New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > ISC > ISC 2 Credentials > CISSP

CISSP Certified Information Systems Security Professional (CISSP) Question and Answers

Question # 4

In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to

production programs?

A.

Modifying source code without approval

B.

Promoting programs to production without approval

C.

Developers checking out source code without approval

D.

Developers using Rapid Application Development (RAD) methodologies without approval

Full Access
Question # 5

Which of the following is the BEST way to reduce the impact of an externally sourced flood attack?

A.

Have the service provider block the soiree address.

B.

Have the soiree service provider block the address.

C.

Block the source address at the firewall.

D.

Block all inbound traffic until the flood ends.

Full Access
Question # 6

From a security perspective, which of the following assumptions MUST be made about input to an

application?

A.

It is tested

B.

It is logged

C.

It is verified

D.

It is untrusted

Full Access
Question # 7

A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.

Which of the following is the GREATEST impact on security for the network?

A.

The network administrators have no knowledge of ICS

B.

The ICS is now accessible from the office network

C.

The ICS does not support the office password policy

D.

RS422 is more reliable than Ethernet

Full Access
Question # 8

Which of the following is the MOST important security goal when performing application interface testing?

A.

Confirm that all platforms are supported and function properly

B.

Evaluate whether systems or components pass data and control correctly to one another

C.

Verify compatibility of software, hardware, and network connections

D.

Examine error conditions related to external interfaces to prevent application details leakage

Full Access
Question # 9

Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?

A.

Memory review

B.

Code review

C.

Message division

D.

Buffer division

Full Access
Question # 10

Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/internet Protocol (TCP/IP) traffic?

A.

Stateful inspection firewall

B.

Application-level firewall

C.

Content-filtering proxy

D.

Packet-filter firewall

Full Access
Question # 11

In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper

connectivity?

A.

Connect the device to another network jack

B.

Apply remediation’s according to security requirements

C.

Apply Operating System (OS) patches

D.

Change the Message Authentication Code (MAC) address of the network interface

Full Access
Question # 12

Which of the following is the MOST efficient mechanism to account for all staff during a speedy nonemergency evacuation from a large security facility?

A.

Large mantrap where groups of individuals leaving are identified using facial recognition technology

B.

Radio Frequency Identification (RFID) sensors worn by each employee scanned by sensors at each exitdoor

C.

Emergency exits with push bars with coordinates at each exit checking off the individual against a

predefined list

D.

Card-activated turnstile where individuals are validated upon exit

Full Access
Question # 13

A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack

targeting its web application, unless ransom is paid. Which of the following techniques BEST addresses that threat?

A.

Deploying load balancers to distribute inbound traffic across multiple data centers

B.

Set Up Web Application Firewalls (WAFs) to filter out malicious traffic

C.

Implementing reverse web-proxies to validate each new inbound connection

D.

Coordinate with and utilize capabilities within Internet Service Provider (ISP)

Full Access
Question # 14

Which security access policy contains fixed security attributes that are used by the system to determine a

user’s access to a file or object?

A.

Mandatory Access Control (MAC)

B.

Access Control List (ACL)

C.

Discretionary Access Control (DAC)

D.

Authorized user control

Full Access
Question # 15

What Is the FIRST step in establishing an information security program?

A.

Establish an information security policy.

B.

Identify factors affecting information security.

C.

Establish baseline security controls.

D.

Identify critical security infrastructure.

Full Access
Question # 16

Which type of test would an organization perform in order to locate and target exploitable defects?

A.

Penetration

B.

System

C.

Performance

D.

Vulnerability

Full Access
Question # 17

A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?

A.

Point-to-Point Protocol (PPP) and Internet Control Message Protocol (ICMP)

B.

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

C.

Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP)

D.

Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

Full Access
Question # 18

What protocol is often used between gateway hosts on the Internet?

A.

Exterior Gateway Protocol (EGP)

B.

Border Gateway Protocol (BGP)

C.

Open Shortest Path First (OSPF)

D.

Internet Control Message Protocol (ICMP)

Full Access
Question # 19

What is the foundation of cryptographic functions?

A.

Encryption

B.

Cipher

C.

Hash

D.

Entropy

Full Access
Question # 20

Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization’s systems?

A.

Standardized configurations for devices

B.

Standardized patch testing equipment

C.

Automated system patching

D.

Management support for patching

Full Access
Question # 21

What is the BEST location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access?

A.

In a dedicated Demilitarized Zone (DMZ)

B.

In its own separate Virtual Local Area Network (VLAN)

C.

At the Internet Service Provider (ISP)

D.

Outside the external firewall

Full Access
Question # 22

What are the steps of a risk assessment?

A.

identification, analysis, evaluation

B.

analysis, evaluation, mitigation

C.

classification, identification, risk management

D.

identification, evaluation, mitigation

Full Access
Question # 23

Which of the following MUST be scalable to address security concerns raised by the integration of third-party

identity services?

