March Sale Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ISC CISSP Certified Information Systems Security Professional (CISSP) Exam Practice Test

Page: 1 / 149
Total 1487 questions

Certified Information Systems Security Professional (CISSP) Questions and Answers

Question 1

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Options:

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

Question 2

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Options:

A.

Audit logs

B.

Role-Based Access Control (RBAC)

C.

Two-factor authentication

D.

Application of least privilege

Question 3

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Options:

A.

Derived credential

B.

Temporary security credential

C.

Mobile device credentialing service

D.

Digest authentication

Question 4

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

Options:

A.

Limit access to predefined queries

B.

Segregate the database into a small number of partitions each with a separate security level

C.

Implement Role Based Access Control (RBAC)

D.

Reduce the number of people who have access to the system for statistical purposes

Question 5

Are companies legally required to report all data breaches?

Options:

A.

No, different jurisdictions have different rules.

B.

No, not if the data is encrypted.

C.

No, companies' codes of ethics don't require it.

D.

No, only if the breach had a material impact.

Question 6

What is the MOST efficient way to secure a production program and its data?

Options:

A.

Disable default accounts and implement access control lists (ACL)

B.

Harden the application and encrypt the data

C.

Disable unused services and implement tunneling

D.

Harden the servers and backup the data

Question 7

Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?

Options:

A.

Authorizations are not included in the server response

B.

Unsalted hashes are passed over the network

C.

The authentication session can be replayed

D.

Passwords are passed in cleartext

Question 8

Which of the following is the MOST effective method of mitigating data theft from an active user workstation?

Options:

A.

Implement full-disk encryption

B.

Enable multifactor authentication

C.

Deploy file integrity checkers

D.

Disable use of portable devices

Question 9

What is the PRIMARY difference between security policies and security procedures?

Options:

A.

Policies are used to enforce violations, and procedures create penalties

B.

Policies point to guidelines, and procedures are more contractual in nature

C.

Policies are included in awareness training, and procedures give guidance

D.

Policies are generic in nature, and procedures contain operational details

Question 10

To protect auditable information, which of the following MUST be configured to only allow read access?

Options:

A.

Logging configurations

B.

Transaction log files

C.

User account configurations

D.

Access control lists (ACL)

Question 11

Which of the following is the BEST method to assess the effectiveness of an organization's vulnerability management program?

Options:

A.

Review automated patch deployment reports

B.

Periodic third party vulnerability assessment

C.

Automated vulnerability scanning

D.

Perform vulnerability scan by security team

Question 12

While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following is the correct procedure for handling such equipment?

Options:

A.

They should be recycled to save energy.

B.

They should be recycled according to NIST SP 800-88.

C.

They should be inspected and sanitized following the organizational policy.

D.

They should be inspected and categorized properly to sell them for reuse.

Question 13

A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

Options:

A.

Public Key Infrastructure (PKI) and digital signatures

B.

Trusted server certificates and passphrases

C.

User ID and password

D.

Asymmetric encryption and User ID

Question 14

Order the below steps to create an effective vulnerability management process.

Options:

Question 15

Which of the following methods can be used to achieve confidentiality and integrity for data in transit?

Options:

A.

Multiprotocol Label Switching (MPLS)

B.

Internet Protocol Security (IPSec)

C.

Federated identity management

D.

Multi-factor authentication

Question 16

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

Options:

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

Question 17

What is the purpose of an Internet Protocol (IP) spoofing attack?

Options:

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Question 18

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Options:

A.

Transport layer

B.

Application layer

C.

Network layer

D.

Session layer

Question 19

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Options:

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

Question 20

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Options:

A.

Link layer

B.

Physical layer

C.

Session layer

D.

Application layer

Question 21

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

Options:

A.

WEP uses a small range Initialization Vector (IV)

B.

WEP uses Message Digest 5 (MD5)

C.

WEP uses Diffie-Hellman

D.

WEP does not use any Initialization Vector (IV)

Question 22

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Options:

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

Question 23

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Options:

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Question 24

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

Options:

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches

Question 25

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Options:

A.

Implementation Phase

B.

Initialization Phase

C.

Cancellation Phase

D.

Issued Phase

Question 26

The use of private and public encryption keys is fundamental in the implementation of which of the following?

Options:

A.

Diffie-Hellman algorithm

B.

Secure Sockets Layer (SSL)

C.

