Group 9

Question 1

Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?
A. Privacy Act of 1974
B. Clinger-Cohan Act of 1996
C. Sarbanes-Oxley (SOX) Act of 2002
D. International Organization for Standardization (ISO) 27001

Answer 1

Answer: C

Question 2

Which of the following is used to detect steganography?
A. Audio analysis
B. Statistical analysis
C. Reverse engineering
D. Cryptanalysis

Answer 2

Answer: C

Question 3

Which is the MOST critical aspect of computer-generated evidence?
A. Objectivity
B. Integrity
C. Timeliness
D. Relevancy

Answer 3

Answer: B

Question 4

Which of the following media is LEAST problematic with data remanence?
A. Dynamic Random Access Memory (DRAM)
B. Electrically Erasable Programming Read-Only Memory (BPRCM)
C. Flash memory
D. Magnetic disk

Answer 4

Answer: A

Question 5

Which open standard could l large corporation deploy for authorization services for single sign-on (SSO) use across multiple internal and external application?
A. Terminal Access Controller Access Control System (TACACS)
B. Security Assertion Markup Language (SAML)
C. Lightweight Directory Access Protocol (LDAP)
D. Active Directory Federation Services (ADFS)

Answer 5

Answer: B

Question 6

Which of the following statements is TRUE regarding equivalence class testing?
A. Test inputs are obtained from the derived boundaries of the given functional specifications.
B. It is characterized by the stateless behavior of a process implemented in a function.
C. An entire partition can be covered by considering only one representative value from that partition.
D. It is useful for testing communications protocols and graphical user interfaces.

Answer 6

Answer: C

Question 7

A large corporation is looking for a solution to automate access based on where the request is coming from, who the user is, what device they are connecting with, and what and time of day they are attempting this access. What type of solution would suit their needs?
A. Mandatory Access Control (MAC)
B. Network Access Control (NAC)
C. Role Based Access Control (RBAC)
D. Discretionary Access Control (DAC)

Answer 7

Answer: B

Question 8

Which of the following techniques is MOST useful when dealing with Advanced persistent Threat (APT) intrusions on live virtualized environments?
A. Antivirus operations
B. Reverse engineering
C. Memory forensics
D. Logfile analysis

Answer 8

Answer: B

Question 9

Which of the following MUST an organization do to effectively communicate is security strategy to all affected parties?
A. Involve representatives from each key organizational area.
B. Provide regular updates to the board of directors.
C. Notify staff of changes to the strategy.
D. Remove potential communication barriers.

Answer 9

Answer: C

Question 10

When using Security Assertion markup language (SAML), it is assumed that the principal subject
A. accepts persistent cookies from the system.
B. allows Secure Sockets Layer (SSL) for data exchanges.
C. is on a system that supports remote authorization.
D. enrolls with at least one identity provider.

Answer 10

Answer: D

Question 11

A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host’s Operating system (OS) was not properly detected.
Where in the vulnerability assessment process did the error MOST likely occur?
A. Enumeration
B. Detection
C. Reporting
D. Discovery

Answer 11

Answer: A

Question 12

Which of the below strategies would MOST comprehensively address the risk of malicious insiders leaking sensitive information?
A. Data Loss Protection (DIP), firewalls, data classification
B. Least privilege access, Data Loss Protection (DLP), physical access controls
C. Staff vetting, least privilege access, Data Loss Protection (DLP)
D. Background checks, data encryption, web proxies

Answer 12

Answer: B

Question 13

What is the FIRST step required in establishing a records retention program?
A. Identify and inventory all records storage locations.
B. Classify records based on sensitivity.
C. Identify and inventory all records.
D. Draft a records retention policy.

Answer 13

Answer: D

Question 14

Functional security testing is MOST critical during which phase of the system development life cycle (SDLC)?
A. Operations / Maintenance
B. Implementation
C. Acquisition / Development
D. Initiation

Answer 14

Answer: B

Question 15

What is the threat modeling order using process for Attack simu-lation and threat analysis (PASTA)?
A. Application decomposition, threat analysis, vulnerability detection, attack enumeration, risk/impact analysis
B. Threat analysis, vulnerability detection, application decomposition, attack enumeration, risk/Impact analysis
C. Risk/impact analysis, application decomposition, threat analysis, vulnerability detection, attack enumeration
D. Application decomposition, threat analysis, risk/impact analysis, vulnerability detection, attack enumeration