A.

Mandatory Access Controls (MAC)

B.

Enterprise security architecture

C.

Enterprise security procedures

D.

Role Based Access Controls (RBAC)

Full Access
Question # 24

Which of the BEST internationally recognized standard for evaluating security products and systems?

A.

Payment Card Industry Data Security Standards (PCI-DSS)

B.

Common Criteria (CC)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Sarbanes-Oxley (SOX)

Full Access
Question # 25

As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

A.

Use a web scanner to scan for vulnerabilities within the website.

B.

Perform a code review to ensure that the database references are properly addressed.

C.

Establish a secure connection to the web server to validate that only the approved ports are open.

D.

Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.

Full Access
Question # 26

When determining who can accept the risk associated with a vulnerability, which of the following is the MOST important?

A.

Countermeasure effectiveness

B.

Type of potential loss

C.

Incident likelihood

D.

Information ownership

Full Access
Question # 27

Which of the following is the MOST common method of memory protection?

A.

Compartmentalization

B.

Segmentation

C.

Error correction

D.

Virtual Local Area Network (VLAN) tagging

Full Access
Question # 28

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Full Access
Question # 29

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Full Access
Question # 30

In which of the following programs is it MOST important to include the collection of security process data?

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Full Access
Question # 31

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Full Access
Question # 32

Which of the following could cause a Denial of Service (DoS) against an authentication system?

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Full Access
Question # 33

Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

A.

Erase

B.

Sanitize

C.

Encrypt

D.

Degauss

Full Access
Question # 34

Who is accountable for the information within an Information System (IS)?

A.

Security manager

B.

System owner

C.

Data owner

D.

Data processor

Full Access
Question # 35

Which of the following is a common characteristic of privacy?

A.

Provision for maintaining an audit trail of access to the private data

B.

Notice to the subject of the existence of a database containing relevant credit card data

C.

Process for the subject to inspect and correct personal data on-site

D.

Database requirements for integration of privacy data

Full Access
Question # 36

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

A.

Continuously without exception for all security controls

B.

Before and after each change of the control

C.

At a rate concurrent with the volatility of the security control

D.

Only during system implementation and decommissioning

Full Access
Question # 37

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

A.

Disable all unnecessary services

B.

Ensure chain of custody

C.

Prepare another backup of the system

D.

Isolate the system from the network

Full Access
Question # 38

Which of the following is a PRIMARY advantage of using a third-party identity service?

A.

Consolidation of multiple providers

B.

Directory synchronization

C.

Web based logon

D.

Automated account management

Full Access
Question # 39

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?

A.

Warm site

B.

Hot site

C.

Mirror site

D.

Cold site

Full Access
Question # 40

Which of the following is the FIRST step in the incident response process?

A.

Determine the cause of the incident

B.

Disconnect the system involved from the network

C.

Isolate and contain the system involved

D.

Investigate all symptoms to confirm the incident

Full Access
Question # 41

A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

A.

Guaranteed recovery of all business functions

B.

Minimization of the need decision making during a crisis

C.

Insurance against litigation following a disaster

D.

Protection from loss of organization resources

Full Access
Question # 42

A continuous information security-monitoring program can BEST reduce risk through which of the following?

A.

Collecting security events and correlating them to identify anomalies

B.

Facilitating system-wide visibility into the activities of critical user accounts

C.

Encompassing people, process, and technology

D.

Logging both scheduled and unscheduled system changes

Full Access
Question # 43

When is a Business Continuity Plan (BCP) considered to be valid?

A.

When it has been validated by the Business Continuity (BC) manager

B.

When it has been validated by the board of directors

C.

When it has been validated by all threat scenarios

D.

When it has been validated by realistic exercises

Full Access
Question # 44

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

A.

Walkthrough

B.

Simulation

C.

Parallel

D.

White box

Full Access
Question # 45

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

A.

Hardware and software compatibility issues

B.

Applications’ critically and downtime tolerance

C.

Budget constraints and requirements

D.

Cost/benefit analysis and business objectives

Full Access
Question # 46

What is the PRIMARY reason for implementing change management?

A.

Certify and approve releases to the environment

B.

Provide version rollbacks for system changes

C.

Ensure that all applications are approved

D.

Ensure accountability for changes to the environment

Full Access
Question # 47

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

A.

Absence of a Business Intelligence (BI) solution

B.

Inadequate cost modeling

C.

Improper deployment of the Service-Oriented Architecture (SOA)

D.

Insufficient Service Level Agreement (SLA)

Full Access
Question # 48

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

A.

Take the computer to a forensic lab

B.

Make a copy of the hard drive

C.

Start documenting

D.

Turn off the computer

Full Access
Question # 49

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

Full Access
Question # 50

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Full Access
Question # 51

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Full Access
Question # 52

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Full Access
Question # 53

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Full Access
Question # 54

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

A.