Advanced Encryption Standard (AES)

D.

Message Digest 5 (MD5)

Question 27

Which of the following mobile code security models relies only on trust?

Options:

A.

Code signing

B.

Class authentication

C.

Sandboxing

D.

Type safety

Question 28

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Options:

A.

Hashing the data before encryption

B.

Hashing the data after encryption

C.

Compressing the data after encryption

D.

Compressing the data before encryption

Question 29

Who in the organization is accountable for classification of data information assets?

Options:

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Question 30

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

Options:

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Question 31

What is the PRIMARY advantage of using automated application security testing tools?

Options:

A.

The application can be protected in the production environment.

B.

Large amounts of code can be tested using fewer resources.

C.

The application will fail less when tested using these tools.

D.

Detailed testing of code functions can be performed.

Question 32

Refer to the information below to answer the question.

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Question # 32

Which of the following is true according to the star property (*property)?

Options:

A.

User D can write to File 1

B.

User B can write to File 1

C.

User A can write to File 1

D.

User C can write to File 1

Question 33

What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?

Options:

A.

Identify regulatory requirements

B.

Conduct a risk assessment

C.

Determine business drivers

D.

Review the security baseline configuration

Question 34

The use of proximity card to gain access to a building is an example of what type of security control?

Options:

A.

Legal

B.

Logical

C.

Physical

D.

Procedural

Question 35

The amount of data that will be collected during an audit is PRIMARILY determined by the.

Options:

A.

audit scope.

B.

auditor's experience level.

C.

availability of the data.

D.

integrity of the data.

Question 36

Which of the following MOST influences the design of the organization's electronic monitoring policies?

Options:

A.

Workplace privacy laws

B.

Level of organizational trust

C.

Results of background checks

D.

Business ethical considerations

Question 37

Which of the following is the BEST countermeasure to brute force login attacks?

Options:

A.

Changing all canonical passwords

B.

Decreasing the number of concurrent user sessions

C.

Restricting initial password delivery only in person

D.

Introducing a delay after failed system access attempts

Question 38

Refer to the information below to answer the question.

Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.

After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?

Options:

A.

Commercial products often have serious weaknesses of the magnetic force available in the degausser product.

B.

Degausser products may not be properly maintained and operated.

C.

The inability to turn the drive around in the chamber for the second pass due to human error.

D.

Inadequate record keeping when sanitizing mediA.

Question 39

Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

Options:

A.

Application monitoring procedures

B.

Configuration control procedures

C.

Security audit procedures

D.

Software patching procedures

Question 40

Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

Options:

A.

Maintaining an inventory of authorized Access Points (AP) and connecting devices

B.

Setting the radio frequency to the minimum range required

C.

Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator

D.

Verifying that all default passwords have been changed

Question 41

During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?

Options:

A.

The procurement officer lacks technical knowledge.

B.

The security requirements have changed during the procurement process.

C.

There were no security professionals in the vendor's bidding team.

D.

The description of the security requirements was insufficient.

Question 42

Which of the following is the PRIMARY benefit of a formalized information classification program?

Options:

A.

It drives audit processes.

B.

It supports risk assessment.

C.

It reduces asset vulnerabilities.

D.

It minimizes system logging requirements.

Question 43

From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?

Options:

A.

Configure secondary servers to use the primary server as a zone forwarder.

B.

Block all Transmission Control Protocol (TCP) connections.

C.

Disable all recursive queries on the name servers.

D.

Limit zone transfers to authorized devices.

Question 44

With data labeling, which of the following MUST be the key decision maker?

Options:

A.

Information security

B.

Departmental management

C.

Data custodian

D.

Data owner

Question 45

Which item below is a federated identity standard?

Options:

A.

802.11i

B.

Kerberos

C.

Lightweight Directory Access Protocol (LDAP)

D.

Security Assertion Markup Language (SAML)

Question 46

Match the name of access control model with its associated restriction.

Drag each access control model to its appropriate restriction access on the right.

Question # 46

Options:

Question 47

What is an advantage of Elliptic Curve Cryptography (ECC)?

Options:

A.

Cryptographic approach that does not require a fixed-length key

B.

Military-strength security that does not depend upon secrecy of the algorithm

C.

Opportunity to use shorter keys for the same level of security

D.

Ability to use much longer keys for greater security

Question 48

Which of the following would BEST describe the role directly responsible for data within an organization?

