CISSP Multiple Choice
DRAG DROP - Drag the following Security Engineering terms on the left to the BEST definition on the right. Select and Place: -Risk -Security Risk Treatment -Protection Needs Assessment -Threat Assessment
-Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event, the adverse impacts that would arise if the circumstances of the event occur, and the likelihood of -Security Risk Treatment: The method used to identify the feasible security risk mitigation options and plans -Protection Needs Assessment: The method used to identify the confidentiality, availability, integrity requirements for organizational and system assets and to characterize the adverse impact or consequences should the asset be lost, modified, degraded, disrupted, compromised or become unavailable -Threat Assessment: The method used to identify and characterize the dangers anticipated throughout the life cycle of the system The method used to identify the feasible security risk mitigation options and plans
Which of the following techniques BEST prevents buffer overflows? A. Boundary and perimeter offset B. Character set encoding C. Code auditing D. Variant type and bit length
?????
A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk? A. 25% B. 50% C. 75% D. 100%
A. 25%
Which of the following BEST describes a Protection Profile (PP)? A. A document that expresses an implementation independent set of security requirements for an Information Technology (IT) product that meets specific consumer needs B. A document that is used to develop an Information Technology (IT) security product from its security requirements definition C. A document that expresses an implementation dependent set of security requirements which contains only the security functional requirements D. A document that represents evaluated products where there is a one-to-one correspondence between a PP and a Security Ta
A. A document that expresses an implementation independent set of security requirements for an Information Technology (IT) product that meets specific consumer needs
Which of the following is part of a Trusted Platform Module (TPM)? A. A non-volatile tamper-resistant storage for storing both data and signing keys in a secure fashion B. A protected Pre-Basic Input/Output System (BIOS) which specifies a method or a metric for ג€measuringג€ the state of a computing platform C. A secure processor targeted at managing digital keys and accelerating digital signing D. A platform-independent software interface for accessing computer functions
A. A non-volatile tamper-resistant storage for storing both data and signing keys in a secure fashion
An organization plan on purchasing a custom software product developed by a small vendor to support its business model. Which unique consideration should be made part of the contractual agreement potential long-term risks associated with creating this dependency? A. A source code escrow clause B. Right to request an independent review of the software source code C. Due diligence form requesting statements of compliance with security requirements D. Access to the technical documentation
A. A source code escrow clause ??
Digital non-repudiation requires which of the following? A. A trusted third-party B. Appropriate corporate policies C. Symmetric encryption D. Multifunction access cards
A. A trusted third-party
Which of the following BEST represents the concept of least privilege? A. Access to an object is denied unless access is specifically allowed. B. Access to an object is only available to the owner. C. Access to an object is allowed unless it is protected by the information security policy. D. Access to an object is only allowed to authenticated users via an Access Control List (ACL)
A. Access to an object is denied unless access is specifically allowed
Which is the RECOMMENDED configuration mode for sensors for an Intrusion Prevention System (IPS) if the prevention capabilities will be used? A. Active B. Inline C. Passive D. Span
A. Active
An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control? A. Add a new rule to the application layer firewall B. Block access to the service C. Install an Intrusion Detection System (IDS) D. Patch the application source code
A. Add a new rule to the application layer firewall
Which of the following is the BEST technique to facilitate secure software development? A. Adhere to secure coding practices for the software application under development B. Conduct penetrating testing for the software application under development C. Develop a threat modeling review for the software application under development D. Perform a code review process for the software application under development
A. Adhere to secure coding practices for the software application under development
A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in place. Which is the MOST suitable approach that the administrator should take? A. Administrator should request data owner approval to the user access B. Administrator should request manager approval for the user access C. Administrator should directly grant the access to the non-sensitive files D. Administrator should assess the user access need and either grant or deny the access
A. Administrator should request data owner approval to the user access
What is a common mistake in records retention? A. Adopting a retention policy with the longest requirement period B. Having the Human Resource (HR) department create a retention policy C. Adopting a retention policy based on applicable organization requirements D. Having the organization legal department create a retention policy
A. Adopting a retention policy with the longest requirement period ??
In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option is an example of RBAC? A. Allowing users access to files based on their group membership B. Allowing users access to files based on username C. Allowing users access to files based on the users location at time of access D. Allowing users access to files based on the file type
A. Allowing users access to files based on their group membership
Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)? A. An attack which forces an end user to execute unwanted actions on a web application in which they are currently authenticated B. An attack that injects a script into a web page to execute a privileged command C. An attack that makes an illegal request across security zones and thereby forges itself into the security database of the system D. An attack that forges a false Structure Query Language (SQL) command across systems
A. An attack which forces an end user to execute unwanted actions on a web application in which they are currently authenticated
Which of the following is the BEST approach for a forensic examiner to obtain the greatest amount of relevant information from malicious software? A. Analyze the behavior of the program B. Analyze the logs generated by the software C. Review the code to identify its origin D. Examine the file properties and permissions
A. Analyze the behavior of the program
What information will BEST assist security and financial analysts in determining if a security control is cost effective to mitigate a vulnerability? A. Annualized Loss Expectancy (ALE) and the cost of the control B. Single Loss Expectancy (SLE) and the cost of the control C. Annual Rate of Occurrence (ARO) and the cost of the control D. Exposure Factor (EF) and the cost of the control
A. Annualized Loss Expectancy (ALE) and the cost of the control
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning(BCP). Which of the following failures should the IT manager be concerned with? A. Application B. Storage C. Power D. Network
A. Application ??
The security team has been tasked with performing an interface test against a front-end external facing application and needs to verify that all input fields protect against invalid input. Which of the following BEST assists this process? A. Application fuzzing B. Instruction set simulation C. Regression testing D. Sanity testing
A. Application fuzzing
Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic? A. Application proxy B. Port filter C. Network boundary router D. Access layer switch
A. Application proxy
In Identity Management (IdM), when is the verification stage performed? A. As part of system sign-on B. Before creation of the identity C. After revocation of the identity D. During authorization of the identity
A. As part of system sign-on
A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually? A. Asset Management, Business Environment, Governance and Risk Assessment B. Access Control, Awareness and Training, Data Security and Maintenance C. Anomalies and Events, Security Continuous Monitoring and Detection Processes D. Recovery Planning, Improvements and Communications
A. Asset Management, Business Environment, Governance and Risk Assessment (https://cybriant.com/how-to-meet-the-guidelines-for-the-nist-cybersecurity-framework/)
Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available. Which of the following MUST Organization A do to properly classify and secure the acquired data? A. Assign data owners from Organization A to the acquired data B. Create placeholder accounts that represent former users from Organization B C. Archive audit records that refer to users from Organization A D. Change the data classification for data acquired from Organization B
A. Assign data owners from Organization A to the acquired data
Which of the following techniques is known to be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections? A. Automated dynamic analysis B. Automated static analysis C. Manual code review D. Fuzzing
A. Automated dynamic analysis
An organization discovers that its Secure File Transfer Protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general Information Technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas. Which of the following is the MOST probable attack vector used in the security breach? A. Buffer overflow B. Distributed Denial of Service (DDoS) C. Cross-Site Scripting (XSS) D. Weak password due to lack of complexity rules
A. Buffer overflow (https://www.fortinet.com/resources/cyberglossary/buffer-overflow)
Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process? A. Build and test B. Implement security controls C. Categorize Information System (IS) D. Select security controls
A. Build and test (Change management: 1) Request 2) Impact assessment 3) Approval/Disapproval 4) Build and test 5) Notification 6) Implementation 7) Validation)
Which of the following is a peer entity authentication method for Point-to-Point Protocol (PPP)? A. Challenge Handshake Authentication Protocol (CHAP) B. Message Authentication Code (MAC) C. Transport Layer Security (TLS) handshake protocol D. Challenge-response authentication mechanism
A. Challenge Handshake Authentication Protocol (CHAP)
Which one of the following would cause an immediate review and possible change to the security policies of an organization? A. Change in technology B. Change in senior management C. Change to organization processes D. Change to organization goals
A. Change in technology
Which of the following is of GREATEST assistance to auditors when reviewing system configurations? A. Change management processes B. User administration procedures C. Operating System (OS) baselines D. System backup documentation
A. Change management processes
What should an auditor do when conducting a periodic audit on media retention? A. Check electronic storage media to ensure records are not retained past their destruction date B. Ensure authorized personnel are in possession of paper copies containing Personally Identifiable Information (PII) C. Check that hard disks containing backup data that are still within a retention cycle are being destroyed correctly D. Ensure that data shared with outside organizations is no longer on a retention schedule
A. Check electronic storage media to ensure records are not retained past their destruction date
What is the foundation of cryptographic functions? A. Cipher B. Encryption C. Hash D. Entropy
A. Cipher
A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need? A. Cloud Virtual Machines (VM) B. Cloud application container within a Virtual Machine (VM) C. On premises Virtual Machine (VM) D. Self-hosted Virtual Machine (VM)
A. Cloud Virtual Machines (VM) (Could have been B, if it also specified a cloud virtual machine. It doesn't so could possibly be an on-premise VM) (https://searchcloudsecurity.techtarget.com/feature/Cloud-containers-what-they-are-and-how-they-work)
Which of the following are important criteria when designing procedures and acceptance criteria for acquired software? A. Code quality, security, and origin B. Architecture, hardware, and firmware C. Data quality, provenance, and scaling D. Distributed, agile, and bench testing
A. Code quality, security, and origin
Which of the following mobile code security models relies only on trust? A. Code signing B. Class authentication C. Sandboxing D. Type safety
A. Code signing
Which of the following is a credible source to validate that security testing of Commercial Off-The-Shelf (COTS) software has been performed with international standards? A. Common Criteria (CC) B. Evaluation Assurance Level (EAL) C. National Information Assurance Partnership (NIAP) D. International Standards Organization (ISO)
A. Common Criteria (CC) (Under CC model, an evaluation is carried out on a product and it is assigned an Evaluation Assurance Level (EAL))
What determines the level of security of a combination lock? A. Complexity of combination required to open the lock B. Amount of time it takes to brute force the combination C. The number of barrels associated with the internal mechanism D. The hardness score of the metal lock material
A. Complexity of combination required to open the lock
A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized? A. Confidentiality B. Integrity C. Availability D. Accessibility
A. Confidentiality
Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates? A. Configuration B. Identity C. Compliance D. Patch
A. Configuration
Which of the following is considered best practice for preventing e-mail spoofing? A. Cryptographic signature B. Uniform Resource Locator (URL) filtering C. Spam filtering D. Reverse Domain Name Service (DNS) lookup
A. Cryptographic signature
Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved? A. Data at rest protection B. Transport Layer Security (TLS) C. Role Based Access Control (RBAC) D. One-way encryption
A. Data at rest protection
Which of the following would BEST describe the role directly responsible for data within an organization? A. Data custodian B. Information owner C. Database administrator D. Quality control
A. Data custodian
Who in the organization is accountable for classification of data information assets? A. Data owner B. Data architect C. Chief Information Security Officer (CISO) D. Chief Information Officer (CIO)
A. Data owner
Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element? A. Data tokenization B. Volume encryption C. Transparent Data Encryption (TDE) D. Column level database encryption
A. Data tokenization
An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred? A. Denial of Service (DoS) attack B. Address Resolution Protocol (ARP) spoof C. Buffer overflow D. Ping flood attack
A. Denial of Service (DoS) attack (Teardrop?)
Which of the following combinations would MOST negatively affect availability? A. Denial of Service (DoS) attacks and outdated hardware B. Unauthorized transactions and outdated hardware C. Fire and accidental changes to data D. Unauthorized transactions and denial of service attacks
A. Denial of Service (DoS) attacks and outdated hardware
Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices? A. Derived credential B. Temporary security credential C. Mobile device credentialing service D. Digest authentication
A. Derived credential ("a Derived Credential is a client certificate that's issued to the mobile device after an end user has proven their identity by using their existing smart card (i.e. CAC or PIV) during an enrollment process")
Which of the following is the MOST effective countermeasure against data remanence? A. Destruction B. Clearing C. Purging D. Encryption
A. Destruction
Stateful" differs from "Static" packet filtering firewalls by being aware of which of the following? A. Difference between a new and an established connection B. Originating network location C. Difference between a malicious and a benign packet payload D. Originating application session
A. Difference between a new and an established connection
The use of private and public encryption keys is fundamental in the implementation of which of the following? A. Diffie-Hellman algorithm B. Secure Sockets Layer (SSL) C. Advanced Encryption Standard (AES) D. Message Digest 5 (MD5)
A. Diffie-Hellman algorithm ✔
An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability? A. Diffle-Hellman (DH) algorithm B. Elliptic Curve Cryptography (ECC) algorithm C. Digital Signature algorithm (DSA) D. Rivest-Shamir-Adleman (RSA) algorithm
A. Diffle-Hellman (DH) algorithm (Secure key exchange)
Change management policies and procedures belong to which of the following types of controls? A. Directive B. Detective C. Corrective D. Preventative
A. Directive
An organization's security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is being used? A. Discretionary Access Control (DAC) B. Role Based Access Control (RBAC) C. Media Access Control (MAC) D. Mandatory Access Control (MAC)
A. Discretionary Access Control (DAC)
What is the PRIMARY goal of fault tolerance? A. Elimination of single point of failure B. Isolation using a sandbox C. Single point of repair D. Containment to prevent propagation
A. Elimination of single point of failure
What should be used immediately after a Business Continuity Plan (BCP) has been invoked? A. Emergency procedures describing the necessary actions to be taken following an incident which jeopardizes business operations B. Fallback procedures describing what actions are to be taken to move essential business activities to alternative temporary locations C. Maintenance schedule specifying how and when the plan will be tested and the process for maintaining the plan D. Resumption procedures describing the actions to be taken to return to normal business operations
A. Emergency procedures describing the necessary actions to be taken following an incident which jeopardizes business operations
A security practitioner is tasked with securing the organizationג€™s Wireless Access Points (WAP). Which of these is the MOST effective way of restricting this environment to authorized users? A. Enable Wi-Fi Protected Access 2 (WPA2) encryption on the wireless access point B. Disable the broadcast of the Service Set Identifier (SSID) name C. Change the name of the Service Set Identifier (SSID) to a random value not associated with the organization D. Create Access Control Lists (ACL) based on Media Access Control (MAC) addresses
A. Enable Wi-Fi Protected Access 2 (WPA2) encryption on the wireless access point
The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate future occurrences? A. Encrypt disks on personal laptops B. Issue cable locks for use on personal laptops C. Create policies addressing critical information on personal laptops D. Monitor personal laptops for critical information
A. Encrypt disks on personal laptops
Which of the following is a responsibility of a data steward? A. Ensure alignment of the data governance effort to the organization. B. Conduct data governance interviews with the organization. C. Document data governance requirements. D. Ensure that data decisions and impacts are communicated to the organization.
A. Ensure alignment of the data governance effort to the organization
Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint? A. Ensures that a trace for all deliverables is maintained and auditable B. Enforces backward compatibility between releases C. Ensures that there is no loss of functionality between releases D. Allows for future enhancements to existing features
A. Ensures that a trace for all deliverables is maintained and auditable?? ("Good change management practice begins with a clear and accurate documentation of changes. Changes to any aspect of the software should be recorded, and an audit trail should be maintained.")
A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance? A. Enterprise asset management framework B. Asset baseline using commercial off the shelf software C. Asset ownership database using domain login records D. A script to report active user logins on assets
A. Enterprise asset management framework
How does a Host Based Intrusion Detection System (HIDS) identify a potential attack? A. Examines log messages or other indications on the system. B. Monitors alarms sent to the system administrator C. Matches traffic patterns to virus signature files D. Examines the Access Control List (ACL)
A. Examines log messages or other indications on the system
Which of the following will an organization's network vulnerability testing process BEST enhance? A. Firewall log review processes B. Asset management procedures C. Server hardening processes D. Code review procedures
A. Firewall log review processes
When developing a business case for updating a security program, the security program owner MUST do which of the following? A. Identify relevant metrics B. Prepare performance test reports C. Obtain resources for the security program D. Interview executive management
A. Identify relevant metrics
What is the BEST location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access? A. In a dedicated Demilitarized Zone (DMZ) B. At the Internet Service Provider (ISP) C. In its own separate Virtual Local Area Network (VLAN) D. Outside the external firewall
A. In a dedicated Demilitarized Zone (DMZ)
During a Disaster Recovery (DR) assessment, additional coverage for assurance is required. What should an assessor do? A. Increase the level of detail of the interview questions B. Conduct a comprehensive examination of the Disaster Recovery Plan (DRP) C. Increase the number and type of relevant staff to interview D. Conduct a detailed review of the organization's DR policy
A. Increase the level of detail of the interview questions
Which of the following is a characteristic of the independent testing of a program? A. Independent testing increases the likelihood that a test will expose the effect of a hidden feature. B. Independent testing decreases the likelihood that a test will expose the effect of a hidden feature. C. Independent testing teams help decrease the cost of creating test data and system design specifications. D. Independent testing teams help identify functional requirements and Service Level Agreements (SLA) to improve program reliability.
