Special Summer Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ISC CISSP Certified Information Systems Security Professional (CISSP) Exam Practice Test

Page: 1 / 149
Total 1487 questions

Certified Information Systems Security Professional (CISSP) Questions and Answers

Question 1

Which of the following is MOST important when deploying digital certificates?

Options:

A.

Validate compliance with X.509 digital certificate standards

B.

Establish a certificate life cycle management framework

C.

Use a third-party Certificate Authority (CA)

D.

Use no less than 256-bit strength encryption when creating a certificate

Question 2

A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance?

Options:

A.

Enterprise asset management framework

B.

Asset baseline using commercial off the shelf software

C.

Asset ownership database using domain login records

D.

A script to report active user logins on assets

Question 3

The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

Options:

A.

require an update of the Protection Profile (PP).

B.

require recertification.

C.

retain its current EAL rating.

D.

reduce the product to EAL 3.

Question 4

In order to assure authenticity, which of the following are required?

Options:

A.

Confidentiality and authentication

B.

Confidentiality and integrity

C.

Authentication and non-repudiation

D.

Integrity and non-repudiation

Question 5

What operations role is responsible for protecting the enterprise from corrupt or contaminated media?

Options:

A.

Information security practitioner

B.

Information librarian

C.

Computer operator

D.

Network administrator

Question 6

Match the types of e-authentication tokens to their description.

Drag each e-authentication token on the left to its corresponding description on the right.

Options:

Question 7

The goal of a Business Impact Analysis (BIA) is to determine which of the following?

Options:

A.

Cost effectiveness of business recovery

B.

Cost effectiveness of installing software security patches

C.

Resource priorities for recovery and Maximum Tolerable Downtime (MTD)

D.

Which security measures should be implemented

Question 8

An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?

Options:

A.

Third-party vendor with access to the system

B.

System administrator access compromised

C.

Internal attacker with access to the system

D.

Internal user accidentally accessing data

Question 9

A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually?

Options:

A.

Asset Management, Business Environment, Governance and Risk Assessment

B.

Access Control, Awareness and Training, Data Security and Maintenance

C.

Anomalies and Events, Security Continuous Monitoring and Detection Processes

D.

Recovery Planning, Improvements and Communications

Question 10

What balance MUST be considered when web application developers determine how informative application error messages should be constructed?

Options:

A.

Risk versus benefit

B.

Availability versus auditability

C.

Confidentiality versus integrity

D.

Performance versus user satisfaction

Question 11

Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?

Options:

A.

The dynamic reconfiguration of systems

B.

The cost of downtime

C.

A recovery strategy for all business processes

D.

A containment strategy

Question 12

Which of the following is needed to securely distribute symmetric cryptographic keys?

Options:

A.

Officially approved Public-Key Infrastructure (PKI) Class 3 or Class 4 certificates

B.

Officially approved and compliant key management technology and processes

C.

An organizationally approved communication protection policy and key management plan

D.

Hardware tokens that protect the user’s private key.

Question 13

During which of the following processes is least privilege implemented for a user account?

Options:

A.

Provision

B.

Approve

C.

Request

D.

Review

Question 14

Which of the following BEST describes a chosen plaintext attack?

Options:

A.

The cryptanalyst can generate ciphertext from arbitrary text.

B.

The cryptanalyst examines the communication being sent back and forth.

C.

The cryptanalyst can choose the key and algorithm to mount the attack.

D.

The cryptanalyst is presented with the ciphertext from which the original message is determined.

Question 15

What does the Maximum Tolerable Downtime (MTD) determine?

Options:

A.

The estimated period of time a business critical database can remain down before customers are affected.

B.

The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning

C.

The estimated period of time a business can remain interrupted beyond which it risks never recovering

D.

The fixed length of time in a DR process before redundant systems are engaged

Question 16

In order for a security policy to be effective within an organization, it MUST include

Options:

A.

strong statements that clearly define the problem.

B.

a list of all standards that apply to the policy.

C.

owner information and date of last revision.

D.

disciplinary measures for non compliance.

Question 17

Retaining system logs for six months or longer can be valuable for what activities?

