Quick Links
Why Us
Unlimited Packages
Site Secure
TESTED 23 Nov 2024
We Accept
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?
Security related breaches are assessed and contained through which of the following?
What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?
SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:
What is the FIRST step in developing the vulnerability management program?
Which of the following statements about Encapsulating Security Payload (ESP) is true?
An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
A key cybersecurity feature of a Personal Identification Verification (PIV) Card is:
You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.
Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct. What is the NEXT step?
An organization has a number of Local Area Networks (LANs) linked to form a single Wide Area Network
(WAN). Which of the following would BEST ensure network continuity?
When updating the security strategic planning document what two items must be included?
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?
Smith, the project manager for a larger multi-location firm, is leading a software project team that has 18
members, 5 of which are assigned to testing. Due to recent recommendations by an organizational quality audit
team, the project manager is convinced to add a quality professional to lead to test team at additional cost to
the project.
The project manager is aware of the importance of communication for the success of the project and takes the
step of introducing additional communication channels, making it more complex, in order to assure quality
levels of the project. What will be the first project management document that Smith should change in order to
accommodate additional communication channels?
If the result of an NPV is positive, then the project should be selected. The net present value shows the present
value of the project, based on the decisions taken for its selection. What is the net present value equal to?
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
How can you reduce the administrative burden of distributing symmetric keys for your employer?
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When formulating the remediation plan, what is a required input?
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
Symmetric encryption in general is preferable to asymmetric encryption when:
Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?
A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?
You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?
Why is it vitally important that senior management endorse a security policy?
Which of the following is MOST important when dealing with an Information Security Steering committee:
Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:
The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:
Which of the following can the company implement in order to avoid this type of security issue in the future?
A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?
Which of the following is critical in creating a security program aligned with an organization’s goals?
Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?
Which of the following represents the BEST method of ensuring security program alignment to business needs?
This occurs when the quantity or quality of project deliverables is expanded from the original project plan.
A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?
How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?
The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?
Which is the BEST solution to monitor, measure, and report changes to critical data in a system?
Which of the following activities is the MAIN purpose of the risk assessment process?
When you develop your audit remediation plan what is the MOST important criteria?
Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?
Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?
The amount of risk an organization is willing to accept in pursuit of its mission is known as
Which of the following is a benefit of a risk-based approach to audit planning?
As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?
The patching and monitoring of systems on a consistent schedule is required by?
Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?
You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?
TESTED 23 Nov 2024