New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ISC CISSP Certified Information Systems Security Professional (CISSP) Exam Practice Test

Demo: 200 questions
Total 1486 questions

Certified Information Systems Security Professional (CISSP) Questions and Answers

Question 1

When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?

Options:

A.

Into the options field

B.

Between the delivery header and payload

C.

Between the source and destination addresses

D.

Into the destination address

Question 2

Software Code signing is used as a method of verifying what security concept?

Options:

A.

Integrity

B.

Confidentiality

C.

Availability

D.

Access Control

Question 3

Which of the following is a remote access protocol that uses a static authentication?

Options:

A.

Point-to-Point Tunneling Protocol (PPTP)

B.

Routing Information Protocol (RIP)

C.

Password Authentication Protocol (PAP)

D.

Challenge Handshake Authentication Protocol (CHAP)

Question 4

Which of the following is MOST important when deploying digital certificates?

Options:

A.

Validate compliance with X.509 digital certificate standards

B.

Establish a certificate life cycle management framework

C.

Use a third-party Certificate Authority (CA)

D.

Use no less than 256-bit strength encryption when creating a certificate

Question 5

Which of the following analyses is performed to protect information assets?

Options:

A.

Business impact analysis

B.

Feasibility analysis

C.

Cost benefit analysis

D.

Data analysis

Question 6

A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Match the functional testing techniques on the left with the correct input parameters on the right.

Options:

Question 7

Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

Options:

A.

Data Custodian

B.

Data Owner

C.

Data Creator

D.

Data User

Question 8

How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)?

Options:

A.

Encrypts and optionally authenticates the IP header, but not the IP payload

B.

Encrypts and optionally authenticates the IP payload, but not the IP header

C.

Authenticates the IP payload and selected portions of the IP header

D.

Encrypts and optionally authenticates the complete IP packet

Question 9

The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

Options:

A.

require an update of the Protection Profile (PP).

B.

require recertification.

C.

retain its current EAL rating.

D.

reduce the product to EAL 3.

Question 10

Which of the following BEST represents the concept of least privilege?

Options:

A.

Access to an object is denied unless access is specifically allowed.

B.

Access to an object is only available to the owner.

C.

Access to an object is allowed unless it is protected by the information security policy.

D.

Access to an object is only allowed to authenticated users via an Access Control List (ACL).

Question 11

What does an organization FIRST review to assure compliance with privacy requirements?

Options:

A.

Best practices

B.

Business objectives

C.

Legal and regulatory mandates

D.

Employee's compliance to policies and standards

Question 12

Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

Options:

A.

Insecure implementation of Application Programming Interfaces (API)

B.

Improper use and storage of management keys

C.

Misconfiguration of infrastructure allowing for unauthorized access

D.

Vulnerabilities within protocols that can expose confidential data

Question 13

Which of the following has the GREATEST impact on an organization's security posture?

Options:

A.

International and country-specific compliance requirements

B.

Security violations by employees and contractors

C.

Resource constraints due to increasing costs of supporting security

D.

Audit findings related to employee access and permissions process

Question 14

How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?

Options:

A.

Use an impact-based approach.

B.

Use a risk-based approach.

C.

Use a criticality-based approach.

D.

Use a threat-based approach.

Question 15

Which of the following methods can be used to achieve confidentiality and integrity for data in transit?

Options:

A.

Multiprotocol Label Switching (MPLS)

B.

Internet Protocol Security (IPSec)

C.

Federated identity management

D.

Multi-factor authentication

Question 16

A Simple Power Analysis (SPA) attack against a device directly observes which of the following?

Options:

A.

Static discharge

B.

Consumption

C.

Generation

D.

Magnetism

Question 17

What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)?

Options:

A.

Management support

B.

Consideration of organizational need

C.

Technology used for delivery

D.

Target audience

Question 18

The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?

Options:

A.

Service Level Agreement (SLA)

B.

Business Continuity Plan (BCP)

C.

Business Impact Analysis (BIA)

D.

Crisis management plan

Question 19

An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?

Options:

A.

Third-party vendor with access to the system

B.

System administrator access compromised

C.

Internal attacker with access to the system

D.

Internal user accidentally accessing data

Question 20

A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.

Which of the following is the BEST location?

Options:

A.

On the top floor

B.

In the basement

C.

In the core of the building

D.

In an exterior room with windows

Question 21

Which of the following BEST describes a rogue Access Point (AP)?

Options:

A.

An AP that is not protected by a firewall

B.

An AP not configured to use Wired Equivalent Privacy (WEP) with Triple Data Encryption Algorithm (3DES)

C.

An AP connected to the wired infrastructure but not under the management of authorized network administrators

D.

An AP infected by any kind of Trojan or Malware

Question 22

In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of

Options:

A.

systems integration.