Options:

A.

Data custodian

B.

Information owner

C.

Database administrator

D.

Quality control

Question 49

Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a

Options:

A.

clear-text attack.

B.

known cipher attack.

C.

frequency analysis.

D.

stochastic assessment.

Question 50

Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?

Options:

A.

Temporal Key Integrity Protocol (TKIP)

B.

Secure Hash Algorithm (SHA)

C.

Secure Shell (SSH)

D.

Transport Layer Security (TLS)

Question 51

The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

Options:

A.

require an update of the Protection Profile (PP).

B.

require recertification.

C.

retain its current EAL rating.

D.

reduce the product to EAL 3.

Question 52

When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?

Options:

A.

Accept the risk on behalf of the organization.

B.

Report findings to the business to determine security gaps.

C.

Quantify the risk to the business for product selection.

D.

Approve the application that best meets security requirements.

Question 53

Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

Options:

A.

User awareness

B.

Two-factor authentication

C.

Anti-phishing software

D.

Periodic vulnerability scan

Question 54

Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?

Options:

A.

Transport and Session

B.

Data-Link and Transport

C.

Network and Session

D.

Physical and Data-Link

Question 55

Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

Options:

A.

Provide vulnerability reports to management.

B.

Validate vulnerability remediation activities.

C.

Prevent attackers from discovering vulnerabilities.

D.

Remediate known vulnerabilities.

Question 56

In which identity management process is the subject’s identity established?

Options:

A.

Trust

B.

Provisioning

C.

Authorization

D.

Enrollment

Question 57

During which of the following processes is least privilege implemented for a user account?

Options:

A.

Provision

B.

Approve

C.

Request

D.

Review

Question 58

Which of the following media sanitization techniques is MOST likely to be effective for an organization using public cloud services?

Options:

A.

Low-level formatting

B.

Secure-grade overwrite erasure

C.

Cryptographic erasure

D.

Drive degaussing

Question 59

Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment?

Options:

A.

Lightweight Directory Access Protocol (LDAP)

B.

Security Assertion Markup Language (SAML)

C.

Internet Mail Access Protocol

D.

Transport Layer Security (TLS)

Question 60

Which of the following information MUST be provided for user account provisioning?

Options:

A.

Full name

B.

Unique identifier

C.

Security question

D.

Date of birth

Question 61

Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?

Options:

A.

Triple Data Encryption Standard (3DES)

B.

Advanced Encryption Standard (AES)

C.

Message Digest 5 (MD5)

D.

Secure Hash Algorithm 2(SHA-2)

Question 62

Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?

Options:

A.

Code quality, security, and origin

B.

Architecture, hardware, and firmware

C.

Data quality, provenance, and scaling

D.

Distributed, agile, and bench testing

Question 63

Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/internet Protocol (TCP/IP) traffic?

Options:

A.

Stateful inspection firewall

B.

Application-level firewall

C.

Content-filtering proxy

D.

Packet-filter firewall

Question 64

A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed

to have gratuitous Address Resolution Protocol (ARP) disabled.

Why did the network architect likely design the VoIP system with gratuitous ARP disabled?

Options:

A.

Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1.

B.

Gratuitous ARP requires the use of insecure layer 3 protocols.

C.

Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone.

D.

Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

Question 65

Which of the following is a characteristic of an internal audit?

Options:

A.

An internal audit is typically shorter in duration than an external audit.

B.

The internal audit schedule is published to the organization well in advance.

C.

The internal auditor reports to the Information Technology (IT) department

D.

Management is responsible for reading and acting upon the internal audit results

Question 66

In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to

production programs?

Options:

A.

Modifying source code without approval

B.

Promoting programs to production without approval

C.

Developers checking out source code without approval

D.

Developers using Rapid Application Development (RAD) methodologies without approval

Question 67

The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.

Which elements are required?

Options:

A.

Users, permissions, operations, and protected objects

B.

Roles, accounts, permissions, and protected objects

C.

Users, roles, operations, and protected objects

D.

Roles, operations, accounts, and protected objects

Question 68

In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?

Options:

A.

The second of two routers can periodically check in to make sure that the first router is operational.

B.

The second of two routers can better absorb a Denial of Service (DoS) attack knowing the first router is

present.

C.

The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly.

D.

The first of two routers can better handle specific traffic, while the second handles the rest of the traffic

seamlessly.