A. Independent testing increases the likelihood that a test will expose the effect of a hidden feature ???
Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center? A. Inert gas fire suppression system B. Halon gas fire suppression system C. Dry-pipe sprinklers D. Wet-pipe sprinklers
A. Inert gas fire suppression system
Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized? A. Information Owner (IO) B. System Administrator C. Business Continuity (BC) Manager D. Chief Information Officer (CIO)
A. Information Owner (IO)
Which of the following phases involves researching a target's configuration from public sources when performing a penetration test? A. Information gathering B. Social engineering C. Target selection D. Traffic enumeration
A. Information gathering
Which of the following will accomplish Multi-Factor Authentication (MFA)? A. Issuing a smart card with a user-selected Personal Identification Number (PIN) B. Requiring users to enter a Personal Identification Number (PIN) and a password C. Performing a palm and retinal scan D. Issuing a smart card and a One Time Password (OTP) token
A. Issuing a smart card with a user-selected Personal Identification Number (PIN)
What does electronic vaulting accomplish? A. It protects critical files. B. It ensures the fault tolerance of Redundant Array of Independent Disks (RAID) systems C. It stripes all database records D. It automates the Disaster Recovery Process (DRP)
A. It protects critical files (Electronic Vaulting means that data are backed up, and the output is electronically transmitted to a secured offsite storage location)
Which of the following MOST applies to Session Initiation Protocol (SIP) security? A. It reuses security mechanisms derived from existing protocols B. It supports end-to-end security natively C. It leverages Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS) D. It requires a Public Key Infrastructure (PKI)
A. It reuses security mechanisms derived from existing protocols ??
A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3) to it. Which of the following is the MOST likely reason for doing so? A. It verifies the integrity of the file. B. It checks the file for malware. C. It ensures the entire file downloaded. D. It encrypts the entire file.
A. It verifies the integrity of the file.
A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended? A. Least privilege B. Privilege escalation C. Defense in depth D. Privilege bracketing
A. Least privilege ??
Which of the following is a weakness of Wired Equivalent Privacy (WEP)? A. Length of Initialization Vector (IV) B. Protection against message replay C. Detection of message tampering D. Built-in provision to rotate keys
A. Length of Initialization Vector (IV)
Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring? A. Logging and audit trail controls to enable forensic analysis B. Security incident response lessons learned procedures C. Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system D. Transactional controls focused on fraud prevention
A. Logging and audit trail controls to enable forensic analysis ??
What is the FINAL step in the waterfall method for contingency planning? A. Maintenance B. Testing C. Implementation D. Training
A. Maintenance
What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)? A. Management support B. Consideration of organizational need C. Technology used for delivery D. Target audience
A. Management support
Which security access policy contains fixed security attributes that are used by the system to determine a user's access to a file or object? A. Mandatory Access Control (MAC) B. Access Control List (ACL) C. Discretionary Access Control (DAC) D. Authorized user control
A. Mandatory Access Control (MAC)
Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy? A. Mandatory Access Control (MAC) procedures B. Discretionary Access Control (DAC) procedures C. Segregation of duties D. Data link encryption
A. Mandatory Access Control (MAC) procedures
What is the difference between media marking and media labeling? A. Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures. B. Media labeling refers to the use of human-readable security attributes, while media marking refers to the use of security attributes in internal data structures. C. Media labeling refers to security attributes required by public policy/law, while media marking refers to security required by internal organizational policy. D. Media marking refers to security attributes required by public policy/law, while media labeling refers to security attributes required by internal organizational policy
A. Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures (https://wentzwu.com/2020/02/14/media-marking-and-media-labeling/)
Proven application security principles include which of the following? A. Minimizing attack surface area B. Hardening the network perimeter C. Accepting infrastructure security controls D. Developing independent modules
A. Minimizing attack surface area
How can an attacker exploit a stack overflow to execute arbitrary code? A. Modify a function's return address. B. Move the stack pointer C. Substitute elements in the stack. D. Alter the address of the stack.
A. Modify a function's return address
For the purpose of classification, which of the following is used to divide trust domain and trust boundaries? A. Network architecture B. Integrity C. Identity Management (IdM) D. Confidentiality management
A. Network architecture ("Firewalls should be placed between entities that have different trust domains")
A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce? A. Network perimeters B. Demilitarized Zones (DMZ) C. Databases and back-end servers D. End-user devices
A. Network perimeters
A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security Officer (CISO) says that the cloud provider has met all regulations requirements and even provides its own encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation? A. No, because the encryption solution is internal to the cloud provider. B. Yes, because the cloud provider meets all regulations requirements. C. Yes, because the cloud provider is GDPR compliant. D. No, because the cloud provider is not certified to host government data
A. No, because the encryption solution is internal to the cloud provider
What is the MOST significant benefit of an application upgrade that replaces randomly generated session keys with certificate based encryption for communications with backend servers? A. Non-repudiation B. Efficiency C. Confidentially D. Privacy
A. Non-repudiation
When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined? A. Only when assets are clearly defined B. Only when standards are defined C. Only when controls are put in place D. Only procedures are defined
A. Only when assets are clearly defined
In configuration management, what baseline configuration information MUST be maintained for each computer system? A. Operating system and version, patch level, applications running, and versions. B. List of system changes, test reports, and change approvals C. Last vulnerability assessment report and initial risk assessment report D. Date of last update, test report, and accreditation certificate
A. Operating system and version, patch level, applications running, and versions
Intellectual property rights are PRIMARY concerned with which of the following? A. Owner's ability to realize financial gain B. Owner's ability to maintain copyright C. Right of the owner to enjoy their creation D. Right of the owner to control delivery method
A. Owner's ability to realize financial gain
Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model? A. Packet filtering B. Port services filtering C. Content filtering D. Application access control
A. Packet filtering
What capability would typically be included in a commercially available software package designed for access control? A. Password encryption B. File encryption C. Source library control D. File authentication
A. Password encryption
Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution? A. Password requirements are simplified. B. Risk associated with orphan accounts is reduced. C. Segregation of duties is automatically enforced. D. Data confidentiality is increased
A. Password requirements are simplified (https://www.imperva.com/learn/data-security/iam-identity-and-access-management/)
Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security? A. Peer authentication B. Payload data encryption C. Session encryption D. Hashing digest
A. Peer authentication
Which type of test would an organization perform in order to locate and target exploitable defects? A. Penetration B. System C. Performance D. Vulnerability
A. Penetration
Which of the following is the MOST important activity an organization performs to ensure that security is part of the overall organization culture? A. Perform formal reviews of security incidents. B. Work with senior management to meet business goals. C. Ensure security policies are issued to all employees. D. Manage a program of security audits.
A. Perform formal reviews of security incidents
Which of the following provides the BEST method to verify that security baseline configurations are maintained? A. Perform regular system security testing B. Design security early in the development cycle C. Analyze logs to determine user activities D. Perform quarterly risk assessments
A. Perform regular system security testing
In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network? A. Physical Layer B. Application Layer C. Data-Link Layer D. Network Layer
A. Physical Layer
Which of the following is the PRIMARY mechanism used to limit the range of objects available to a given subject within different execution domains? A. Process isolation B. Data hiding and abstraction C. Use of discrete layering and Application Programming Interfaces (API) D. Virtual Private Network (VPN)
A. Process isolation ??
What MUST each information owner do when a system contains data from multiple information owners? A. Provide input to the Information System (IS) owner regarding the security requirements of the data B. Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate. C. Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data D. Move the data to an Information System (IS) that does not contain data owned by other information owners
A. Provide input to the Information System (IS) owner regarding the security requirements of the data
During which of the following processes is least privilege implemented for a user account? A. Provision B. Approve C. Request D. Review
A. Provision
Which of the following is a common characteristic of privacy? A. Provision for maintaining an audit trail of access to the private data B. Notice to the subject of the existence of a database containing relevant credit card data C. Process for the subject to inspect and correct personal data on-site D. Database requirements for integration of privacy data
A. Provision for maintaining an audit trail of access to the private data
What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique? A. Purging B. Encryption C. Destruction D. Clearing
A. Purging
When building a data classification scheme, which of the following is the PRIMARY concern? A. Purpose B. Cost effectiveness C. Availability D. Authenticity
A. Purpose ???
A company seizes a mobile device suspected of being used in committing fraud. What would be the BEST method used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence? A. Put the device in airplane mode B. Suspend the account with the telecommunication provider C. Remove the SIM card D. Turn the device off
A. Put the device in airplane mode
What does the result of Cost-Benefit Analysis (CBA) on new security initiatives provide? A. Quantifiable justification B. Baseline improvement C. Risk evaluation D. Formalized acceptance
A. Quantifiable justification
What is a consideration when determining the potential impact an organization faces in the event of the loss of confidentiality of Personally Identifiable Information (PII)? A. Quantity B. Availability C. Quality D. Criticality
A. Quantity (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf)
An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of? A. Reasonable data B. Population of required fields C. Allowed number of characters D. Session testing
A. Reasonable data (https://smartbear.com/learn/automated-testing/negative-testing/)
In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ? A. Reduced risk to internal systems. B. Prepare the server for potential attacks. C. Mitigate the risk associated with the exposed server. D. Bypass the need for a firewall.
A. Reduced risk to internal systems
Unused space in a disk cluster is important in media analysis because it may contain which of the following? A. Residual data that has not been overwritten B. Hidden viruses and Trojan horses C. Information about the File Allocation table (FAT) D. Information about patches and upgrades to the system
A. Residual data that has not been overwritten
An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take? A. Revoke access temporarily. B. Block user access and delete user account after six months. C. Block access to the offices immediately. D. Monitor account usage temporarily
A. Revoke access temporarily
Which of the following needs to be taken into account when assessing vulnerability? A. Risk identification and validation B. Threat mapping C. Risk acceptance criteria D. Safeguard selection
A. Risk identification and validation
What balance MUST be considered when web application developers determine how informative application error messages should be constructed? A. Risk versus benefit B. Availability versus auditability C. Confidentiality versus integrity D. Performance versus user satisfaction
A. Risk versus benefit
What is a characteristic of Secure Sockets Layer (SSL) and Transport Layer Security (TLS)? A. SSL and TLS provide a generic channel security mechanism on top of Transmission Control Protocol (TCP). B. SSL and TLS provide nonrepudiation by default. C. SSL and TLS do not provide security for most routed protocols. D. SSL and TLS provide header encapsulation over HyperText Transfer Protocol (HTTP)
A. SSL and TLS provide a generic channel security mechanism on top of Transmission Control Protocol (TCP)
Which of the following is the MOST secure protocol for remote command access to the firewall? A. Secure Shell (SSH) B. Trivial File Transfer Protocol (TFTP) C. Hypertext Transfer Protocol Secure (HTTPS) D. Simple Network Management Protocol (SNMP) v1
A. Secure Shell (SSH)
Which of the following BEST describes the standard used to exchange authorization information between different identity management systems? A. Security Assertion Markup Language (SAML) B. Service Oriented Architecture (SOA) C. Extensible Markup Language (XML) D. Wireless Authentication Protocol (WAP)
A. Security Assertion Markup Language (SAML)
Which of the following objects should be removed FIRST prior to uploading code to public code repositories? A. Security credentials B. Inefficient algorithms C. Coding mistakes D. Known vulnerabilities
A. Security credentials
Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities? A. Security governance B. Risk management C. Security portfolio management D. Risk assessment
A. Security governance ??
Which step of the Risk Management Framework (RMF) identifies the initial set of baseline security controls? A. Selection B. Monitoring C. Implementation D. Assessment
A. Selection (https://csrc.nist.gov/projects/risk-management/risk-management-framework-(RMF)-Overview)
Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals? A. Senior management B. Information security department C. Audit committee D. All users
A. Senior management ?? (https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-security-changing-role-in-audit-noexp.pdf)
Which of the following MUST be done when promoting a security awareness program to senior management? A. Show the need for security; identify the message and the audience B. Ensure that the security presentation is designed to be all-inclusive C. Notify them that their compliance is mandatory D. Explain how hackers have enhanced information security
A. Show the need for security; identify the message and the audience
Which of the following is a common feature of an Identity as a Service (IDaaS) solution? A. Single Sign-On (SSO) authentication support B. Privileged user authentication support C. Password reset service support D. Terminal Access Controller Access Control System (TACACS) authentication support
A. Single Sign-On (SSO) authentication support (According to the Official (ISC)2 Guide to the CISSP CBK Fourth Edition, Page: 702., Features and benefits common to most cloud IAM systems are: 1. SSO Authentication 2. Federation 3. Granular Authorization Controls 4. Administration 5. Integration with Internal Directory Services 6. Integration with External Services
To control the scope of a Business Continuity Management (BCM) system, a security practitioner should identify which of the following? A. Size, nature, and complexity of the organization B. Business needs of the security organization C. All possible risks D. Adaptation model for future recovery planning
A. Size, nature, and complexity of the organization
A. Smoke B. Specific functionality C. Full regression D. End-to-end
A. Smoke
In order for application developers to detect potential vulnerabilities earlier during the Software Development Life Cycle (SDLC), which of the following safeguards should be implemented FIRST as part of a comprehensive testing framework? A. Source code review B. Acceptance testing C. Threat modeling D. Automated testing
A. Source code review
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems? A. Standardized configurations for devices B. Standardized patch testing equipment C. Automated system patching D. Management support for patching
A. Standardized configurations for devices
Which of the following encryption types is used in Hash Message Authentication Code (HMAC) for key distribution? A. Symmetric B. Asymmetric C. Ephemeral D. Permanent
A. Symmetric (https://www.brainscape.com/flashcards/cryptography-message-integrity-6886698/packs/10957693)
Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance? A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements B. Data stewardship roles, data handling and storage standards, data lifecycle requirements C. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements
A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
Which of the following techniques is effective to detect taps in fiber optic cables? A. Taking baseline signal level of the cable B. Measuring signal through external oscillator solution devices C. Outlining electromagnetic field strength D. Performing network vulnerability scanning
A. Taking baseline signal level of the cable ??
What can happen when an Intrusion Detection System (IDS) is installed inside a firewall-protected internal network? A. The IDS can detect failed administrator logon attempts from servers. B. The IDS can increase the number of packets to analyze. C. The firewall can increase the number of packets to analyze. D. The firewall can detect failed administrator login attempts from servers
A. The IDS can detect failed administrator logon attempts from servers
What requirement MUST be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation? A. The auditor must be independent and report directly to the management B. The auditor must utilize automated tools to back their findings C. The auditor must work closely with both the Information Technology (IT) and security sections of an organization D. The auditor must perform manual reviews of systems and processes
A. The auditor must be independent and report directly to the management
Which of the following BEST describes a chosen plaintext attack? A. The cryptanalyst can generate ciphertext from arbitrary text. B. The cryptanalyst examines the communication being sent back and forth. C. The cryptanalyst can choose the key and algorithm to mount the attack. D. The cryptanalyst is presented with the ciphertext from which the original message is determined.