After the system preliminary design has been developed and the data security categorization has been performed

B.

After the vulnerability analysis has been performed and before the system detailed design begins

C.

After the system preliminary design has been developed and before the data security categorization begins

D.

After the business functional analysis and the data security categorization have been performed

Full Access
Question # 55

What is the BEST approach to addressing security issues in legacy web applications?

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

Full Access
Question # 56

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches

Full Access
Question # 57

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

Full Access
Question # 58

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Full Access
Question # 59

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

Full Access
Question # 60

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

A.

Transport layer

B.

Application layer

C.

Network layer

D.

Session layer

Full Access
Question # 61

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

A.

WEP uses a small range Initialization Vector (IV)

B.

WEP uses Message Digest 5 (MD5)

C.

WEP uses Diffie-Hellman

D.

WEP does not use any Initialization Vector (IV)

Full Access
Question # 62

What is the purpose of an Internet Protocol (IP) spoofing attack?

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Full Access
Question # 63

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

A.

Link layer

B.

Physical layer

C.

Session layer

D.

Application layer

Full Access
Question # 64

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

Full Access
Question # 65

Which of the following is the MOST crucial for a successful audit plan?

A.

Defining the scope of the audit to be performed

B.

Identifying the security controls to be implemented

C.

Working with the system owner on new controls

D.

Acquiring evidence of systems that are not compliant

Full Access
Question # 66

Which item below is a federated identity standard?

A.

802.11i

B.

Kerberos

C.

Lightweight Directory Access Protocol (LDAP)

D.

Security Assertion Markup Language (SAML)

Full Access
Question # 67

When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?

A.

Perform a service provider PCI-DSS assessment on a yearly basis.

B.

Validate the service provider's PCI-DSS compliance status on a regular basis.

C.

Validate that the service providers security policies are in alignment with those of the organization.

D.

Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis.

Full Access
Question # 68

When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints.

A.

Temporal Key Integrity Protocol (TKIP)

B.

Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK)

C.

Wi-Fi Protected Access 2 (WPA2) Enterprise

D.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Full Access
Question # 69

What does secure authentication with logging provide?

A.

Data integrity

B.

Access accountability

C.

Encryption logging format

D.

Segregation of duties

Full Access
Question # 70

Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

A.

Application monitoring procedures

B.

Configuration control procedures

C.

Security audit procedures

D.

Software patching procedures

Full Access
Question # 71

The use of private and public encryption keys is fundamental in the implementation of which of the following?

A.

Diffie-Hellman algorithm

B.

Secure Sockets Layer (SSL)

C.

Advanced Encryption Standard (AES)

D.

Message Digest 5 (MD5)

Full Access
Question # 72

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

A.

Hashing the data before encryption

B.

Hashing the data after encryption

C.

Compressing the data after encryption

D.

Compressing the data before encryption

Full Access
Question # 73

Which of the following mobile code security models relies only on trust?

A.

Code signing

B.

Class authentication

C.

Sandboxing

D.

Type safety

Full Access
Question # 74

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

A.

Implementation Phase

B.

Initialization Phase

C.

Cancellation Phase

D.

Issued Phase

Full Access
Question # 75

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

A.

Common Vulnerabilities and Exposures (CVE)

B.

Common Vulnerability Scoring System (CVSS)

C.

Asset Reporting Format (ARF)

D.

Open Vulnerability and Assessment Language (OVAL)

Full Access
Question # 76

Who in the organization is accountable for classification of data information assets?

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Full Access
Question # 77

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Full Access
Question # 78

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

Full Access
Question # 79

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

A.

Audit logs

B.

Role-Based Access Control (RBAC)

C.

Two-factor authentication

D.

Application of least privilege

Full Access
Question # 80

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

A.

Derived credential

B.

Temporary security credential

C.

Mobile device credentialing service

D.

Digest authentication

Full Access
Question # 81

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

A.

Limit access to predefined queries

B.

Segregate the database into a small number of partitions each with a separate security level

C.

Implement Role Based Access Control (RBAC)

D.

Reduce the number of people who have access to the system for statistical purposes

Full Access
Question # 82

What BEST describes the confidentiality, integrity, availability triad?

A.

A tool used to assist in understanding how to protect the organization's data

B.

The three-step approach to determine the risk level of an organization

C.

The implementation of security systems to protect the organization's data

D.

A vulnerability assessment to see how well the organization's data is protected

Full Access
Question # 83

A breach investigation …… a website was exploited through an open soured …..Is The FIRB Stan In the Process that could have prevented this breach?

A.

Application whitelisting

B.

Web application firewall (WAF)

C.

Vulnerability remediation

D.

Software inventory

Full Access
Question # 84

A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security Officer (CISO) says that the cloud provider has met all regulations requirements and even provides its own encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation?

A.

No, because the encryption solution is internal to the cloud provider.