Answer 15

Answer: A

Question 16

Which is the RECOMMENDED configuration mode for sensors for an intrusion prevention system (IPS) if the prevention capabilities will be used?
A. Active
B. Passive
C. Inline
D. Span

Answer 16

Answer: C

Question 17

An organization implements a remote access server (RAS), Once users connect to the server, digital certificates are used to authenticate their identity. What type of extensible Authentication protocol (EAP) would the organization use during this authentication?
A. Message Digest 5 (MD5)
B. Subscriber Identity Module (SIM)
C. Lightweight Extensible Authentication Protocol (EAP)
D. Transport layer security (TLS)

Answer 17

Answer: D

Question 18

An analysis finds unusual activity coming from a computer that was thrown away several months prior, which of the following steps ensure the proper removal of the system?
A. Deactivation
B. Decommission
C. Deploy
D. Procure

Answer 18

Answer: B

Question 19

As a security manger which of the following is the MOST effective practice for providing value to an organization?
A. Assess business risk and apply security resources accordingly
B. Coordinate security implementations with internal audit
C. Achieve compliance regardless of related technical issues
D. Identify confidential information and protect it

Answer 19

Answer: D

Question 20

Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength.
Drag the authentication type on the correct positions on the right according to strength from weakest to strongest.

Answer 20

Question 21

Which of the following BEST provides for non-repudiation od user account actions?
A. Centralized authentication system
B. File auditing system
C. Managed Intrusion Detection System (IDS)
D. Centralized logging system

Answer 21

Answer: D

Question 22

What type of access control determines the authorization to resource based on pre-defined job titles within an organization?
A. Role-Based Access Control (RBAC)
B. Role-based access control
C. Non-discretionary access control
D. Discretionary Access Control (DAC)

Answer 22

Answer: A

Question 23

As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these accounts maintained their old permissions as well. The obsolete permissions identified by the audit have been remediated and accounts have only the appropriate permissions to complete their jobs.
Which of the following is the BEST way to prevent access privilege creep?
A. Implementing Identity and Access Management (IAM) solution
B. Time-based review and certification
C. Internet audit
D. Trigger-based review and certification

Answer 23

Answer: A

Question 24

Continuity of operations is BEST supported by which of the following?
A. Confidentiality, availability, and reliability
B. Connectivity, reliability, and redundancy
C. Connectivity, reliability, and recovery
D. Confidentiality, integrity, and availability

Answer 24

Answer: B

Question 25

Which of the following is true of Service Organization Control (SOC) reports?
A. SOC 1 Type 2 reports assess the security, confidentiality, integrity, and availability of an organization’s controls
B. SOC 2 Type 2 reports include information of interest to the service organization’s management
C. SOC 2 Type 2 reports assess internal controls for financial reporting
D. SOC 3 Type 2 reports assess internal controls for financial reporting

Answer 25

Answer: B

Question 26

What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?
A. Manual inspections and reviews
B. Penetration testing
C. Threat modeling
D. Source code review

Answer 26

Answer: C

Question 27

Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security?
A. Peer authentication
B. Payload data encryption
C. Session encryption
D. Hashing digest

Answer 27

Answer: C

Question 28

What is the MOST common component of a vulnerability management framework?
A. Risk analysis
B. Patch management
C. Threat analysis
D. Backup management

Answer 28

Answer: B

Question 29

A new Chief Information Officer (CIO) created a group to write a data retention policy based on applicable laws. Which of the following is the PRIMARY motivation for the policy?
A. To back up data that is used on a daily basis
B. To dispose of data in order to limit liability
C. To reduce costs by reducing the amount of retained data
D. To classify data according to what it contains

Answer 29

Answer: B

Question 30

What determines the level of security of a combination lock?
A. Complexity of combination required to open the lock
B. Amount of time it takes to brute force the combination
C. The number of barrels associated with the internal mechanism
D. The hardness score of the metal lock material

Answer 30

Answer: A

Question 31

A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3c?
A. It verifies the integrity of the file.
B. It checks the file for malware.
C. It ensures the entire file downloaded.
D. It encrypts the entire file.

