Summer Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ISC CISSP Certified Information Systems Security Professional (CISSP) Exam Practice Test

Page: 1 / 149
Total 1486 questions

Certified Information Systems Security Professional (CISSP) Questions and Answers

Question 1

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Options:

A.

Implementation Phase

B.

Initialization Phase

C.

Cancellation Phase

D.

Issued Phase

Question 2

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

Options:

A.

Common Vulnerabilities and Exposures (CVE)

B.

Common Vulnerability Scoring System (CVSS)

C.

Asset Reporting Format (ARF)

D.

Open Vulnerability and Assessment Language (OVAL)

Question 3

Which of the following mobile code security models relies only on trust?

Options:

A.

Code signing

B.

Class authentication

C.

Sandboxing

D.

Type safety

Question 4

The use of private and public encryption keys is fundamental in the implementation of which of the following?

Options:

A.

Diffie-Hellman algorithm

B.

Secure Sockets Layer (SSL)

C.

Advanced Encryption Standard (AES)

D.

Message Digest 5 (MD5)

Question 5

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Options:

A.

Hashing the data before encryption

B.

Hashing the data after encryption

C.

Compressing the data after encryption

D.

Compressing the data before encryption

Question 6

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

Options:

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Question 7

Who in the organization is accountable for classification of data information assets?

Options:

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Question 8

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Options:

A.

Hardware and software compatibility issues

B.

Applications’ critically and downtime tolerance

C.

Budget constraints and requirements

D.

Cost/benefit analysis and business objectives

Question 9

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Options:

A.

Walkthrough

B.

Simulation

C.

Parallel

D.

White box

Question 10

A continuous information security-monitoring program can BEST reduce risk through which of the following?

Options:

A.

Collecting security events and correlating them to identify anomalies

B.

Facilitating system-wide visibility into the activities of critical user accounts

C.

Encompassing people, process, and technology

D.

Logging both scheduled and unscheduled system changes

Question 11

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

Options:

A.

Take the computer to a forensic lab

B.

Make a copy of the hard drive

C.

Start documenting

D.

Turn off the computer

Question 12

When is a Business Continuity Plan (BCP) considered to be valid?

Options:

A.

When it has been validated by the Business Continuity (BC) manager

B.

When it has been validated by the board of directors

C.

When it has been validated by all threat scenarios

D.

When it has been validated by realistic exercises

Question 13

Which of the following is a PRIMARY advantage of using a third-party identity service?

Options:

A.

Consolidation of multiple providers

B.

Directory synchronization

C.

Web based logon

D.

Automated account management

Question 14

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Options:

A.

Continuously without exception for all security controls

B.

Before and after each change of the control

C.

At a rate concurrent with the volatility of the security control

D.

Only during system implementation and decommissioning

Question 15

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?

Options:

A.

Warm site

B.

Hot site

C.

Mirror site

D.

Cold site

Question 16

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Options:

A.

Absence of a Business Intelligence (BI) solution

B.

Inadequate cost modeling

C.

Improper deployment of the Service-Oriented Architecture (SOA)

D.

Insufficient Service Level Agreement (SLA)

Question 17

Which of the following is the FIRST step in the incident response process?

Options:

A.

Determine the cause of the incident

B.

Disconnect the system involved from the network

C.

Isolate and contain the system involved

D.

Investigate all symptoms to confirm the incident

Question 18

A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

Options:

A.

Guaranteed recovery of all business functions

B.

Minimization of the need decision making during a crisis

C.

Insurance against litigation following a disaster

D.

Protection from loss of organization resources

Question 19

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

Options:

A.

Disable all unnecessary services

B.

Ensure chain of custody

C.

Prepare another backup of the system

D.

Isolate the system from the network

Question 20

What is the PRIMARY reason for implementing change management?

Options:

A.

Certify and approve releases to the environment

B.

Provide version rollbacks for system changes

C.

Ensure that all applications are approved

D.

Ensure accountability for changes to the environment

Question 21

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Options:

A.

Install mantraps at the building entrances

B.

Enclose the personnel entry area with polycarbonate plastic

C.

Supply a duress alarm for personnel exposed to the public

D.

Hire a guard to protect the public area

Question 22

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

Options:

A.

Ensure the fire prevention and detection systems are sufficient to protect personnel

B.

Review the architectural plans to determine how many emergency exits are present

C.

Conduct a gap analysis of a new facilities against existing security requirements

D.

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Question 23

Which of the following represents the GREATEST risk to data confidentiality?

Options:

A.

Network redundancies are not implemented

B.

Security awareness training is not completed

C.

Backup tapes are generated unencrypted

D.

Users have administrative privileges

Question 24

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Options:

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Question 25

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Options:

A.

Examine the device for physical tampering

B.

Implement more stringent baseline configurations

C.

Purge or re-image the hard disk drive

D.

Change access codes

Question 26

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Options:

A.

Only when assets are clearly defined

B.

Only when standards are defined

C.

Only when controls are put in place

D.

Only procedures are defined

Question 27

Intellectual property rights are PRIMARY concerned with which of the following?

Options:

A.

Owner’s ability to realize financial gain

B.

Owner’s ability to maintain copyright

C.

Right of the owner to enjoy their creation

D.

Right of the owner to control delivery method

Question 28

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Options:

A.

Application

B.

Storage

C.

Power

D.

Network

Question 29

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Options:

A.

Development, testing, and deployment

B.

Prevention, detection, and remediation

C.

People, technology, and operations

D.

Certification, accreditation, and monitoring

Question 30

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

Options:

A.

Limit access to predefined queries

B.

Segregate the database into a small number of partitions each with a separate security level

C.

Implement Role Based Access Control (RBAC)

D.

Reduce the number of people who have access to the system for statistical purposes

Question 31

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Options:

A.

Derived credential

B.

Temporary security credential

C.

Mobile device credentialing service

D.

Digest authentication

Question 32

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Options:

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

Question 33

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Options:

A.