B.

Yes, because the cloud provider meets all regulations requirements.

C.

Yes, because the cloud provider is GDPR compliant.

D.

No, because the cloud provider is not certified to host government data.

Full Access
Question # 85

An organization has a short-term agreement with a public Cloud Service Provider

(CSP). Which of the following BEST protects sensitive data once the agreement

expires and the assets are reused?

A.

Recommended that the business data owners use continuous monitoring and analysis of applications to prevent data loss.

B.

Recommend that the business data owners use internal encryption keys for data-at-rest and data-in-transit to the storage environment.

C.

Use a contractual agreement to ensure the CSP wipes the data from the storage environment.

D.

Use a National Institute of Standards and Technology (NIST) recommendation for wiping data on the storage environment.

Full Access
Question # 86
A.

Verify the camera's log for recent logins outside of the Internet Technology (IT) department.

B.

Verify the security and encryption protocol the camera uses.

C.

Verify the security camera requires authentication to log into the management console.

D.

Verify the most recent firmware version is installed on the camera.

Full Access
Question # 87

While reviewing the financial reporting risks of a third-party application, which of the following Service Organization Control (SOC) reports will be the MOST useful?

A.

ISIsOC 1

B.

SOC 2

C.

SOC 3

D.

SOC for cybersecurity

Full Access
Question # 88

How long should the records on a project be retained?

A.

For the duration of the project, or at the discretion of the record owner

B.

Until they are no longer useful or required by policy

C.

Until five years after the project ends, then move to archives

D.

For the duration of the organization fiscal year

Full Access
Question # 89

Which of the following BEST provides for non-repudiation od user account actions?

A.

Centralized authentication system

B.

File auditing system

C.

Managed Intrusion Detection System (IDS)

D.

Centralized logging system

Full Access
Question # 90

A small office is running WiFi 4 APs, and neighboring offices do not want to increase the throughput to associated devices. Which of the following is the MOST cost-efficient way for the office to increase network performance?

A.

Add another AP.

B.

Disable the 2.4GHz radios

C.

Enable channel bonding.

D.

Upgrade to WiFi 5.

Full Access
Question # 91

Which of the following is security control volatility?

A.

A reference to the stability of the security control.

B.

A reference to how unpredictable the security control is.

C.

A reference to the impact of the security control.

D.

A reference to the likelihood of change in the security control.

Full Access
Question # 92

An organization that has achieved a Capability Maturity model Integration (CMMI) level of 4 has done which of the following?

A.

Addressed continuous innovative process improvement

B.

Addressed the causes of common process variance

C.

Achieved optimized process performance

D.

Achieved predictable process performance

Full Access
Question # 93

When a system changes significantly, who is PRIMARILY responsible for assessing the security impact?

A.

Chief Information Security Officer (CISO)

B.

Information System Owner

C.

Information System Security Officer (ISSO)

D.

Authorizing Official

Full Access
Question # 94

A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is MOST likely to achieve this goal?

A.

Statically typed

B.

Weakly typed

C.

Strongly typed

D.

Dynamically typed

Full Access
Question # 95

Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation?

A.

The criteria for measuring risk is defined.

B.

User populations to be assigned to each role is determined.

C.

Role mining to define common access patterns is performed.

D.

The foundational criteria are defined.

Full Access
Question # 96

The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?

A.

Data loss protection (DLP)

B.

Intrusion detection

C.

Vulnerability scanner

D.

Information Technology Asset Management (ITAM)

Full Access
Question # 97

Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following attacks?

A.

SQL injection (SQLi)

B.

Man-in-the-middle (MITM)

C.

Cross-Site Scripting (XSS)

D.

Heap overflow

Full Access
Question # 98

Which is the MOST effective countermeasure to prevent electromagnetic emanations on unshielded data cable?

A.

Move cable are away from exterior facing windows

B.

Encase exposed cable runs in metal conduit

C.

Enable Power over Ethernet (PoE) to increase voltage

D.

Bundle exposed cables together to disguise their signals

Full Access
Question # 99

If an employee transfers from one role to another, which of the following actions should this trigger within the identity and access management (IAM) lifecycle?

A.

New account creation

B.

User access review and adjustment

C.

Deprovisioning

D.

System account access review and adjustment

Full Access
Question # 100

Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee records?

A.

Discretionary access control (DAC)

B.

Mandatory access control (MAC)

C.

Role-based access control (RBAC)

D.

Attribute-based access control (ABAC)

Full Access
Question # 101

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the

MOST challenging aspect of this investigation?

A.

SCADA network latency

B.

Group policy implementation

C.

Volatility of data

D.

Physical access to the system

Full Access
Question # 102

Which of the following attacks is dependent upon the compromise of a secondary target in order to reach the primary target?

A.

Watering hole

B.

Brute force

C.

Spear phishing

D.

