Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ISC CISSP Certified Information Systems Security Professional (CISSP) Exam Practice Test

Page: 1 / 149
Total 1487 questions

Certified Information Systems Security Professional (CISSP) Questions and Answers

Question 1

Which of the following is an initial consideration when developing an information security management system?

Options:

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Question 2

Which one of the following affects the classification of data?

Options:

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Question 3

Which of the following BEST describes the responsibilities of a data owner?

Options:

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Question 4

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

Options:

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Question 5

Which of the following is MOST important when assigning ownership of an asset to a department?

Options:

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Question 6

When implementing a data classification program, why is it important to avoid too much granularity?

Options:

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Question 7

In a data classification scheme, the data is owned by the

Options:

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Question 8

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Options:

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Question 9

Intellectual property rights are PRIMARY concerned with which of the following?

Options:

A.

Owner’s ability to realize financial gain

B.

Owner’s ability to maintain copyright

C.

Right of the owner to enjoy their creation

D.

Right of the owner to control delivery method

Question 10

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Options:

A.

Examine the device for physical tampering

B.

Implement more stringent baseline configurations

C.

Purge or re-image the hard disk drive

D.

Change access codes

Question 11

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Options:

A.

Install mantraps at the building entrances

B.

Enclose the personnel entry area with polycarbonate plastic

C.

Supply a duress alarm for personnel exposed to the public

D.

Hire a guard to protect the public area

Question 12

Which of the following represents the GREATEST risk to data confidentiality?

Options:

A.

Network redundancies are not implemented

B.

Security awareness training is not completed

C.

Backup tapes are generated unencrypted

D.

Users have administrative privileges

Question 13

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Options:

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Question 14

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Options:

A.

Development, testing, and deployment

B.

Prevention, detection, and remediation

C.

People, technology, and operations

D.

Certification, accreditation, and monitoring

Question 15

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Options:

A.

Application

B.

Storage

C.

Power

D.

Network

Question 16

What is the purpose of an Internet Protocol (IP) spoofing attack?

Options:

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Question 17

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Options:

A.

Transport layer

B.

Application layer

C.

Network layer

D.

Session layer

Question 18

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

Options:

A.

WEP uses a small range Initialization Vector (IV)

B.

WEP uses Message Digest 5 (MD5)

C.

WEP uses Diffie-Hellman

D.

WEP does not use any Initialization Vector (IV)

Question 19

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Options:

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Question 20

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

Options:

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches

Question 21

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Options:

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

Question 22

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

Options:

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

Question 23

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Options:

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

Question 24

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Options:

A.

Link layer

B.

Physical layer

C.

Session layer

D.

Application layer

Question 25

Which of the following is the FIRST step in the incident response process?

Options:

A.

Determine the cause of the incident

B.

Disconnect the system involved from the network

C.

Isolate and contain the system involved

D.

Investigate all symptoms to confirm the incident

Question 26

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Options:

A.

Walkthrough

B.

Simulation

C.

Parallel

D.

White box

Question 27

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Options:

A.

Hardware and software compatibility issues

B.

Applications’ critically and downtime tolerance

C.

Budget constraints and requirements

D.

Cost/benefit analysis and business objectives

Question 28

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Options:

A.

Absence of a Business Intelligence (BI) solution

B.

Inadequate cost modeling

C.

Improper deployment of the Service-Oriented Architecture (SOA)

D.

Insufficient Service Level Agreement (SLA)

Question 29

Which of the following is a PRIMARY advantage of using a third-party identity service?

Options:

A.

Consolidation of multiple providers

B.

Directory synchronization

C.

Web based logon

D.

Automated account management

Question 30

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

Options:

A.

Disable all unnecessary services

B.

Ensure chain of custody

C.

Prepare another backup of the system

D.

Isolate the system from the network

Question 31

Which of the following could cause a Denial of Service (DoS) against an authentication system?

Options:

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Question 32

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Options:

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Question 33

In which of the following programs is it MOST important to include the collection of security process data?