B.

risk management.

C.

quality assurance.

D.

change management.

Question 23

Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?

Options:

A.

Concept, Development, Production, Utilization, Support, Retirement

B.

Stakeholder Requirements Definition, Architectural Design, Implementation, Verification, Operation

C.

Acquisition, Measurement, Configuration Management, Production, Operation, Support

D.

Concept, Requirements, Design, Implementation, Production, Maintenance, Support, Disposal

Question 24

Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment?

Options:

A.

Lightweight Directory Access Protocol (LDAP)

B.

Security Assertion Markup Language (SAML)

C.

Internet Mail Access Protocol

D.

Transport Layer Security (TLS)

Question 25

In the network design below, where is the MOST secure Local Area Network (LAN) segment to deploy a Wireless Access Point (WAP) that provides contractors access to the Internet and authorized enterprise services?

Options:

Question 26

A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

Options:

A.

Assess vulnerability risk and program effectiveness.

B.

Assess vulnerability risk and business impact.

C.

Disconnect all systems with critical vulnerabilities.

D.

Disconnect systems with the most number of vulnerabilities.

Question 27

What is the difference between media marking and media labeling?

Options:

A.

Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures.

B.

Media labeling refers to the use of human-readable security attributes, while media marking refers to the use of security attributes in internal data structures.

C.

Media labeling refers to security attributes required by public policy/law, while media marking refers to security required by internal organizational policy.

D.

Media marking refers to security attributes required by public policy/law, while media labeling refers to security attributes required by internal organizational policy.

Question 28

Which methodology is recommended for penetration testing to be effective in the development phase of the life-cycle process?

Options:

A.

White-box testing

B.

Software fuzz testing

C.

Black-box testing

D.

Visual testing

Question 29

What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

Options:

A.

Integrity

B.

Confidentiality

C.

Accountability

D.

Availability

Question 30

Which of the following is a reason to use manual patch installation instead of automated patch management?

Options:

A.

The cost required to install patches will be reduced.

B.

The time during which systems will remain vulnerable to an exploit will be decreased.

C.

The likelihood of system or application incompatibilities will be decreased.

D.

The ability to cover large geographic areas is increased.

Question 31

The MAIN reason an organization conducts a security authorization process is to

Options:

A.

force the organization to make conscious risk decisions.

B.

assure the effectiveness of security controls.

C.

assure the correct security organization exists.

D.

force the organization to enlist management support.

Question 32

Which of the following is a function of Security Assertion Markup Language (SAML)?

Options:

A.

File allocation

B.

Redundancy check

C.

Extended validation

D.

Policy enforcement

Question 33

The PRIMARY security concern for handheld devices is the

Options:

A.

strength of the encryption algorithm.

B.

spread of malware during synchronization.

C.

ability to bypass the authentication mechanism.

D.

strength of the Personal Identification Number (PIN).

Question 34

Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

Options:

A.

Length of Initialization Vector (IV)

B.

Protection against message replay

C.

Detection of message tampering

D.

Built-in provision to rotate keys

Question 35

What is the GREATEST challenge to identifying data leaks?

Options:

A.

Available technical tools that enable user activity monitoring.

B.

Documented asset classification policy and clear labeling of assets.

C.

Senior management cooperation in investigating suspicious behavior.

D.

Law enforcement participation to apprehend and interrogate suspects.

Question 36

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Options:

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Question 37

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Options:

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Question 38

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Options:

A.

After the system preliminary design has been developed and the data security categorization has been performed

B.

After the vulnerability analysis has been performed and before the system detailed design begins

C.

After the system preliminary design has been developed and before the data security categorization begins

D.

After the business functional analysis and the data security categorization have been performed

Question 39

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Options:

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

Question 40

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Options:

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Question 41

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Options:

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Question 42

What is the BEST approach to addressing security issues in legacy web applications?

Options:

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

Question 43

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Options:

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Question 44

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Options:

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

Question 45

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Options:

A.

Link layer

B.

Physical layer

C.

Session layer

D.

Application layer

Question 46

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

Options:

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches

Question 47

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Options:

A.

Transport layer

B.

Application layer

C.

Network layer

D.

Session layer

Question 48

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Options:

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

Question 49

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

Options:

A.

WEP uses a small range Initialization Vector (IV)

B.

WEP uses Message Digest 5 (MD5)

C.

WEP uses Diffie-Hellman

D.

WEP does not use any Initialization Vector (IV)

Question 50

What is the purpose of an Internet Protocol (IP) spoofing attack?

Options:

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Question 51

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

Options:

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

Question 52

Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?

Options:

A.

To provide each manager with precise direction on selecting an appropriate recovery alternative

B.

To demonstrate to the regulatory bodies that the company takes business continuity seriously

C.