Address Resolution Protocol (ARP) poisoning

Full Access
Question # 103

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS).

Which of the following factors leads the company to choose an IDaaS as their solution?

A.

In-house development provides more control.

B.

In-house team lacks resources to support an on-premise solution.

C.

Third-party solutions are inherently more secure.

D.

Third-party solutions are known for transferring the risk to the vendor.

Full Access
Question # 104

A hospital’s building controls system monitors and operates the environmental equipment to maintain a safe and comfortable environment. Which of the following could be used to minimize the risk of utility supply interruption?

A.

Digital devices that can turn equipment off and continuously cycle rapidly in order to increase supplies and conceal activity on the hospital network

B.

Standardized building controls system software with high connectivity to hospital networks

C.

Lock out maintenance personnel from the building controls system access that can impact critical utility supplies

D.

Digital protection and control devices capable of minimizing the adverse impact to critical utility

Full Access
Question # 105

What is the FINAL step in the waterfall method for contingency planning?

A.

Maintenance

B.

Testing

C.

Implementation

D.

Training

Full Access
Question # 106

A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in place. Which is the MOST suitable approach that the administrator should take?

A.

Administrator should request data owner approval to the user access

B.

Administrator should request manager approval for the user access

C.

Administrator should directly grant the access to the non-sensitive files

D.

Administrator should assess the user access need and either grant or deny the access

Full Access
Question # 107

Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

A.

Application interface entry and endpoints

B.

The likelihood and impact of a vulnerability

C.

Countermeasures and mitigations for vulnerabilities

D.

A data flow diagram for the application and attack surface analysis

Full Access
Question # 108

A vulnerability in which of the following components would be MOST difficult to detect?

A.

Kernel

B.

Shared libraries

C.

Hardware

D.

System application

Full Access
Question # 109

When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?

A.

Into the options field

B.

Between the delivery header and payload

C.

Between the source and destination addresses

D.

Into the destination address

Full Access
Question # 110

Which of the following describes the BEST configuration management practice?

A.

After installing a new system, the configuration files are copied to a separate back-up system and hashed to detect tampering.

B.

After installing a new system, the configuration files are copied to an air-gapped system and hashed to detect tampering.

C.

The firewall rules are backed up to an air-gapped system.

D.

A baseline configuration is created and maintained for all relevant systems.

Full Access
Question # 111

To protect auditable information, which of the following MUST be configured to only allow read access?

A.

Logging configurations

B.

Transaction log files

C.

User account configurations

D.

Access control lists (ACL)

Full Access
Question # 112

After acquiring the latest security updates, what must be done before deploying to production systems?

A.

Use tools to detect missing system patches

B.

Install the patches on a test system

C.

Subscribe to notifications for vulnerabilities

D.

Assess the severity of the situation

Full Access
Question # 113

A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?

A.

Confidentiality

B.

Integrity

C.

Availability

D.

Accessibility

Full Access
Question # 114

A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually?

A.

Asset Management, Business Environment, Governance and Risk Assessment

B.

Access Control, Awareness and Training, Data Security and Maintenance

C.

Anomalies and Events, Security Continuous Monitoring and Detection Processes

D.

Recovery Planning, Improvements and Communications

Full Access
Question # 115

What is the GREATEST challenge to identifying data leaks?

A.

Available technical tools that enable user activity monitoring.

B.

Documented asset classification policy and clear labeling of assets.

C.

Senior management cooperation in investigating suspicious behavior.

D.

Law enforcement participation to apprehend and interrogate suspects.

Full Access
Question # 116

Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?

A.

Concept, Development, Production, Utilization, Support, Retirement

B.

Stakeholder Requirements Definition, Architectural Design, Implementation, Verification, Operation

C.

Acquisition, Measurement, Configuration Management, Production, Operation, Support

D.

Concept, Requirements, Design, Implementation, Production, Maintenance, Support, Disposal

Full Access
Question # 117

Which of the following is the MOST important goal of information asset valuation?

A.

Developing a consistent and uniform method of controlling access on information assets

B.

Developing appropriate access control policies and guidelines

C.

Assigning a financial value to an organization’s information assets

D.

Determining the appropriate level of protection

Full Access
Question # 118

Are companies legally required to report all data breaches?

A.

No, different jurisdictions have different rules.

B.

No, not if the data is encrypted.

C.

No, companies' codes of ethics don't require it.

D.

No, only if the breach had a material impact.

Full Access
Question # 119

Secure Sockets Layer (SSL) encryption protects

A.

data at rest.

B.

the source IP address.

C.

data transmitted.

D.

data availability.

Full Access
Question # 120

When planning a penetration test, the tester will be MOST interested in which information?

A.

Places to install back doors

B.

The main network access points

C.

Job application handouts and tours

D.

Exploits that can attack weaknesses

Full Access
Question # 121

Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

A.

VPN bandwidth

B.

Simultaneous connection to other networks

C.