Question 69

Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

Options:

A.

undergo a security assessment as part of authorization process

B.

establish a risk management strategy

C.

harden the hosting server, and perform hosting and application vulnerability scans

D.

establish policies and procedures on system and services acquisition

Question 70

Which security modes is MOST commonly used in a commercial environment because it protects the integrity

of financial and accounting data?

Options:

A.

Biba

B.

Graham-Denning

C.

Clark-Wilson

D.

Beil-LaPadula

Question 71

Which of the following is the MOST effective practice in managing user accounts when an employee is terminated?

Options:

A.

Implement processes for automated removal of access for terminated employees.

B.

Delete employee network and system IDs upon termination.

C.

Manually remove terminated employee user-access to all systems and applications.

D.

Disable terminated employee network ID to remove all access.

Question 72

A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this

happening again?

Options:

A.

Define additional security controls directly after the merger

B.

Include a procurement officer in the merger team

C.

Verify all contracts before a merger occurs

D.

Assign a compliancy officer to review the merger conditions

Question 73

Which of the following is the BEST metric to obtain when gaining support for an Identify and Access

Management (IAM) solution?

Options:

A.

Application connection successes resulting in data leakage

B.

Administrative costs for restoring systems after connection failure

C.

Employee system timeouts from implementing wrong limits

D.

Help desk costs required to support password reset requests

Question 74

Which of the following entails identification of data and links to business processes, applications, and data

stores as well as assignment of ownership responsibilities?

Options:

A.

Security governance

B.

Risk management

C.

Security portfolio management

D.

Risk assessment

Question 75

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

Options:

A.

System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements

B.

Data stewardship roles, data handling and storage standards, data lifecycle requirements

C.

Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements

D.

System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

Question 76

Which of the following is an initial consideration when developing an information security management system?

Options:

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Question 77

When implementing a data classification program, why is it important to avoid too much granularity?

Options:

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Question 78

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

Options:

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Question 79

In a data classification scheme, the data is owned by the

Options:

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Question 80

Which of the following BEST describes the responsibilities of a data owner?

Options:

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Question 81

Which one of the following affects the classification of data?

Options:

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Question 82

Which of the following is MOST important when assigning ownership of an asset to a department?

Options:

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Question 83

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Options:

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Question 84

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Options:

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Question 85

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Options:

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Question 86

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Options:

A.

After the system preliminary design has been developed and the data security categorization has been performed

B.

After the vulnerability analysis has been performed and before the system detailed design begins

C.

After the system preliminary design has been developed and before the data security categorization begins

D.

After the business functional analysis and the data security categorization have been performed

Question 87

What is the BEST approach to addressing security issues in legacy web applications?

Options:

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

Question 88

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Options:

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Question 89

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Options:

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Question 90

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Options:

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

Question 91

Which of the following will have the MOST influence on the definition and creation of data classification and data ownership policies?

Options:

A.

Data access control policies

B.

Threat modeling

C.

Common Criteria (CC)

D.

Business Impact Analysis (BIA)

Question 92

Which of the following statements is TRUE regarding equivalence class testing?

Options:

A.

Test inputs are obtained from the derived boundaries of the given functional specifications.

B.

It is characterized by the stateless behavior of a process implemented in a function.

C.

An entire partition can be covered by considering only one representative value from that partition.

D.

It is useful for testing communications protocols and graphical user interfaces.

Question 93

Which of the following BEST describes how access to a system is granted to federated user accounts?

Options:

A.

With the federation assurance level

B.

Based on defined criteria by the Relying Party (RP)

C.

Based on defined criteria by the Identity Provider (IdP)

D.

With the identity assurance level

Question 94

Which of the following is the MOST significant benefit to implementing a third-party federated identity architecture?

Options:

A.

Attribute assertions as agencies can request a larger set of attributes to fulfill service delivery

B.

Data decrease related to storing personal information

C.

Reduction in operational costs to the agency

D.

Enable business objectives so departments can focus on mission rather than the business of identity management

Question 95

An organization wants to enable uses to authenticate across multiple security domains. To accomplish this they have decided to use Federated Identity Management (F1M). Which of the following is used behind the scenes in a FIM deployment?

Options:

A.

Standard Generalized Markup Language (SGML)

B.

Extensible Markup Language (XML)

C.

Security Assertion Markup Language (SAML)

D.

