwords must be changed frequently.
B. Static passwords are too predictable.
C. Static passwords are difficult to generate.
D. Static passwords are easily disclosed.

Answer 82

Answer: D

Question 83

What is the BEST way to establish identity over the internet?
A. Challenge Handshake Authentication Protocol (CHAP) and strong passwords
B. Internet Mail Access Protocol (IMAP) with Triple Data Encryption Standard (3DES)
C. Remote Authentication Dial-In User Service (RADIUS) server with hardware tokens
D. Remote user authentication via Simple Object Access Protocol (SOAP)

Answer 83

Answer: D

Question 84

The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health information (PHI) data leak?
A. Auditing
B. Anonymization
C. Privacy monitoring
D. Data retention

Answer 84

Answer: B

Question 85

Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?
A. Principle of Least Privilege
B. Principle of Separation of Duty
C. Principle of Secure Default
D. principle of Fail Secure

Answer 85

Answer: D

Question 86

What does the term “100-year floodplain” mean to emergency preparedness officials?
A. The area is expected to be safe from flooding for at least 100 years.
B. The odds of a flood at this level are 1 in 100 in any given year.
C. The odds are that the next significant flood will hit within the next 100 years.
D. The last flood of any kind to hit the area was more than 100 years ago.

Answer 86

Answer: B

Question 87

Which layer of the Open system Interconnect (OSI) model is responsible for secure data transfer between applications, flow control, and error detection and correction?
A. Layer 2
B. Layer 4
C. Layer 5
D. Layer 6

Answer 87

Answer: B

Question 88

Which of the following is the PRIMARY consideration when determining the frequency an automated control should be assessed or monitored?
A. The complexity of the automated control
B. The level of automation of the control
C. The range of values of the automated control
D. The volatility of the automated control

Answer 88

Answer: B

Question 89

An organization that has achieved a Capability Maturity model Integration (CMMI) level of 4 has done which of the following?
A. Addressed continuous innovative process improvement
B. Addressed the causes of common process variance
C. Achieved optimized process performance
D. Achieved predictable process performance

Answer 89

Answer: C

Question 90

What is the MOST effective way to protect privacy?
A. Eliminate or reduce collection of personal information.
B. Encrypt all collected personal information.
C. Classify all personal information at the highest information classification level.
D. Apply tokenization to all personal information records.

Answer 90

Answer: D

Question 91

Internet protocol security (IPSec), point-to-point tunneling protocol (PPTP), and secure sockets Layer (SSL) all use Which of the following to prevent replay attacks?
A. Large Key encryption
B. Single integrity protection
C. Embedded sequence numbers
D. Randomly generated nonces

Answer 91

Answer: C

Question 92

Which of the following job functions MUST be separated to maintain data and application integrity?
A. Applications development and systems analysis
B. Production control and data control functions
C. Scheduling and computer operations
D. Systems development and systems maintenance

Answer 92

Answer: D

Question 93

Which of the following authorization standards is built to handle Application programming Interface (API) access for federated Identity management (FIM)?
A. Remote Authentication Dial-In User Service (RADIUS)
B. Terminal Access Controller Access Control System Plus (TACACS+)
C. Open Authentication (OAuth)
D. Security Assertion Markup Language (SAML)

Answer 93

Answer: C

Question 94

What is the MOST effective way to determine a mission critical asset in an organization?
A. Vulnerability analysis
B. business process analysis
C. Threat analysis
D. Business risk analysis

Answer 94

Answer: B

Question 95

Information security metrics provide the GREATEST value tp management when based upon the security manager’s knowledge of which of the following?
A. Likelihood of a security breach
B. Value of information assets
C. Cost of implementing effective controls
D. Benefits related to quantitative analysts

Answer 95

Answer: B

Question 96

Who determines the required level of independence for security control Assessors (SCA)?
A. Business owner
B. Authorizing Official (AO)
C. Chief Information Security Officer (CISC)
D. System owner

Answer 96

Answer: B

Question 97

What high Availability (HA) option of database allows multiple clients to access multiple database servers simultaneously?
A. Non-Structured Query Language (NoSQL) database
B. Relational database
C. Shadow database
D. Replicated database

Answer 97

Answer: C

Question 98

A. Verify the camera’s log for recent logins outside of the Internet Technology (IT) department.
B. Verify the security and encryption protocol the camera uses.
C. Verify the security camera requires authentication to log into the management console.
D. Verify the most recent firmware version is installed on the camera.

Answer 98

Answer: D

Question 99

Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?
A. Internal audit
B. Internal controls
C. Board review
D. Risk management

Answer 99

Answer: B

Question 100

Which of the following can be used to calculate the loss event probability?
A. Total number of possible outcomes divided by frequency of outcomes
B. Number of outcomes divided by total number of possible outcomes
C. Number of outcomes multiplied by total number of possible outcomes
D. Total number of possible outcomes multiplied by frequency of outcomes

Answer 100

Answer: B