Users with Internet Protocol (IP) addressing conflicts

D.

Remote users with administrative rights

Full Access
Question # 122

Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?

A.

Delayed revocation or destruction of credentials

B.

Modification of Certificate Revocation List

C.

Unauthorized renewal or re-issuance

D.

Token use after decommissioning

Full Access
Question # 123

A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

A.

Assess vulnerability risk and program effectiveness.

B.

Assess vulnerability risk and business impact.

C.

Disconnect all systems with critical vulnerabilities.

D.

Disconnect systems with the most number of vulnerabilities.

Full Access
Question # 124

A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

A.

Ignore the request and do not perform the change.

B.

Perform the change as requested, and rely on the next audit to detect and report the situation.

C.

Perform the change, but create a change ticket regardless to ensure there is complete traceability.

D.

Inform the audit committee or internal audit directly using the corporate whistleblower process.

Full Access
Question # 125

Which of the following secures web transactions at the Transport Layer?

A.

Secure HyperText Transfer Protocol (S-HTTP)

B.

Secure Sockets Layer (SSL)

C.

Socket Security (SOCKS)

D.

Secure Shell (SSH)

Full Access
Question # 126

Which methodology is recommended for penetration testing to be effective in the development phase of the life-cycle process?

A.

White-box testing

B.

Software fuzz testing

C.

Black-box testing

D.

Visual testing

Full Access
Question # 127

Which of the following explains why record destruction requirements are included in a data retention policy?

A.

To comply with legal and business requirements

B.

To save cost for storage and backup

C.

To meet destruction guidelines

D.

To validate data ownership

Full Access
Question # 128

In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of

A.

systems integration.

B.

risk management.

C.

quality assurance.

D.

change management.

Full Access
Question # 129

Which of the following would BEST describe the role directly responsible for data within an organization?

A.

Data custodian

B.

Information owner

C.

Database administrator

D.

Quality control

Full Access
Question # 130

From a cryptographic perspective, the service of non-repudiation includes which of the following features?

A.

Validity of digital certificates

B.

Validity of the authorization rules

C.

Proof of authenticity of the message

D.

Proof of integrity of the message

Full Access
Question # 131

Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined?

A.

International Organization for Standardization (ISO) 27000 family

B.

Information Technology Infrastructure Library (ITIL)

C.

Payment Card Industry Data Security Standard (PCIDSS)

D.

ISO/IEC 20000

Full Access
Question # 132

Which of the following BEST describes a chosen plaintext attack?

A.

The cryptanalyst can generate ciphertext from arbitrary text.

B.

The cryptanalyst examines the communication being sent back and forth.

C.

The cryptanalyst can choose the key and algorithm to mount the attack.

D.

The cryptanalyst is presented with the ciphertext from which the original message is determined.

Full Access
Question # 133

Discretionary Access Control (DAC) restricts access according to

A.

data classification labeling.

B.

page views within an application.

C.

authorizations granted to the user.

D.

management accreditation.

Full Access
Question # 134

An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?

A.

Acceptance of risk by the authorizing official

B.

Remediation of vulnerabilities

C.

Adoption of standardized policies and procedures

D.

Approval of the System Security Plan (SSP)

Full Access
Question # 135

Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

A.

Data Custodian

B.

Data Owner

C.

Data Creator

D.

Data User

Full Access
Question # 136

If compromised, which of the following would lead to the exploitation of multiple virtual machines?

A.

Virtual device drivers

B.

Virtual machine monitor

C.

Virtual machine instance

D.

Virtual machine file system

Full Access
Question # 137

Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?

A.

Security control baselines, access controls, employee awareness and training

B.

Human resources, asset management, production management

C.

Supply chain lead-time, inventory control, and encryption

D.

Polygraphs, crime statistics, forensics

Full Access
Question # 138

Which of the following BEST describes the purpose of performing security certification?

A.

To identify system threats, vulnerabilities, and acceptable level of risk

B.

To formalize the confirmation of compliance to security policies and standards

C.

To formalize the confirmation of completed risk mitigation and risk analysis

D.

To verify that system architecture and interconnections with other systems are effectively implemented

Full Access
Question # 139

An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?

A.

Third-party vendor with access to the system

B.

System administrator access compromised

C.

Internal attacker with access to the system

D.

Internal user accidentally accessing data

Full Access
Question # 140

Which of the following controls is the FIRST step in protecting privacy in an information system?

A.

Data Redaction

B.

Data Minimization

C.

Data Encryption

D.

Data Storage

Full Access
Question # 141

Internet Protocol (IP) source address spoofing is used to defeat

A.

address-based authentication.

B.

Address Resolution Protocol (ARP).

C.

Reverse Address Resolution Protocol (RARP).

D.

Transmission Control Protocol (TCP) hijacking.

Full Access
Question # 142

Which of the following would be the FIRST step to take when implementing a patch management program?