Audit logs

B.

Role-Based Access Control (RBAC)

C.

Two-factor authentication

D.

Application of least privilege

Question 34

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

Options:

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

Question 35

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Options:

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Question 36

The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?

Options:

A.

Service Level Agreement (SLA)

B.

Business Continuity Plan (BCP)

C.

Business Impact Analysis (BIA)

D.

Crisis management plan

Question 37

Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?

Options:

A.

Read-through

B.

Parallel

C.

Full interruption

D.

Simulation

Question 38

Discretionary Access Control (DAC) restricts access according to

Options:

A.

data classification labeling.

B.

page views within an application.

C.

authorizations granted to the user.

D.

management accreditation.

Question 39

Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?

Options:

A.

Hierarchical inheritance

B.

Dynamic separation of duties

C.

The Clark-Wilson security model

D.

The Bell-LaPadula security model

Question 40

While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

Options:

A.

Retention

B.

Reporting

C.

Recovery

D.

Remediation

Question 41

Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?

Options:

A.

Data at rest encryption

B.

Configuration Management

C.

Integrity checking software

D.

Cyclic redundancy check (CRC)

Question 42

What balance MUST be considered when web application developers determine how informative application error messages should be constructed?

Options:

A.

Risk versus benefit

B.

Availability versus auditability

C.

Confidentiality versus integrity

D.

Performance versus user satisfaction

Question 43

Which of the following restricts the ability of an individual to carry out all the steps of a particular process?

Options:

A.

Job rotation

B.

Separation of duties

C.

Least privilege

D.

Mandatory vacations

Question 44

An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?

Options:

A.

Limits and scope of the testing.

B.

Physical location of server room and wiring closet.

C.

Logical location of filters and concentrators.

D.

Employee directory and organizational chart.

Question 45

Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique?

Options:

A.

It is useful for testing communications protocols and graphical user interfaces.

B.

It is characterized by the stateless behavior of a process implemented in a function.

C.

Test inputs are obtained from the derived threshold of the given functional specifications.

D.

An entire partition can be covered by considering only one representative value from that partition.

Question 46

Discretionary Access Control (DAC) is based on which of the following?

Options:

A.

Information source and destination

B.

Identification of subjects and objects

C.

Security labels and privileges

D.

Standards and guidelines

Question 47

How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?

Options:

A.

Examines log messages or other indications on the system.

B.

Monitors alarms sent to the system administrator

C.

Matches traffic patterns to virus signature files

D.

Examines the Access Control List (ACL)

Question 48

In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?

Options:

A.

Application Layer

B.

Physical Layer

C.

Data-Link Layer

D.

Network Layer

Question 49

Which of the following analyses is performed to protect information assets?

Options:

A.

Business impact analysis

B.

Feasibility analysis

C.

Cost benefit analysis

D.

Data analysis

Question 50

What is the process called when impact values are assigned to the security objectives for information types?

Options:

A.

Qualitative analysis

B.

Quantitative analysis

C.

Remediation

D.

System security categorization

Question 51

Which of the following is a recommended alternative to an integrated email encryption system?

Options:

A.

Sign emails containing sensitive data

B.

Send sensitive data in separate emails

C.

Encrypt sensitive data separately in attachments

D.

Store sensitive information to be sent in encrypted drives

Question 52

Data remanence refers to which of the following?

Options:

A.

The remaining photons left in a fiber optic cable after a secure transmission.

B.

The retention period required by law or regulation.

C.

The magnetic flux created when removing the network connection from a server or personal computer.

D.

The residual information left on magnetic storage media after a deletion or erasure.

Question 53

When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?

Options:

A.

Topology diagrams

B.

Mapping tools

C.

Asset register

D.

Ping testing

Question 54

Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?

Options:

A.

IEEE 802.1F

B.

IEEE 802.1H

C.

IEEE 802.1Q

D.

IEEE 802.1X

Question 55

What is the PRIMARY difference between security policies and security procedures?

Options:

A.

Policies are used to enforce violations, and procedures create penalties

B.

Policies point to guidelines, and procedures are more contractual in nature

C.

Policies are included in awareness training, and procedures give guidance

D.

Policies are generic in nature, and procedures contain operational details

Question 56

Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

Options:

A.

Insecure implementation of Application Programming Interfaces (API)

B.

Improper use and storage of management keys

C.

Misconfiguration of infrastructure allowing for unauthorized access

D.

Vulnerabilities within protocols that can expose confidential data

Question 57

Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

Options:

A.

Provide vulnerability reports to management.

B.

Validate vulnerability remediation activities.

C.

Prevent attackers from discovering vulnerabilities.

D.

Remediate known vulnerabilities.

Question 58

After acquiring the latest security updates, what must be done before deploying to production systems?

Options:

A.

Use tools to detect missing system patches

B.

Install the patches on a test system

C.

Subscribe to notifications for vulnerabilities

D.

Assess the severity of the situation

Question 59

Which of the following is generally indicative of a replay attack when dealing with biometric authentication?

Options:

A.

False Acceptance Rate (FAR) is greater than 1 in 100,000

B.

False Rejection Rate (FRR) is greater than 5 in 100

C.

Inadequately specified templates

D.

Exact match

Question 60

What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

Options:

A.

Integrity

B.

Confidentiality

C.

Accountability

D.

Availability

Question 61

Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?

Options:

A.

Addresses and protocols of network-based logs are analyzed.

B.

Host-based system logging has files stored in multiple locations.

C.

Properly handled network-based logs may be more reliable and valid.

D.

Network-based systems cannot capture users logging into the console.

Question 62

How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)?

Options:

A.

Encrypts and optionally authenticates the IP header, but not the IP payload

B.

Encrypts and optionally authenticates the IP payload, but not the IP header

C.

Authenticates the IP payload and selected portions of the IP header

D.

Encrypts and optionally authenticates the complete IP packet

Question 63

Data leakage of sensitive information is MOST often concealed by which of the following?