To demonstrate to the board of directors that senior management is committed to continuity recovery efforts

D.

To provide a formal declaration from senior management as required by internal audit to demonstrate sound business practices

Question 53

At which phase of the software assurance life cycle should risks associated with software acquisition strategies be identified?

Options:

A.

Follow-on phase

B.

Planning phase

C.

Monitoring and acceptance phase

D.

Contracting phase

Question 54

Which of the following practices provides the development team with a definition of

security and identification of threats in designing software?

Options:

A.

Penetration testing

B.

Stakeholder review

C.

Threat modeling

D.

Requirements review

Question 55

Which of the following types of devices can provide content filtering and threat protection, and manage multiple IPSec site-to-site connections?

Options:

A.

Layer 3 switch

B.

VPN headend

C.

Next-generation firewall

D.

Proxy server

E.

Intrusion prevention

Question 56

A Distributed Denial of Service (DDoS) attack was carried out using malware called Mirai to create a large-scale command and control system to launch a botnet. Which of the following

devices were the PRIMARY sources used to generate the attack traffic?

Options:

A.

Internet of Things (IoT) devices

B.

Microsoft Windows hosts

C.

Web servers running open source operating systems (OS)

D.

Mobile devices running Android

Question 57

Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?

Options:

A.

Security Assertion Markup Language (SAML)

B.

Web application vulnerability scanners

C.

Runtime application self-protection (RASP)

D.

Field-level tokenization

Question 58

A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?

Options:

A.

Federated identity

B.

Cloud Active Directory (AD)

C.

Security Assertion Markup Language (SAML)

D.

Single sign-on (SSO)

Question 59

Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?

Options:

A.

Privacy Act of 1974

B.

Clinger-Cohan Act of 1996

C.

Sarbanes-Oxley (SOX) Act of 2002

D.

International Organization for Standardization (ISO) 27001

Question 60

Which of the following technologies would provide the BEST alternative to anti-malware software?

Options:

A.

Host-based Intrusion Detection Systems (HIDS)

B.

Application whitelisting

C.

Host-based firewalls

D.

Application sandboxing

Question 61

Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?

Options:

A.

Challenge Handshake Authentication Protocol (CHAP)

B.

Point-to-Point Protocol (PPP)

C.

Password Authentication Protocol (PAP)

D.

Post Office Protocol (POP)

Question 62

The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate future occurrences?

Options:

A.

Encrypt disks on personal laptops.

B.

Issue cable locks for use on personal laptops.

C.

Create policies addressing critical information on personal laptops.

D.

Monitor personal laptops for critical information.

Question 63

Which of the following protocols will allow the encrypted transfer of content on the Internet?

Options:

A.

Server Message Block (SMB)

B.

Secure copy

C.

Hypertext Transfer Protocol (HTTP)

D.

Remote copy

Question 64

What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?

Options:

A.

Demand risk

B.

Process risk

C.

Control risk

D.

Supply risk

Question 65

Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy?

Options:

A.

Training

B.

Legal

C.

Business

D.

Storage

Question 66

A cybersecurity engineer has been tasked to research and implement an ultra-secure communications channel to protect the organization's most valuable intellectual property (IP). The primary directive in this initiative is to ensure there Is no possible way the communications can be intercepted without detection. Which of the following Is the only way to ensure this

‘outcome?

Options:

A.

Diffie-Hellman key exchange

B.

Symmetric key cryptography

C.

[Public key infrastructure (PKI)

D.

Quantum Key Distribution

Question 67

Which of the following determines how traffic should flow based on the status of the infrastructure layer?

Options:

A.

Traffic plane

B.

Application plane

C.

Data plane

D.

Control plane

Question 68

Security Software Development Life Cycle (SDLC) expects application code to be written In a consistent manner to allow ease of auditing and which of the following?

Options:

A.

Protecting

B.

Executing

C.

Copying

D.

Enhancing

Question 69

Which of the following is required to verify the authenticity of a digitally signed document?

Options:

A.

Digital hash of the signed document

B.

Sender's private key

C.

Recipient's public key

D.

Agreed upon shared secret

Question 70

Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation's (GDPR)?

Options:

A.

For the establishment, exercise, or defense of legal claims

B.

The personal data has been lawfully processed and collected

C.

The personal data remains necessary to the purpose for which it was collected

D.

For the reasons of private interest

Question 71

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Options:

A.

Development, testing, and deployment

B.

Prevention, detection, and remediation

C.

People, technology, and operations

D.

Certification, accreditation, and monitoring

Question 72

Which of the following represents the GREATEST risk to data confidentiality?

Options:

A.

Network redundancies are not implemented

B.

Security awareness training is not completed

C.

Backup tapes are generated unencrypted

D.

Users have administrative privileges

Question 73

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

Options:

A.