Options:

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Question 34

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

Options:

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Question 35

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Options:

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Question 36

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Options:

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Question 37

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Options:

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Question 38

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Options:

A.

After the system preliminary design has been developed and the data security categorization has been performed

B.

After the vulnerability analysis has been performed and before the system detailed design begins

C.

After the system preliminary design has been developed and before the data security categorization begins

D.

After the business functional analysis and the data security categorization have been performed

Question 39

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Options:

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

Question 40

What is the BEST approach to addressing security issues in legacy web applications?

Options:

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

Question 41

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Options:

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Question 42

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Options:

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Question 43

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

Options:

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Question 44

Who in the organization is accountable for classification of data information assets?

Options:

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Question 45

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Options:

A.

Implementation Phase

B.

Initialization Phase

C.

Cancellation Phase

D.

Issued Phase

Question 46

When building a data classification scheme, which of the following is the PRIMARY concern?

Options:

A.

Purpose

B.

Cost effectiveness

C.

Availability

D.

Authenticity

Question 47

When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?

Options:

A.

Into the options field

B.

Between the delivery header and payload

C.

Between the source and destination addresses

D.

Into the destination address

Question 48

Which of the following information MUST be provided for user account provisioning?

Options:

A.

Full name

B.

Unique identifier

C.

Security question

D.

Date of birth

Question 49

Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

Options:

A.

Provide vulnerability reports to management.

B.

Validate vulnerability remediation activities.

C.

Prevent attackers from discovering vulnerabilities.

D.

Remediate known vulnerabilities.

Question 50

A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

Options:

A.

Ignore the request and do not perform the change.

B.

Perform the change as requested, and rely on the next audit to detect and report the situation.

C.

Perform the change, but create a change ticket regardless to ensure there is complete traceability.

D.

Inform the audit committee or internal audit directly using the corporate whistleblower process.

Question 51

In which identity management process is the subject’s identity established?

Options:

A.

Trust

B.

Provisioning

C.

Authorization

D.

Enrollment

Question 52

Which of the following is a remote access protocol that uses a static authentication?

Options:

A.

Point-to-Point Tunneling Protocol (PPTP)

B.

Routing Information Protocol (RIP)

C.

Password Authentication Protocol (PAP)

D.

Challenge Handshake Authentication Protocol (CHAP)

Question 53

Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?

Options:

A.

Delete every file on each drive.

B.

Destroy the partition table for each drive using the command line.

C.

Degauss each drive individually.

D.

Perform multiple passes on each drive using approved formatting methods.

Question 54

An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred?

Options:

A.

Denial of Service (DoS) attack

B.

Address Resolution Protocol (ARP) spoof

C.

Buffer overflow

D.

Ping flood attack

Question 55

Reciprocal backup site agreements are considered to be

Options:

A.

a better alternative than the use of warm sites.

B.

difficult to test for complex systems.

C.

easy to implement for similar types of organizations.

D.

easy to test and implement for complex systems.

Question 56

Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?

Options:

A.

Temporal Key Integrity Protocol (TKIP)

B.

Secure Hash Algorithm (SHA)

C.

Secure Shell (SSH)

D.

Transport Layer Security (TLS)

Question 57

Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

Options:

A.

Length of Initialization Vector (IV)

B.

Protection against message replay

C.

Detection of message tampering

D.

Built-in provision to rotate keys

Question 58

In configuration management, what baseline configuration information MUST be maintained for each computer system?

Options:

A.

Operating system and version, patch level, applications running, and versions.

B.

List of system changes, test reports, and change approvals

C.

Last vulnerability assessment report and initial risk assessment report

D.

Date of last update, test report, and accreditation certificate

Question 59

An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?

Options:

A.

Third-party vendor with access to the system

B.

System administrator access compromised

C.

Internal attacker with access to the system

D.

Internal user accidentally accessing data

Question 60

Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?

Options:

A.

It must be known to both sender and receiver.

B.

It can be transmitted in the clear as a random number.

C.

It must be retained until the last block is transmitted.

D.

It can be used to encrypt and decrypt information.