Options:

A.

Secure Sockets Layer (SSL)

B.

Secure Hash Algorithm (SHA)

C.

Wired Equivalent Privacy (WEP)

D.

Secure Post Office Protocol (POP)

Question 64

Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

Options:

A.

Transference

B.

Covert channel

C.

Bleeding

D.

Cross-talk

Question 65

In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?

Question # 65

Options:

Question 66

What should happen when an emergency change to a system must be performed?

Options:

A.

The change must be given priority at the next meeting of the change control board.

B.

Testing and approvals must be performed quickly.

C.

The change must be performed immediately and then submitted to the change board.

D.

The change is performed and a notation is made in the system log.

Question 67

Secure Sockets Layer (SSL) encryption protects

Options:

A.

data at rest.

B.

the source IP address.

C.

data transmitted.

D.

data availability.

Question 68

Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

Options:

A.

VPN bandwidth

B.

Simultaneous connection to other networks

C.

Users with Internet Protocol (IP) addressing conflicts

D.

Remote users with administrative rights

Question 69

A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

Options:

A.

Assess vulnerability risk and program effectiveness.

B.

Assess vulnerability risk and business impact.

C.

Disconnect all systems with critical vulnerabilities.

D.

Disconnect systems with the most number of vulnerabilities.

Question 70

What is one way to mitigate the risk of security flaws in custom software?

Options:

A.

Include security language in the Earned Value Management (EVM) contract

B.

Include security assurance clauses in the Service Level Agreement (SLA)

C.

Purchase only Commercial Off-The-Shelf (COTS) products

D.

Purchase only software with no open source Application Programming Interfaces (APIs)

Question 71

In which of the following programs is it MOST important to include the collection of security process data?

Options:

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Question 72

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

Options:

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Question 73

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Options:

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Question 74

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Options:

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Question 75

Which of the following could cause a Denial of Service (DoS) against an authentication system?

Options:

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Question 76

Which of the following is a critical factor for implementing a successful data classification program?

Options:

A.

Executive sponsorship

B.

Information security sponsorship

C.

End-user acceptance

D.

Internal audit acceptance

Question 77

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

Which of the following BEST describes the access control methodology used?

Options:

A.

Least privilege

B.

Lattice Based Access Control (LBAC)

C.

Role Based Access Control (RBAC)

D.

Lightweight Directory Access Control (LDAP)

Question 78

Which of the following describes the concept of a Single Sign -On (SSO) system?

Options:

A.

Users are authenticated to one system at a time.

B.

Users are identified to multiple systems with several credentials.

C.

Users are authenticated to multiple systems with one login.

D.

Only one user is using the system at a time.

Question 79

A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

Options:

A.

Spoofing

B.

Eavesdropping

C.

Man-in-the-middle

D.

Denial of service

Question 80

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

Which of the following will be the PRIMARY security concern as staff is released from the organization?

Options:

A.

Inadequate IT support

B.

Loss of data and separation of duties

C.

Undocumented security controls

D.

Additional responsibilities for remaining staff

Question 81

What is the MOST important reason to configure unique user IDs?

Options:

A.

Supporting accountability

B.

Reducing authentication errors

C.

Preventing password compromise

D.

Supporting Single Sign On (SSO)

Question 82

With data labeling, which of the following MUST be the key decision maker?

Options:

A.

Information security

B.

Departmental management

C.

Data custodian

D.

Data owner

Question 83

Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0 to integrate a third-party identity provider for a service?

Options:

A.

Resource Servers are required to use passwords to authenticate end users.

B.

Revocation of access of some users of the third party instead of all the users from the third party.

C.

Compromise of the third party means compromise of all the users in the service.

D.

Guest users need to authenticate with the third party identity provider.

Question 84

Refer to the information below to answer the question.

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Question # 84

In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four files?

Options:

A.

User A

B.

User B

C.

User C

D.

User D

Question 85

Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?

Options:

A.

Set up a BIOS and operating system password

B.

Encrypt the virtual drive where confidential files can be stored

C.

Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network

D.

Encrypt the entire disk and delete contents after a set number of failed access attempts

Question 86

When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?

Options:

A.

Retain intellectual property rights through contractual wording.

B.

Perform overlapping code reviews by both parties.

C.

Verify that the contractors attend development planning meetings.

D.

Create a separate contractor development environment.

Question 87

According to best practice, which of the following is required when implementing third party software in a production environment?

Options:

A.

Scan the application for vulnerabilities

B.

Contract the vendor for patching

C.

Negotiate end user application training

D.

Escrow a copy of the software

Question 88

What is the PRIMARY reason for ethics awareness and related policy implementation?

Options:

A.

It affects the workflow of an organization.

B.

It affects the reputation of an organization.

C.

It affects the retention rate of employees.

D.

It affects the morale of the employees.

Question 89

Without proper signal protection, embedded systems may be prone to which type of attack?

Options:

A.

Brute force

B.

Tampering

C.

Information disclosure

D.

Denial of Service (DoS)

Question 90

What component of a web application that stores the session state in a cookie an attacker can bypass?

Options:

A.

An initialization check

B.

An identification check

C.

An authentication check

D.

An authorization check

Question 91

Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

Options:

A.

Application monitoring procedures

B.

Configuration control procedures

C.

Security audit procedures

D.

Software patching procedures

Question 92

Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

Options:

A.

Maintaining an inventory of authorized Access Points (AP) and connecting devices

B.

Setting the radio frequency to the minimum range required

C.

Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator

D.

Verifying that all default passwords have been changed

Question 93

What is the MOST critical factor to achieve the goals of a security program?

Options:

A.

Capabilities of security resources

B.

Executive management support

C.

Effectiveness of security management

D.

Budget approved for security resources

Question 94

What is the MAIN feature that onion routing networks offer?

Options:

A.

Non-repudiation

B.

Traceability

C.

Anonymity

D.

Resilience

Question 95

Which of the following is an example of two-factor authentication?