Options:

A.

Disaster recovery and business continuity

B.

Forensics and incident response

C.

Identity and authorization management

D.

Physical and logical access control

Question 18

Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?

Options:

A.

Level of assurance of the Target of Evaluation (TOE) in intended operational environment

B.

Selection to meet the security objectives stated in test documents

C.

Security behavior expected of a TOE

D.

Definition of the roles and responsibilities

Question 19

A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

Options:

A.

Public Key Infrastructure (PKI) and digital signatures

B.

Trusted server certificates and passphrases

C.

User ID and password

D.

Asymmetric encryption and User ID

Question 20

Which of the following is the PRIMARY security concern associated with the implementation of smart cards?

Options:

A.

The cards have limited memory

B.

Vendor application compatibility

C.

The cards can be misplaced

D.

Mobile code can be embedded in the card

Question 21

Which Web Services Security (WS-Security) specification handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below.

Options:

Question 22

Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?

Options:

A.

dig

B.

ifconfig

C.

ipconfig

D.

nbtstat

Question 23

A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is

Options:

A.

the scalability of token enrollment.

B.

increased accountability of end users.

C.

it protects against unauthorized access.

D.

it simplifies user access administration.

Question 24

What is the process called when impact values are assigned to the security objectives for information types?

Options:

A.

Qualitative analysis

B.

Quantitative analysis

C.

Remediation

D.

System security categorization

Question 25

In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?

Options:

A.

Application Layer

B.

Physical Layer

C.

Data-Link Layer

D.

Network Layer

Question 26

An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?

Options:

A.

Acceptance of risk by the authorizing official

B.

Remediation of vulnerabilities

C.

Adoption of standardized policies and procedures

D.

Approval of the System Security Plan (SSP)

Question 27

The PRIMARY outcome of a certification process is that it provides documented

Options:

A.

system weaknesses for remediation.

B.

standards for security assessment, testing, and process evaluation.

C.

interconnected systems and their implemented security controls.

D.

security analyses needed to make a risk-based decision.

Question 28

What does an organization FIRST review to assure compliance with privacy requirements?

Options:

A.

Best practices

B.

Business objectives

C.

Legal and regulatory mandates

D.

Employee's compliance to policies and standards

Question 29

Are companies legally required to report all data breaches?

Options:

A.

No, different jurisdictions have different rules.

B.

No, not if the data is encrypted.

C.

No, companies' codes of ethics don't require it.

D.

No, only if the breach had a material impact.

Question 30

What is the GREATEST challenge to identifying data leaks?

Options:

A.

Available technical tools that enable user activity monitoring.

B.

Documented asset classification policy and clear labeling of assets.

C.

Senior management cooperation in investigating suspicious behavior.

D.

Law enforcement participation to apprehend and interrogate suspects.

Question 31

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Options:

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

Question 32

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Options:

A.

Derived credential

B.

Temporary security credential

C.

Mobile device credentialing service

D.

Digest authentication

Question 33

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Options:

A.

Audit logs

B.

Role-Based Access Control (RBAC)

C.

Two-factor authentication

D.

Application of least privilege

Question 34

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

Options:

A.

Limit access to predefined queries

B.

Segregate the database into a small number of partitions each with a separate security level

C.

Implement Role Based Access Control (RBAC)

D.

Reduce the number of people who have access to the system for statistical purposes

Question 35

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Options:

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Question 36

Which of the following could cause a Denial of Service (DoS) against an authentication system?

Options:

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Question 37

In which of the following programs is it MOST important to include the collection of security process data?

Options:

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Question 38

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Options:

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Question 39

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

Options:

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Question 40

Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

Options:

A.

Password requirements are simplified.

B.

Risk associated with orphan accounts is reduced.

C.

Segregation of duties is automatically enforced.

D.

Data confidentiality is increased.

Question 41

What can happen when an Intrusion Detection System (IDS) is installed inside a firewall-protected internal network?

Options:

A.

The IDS can detect failed administrator logon attempts from servers.

B.

The IDS can increase the number of packets to analyze.

C.

The firewall can increase the number of packets to analyze.