Question 61

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Options:

A.

Derived credential

B.

Temporary security credential

C.

Mobile device credentialing service

D.

Digest authentication

Question 62

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

Options:

A.

Limit access to predefined queries

B.

Segregate the database into a small number of partitions each with a separate security level

C.

Implement Role Based Access Control (RBAC)

D.

Reduce the number of people who have access to the system for statistical purposes

Question 63

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Options:

A.

Audit logs

B.

Role-Based Access Control (RBAC)

C.

Two-factor authentication

D.

Application of least privilege

Question 64

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Options:

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

Question 65

Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) confidentiality category?

Options:

A.

Data processing

B.

Storage encryption

C.

File hashing

D.

Data retention policy

Question 66

In systems security engineering, what does the security principle of modularity provide?

Options:

A.

Documentation of functions

B.

Isolated functions and data

C.

Secure distribution of programs and data

D.

Minimal access to perform a function

Question 67

Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation's (GDPR)?

Options:

A.

For the establishment, exercise, or defense of legal claims

B.

The personal data has been lawfully processed and collected

C.

The personal data remains necessary to the purpose for which it was collected

D.

For the reasons of private interest

Question 68

A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied.

The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?

Options:

A.

Server environment

B.

Desktop environment

C.

Lower environment

D.

Production environment

Question 69

Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?

Options:

A.

Host-based intrusion prevention system (HIPS)

B.

Access control list (ACL)

C.

File integrity monitoring (FIM)

D.

Data loss prevention (DLP)

Question 70

Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?

Options:

A.

Disaster

B.

Catastrophe

C.

Crisis

D.

Accident

Question 71

A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy?

Options:

A.

Hybrid frequency band, service set identifier (SSID), and interpolation

B.

Performance, geographic location, and radio signal interference

C.

Facility size, intermodulation, and direct satellite service

D.

Existing client devices, manufacturer reputation, and electrical interference

Question 72

What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?

Options:

A.

Identifies which security patches still need to be installed on the system

B.

Stops memory resident viruses from propagating their payload

C.

Reduces the risk of polymorphic viruses from encrypting their payload

D.

Helps prevent certain exploits that store code in buffers

Question 73

Which of the following is included in the Global System for Mobile Communications (GSM) security framework?

Options:

A.

Public-Key Infrastructure (PKI)

B.

Symmetric key cryptography

C.

Digital signatures

D.

Biometric authentication

Question 74

While performing a security review for a new product, an information security professional discovers that the organization's product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?

Options:

A.

Customer identifiers should be a variant of the user’s government-issued ID number.

B.

Customer identifiers that do not resemble the user’s government-issued ID number should be used.

C.

Customer identifiers should be a cryptographic hash of the user's government-issued ID number.

D.

Customer identifiers should be a variant of the user’s name, for example, “jdoe” or “john.doe.”

Question 75

What is the PRIMARY objective of the post-incident phase of the incident response process in the security operations center (SOC)?

Options:

A.

improve the IR process.

B.

Communicate the IR details to the stakeholders.

C.

Validate the integrity of the IR.

D.

Finalize the IR.

Question 76

Why MUST a Kerberos server be well protected from unauthorized access?

Options:

A.

It contains the keys of all clients.

B.

It always operates at root privilege.

C.

It contains all the tickets for services.

D.

It contains the Internet Protocol (IP) address of all network entities.

Question 77

The PRIMARY purpose of a security awareness program is to

Options:

A.

ensure that everyone understands the organization's policies and procedures.

B.

communicate that access to information will be granted on a need-to-know basis.

C.

warn all users that access to all systems will be monitored on a daily basis.

D.

comply with regulations related to data and information protection.

Question 78

An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

Options:

A.

A dictionary attack

B.

A Denial of Service (DoS) attack

C.

A spoofing attack

D.

A backdoor installation

Question 79

The stringency of an Information Technology (IT) security assessment will be determined by the

Options:

A.

system's past security record.

B.

size of the system's database.

C.

sensitivity of the system's datA.

D.

age of the system.