Options:

A.

Retina scan and a palm print

B.

Fingerprint and a smart card

C.

Magnetic stripe card and an ID badge

D.

Password and Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)

Question 96

Refer to the information below to answer the question.

Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.

After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?

Options:

A.

Commercial products often have serious weaknesses of the magnetic force available in the degausser product.

B.

Degausser products may not be properly maintained and operated.

C.

The inability to turn the drive around in the chamber for the second pass due to human error.

D.

Inadequate record keeping when sanitizing mediA.

Question 97

Which of the following is the MOST effective attack against cryptographic hardware modules?

Options:

A.

Plaintext

B.

Brute force

C.

Power analysis

D.

Man-in-the-middle (MITM)

Question 98

A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

Options:

A.

A lack of baseline standards

B.

Improper documentation of security guidelines

C.

A poorly designed security policy communication program

D.

Host-based Intrusion Prevention System (HIPS) policies are ineffective

Question 99

Refer to the information below to answer the question.

Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.

Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?

Options:

A.

Knurling

B.

Grinding

C.

Shredding

D.

Degaussing

Question 100

Identify the component that MOST likely lacks digital accountability related to information access.

Click on the correct device in the image below.

Question # 100

Options:

Question 101

What physical characteristic does a retinal scan biometric device measure?

Options:

A.

The amount of light reflected by the retina

B.

The size, curvature, and shape of the retina

C.

The pattern of blood vessels at the back of the eye

D.

The pattern of light receptors at the back of the eye

Question 102

When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?

Options:

A.

Perform a service provider PCI-DSS assessment on a yearly basis.

B.

Validate the service provider's PCI-DSS compliance status on a regular basis.

C.

Validate that the service providers security policies are in alignment with those of the organization.

D.

Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis.

Question 103

A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as

Options:

A.

least privilege.

B.

rule based access controls.

C.

Mandatory Access Control (MAC).

D.

separation of duties.

Question 104

If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the

Options:

A.

default gateway.

B.

attacker's address.

C.

local interface being attacked.

D.

specified source address.

Question 105

A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?

Options:

A.

Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software.

B.

Use Secure Sockets Layer (SSL) VPN technology.

C.

Use Secure Shell (SSH) with public/private keys.

D.

Require students to purchase home router capable of VPN.

Question 106

If virus infection is suspected, which of the following is the FIRST step for the user to take?

Options:

A.

Unplug the computer from the network.

B.

Save the opened files and shutdown the computer.

C.

Report the incident to service desk.

D.

Update the antivirus to the latest version.

Question 107

If a content management system (CMC) is implemented, which one of the following would occur?

Options:

A.

Developers would no longer have access to production systems

B.

The applications placed into production would be secure

C.

Patching the systems would be completed more quickly

D.

The test and production systems would be running the same software

Question 108

Which of the following BEST ensures the integrity of transactions to intended recipients?

Options:

A.

Public key infrastructure (PKI)

B.

Blockchain technology

C.

Pre-shared key (PSK)

D.

Web of trust

Question 109

Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?

Options:

A.

Focus on operating environments that are changing, evolving, and full of emerging threats.

B.

Secure information technology (IT) systems that store, process, or transmit organizational information.

C.

Enable management to make well-informed risk-based decisions justifying security expenditure.

D.

Provide an improved mission accomplishment approach.

Question 110

Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages?

Options:

A.

Redundant hardware, disk spanning, and patching

B.

Load balancing, power reserves, and disk spanning

C.

Backups, clustering, and power reserves

D.

Clustering, load balancing, and fault-tolerant options

Question 111

What Is a risk of using commercial off-the-shelf (COTS) products?

Options:

A.

COTS products may not map directly to an organization’s security requirements.

B.

COTS products are typically more expensive than developing software in-house.

C.

Cost to implement COTS products is difficult to predict.

D.

Vendors are often hesitant to share their source code.

Question 112

A retail company is looking to start a development project that will utilize open source components in its code for the first time. The development team has already acquired several

‘open source components and utilized them in proof of concept (POC) code. The team recognizes that the legal and operational risks are outweighed by the benefits of open-source

software use. What MUST the organization do next?

Options:

A.

Mandate that all open-source components be approved by the Information Security Manager (ISM).

B.

Scan all open-source components for security vulnerabilities.

C.

Establish an open-source compliance policy.

D.

Require commercial support for all open-source components.

Question 113

The security team plans on using automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with fewest errors when running the audit?

Options:

A.

Removal of service accounts from review

B.

Segregation of Duties (SoD)

C.

Clear provisioning policies

D.

Frequent audits

Question 114

In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below.

Which of the following would be a reasonable annual loss expectation?

Question # 114

Options:

A.

140,000

B.

3,500

C.

350,000

D.

14,000

Question 115

An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third-party information technology (IT) systems. During the due diligence process, the third party provides previous audit report on its IT system.

Which of the following MUST be considered by the organization in order for the audit reports to be acceptable?

Options:

A.

The audit assessment has been conducted by an independent assessor.

B.

The audit reports have been signed by the third-party senior management.

C.

The audit reports have been issued in the last six months.

D.

The audit assessment has been conducted by an international audit firm.

Question 116

Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?

Options:

A.

Quality design principles to ensure quality by design

B.

Policies to validate organization rules

C.

Cyber hygiene to ensure organizations can keep systems healthy

D.

Strong operational security to keep unit members safe

Question 117

A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the

FIRST Software Development Life Cycle (SDLC) phase where this takes place?

Options:

A.

Design

B.

Test

C.

Development

D.

Deployment

Question 118

How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished?

Options:

A.

It uses clear text and firewall rules.

B.

It relies on Virtual Private Networks (VPN).

C.

It uses clear text and shared secret keys.

D.

It relies on asymmetric encryption keys.

Question 119

Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?

Options:

A.

Scheduled team review of coding style and techniques for vulnerability patterns

B.

Using automated programs to test for the latest known vulnerability patterns

C.