Ensure the fire prevention and detection systems are sufficient to protect personnel

B.

Review the architectural plans to determine how many emergency exits are present

C.

Conduct a gap analysis of a new facilities against existing security requirements

D.

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Question 74

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Options:

A.

Application

B.

Storage

C.

Power

D.

Network

Question 75

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Options:

A.

Only when assets are clearly defined

B.

Only when standards are defined

C.

Only when controls are put in place

D.

Only procedures are defined

Question 76

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Options:

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Question 77

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Options:

A.

Examine the device for physical tampering

B.

Implement more stringent baseline configurations

C.

Purge or re-image the hard disk drive

D.

Change access codes

Question 78

Intellectual property rights are PRIMARY concerned with which of the following?

Options:

A.

Owner’s ability to realize financial gain

B.

Owner’s ability to maintain copyright

C.

Right of the owner to enjoy their creation

D.

Right of the owner to control delivery method

Question 79

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Options:

A.

Install mantraps at the building entrances

B.

Enclose the personnel entry area with polycarbonate plastic

C.

Supply a duress alarm for personnel exposed to the public

D.

Hire a guard to protect the public area

Question 80

Which of the following could cause a Denial of Service (DoS) against an authentication system?

Options:

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Question 81

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Options:

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Question 82

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

Options:

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Question 83

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Options:

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Question 84

In which of the following programs is it MOST important to include the collection of security process data?

Options:

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Question 85

Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?

Options:

A.

Code quality, security, and origin

B.

Architecture, hardware, and firmware

C.

Data quality, provenance, and scaling

D.

Distributed, agile, and bench testing

Question 86

A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

Options:

A.

25%

B.

50%

C.

75%

D.

100%

Question 87

Which of the following combinations would MOST negatively affect availability?

Options:

A.

Denial of Service (DoS) attacks and outdated hardware

B.

Unauthorized transactions and outdated hardware

C.

Fire and accidental changes to data

D.

Unauthorized transactions and denial of service attacks

Question 88

An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies.

What code of ethics canon is being observed?

Options:

A.

Provide diligent and competent service to principals

B.

Protect society, the commonwealth, and the infrastructure

C.

Advance and protect the profession

D.

Act honorable, honesty, justly, responsibly, and legally

Question 89

After following the processes defined within the change management plan, a super user has upgraded a

device within an Information system.

What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Options:

A.

Conduct an Assessment and Authorization (A&A)

B.

Conduct a security impact analysis

C.

Review the results of the most recent vulnerability scan

D.

Conduct a gap analysis with the baseline configuration

Question 90

In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper

connectivity?

Options:

A.

Connect the device to another network jack

B.

Apply remediation’s according to security requirements

C.

Apply Operating System (OS) patches

D.

Change the Message Authentication Code (MAC) address of the network interface

Question 91

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

Options:

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Question 92

Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?

Options:

A.

Achieving Service Level Agreements (SLA) on how quickly patches will be released when a security flaw is found.

B.

Maintaining segregation of duties.

C.

Standardized configurations for logging, alerting, and security metrics.

D.

Availability of security teams at the end of design process to perform last-minute manual audits and reviews.

Question 93

Which of the following is the MOST common method of memory protection?

Options:

A.

Compartmentalization

B.

Segmentation

C.

Error correction

D.

Virtual Local Area Network (VLAN) tagging

Question 94

At a MINIMUM, audits of permissions to individual or group accounts should be scheduled

Options:

A.

annually

B.

to correspond with staff promotions

C.

to correspond with terminations

D.

continually

Question 95

An organization has discovered that users are visiting unauthorized websites using anonymous proxies.

Which of the following is the BEST way to prevent future occurrences?

Options:

A.

Remove the anonymity from the proxy

B.

Analyze Internet Protocol (IP) traffic for proxy requests

C.

Disable the proxy server on the firewall

D.

Block the Internet Protocol (IP) address of known anonymous proxies

Question 96

What is the correct order of steps in an information security assessment?

Place the information security assessment steps on the left next to the numbered boxes on the right in the

correct order.

Options:

Question 97

A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device.

Which of the following is MOST effective to mitigate future infections?

Options:

A.

Develop a written organizational policy prohibiting unauthorized USB devices

B.

Train users on the dangers of transferring data in USB devices

C.

Implement centralized technical control of USB port connections

D.

Encrypt removable USB devices containing data at rest

Question 98

What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?

Options:

A.

Purging

B.

Encryption

C.

Destruction

D.

Clearing

Question 99

Mandatory Access Controls (MAC) are based on:

Options:

A.

security classification and security clearance

B.

data segmentation and data classification

C.

data labels and user access permissions

D.

user roles and data encryption

Question 100

An organization recently conducted a review of the security of its network applications. One of the

vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?

Options:

A.