A. The cryptanalyst can generate ciphertext from arbitrary text
Which of the following is a security weakness in the evaluation of Common Criteria (CC) products? A. The manufacturer can state what configuration of the product is to be evaluated B. The product can be evaluated by labs in other countries C. The Target of Evaluationג€™s (TOE) testing environment is identical to the operating environment D. The evaluations are expensive and time-consuming to perform
A. The manufacturer can state what configuration of the product is to be evaluated
What does the term "100 Year Floodplain" mean to emergency preparedness officials? A. The odds of a flood at this level are 1 in 100 in any given year B. The area is expected to be safe from flooding for at least 100 years C. The last flood of any kind to hit the area was more than 100 years ago D. The odds are that the next significant flood will hit within the next 100 years
A. The odds of a flood at this level are 1 in 100 in any given year
When implementing a data classification program, why is it important to avoid too much granularity? A. The process will require too many resources B. It will be difficult to apply to both hardware and software C. It will be difficult to assign ownership to the data D. The process will be perceived as having value
A. The process will require too many resources
Which of the following is the FIRST thing to consider when reviewing Information Technology (IT) internal controls? A. The risk culture of the organization B. The impact of the control C. The nature of the risk D. The cost of the control
A. The risk culture of the organization ??
What is the purpose of code signing? A. The signer verifies that the software being loaded is the software originated by the signer B. The vendor certifies the software being loaded is free of malicious code and that it was originated by the signer C. The signer verifies that the software being loaded is free of malicious code D. Both vendor and the signer certify the software being loaded is free of malicious code and it was originated by the signer
A. The signer verifies that the software being loaded is the software originated by the signer
Which of the following BEST describes Recovery Time Objective (RTO)? A. Time of application resumption after disaster B. Time of application verification after disaster. C. Time of data validation after disaster. D. Time of data restoration from backup after disaster
A. Time of application resumption after disaster
What is the PRIMARY purpose of auditing, as it relates to the security review cycle? A. To ensure the organization's controls and policies are working as intended B. To ensure the organization can still be publicly traded C. To ensure the organization's executive team won't be sued D. To ensure the organization meets contractual requirements
A. To ensure the organization's controls and policies are working as intended
Which of the following is the BEST reason for writing an information security policy? A. To support information security governance B. To reduce the number of audit findings C. To deter attackers D. To implement effective information security controls
A. To support information security governance
Which of the following is the MOST critical success factor in the security patch management process? A. Tracking and reporting on inventory B. Supporting documentation C. Management review of reports D. Risk and impact analysis
A. Tracking and reporting on inventory ?? (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf)
An organization implements a Remote Access Server (RAS). Once users connect to the server, digital certificates are used to authenticate their identity. What type of Extensible Authentication Protocol (EAP) would the organization use during this authentication? A. Transport Layer Security (TLS) B. Message Digest 5 (MD5) C. Lightweight Extensible Authentication Protocol (LEAP) D. Subscriber Identity Module (SIM)
A. Transport Layer Security (TLS)
Which of the following is the MOST effective countermeasure against Man-in-the-Middle (MITM) attacks while using online banking? A. Transport Layer Security (TLS) B. Secure Sockets Layer (SSL) C. Pretty Good Privacy (PGP) D. Secure Shell (SSH)
A. Transport Layer Security (TLS)
In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node? A. Transport layer B. Application layer C. Network layer D. Session layer
A. Transport layer
Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed? A. Truncating parts of the data B. Applying Access Control Lists (ACL) to the data C. Appending non-watermarked data to watermarked data D. Storing the data in a database
A. Truncating parts of the data ??
Which of the following is the BEST method to reduce the effectiveness of phishing attacks? A. User awareness B. Two-factor authentication C. Anti-phishing software D. Periodic vulnerability scan
A. User awareness
Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol? A. WEP uses a small range Initialization Vector (IV) B. WEP uses Message Digest 5 (MD5) C. WEP uses Diffie-Hellman D. WEP does not use any Initialization Vector (IV)
A. WEP uses a small range Initialization Vector (IV)
What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours? A. Warm site B. Hot site C. Mirror site D. Cold site
A. Warm site
When should the software Quality Assurance (QA) team feel confident that testing is complete? A. When release criteria are met B. When the time allocated for testing the software is met C. When senior management approves the test results D. When the software has zero security vulnerabilities
A. When release criteria are met
At a MINIMUM, audits of permissions to individual or group accounts should be scheduled A. annually B. to correspond with staff promotions C. to correspond with terminations D. continually
A. annually
Which of the following command line tools can be used in the reconnaissance phase of a network vulnerability assessment? A. dig B. ipconfig C. ifconfig D. nbstat
A. dig
Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment? A. identification of data location B. integration with organizational directory services for authentication C. accommodation of hybrid deployment models D. tokenization of data
A. identification of data location
What are the steps of a risk assessment? A. identification, analysis, evaluation B. analysis, evaluation, mitigation C. classification, identification, risk management D. identification, evaluation, mitigation
A. identification, analysis, evaluation (It lies in NIST 800-30r1)
Compared with hardware cryptography, software cryptography is generally A. less expensive and slower. B. more expensive and faster. C. more expensive and slower. D. less expensive and faster.
A. less expensive and slower
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is A. organization policy. B. industry best practices. C. industry laws and regulations. D. management feedback.
A. organization policy ???
Mandatory Access Controls (MAC) are based on: A. security classification and security clearance B. data segmentation and data classification C. data labels and user access permissions D. user roles and data encryption
A. security classification and security clearance
The MAIN task of promoting security for Personal Computers (PC) is: A. understanding the technical controls and ensuring they are correctly installed B. understanding the required systems and patching processes for different Operating Systems (OS) C. making sure that users are using only valid, authorized software, so that the chance of virus infection is reduced D. making users understand the risks to the machines and data, so they will take appropriate steps to protect them
A. understanding the technical controls and ensuring they are correctly installed ??
DRAG DROP - Match the access control type to the example of the control type. Drag each access control type net to its corresponding example. Select and Place: Administrative Technical Logical Physical
Administrative - Labeling of sensitive data Technical - Biometrics for authentication Logical - Constrained user interface Physical - RFID Badge
Which of the following provides the MOST secure method for Network Access Control (NAC)? A. Media Access Control (MAC) filtering B. 802.1X authentication C. Application layer filtering D. Network Address Translation (NAT)
B. 802.1X authentication
The adoption of an enterprise-wide Business Continuity (BC) program requires which of the following? A. Good communication throughout the organization B. A completed Business Impact Analysis (BIA) C. Formation of Disaster Recovery (DR) project team D. Well-documented information asset classification
B. A completed Business Impact Analysis (BIA) (A BCP typically includes five sections: 1. BCP Governance 2. Business Impact Analysis (BIA) 3. Plans, measures, and arrangements for business continuity 4. Readiness procedures 5. Quality assurance techniques (exercises, maintenance and auditing)
An organization that has achieved a Capability Maturity Model Integration (CMMI) level of 4 has done which of the following? A. Achieved optimized process performance B. Achieved predictable process performance C. Addressed the causes of common process variance D. Addressed continuous innovative process improvement
B. Achieved predictable process performance (Maturity Level 1 - Initial. Maturity Level 2 - Managed. Maturity Level 3 - Defined (Predictable) Maturity Level 4 - Quantitatively Managed. Maturity Level 5 - Optimizing)
Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive? A. Triple Data Encryption Standard (3DES) B. Advanced Encryption Standard (AES) C. Message Digest 5 (MD5) D. Secure Hash Algorithm 2(SHA-2)
B. Advanced Encryption Standard (AES)
In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper connectivity? A. Connect the device to another network jack B. Apply remediation according to security requirements C. Apply Operating System (OS) patches D. Change the Message Authentication Code (MAC) address of the network interface
B. Apply remediation according to security requirements
Which of the following is critical if an employee is dismissed due to violation of an organization's Acceptable Use Policy (AUP)? A. Privilege suspension B. Appropriate documentation C. Internet access logs D. Proxy records
B. Appropriate documentation ??
The application owner of a system that handles confidential data leaves an organization. It is anticipated that a replacement will be hired in approximately six months. During that time, which of the following should the organization do? A. Grant temporary access to the former application ownerג€™s account B. Assign a temporary application owner to the system C. Restrict access to the system until a replacement application owner is hired D. Prevent changes to the confidential data until a replacement application owner is hired
B. Assign a temporary application owner to the system ??
Which of the following is the MOST important reason for timely installation of software patches? A. Patches are only available for a specific time B. Attackers reverse engineer the exploit from the patch C. Patches may not be compatible with proprietary software D. Attackers may be conducting network analysis
B. Attackers reverse engineer the exploit from the patch
A security engineer is tasked with implementing a new identity solution. The client doesn't want to install or maintain the infrastructure. Which of the following would qualify as the BEST solution? A. Microsoft Identity Manager (MIM) B. Azure Active Directory (AD) C. Active Directory Federation Services (ADFS) D. Active Directory (AD)
B. Azure Active Directory (AD) ("Azure Active Directory (Azure AD) is a comprehensive identity as a service (IDaaS) solution")
What is the BEST approach for maintaining ethics when a security professional is unfamiliar with the culture of a country and is asked to perform a questionable task? A. Exercise due diligence when deciding to circumvent host government requests B. Become familiar with the means in which the code of ethics is applied and considered C. Complete the assignment based on the customer's wishes D. Execute according to the professional's comfort level with the code of ethics
B. Become familiar with the means in which the code of ethics is applied and considered
Which of the following models uses unique groups contained in unique conflict classes? A. Chinese Wall B. Bell-LaPadula C. Clark-Wilson D. Biba
B. Bell-LaPadula
When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted? A. Into the options field B. Between the delivery header and payload C. Between the source and destination addresses D. Into the destination address
B. Between the delivery header and payload (https://www.cloudflare.com/en-gb/learning/network-layer/what-is-gre-tunneling/)
Topic 1 Which one of the following data integrity models assumes a lattice of integrity levels? A. Take-Grant B. Biba C. Harrison-Ruzzo D. Bell-LaPadula
B. Biba
What protocol is often used between gateway hosts on the Internet? A. Exterior Gateway Protocol (EGP) B. Border Gateway Protocol (BGP) C. Open Shortest Path First (OSPF) D. Internet Control Message Protocol (ICMP)
B. Border Gateway Protocol (BGP)
The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents? A. Service Level Agreement (SLA) B. Business Continuity Plan (BCP) C. Business Impact Analysis (BIA) D. Crisis management plan
B. Business Continuity Plan (BCP)
How should the retention period for an organization's social media content be defined? A. By the retention policies of each social media service B. By the records retention policy of the organization C. By the Chief Information Officer (CIO) D. By the amount of available storage space
B. By the records retention policy of the organization
What is the best way for mutual authentication of devices belonging to the same organization? A. Token B. Certificates C. User ID and passwords D. Biometric
B. Certificates
Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item? A. Property book B. Chain of custody form C. Search warrant return D. Evidence tag
B. Chain of custody form
A project requires the use of an authentication mechanism where playback must be protected and plaintext secret must be used. Which of the following should be used? A. Password Authentication Protocol (PAP) B. Challenge Handshake Authentication Protocol (CHAP) C. Extensible Authentication Protocol (EAP) D. Secure Hash Algorithm (SHA)
B. Challenge Handshake Authentication Protocol (CHAP)
Which of the following factors is a PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy? A. Testing and Evaluation (TE) personnel changes B. Changes to core missions or business processes C. Increased Cross-Site Request Forgery (CSRF) attacks D. Changes in Service Organization Control (SOC) 2 reporting requirements
B. Changes to core missions or business processes
Which of the following countermeasures is the MOST effective in defending against a social engineering attack? A. Mandating security policy acceptance B. Changing individual behavior C. Evaluating security awareness training D. Filtering malicious e-mail content
B. Changing individual behavior ??
Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow? A. Memory review B. Code review C. Message division D. Buffer division
B. Code review
Which of the BEST internationally recognized standard for evaluating security products and systems? A. Payment Card Industry Data Security Standards (PCI-DSS) B. Common Criteria (CC) C. Health Insurance Portability and Accountability Act (HIPAA) D. Sarbanes-Oxley (SOX)
B. Common Criteria (CC)
Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified by automated vulnerability assessments? A. Common Vulnerabilities and Exposures (CVE) B. Common Vulnerability Scoring System (CVSS) C. Asset Reporting Format (ARF) D. Open Vulnerability and Assessment Language (OVAL)
B. Common Vulnerability Scoring System (CVSS)
After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT affect the network security posture? A. Conduct an Assessment and Authorization (A&A) B. Conduct a security impact analysis C. Review the results of the most recent vulnerability scan D. Conduct a gap analysis with the baseline configuration
B. Conduct a security impact analysis
Continuity of operations is BEST supported by which of the following? A. Confidentiality, availability, and reliability B. Connectivity, reliability, and redundancy C. Connectivity, reliability, and recovery D. Confidentiality, integrity, and availability
B. Connectivity, reliability, and redundancy
Which of the following is an advantage of on-premise Credential Management Systems? A. Lower infrastructure capital costs B. Control over system configuration C. Reduced administrative overhead D. Improved credential interoperability
B. Control over system configuration
When developing the entitlement review process, which of the following roles is responsible for determining who has a need for the information? A. Data Custodian B. Data Owner C. Database Administrator D. Information Technology (IT) Director
B. Data Owner
Which of the following MUST be considered when developing business rules for a data loss prevention (DLP) solution? A. Data availability B. Data sensitivity C. Data ownership D. Data integrity
B. Data sensitivity
Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device? A. Transport and Session B. Data-Link and Transport C. Network and Session D. Physical and Data-Link
B. Data-Link and Transport ("Network" layer is *between* "Data Link" and "Transport" layers
Which of the following is a responsibility of the information owner? A. Ensure that users and personnel complete the required security training to access the Information System (IS) B. Defining proper access to the Information System (IS), including privileges or access rights C. Managing identification, implementation, and assessment of common security controls D. Ensuring the Information System (IS) is operated according to agreed upon security requirements
B. Defining proper access to the Information System (IS), including privileges or access rights ??
What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack? A. Radio Frequency (RF) attack B. Denial of Service (DoS) attack C. Data modification attack D. Application-layer attack
B. Denial of Service (DoS) attack
A security team member was selected as a member of a Change Control Board (CCB) for an organization. Which of the following is one of their responsibilities? A. Approving or disapproving the change B. Determining the impact of the change C. Carrying out the requested change D. Logging the change
B. Determining the impact of the change
Which of the following is the BEST defense against password guessing? A. Limit external connections to the network B. Disable the account after a limited number of unsuccessful attempts C. Force the password to be changed after an invalid password has been entered D. Require a combination of letters, numbers, and special characters in the password
B. Disable the account after a limited number of unsuccessful attempts
Which of the following is used to ensure that data mining activities will NOT reveal sensitive data? A. Implement two-factor authentication on the underlying infrastructure B. Encrypt data at the field level and tightly control encryption keys C. Preprocess the databases to see if information can be disclosed from the learned patterns D. Implement the principle of least privilege on data elements so a reduced number of users can access the database
B. Encrypt data at the field level and tightly control encryption keys
A company-wide penetration test result shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability? A. Enforce the chmod of files to 755 B. Enforce the control of file directory listings C. Implement access control on the web server D. Implement Secure Sockets Layer (SSL) certificates throughout the web server
B. Enforce the control of file directory listings ???? (https://www.netsparker.com/blog/web-security/disable-directory-listing-web-servers/)
Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services? A. Mandatory Access Controls (MAC) B. Enterprise security architecture C. Enterprise security procedures D. Role Based Access Controls (RBAC)
B. Enterprise security architecture ??
Which of the following is MOST important when deploying digital certificates? A. Validate compliance with X.509 digital certificate standards B. Establish a certificate life cycle management framework C. Use a third-party Certificate Authority (CA) D. Use no less than 256-bit strength encryption when creating a certificate
B. Establish a certificate life cycle management framework
Which of the following is the MOST important security goal when performing application interface testing? A. Confirm that all platforms are supported and function properly B. Evaluate whether systems or components pass data and control correctly to one another C. Verify compatibility of software, hardware, and network connections D. Examine error conditions related to external interfaces to prevent application details leakage
B. Evaluate whether systems or components pass data and control correctly to one another
The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using: A. INSERT and DELETE B. GRANT and REVOKE C. PUBLIC and PRIVATE D. ROLLBACK and TERMINATE
B. GRANT and REVOKE
A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a userג€™s access to data files? A. Host VM monitor audit logs B. Guest OS access controls C. Host VM access controls D. Guest OS audit logs
B. Guest OS access controls
Which of the following is the BEST way to reduce the impact of an externally sourced flood attack? A. Block the source address at the firewall B. Have the service provider block the source address C. Have the source service provider block the address D. Block all inbound traffic until the flood ends
B. Have the service provider block the source address
A minimal implementation of endpoint security includes which of the following? A. Trusted platforms B. Host-based firewalls C. Token-based authentication D. Wireless Access Points (AP)
B. Host-based firewalls
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)? A. Identifying the events and environmental factors that can adversely affect an organization B. Identifying what is important and critical based on disruptions that can affect the organization C. Establishing the need for a Business Continuity Plan (BCP) based on threats that can affect an organization D. Preparing a program to create an organizational awareness for executing the Business Continuity Plan (BCP)