The regular use of production code routines from similar applications already in use

D.

Ensure code editing tools are updated against known vulnerability patterns

Question 120

Which layer of the Open systems Interconnection (OSI) model is being targeted in the event of a Synchronization (SYN) flood attack?

Options:

A.

Session

B.

Transport

C.

Network

D.

Presentation

Question 121

Which of the following is the FIRST step during digital identity provisioning?

Options:

A.

Authorizing the entity for resource access

B.

Synchronizing directories

C.

Issuing an initial random password

D.

Creating the entity record with the correct attributes

Question 122

How does security in a distributed file system using mutual authentication differ from file security in a multi-user host?

Options:

A.

Access control can rely on the Operating System (OS), but eavesdropping is

B.

Access control cannot rely on the Operating System (OS), and eavesdropping

C.

Access control can rely on the Operating System (OS), and eavesdropping is

D.

Access control cannot rely on the Operating System (OS), and eavesdropping

Question 123

As a design principle, which one of the following actors is responsible for identifying and approving data security requirements in a cloud ecosystem?

Options:

A.

Cloud broker

B.

Cloud provider

C.

Cloud consumer

D.

Cloud auditor

Question 124

What requirement MUST be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation?

Options:

A.

The auditor must be independent and report directly to the management.

B.

The auditor must utilize automated tools to back their findings.

C.

The auditor must work closely with both the information Technology (IT) and security sections of an organization.

D.

The auditor must perform manual reviews of systems and processes.

Question 125

Which of the following is a peor entity authentication method for Point-to-Point

Protocol (PPP)?

Options:

A.

Challenge Handshake Authentication Protocol (CHAP)

B.

Message Authentication Code (MAC)

C.

Transport Layer Security (TLS) handshake protocol

D.

Challenge-response authentication mechanism

Question 126

Computer forensics require which of the following are MAIN steps?

Options:

A.

Announce the incident to responsible sections, analyze the data, and assimilate the data for correlation

B.

Take action to contain the damage, announce the incident to responsible sections, and analyze the data

C.

Acquire the data without altering, authenticate the recovered data, and analyze the data

D.

Access the data before destruction, assimilate the data for correlation, and take action to contain the damage

Question 127

Which of the following types of hosts should be operating in the demilitarized zone (DMZ)?

Options:

A.

Hosts intended to provide limited access to public resources

B.

Database servers that can provide useful information to the public

C.

Hosts that store unimportant data such as demographical information

D.

File servers containing organizational data

Question 128

Options:

A.

The signer verifies that the software being loaded is the software originated by the signer.

B.

The vendor certifies the software being loaded is free of malicious code and that it was originated by the signer.

C.

The signer verifies that the software being loaded is free of malicious code.

D.

Both vendor and the signer certify the software being loaded is free of malicious code and it was originated by the signer.

Question 129

An organization is planning to have an it audit of its as a Service (SaaS) application to demonstrate to external parties that the security controls around availability are designed. The audit report must also cover a certain period of time to show the operational effectiveness of the controls. Which Service Organization Control (SOC) report would BEST fit their needs?

Options:

A.

SOC 1 Type 1

B.

SOC 1 Type 2

C.

SOC 2 Type 1

D.

SOC 2 Type 2

Question 130

What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?

Options:

A.

Configuration element

B.

Asset register

C.

Ledger item

D.

Configuration item

Question 131

Which change management role is responsible for the overall success of the project and supporting the change throughout the organization?

Options:

A.

Change driver

B.

Change implementer

C.

Program sponsor

D.

Project manager

Question 132

Which is the MOST critical aspect of computer-generated evidence?

Options:

A.

Objectivity

B.

Integrity

C.

Timeliness

D.

Relevancy

Question 133

What is the benefit of using Network Admission Control (NAC)?

Options:

A.

Operating system (OS) versions can be validated prior to allowing network access.

B.

NAC supports validation of the endpoint's security posture prior to allowing the session to go into an authorized state.

C.

NAC can require the use of certificates, passwords, or a combination of both before allowing network admission.

D.

NAC only supports Windows operating systems (OS).

Question 134

Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?

Options:

A.

Principle of Least Privilege

B.

Principle of Separation of Duty

C.

Principle of Secure Default

D.

principle of Fail Secure

Question 135

A company wants to implement two-factor authentication (2FA) to protect their computers from unauthorized users. Which solution provides the MOST secure means of authentication and meets the criteria they have set?

Options:

A.

Username and personal identification number (PIN)

B.

Fingerprint and retinal scanners

C.

Short Message Services (SMS) and smartphone authenticator

D.

Hardware token and password

Question 136

What is the BEST method if an investigator wishes to analyze a hard drive which may be used as evidence?

Options:

A.

Leave the hard drive in place and use only verified and authenticated Operating Systems (OS) utilities ...

B.

Log into the system and immediately make a copy of all relevant files to a Write Once, Read Many ...

C.

Remove the hard drive from the system and make a copy of the hard drive's contents using imaging hardware.

D.

Use a separate bootable device to make a copy of the hard drive before booting the system and analyzing the hard drive.

Question 137

A large organization’s human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?

Options:

A.

Implement a role-based access control (RBAC) system.

B.

Implement identity and access management (IAM) platform.

C.

Implement a Privileged Access Management (PAM) system.

D.

Implement a single sign-on (SSO) platform.

Question 138

A financial services organization has employed a security consultant to review processes used by employees across various teams. The consultant interviewed a member of

the application development practice and found gaps in their threat model. Which of the following correctly represents a trigger for when a threat model should be revised?

Options:

A.

A new data repository is added.

B.

is After operating system (OS) patches are applied

C.

After a modification to the firewall rule policy

D.

A new developer is hired into the team.

Question 139

A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host’s Operating System (OS) was not properly detected.

Where in the vulnerability assessment process did the erra MOST likely occur?

Options:

A.

Detection

B.

Enumeration

C.