Question 80

When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?

Options:

A.

Create a user profile.

B.

Create a user access matrix.

C.

Develop an Access Control List (ACL).

D.

Develop a Role Based Access Control (RBAC) list.

Question 81

The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

Options:

A.

log auditing.

B.

code reviews.

C.

impact assessments.

D.

static analysis.

Question 82

The FIRST step in building a firewall is to

Options:

A.

assign the roles and responsibilities of the firewall administrators.

B.

define the intended audience who will read the firewall policy.

C.

identify mechanisms to encourage compliance with the policy.

D.

perform a risk analysis to identify issues to be addressed.

Question 83

When transmitting information over public networks, the decision to encrypt it should be based on

Options:

A.

the estimated monetary value of the information.

B.

whether there are transient nodes relaying the transmission.

C.

the level of confidentiality of the information.

D.

the volume of the information.

Question 84

Which of the following is a network intrusion detection technique?

Options:

A.

Statistical anomaly

B.

Perimeter intrusion

C.

Port scanning

D.

Network spoofing

Question 85

What maintenance activity is responsible for defining, implementing, and testing updates to application systems?

Options:

A.

Program change control

B.

Regression testing

C.

Export exception control

D.

User acceptance testing

Question 86

Which of the following can BEST prevent security flaws occurring in outsourced software development?

Options:

A.

Contractual requirements for code quality

B.

Licensing, code ownership and intellectual property rights

C.

Certification of the quality and accuracy of the work done

D.

Delivery dates, change management control and budgetary control

Question 87

Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

Options:

A.

It uses a Subscriber Identity Module (SIM) for authentication.

B.

It uses encrypting techniques for all communications.

C.

The radio spectrum is divided with multiple frequency carriers.

D.

The signal is difficult to read as it provides end-to-end encryption.

Question 88

The type of authorized interactions a subject can have with an object is

Options:

A.

control.

B.

permission.

C.

procedure.

D.

protocol.

Question 89

Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Options:

A.

Programs that write to system resources

B.

Programs that write to user directories

C.

Log files containing sensitive information

D.

Log files containing system calls

Question 90

During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?

Options:

A.

A review of hiring policies and methods of verification of new employees

B.

A review of all departmental procedures

C.

A review of all training procedures to be undertaken

D.

A review of all systems by an experienced administrator

Question 91

An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?

Options:

A.

Acceptance of risk by the authorizing official

B.

Remediation of vulnerabilities

C.

Adoption of standardized policies and procedures

D.

Approval of the System Security Plan (SSP)

Question 92

Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique?

Options:

A.

It is useful for testing communications protocols and graphical user interfaces.

B.

It is characterized by the stateless behavior of a process implemented in a function.

C.

Test inputs are obtained from the derived threshold of the given functional specifications.

D.

An entire partition can be covered by considering only one representative value from that partition.

Question 93

Which of the following secures web transactions at the Transport Layer?

Options:

A.

Secure HyperText Transfer Protocol (S-HTTP)

B.

Secure Sockets Layer (SSL)

C.

Socket Security (SOCKS)

D.

Secure Shell (SSH)

Question 94

Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?

Options:

A.

Access based on rules

B.

Access based on user's role

C.

Access determined by the system

D.

Access based on data sensitivity

Question 95

The 802.1x standard provides a framework for what?

Options:

A.

Network authentication for only wireless networks

B.

Network authentication for wired and wireless networks

C.

Wireless encryption using the Advanced Encryption Standard (AES)

D.

Wireless network encryption using Secure Sockets Layer (SSL)

Question 96

What should happen when an emergency change to a system must be performed?

Options:

A.

The change must be given priority at the next meeting of the change control board.

B.

Testing and approvals must be performed quickly.

C.

The change must be performed immediately and then submitted to the change board.

D.

The change is performed and a notation is made in the system log.

Question 97

Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

Options:

A.

Insecure implementation of Application Programming Interfaces (API)

B.

Improper use and storage of management keys

C.

Misconfiguration of infrastructure allowing for unauthorized access

D.