B. Identifying what is important and critical based on disruptions that can affect the organization ??
An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth.The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.Which contract is BEST in offloading the task from the IT staff? A. Platform as a Service (PaaS) B. Identity as a Service (IDaaS) C. Desktop as a Service (DaaS) D. Software as a Service (SaaS)
B. Identity as a Service (IDaaS)
What is the BEST way to correlate large volumes of disparate data sources in a Security Operations Center (SOC) environment? A. Implement Intrusion Detection System (IDS) B. Implement a Security Information and Event Management (SIEM) system C. Hire a team of analysts to consolidate data and generate reports D. Outsource the management of the SOC
B. Implement a Security Information and Event Management (SIEM) system
Which of the following actions will reduce risk to a laptop before traveling to a high risk area? A. Examine the device for physical tampering B. Implement more stringent baseline configurations C. Purge or re-image the hard disk drive D. Change access codes
B. Implement more stringent baseline configurations
Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP). Which of the following represents a valid measure to help protect the network against unauthorized access? A. Implement path management B. Implement port based security through 802.1x C. Implement DHCP to assign IP address to server systems D. Implement change management
B. Implement port based security through 802.1x
What operations role is responsible for protecting the enterprise from corrupt or contaminated media? A. Information security practitioner B. Information librarian C. Computer operator D. Network administrator
B. Information librarian
A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of which of the following? A. Transferred risk B. Inherent risk C. Residual risk D. Avoided risk
B. Inherent risk
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin? A. Development/Acquisition B. Initiation C. Implementation/Assessment D. Disposal
B. Initiation (As per NIST 800-64 Revision 2 it should be B)
A security engineer is designing a Customer Relationship Management (CRM) application for a third-party vendor. In which phase of the System Development Life Cycle (SDLC) will it be MOST beneficial to conduct a data sensitivity assessment? A. Development / Acquisition B. Initiation C. Enumeration D. Operation / Maintenance
B. Initiation (https://www.giac.org/paper/gsec/2354/implementing-information-technology-it-security-sdlc-how-to-approach/104086)
When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified? A. Implementation B. Initiation C. Review D. Development
B. Initiation ???
Which of the following is a standard Access Control List (ACL) element that enables a router to filter Internet traffic? A. Media Access Control (MAC) address B. Internet Protocol (IP) address C. Security roles D. Device needs
B. Internet Protocol (IP) address
Which of the following provides the GREATEST level of data security for a Virtual Private Network (VPN) connection? A. Internet Protocol Payload Compression (IPComp) B. Internet Protocol Security (IPSec) C. Extensible Authentication Protocol (EAP) D. Remote Authentication Dial-In User Service (RADIUS)
B. Internet Protocol Security (IPSec)
Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)? A. It must be known to both sender and receiver. B. It can be transmitted in the clear as a random number. C. It must be retained until the last block is transmitted. D. It can be used to encrypt and decrypt information
B. It can be transmitted in the clear as a random number (The IV need not be secret (it can be transmitted in plaintext along with the ciphertext) but it must be unpredictable)
Which of the following attributes could be used to describe a protection mechanism of an open design methodology? A. It exposes the design to vulnerabilities and malicious attacks B. It can facilitate independent confirmation of the design security C. It can facilitate blackbox penetration testing D. It must be tamperproof to protect it from malicious attacks
B. It can facilitate independent confirmation of the design security ??
Why is planning in Disaster Recovery (DR) an interactive process? A. It details off-site storage plans B. It identifies omissions in the plan C. It defines the objectives of the plan D. It forms part of the awareness process
B. It identifies omissions in the plan
Which of the following is the PRIMARY benefit of a formalized information classification program? A. It minimized system logging requirements. B. It supports risk assessment. C. It reduces asset vulnerabilities. D. It drives audit processes
B. It supports risk assessment
From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system? A. Disable all recursive queries on the name servers B. Limit zone transfers to authorized devices C. Configure secondary servers to use the primary server as a zone forwarder D. Block all Transmission Control Protocol (TCP) connections
B. Limit zone transfers to authorized devices
Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats? A. Layer 2 Tunneling Protocol (L2TP) B. Link Control Protocol (LCP) C. Challenge Handshake Authentication Protocol (CHAP) D. Packet Transfer Protocol (PTP)
B. Link Control Protocol (LCP)
Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework? A. Achieving Service Level Agreements (SLA) on how quickly patches will be released when a security flaw is found. B. Maintaining segregation of duties. C. Standardized configurations for logging, alerting, and security metrics. D. Availability of security teams at the end of design process to perform last-minute manual audits and reviews.
B. Maintaining segregation of duties
Configuring a Wireless Access Point (WAP) with the same Service Set Identifier (SSID) as another WAP in order to have users unknowingly connect is referred to as which of the following? A. Jamming B. Man-in-the-Middle (MITM) C. War driving D. Internet Protocol (IP) spoofing
B. Man-in-the-Middle (MITM)
Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)? A. Minimize malicious attacks from third parties B. Manage resource privileges C. Share digital identities in hybrid cloud D. Define a standard protocol
B. Manage resource privileges ??
Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)? A. Tactical, strategic, and financial B. Management, operational, and technical C. Documentation, observation, and manual D. Standards, policies, and procedures
B. Management, operational, and technical
Which of the following access control models is MOST restrictive? A. Discretionary Access Control (DAC) B. Mandatory Access Control (MAC) C. Role Based Access Control (RBAC) D. Rule based access contro
B. Mandatory Access Control (MAC)
When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network? A. Ping testing B. Mapping tools C. Asset register D. Topology diagrams
B. Mapping tools
A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following? A. Guaranteed recovery of all business functions B. Minimization of the need decision making during a crisis C. Insurance against litigation following a disaster D. Protection from loss of organization resources
B. Minimization of the need decision making during a crisis
What is the MAIN purpose for writing planned procedures in the design of Business Continuity Plans (BCP)? A. Establish lines of responsibility. B. Minimize the risk of failure. C. Accelerate the recovery process. D. Eliminate unnecessary decision making.
B. Minimize the risk of failure ???
Which of the following could cause a Denial of Service (DoS) against an authentication system? A. Encryption of audit logs B. No archiving of audit logs C. Hashing of audit logs D. Remote access audit logs
B. No archiving of audit logs ??
Which of the following actions MUST be performed when using Secure/Multipurpose Internet Mail Extensions (S/MIME) before sending an encrypted message to a recipient? A. Obtain the recipient's private key B. Obtain the recipient's digital certificate C. Digitally sign the message D. Encrypt attachments
B. Obtain the recipient's digital certificate
Which of the following is the MOST secure password technique? A. Passphrase B. One-time password C. Cognitive password D. Cipthertext
B. One-time password
Which of the following global privacy legislation principles ensures that data handling policies and the name of the data controller are easily accessible to the public? A. Use limitation B. Openness C. Purpose specification D. Individual participation
B. Openness
Which of the following is MOST important when determining appropriate countermeasures for an identified risk? A. Interaction with existing controls B. Organizational risk tolerance C. Patch availability D. Cost
B. Organizational risk tolerance
Which of the following is MOST important when assigning ownership of an asset to a department? A. The department should report to the business owner B. Ownership of the asset should be periodically reviewed C. Individual accountability should be ensured D. All members should be trained on their responsibilities
B. Ownership of the asset should be periodically reviewed
The process of "salting" a password is designed to increase the difficulty of cracking which of the following? A. Specific password B. Password hash function C. Password algorithm D. Maximum password length
B. Password hash function (https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/)
What is the MOST common component of a vulnerability management framework? A. Risk analysis B. Patch management C. Threat analysis D. Backup management
B. Patch management
An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard? A. Perform a compliance review B. Perform a penetration test C. Train the technical staff D. Survey the technical staff
B. Perform a penetration test
Which of the following is the MOST effective preventative method to identify security flaws in software? A. Monitor performance in production environments B. Perform a structured code review C. Perform application penetration testing D. Use automated security vulnerability testing tools
B. Perform a structured code review ??
A. Remote access administration B. Personal Identity Verification (PIV) C. Access Control List (ACL) D. Privileged Identity Management (PIM)
B. Personal Identity Verification (PIV)
Which of the following are the FIRST two steps to securing employees from threats involving workplace violence and acts of terrorism? A. Physical barriers impeding unauthorized access and security guards at each entrance B. Physical barriers and the ability to identify people as they enter the workplace C. Security guards and metal detectors posted at each entrance D. Metal detectors and the ability to identify people as they enter the workplace
B. Physical barriers and the ability to identify people as they enter the workplace ????
An organization has implemented a new backup process which protects confidential data by encrypting the information stored on backup tapes. Which of the following is a MAJOR data confidentiality concern after the implementation of this new backup process? A. Tape backup rotation B. Pre-existing backup tapes C. Tape backup compression D. Backup tape storage location
B. Pre-existing backup tapes
In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs? A. Modifying source code without approval B. Promoting programs to production without approval C. Developers checking out source code without approval D. Developers using Rapid Application Development (RAD) methodologies without approval
B. Promoting programs to production without approval ??
Which of the following is the BEST type of authentication and encryption for a Secure Shell (SSH) implementation when network traffic traverses between a host and an infrastructure device? A. Lightweight Directory Access Protocol (LDAP) B. Public-key cryptography C. Remote Authentication Dial-In User Service (RADIUS) D. Private-key cryptography
B. Public-key cryptography
Which of the following is the MOST efficient mechanism to account for all staff during a speedy non-emergency evacuation from a large security facility? A. Large mantrap where groups of individuals leaving are identified using facial recognition technology B. Radio Frequency Identification (RFID) sensors worn by each employee scanned by sensors at each exit door C. Emergency exits with push bars with coordinates at each exit checking off the individual against a predefined list D. Card-activated turnstile where individuals are validated upon exit
B. Radio Frequency Identification (RFID) sensors worn by each employee scanned by sensors at each exit door
During a Disaster Recovery (DR) simulation, it is discovered that the shared recovery site lacks adequate data restoration capabilities to support the implementation of multiple plans simultaneously.What would be impacted by this fact if left unchanged? A. Recovery Point Objective (RPO) B. Recovery Time Objective (RTO) C. Business Impact Analysis (BIA) D. Return on Investment (ROI)
B. Recovery Time Objective (RTO)
What is the BEST way to establish identity over the Internet? A. Challenge Handshake Authentication Protocol (CHAP) and strong passwords B. Remote Authentication Dial-In User Service (RADIUS) server with hardware tokens C. Internet Message Access Protocol (IMAP) with Triple Data Encryption Standard (3DES) D. Remote user authentication via Simple Object Access Protocol (SOAP)
B. Remote Authentication Dial-In User Service (RADIUS) server with hardware tokens
What is the GREATEST challenge of an agent-based patch management solution? A. Time to gather vulnerability information about the computers in the program B. Requires that software be installed, running, and managed on all participating computers C. The significant amount of network bandwidth while scanning computers D. The consistency of distributing patches to each participating computer
B. Requires that software be installed, running, and managed on all participating computers
What is the second step in the identity and access provisioning lifecycle? A. Provisioning B. Review C. Approval D. Revocation
B. Review (1.Provisioning 2.Review 3.Revocation)
Which of the following is the final phase of the identity and access provisioning lifecycle? A. Recertification B. Revocation C. Removal D. Validation
B. Revocation (Lifecyle consists of : 1.Provisioning 2.Review 3.Revocation)
A. Security vulnerabilities B. Risk tolerance C. Risk mitigation D. Security staff
B. Risk tolerance
A system administration office desires to implement the following rules: ✑ An administrator that is designated as a skill level 3, with 5 years of experience, is allowed to perform system backups, upgrades, and local administration. ✑ An administrator that is designated as a skill level 5, with 10 years of experience, is permitted to perform all actions related to system administration. Which of the following access control methods MUST be implemented to achieve this goal? A. Discretionary Access Control (DAC) B. Role Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Attribute Based Access Control (ABAC)
B. Role Based Access Control (RBAC)
What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance? A. Audit logs B. Role-Based Access Control (RBAC) C. Two-factor authentication D. Application of least privilege
B. Role-Based Access Control (RBAC)
Which of the following is true of Service Organization Control (SOC) reports? A. SOC 1 Type 2 reports assess the security, confidentiality, integrity, and availability of an organization's controls B. SOC 2 Type 2 reports include information of interest to the service organization's management C. SOC 2 Type 2 reports assess internal controls for financial reporting D. SOC 3 Type 2 reports assess internal controls for financial reporting
B. SOC 2 Type 2 reports include information of interest to the service organization's management (http://ssae16.businesscatalyst.com/SSAE16_reports.html)
Which of the following is the MOST appropriate action when reusing media that contains sensitive data? A. Erase B. Sanitize C. Encrypt D. Degauss
B. Sanitize
Which of the following protocols will allow the encrypted transfer of content on the Internet? A. Server Message Block (SMB) B. Secure copy C. Hypertext Transfer Protocol (HTTP) D. Remote copy
B. Secure copy
Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment? A. Lightweight Directory Access Protocol (LDAP) B. Security Assertion Markup Language (SAML) C. Internet Mail Access Protocol D. Transport Layer Security (TLS)
B. Security Assertion Markup Language (SAML)
In which of the following programs is it MOST important to include the collection of security process data? A. Quarterly access reviews B. Security continuous monitoring C. Business continuity testing D. Annual security training
B. Security continuous monitoring ("NIST SP 800-137 provides guidelines for developing an information security continuous monitoring (ISCM) program. Security professionals should ensure that security process data that is collected includes account management, management review, key performance and risk indicators, backup verification data, training and awareness, and disaster recovery and business continuity.")
Which of the following is the MOST common method of memory protection? A. Compartmentalization B. Segmentation C. Error correction D. Virtual Local Area Network (VLAN) tagging
B. Segmentation
Which of the following restricts the ability of an individual to carry out all the steps of a particular process? A. Job rotation B. Separation of duties C. Least privilege D. Mandatory vacations
B. Separation of duties
Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution? A. VPN bandwidth B. Simultaneous connection to other networks C. Users with Internet Protocol (IP) addressing conflicts D. Remote users with administrative rights
B. Simultaneous connection to other networks
Point-to-Point Protocol (PPP) was designed to specifically address what issue? A. A common design flaw in telephone modems B. Speed and reliability issues between dial-up users and Internet Service Providers (ISP) C. Compatibility issues with personal computers and web browsers D. The security of dial-up connections to remote networks
B. Speed and reliability issues between dial-up users and Internet Service Providers (ISP)
Which of the following types of data would be MOST difficult to detect by a forensic examiner? A. Slack space data B. Steganographic data C. File system deleted data D. Data stored with a different file type extension
B. Steganographic data
During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL): http://www.companysite.com/products/products.asp?productid=123 or 1=1What type of attack does this indicate? A. Directory traversal B. Structured Query Language (SQL) injection C. Cross-Site Scripting (XSS) D. Shellcode injection
B. Structured Query Language (SQL) injection
Physical assets defined in an organization's Business Impact Analysis (BIA) could include which of the following? A. Personal belongings of organizational staff members B. Supplies kept off-site at a remote facility C. Cloud-based applications D. Disaster Recovery (DR) line-item revenues
B. Supplies kept off-site at a remote facility
Which of the following is included in the Global System for Mobile Communications (GSM) security framework? A. Public-Key Infrastructure (PKI) B. Symmetric key cryptography C. Digital signatures D. Biometric authentication
B. Symmetric key cryptography
Security categorization of a new system takes place during which phase of the Systems Development Life Cycle (SDLC)? A. System implementation B. System initiation C. System operations and maintenance D. System acquisition and development
B. System initiation (https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-64r2.pdf)
The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)? A. System acquisition and development B. System operations and maintenance C. System initiation D. System implementation
B. System operations and maintenance ✔️ (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-64.pdf)
Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs? A. Check arguments in function calls B. Test for the security patch level of the environment C. Include logging functions D. Digitally sign each application module
B. Test for the security patch level of the environment ?
Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique? A. It is characterized by the stateless behavior of a process implemented in a function B. Test inputs are obtained from the derived boundaries of the given functional specifications C. An entire partition can be covered by considering only one representative value from that partition D. It is useful for testing communications protocols and graphical user interfaces
B. Test inputs are obtained from the derived boundaries of the given functional specifications ???? (https://www.guru99.com/state-transition-testing.html)
A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.Which of the following is the GREATEST impact on security for the network? A. The network administrators have no knowledge of ICS B. The ICS is now accessible from the office network C. The ICS does not support the office password policy D. RS422 is more reliable than Ethernet
B. The ICS is now accessible from the office network
An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third-party Information Technology (IT) systems. During the due diligence process, the third party provides previous audit reports on its IT systems. Which of the following MUST be considered by the organization in order for the audit reports to be acceptable? A. The audit reports have been issued in the last six months B. The audit assessment has been conducted by an independent assessor C. The audit assessment has been conducted by an international audit firm D. The audit reports have been signed by the third-party senior management
B. The audit assessment has been conducted by an independent assessor
Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)? A. The dynamic reconfiguration of systems B. The cost of downtime C. A recovery strategy for all business processes D. A containment strategy
B. The cost of downtime
Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host? A. An Intrusion Detection System (IDS) has dropped the packets. B. The network is connected using switches. C. The network is connected using hubs. D. The network's firewall does not allow sniffing
B. The network is connected using switches
Which of the following is a Key Performance Indicator (KPI) for a security training and awareness program? A. The number of security audits performed B. The number of attendees at security training events C. The number of security training materials created D. The number of security controls implemented
B. The number of attendees at security training events
Which of the following is the BEST reason for the use of security metrics? A. They ensure that the organization meets its security objectives. B. They provide an appropriate framework for Information Technology (IT) governance. C. They speed up the process of quantitative risk assessment. D. They quantify the effectiveness of security processes.