Answer 31

Answer: A

Question 32

Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?
A. The acquiring organization
B. The service provider
C. The risk executive (function)
D. The IT manager

Answer 32

Answer: C

Question 33

Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?
A. An attack which forces an end user to execute unwanted actions on a web application in which they are currently authenticated
B. An attack that injects a script into a web page to execute a privileged command
C. An attack that makes an illegal request across security zones and thereby forges itself into the security database of the system
D. An attack that forges a false Structure Query Language (SQL) command across systems

Answer 33

Answer: A

Question 34

Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues?
A. Test
B. Assessment
C. Review
D. Peer review

Answer 34

Answer: C

Question 35

Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host?
A. An Intrusion Detection System (IDS) has dropped the packets.
B. The network is connected using switches.
C. The network is connected using hubs.
D. The network’s firewall does not allow sniffing.

Answer 35

Answer: A

Question 36

Which of the following is the final phase of the identity and access provisioning lifecycle?
A. Recertification
B. Revocation
C. Removal
D. Validation

Answer 36

Answer: B

Question 37

Which of the following is mobile device remote fingerprinting?
A. Installing an application to retrieve common characteristics of the device
B. Storing information about a remote device in a cookie file
C. Identifying a device based on common characteristics shared by all devices of a certain type
D. Retrieving the serial number of the mobile device

Answer 37

Answer: C

Question 38

Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider’s customers?
A. Security
B. Privacy
C. Access
D. Availability

Answer 38

Answer: C

Question 39

Which of the following open source software issues pose the MOST risk to an application?
A. The software is beyond end of life and the vendor is out of business.
B. The software is not used or popular in the development community.
C. The software has multiple Common Vulnerabilities and Exposures (CVE) and only some are remediated.
D. The software has multiple Common Vulnerabilities and Exposures (CVE) but the CVEs are classified as low risks.

Answer 39

Answer: D

Question 40

Which of the following is the PRIMARY mechanism used to limit the range of objects available to a given subject within different execution domains?
A. Process isolation
B. Data hiding and abstraction
C. Use of discrete layering and Application Programming Interfaces (API)
D. Virtual Private Network (VPN)

Answer 40

Answer: C

Question 41

Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized?
A. Information Owner (IO)
B. System Administrator
C. Business Continuity (BC) Manager
D. Chief Information Officer (CIO)

Answer 41

Answer: A

Question 42

What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?
A. Isolate and contain the intrusion.
B. Notify system and application owners.
C. Apply patches to the Operating Systems (OS).
D. Document and verify the intrusion.

Answer 42

Answer: C

Question 43

Which of the following needs to be taken into account when assessing vulnerability?
A. Risk identification and validation
B. Threat mapping
C. Risk acceptance criteria
D. Safeguard selection

Answer 43

Answer: A

Question 44

For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?
A. Network architecture
B. Integrity
C. Identity Management (IdM)
D. Confidentiality management

Answer 44

Answer: A

Question 45

Which of the following is the key requirement for test results when implementing forensic procedures?
A. The test results must be cost-effective.
B. The test result must be authorized.
C. The test results must be quantifiable.
D. The test results must be reproducible.

Answer 45

Answer: B

Question 46

An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?
A. Reasonable data
B. Population of required fields
C. Allowed number of characters
D. Session testing

Answer 46

Answer: C

Question 47

An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application?
A. Reasonable data testing
B. Input validation testing
C. Web session testing
D. Allowed data bounds and limits testing

Answer 47

Answer: B

Question 48

Which of the following techniques BEST prevents buffer overflows?
A. Boundary and perimeter offset
B. Character set encoding
C. Code auditing
D. Variant type and bit length

Answer 48

Answer: B

Question 49

A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system?
A. Intrusion Prevention System (IPS)
B. Denial of Service (DoS) protection solution
C. One-time Password (OTP) token
D. Web Application Firewall (WAF)

Answer 49

Answer: A

Question 50

A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach?
A. Reduce application development costs.
B. Potential threats are addressed later in the Software Development Life Cycle (SDLC).
C. Improve user acceptance of implemented security controls.
D. Potential threats are addressed earlier in the Software Development Life Cycle (SDLC).

Answer 50

Answer: D

Question 51

A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process?
A. Select and procure supporting technologies.
B. Determine a budget and cost analysis for the program.
C. Measure effectiveness of the program’s stated goals.
D. Educate and train key stakeholders.