Vulnerabilities within protocols that can expose confidential data

Question 98

Which of the following entities is ultimately accountable for data remanence vulnerabilities with data replicated by a cloud service provider?

Options:

A.

Data owner

B.

Data steward

C.

Data custodian

D.

Data processor

Question 99

Which of the following BEST avoids data remanence disclosure for cloud hosted resources?

Options:

A.

Strong encryption and deletion of the keys after data is deleted.

B.

Strong encryption and deletion of the virtual host after data is deleted.

C.

Software based encryption with two factor authentication.

D.

Hardware based encryption on dedicated physical servers.

Question 100

The MAIN reason an organization conducts a security authorization process is to

Options:

A.

force the organization to make conscious risk decisions.

B.

assure the effectiveness of security controls.

C.

assure the correct security organization exists.

D.

force the organization to enlist management support.

Question 101

The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it

Options:

A.

exploits weak authentication to penetrate networks.

B.

can be detected with signature analysis.

C.

looks like normal network activity.

D.

is commonly confused with viruses or worms.

Question 102

When planning a penetration test, the tester will be MOST interested in which information?

Options:

A.

Places to install back doors

B.

The main network access points

C.

Job application handouts and tours

D.

Exploits that can attack weaknesses

Question 103

Drag the following Security Engineering terms on the left to the BEST definition on the right.

Options:

Question 104

While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

Options:

A.

Retention

B.

Reporting

C.

Recovery

D.

Remediation

Question 105

Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?

Options:

A.

Ineffective data classification

B.

Lack of data access controls

C.

Ineffective identity management controls

D.

Lack of Data Loss Prevention (DLP) tools

Question 106

Refer to the information below to answer the question.

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

In a Bell-LaPadula system, which user cannot write to File 3?

Options:

A.

User A

B.

User B

C.

User C

D.

User D

Question 107

According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

Options:

A.

In-house security administrators

B.

In-house Network Team

C.

Disaster Recovery (DR) Team

D.

External consultants

Question 108

What is the PRIMARY reason for ethics awareness and related policy implementation?

Options:

A.

It affects the workflow of an organization.

B.

It affects the reputation of an organization.

C.

It affects the retention rate of employees.

D.

It affects the morale of the employees.

Question 109

What is the MOST important reason to configure unique user IDs?

Options:

A.

Supporting accountability

B.

Reducing authentication errors

C.

Preventing password compromise

D.

Supporting Single Sign On (SSO)

Question 110

Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following documents explains the proper use of the organization's assets?

Options:

A.

Human resources policy

B.

Acceptable use policy

C.

Code of ethics

D.

Access control policy

Question 111

A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

Options:

A.

Spoofing

B.

Eavesdropping

C.

Man-in-the-middle

D.

Denial of service

Question 112

What is the MOST critical factor to achieve the goals of a security program?

Options:

A.

Capabilities of security resources

B.

Executive management support

C.

Effectiveness of security management

D.

Budget approved for security resources

Question 113

During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

Options:

A.

Immediately call the police

B.

Work with the client to resolve the issue internally

C.

Advise the person performing the illegal activity to cease and desist

D.

Work with the client to report the activity to the appropriate authority

Question 114

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?

Options:

A.

Severity of risk

B.

Complexity of strategy

C.

Frequency of incidents

D.

Ongoing awareness

Question 115

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

Following best practice, where should the permitted access for each department and job classification combination be specified?

Options:

A.

Security procedures

B.

Security standards

C.

Human resource policy

D.

Human resource standards

Question 116

What is the MAIN feature that onion routing networks offer?

Options:

A.

Non-repudiation

B.

Traceability

C.

Anonymity

D.

Resilience

Question 117

The use of proximity card to gain access to a building is an example of what type of security control?

Options:

A.

Legal

B.

Logical

C.

Physical

D.

Procedural

Question 118

Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

Options:

A.

Maintaining an inventory of authorized Access Points (AP) and connecting devices

B.

Setting the radio frequency to the minimum range required

C.

Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator

D.