B. They provide an appropriate framework for Information Technology (IT) governance (https://securityscorecard.com/blog/the-most-important-security-metrics-to-maintain-compliance)
As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these accounts maintained their old permissions as well. The obsolete permissions identified by the audit have been remediated and accounts have only the appropriate permissions to complete their jobs. Which of the following is the BEST way to prevent access privilege creep? A. Implementing Identity and Access Management (IAM) solution B. Time-based review and certification C. Internet audit D. Trigger-based review and certification
B. Time-based review and certification?? ("Whether you control access by enforcing rules or interpreting the various roles of the user, you must periodically review the access privileges accorded to each user (or system or software entity). The period of the review should be set by policy and strictly enforced by well documented processes.")
Which of the following is the PRIMARY issue when analyzing detailed log information? A. Logs may be unavailable when required B. Timely review of the data is potentially difficult C. Most systems and applications do not support logging D. Logs do not provide sufficient details of system and individual activities
B. Timely review of the data is potentially difficult
Why would a security architect specify that a default route pointing to a sinkhole be injected into internal networks? A. To have firewalls route all network traffic B. To detect the traffic destined to non-existent network destinations C. To exercise authority over the network department D. To re-inject the route into external networks
B. To detect the traffic destined to non-existent network destinations
A new Chief Information Officer (CIO) created a group to write a data retention policy based on applicable laws. Which of the following is the PRIMARY motivation for the policy? A. To back up data that is used on a daily basis B. To dispose of data in order to limit liability C. To reduce costs by reducing the amount of retained data D. To classify data according to what it contains
B. To dispose of data in order to limit liability ??
What is the PRIMARY purpose for an organization to conduct a security audit? A. To ensure the organization is adhering to a well-defined standard B. To ensure the organization is applying security controls to mitigate identified risks C. To ensure the organization is configuring information systems efficiently D. To ensure the organization is documenting findings
B. To ensure the organization is applying security controls to mitigate identified risks
What is the MAIN goal of information security awareness and training? A. To inform users of the latest malware threats B. To inform users of information assurance responsibilities C. To comply with the organization information security policy D. To prepare students for certification
B. To inform users of information assurance responsibilities
A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols? A. Point-to-Point Protocol (PPP) and Internet Control Message Protocol (ICMP) B. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) C. Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) D. Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
B. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
Which of the following is an initial consideration when developing an information security management system? A. Identify the contractual security obligations that apply to the organizations B. Understand the value of the information assets C. Identify the level of residual risk that is tolerable to management D. Identify relevant legislative and regulatory compliance requirements
B. Understand the value of the information assets
Which of the following information MUST be provided for user account provisioning? A. Full name B. Unique identifier C. Security question D. Date of birth
B. Unique identifier
How long should the records on a project be retained? A. For the duration of the project, or at the discretion of the record owner B. Until they are no longer useful or required by policy C. Until five years after the project ends, then move to archives D. For the duration of the organization fiscal year
B. Until they are no longer useful or required by policy
A. Use an impact-based approach. B. Use a risk-based approach. C. Use a criticality-based approach. D. Use a threat-based approach
B. Use a risk-based approach
Which of the following is considered a secure coding practice? A. Use concurrent access for shared variables and resources B. Use checksums to verify the integrity of libraries C. Use new code for common tasks D. Use dynamic execution functions to pass user supplied data
B. Use checksums to verify the integrity of libraries
Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation? A. The criteria for measuring risk is defined. B. User populations to be assigned to each role is determined. C. Role mining to define common access patterns is performed. D. The foundational criteria are defined
B. User populations to be assigned to each role is determined
When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following? A. Perform a service provider PCI-DSS assessment on a yearly basis B. Validate the service provider's PCI-DSS compliance status on a regular basis C. Validate that the service providers security policies are in alignment with those of the organization D. Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis
B. Validate the service provider's PCI-DSS compliance status on a regular basis
Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network? A. Provide vulnerability reports to management. B. Validate vulnerability remediation activities. C. Prevent attackers from discovering vulnerabilities. D. Remediate known vulnerabilities
B. Validate vulnerability remediation activities
Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates? A. Penetration testing B. Vulnerability management C. Software Development Life Cycle (SDLC) D. Life cycle management
B. Vulnerability management
Which of the following questions will be addressed through the use of a Privacy Impact Assessment (PIA)? A. How the information is to be maintained B. Why the information is to be collected C. What information is to be destroyed D. Where the information is to be stored
B. Why the information is to be collected
The PRIMARY purpose of accreditation is to: A. comply with applicable laws and regulations. B. allow senior management to make an informed decision regarding whether to accept the risk of operating the system. C. protect an organization's sensitive data. D. verify that all security controls have been implemented properly and are operating in the correct manner
B. allow senior management to make an informed decision regarding whether to accept the risk of operating the system
In a data classification scheme, the data is owned by the A. system security managers B. business managers C. Information Technology (IT) managers D. end users
B. business managers
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that: A. determine the risk of a business interruption occurring B. determine the technological dependence of the business processes C. Identify the operational impacts of a business interruption D. Identify the financial impacts of a business interruption
B. determine the technological dependence of the business processes
The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would A. require an update of the Protection Profile (PP). B. require recertification. C. retain its current EAL rating. D. reduce the product to EAL 3
B. require recertification
An Intrusion Detection System (IDS) is based on the general hypothesis that a security violation is associated with a pattern of system usage, which can be A. differentiated from a normal usage pattern B. used to detect known violations C. used to detect a masquerader D. differentiated to detect all security violations
B. used to detect known violations
Due to system constraints, a group of system administrators must share a high-level access set of credentials. Which of the following would be MOST appropriate to implement? A. Increased console lockout times for failed logon attempts B. Reduce the group in size C. A credential check-out process for a per-use basis D. Full logging on affected systems
C. A credential check-out process for a per-use basis
Which of the following is an accurate statement when an assessment results in the discovery of vulnerabilities in a critical network component? A. There is little likelihood that the entire network is being placed at a significant risk of attack B. There is a low possibility that any adjacently connected components have been compromised by an attacker C. A second assessment should immediately be performed after all vulnerabilities are corrected D. The fact that every other host is sufficiently hardened does not change the fact that the network is placed at risk of attack
C. A second assessment should immediately be performed after all vulnerabilities are corrected
An employee receives a promotion that entities them to access higher-level functions on the company's accounting system, as well as keeping their access to the previous system that is no longer needed or applicable. What is the name of the process that tries to remove this excess privilege? A. Access provisioning B. Segregation of Duties (SoD) C. Access certification D. Access aggregation
C. Access certification ??
How does security in a distributed file system using mutual authentication differ from file security in a multi-user host? A. Access control can rely on the Operating System (OS), but eavesdropping is not a risk B. Access control cannot rely on the Operating System (OS), and eavesdropping is a risk C. Access control can rely on the Operating System (OS), and eavesdropping is a risk D. Access control cannot rely on the Operating System (OS), and eavesdropping is not a risk
C. Access control can rely on the Operating System (OS), and eavesdropping is a risk ??
An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies. What code of ethics canon is being observed? A. Provide diligent and competent service to principals B. Protect society, the commonwealth, and the infrastructure C. Advance and protect the profession D. Act honorable, honesty, justly, responsibly, and legally
C. Advance and protect the profession
A security practitioner has just been assigned to address an ongoing Denial of Service (DoS) attack against the company's network, which includes an e-commerce web site. The strategy has to include defenses for any size of attack without rendering the company network unusable. Which of the following should be a PRIMARY concern when addressing this issue? A. Deal with end user education and training. B. Pay more for a dedicated path to the Internet. C. Allow legitimate connections while blocking malicious connections. D. Ensure the web sites are properly backed up on a daily basis
C. Allow legitimate connections while blocking malicious connections
Which of the following is needed to securely distribute symmetric cryptographic keys? A. Officially approved Public-Key Infrastructure (PKI) Class 3 or Class 4 certificates B. Officially approved and compliant key management technology and processes C. An organizationally approved communication protection policy and key management plan D. Hardware tokens that protect the user's private key.
C. An organizationally approved communication protection policy and key management plan ??
Which layer of the Open System Interconnection (OSI) model is reliant on other layers and is concerned with the structure, interpretation and handling of information? A. Presentation Layer B. Session Layer C. Application Layer D. Transport Layer
C. Application Layer ("Layer 7 - the application layer, describes the structure, interpretation, and handling of information") (https://www.google.com.hk/search?tbm=bks&hl=en&q=osi+%22structure%2C+interpretation+and+handling+of+information%22)
Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities? A. Definitions for each exposure type B. Vulnerability attack vectors C. Asset values for networks D. Exploit code metrics
C. Asset values for networks
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions? A. Continuously without exception for all security controls B. Before and after each change of the control C. At a rate concurrent with the volatility of the security control D. Only during system implementation and decommissioning
C. At a rate concurrent with the volatility of the security control ??
For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following? A. Access Control B. Account Management C. Authentication D. Authorization
C. Authentication
Which of the following represents the GREATEST risk to data confidentiality? A. Network redundancies are not implemented B. Security awareness training is not completed C. Backup tapes are generated unencrypted D. Users have administrative privileges
C. Backup tapes are generated unencrypted
Which of the following BEST describes how access to a system is granted to federated user accounts? A. With the federation assurance level B. Based on defined criteria by the Relying Party (RP) C. Based on defined criteria by the Identity Provider (IdP) D. With the identity assurance level
C. Based on defined criteria by the Identity Provider (IdP) (https://resources.infosecinstitute.com/certification/cissp-domain-5-refresh-identity-and-access-management/)
Of the following, which BEST provides non-repudiation with regards to access to a server room? A. Fob and Personal Identification Number (PIN) B. Locked and secured cages C. Biometric readers D. Proximity readers
C. Biometric readers
Which testing method requires very limited or no information about the network infrastructure? A. White box B. Static C. Black box D. Stress
C. Black box
Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test? A. Reversal B. Gray box C. Blind D. White box
C. Blind
Backup information that is critical to the organization is identified through a A. Vulnerability Assessment (VA). B. Business Continuity Plan (BCP). C. Business Impact Analysis (BIA). D. data recovery analysis.
C. Business Impact Analysis (BIA)
Where would an organization typically place an endpoint security solution? A. Web server and individual devices B. Intrusion Detection System (IDS) and web server C. Central server and individual devices D. Intrusion Detection System (IDS) and central sever
C. Central server and individual devices ????
Which security modes is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data? A. Biba B. Graham-Denning C. Clark-Wilson D. Beil-LaPadula
C. Clark-Wilson
Which of the following problems is not addressed by using Open Authorization Version 2 (OAuth2) to integrate a third-party Identity Provider (IdP) for a service? A. Resource servers are required to use passwords to authenticate end users B. Revocation of access of some users of the third-party instead of all the users from the third-party C. Compromise of the third-party means compromise of all the users in the service D. Guest users need to authenticate with the third-party IdP
C. Compromise of the third-party means compromise of all the users in the service
What is the MOST important consideration from a data security perspective when an organization plans to relocate? A. Ensure the fire prevention and detection systems are sufficient to protect personnel B. Review the architectural plans to determine how many emergency exits are present C. Conduct a gap analysis of a new facilities against existing security requirements D. Revise the Disaster Recovery and Business Continuity (DR/BC) plan
C. Conduct a gap analysis of a new facilities against existing security requirements
A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results. What should be implemented to BEST achieve the desired results? A. Configuration Management Database (CMDB) B. Source code repository C. Configuration Management Plan (CMP) D. System performance monitoring application
C. Configuration Management Plan (CMP) ??
As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following? A. Known-plaintext attack B. Denial of Service (DoS) C. Cookie manipulation D. Structured Query Language (SQL) injection
C. Cookie manipulation
Which of the following media sanitization techniques is MOST likely to be effective for an organization using public cloud services? A. Low-level formatting B. Secure-grade overwrite erasure C. Cryptographic erasure D. Drive degaussing
C. Cryptographic erasure (Use data at rest encryption and destroy the encryption key)
Which of the following does Secure Sockets Layer (SSL) encryption protect? A. Data availability B. Data at rest C. Data in transit D. Data integrity
C. Data in transit
Who is accountable for the information within an Information System (IS)? A. Security manager B. System owner C. Data owner D. Data processor
C. Data owner ??
Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations? A. Having emergency contacts established for the general employee population to get information B. Conducting business continuity and disaster recovery training for those who have a direct role in the recovery C. Designing business continuity and disaster recovery training programs for different audiences D. Publishing a corporate business continuity and disaster recovery plan on the corporate website
C. Designing business continuity and disaster recovery training programs for different audience
Which of the following steps should be conducted during the FIRST phase of software assurance in a generic acquisition process? A. Establishing and consenting to the contract work schedule B. Issuing a Request for Proposal (RFP) with a work statement C. Developing software requirements to be included in work statement D. Reviewing and accepting software deliverables
C. Developing software requirements to be included in work statement
What principle requires that changes to the plaintext affect many parts of the ciphertext? A. Encapsulation B. Permutation C. Diffusion D. Obfuscation
C. Diffusion (Diffusion means that a single plaintext bit has influence over several of the ciphertext bits. Changing a plaintext value should change many ciphertext values, not just one. In fact, in a strong block cipher, if one plaintext bit is changed, it will change every ciphertext bit with the probability of 50 percent.This means that if one plaintext bit changes, then about half of the ciphertext bits will change)
The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity? A. Application authentication B. Input validation C. Digital signing D. Device encryption
C. Digital signing
Which of the following MUST a security policy include to be effective within an organization? A. A list of all standards that apply to the policy B. Owner information and date of last revision C. Disciplinary measures for non-compliance D. Strong statements that clearly define the problem