D.

The firewall can detect failed administrator login attempts from servers

Question 42

A security compliance manager of a large enterprise wants to reduce the time it takes to perform network,

system, and application security compliance audits while increasing quality and effectiveness of the results.

What should be implemented to BEST achieve the desired results?

Options:

A.

Configuration Management Database (CMDB)

B.

Source code repository

C.

Configuration Management Plan (CMP)

D.

System performance monitoring application

Question 43

Which of the following is the MOST challenging issue in apprehending cyber criminals?

Options:

A.

They often use sophisticated method to commit a crime.

B.

It is often hard to collect and maintain integrity of digital evidence.

C.

The crime is often committed from a different jurisdiction.

D.

There is often no physical evidence involved.

Question 44

It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?

Options:

A.

Negotiate schedule with the Information Technology (IT) operation’s team

B.

Log vulnerability summary reports to a secured server

C.

Enable scanning during off-peak hours

D.

Establish access for Information Technology (IT) management

Question 45

Match the functional roles in an external audit to their responsibilities.

Drag each role on the left to its corresponding responsibility on the right.

Select and Place:

Options:

Question 46

Which of the following is an initial consideration when developing an information security management system?

Options:

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Question 47

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Options:

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Question 48

In a data classification scheme, the data is owned by the

Options:

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Question 49

Which of the following BEST describes the responsibilities of a data owner?

Options:

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Question 50

Which one of the following affects the classification of data?

Options:

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Question 51

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

Options:

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Question 52

Which of the following is MOST important when assigning ownership of an asset to a department?

Options:

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Question 53

When implementing a data classification program, why is it important to avoid too much granularity?

Options:

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Question 54

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS).

Which of the following factors leads the company to choose an IDaaS as their solution?

Options:

A.

In-house development provides more control.

B.

In-house team lacks resources to support an on-premise solution.

C.

Third-party solutions are inherently more secure.

D.

Third-party solutions are known for transferring the risk to the vendor.

Question 55

Computer forensics requires which of the following MAIN steps?

Options:

A.

Announce the incident to responsible sections, analyze the data, assimilate the data for correlation

B.

Take action to contain the damage, announce the incident to responsible sections, analyze the data

C.

Acquire the data without altering, authenticate the recovered data, analyze the data

D.

Access the data before destruction, assimilate the data for correlation, take action to contain the damage

Question 56

Which of the (ISC)? Code of Ethics canons is MOST reflected when preserving the value of systems, applications, and entrusted information while avoiding conflicts of interest?

Options:

A.

Act honorably, honestly, justly, responsibly, and legally.

B.

Protect society, the commonwealth, and the infrastructure.

C.

Provide diligent and competent service to principles.

D.

Advance and protect the profession.

Question 57

What is the PRIMARY purpose of auditing, as it relates to the security review cycle?

Options:

A.

To ensure the organization's controls and pokies are working as intended

B.

To ensure the organization can still be publicly traded

C.

To ensure the organization's executive team won't be sued

D.

To ensure the organization meets contractual requirements

Question 58

Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?

Options:

A.

Employee evaluation of the training program

B.

Internal assessment of the training program's effectiveness

C.

Multiple choice tests to participants

D.

Management control of reviews

Question 59

Which of the following vulnerabilities can be BEST detected using automated analysis?

Options:

A.

Valid cross-site request forgery (CSRF) vulnerabilities

B.

Multi-step process attack vulnerabilities

C.

Business logic flaw vulnerabilities

D.

Typical source code vulnerabilities

Question 60

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-system gracefully handle invalid input?

Options:

A.

Negative testing

B.

Integration testing

C.

Unit testing

D.

Acceptance testing

Question 61

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Options:

A.

Only when assets are clearly defined

B.

Only when standards are defined

C.

Only when controls are put in place

D.

Only procedures are defined

Question 62

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Options:

A.

Install mantraps at the building entrances

B.

Enclose the personnel entry area with polycarbonate plastic

C.

Supply a duress alarm for personnel exposed to the public

D.

Hire a guard to protect the public area

Question 63

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Options:

A.

Examine the device for physical tampering

B.