Verifying that all default passwords have been changed

Question 119

Refer to the information below to answer the question.

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns.

What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?

Options:

A.

Client privilege administration is inherently weaker than server privilege administration.

B.

Client hardening and management is easier on clients than on servers.

C.

Client-based attacks are more common and easier to exploit than server and network based attacks.

D.

Client-based attacks have higher financial impact.

Question 120

During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?

Options:

A.

Encrypt communications between the servers

B.

Encrypt the web server traffic

C.

Implement server-side filtering

D.

Filter outgoing traffic at the perimeter firewall

Question 121

Which of the following security testing strategies is BEST suited for companies with low to moderate security maturity?

Options:

A.

Load Testing

B.

White-box testing

C.

Black -box testing

D.

Performance testing

Question 122

Which of the following is the BEST defense against password guessing?

Options:

A.

Limit external connections to the network.

B.

Disable the account after a limited number of unsuccessful attempts.

C.

Force the password to be changed after an invalid password has been entered.

D.

Require a combination of letters, numbers, and special characters in the password.

Question 123

Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?

Options:

A.

Simplicity of network configuration and network monitoring

B.

Removes the need for decentralized management solutions

C.

Removes the need for dedicated virtual security controls

D.

Simplicity of network configuration and network redundancy

Question 124

Which of the following objects should be removed FIRST prior to uploading code to public code repositories?

Options:

A.

Security credentials

B.

Known vulnerabilities

C.

Inefficient algorithms

D.

Coding mistakes

Question 125

What is the MOST effective way to determine a mission critical asset in an organization?

Options:

A.

Vulnerability analysis

B.

business process analysis

C.

Threat analysis

D.

Business risk analysis

Question 126

Which of the following is a characteristic of the independent testing of a program?

Options:

A.

Independent testing increases the likelihood that a test will expose the effect of a hidden feature.

B.

Independent testing decreases the likelihood that a test will expose the effect of a hidden feature.

C.

Independent testing teams help decrease the cost of creating test data and system design specification.

D.

Independent testing teams help identify functional requirements and Service Level Agreements (SLA)

Question 127

Which of the following should be included in a hardware retention policy?

Which of the following should be included in a hardware retention policy?

Options:

A.

The use of encryption technology to encrypt sensitive data prior to retention

B.

Retention of data for only one week and outsourcing the retention to a third-party vendor

C.

Retention of all sensitive data on media and hardware

D.

A plan to retain data required only for business purposes and a retention schedule

Question 128

Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

Options:

A.

The monetary value of the asset

B.

The controls implemented on the asset

C.

The physical form factor of the asset

D.

The classification of the data on the asset

Question 129

Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?

Options:

A.

Whole device encryption with key escrow

B.

Mobile Device Management (MDMJ with device wipe

C.

Mobile device tracking with geolocation

D.

Virtual Private Network (VPN) with traffic encryption

Question 130

Which of the following is mobile device remote fingerprinting?

Options:

A.

Installing an application to retrieve common characteristics of the device

B.

Storing information about a remote device in a cookie file

C.

Identifying a device based on common characteristics shared by all devices of a certain type

D.

Retrieving the serial number of the mobile device

Question 131

Which of the following will help identify the source internet protocol (IP) address of malware being exected on a computer?

Options:

A.

List of open network connections

B.

Display Transmission Control Protocol/Internet Protocol (TCP/IP) network configuration information.

C.

List of running processes

D.

Display the Address Resolution Protocol (APP) table.

Question 132

Which of the following is the GREATEST security risk associated with the user of identity as a service (IDaaS) when an organization its own software?

Options:

A.

Incompatibility with Federated Identity Management (FIM)

B.

Increased likelihood of confidentiality breach

C.

Denial of access due to reduced availability

D.

Security Assertion Markup Language (SAM) integration

Question 133

What is the most effective form of media sanitization to ensure residual data cannot be retrieved?

Options:

A.

Clearing

B.

Destroying

C.

Purging

D.

Disposal

Question 134

What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?

Options:

A.

Business Impact Analysis (BIA)

B.