Answer 51

Answer: C

Question 52

Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process?
A. Build and test
B. Implement security controls
C. Categorize Information System (IS)
D. Select security controls

Answer 52

Answer: A

Question 53

Which of the following BEST describes how access to a system is granted to federated user accounts?
A. With the federation assurance level
B. Based on defined criteria by the Relying Party (RP)
C. Based on defined criteria by the Identity Provider (IdP)
D. With the identity assurance level

Answer 53

Answer: C

Question 54

Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?
A. Simplicity of network configuration and network monitoring
B. Removes the need for decentralized management solutions
C. Removes the need for dedicated virtual security controls
D. Simplicity of network configuration and network redundancy

Answer 54

Answer: A

Question 55

Which of the following would an internal technical security audit BEST validate?
A. Whether managerial controls are in place
B. Support for security programs by executive management
C. Appropriate third-party system hardening
D. Implementation of changes to a system

Answer 55

Answer: D

Question 56

Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates?
A. Penetration testing
B. Vulnerability management
C. Software Development Life Cycle (SDLC)
D. Life cycle management

Answer 56

Answer: B

Question 57

A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need?
A. Cloud Virtual Machines (VM)
B. Cloud application container within a Virtual Machine (VM)
C. On premises Virtual Machine (VM)
D. Self-hosted Virtual Machine (VM)

Answer 57

Answer: A

Question 58

Change management policies and procedures belong to which of the following types of controls?
A. Directive
B. Detective
C. Corrective
D. Preventative

Answer 58

Answer: A

Question 59

What access control scheme uses fine-grained rules to specify the conditions under which access to each data item or applications is granted?
A. Mandatory Access Control (MAC)
B. Discretionary Access Control (DAC)
C. Role Based Access Control (RBAC)
D. Attribute Based Access Control (ABAC)

Answer 59

Answer: D

Question 60

Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation?
A. The criteria for measuring risk is defined.
B. User populations to be assigned to each role is determined.
C. Role mining to define common access patterns is performed.
D. The foundational criteria are defined.

Answer 60

Answer: B

Question 61

Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?
A. Definitions for each exposure type
B. Vulnerability attack vectors
C. Asset values for networks
D. Exploit code metrics

Answer 61

Answer: C

Question 62

In order for application developers to detect potential vulnerabilities earlier during the Software Development Life Cycle (SDLC), which of the following safeguards should be implemented FIRST as part of a comprehensive testing framework?
A. Source code review
B. Acceptance testing
C. Threat modeling
D. Automated testing

Answer 62

Answer: A

Question 63

Physical assets defined in an organization’s Business Impact Analysis (BIA) could include which of the following?
A. Personal belongings of organizational staff members
B. Supplies kept off-site at a remote facility
C. Cloud-based applications
D. Disaster Recovery (DR) line-item revenues

Answer 63

Answer: B

Question 64

What is the best way for mutual authentication of devices belonging to the same organization?
A. Token
B. Certificates
C. User ID and passwords
D. Biometric

Answer 64

Answer: A

Question 65

Which of the following encryption types is used in Hash Message Authentication Code (HMAC) for key distribution?
A. Symmetric
B. Asymmetric
C. Ephemeral
D. Permanent

Answer 65

Answer: A

Question 66

Compared with hardware cryptography, software cryptography is generally
A. less expensive and slower.
B. more expensive and faster.
C. more expensive and slower.
D. less expensive and faster.

Answer 66

Answer: A

Question 67

A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security Officer (CISO) says that the cloud provider has met all regulations requirements and even provides its own encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation?
A. No, because the encryption solution is internal to the cloud provider.
B. Yes, because the cloud provider meets all regulations requirements.
C. Yes, because the cloud provider is GDPR compliant.
D. No, because the cloud provider is not certified to host government data.

Answer 67

Answer: B

Question 68

An employee receives a promotion that entities them to access higher-level functions on the company’s accounting system, as well as keeping their access to the previous system that is no longer needed or applicable. What is the name of the process that tries to remove this excess privilege?
A. Access provisioning
B. Segregation of Duties (SoD)
C. Access certification
D. Access aggregation

Answer 68

Answer: B

Question 69

Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?
A. Data at rest protection
B. Transport Layer Security (TLS)
C. Role Based Access Control (RBAC)
D. One-way encryption

Answer 69

Answer: A

Question 70

Why might a network administrator choose distributed virtual switches instead of stand-alone switches for network segmentation?
A. To standardize on a single vendor
B. To ensure isolation of management traffic
C. To maximize data plane efficiency
D. To reduce the risk of configuration errors

Answer 70

Answer: C

Question 71

An organization has implemented a new backup process which protects confidential data by encrypting the information stored on backup tapes. Which of the following is a MAJOR data confidentiality concern after the implementation of this new backup process?
A. Tape backup rotation
B. Pre-existing backup tapes
C. Tape backup compression
D. Backup tape storage location

Answer 71

Answer: D

Question 72

Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available. Which of the following MUST Organization A 0do to property classify and secure the acquired data?
A. Assign data owners from Organization A to the acquired data.
B. Create placeholder accounts that represent former users from Organization B.
C. Archive audit records that refer to users from Organization A.
D. Change the data classification for data acquired from Organization B.