Reporting

D.

Discovery

Question 140

Which of the (ISC)? Code of Ethics canons is MOST reflected when preserving the value of systems, applications, and entrusted information while avoiding conflicts of interest?

Options:

A.

Act honorably, honestly, justly, responsibly, and legally.

B.

Protect society, the commonwealth, and the infrastructure.

C.

Provide diligent and competent service to principles.

D.

Advance and protect the profession.

Question 141

Match the name of access control model with its associated restriction.

Drag each access control model to its appropriate restriction access on the right.

Question # 141

Options:

Question 142

An international medical organization with headquarters in the United States (US) and branches in France

wants to test a drug in both countries. What is the organization allowed to do with the test subject’s data?

Options:

A.

Aggregate it into one database in the US

B.

Process it in the US, but store the information in France

C.

Share it with a third party

D.

Anonymize it and process it in the US

Question 143

Which of the following is a characteristic of an internal audit?

Options:

A.

An internal audit is typically shorter in duration than an external audit.

B.

The internal audit schedule is published to the organization well in advance.

C.

The internal auditor reports to the Information Technology (IT) department

D.

Management is responsible for reading and acting upon the internal audit results

Question 144

Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic?

Options:

A.

Application proxy

B.

Port filter

C.

Network boundary router

D.

Access layer switch

Question 145

What Is the FIRST step in establishing an information security program?

Options:

A.

Establish an information security policy.

B.

Identify factors affecting information security.

C.

Establish baseline security controls.

D.

Identify critical security infrastructure.

Question 146

A security practitioner is tasked with securing the organization’s Wireless Access Points (WAP). Which of these is the MOST effective way of restricting this environment to authorized users?

Options:

A.

Enable Wi-Fi Protected Access 2 (WPA2) encryption on the wireless access point

B.

Disable the broadcast of the Service Set Identifier (SSID) name

C.

Change the name of the Service Set Identifier (SSID) to a random value not associated with the organization

D.

Create Access Control Lists (ACL) based on Media Access Control (MAC) addresses

Question 147

Which of the BEST internationally recognized standard for evaluating security products and systems?

Options:

A.

Payment Card Industry Data Security Standards (PCI-DSS)

B.

Common Criteria (CC)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Sarbanes-Oxley (SOX)

Question 148

Who is responsible for the protection of information when it is shared with or provided to other organizations?

Options:

A.

Systems owner

B.

Authorizing Official (AO)

C.

Information owner

D.

Security officer

Question 149

What is the MAIN purpose of a change management policy?

Options:

A.

To assure management that changes to the Information Technology (IT) infrastructure are necessary

B.

To identify the changes that may be made to the Information Technology (IT) infrastructure

C.

To verify that changes to the Information Technology (IT) infrastructure are approved

D.

To determine the necessary for implementing modifications to the Information Technology (IT) infrastructure

Question 150

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

Options:

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Question 151

When developing a business case for updating a security program, the security program owner MUST do

which of the following?

Options:

A.

Identify relevant metrics

B.

Prepare performance test reports

C.

Obtain resources for the security program

D.

Interview executive management

Question 152

Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals?

Options:

A.

Senior management

B.

Information security department

C.

Audit committee

D.

All users

Question 153

At a MINIMUM, audits of permissions to individual or group accounts should be scheduled

Options:

A.

annually

B.

to correspond with staff promotions

C.

to correspond with terminations

D.

continually

Question 154

Which of the following entails identification of data and links to business processes, applications, and data

stores as well as assignment of ownership responsibilities?

Options:

A.

Security governance

B.

Risk management

C.

Security portfolio management

D.

Risk assessment

Question 155

Proven application security principles include which of the following?

Options:

A.

Minimizing attack surface area

B.

Hardening the network perimeter

C.

Accepting infrastructure security controls

D.

Developing independent modules

Question 156

The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.

Which elements are required?

Options:

A.

Users, permissions, operations, and protected objects

B.

Roles, accounts, permissions, and protected objects

C.

Users, roles, operations, and protected objects

D.

Roles, operations, accounts, and protected objects

Question 157

Which of the following is the BEST reason for the use of security metrics?

Options:

A.

They ensure that the organization meets its security objectives.

B.

They provide an appropriate framework for Information Technology (IT) governance.

C.

They speed up the process of quantitative risk assessment.

D.

They quantify the effectiveness of security processes.

Question 158

Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

Options:

A.

Erase

B.

Sanitize

C.

Encrypt

D.

Degauss

Question 159

From a security perspective, which of the following assumptions MUST be made about input to an

application?

Options:

A.

It is tested

B.

It is logged

C.

It is verified

D.

It is untrusted

Question 160

What is the foundation of cryptographic functions?

Options:

A.

Encryption

B.

Cipher

C.

Hash

D.

Entropy

Question 161

What is the PRIMARY role of a scrum master in agile development?

Options:

A.

To choose the primary development language

B.

To choose the integrated development environment

C.

To match the software requirements to the delivery plan

D.

To project manage the software delivery

Question 162

An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses?

Options:

A.

The Data Protection Authority (DPA)

B.

The Cloud Service Provider (CSP)

C.

The application developers

D.

The data owner

Question 163

What protocol is often used between gateway hosts on the Internet?

Options:

A.

Exterior Gateway Protocol (EGP)

B.

Border Gateway Protocol (BGP)

C.

Open Shortest Path First (OSPF)

D.

Internet Control Message Protocol (ICMP)

Question 164

A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed

to have gratuitous Address Resolution Protocol (ARP) disabled.

Why did the network architect likely design the VoIP system with gratuitous ARP disabled?

Options:

A.

Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1.

B.

Gratuitous ARP requires the use of insecure layer 3 protocols.

C.

Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone.

D.

Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

Question 165

Why is planning in Disaster Recovery (DR) an interactive process?

Options:

A.

It details off-site storage plans

B.

It identifies omissions in the plan

C.

It defines the objectives of the plan

D.