Transaction Authority Markup Language (XAML)

Question 96

What is maintained by using write blocking devices whan forensic evidence is examined?

Options:

A.

Inventory

B.

lntegrity

C.

Confidentiality

D.

Availability

Question 97

Which attack defines a piece of code that is inserted into software to trigger a malicious function?

Options:

A.

Phishing

B.

Salami

C.

Back door

D.

Logic bomb

Question 98

Which of the following techniques BEST prevents buffer overflows?

Options:

A.

Boundary and perimeter offset

B.

Character set encoding

C.

Code auditing

D.

Variant type and bit length

Question 99

Physical assets defined in an organization’s Business Impact Analysis (BIA) could include which of the following?

Options:

A.

Personal belongings of organizational staff members

B.

Supplies kept off-site at a remote facility

C.

Cloud-based applications

D.

Disaster Recovery (DR) line-item revenues

Question 100

What is the PRIMARY purpose for an organization to conduct a security audit?

Options:

A.

To ensure the organization is adhering to a well-defined standard

B.

To ensure the organization is applying security controls to mitigate identified risks

C.

To ensure the organization is configuring information systems efficiently

D.

To ensure the organization is documenting findings

Question 101

A corporate security policy specifies that all devices on the network must have updated operating system patches and anti-malware software. Which technology should be used to enforce this policy?

Options:

A.

Network Address Translation (NAT)

B.

Stateful Inspection

C.

Packet filtering

D.

Network Access Control (NAC)

Question 102

Which of the following is the PRIMARY risk associated with Extensible Markup Language (XML) applications?

Options:

A.

Users can manipulate the code.

B.

The stack data structure cannot be replicated.

C.

The stack data structure is repetitive.

D.

Potential sensitive data leakage.

Question 103

Utilizing a public wireless Local Area network (WLAN) to connect to a private network should be done only in which of the following situations?

Options:

A.

Extensible Authentication Protocol (EAP) is utilized to authenticate the user.

B.

The client machine has a personal firewall and utilizes a Virtual Private Network (VPN) to connect to the network.

C.

The client machine has antivirus software and has been seamed to determine if unauthorized ports are open.

D.

The wireless Access Point (AP) is placed in the internal private network.

Question 104

Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

Options:

A.

The monetary value of the asset

B.

The controls implemented on the asset

C.

The physical form factor of the asset

D.

The classification of the data on the asset

Question 105

Why would a security architect specify that a default route pointing to a sinkhole be

injected into internal networks?

Options:

A.

To have firewalls route all network traffic

B.

To detect the traffic destined to non-existent network destinations

C.

To exercise authority over the network department

D.

To re-inject the route into external networks

Question 106

Which of the following attacks, if successful, could give an intruder complete control of a software-defined networking (SDN) architecture?

Options:

A.

Sniffing the traffic of a compromised host inside the network

B.

Sending control messages to open a flow that does not pass a firewall from a compromised host within the network

C.

A brute force password attack on the Secure Shell (SSH) port of the controller

D.

Remote Authentication Dial-In User Service (RADIUS) token replay attack

Question 107

A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the

FIRST Software Development Life Cycle (SDLC) phase where this takes place?

Options:

A.

Design

B.

Test

C.

Development

D.

Deployment

Question 108

During a penetration test, what are the three PRIMARY objectives of the planning phase?

Options:

A.

Determine testing goals, identify rules of engagement, and conduct an initial discovery scan.

B.

Finalize management approval, determine testing goals, and gather port and service information.

C.

Identify rules of engagement, finalize management approval, and determine testing goals.

D.

Identify rules of engagement, document management approval, and collect system and application information.

Question 109

The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate future occurrences?

Options:

A.

Encrypt disks on personal laptops.

B.

Issue cable locks for use on personal laptops.

C.

Create policies addressing critical information on personal laptops.

D.

Monitor personal laptops for critical information.

Question 110

Which algorithm gets its security from the difficulty of calculating discrete logarithms in a finite field and is used to distribute keys, but cannot be used to encrypt or decrypt messages?

Options:

A.

Diffie-Hellman

B.

Digital Signature Algorithm (DSA)

C.

Rivest-Shamir-Adleman (RSA)

D.

Kerberos

Question 111

Which of the following is the MOST effective preventative method to identify security flaws in software?

Options:

A.

Monitor performance in production environments.

B.

Perform a structured code review.

C.

Perform application penetration testing.