Diffle-Hellman (DH) algorithm

B.

Elliptic Curve Cryptography (ECC) algorithm

C.

Digital Signature algorithm (DSA)

D.

Rivest-Shamir-Adleman (RSA) algorithm

Question 101

From a security perspective, which of the following assumptions MUST be made about input to an

application?

Options:

A.

It is tested

B.

It is logged

C.

It is verified

D.

It is untrusted

Question 102

In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?

Options:

A.

The second of two routers can periodically check in to make sure that the first router is operational.

B.

The second of two routers can better absorb a Denial of Service (DoS) attack knowing the first router is present.

C.

The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly.

D.

The first of two routers can better handle specific traffic, while the second handles the rest of the traffic seamlessly.

Question 103

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

Options:

A.

Known-plaintext attack

B.

Denial of Service (DoS)

C.

Cookie manipulation

D.

Structured Query Language (SQL) injection

Question 104

Drag the following Security Engineering terms on the left to the BEST definition on the right.

Options:

Question 105

Who would be the BEST person to approve an organizations information security policy?

Options:

A.

Chief Information Officer (CIO)

B.

Chief Information Security Officer (CISO)

C.

Chief internal auditor

D.

Chief Executive Officer (CEO)

Question 106

When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?

Options:

A.

Retain intellectual property rights through contractual wording.

B.

Perform overlapping code reviews by both parties.

C.

Verify that the contractors attend development planning meetings.

D.

Create a separate contractor development environment.

Question 107

Which of the following is the MOST effective attack against cryptographic hardware modules?

Options:

A.

Plaintext

B.

Brute force

C.

Power analysis

D.

Man-in-the-middle (MITM)

Question 108

Which of the following is a detective access control mechanism?

Options:

A.

Log review

B.

Least privilege

C.

Password complexity

D.

Non-disclosure agreement

Question 109

What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?

Options:

A.

Brute force attack

B.

Frequency analysis

C.

Social engineering

D.

Dictionary attack

Question 110

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

When determining appropriate resource allocation, which of the following is MOST important to monitor?

Options:

A.

Number of system compromises

B.

Number of audit findings

C.

Number of staff reductions

D.

Number of additional assets

Question 111

Which of the following describes the concept of a Single Sign -On (SSO) system?

Options:

A.

Users are authenticated to one system at a time.

B.

Users are identified to multiple systems with several credentials.

C.

Users are authenticated to multiple systems with one login.

D.

Only one user is using the system at a time.

Question 112

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?

Options:

A.

Anti-virus software

B.

Intrusion Prevention System (IPS)

C.

Anti-spyware software

D.

Integrity checking software

Question 113

Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?

Options:

A.

Use of a unified messaging.

B.

Use of separation for the voice network.

C.

Use of Network Access Control (NAC) on switches.

D.

Use of Request for Comments (RFC) 1918 addressing.

Question 114

For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?

Options:

A.

Hash functions

B.

Data segregation

C.

File system permissions

D.

Non-repudiation controls

Question 115

With data labeling, which of the following MUST be the key decision maker?

Options:

A.

Information security

B.

Departmental management

C.

Data custodian

D.

Data owner

Question 116

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

What MUST the access control logs contain in addition to the identifier?

Options:

A.

Time of the access

B.

Security classification

C.

Denied access attempts

D.

Associated clearance

Question 117

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?

Options:

A.

Run software uninstall

B.

Re-image the computer

C.

Find and remove all installation files

D.

Delete all cookies stored in the web browser cache

Question 118

Which of the following is the BEST solution to provide redundancy for telecommunications links?

Options:

A.

Provide multiple links from the same telecommunications vendor.

B.

Ensure that the telecommunications links connect to the network in one location.

C.

Ensure that the telecommunications links connect to the network in multiple locations.

D.

Provide multiple links from multiple telecommunications vendors.

Question 119

A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

Options:

A.

Spoofing

B.

Eavesdropping

C.

Man-in-the-middle

D.

Denial of service

Question 120

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

Which of the following will indicate where the IT budget is BEST allocated during this time?

Options:

A.

Policies

B.

Frameworks

C.

Metrics

D.

Guidelines

Question 121

A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

Options:

A.

A lack of baseline standards

B.

Improper documentation of security guidelines

C.

A poorly designed security policy communication program

D.

Host-based Intrusion Prevention System (HIPS) policies are ineffective

Question 122

Which of the following methods provides the MOST protection for user credentials?

Options:

A.

Forms-based authentication

B.

Digest authentication

C.

Basic authentication

D.

Self-registration

Question 123

Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?

Options:

A.

Automatically create exceptions for specific actions or files

B.

Determine which files are unsafe to access and blacklist them

C.

Automatically whitelist actions or files known to the system

D.