Answer 72

Answer: A

Question 73

An organization has a short-term agreement with a public Cloud Service Provider (CSP). Which of the following BEST protects sensitive data once the agreement expires and the assets are reused?
A. Recommended that the business data owners use continuous monitoring and analysis of applications to prevent data loss.
B. Recommend that the business data owners use internal encryption keys for data-at-rest and data- in-transit to the storage environment.
C. Use a contractual agreement to ensure the CSP wipes the data from the storage environment.
D. Use a National Institute of Standards and Technology (NIST) recommendation for wiping data on the storage environment.

Answer 73

Answer: C

Question 74

Which of the following techniques is effective to detect taps in fiber optic cables?
A. Taking baseline signal level of the cable
B. Measuring signal through external oscillator solution devices
C. Outlining electromagnetic field strength
D. Performing network vulnerability scanning

Answer 74

Answer: B

Question 75

When would an organization review a Business Continuity Management (BCM) system?
A. When major changes occur on systems
B. When personnel changes occur
C. Before and after Disaster Recovery (DR) tests
D. At planned intervals

Answer 75

Answer: D

Question 76

Which of the following is a characteristic of the independent testing of a program?
A. Independent testing increases the likelihood that a test will expose the effect of a hidden feature.
B. Independent testing decreases the likelihood that a test will expose the effect of a hidden feature.
C. Independent testing teams help decrease the cost of creating test data and system design specification.
D. Independent testing teams help identify functional requirements and Service Level Agreements (SLA)

Answer 76

Answer: A

Question 77

Which of the following MUST be considered when developing business rules for a data loss prevention (DLP) solution?
A. Data availability
B. Data sensitivity
C. Data ownership
D. Data integrity

Answer 77

Answer: B

Question 78

What is the BEST approach for maintaining ethics when a security professional is unfamiliar with the culture of a country and is asked to perform a questionable task?
A. Exercise due diligence when deciding to circumvent host government requests.
B. Become familiar with the means in which the code of ethics is applied and considered.
C. Complete the assignment based on the customer’s wishes.
D. Execute according to the professional’s comfort level with the code of ethics.

Answer 78

Answer: B

Question 79

Which of the following activities is MOST likely to be performed during a vulnerability assessment?
A. Establish caller authentication procedures to verify the identities of users.
B. Analyze the environment by conducting interview sessions with relevant parties.
C. Document policy exceptions required to access systems in non-compliant areas.
D. Review professorial credentials of the vulnerability assessment team or vendor.

Answer 79

Answer: D

Question 80

Which of the following is the BEST defense against password guessing?
A. Limit external connections to the network.
B. Disable the account after a limited number of unsuccessful attempts.
C. Force the password to be changed after an invalid password has been entered.
D. Require a combination of letters, numbers, and special characters in the password.

Answer 80

Answer: D

Question 81

Why would a security architect specify that a default route pointing to a sinkhole be injected into internal networks?
A. To have firewalls route all network traffic
B. To detect the traffic destined to non-existent network destinations
C. To exercise authority over the network department
D. To re-inject the route into external networks

Answer 81

Answer: B

Question 82

Which one of the following documentation should be included in a Disaster Recovery (DR) package?
A. Source code, compiled code, firmware updates, operational log book and manuals.
B. Data encrypted in original format, auditable transaction data, and recovery instructions for future extraction on demand.
C. Hardware configuration instructions, hardware configuration software, an operating system image, a data restoration option, media retrieval instructions,…..
D. System configuration including hardware, software, hardware, interfaces, software Application Programming Interface (API) configuration, data structure, ….

Answer 82

Answer: C

Question 83

How long should the records on a project be retained?
A. For the duration of the project, or at the discretion of the record owner
B. Until they are no longer useful or required by policy
C. Until five years after the project ends, then move to archives
D. For the duration of the organization fiscal year

Answer 83

Answer: B

Question 84

Which of the following phases involves researching a target’s configuration from public sources when performing a penetration test?
A. Information gathering
B. Social engineering
C. Target selection
D. Traffic enumeration

Answer 84

Answer: A

Question 85

Which of the following provides the BEST method to verify that security baseline configurations are maintained?
A. Perform regular system security testing.
B. Design security early in the development cycle.
C. Analyze logs to determine user activities.
D. Perform quarterly risk assessments.