C. Disciplinary measures for non-compliance ??
Which of the following activities is MOST likely to be performed during a vulnerability assessment? A. Establish caller authentication procedures to verify the identities of users B. Analyze the environment by conducting interview sessions with relevant parties C. Document policy exceptions required to access systems in non-compliant areas D. Review professional credentials of the vulnerability assessment team or vendor
C. Document policy exceptions required to access systems in non-compliant areas
What is the HIGHEST priority in agile development? A. Selecting appropriate coding language B. Managing costs of product delivery C. Early and continuous delivery of software D. Maximizing the amount of code delivered
C. Early and continuous delivery of software
Which of the following threats exists with an implementation of digital signatures? A. Spoofing B. Substitution C. Eavesdropping D. Content tampering
C. Eavesdropping (digital signature cannot provide confidentiality, so eaves dropping still exist)
It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment? A. Negotiate schedule with the Information Technology (IT) operation's team B. Log vulnerability summary reports to a secured server C. Enable scanning during off-peak hours D. Establish access for Information Technology (IT) management
C. Enable scanning during off-peak hours
A continuous information security monitoring program can BEST reduce risk through which of the following? A. Collecting security events and correlating them to identify anomalies B. Facilitating system-wide visibility into the activities of critical user accounts C. Encompassing people, process, and technology D. Logging both scheduled and unscheduled system changes
C. Encompassing people, process, and technology (It states: Any effort or process intended to support ongoing monitoring of information security across an organization must begin with senior leadership defining a comprehensive ISCM strategy encompassing technology, processes, procedures, operating environments, and people)
Which of the following are effective countermeasures against passive network-layer attacks? A. Federated security and authenticated access controls B. Trusted software development and run time integrity controls C. Encryption and security enabled applications D. Enclave boundary protection and computing environment defense
C. Encryption and security enabled applications
Which of the following is an important requirement when designing a secure remote access system? A. Configure a Demilitarized Zone (DMZ) to ensure that user and service traffic is separated B. Provide privileged access rights to computer files and systems C. Ensure that logging and audit controls are included D. Reduce administrative overhead through password self service
C. Ensure that logging and audit controls are included
Which of the following will help prevent improper session handling? A. Ensure JavaScript and plugin support is disabled B. Ensure that certificates are valid and fail closed C. Ensure that tokens are sufficiently long, complex, and pseudo-random D. Ensure that all UIWebView calls do not execute without proper input validation
C. Ensure that tokens are sufficiently long, complex, and pseudo-random
Which of the following BEST describes the responsibilities of a data owner? A. Ensuring quality and validation through periodic audits for ongoing data integrity B. Maintaining fundamental data availability, including data storage and archiving C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security D. Determining the impact the information has on the mission of the organization
C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
Attack trees are MOST useful for which of the following? A. Determining system security scopes B. Generating attack libraries C. Enumerating threats D. Evaluating Denial of Service (DoS) attacks
C. Enumerating threats (https://www.oreilly.com/library/view/threat-modeling-designing/9781118810057/9781118810057c04.xhtml)
Which of the following is a direct monetary cost of a security incident? A. Morale B. Reputation C. Equipment D. Information
C. Equipment
Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain. Which of the following is LEAST associated with the attack surface? A. Input protocols B. Target processes C. Error messages D. Access rights
C. Error messages ??
What is the FIRST step in establishing an information security program? A. Identify critical security infrastructure B. Establish baseline security controls C. Establish an information security policy D. Identify factors affecting information security
C. Establish an information security policy ✔ (https://www.skillset.com/questions/what-is-the-first-step-when-developing-an-information-security-program#:~:text=help%20you%20prepare!-,What%20is%20the%20first%20step%20when%20developing%20an%20information%20security,corporate%20information%20security%20policy%20statement)
A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analys's next step? A. Send the log file co-workers for peer review B. Include the full network traffic logs in the incident report C. Follow organizational processes to alert the proper teams to address the issue. D. Ignore data as it is outside the scope of the investigation and the analyst's role
C. Follow organizational processes to alert the proper teams to address the issue
In order to support the least privilege security principle when a resource is transferring within the organization from a production support system administration role to a developer role, what changes should be made to that resource's access to the production Operating System (OS) directory structure? A. From Read Only privileges to No Access privileges B. From Author privileges to Administrative privileges C. From Administrative privileges to No Access privileges D. From No Access privileges to Author privileges
C. From Administrative privileges to No Access privileges
A vulnerability in which of the following components would be MOST difficult to detect? A. Kernel B. Shared libraries C. Hardware D. System application
C. Hardware
Which one of the following documentation should be included in a Disaster Recovery (DR) package? A. Source code, compiled code, firmware updates, operational log book and manuals B. Data encrypted in original format, auditable transaction data, and recovery instructions tailored for future extraction on demand C. Hardware configuration instructions, hardware configuration software, an operating system image, a data restoration option, media retrieval instructions, and contact information D. System configuration including hardware, software hardware interfaces, software Application Programming Interface (API) configuration, data structure, and transaction data from the previous period
C. Hardware configuration instructions, hardware configuration software, an operating system image, a data restoration option, media retrieval instructions, and contact information
To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded? A. Multiple-pass overwriting B. Degaussing C. High-level formatting D. Physical destruction
C. High-level formatting
Which security service is served by the process of encryption plaintext with the sender's private key and decrypting cipher text with the sender's public key? A. Confidentiality B. Integrity C. Identification D. Availability
C. Identification
What is the FIRST step required in establishing a records retention program? A. Classify records based on sensitivity B. Identify and inventory all records storage locations C. Identify and inventory all records D. Draft a records retention policy
C. Identify and inventory all records ?? (https://idm.net.au/article/0010163-5-steps-starting-records-management-program) 1. Evaluate legal & regulatory requirements 2. Classify assets and records 3. Determine retention periods and destruction procedures and methods 4. Draft asset retention policy 5. Provide training, awareness 6. Audit retention and destruction policy 7. Periodically review policy 8. Document audit results
What is the MAIN objective of risk analysis in Disaster Recovery (DR) planning? A. Establish Maximum Tolerable Downtime (MTD) Information Systems (IS) B. Define the variable cost for extended downtime scenarios C. Identify potential threats to business availability D. Establish personnel requirements for various downtime scenarios
C. Identify potential threats to business availability
Which of the following is mobile device remote fingerprinting? A. Installing an application to retrieve common characteristics of the device B. Storing information about a remote device in a cookie file C. Identifying a device based on common characteristics shared by all devices of a certain type D. Retrieving the serial number of the mobile device
C. Identifying a device based on common characteristics shared by all devices of a certain type ??
Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary? A. Limit access to predefined queries B. Segregate the database into a small number of partitions each with a separate security level C. Implement Role Based Access Control (RBAC) D. Reduce the number of people who have access to the system for statistical purposes
C. Implement Role Based Access Control (RBAC) ??
A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections? A. Develop a written organizational policy prohibiting unauthorized USB devices B. Train users on the dangers of transferring data in USB devices C. Implement centralized technical control of USB port connections D. Encrypt removable USB devices containing data at rest
C. Implement centralized technical control of USB port connections
In a dispersed network that lacks central control, which of the following is the PRIMARY course of action to mitigate exposure? A. Implement security policies and standards, data backups, and audit controls B. Implement management policies, audit control, and data backups C. Implement security policies and standards, access controls, and access limitations D. Implement remote access policies, shared workstations, and log management
C. Implement security policies and standards, access controls, and access limitations ??
Who is responsible for the protection of information when it is shared with or provided to other organizations? A. Systems owner B. Authorizing Official (AO) C. Information owner D. Security officer
C. Information owner
Which one of the following can be used to detect an anomaly in a system by keeping track of the state of files that do not normally change? A. System logs B. Anti-spyware C. Integrity checker D. Firewall logs
C. Integrity checker
An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective? A. Third-party vendor with access to the system B. System administrator access compromised C. Internal attacker with access to the system D. Internal user accidentally accessing data
C. Internal attacker with access to the system ???
Which of the following is an advantage of Secure Shell (SSH)? A. It operates at the network layer B. It encrypts transmitted User ID and passwords C. It uses challenge-response to authenticate each party D. It uses the International Data Encryption Algorithm (IDEA) for data privacy
C. It uses challenge-response to authenticate each party ??
A. It uses clear text and firewall rules B. It relies on Virtual Private Networks (VPN) C. It uses clear text and shared secret keys D. It relies on asymmetric encryption keys
C. It uses clear text and shared secret keys
Which concept might require users to use a second access token or to re-enter passwords to gain elevated access rights in the identity and access provisioning life cycle? A. Time-based B. Enrollment C. Least privilege D. Access review
C. Least privilege ??
Assume that a computer was powered off when an information security professional arrived at a crime scene. Which of the following actions should be performed after the crime scene is isolated? A. Turn the computer on and collect volatile data B. Turn the computer on and collect network information C. Leave the computer off and prepare the computer for transportation to the laboratory D. Remove the hard drive, prepare it for transportation, and leave the hardware at the scene
C. Leave the computer off and prepare the computer for transportation to the laboratory
Which of the following MUST be in place to recognize a system attack? A. Stateful firewall B. Distributed antivirus C. Log analysis D. Passive honeypot
C. Log analysis
A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process? A. Select and procure supporting technologies. B. Determine a budget and cost analysis for the program. C. Measure effectiveness of the program's stated goals. D. Educate and train key stakeholders
C. Measure effectiveness of the program's stated goals
At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled? A. Transport Layer B. Data-Link Layer C. Network Layer D. Application Layer
C. Network Layer
Which one of the following considerations has the LEAST impact when considering transmission security? A. Network availability B. Node locations C. Network bandwidth D. Data integrity
C. Network bandwidth
What technique used for spoofing the origin of an email can successfully conceal the sender's Internet Protocol (IP) address? A. Virtual Private Network (VPN) B. Change In-Reply-To data C. Onion routing D. Web crawling
C. Onion routing
Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)? A. Remote Authentication Dial-In User Service (RADIUS) B. Terminal Access Controller Access Control System Plus (TACACS+) C. Open Authorization (OAuth) D. Security Assertion Markup Language (SAML)
C. Open Authorization (OAuth) (https://www.softwaresecured.com/federated-identities-openid-vs-saml-vs-oauth/)
What is an advantage of Elliptic Curve Cryptography (ECC)? A. Cryptographic approach that does not require a fixed-length key B. Military-strength security that does not depend upon secrecy of the algorithm C. Opportunity to use shorter keys for the same level of security D. Ability to use much longer keys for greater security
C. Opportunity to use shorter keys for the same level of security ✔️
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations? A. Walkthrough B. Simulation C. Parallel D. White box
C. Parallel (Paper test: Individuals read and annotate recovery plans. Walkthrough test: Groups walk through plans to identify issues and changes. Simulation: Groups go through a simulated disaster to identify whether emergency response plans are adequate. Parallel test: Recovery systems are built/set up and tested to see if they can perform actual business transactions to support key processes. Primary systems still carry the full production workload. Cutover test: Recovery systems are built/set up to assume the full production workload. You disconnect primary systems.)
Which of the following is a remote access protocol that uses a static authentication? A. Point-to-Point Tunneling Protocol (PPTP) B. Routing Information Protocol (RIP) C. Password Authentication Protocol (PAP) D. Challenge Handshake Authentication Protocol (CHAP)
C. Password Authentication Protocol (PAP)
Transport Layer Security (TLS) provides which of the following capabilities for a remote access server? A. Transport layer handshake compression B. Application layer negotiation C. Peer identity authentication D. Digital certificate revocation
C. Peer identity authentication
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements? A. Development, testing, and deployment B. Prevention, detection, and remediation C. People, technology, and operations D. Certification, accreditation, and monitoring
C. People, technology, and operations
Which of the following actions should be taken by a security professional when a mission critical computer network attack is suspected? A. Isolate the network, log an independent report, fix the problem, and redeploy the computer B. Isolate the network, install patches, and report the occurrence C. Prioritize, report and investigate the occurrence D. Turn the router off, perform forensic analysis, apply the appropriate fix, and log incidents
C. Prioritize, report and investigate the occurrence
An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement? A. Application Manager B. Database Administrator C. Privacy Officer D. Finance Manager
C. Privacy Officer
In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs? A. Developers checking out source code without approval B. Developers using rapid application development (RAD) methodologies without approval C. Promoting programs to production without approval D. Modifying source code without approval
C. Promoting programs to production without approval ??
From a cryptographic perspective, the service of non-repudiation includes which of the following features? A. Validity of digital certificates B. Validity of the authorization rules C. Proof of authenticity of the message D. Proof of integrity of the message
C. Proof of authenticity of the message
Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine? A. Addresses and protocols of network-based logs are analyzed. B. Host-based system logging has files stored in multiple locations. C. Properly handled network-based logs may be more reliable and valid. D. Network-based systems cannot capture users logging into the console
C. Properly handled network-based logs may be more reliable and valid ??
Which of the following is a canon of the (ISC) Code of Ethics? A. Integrity first, association before self, and excellence in all we do B. Perform all professional activities and duties in accordance with all applicable laws and the highest ethical standards C. Provide diligent and competent service to principals D. Cooperate with others in the interchange of knowledge and ideas for mutual security
C. Provide diligent and competent service to principals
When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security? A. Accept the risk on behalf of the organization. B. Report findings to the business to determine security gaps. C. Quantify the risk to the business for product selection. D. Approve the application that best meets security requirements
C. Quantify the risk to the business for product selection
As a best practice, the Security Assessment Report (SAR) should include which of the following sections? A. Data classification policy B. Software and hardware inventory C. Remediation recommendations D. Names of participants
C. Remediation recommendations ????
What is the BEST method if an investigator wishes to analyze a hard drive which may be used as evidence? A. Leave the hard drive in place and use only verified and authenticated Operating Systems (OS) utilities to analyze the contents B. Log into the system and immediately make a copy of all relevant files to a Write Once, Read Many (WORM) device C. Remove the hard drive from the system and make a copy of the hard drive's contents using imaging hardware D. Use a separate bootable device to make a copy of the hard drive before booting the system and analyzing the hard drive
C. Remove the hard drive from the system and make a copy of the hard drive's contents using imaging hardware
Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks? A. Simplicity of network configuration and network monitoring B. Removes the need for decentralized management solutions C. Removes the need for dedicated virtual security controls D. Simplicity of network configuration and network redundancy
C. Removes the need for dedicated virtual security controls ??
A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and communications are established. What MUST be considered or evaluated before performing the next step? A. Notifying law enforcement is crucial before hashing the contents of the server hard drive B. Identifying who executed the incident is more important than how the incident happened C. Removing the server from the network may prevent catching the intruder D. Copying the contents of the hard drive to another storage device may damage the evidence
C. Removing the server from the network may prevent catching the intruder
The goal of a Business Impact Analysis (BIA) is to determine which of the following? A. Cost effectiveness of business recovery B. Cost effectiveness of installing software security patches C. Resource priorities for recovery and Maximum Tolerable Downtime (MTD) D. Which security measures should be implemented
C. Resource priorities for recovery and Maximum Tolerable Downtime (MTD)
Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues? A. Test B. Assessment C. Review D. Peer review
C. Review
Which of the following is considered the PRIMARY security issue associated with encrypted e-mail messages? A. Key distribution B. Storing attachments in centralized repositories C. Scanning for viruses and other malware D. Greater costs associated for backups and restores
C. Scanning for viruses and other malware
Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection? A. Temporal Key Integrity Protocol (TKIP) B. Secure Hash Algorithm (SHA) C. Secure Shell (SSH) D. Transport Layer Security (TLS)
C. Secure Shell (SSH) ?????? (Tunneling / port forwarding?)
The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for which of the following operations? A. Bulk data encryption and decryption B. One-way secure hashing for user and message authentication C. Secure key exchange for symmetric cryptography D. Creating digital checksums for message integrity
C. Secure key exchange for symmetric cryptography
Which of the following offers the BEST security functionality for transmitting authentication tokens? A. JavaScript Object Notation (JSON) B. Terminal Access Controller Access Control System (TACACS) C. Security Assertion Markup Language (SAML) D. Remote Authentication Dial-In User Service (RADIUS)
C. Security Assertion Markup Language (SAML)
A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization? A. Trusted third-party certification B. Lightweight Directory Access Protocol (LDAP) C. Security Assertion Markup language (SAML) D. Cross-certification
C. Security Assertion Markup language (SAML)
Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution? A. Notification tool B. Message queuing tool C. Security token tool D. Synchronization tool
C. Security token tool
Which action is MOST effective for controlling risk and minimizing maintenance costs in the software supply chain? A. Selecting redundant suppliers B. Selecting suppliers based on business requirements C. Selecting fewer, more reliable suppliers D. Selecting software suppliers with the fewest known vulnerabilities
C. Selecting fewer, more reliable suppliers ??
Access to which of the following is required to validate web session management? A. Log timestamp B. Live session traffic C. Session state variables D. Test scripts
C. Session state variables
Which of the following alarm systems is recommended to detect intrusions through windows in a high-noise, occupied environment? A. Acoustic sensor B. Motion sensor C. Shock sensor D. Photoelectric sensor
C. Shock sensor
What is the MAIN reason for having a developer sign a Non-Disclosure Agreement (NDA)? A. Signing the NDA always gives consent to the developer to access tools and privileged company information to do their work. B. Signing the NDA allows the developer to use their developed coding methods. C. Signing the NDA protects confidential, technical, or Intellectual Property (IP) from disclosure to others. D. Signing the NDA is legally binding for up to one year of employment
C. Signing the NDA protects confidential, technical, or Intellectual Property (IP) from disclosure to others
What should be the FIRST action to protect the chain of evidence when a desktop computer is involved? A. Take the computer to a forensic lab B. Make a copy of the hard drive C. Start documenting D. Turn off the computer
C. Start documenting
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas? A. Install mantraps at the building entrances B. Enclose the personnel entry area with polycarbonate plastic C. Supply a duress alarm for personnel exposed to the public D. Hire a guard to protect the public area
C. Supply a duress alarm for personnel exposed to the public
A. Each control's effectiveness must be evaluated individually B. Each control must completely mitigate the risk C. The control set must adequately mitigate the risk D. The control set must evenly divide the risk
C. The control set must adequately mitigate the risk
Which of the following is the MOST challenging issue in apprehending cyber criminals? A. They often use sophisticated method to commit a crime. B. It is often hard to collect and maintain integrity of digital evidence. C. The crime is often committed from a different jurisdiction. D. There is often no physical evidence involved.