Build a baseline of normal or safe system events for review

Question 124

Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

Options:

A.

Application monitoring procedures

B.

Configuration control procedures

C.

Security audit procedures

D.

Software patching procedures

Question 125

When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints.

Options:

A.

Temporal Key Integrity Protocol (TKIP)

B.

Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK)

C.

Wi-Fi Protected Access 2 (WPA2) Enterprise

D.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Question 126

An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?

Options:

A.

Clients can authenticate themselves to the servers.

B.

Mutual authentication is available between the clients and servers.

C.

Servers are able to issue digital certificates to the client.

D.

Servers can authenticate themselves to the client.

Question 127

What is the PRIMARY advantage of using automated application security testing tools?

Options:

A.

The application can be protected in the production environment.

B.

Large amounts of code can be tested using fewer resources.

C.

The application will fail less when tested using these tools.

D.

Detailed testing of code functions can be performed.

Question 128

What is the MOST critical factor to achieve the goals of a security program?

Options:

A.

Capabilities of security resources

B.

Executive management support

C.

Effectiveness of security management

D.

Budget approved for security resources

Question 129

Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?

Options:

A.

Testing with a Botnet

B.

Testing with an EICAR file

C.

Executing a binary shellcode

D.

Run multiple antivirus programs

Question 130

Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?

Options:

A.

Set up a BIOS and operating system password

B.

Encrypt the virtual drive where confidential files can be stored

C.

Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network

D.

Encrypt the entire disk and delete contents after a set number of failed access attempts

Question 131

What component of a web application that stores the session state in a cookie an attacker can bypass?

Options:

A.

An initialization check

B.

An identification check

C.

An authentication check

D.

An authorization check

Question 132

Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?

Options:

A.

Two-factor authentication

B.

Digital certificates and hardware tokens

C.

Timed sessions and Secure Socket Layer (SSL)

D.

Passwords with alpha-numeric and special characters

Question 133

An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?

Options:

A.

Availability

B.

Confidentiality

C.

Integrity

D.

Ownership

Question 134

From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?

Options:

A.

Configure secondary servers to use the primary server as a zone forwarder.

B.

Block all Transmission Control Protocol (TCP) connections.

C.

Disable all recursive queries on the name servers.

D.

Limit zone transfers to authorized devices.

Question 135

Which of the following is the BEST countermeasure to brute force login attacks?

Options:

A.

Changing all canonical passwords

B.

Decreasing the number of concurrent user sessions

C.

Restricting initial password delivery only in person

D.

Introducing a delay after failed system access attempts

Question 136

Which of the following is the PRIMARY benefit of a formalized information classification program?

Options:

A.

It drives audit processes.

B.

It supports risk assessment.

C.

It reduces asset vulnerabilities.

D.

It minimizes system logging requirements.

Question 137

Which of the following violates identity and access management best practices?

Options:

A.

User accounts

B.

System accounts

C.

Generic accounts

D.

Privileged accounts

Question 138

Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?

Options:

A.

Masquerading, salami, malware, polymorphism

B.

Brute force, dictionary, phishing, keylogger

C.

Zeus, netbus, rabbit, turtle

D.

Token, biometrics, IDS, DLP

Question 139

According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

Options:

A.

In-house security administrators

B.

In-house Network Team

C.

Disaster Recovery (DR) Team

D.

External consultants

Question 140

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following documents explains the proper use of the organization's assets?

Options:

A.

Human resources policy

B.

Acceptable use policy

C.

Code of ethics

D.

Access control policy

Question 141

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

Options:

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Question 142

Which of the following mobile code security models relies only on trust?

Options:

A.

Code signing

B.

Class authentication

C.

Sandboxing

D.

Type safety

Question 143

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

Options:

A.

Common Vulnerabilities and Exposures (CVE)

B.

Common Vulnerability Scoring System (CVSS)

C.

Asset Reporting Format (ARF)

D.

Open Vulnerability and Assessment Language (OVAL)

Question 144

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Options:

A.

Implementation Phase

B.

Initialization Phase

C.

Cancellation Phase

D.

Issued Phase

Question 145

Who in the organization is accountable for classification of data information assets?

Options:

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Question 146

The use of private and public encryption keys is fundamental in the implementation of which of the following?

Options:

A.

Diffie-Hellman algorithm

B.

Secure Sockets Layer (SSL)

C.

Advanced Encryption Standard (AES)

D.

Message Digest 5 (MD5)

Question 147

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Options:

A.

Hashing the data before encryption

B.

Hashing the data after encryption

C.

Compressing the data after encryption

D.

Compressing the data before encryption

Question 148

Which of the following is an effective method for avoiding magnetic media data remanence?

Options:

A.

Degaussing

B.

Encryption

C.

Data Loss Prevention (DLP)

D.

Authentication

Question 149

Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

Options:

A.