D.

Use automated security vulnerability testing tods.

Question 112

Which audit type is MOST appropriate for evaluating the effectiveness of a security program?

Options:

A.

Threat

B.

Assessment

C.

Analysis

D.

Validation

Question 113

A corporation does not have a formal data destruction policy. During which phase of a criminal legal proceeding will this have the MOST impact?

Options:

A.

Arraignment

B.

Trial

C.

Sentencing

D.

Discovery

Question 114

A malicious user gains access to unprotected directories on a web server. Which of the following is MOST likely the cause for this information disclosure?

Options:

A.

Security misconfiguration

B.

Cross-site request forgery (CSRF)

C.

Structured Query Language injection (SQLi)

D.

Broken authentication management

Question 115

Which of the following is a risk matrix?

Options:

A.

A database of risks associated with a specific information system.

B.

A table of risk management factors for management to consider.

C.

A two-dimensional picture of risk for organizations, products, projects, or other items of interest.

D.

A tool for determining risk management decisions for an activity or system.

Question 116

When are security requirements the LEAST expensive to implement?

Options:

A.

When identified by external consultants

B.

During the application rollout phase

C.

During each phase of the project cycle

D.

When built into application design

Question 117

A firm within the defense industry has been directed to comply with contractual requirements for encryption of a government client’s Controlled Unclassified Information (CUI). What encryption strategy represents how to protect data at rest in the MOST efficient and cost-effective manner?

Options:

A.

Perform physical separation of program information and encrypt only information deemed critical by the defense client

B.

Perform logical separation of program information, using virtualized storage solutions with built-in encryption at the virtualization layer

C.

Perform logical separation of program information, using virtualized storage solutions with encryption management in the back-end disk systems

D.

Implement data at rest encryption across the entire storage area network (SAN)

Question 118

Physical Access Control Systems (PACS) allow authorized security personnel to manage and monitor access control for subjects through which function?

Options:

A.

Remote access administration

B.

Personal Identity Verification (PIV)

C.

Access Control List (ACL)

D.

Privileged Identity Management (PIM)

Question 119

A security practitioner needs to implementation solution to verify endpoint security protections and operating system (0S) versions. Which of the following is the BEST solution to implement?

Options:

A.

An intrusion prevention system (IPS)

B.

An intrusion prevention system (IPS)

C.

Network Access Control (NAC)

D.

A firewall

Question 120

A systems engineer is designing a wide area network (WAN) environment for a new organization. The WAN will connect sites holding information at various levels of sensitivity, from publicly available to highly confidential. The organization requires a high degree of interconnectedness to support existing business processes. What is the

BEST design approach to securing this environment?

Options:

A.

Place firewalls around critical devices, isolating them from the rest of the environment.

B.

Layer multiple detective and preventative technologies at the environment perimeter.

C.

Use reverse proxies to create a secondary "shadow" environment for critical systems.

D.

Align risk across all interconnected elements to ensure critical threats are detected and handled.

Question 121

Which of the following could cause a Denial of Service (DoS) against an authentication system?

Options:

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Question 122

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Options:

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Question 123

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Options:

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Question 124

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

Options:

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Question 125

In which of the following programs is it MOST important to include the collection of security process data?

Options:

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Question 126

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Options:

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Question 127

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Options:

A.

Development, testing, and deployment

B.

Prevention, detection, and remediation

C.

People, technology, and operations

D.

Certification, accreditation, and monitoring

Question 128

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

Options:

A.

Ensure the fire prevention and detection systems are sufficient to protect personnel

B.

Review the architectural plans to determine how many emergency exits are present

C.

Conduct a gap analysis of a new facilities against existing security requirements

D.

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Question 129

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Options:

A.

Only when assets are clearly defined

B.

Only when standards are defined

C.

Only when controls are put in place

D.

Only procedures are defined

Question 130

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Options:

A.

Application

B.

Storage

C.

Power

D.

Network

Question 131

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Options:

A.

Examine the device for physical tampering

B.

Implement more stringent baseline configurations

C.

Purge or re-image the hard disk drive

D.

Change access codes

Question 132

Intellectual property rights are PRIMARY concerned with which of the following?

Options:

A.

Owner’s ability to realize financial gain

B.

Owner’s ability to maintain copyright

C.

Right of the owner to enjoy their creation

D.