Implement more stringent baseline configurations

C.

Purge or re-image the hard disk drive

D.

Change access codes

Question 64

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Options:

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Question 65

Which of the following represents the GREATEST risk to data confidentiality?

Options:

A.

Network redundancies are not implemented

B.

Security awareness training is not completed

C.

Backup tapes are generated unencrypted

D.

Users have administrative privileges

Question 66

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Options:

A.

Application

B.

Storage

C.

Power

D.

Network

Question 67

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Options:

A.

Development, testing, and deployment

B.

Prevention, detection, and remediation

C.

People, technology, and operations

D.

Certification, accreditation, and monitoring

Question 68

Intellectual property rights are PRIMARY concerned with which of the following?

Options:

A.

Owner’s ability to realize financial gain

B.

Owner’s ability to maintain copyright

C.

Right of the owner to enjoy their creation

D.

Right of the owner to control delivery method

Question 69

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

Options:

A.

Ensure the fire prevention and detection systems are sufficient to protect personnel

B.

Review the architectural plans to determine how many emergency exits are present

C.

Conduct a gap analysis of a new facilities against existing security requirements

D.

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Question 70

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

Options:

A.

Common Vulnerabilities and Exposures (CVE)

B.

Common Vulnerability Scoring System (CVSS)

C.

Asset Reporting Format (ARF)

D.

Open Vulnerability and Assessment Language (OVAL)

Question 71

The use of private and public encryption keys is fundamental in the implementation of which of the following?

Options:

A.

Diffie-Hellman algorithm

B.

Secure Sockets Layer (SSL)

C.

Advanced Encryption Standard (AES)

D.

Message Digest 5 (MD5)

Question 72

Who in the organization is accountable for classification of data information assets?

Options:

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Question 73

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Options:

A.

Hashing the data before encryption

B.

Hashing the data after encryption

C.

Compressing the data after encryption

D.

Compressing the data before encryption

Question 74

Which of the following mobile code security models relies only on trust?

Options:

A.

Code signing

B.

Class authentication

C.

Sandboxing

D.

Type safety

Question 75

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

Options:

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Question 76

Which of the following can BEST prevent security flaws occurring in outsourced software development?

Options:

A.

Contractual requirements for code quality

B.

Licensing, code ownership and intellectual property rights

C.

Certification of the quality and accuracy of the work done

D.

Delivery dates, change management control and budgetary control

Question 77

The type of authorized interactions a subject can have with an object is

Options:

A.

control.

B.

permission.

C.

procedure.

D.

protocol.

Question 78

Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?

Options:

A.

Operational networks are usually shut down during testing.

B.

Testing should continue even if components of the test fail.

C.

The company is fully prepared for a disaster if all tests pass.

D.

Testing should not be done until the entire disaster plan can be tested.

Question 79

What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?

Options:

A.

Physical access to the electronic hardware

B.

Regularly scheduled maintenance process

C.

Availability of the network connection

D.

Processing delays

Question 80

Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?

Options:

A.

Simple Mail Transfer Protocol (SMTP) blacklist

B.

Reverse Domain Name System (DNS) lookup

C.

Hashing algorithm

D.

Header analysis

Question 81

What maintenance activity is responsible for defining, implementing, and testing updates to application systems?

Options:

A.

Program change control

B.

Regression testing

C.

Export exception control

D.

User acceptance testing

Question 82

While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?

Options:

A.

Trusted path

B.

Malicious logic

C.

Social engineering

D.

Passive misuse

Question 83

What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?

Options:

A.

Man-in-the-Middle (MITM) attack

B.

Smurfing

C.

Session redirect

D.

Spoofing

Question 84

The FIRST step in building a firewall is to

Options:

A.

assign the roles and responsibilities of the firewall administrators.

B.

define the intended audience who will read the firewall policy.

C.

identify mechanisms to encourage compliance with the policy.

D.

perform a risk analysis to identify issues to be addressed.

Question 85

Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Options:

A.

Programs that write to system resources

B.

Programs that write to user directories

C.

Log files containing sensitive information

D.