A.

Perform automatic deployment of patches.

B.

Monitor for vulnerabilities and threats.

C.

Prioritize vulnerability remediation.

D.

Create a system inventory.

Full Access
Question # 143

Copyright provides protection for which of the following?

A.

Ideas expressed in literary works

B.

A particular expression of an idea

C.

New and non-obvious inventions

D.

Discoveries of natural phenomena

Full Access
Question # 144

An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?

A.

Provide the encrypted passwords and analysis tools to the auditor for analysis.

B.

Analyze the encrypted passwords for the auditor and show them the results.

C.

Demonstrate that non-compliant passwords cannot be created in the system.

D.

Demonstrate that non-compliant passwords cannot be encrypted in the system.

Full Access
Question # 145

Which one of the following describes granularity?

A.

Maximum number of entries available in an Access Control List (ACL)

B.

Fineness to which a trusted system can authenticate users

C.

Number of violations divided by the number of total accesses

D.

Fineness to which an access control system can be adjusted

Full Access
Question # 146

Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?

A.

Hot site

B.

Cold site

C.

Warm site

D.

Mobile site

Full Access
Question # 147

Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?

A.

Role Based Access Control (RBAC)

B.

Biometric access control

C.

Federated Identity Management (IdM)

D.

Application hardening

Full Access
Question # 148

Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

A.

Challenge Handshake Authentication Protocol (CHAP)

B.

Point-to-Point Protocol (PPP)

C.

Extensible Authentication Protocol (EAP)

D.

Password Authentication Protocol (PAP)

Full Access
Question # 149

The birthday attack is MOST effective against which one of the following cipher technologies?

A.

Chaining block encryption

B.

Asymmetric cryptography

C.

Cryptographic hash

D.

Streaming cryptography

Full Access
Question # 150

What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?

A.

Physical access to the electronic hardware

B.

Regularly scheduled maintenance process

C.

Availability of the network connection

D.

Processing delays

Full Access
Question # 151

When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and

A.

flexible.

B.

confidential.

C.

focused.

D.

achievable.

Full Access
Question # 152

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

A.

Interface with the Public Key Infrastructure (PKI)

B.

Improve the quality of security software

C.

Prevent Denial of Service (DoS) attacks

D.

Establish a secure initial state

Full Access
Question # 153

During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?

A.

A review of hiring policies and methods of verification of new employees

B.

A review of all departmental procedures

C.

A review of all training procedures to be undertaken

D.

A review of all systems by an experienced administrator

Full Access
Question # 154

Why MUST a Kerberos server be well protected from unauthorized access?

A.

It contains the keys of all clients.

B.

It always operates at root privilege.

C.

It contains all the tickets for services.

D.

It contains the Internet Protocol (IP) address of all network entities.

Full Access
Question # 155

Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?

A.

Determining the probability that the system functions safely during any time period

B.

Quantifying the system's available services

C.

Identifying the number of security flaws within the system

D.

Measuring the system's integrity in the presence of failure

Full Access
Question # 156

A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?

A.

Trojan horse

B.

Denial of Service (DoS)

C.

Spoofing

D.

Man-in-the-Middle (MITM)

Full Access
Question # 157

A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

A.

The organization's current security policies concerning privacy issues

B.

Privacy-related regulations enforced by governing bodies applicable to the organization

C.

Privacy best practices published by recognized security standards organizations

D.

Organizational procedures designed to protect privacy information

Full Access
Question # 158

An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to

A.

encrypt the contents of the repository and document any exceptions to that requirement.

B.

utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.

C.

keep individuals with access to high security areas from saving those documents into lower security areas.

D.

require individuals with access to the system to sign Non-Disclosure Agreements (NDA).

Full Access
Question # 159

Which of the following is the best practice for testing a Business Continuity Plan (BCP)?

A.

Test before the IT Audit

B.

Test when environment changes

C.

Test after installation of security patches

D.

Test after implementation of system patches

Full Access
Question # 160

Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

A.

False Acceptance Rate (FAR)

B.

False Rejection Rate (FRR)

C.

Crossover Error Rate (CER)

D.

Rejection Error Rate

Full Access
Question # 161

The stringency of an Information Technology (IT) security assessment will be determined by the

A.

system's past security record.

B.

size of the system's database.

C.

sensitivity of the system's datA.

D.

age of the system.

Full Access
Question # 162

Which of the following statements is TRUE for point-to-point microwave transmissions?

A.

They are not subject to interception due to encryption.

B.

Interception only depends on signal strength.

C.

They are too highly multiplexed for meaningful interception.

D.

They are subject to interception by an antenna within proximity.

Full Access
Question # 163

What principle requires that changes to the plaintext affect many parts of the ciphertext?

A.

Diffusion

B.

Encapsulation

C.

Obfuscation

D.

Permutation

Full Access
Question # 164

Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

A.

Data compression

B.

Data classification

C.