C. The crime is often committed from a different jurisdiction
What does the Maximum Tolerable Downtime (MTD) determine? A. The estimated period of time a business critical database can remain down before customers are affected. B. The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning C. The estimated period of time a business can remain interrupted beyond which it risks never recovering D. The fixed length of time in a DR process before redundant systems are engaged
C. The estimated period of time a business can remain interrupted beyond which it risks never recovering (https://www.strategiccompanies.com/maximum-tolerable-downtime)
In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network? A. The second of two routers can periodically check in to make sure that the first router is operational. B. The second of two routers can better absorb a Denial of Service (DoS) attack knowing the first router is present. C. The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly. D. The first of two routers can better handle specific traffic, while the second handles the rest of the traffic seamlessly.
C. The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly
A. Laws and regulations may change in the interim, making it unnecessary to retain the information B. The expense of retaining the information could become untenable for the organization C. The organization may lose track of the information and not dispose of it securely D. The technology needed to retrieve the information may not be available in the future
C. The organization may lose track of the information and not dispose of it securely
Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services? A. The acquiring organization B. The service provider C. The risk executive (function) D. The IT manager
C. The risk executive (function) ?? (Probably not)
Which of the following open source software issues pose the MOST risk to an application? A. The software is beyond end of life and the vendor is out of business. B. The software is not used or popular in the development community. C. The software has multiple Common Vulnerabilities and Exposures (CVE) and only some are remediated. D. The software has multiple Common Vulnerabilities and Exposures (CVE) but the CVEs are classified as low risks
C. The software has multiple Common Vulnerabilities and Exposures (CVE) and only some are remediated
Which of the following is the BEST reason to apply patches manually instead of automated patch management? A. The cost required to install patches will be reduced. B. The time during which systems will remain vulnerable to an exploit will be decreased. C. The target systems reside within isolated networks. D. The ability to cover large geographic areas is increased
C. The target systems reside within isolated networks
Why are packet filtering routers used in low-risk environments? A. They are high-resolution source discrimination and identification tools B. They are fast and flexible, and protect against Internet Protocol (IP) spoofing C. They are fast, flexible, and transparent D. They enforce strong user authentication and audit log generation
C. They are fast, flexible, and transparent (Do not protect against spoofing)
Which of the following practices provides the development team with a definition of security and identification of threats in designing software? A. Penetration testing B. Stakeholder review C. Threat modeling D. Requirements review
C. Threat modeling
What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities? A. Manual inspections and reviews B. Penetration testing C. Threat modeling D. Source code review
C. Threat modeling (https://owasp.org/www-project-web-security-testing-guide/assets/archive/OWASP_Testing_Guide_v4.pdf)
When writing security assessment procedures, what is the MAIN purpose of the test outputs and reports? A. To force the software to fail and document the process B. To find areas of compromise in confidentiality and integrity C. To allow for objective pass or fail decisions D. To identify malware or hidden code within the test results
C. To allow for objective pass or fail decisions
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)? A. To ensure Information Technology (IT) staff knows and performs roles assigned to each of them B. To validate backup sitesג€™ effectiveness C. To find out what does not work and fix it D. To create a high level DRP awareness among Information Technology (IT) staff
C. To find out what does not work and fix it ??
What is the motivation for use of the Online Certificate Status Protocol (OCSP)? A. To return information on multiple certificates B. To control access to Certificate Revocation List (CRL) requests C. To provide timely up-to-date responses to certificate queries D. To issue X.509v3 certificates more quickly
C. To provide timely up-to-date responses to certificate queries
What is the MAIN purpose of a change management policy? A. To assure management that changes to the Information Technology (IT) infrastructure are necessary B. To identify the changes that may be made to the Information Technology (IT) infrastructure C. To verify that changes to the Information Technology (IT) infrastructure are approved D. To determine the necessary for implementing modifications to the Information Technology (IT) infrastructure
C. To verify that changes to the Information Technology (IT) infrastructure are approved ??
What is the MOST efficient way to verify the integrity of database backups? A. Test restores on a regular basis. B. Restore every file in the system to check its health. C. Use checksum as part of the backup operation to make sure that no corruption has occurred. D. Run DBCC CHECKDB on a regular basis to check the logical and physical integrity of the database objects
C. Use checksum as part of the backup operation to make sure that no corruption has occurred
Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following? A. Mutual authentication B. Server authentication C. User authentication D. Streaming ciphertext data
C. User authentication
The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability? A. Two-factor authentication (2FA) B. Single sign-on (SSO) C. User self-service D. A metadirectory
C. User self-service
The core component of Role Based Access Control (RBAC) must be constructed of defined data elements. Which elements are required? A. Users, permissions, operations, and protected objects B. Roles, accounts, permissions, and protected objects C. Users, roles, operations, and protected objects D. Roles, operations, accounts, and protected objects
C. Users, roles, operations, and protected objects
Which of the following attacks is dependent upon the compromise of a secondary target in order to reach the primary target? A. Spear phishing B. Address Resolution Protocol (ARP) poisoning C. Watering hole D. Brute force
C. Watering hole ??
An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application? A. Reasonable data testing B. Input validation testing C. Web session testing D. Allowed data bounds and limits testing
C. Web session testing (Web Session Testing - Some Web browsers require that you log in before the first webpage is opened. To check that these browsers function correctly, create a test that tries to open webpages in the tested application without logging in.)
Which of the following provides for the STRONGEST protection of data confidentiality in a Wi-Fi environment? A. Wi-Fi Protected Access (WPA) + Temporal Key Integrity Protocol (TKIP) B. Wi-Fi Protected Access 2 (WPA2) + Advanced Encryption Standard (AES) C. Wi-Fi Protected Access 2 (WPA2) + Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) D. Wired Equivalent Privacy (WEP) + Advanced Encryption Standard (AES)
C. Wi-Fi Protected Access 2 (WPA2) + Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) ??? (WPA2+CCMP >> WPA2+AES ??)
Individual access to a network is BEST determined based on: A. risk matrix B. value of the data C. business need D. data classification
C. business need
Reciprocal backup site agreements are considered to be A. a better alternative than the use of warm sites. B. difficult to test for complex systems. C. easy to implement for similar types of organizations. D. easy to test and implement for complex systems
C. easy to implement for similar types of organizations
Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a A. clear-text attack. B. known cipher attack. C. frequency analysis. D. stochastic assessment.
C. frequency analysis
The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data A. through a firewall at the Session layer B. through a firewall at the Transport layer C. in the Point-to-Point Protocol (PPP) D. in the Payload Compression Protocol (PCP)
C. in the Point-to-Point Protocol (PPP)
An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to: A. encrypt the contents of the repository and document any exceptions to that requirement B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected C. keep individuals with access to high security areas from saving those documents into lower security areas D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA)
C. keep individuals with access to high security areas from saving those documents into lower security areas
Determining outage costs caused by a disaster can BEST be measured by the A. cost of redundant systems and backups. B. cost to recover from an outage. C. overall long-term impact of the outage. D. revenue lost during the outage
C. overall long-term impact of the outage
Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack? A. parameterized database queries B. whitelist input values C. synchronized session tokens D. use strong ciphers
C. synchronized session tokens
An organization's information security strategic plan MUST be reviewed A. whenever there are significant changes to a major application. B. quarterly, when the organization's strategic plan is updated. C. whenever there are major changes to the business. D. every three years, when the organization's strategic plan is updated.
C. whenever there are major changes to the business
Which of the following is the GREATEST benefit of implementing a Role Based Access Control (RBAC) system? A. Integration using Lightweight Directory Access Protocol (LDAP) B. Form-based user registration process C. Integration with the organizations Human Resources (HR) system D. A considerably simpler provisioning process
D. A considerably simpler provisioning process
Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)? A. The likelihood and impact of a vulnerability B. Application interface entry and endpoints C. Countermeasures and mitigations for vulnerabilities D. A data flow diagram for the application and attack surface analysis
D. A data flow diagram for the application and attack surface analysis
Data remanence is the biggest threat in which of the following scenarios? A. A physical disk drive has been overwritten and reused within a datacenter B. A physical disk drive has been degaussed, verified, and released to a third party for destruction C. A flash drive has been overwritten, verified, and reused within a datacenter D. A flash drive has been overwritten and released to a third party for destruction
D. A flash drive has been overwritten and released to a third party for destruction ??
A system with Internet Protocol (IP) address 10.102.10.2 has a physical address of 00:00:08:00:12:13:14:2f. The following static entry is added to its Address Resolution Protocol (ARP) table: 10.102.10.6: 00:00:08:00:12:13:14:2f. What form of attack could this represent? A. A Denial of Service (DoS) attack against the gateway router because the router can no longer accept packets from 10.102.10.2 B. A transport layer attack that prevents the resolution of 10.102.10.6 address C. A Denial of Service (DoS) attack against 10.102.10.2 because it cannot respond correctly to ARP requests D. A masquerading attack that sends packets intended for 10.102.10.6 to 10.102.10.2
D. A masquerading attack that sends packets intended for 10.102.10.6 to 10.102.10.2
During a fingerprint verification process, which of the following is used to verify identity and authentication? A. A pressure value is compared with a stored template B. Sets of digits are matched with stored values C. A hash table is matched to a database of stored value D. A template of minutiae is compared with a stored template
D. A template of minutiae is compared with a stored template
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined? A. After the system preliminary design has been developed and the data security categorization has been performed B. After the vulnerability analysis has been performed and before the system detailed design begins C. After the system preliminary design has been developed and before the data security categorization begins D. After the business functional analysis and the data security categorization have been performed
D. After the business functional analysis and the data security categorization have been performed ??
An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data? A. Aggregate it into one database in the US B. Process it in the US, but store the information in France C. Share it with a third party D. Anonymize it and process it in the US
D. Anonymize it and process it in the US
A proxy firewall operates at what layer of the Open System Interconnection (OSI) model? A. Transport B. Data link C. Network D. Application
D. Application
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located? A. Link layer B. Physical layer C. Session layer D. Application layer
D. Application layer ??
Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/Internet Protocol (TCP/IP) traffic? A. Packet-filter firewall B. Content-filtering web proxy C. Stateful inspection firewall D. Application-level firewall
D. Application-level firewall (Best answer would be deep packet inspection firewall (DPIF))
A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again? A. Define additional security controls directly after the merger B. Include a procurement officer in the merger team C. Verify all contracts before a merger occurs D. Assign a compliancy officer to review the merger conditions
D. Assign a compliancy officer to review the merger conditions
Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards? A. Personal Identity Verification (PIV) B. Cardholder Unique Identifier (CHUID) authentication C. Physical Access Control System (PACS) repeated attempt detection D. Asymmetric Card Authentication Key (CAK) challenge-response
D. Asymmetric Card Authentication Key (CAK) challenge-response
When would an organization review a Business Continuity Management (BCM) system? A. When major changes occur on systems B. When personnel changes occur C. Before and after Disaster Recovery (DR) tests D. At planned intervals
D. At planned intervals (https://www.gov.mb.ca/emo/pdfs/bcont_e.pdf: (https://insights.diligent.com/business-continuity/bcp-maintenance/)
What access control scheme uses fine-grained rules to specify the conditions under which access to each data item or applications is granted? A. Mandatory Access Control (MAC) B. Discretionary Access Control (DAC) C. Role Based Access Control (RBAC) D. Attribute Based Access Control (ABAC)
D. Attribute Based Access Control (ABAC)
Which of the following is a PRIMARY advantage of using a third-party identity service? A. Consolidation of multiple providers B. Directory synchronization C. Web based logon D. Automated account management
D. Automated account management
Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider's customers? A. Security B. Privacy C. Access D. Availability
D. Availability ?? (Security. Availability. Confidentiality. Privacy. Processing Integrity)
What is the expected outcome of security awareness in support of a security awareness program? A. Awareness activities should be used to focus on security concerns and respond to those concerns accordingly B. Awareness is not an activity or part of the training but rather a state of persistence to support the program C. Awareness is training. The purpose of awareness presentations is to broaden attention of security. D. Awareness is not training. The purpose of awareness presentation is simply to focus attention on security.
D. Awareness is not training. The purpose of awareness presentation is simply to focus attention on security ✔
An organization has discovered that users are visiting unauthorized websites using anonymous proxies. Which of the following is the BEST way to prevent future occurrences? A. Remove the anonymity from the proxy B. Analyze Internet Protocol (IP) traffic for proxy requests C. Disable the proxy server on the firewall D. Block the Internet Protocol (IP) address of known anonymous proxies
D. Block the Internet Protocol (IP) address of known anonymous proxies ??
A group of organizations follows the same access standards and practices. One manages the verification and due diligence processes for the others. For a user to access a resource from one of the organizations, a check is made to see if that user has been certified. Which Federated Identity Management (FIM) process is this an example of? A. One-time authentication B. Web based access management C. Cross-certification model D. Bridge model
D. Bridge model (https://www.coursehero.com/file/p5o95rnc/The-trusted-third-party-model-of-FIM-uses-a-single-organization-to-manage-the/)
What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle? A. Man-in-the-Middle (MITM) B. Denial of Service (DoS) C. Domain Name Server (DNS) poisoning D. Buffer overflow
D. Buffer overflow
Which of the following is the reason that transposition ciphers are easily recognizable? A. Key B. Block C. Stream D. Character
D. Character
Who would be the BEST person to approve an organizations information security policy? A. Chief Information Officer (CIO) B. Chief Information Security Officer (CISO) C. Chief internal auditor D. Chief Executive Officer (CEO)
D. Chief Executive Officer (CEO) ??
Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages? A. Redundant hardware, disk spanning, and patching B. Load balancing, power reserves, and disk spanning C. Backups, clustering, and power reserves D. Clustering, load balancing, and fault-tolerant options
D. Clustering, load balancing, and fault-tolerant options ??
Which technique can be used to make an encryption scheme more resistant to a known plaintext attack? A. Hashing the data before encryption B. Hashing the data after encryption C. Compressing the data after encryption D. Compressing the data before encryption
D. Compressing the data before encryption
A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack targeting its web application, unless ransom is paid. Which of the following techniques BEST addresses that threat? A. Deploying load balancers to distribute inbound traffic across multiple data centers B. Set Up Web Application Firewalls (WAFs) to filter out malicious traffic C. Implementing reverse web-proxies to validate each new inbound connection D. Coordinate with and utilize capabilities within Internet Service Provider (ISP
D. Coordinate with and utilize capabilities within Internet Service Provider (ISP)
Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following? A. Hardware and software compatibility issues B. Applications' critically and downtime tolerance C. Budget constraints and requirements D. Cost/benefit analysis and business objectives
D. Cost/benefit analysis and business objectives
Which of the following is the PRIMARY risk with using open source software in a commercial software construction? A. Lack of software documentation B. License agreements requiring release of modified code C. Expiration of the license agreement D. Costs associated with support of the software
D. Costs associated with support of the software
An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced? A. Data leakage B. Unfiltered channel C. Data emanation D. Covert channel
D. Covert channel
Which of the following is the FIRST step during digital identity provisioning? A. Authorizing the entity for resource access B. Synchronizing directories C. Issuing an initial random password D. Creating the entity record with the correct attributes
D. Creating the entity record with the correct attributes
Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage? A. Transference B. Covert channel C. Bleeding D. Cross-talk
D. Cross-talk
Topic 1 During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory? A. Calculate the value of assets being accredited. B. Create a list to include in the Security Assessment and Authorization package. C. Identify obsolete hardware and software. D. Define the boundaries of the information system.