Log files containing system calls

Question 86

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

Options:

A.

confidentiality of the traffic is protected.

B.

opportunity to sniff network traffic exists.

C.

opportunity for device identity spoofing is eliminated.

D.

storage devices are protected against availability attacks.

Question 87

A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

Options:

A.

Encryption routines

B.

Random number generator

C.

Obfuscated code

D.

Botnet command and control

Question 88

Multi-threaded applications are more at risk than single-threaded applications to

Options:

A.

race conditions.

B.

virus infection.

C.

packet sniffing.

D.

database injection.

Question 89

Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?

Options:

A.

Trusted Platform Module (TPM)

B.

Preboot eXecution Environment (PXE)

C.

Key Distribution Center (KDC)

D.

Simple Key-Management for Internet Protocol (SKIP)

Question 90

Who must approve modifications to an organization's production infrastructure configuration?

Options:

A.

Technical management

B.

Change control board

C.

System operations

D.

System users

Question 91

A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of

Options:

A.

asynchronous token.

B.

Single Sign-On (SSO) token.

C.

single factor authentication token.

D.

synchronous token.

Question 92

What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service?

Options:

A.

Some users are not provisioned into the service.

B.

SAML tokens are provided by the on-premise identity provider.

C.

Single users cannot be revoked from the service.

D.

SAML tokens contain user information.

Question 93

Which of the following is an example of two-factor authentication?

Options:

A.

Retina scan and a palm print

B.

Fingerprint and a smart card

C.

Magnetic stripe card and an ID badge

D.

Password and Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)

Question 94

Which of the following assures that rules are followed in an identity management architecture?

Options:

A.

Policy database

B.

Digital signature

C.

Policy decision point

D.

Policy enforcement point

Question 95

A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

Options:

A.

A lack of baseline standards

B.

Improper documentation of security guidelines

C.

A poorly designed security policy communication program

D.

Host-based Intrusion Prevention System (HIPS) policies are ineffective

Question 96

Which of the following methods provides the MOST protection for user credentials?

Options:

A.

Forms-based authentication

B.

Digest authentication

C.

Basic authentication

D.

Self-registration

Question 97

What component of a web application that stores the session state in a cookie can be bypassed by an attacker?

Options:

A.

An initialization check

B.

An identification check

C.

An authentication check

D.

An authorization check

Question 98

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

Which of the following will indicate where the IT budget is BEST allocated during this time?

Options:

A.

Policies

B.

Frameworks

C.

Metrics

D.

Guidelines

Question 99

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

The effectiveness of the security program can PRIMARILY be measured through

Options:

A.

audit findings.

B.

risk elimination.

C.

audit requirements.

D.

customer satisfaction.

Question 100

When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?

Options:

A.

Retain intellectual property rights through contractual wording.

B.

Perform overlapping code reviews by both parties.

C.

Verify that the contractors attend development planning meetings.

D.

Create a separate contractor development environment.

Question 101

Refer to the information below to answer the question.

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.

Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information?

Options:

A.

Unauthorized database changes

B.

Integrity of security logs

C.

Availability of the database

D.

Confidentiality of the incident

Question 102

Refer to the information below to answer the question.

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Which of the following is true according to the star property (*property)?

Options:

A.

User D can write to File 1

B.

User B can write to File 1

C.

User A can write to File 1

D.

User C can write to File 1

Question 103

From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?

Options:

A.

Configure secondary servers to use the primary server as a zone forwarder.

B.

Block all Transmission Control Protocol (TCP) connections.

C.

Disable all recursive queries on the name servers.

D.

Limit zone transfers to authorized devices.

Question 104

Which of the following is the MOST crucial for a successful audit plan?

Options:

A.

Defining the scope of the audit to be performed

B.

Identifying the security controls to be implemented

C.

Working with the system owner on new controls

D.

Acquiring evidence of systems that are not compliant

Question 105

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?

Options:

A.

Anti-virus software

B.

Intrusion Prevention System (IPS)

C.

Anti-spyware software

D.

Integrity checking software

Question 106

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Options:

A.

After the system preliminary design has been developed and the data security categorization has been performed

B.