Security Assessment Report (SAR)

C.

Plan of Action and Milestones {POA&M)

D.

Security Assessment Plan (SAP)

Question 135

Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?

Options:

A.

Principle of Least Privilege

B.

Principle of Separation of Duty

C.

Principle of Secure Default

D.

principle of Fail Secure

Question 136

A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user’s desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst’s next step?

Options:

A.

Send the log file co-workers for peer review

B.

Include the full network traffic logs in the incident report

C.

Follow organizational processes to alert the proper teams to address the issue.

D.

Ignore data as it is outside the scope of the investigation and the analyst’s role.

Question 137

Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?

Options:

A.

Truncating parts of the data

B.

Applying Access Control Lists (ACL) to the data

C.

Appending non-watermarked data to watermarked data

D.

Storing the data in a database

Question 138

An organization recently conducted a review of the security of its network applications. One of the

vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?

Options:

A.

Diffle-Hellman (DH) algorithm

B.

Elliptic Curve Cryptography (ECC) algorithm

C.

Digital Signature algorithm (DSA)

D.

Rivest-Shamir-Adleman (RSA) algorithm

Question 139

Attack trees are MOST useful for which of the following?

Options:

A.

Determining system security scopes

B.

Generating attack libraries

C.

Enumerating threats

D.

Evaluating Denial of Service (DoS) attacks

Question 140

Who is accountable for the information within an Information System (IS)?

Options:

A.

Security manager

B.

System owner

C.

Data owner

D.

Data processor

Question 141

Which Identity and Access Management (IAM) process can be used to maintain the principle of least

privilege?

Options:

A.

identity provisioning

B.

access recovery

C.

multi-factor authentication (MFA)

D.

user access review

Question 142

Which of the following MUST be in place to recognize a system attack?

Options:

A.

Stateful firewall

B.

Distributed antivirus

C.

Log analysis

D.

Passive honeypot

Question 143

The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data

Options:

A.

through a firewall at the Session layer

B.

through a firewall at the Transport layer

C.

in the Point-to-Point Protocol (PPP)

D.

in the Payload Compression Protocol (PCP)

Question 144

An organization has discovered that users are visiting unauthorized websites using anonymous proxies.

Which of the following is the BEST way to prevent future occurrences?

Options:

A.

Remove the anonymity from the proxy

B.

Analyze Internet Protocol (IP) traffic for proxy requests

C.

Disable the proxy server on the firewall

D.

Block the Internet Protocol (IP) address of known anonymous proxies

Question 145

Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?

Options:

A.

Mutual authentication

B.

Server authentication

C.

User authentication

D.

Streaming ciphertext data

Question 146

Which of the following would an attacker BEST be able to accomplish through the use of Remote Access

Tools (RAT)?

Options:

A.

Reduce the probability of identification

B.

Detect further compromise of the target

C.

Destabilize the operation of the host

D.

Maintain and expand control

Question 147

Which of the following MUST be scalable to address security concerns raised by the integration of third-party

identity services?

Options:

A.

Mandatory Access Controls (MAC)

B.

Enterprise security architecture

C.

Enterprise security procedures

D.

Role Based Access Controls (RBAC)

Question 148

During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL):

http://www.companysite.com/products/products.asp?productid=123 or 1=1

What type of attack does this indicate?

Options:

A.

Directory traversal

B.

Structured Query Language (SQL) injection

C.

Cross-Site Scripting (XSS)

D.

Shellcode injection

Question 149

Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration

Protocol (DHCP).

Which of the following represents a valid measure to help protect the network against unauthorized access?

Options:

A.

Implement path management

B.

Implement port based security through 802.1x

C.

Implement DHCP to assign IP address to server systems

D.

Implement change management

Question 150

Which of the following is considered a secure coding practice?

Options:

A.

Use concurrent access for shared variables and resources

B.

Use checksums to verify the integrity of libraries

C.

Use new code for common tasks

D.

Use dynamic execution functions to pass user supplied data

Page: 1 / 149
Total 1487 questions