It forms part of the awareness process

Question 166

After following the processes defined within the change management plan, a super user has upgraded a

device within an Information system.

What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Options:

A.

Conduct an Assessment and Authorization (A&A)

B.

Conduct a security impact analysis

C.

Review the results of the most recent vulnerability scan

D.

Conduct a gap analysis with the baseline configuration

Question 167

A minimal implementation of endpoint security includes which of the following?

Options:

A.

Trusted platforms

B.

Host-based firewalls

C.

Token-based authentication

D.

Wireless Access Points (AP)

Question 168

An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?

Options:

A.

Perform a compliance review

B.

Perform a penetration test

C.

Train the technical staff

D.

Survey the technical staff

Question 169

Which Identity and Access Management (IAM) process can be used to maintain the principle of least

privilege?

Options:

A.

identity provisioning

B.

access recovery

C.

multi-factor authentication (MFA)

D.

user access review

Question 170

Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

Options:

A.

Transport layer handshake compression

B.

Application layer negotiation

C.

Peer identity authentication

D.

Digital certificate revocation

Question 171

A security compliance manager of a large enterprise wants to reduce the time it takes to perform network,

system, and application security compliance audits while increasing quality and effectiveness of the results.

What should be implemented to BEST achieve the desired results?

Options:

A.

Configuration Management Database (CMDB)

B.

Source code repository

C.

Configuration Management Plan (CMP)

D.

System performance monitoring application

Question 172

Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?

Options:

A.

Triple Data Encryption Standard (3DES)

B.

Advanced Encryption Standard (AES)

C.

Message Digest 5 (MD5)

D.

Secure Hash Algorithm 2(SHA-2)

Question 173

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

Options:

A.

System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements

B.

Data stewardship roles, data handling and storage standards, data lifecycle requirements

C.

Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements

D.

System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

Question 174

Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration

Protocol (DHCP).

Which of the following represents a valid measure to help protect the network against unauthorized access?

Options:

A.

Implement path management

B.

Implement port based security through 802.1x

C.

Implement DHCP to assign IP address to server systems

D.

Implement change management

Question 175

A Security Operations Center (SOC) receives an incident response notification on a server with an active

intruder who has planted a backdoor. Initial notifications are sent and communications are established.

What MUST be considered or evaluated before performing the next step?

Options:

A.

Notifying law enforcement is crucial before hashing the contents of the server hard drive

B.

Identifying who executed the incident is more important than how the incident happened

C.

Removing the server from the network may prevent catching the intruder

D.

Copying the contents of the hard drive to another storage device may damage the evidence

Question 176

Who must approve modifications to an organization's production infrastructure configuration?

Options:

A.

Technical management

B.

Change control board

C.

System operations

D.

System users

Question 177

How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?

Options:

A.

Take another backup of the media in question then delete all irrelevant operating system files.

B.

Create a comparison database of cryptographic hashes of the files from a system with the same operating system and patch level.

C.

Generate a message digest (MD) or secure hash on the drive image to detect tampering of the media being examined.

D.

Discard harmless files for the operating system, and known installed programs.

Question 178

Contingency plan exercises are intended to do which of the following?

Options:

A.

Train personnel in roles and responsibilities

B.

Validate service level agreements

C.

Train maintenance personnel

D.

Validate operation metrics

Question 179

Internet Protocol (IP) source address spoofing is used to defeat

Options:

A.

address-based authentication.

B.

Address Resolution Protocol (ARP).

C.

Reverse Address Resolution Protocol (RARP).

D.

Transmission Control Protocol (TCP) hijacking.

Question 180

Which of the following actions should be performed when implementing a change to a database schema in a production system?

Options:

A.

Test in development, determine dates, notify users, and implement in production

B.

Apply change to production, run in parallel, finalize change in production, and develop a back-out strategy

C.

Perform user acceptance testing in production, have users sign off, and finalize change

D.

Change in development, perform user acceptance testing, develop a back-out strategy, and implement change

Question 181

Which of the following is an essential element of a privileged identity lifecycle management?

Options:

A.

Regularly perform account re-validation and approval

B.

Account provisioning based on multi-factor authentication

C.

Frequently review performed activities and request justification

D.

Account information to be provided by supervisor or line manager

Question 182

Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

Options:

A.

Encrypt and hash all PII to avoid disclosure and tampering.

B.

Store PII for no more than one year.

C.

Avoid storing PII in a Cloud Service Provider.

D.

Adherence to collection limitation laws and regulations.

Question 183

An advantage of link encryption in a communications network is that it

Options:

A.

makes key management and distribution easier.

B.

protects data from start to finish through the entire network.

C.

improves the efficiency of the transmission.

D.

encrypts all information, including headers and routing information.

Question 184

What principle requires that changes to the plaintext affect many parts of the ciphertext?

Options:

A.

Diffusion

B.

Encapsulation

C.

Obfuscation

D.

Permutation

Question 185

What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?

Options:

A.

Ensure that the Incident Response Plan is available and current.

B.

Determine the traffic's initial source and block the appropriate port.

C.

Disable or disconnect suspected target and source systems.

D.

Verify the threat and determine the scope of the attack.

Question 186

Which of the following is ensured when hashing files during chain of custody handling?

Options:

A.

Availability

B.

Accountability

C.

Integrity

D.

Non-repudiation

Question 187

An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to

Options:

A.

encrypt the contents of the repository and document any exceptions to that requirement.

B.

utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.

C.

keep individuals with access to high security areas from saving those documents into lower security areas.

D.

require individuals with access to the system to sign Non-Disclosure Agreements (NDA).

Question 188

Which of the following is the best practice for testing a Business Continuity Plan (BCP)?

Options:

A.

Test before the IT Audit

B.

Test when environment changes

C.

Test after installation of security patches

D.

Test after implementation of system patches

Question 189

The process of mutual authentication involves a computer system authenticating a user and authenticating the

Options:

A.

user to the audit process.