After the vulnerability analysis has been performed and before the system detailed design begins

C.

After the system preliminary design has been developed and before the data security categorization begins

D.

After the business functional analysis and the data security categorization have been performed

Question 107

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Options:

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Question 108

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Options:

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

Question 109

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Options:

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Question 110

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Options:

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Question 111

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Options:

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Question 112

What is the BEST approach to addressing security issues in legacy web applications?

Options:

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

Question 113

Which of the following is a PRIMARY advantage of using a third-party identity service?

Options:

A.

Consolidation of multiple providers

B.

Directory synchronization

C.

Web based logon

D.

Automated account management

Question 114

What is the PRIMARY reason for implementing change management?

Options:

A.

Certify and approve releases to the environment

B.

Provide version rollbacks for system changes

C.

Ensure that all applications are approved

D.

Ensure accountability for changes to the environment

Question 115

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

Options:

A.

Disable all unnecessary services

B.

Ensure chain of custody

C.

Prepare another backup of the system

D.

Isolate the system from the network

Question 116

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

Options:

A.

Take the computer to a forensic lab

B.

Make a copy of the hard drive

C.

Start documenting

D.

Turn off the computer

Question 117

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?

Options:

A.

Warm site

B.

Hot site

C.

Mirror site

D.

Cold site

Question 118

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Options:

A.

Continuously without exception for all security controls

B.

Before and after each change of the control

C.

At a rate concurrent with the volatility of the security control

D.

Only during system implementation and decommissioning

Question 119

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Options:

A.

Hardware and software compatibility issues

B.

Applications’ critically and downtime tolerance

C.

Budget constraints and requirements

D.

Cost/benefit analysis and business objectives

Question 120

A continuous information security monitoring program can BEST reduce risk through which of the following?

Options:

A.

Collecting security events and correlating them to identify anomalies

B.

Facilitating system-wide visibility into the activities of critical user accounts

C.

Encompassing people, process, and technology

D.

Logging both scheduled and unscheduled system changes

Question 121

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Options:

A.

Transport layer

B.

Application layer

C.

Network layer

D.

Session layer

Question 122

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Options:

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

Question 123

What is the purpose of an Internet Protocol (IP) spoofing attack?

Options:

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Question 124

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Options:

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

Question 125

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

Options:

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

Question 126

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

Options:

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches

Question 127

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Options:

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Question 128

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

Options:

A.

WEP uses a small range Initialization Vector (IV)

B.

WEP uses Message Digest 5 (MD5)

C.

WEP uses Diffie-Hellman

D.

WEP does not use any Initialization Vector (IV)

Question 129

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Options:

A.

Link layer

B.

Physical layer

C.

Session layer

D.

Application layer

Question 130

Digital certificates used transport Layer security (TLS) support which of the following?

Options:

A.

Server identify and data confidentially

B.

Information input validation

C.

Multi-Factor Authentication (MFA)

D.

Non-reputation controls and data encryption

Question 131

Which of the following is the MOST important reason for timely installation of software patches?

Options:

A.

Attackers may be conducting network analysis.

B.

Patches ere only available for a specific time.

C.

Attackers reverse engineer the exploit from the patch.

D.

Patches may not be compatible with proprietary software

Question 132

Which of the following is a characteristic of a challenge/response authentication process?

Options:

A.

Using a password history blacklist

B.

Transmitting a hash based on the user's password

C.

Presenting distorted gravies of text for authentication

D.

Requiring the use of non-consecutive numeric characters

Question 133

Which of the following would present the higher annualized loss expectancy (ALE)?

Options:

A.

Fire

B.

Earthquake

C.

Windstorm

D.

Flood

Question 134

For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?

Options:

A.

Network architecture

B.

Integrity

C.

Identity Management (IdM)

D.

Confidentiality management

Question 135

A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach?

Options:

A.

Reduce application development costs.

B.

Potential threats are addressed later in the Software Development Life Cycle (SDLC).

C.

Improve user acceptance of implemented security controls.

D.

Potential threats are addressed earlier in the Software Development Life Cycle (SDLC).

Page: 1 / 149
Total 1487 questions