Answer 85

Answer: A

Question 86

Which attack defines a piece of code that is inserted into software to trigger a malicious function?
A. Phishing
B. Salami
C. Back door
D. Logic bomb

Answer 86

Answer: D

Question 87

Which of the following is the MOST critical success factor in the security patch management process?
A. Tracking and reporting on inventory
B. Supporting documentation
C. Management review of reports
D. Risk and impact analysis

Answer 87

Answer: A

Question 88

A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?
A. Network perimeters
B. Demilitarized Zones (DM2)
C. Databases and back-end servers
D. End-user devices

Answer 88

Answer: D

Question 89

Which of the following is the BEST technique to facilitate secure software development?
A. Adhere to secure coding practices for the software application under development.
B. Conduct penetrating testing for the software application under development.
C. Develop a threat modeling review for the software application under development.
D. Perform a code review process for the software application under development.

Answer 89

Answer: A

Question 90

What is the MAIN reason to ensure the appropriate retention periods are enforced for data stored on electronic media?
A. To reduce the carbon footprint by eliminating paper
B. To create an inventory of data assets stored on disk for backup and recovery
C. To declassify information that has been improperly classified
D. To reduce the risk of loss, unauthorized access, use, modification, and disclosure

Answer 90

Answer: D

Question 91

For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following?
A. Access Control
B. Account Management
C. Authentication
D. Authorization

Answer 91

Answer: C

Question 92

What is the BEST way to correlate large volumes of disparate data sources in a Security Operations Center (SOC) environment?
A. Implement Intrusion Detection System (IDS).
B. Implement a Security Information and Event Management (SIEM) system.
C. Hire a team of analysts to consolidate data and generate reports.
D. Outsource the management of the SOC.

Answer 92

Answer: B

Question 93

Which of the following steps should be conducted during the FIRST phase of software assurance in a generic acquisition process?
A. Establishing and consenting to the contract work schedule
B. Issuing a Request for proposal (RFP) with a work statement
C. Developing software requirements to be included in work statement
D. Reviewing and accepting software deliverables

Answer 93

Answer: C

Question 94

Assume that a computer was powered off when an information security professional arrived at a crime scene. Which of the following actions should be performed after the crime scene is isolated?
A. Turn the computer on and collect volatile data.
B. Turn the computer on and collect network information.
C. Leave the computer off and prepare the computer for transportation to the laboratory
D. Remove the hard drive, prepare it for transportation, and leave the hardware ta the scene.

Answer 94

Answer: C

Question 95

Which of the following is used to support the concept of defense in depth during the development phase of a software product?
A. Maintenance hooks
B. Polyinstiation
C. Known vulnerability list
D. Security auditing

Answer 95

Answer: B

Question 96

An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy?
A. The CSP determines data criticality.
B. The CSP provides end-to-end encryption services.
C. The CSP’s privacy policy may be developer by the organization.
D. The CSP may not be subject to the organization’s country legation.

Answer 96

Answer: D

Question 97

Individual access to a network is BEST determined based on
A. risk matrix.
B. value of the data.
C. business need.
D. data classification.

Answer 97

Answer: C

Question 98

The MAIN task of promoting security for Personal Computers (PC) is
A. understanding the technical controls and ensuring they are correctly installed.
B. understanding the required systems and patching processes for different Operating Systems (OS).
C. making sure that users are using only valid, authorized software, so that the chance of virus infection
D. making users understand the risks to the machines and data, so they will take appropriate steps to project them.

Answer 98

Answer: C

Question 99

The Secure Shell (SSH) version 2 protocol supports.
A. availability, accountability, compression, and integrity,
B. authentication, availability, confidentiality, and integrity.
C. accountability, compression, confidentiality, and integrity.
D. authentication, compression, confidentiality, and integrity.

Answer 99

Answer: D

Question 100

What protocol is often used between gateway hosts on the Internet’ To control the scope of a Business Continuity Management (BCM) system, a security practitioner should identify which of the following?
A. Size, nature, and complexity of the organization
B. Business needs of the security organization
C. All possible risks
D. Adaptation model for future recovery planning

Answer 100

Answer: B