B.

computer system to the user.

C.

user's access to all authorized objects.

D.

computer system to the audit process.

Question 190

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

Options:

A.

Interface with the Public Key Infrastructure (PKI)

B.

Improve the quality of security software

C.

Prevent Denial of Service (DoS) attacks

D.

Establish a secure initial state

Question 191

Which one of the following is a threat related to the use of web-based client side input validation?

Options:

A.

Users would be able to alter the input after validation has occurred

B.

The web server would not be able to validate the input after transmission

C.

The client system could receive invalid input from the web server

D.

The web server would not be able to receive invalid input from the client

Question 192

Which of the following is a potential risk when a program runs in privileged mode?

Options:

A.

It may serve to create unnecessary code complexity

B.

It may not enforce job separation duties

C.

It may create unnecessary application hardening

D.

It may allow malicious code to be inserted

Question 193

In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

Options:

A.

A full-scale simulation of an emergency and the subsequent response functions

B.

A specific test by response teams of individual emergency response functions

C.

A functional evacuation of personnel

D.

An activation of the backup site

Question 194

What is the ultimate objective of information classification?

Options:

A.

To assign responsibility for mitigating the risk to vulnerable systems

B.

To ensure that information assets receive an appropriate level of protection

C.

To recognize that the value of any item of information may change over time

D.

To recognize the optimal number of classification categories and the benefits to be gained from their use

Question 195

The goal of software assurance in application development is to

Options:

A.

enable the development of High Availability (HA) systems.

B.

facilitate the creation of Trusted Computing Base (TCB) systems.

C.

prevent the creation of vulnerable applications.

D.

encourage the development of open source applications.

Question 196

Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

Options:

A.

Data compression

B.

Data classification

C.

Data warehousing

D.

Data validation

Question 197

An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

Options:

A.

A dictionary attack

B.

A Denial of Service (DoS) attack

C.

A spoofing attack

D.

A backdoor installation

Question 198

Which of the following statements is TRUE for point-to-point microwave transmissions?

Options:

A.

They are not subject to interception due to encryption.

B.

Interception only depends on signal strength.

C.

They are too highly multiplexed for meaningful interception.

D.

They are subject to interception by an antenna within proximity.

Question 199

Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

Options:

A.

False Acceptance Rate (FAR)

B.

False Rejection Rate (FRR)

C.

Crossover Error Rate (CER)

D.

Rejection Error Rate

Question 200

The stringency of an Information Technology (IT) security assessment will be determined by the

Options:

A.

system's past security record.

B.

size of the system's database.

C.

sensitivity of the system's datA.

D.

age of the system.

Question 201

What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?

Options:

A.

Evaluating the efficiency of the plan

B.

Identifying the benchmark required for restoration

C.

Validating the effectiveness of the plan

D.

Determining the Recovery Time Objective (RTO)

Question 202

A disadvantage of an application filtering firewall is that it can lead to

Options:

A.

a crash of the network as a result of user activities.

B.

performance degradation due to the rules applied.

C.

loss of packets on the network due to insufficient bandwidth.

D.

Internet Protocol (IP) spoofing by hackers.

Question 203

Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?

Options:

A.

Detection

B.

Prevention

C.

Investigation

D.

Correction

Question 204

The birthday attack is MOST effective against which one of the following cipher technologies?

Options:

A.

Chaining block encryption

B.

Asymmetric cryptography

C.

Cryptographic hash

D.

Streaming cryptography

Question 205

At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted

Options:

A.

monthly.

B.

quarterly.

C.

annually.

D.

bi-annually.

Question 206

A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

Options:

A.

Encryption routines

B.

Random number generator

C.

Obfuscated code

D.

Botnet command and control

Question 207

Copyright provides protection for which of the following?

Options:

A.

Ideas expressed in literary works

B.

A particular expression of an idea

C.

New and non-obvious inventions

D.

Discoveries of natural phenomena

Question 208

Which one of the following transmission media is MOST effective in preventing data interception?

Options:

A.

Microwave

B.

Twisted-pair

C.

Fiber optic

D.

Coaxial cable

Question 209

Which of the following is the FIRST step of a penetration test plan?

Options:

A.

Analyzing a network diagram of the target network

B.

Notifying the company's customers

C.

Obtaining the approval of the company's management

D.

Scheduling the penetration test during a period of least impact

Question 210

The three PRIMARY requirements for a penetration test are

Options:

A.

A defined goal, limited time period, and approval of management

B.

A general objective, unlimited time, and approval of the network administrator

C.

An objective statement, disclosed methodology, and fixed cost

D.

A stated objective, liability waiver, and disclosed methodology

Question 211

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Options:

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Question 212

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Options:

A.

Least privilege

B.

Privilege escalation

C.

Defense in depth

D.

Privilege bracketing

Question 213

What is the BEST approach to addressing security issues in legacy web applications?

Options:

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

Question 214

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Options:

A.

After the system preliminary design has been developed and the data security categorization has been performed

B.

After the vulnerability analysis has been performed and before the system detailed design begins

C.

After the system preliminary design has been developed and before the data security categorization begins

D.

After the business functional analysis and the data security categorization have been performed

Question 215

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Options:

A.

Lack of software documentation

B.

License agreements requiring release of modified code

C.

Expiration of the license agreement

D.

Costs associated with support of the software

Question 216

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Options:

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Question 217

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Options:

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Question 218

When implementing a data classification program, why is it important to avoid too much granularity?

Options:

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Question 219

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Options:

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Question 220

Which of the following is MOST important when assigning ownership of an asset to a department?

Options:

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Question 221

In a data classification scheme, the data is owned by the

Options:

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Question 222

Which of the following BEST describes the responsibilities of a data owner?

Options:

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Question 223

Which one of the following affects the classification of data?

Options:

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Question 224

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

Options:

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Question 225

Which of the following is an initial consideration when developing an information security management system?

Options:

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Page: 1 / 149
Total 1486 questions