Right of the owner to control delivery method

Question 133

Which of the following represents the GREATEST risk to data confidentiality?

Options:

A.

Network redundancies are not implemented

B.

Security awareness training is not completed

C.

Backup tapes are generated unencrypted

D.

Users have administrative privileges

Question 134

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Options:

A.

Install mantraps at the building entrances

B.

Enclose the personnel entry area with polycarbonate plastic

C.

Supply a duress alarm for personnel exposed to the public

D.

Hire a guard to protect the public area

Question 135

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Options:

A.

Absence of a Business Intelligence (BI) solution

B.

Inadequate cost modeling

C.

Improper deployment of the Service-Oriented Architecture (SOA)

D.

Insufficient Service Level Agreement (SLA)

Question 136

The PRIMARY purpose of a security awareness program is to

Options:

A.

ensure that everyone understands the organization's policies and procedures.

B.

communicate that access to information will be granted on a need-to-know basis.

C.

warn all users that access to all systems will be monitored on a daily basis.

D.

comply with regulations related to data and information protection.

Question 137

Which of the following is an appropriate source for test data?

Options:

A.

Production data that is secured and maintained only in the production environment.

B.

Test data that has no similarities to production datA.

C.

Test data that is mirrored and kept up-to-date with production datA.

D.

Production data that has been sanitized before loading into a test environment.

Question 138

Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

Options:

A.

It uses a Subscriber Identity Module (SIM) for authentication.

B.

It uses encrypting techniques for all communications.

C.

The radio spectrum is divided with multiple frequency carriers.

D.

The signal is difficult to read as it provides end-to-end encryption.

Question 139

Internet Protocol (IP) source address spoofing is used to defeat

Options:

A.

address-based authentication.

B.

Address Resolution Protocol (ARP).

C.

Reverse Address Resolution Protocol (RARP).

D.

Transmission Control Protocol (TCP) hijacking.

Question 140

What security management control is MOST often broken by collusion?

Options:

A.

Job rotation

B.

Separation of duties

C.

Least privilege model

D.

Increased monitoring

Question 141

Which of the following is the FIRST step of a penetration test plan?

Options:

A.

Analyzing a network diagram of the target network

B.

Notifying the company's customers

C.

Obtaining the approval of the company's management

D.

Scheduling the penetration test during a period of least impact

Question 142

Multi-threaded applications are more at risk than single-threaded applications to

Options:

A.

race conditions.

B.

virus infection.

C.

packet sniffing.

D.

database injection.

Question 143

Who must approve modifications to an organization's production infrastructure configuration?

Options:

A.

Technical management

B.

Change control board

C.

System operations

D.

System users

Question 144

When transmitting information over public networks, the decision to encrypt it should be based on

Options:

A.

the estimated monetary value of the information.

B.

whether there are transient nodes relaying the transmission.

C.

the level of confidentiality of the information.

D.

the volume of the information.

Question 145

When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

Options:

A.

hardened building construction with consideration of seismic factors.

B.

adequate distance from and lack of access to adjacent buildings.

C.

curved roads approaching the data center.

D.

proximity to high crime areas of the city.

Question 146

What is the ultimate objective of information classification?

Options:

A.

To assign responsibility for mitigating the risk to vulnerable systems

B.

To ensure that information assets receive an appropriate level of protection

C.

To recognize that the value of any item of information may change over time

D.

To recognize the optimal number of classification categories and the benefits to be gained from their use

Question 147

When implementing controls in a heterogeneous end-point network for an organization, it is critical that

Options:

A.

hosts are able to establish network communications.

B.

users can make modifications to their security software configurations.

C.

common software security components be implemented across all hosts.

D.

firewalls running on each host are fully customizable by the user.

Question 148

What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?

Options:

A.

Evaluating the efficiency of the plan

B.

Identifying the benchmark required for restoration

C.

Validating the effectiveness of the plan

D.

Determining the Recovery Time Objective (RTO)

Question 149

Which of the following is an essential element of a privileged identity lifecycle management?

Options:

A.

Regularly perform account re-validation and approval

B.

Account provisioning based on multi-factor authentication

C.

Frequently review performed activities and request justification

D.

Account information to be provided by supervisor or line manager

Question 150

An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

Options:

A.

A dictionary attack

B.

A Denial of Service (DoS) attack

C.

A spoofing attack

D.

A backdoor installation

Page: 1 / 149
Total 1487 questions