It uses a Subscriber Identity Module (SIM) for authentication.

B.

It uses encrypting techniques for all communications.

C.

The radio spectrum is divided with multiple frequency carriers.

D.

The signal is difficult to read as it provides end-to-end encryption.

Question 150

Multi-threaded applications are more at risk than single-threaded applications to

Options:

A.

race conditions.

B.

virus infection.

C.

packet sniffing.

D.

database injection.

Question 151

While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?

Options:

A.

Trusted path

B.

Malicious logic

C.

Social engineering

D.

Passive misuse

Question 152

Which of the following is a network intrusion detection technique?

Options:

A.

Statistical anomaly

B.

Perimeter intrusion

C.

Port scanning

D.

Network spoofing

Question 153

Which of the following BEST represents the principle of open design?

Options:

A.

Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.

B.

Algorithms must be protected to ensure the security and interoperability of the designed system.

C.

A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities.

D.

The security of a mechanism should not depend on the secrecy of its design or implementation.

Question 154

Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?

Options:

A.

Network Address Translation (NAT)

B.

Application Proxy

C.

Routing Information Protocol (RIP) Version 2

D.

Address Masking

Question 155

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Options:

A.

Implement packet filtering on the network firewalls

B.

Require strong authentication for administrators

C.

Install Host Based Intrusion Detection Systems (HIDS)

D.

Implement logical network segmentation at the switches

Question 156

Why must all users be positively identified prior to using multi-user computers?

Options:

A.

To provide access to system privileges

B.

To provide access to the operating system

C.

To ensure that unauthorized persons cannot access the computers

D.

To ensure that management knows what users are currently logged on

Question 157

Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?

Options:

A.

Anti-tampering

B.

Secure card reader

C.

Radio Frequency (RF) scanner

D.

Intrusion Prevention System (IPS)

Question 158

A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

Options:

A.

Encryption routines

B.

Random number generator

C.

Obfuscated code

D.

Botnet command and control

Question 159

A practice that permits the owner of a data object to grant other users access to that object would usually provide

Options:

A.

Mandatory Access Control (MAC).

B.

owner-administered control.

C.

owner-dependent access control.

D.

Discretionary Access Control (DAC).

Question 160

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

Options:

A.

Interface with the Public Key Infrastructure (PKI)

B.

Improve the quality of security software

C.

Prevent Denial of Service (DoS) attacks

D.

Establish a secure initial state

Question 161

An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?

Options:

A.

Provide the encrypted passwords and analysis tools to the auditor for analysis.

B.

Analyze the encrypted passwords for the auditor and show them the results.

C.

Demonstrate that non-compliant passwords cannot be created in the system.

D.

Demonstrate that non-compliant passwords cannot be encrypted in the system.

Question 162

What is the FIRST step in developing a security test and its evaluation?

Options:

A.

Determine testing methods

B.

Develop testing procedures

C.

Identify all applicable security requirements

D.

Identify people, processes, and products not in compliance

Question 163

Which of the following is the BEST mitigation from phishing attacks?

Options:

A.

Network activity monitoring

B.

Security awareness training

C.

Corporate policy and procedures

D.

Strong file and directory permissions

Question 164

The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide

Options:

A.

data integrity.

B.

defense in depth.

C.

data availability.

D.

non-repudiation.

Question 165

Contingency plan exercises are intended to do which of the following?

Options:

A.

Train personnel in roles and responsibilities

B.

Validate service level agreements

C.

Train maintenance personnel

D.

Validate operation metrics

Question 166

Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

Options:

A.

False Acceptance Rate (FAR)

B.

False Rejection Rate (FRR)

C.

Crossover Error Rate (CER)

D.

Rejection Error Rate

Question 167

The overall goal of a penetration test is to determine a system's

Options:

A.

ability to withstand an attack.

B.

capacity management.

C.

error recovery capabilities.

D.

reliability under stress.

Question 168

Who must approve modifications to an organization's production infrastructure configuration?

Options:

A.

Technical management

B.

Change control board

C.

System operations

D.

System users

Question 169

Which one of the following describes granularity?

Options:

A.

Maximum number of entries available in an Access Control List (ACL)

B.

Fineness to which a trusted system can authenticate users

C.

Number of violations divided by the number of total accesses

D.

Fineness to which an access control system can be adjusted

Question 170

An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to

Options:

A.

encrypt the contents of the repository and document any exceptions to that requirement.

B.

utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.

C.

keep individuals with access to high security areas from saving those documents into lower security areas.

D.

require individuals with access to the system to sign Non-Disclosure Agreements (NDA).

Question 171

What maintenance activity is responsible for defining, implementing, and testing updates to application systems?

Options:

A.

Program change control

B.

Regression testing

C.

Export exception control

D.

