Which of the following is an initial consideration when developing an information security management system?
Which one of the following affects the classification of data?
Which of the following BEST describes the responsibilities of a data owner?
An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.
Which contract is BEST in offloading the task from the IT staff?
Which of the following is MOST important when assigning ownership of an asset to a department?
When implementing a data classification program, why is it important to avoid too much granularity?
In a data classification scheme, the data is owned by the
Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?
Intellectual property rights are PRIMARY concerned with which of the following?
Which of the following actions will reduce risk to a laptop before traveling to a high risk area?
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
Which of the following represents the GREATEST risk to data confidentiality?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
What is the purpose of an Internet Protocol (IP) spoofing attack?
In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?
Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?
Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?
An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?
An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?
Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?
Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
Which of the following is the FIRST step in the incident response process?
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?
Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
Which of the following is a PRIMARY advantage of using a third-party identity service?
What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?
Which of the following could cause a Denial of Service (DoS) against an authentication system?
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
In which of the following programs is it MOST important to include the collection of security process data?
A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?
Which of the following is of GREATEST assistance to auditors when reviewing system configurations?
Which of the following is the PRIMARY risk with using open source software in a commercial software construction?
Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?
What is the BEST approach to addressing security issues in legacy web applications?
The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?
Which of the following is the BEST method to prevent malware from being introduced into a production environment?
Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?
Who in the organization is accountable for classification of data information assets?
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
When building a data classification scheme, which of the following is the PRIMARY concern?
When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?
Which of the following information MUST be provided for user account provisioning?
Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?
A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?
In which identity management process is the subject’s identity established?
Which of the following is a remote access protocol that uses a static authentication?
Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?
An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred?
Reciprocal backup site agreements are considered to be
Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?
Which of the following is a weakness of Wired Equivalent Privacy (WEP)?
In configuration management, what baseline configuration information MUST be maintained for each computer system?
An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?
Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?
Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?
Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?
What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?
A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?
Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) confidentiality category?
In systems security engineering, what does the security principle of modularity provide?
Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation's (GDPR)?
A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied.
The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?
Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?
Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?
A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy?
What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?
Which of the following is included in the Global System for Mobile Communications (GSM) security framework?
While performing a security review for a new product, an information security professional discovers that the organization's product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?
What is the PRIMARY objective of the post-incident phase of the incident response process in the security operations center (SOC)?
Why MUST a Kerberos server be well protected from unauthorized access?
The PRIMARY purpose of a security awareness program is to
An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?
The stringency of an Information Technology (IT) security assessment will be determined by the
When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct
The FIRST step in building a firewall is to
When transmitting information over public networks, the decision to encrypt it should be based on
Which of the following is a network intrusion detection technique?
What maintenance activity is responsible for defining, implementing, and testing updates to application systems?
Which of the following can BEST prevent security flaws occurring in outsourced software development?
Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?
The type of authorized interactions a subject can have with an object is
Which of the following is an attacker MOST likely to target to gain privileged access to a system?
During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?
An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?
Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique?
Which of the following secures web transactions at the Transport Layer?
Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?
The 802.1x standard provides a framework for what?
What should happen when an emergency change to a system must be performed?
Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?
Which of the following entities is ultimately accountable for data remanence vulnerabilities with data replicated by a cloud service provider?
Which of the following BEST avoids data remanence disclosure for cloud hosted resources?
The MAIN reason an organization conducts a security authorization process is to
The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it
When planning a penetration test, the tester will be MOST interested in which information?
Drag the following Security Engineering terms on the left to the BEST definition on the right.
While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?
Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?
Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.
In a Bell-LaPadula system, which user cannot write to File 3?
According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?
What is the PRIMARY reason for ethics awareness and related policy implementation?
What is the MOST important reason to configure unique user IDs?
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?
A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?
What is the MOST critical factor to achieve the goals of a security program?
During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?
Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Following best practice, where should the permitted access for each department and job classification combination be specified?
What is the MAIN feature that onion routing networks offer?
The use of proximity card to gain access to a building is an example of what type of security control?
Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?
Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns.
What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?
During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?
Which of the following security testing strategies is BEST suited for companies with low to moderate security maturity?
Which of the following is the BEST defense against password guessing?
Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?
Which of the following objects should be removed FIRST prior to uploading code to public code repositories?
What is the MOST effective way to determine a mission critical asset in an organization?
Which of the following is a characteristic of the independent testing of a program?
Which of the following should be included in a hardware retention policy?
Which of the following should be included in a hardware retention policy?
Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?
Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?
Which of the following is mobile device remote fingerprinting?
Which of the following will help identify the source internet protocol (IP) address of malware being exected on a computer?
Which of the following is the GREATEST security risk associated with the user of identity as a service (IDaaS) when an organization its own software?
What is the most effective form of media sanitization to ensure residual data cannot be retrieved?
What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?
Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?
A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user’s desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst’s next step?
Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?
An organization recently conducted a review of the security of its network applications. One of the
vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?
Attack trees are MOST useful for which of the following?
Who is accountable for the information within an Information System (IS)?
Which Identity and Access Management (IAM) process can be used to maintain the principle of least
privilege?
Which of the following MUST be in place to recognize a system attack?
The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data
An organization has discovered that users are visiting unauthorized websites using anonymous proxies.
Which of the following is the BEST way to prevent future occurrences?
Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?
Which of the following would an attacker BEST be able to accomplish through the use of Remote Access
Tools (RAT)?
Which of the following MUST be scalable to address security concerns raised by the integration of third-party
identity services?
During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL):
http://www.companysite.com/products/products.asp?productid=123 or 1=1
What type of attack does this indicate?
Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration
Protocol (DHCP).
Which of the following represents a valid measure to help protect the network against unauthorized access?
Which of the following is considered a secure coding practice?