Data warehousing

D.

Data validation

Full Access
Question # 165

Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

A.

It uses a Subscriber Identity Module (SIM) for authentication.

B.

It uses encrypting techniques for all communications.

C.

The radio spectrum is divided with multiple frequency carriers.

D.

The signal is difficult to read as it provides end-to-end encryption.

Full Access
Question # 166

Which of the following is considered best practice for preventing e-mail spoofing?

A.

Spam filtering

B.

Cryptographic signature

C.

Uniform Resource Locator (URL) filtering

D.

Reverse Domain Name Service (DNS) lookup

Full Access
Question # 167

Which security action should be taken FIRST when computer personnel are terminated from their jobs?

A.

Remove their computer access

B.

Require them to turn in their badge

C.

Conduct an exit interview

D.

Reduce their physical access level to the facility

Full Access
Question # 168

The type of authorized interactions a subject can have with an object is

A.

control.

B.

permission.

C.

procedure.

D.

protocol.

Full Access
Question # 169

The three PRIMARY requirements for a penetration test are

A.

A defined goal, limited time period, and approval of management

B.

A general objective, unlimited time, and approval of the network administrator

C.

An objective statement, disclosed methodology, and fixed cost

D.

A stated objective, liability waiver, and disclosed methodology

Full Access
Question # 170

The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide

A.

data integrity.

B.

defense in depth.

C.

data availability.

D.

non-repudiation.

Full Access
Question # 171

As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to

A.

overcome the problems of key assignments.

B.

monitor the opening of windows and doors.

C.

trigger alarms when intruders are detected.

D.

lock down a facility during an emergency.

Full Access
Question # 172

Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?

A.

Vulnerability to crime

B.

Adjacent buildings and businesses

C.

Proximity to an airline flight path

D.

Vulnerability to natural disasters

Full Access
Question # 173

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

A.

confidentiality of the traffic is protected.

B.

opportunity to sniff network traffic exists.

C.

opportunity for device identity spoofing is eliminated.

D.

storage devices are protected against availability attacks.

Full Access
Question # 174

The PRIMARY purpose of a security awareness program is to

A.

ensure that everyone understands the organization's policies and procedures.

B.

communicate that access to information will be granted on a need-to-know basis.

C.

warn all users that access to all systems will be monitored on a daily basis.

D.

comply with regulations related to data and information protection.

Full Access
Question # 175

Which of the following statements is TRUE of black box testing?

A.

Only the functional specifications are known to the test planner.

B.

Only the source code and the design documents are known to the test planner.

C.

Only the source code and functional specifications are known to the test planner.

D.

Only the design documents and the functional specifications are known to the test planner.

Full Access
Question # 176

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

A.

Install mantraps at the building entrances

B.

Enclose the personnel entry area with polycarbonate plastic

C.

Supply a duress alarm for personnel exposed to the public

D.

Hire a guard to protect the public area

Full Access
Question # 177

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

A.

Examine the device for physical tampering

B.

Implement more stringent baseline configurations

C.

Purge or re-image the hard disk drive

D.

Change access codes

Full Access
Question # 178

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

A.

Ensure the fire prevention and detection systems are sufficient to protect personnel

B.

Review the architectural plans to determine how many emergency exits are present

C.

Conduct a gap analysis of a new facilities against existing security requirements

D.

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Full Access
Question # 179

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Full Access
Question # 180

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

A.

Application

B.

Storage

C.

Power

D.

Network

Full Access
Question # 181

Intellectual property rights are PRIMARY concerned with which of the following?

A.

Owner’s ability to realize financial gain

B.

Owner’s ability to maintain copyright

C.

Right of the owner to enjoy their creation

D.

Right of the owner to control delivery method

Full Access
Question # 182

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

A.

Development, testing, and deployment

B.

Prevention, detection, and remediation

C.

People, technology, and operations

D.

Certification, accreditation, and monitoring

Full Access
Question # 183

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

A.

Only when assets are clearly defined

B.

Only when standards are defined

C.

Only when controls are put in place

D.

Only procedures are defined

Full Access
Question # 184

Which of the following represents the GREATEST risk to data confidentiality?

A.

Network redundancies are not implemented

B.

Security awareness training is not completed

C.

Backup tapes are generated unencrypted

D.

Users have administrative privileges

Full Access
Question # 185

Which of the following BEST describes the responsibilities of a data owner?

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Full Access
Question # 186

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Full Access
Question # 187

Which one of the following affects the classification of data?

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Full Access
Question # 188

In a data classification scheme, the data is owned by the

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Full Access
Question # 189

Which of the following is MOST important when assigning ownership of an asset to a department?

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Full Access
Question # 190

Which of the following is an initial consideration when developing an information security management system?

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Full Access
Question # 191

When implementing a data classification program, why is it important to avoid too much granularity?

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Full Access
Question # 192

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Full Access