User acceptance testing

Question 172

A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

Options:

A.

The organization's current security policies concerning privacy issues

B.

Privacy-related regulations enforced by governing bodies applicable to the organization

C.

Privacy best practices published by recognized security standards organizations

D.

Organizational procedures designed to protect privacy information

Question 173

An advantage of link encryption in a communications network is that it

Options:

A.

makes key management and distribution easier.

B.

protects data from start to finish through the entire network.

C.

improves the efficiency of the transmission.

D.

encrypts all information, including headers and routing information.

Question 174

What principle requires that changes to the plaintext affect many parts of the ciphertext?

Options:

A.

Diffusion

B.

Encapsulation

C.

Obfuscation

D.

Permutation

Question 175

Which of the following defines the key exchange for Internet Protocol Security (IPSec)?

Options:

A.

Secure Sockets Layer (SSL) key exchange

B.

Internet Key Exchange (IKE)

C.

Security Key Exchange (SKE)

D.

Internet Control Message Protocol (ICMP)

Question 176

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

Options:

A.

Take the computer to a forensic lab

B.

Make a copy of the hard drive

C.

Start documenting

D.

Turn off the computer

Question 177

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Options:

A.

Absence of a Business Intelligence (BI) solution

B.

Inadequate cost modeling

C.

Improper deployment of the Service-Oriented Architecture (SOA)

D.

Insufficient Service Level Agreement (SLA)

Question 178

A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

Options:

A.

Guaranteed recovery of all business functions

B.

Minimization of the need decision making during a crisis

C.

Insurance against litigation following a disaster

D.

Protection from loss of organization resources

Question 179

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?

Options:

A.

Warm site

B.

Hot site

C.

Mirror site

D.

Cold site

Question 180

Which of the following is a PRIMARY advantage of using a third-party identity service?

Options:

A.

Consolidation of multiple providers

B.

Directory synchronization

C.

Web based logon

D.

Automated account management

Question 181

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Options:

A.

Continuously without exception for all security controls

B.

Before and after each change of the control

C.

At a rate concurrent with the volatility of the security control

D.

Only during system implementation and decommissioning

Question 182

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

Options:

A.

Disable all unnecessary services

B.

Ensure chain of custody

C.

Prepare another backup of the system

D.

Isolate the system from the network

Question 183

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Options:

A.

Hardware and software compatibility issues

B.

Applications’ critically and downtime tolerance

C.

Budget constraints and requirements

D.

Cost/benefit analysis and business objectives

Question 184

When is a Business Continuity Plan (BCP) considered to be valid?

Options:

A.

When it has been validated by the Business Continuity (BC) manager

B.

When it has been validated by the board of directors

C.

When it has been validated by all threat scenarios

D.

When it has been validated by realistic exercises

Question 185

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Options:

A.

Walkthrough

B.

Simulation

C.

Parallel

D.

White box

Question 186

A continuous information security-monitoring program can BEST reduce risk through which of the following?

Options:

A.

Collecting security events and correlating them to identify anomalies

B.

Facilitating system-wide visibility into the activities of critical user accounts

C.

Encompassing people, process, and technology

D.

Logging both scheduled and unscheduled system changes

Question 187

Which of the following is the FIRST step in the incident response process?

Options:

A.

Determine the cause of the incident

B.

Disconnect the system involved from the network

C.

Isolate and contain the system involved

D.

Investigate all symptoms to confirm the incident

Question 188

What is the PRIMARY reason for implementing change management?

Options:

A.

Certify and approve releases to the environment

B.

Provide version rollbacks for system changes

C.

Ensure that all applications are approved

D.

Ensure accountability for changes to the environment

Question 189

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

Options:

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Question 190

Which of the following BEST describes the responsibilities of a data owner?

Options:

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Question 191

When implementing a data classification program, why is it important to avoid too much granularity?

Options:

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Question 192

Which of the following is MOST important when assigning ownership of an asset to a department?

Options:

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Question 193

Which of the following is an initial consideration when developing an information security management system?

Options:

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Question 194

Which one of the following affects the classification of data?

Options:

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Question 195

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Options:

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Question 196

In a data classification scheme, the data is owned by the

Options:

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Question 197

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

Options:

A.

Limit access to predefined queries

B.

Segregate the database into a small number of partitions each with a separate security level

C.

Implement Role Based Access Control (RBAC)

D.

Reduce the number of people who have access to the system for statistical purposes

Question 198

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Options:

A.

Audit logs

B.

Role-Based Access Control (RBAC)

C.

Two-factor authentication

D.

Application of least privilege

Question 199

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Options:

A.

Derived credential

B.

Temporary security credential

C.

Mobile device credentialing service

D.

Digest authentication

Question 200

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Options:

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

Demo: 200 questions
Total 1486 questions