D. Define the boundaries of the information system ? (Collecting hardware and software inventory information is the first big step in developing a Security Package. This inventory will define the authorization boundary as well as the scope (and the cost) of your project, so it is important to develop a complete and accurate inventory https://www.sciencedirect.com/topics/computer-science/authorization-boundary)
Which of the following is the MOST relevant risk indicator after a penetration test? A. Lists of hosts vulnerable to remote exploitation attacks B. Details of vulnerabilities and recommended remediation C. Lists of target systems on the network identified and scanned for vulnerabilities D. Details of successful vulnerability exploitations
D. Details of successful vulnerability exploitations
What is the FIRST action a security professional needs to take while assessing an organization's asset security in order to properly classify and protect access to data? A. Verify the various data classification models implemented for different environments. B. Determine the level of access for the data and systems. C. Verify if confidential data is protected with cryptography. D. Determine how data is accessed in the organization
D. Determine how data is accessed in the organization
Which of the following is the MOST important goal of information asset valuation? A. Developing a consistent and uniform method of controlling access on information assets B. Developing appropriate access control policies and guidelines C. Assigning a financial value to an organization's information assets D. Determining the appropriate level of protection
D. Determining the appropriate level of protection
Which of the following is a PRIMARY challenge when running a penetration test? A. Determining the cost B. Establishing a business case C. Remediating found vulnerabilities D. Determining the depth of coverage
D. Determining the depth of coverage ??
Which of the following is the MOST effective practice in managing user accounts when an employee is terminated? A. Implement processes for automated removal of access for terminated employees. B. Delete employee network and system IDs upon termination. C. Manually remove terminated employee user-access to all systems and applications. D. Disable terminated employee network ID to remove all access.
D. Disable terminated employee network ID to remove all access
A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was this error MOST likely made? A. Enumeration B. Reporting C. Detection D. Discovery
D. Discovery ??
What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators? A. Isolate and contain the intrusion. B. Notify system and application owners. C. Apply patches to the Operating Systems (OS). D. Document and verify the intrusion
D. Document and verify the intrusion ??
An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the FIRST action to be taken? A. Recommend an update to the change control process B. Verify the approval of the configuration change C. Roll back the application to the original configuration D. Document the changes to the configuration
D. Document the changes to the configuration
When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets? A. Log all activities associated with sensitive systems B. Provide links to security policies C. Confirm that confidentially agreements are signed D. Employ strong access controls
D. Employ strong access controls ??
How does Encapsulating Security Payload (ESP) in transport mode affect in the Internet Protocol (IP)? A. Authenticates the IP payload and selected portions of the IP header B. Encrypts and optionally authenticates the complete IP packet C. Encrypts and optionally authenticates the IP header, but not the IP payload D. Encrypts and optionally authenticates the IP payload, but not the IP header
D. Encrypts and optionally authenticates the IP payload, but not the IP header
In which identity management process is the subject's identity established? A. Trust B. Provisioning C. Authorization D. Enrollment
D. Enrollment
What is the PRIMARY reason for implementing change management? A. Certify and approve releases to the environment B. Provide version rollbacks for system changes C. Ensure that all applications are approved D. Ensure accountability for changes to the environment
D. Ensure accountability for changes to the environment
What is the BEST approach to annual safety training? A. Base safety training requirements on staff member job descriptions. B. Safety training should address any gaps in a staff member's skill set. C. Ensure that staff members in positions with known safety risks are given proper training. D. Ensure that all staff members are provided with identical safety training
D. Ensure that all staff members are provided with identical safety training ??
As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed? A. Use a web scanner to scan for vulnerabilities within the website. B. Perform a code review to ensure that the database references are properly addressed. C. Establish a secure connection to the web server to validate that only the approved ports are open. D. Enter only numbers in the web form and verify that the website prompts the user to enter a valid input
D. Enter only numbers in the web form and verify that the website prompts the user to enter a valid input
Following a penetration test, what should an organization do FIRST? A. Review all security policies and procedures B. Ensure staff is trained in security C. Determine if you need to conduct a full security assessment D. Evaluate the problems identified in the test result
D. Evaluate the problems identified in the test result
What does a Synchronous (SYN) flood attack do? A. Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state B. Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections C. Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections
D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections
When planning a penetration test, the tester will be MOST interested in which information? A. Places to install back doors B. The main network access points C. Job application handouts and tours D. Exploits that can attack weaknesses
D. Exploits that can attack weaknesses ????
A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled. Why did the network architect likely design the VoIP system with gratuitous ARP disabled? A. Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1. B. Gratuitous ARP requires the use of insecure layer 3 protocols. C. Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone. D. Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack
D. Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack
Which of the following BEST describes botnets? A. Computer systems on the Internet that are set up to trap people who attempt to penetrate other computer systems B. Set of related programs that protects the resources of a private network from other networks C. Small network inserted in a neutral zone between an organization's private network and the outside public network D. Groups of computers that are used to launch destructive attacks
D. Groups of computers that are used to launch destructive attacks
Which of the following is the BEST metric to obtain when gaining support for an Identify and Access Management (IAM) solution? A. Application connection successes resulting in data leakage B. Administrative costs for restoring systems after connection failure C. Employee system timeouts from implementing wrong limits D. Help desk costs required to support password reset requests
D. Help desk costs required to support password reset requests
What is the PRIMARY objective of an application security assessment? A. Obtain information security management approval B. Maintain the integrity of the application C. Obtain feedback before implementation D. Identify vulnerabilities
D. Identify vulnerabilities
When dealing with shared, privileged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs? A. Implement a password vaulting solution B. Lock passwords in tamperproof envelopes in a safe C. Regularly change the passwords D. Implement a strict access control policy
D. Implement a strict access control policy
An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attackerג€™s ability to gain further information? A. Implement packet filtering on the network firewalls B. Install Host Based Intrusion Detection Systems (HIDS) C. Require strong authentication for administrators D. Implement logical network segmentation at the switches
D. Implement logical network segmentation at the switches
Which of the following would an internal technical security audit BEST validate? A. Whether managerial controls are in place B. Support for security programs by executive management C. Appropriate third-party system hardening D. Implementation of changes to a system
D. Implementation of changes to a system
In the Common Criteria (CC) for Information Technology (IT) security evaluation, increasing Evaluation Assurance Levels (EAL) results in which of the following? A. Increase in evaluated systems B. Increased interoperability C. Increased functionality D. Increase in resource requirement
D. Increase in resource requirement ?? (https://en.wikipedia.org/wiki/Evaluation_Assurance_Level)
A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action? A. Ignore the request and do not perform the change. B. Perform the change as requested, and rely on the next audit to detect and report the situation. C. Perform the change, but create a change ticket regardless to ensure there is complete traceability. D. Inform the audit committee or internal audit directly using the corporate whistleblower process
D. Inform the audit committee or internal audit directly using the corporate whistleblower process
When determining who can accept the risk associated with a vulnerability, which of the following is MOST important? A. Countermeasure effectiveness B. Type of potential loss C. Incident likelihood D. Information ownership
D. Information ownership ??
An organization seeks to use a cloud Identity and Access Management (IAM) provider whose protocols and data formats are incompatible with existing systems. Which of the following techniques addresses the compatibility issue? A. Require the cloud IAM provider to use declarative security instead of programmatic authentication checks B. Integrate a Web-Application Firewall (WAF) in reverse-proxy mode in front of the service provider C. Apply Transport Layer Security (TLS) to the cloud-based authentication checks D. Install an on-premise Authentication Gateway Service (AGS) in front of the service provider
D. Install an on-premise Authentication Gateway Service (AGS) in front of the service provider
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause? A. Absence of a Business Intelligence (BI) solution B. Inadequate cost modeling C. Improper deployment of the Service-Oriented Architecture (SOA) D. Insufficient Service Level Agreement (SLA)
D. Insufficient Service Level Agreement (SLA)
An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern? A. Ownership B. Confidentiality C. Availability D. Integrity
D. Integrity ??
In order to assure authenticity, which of the following are required? A. Confidentiality and authentication B. Confidentiality and integrity C. Authentication and non-repudiation D. Integrity and non-repudiation
D. Integrity and non-repudiation (Public-key provides integrity and non-repudiation to ensure authenticity)
Which of the following is the FIRST step in the incident response process? A. Determine the cause of the incident B. Disconnect the system involved from the network C. Isolate and contain the system involved D. Investigate all symptoms to confirm the incident
D. Investigate all symptoms to confirm the incident
What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application? A. Disable all unnecessary services B. Ensure chain of custody C. Prepare another backup of the system D. Isolate the system from the network
D. Isolate the system from the network ??
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management? A. Implementation Phase B. Initialization Phase C. Cancellation Phase D. Issued Phase
D. Issued Phase (https://www.securew2.com/blog/four-stages-certificate-life-cycle/) 1 - Certificate Enrollment 2 - Certificate Distribution 3 - Certificate Validation 4 - Certificate Revocation
From a security perspective, which of the following assumptions MUST be made about input to an application? A. It is tested B. It is logged C. It is verified D. It is untrusted
D. It is untrusted
According to the Capability Maturity Model Integration (CMMI), which of the following levels is identified by a managed process that is tailored from the organization's set of standard processes according to the organization's tailoring guidelines? A. Level 0: Incomplete B. Level 1: Performed C. Level 2: Managed D. Level 3: Defined
D. Level 3: Defined
Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach? A. End-to-end data encryption for data in transit B. Continuous monitoring of potential vulnerabilities C. A strong breach notification process D. Limited collection of individuals' confidential data
D. Limited collection of individuals' confidential data ??
Which attack defines a piece of code that is inserted into software to trigger a malicious function? A. Phishing B. Salami C. Back door D. Logic bomb
D. Logic bomb
Which of the following benefits does Role Based Access Control (RBAC) provide for the access review process? A. Lowers the amount of access requests after review B. Gives more control into the revocation phase C. Gives more fine-grained access analysis to accesses D. Lowers the number of items to be reviewed
D. Lowers the number of items to be reviewed (since its role based you have less groups to review)
Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)? A. Reduce the probability of identification B. Detect further compromise of the target C. Destabilize the operation of the host D. Maintain and expand control
D. Maintain and expand control
Which of the following is a characteristic of an internal audit? A. An internal audit is typically shorter in duration than an external audit. B. The internal audit schedule is published to the organization well in advance. C. The internal auditor reports to the Information Technology (IT) department D. Management is responsible for reading and acting upon the internal audit results
D. Management is responsible for reading and acting upon the internal audit results
Which of the following is the BEST way to mitigate circumvention of access controls? A. Multi-layer access controls working in isolation B. Multi-vendor approach to technology implementation C. Multi-layer firewall architecture with Internet Protocol (IP) filtering enabled D. Multi-layer access controls with diversification of technologies
D. Multi-layer access controls with diversification of technologies
Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress? A. Intrusion Prevention Systems (IPS) B. Intrusion Detection Systems (IDS) C. Stateful firewalls D. Network Behavior Analysis (NBA) tools
D. Network Behavior Analysis (NBA) tools
Why should Open Web Application Security Project (OWASP) Application Security Verification Standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application? A. Most regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications B. Securing applications at ASVS Level 1 provides adequate protection for sensitive data C. ASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats D. Opportunistic attackers will look for any easily exploitable vulnerable applications
D. Opportunistic attackers will look for any easily exploitable vulnerable applications
Which one of the following affects the classification of data? A. Assigned security label B. Multilevel Security (MLS) architecture C. Minimum query size D. Passage of time
D. Passage of time
Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives? A. Delete every file on each drive. B. Destroy the partition table for each drive using the command line. C. Degauss each drive individually. D. Perform multiple passes on each drive using approved formatting methods
D. Perform multiple passes on each drive using approved formatting methods ??
A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach? A. Reduce application development costs. B. Potential threats are addressed later in the Software Development Life Cycle (SDLC). C. Improve user acceptance of implemented security controls. D. Potential threats are addressed earlier in the Software Development Life Cycle (SDLC).
D. Potential threats are addressed earlier in the Software Development Life Cycle (SDLC)
How is it possible to extract private keys securely stored on a cryptographic smartcard? A. Bluebugging B. Focused ion-beam C. Bluejacking D. Power analysis
D. Power analysis
Why is lexical obfuscation in software development discouraged by many organizations? A. Problems compiling the code B. Problems writing test cases C. Problems maintaining data connections D. Problems recovering systems after disaster
D. Problems recovering systems after disaster??
What is the BEST approach to addressing security issues in legacy web applications? A. Debug the security issues B. Migrate to newer, supported applications where possible C. Conduct a security assessment D. Protect the legacy application with a web application firewall
D. Protect the legacy application with a web application firewall
Which media sanitization methods should be used for data with a high security categorization? A. Clear or destroy B. Clear or purge C. Destroy or delete D. Purge or destroy
D. Purge or destroy
In fault-tolerant systems, what do rollback capabilities permit? A. Identifying the error that caused the problem B. Isolating the error that caused the problem C. Allowing the system to run in a reduced manner D. Restoring the system to a previous functional state
D. Restoring the system to a previous functional state
A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used? A. Triple Data Encryption Standard (3DES) B. Advanced Encryption Standard (AES) C. Digital Signature Algorithm (DSA) D. Rivest-Shamir-Adleman (RSA)
D. Rivest-Shamir-Adleman (RSA)
The organization would like to deploy an authorization mechanism for an Information Technology (IT) infrastructure project with high employee turnover. Which access control mechanism would be preferred? A. Attribute Based Access Control (ABAC) B. Discretionary Access Control (DAC) C. Mandatory Access Control (MAC) D. Role-Based Access Control (RBAC)
D. Role-Based Access Control (RBAC)
A data owner determines the appropriate job-based access for an employee to perform their duties. Which type of access control is this? A. Discretionary Access Control (DAC) B. Non-discretionary access control C. Mandatory Access Control (MAC) D. Role-based access control (RBAC)
D. Role-based access control (RBAC)
Which of the following Service Organization Control (SOC) report types should an organization request if they require a period of time report covering security and availability for a particular system? A. SOC 1 Type 1 B. SOC 1 Type 2 C. SOC 2 Type 1 D. SOC 2 Type 2
D. SOC 2 Type 2 (SOC 1 is for financial issue, SOC 2 and 3 covers for Security issues. Type 1 is for a moment in time (snapshot). Type 2 is for a period in time)
What Service Organization Controls (SOC) report can be freely distributed and used by customers to gain confidence in a service organization's systems? A. SOC 1 Type 1 B. SOC 1 Type 2 C. SOC 2 D. SOC 3
D. SOC 3 ("These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity confidentiality, or privacy, but do not have the need for or the knowledge necessary to make effective use of a SOC 2 Report. Because they are general use reports, SOC 3 reports can be freely distributed") (https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/serviceorganization-smanagement.html)
Which item below is a federated identity standard? A. 802.11i B. Kerberos C. Lightweight Directory Access Protocol (LDAP) D. Security Assertion Markup Language (SAML)
D. Security Assertion Markup Language (SAML)
When conveying the results of a security assessment, which of the following is the PRIMARY audience? A. Information System Security Officer (ISSO) B. Authorizing Official (AO) C. Information System Security Manager (ISSM) D. Security Control Assessor (SCA)
D. Security Control Assessor (SCA) ("2.6 Security Control Assessor (SCA) A Security Control Assessor (SCA) (formerly Certifying Official) is a senior management official who verifies the results of the security assessment and makes an authorization recommendation to the Authorizing Official (AO)") (https://docplayer.net/10771820-Information-system-security-officer-isso-guide.html) (https://www.cisa.gov/security-control-assessor)
Which of the following is used to support the concept of defense in depth during the development phase of a software product? A. Maintenance hooks B. Polyinstantiation C. Known vulnerability list D. Security auditing
D. Security auditing
Digital certificates used in Transport Layer Security (TLS) support which of the following? A. Information input validation B. Non-repudiation controls and data encryption C. Multi-Factor Authentication (MFA) D. Server identity and data confidentially
D. Server identity and data confidentially
What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source? A. Smurfing B. Man-in-the-Middle (MITM) attack C. Session redirect D. Spoofing
D. Spoofing
Which inherent password weakness does a One Time Password (OTP) generator overcome? A. Static passwords are too predictable B. Static passwords must be changed frequently C. Static passwords are difficult to generate D. Static passwords are easily disclosed
D. Static passwords are easily disclosed ??
For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies? A. Alert data B. User data C. Content data D. Statistical data
D. Statistical data
The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase? A. System acquisition and development B. System operations and maintenance C. System initiation D. System implementation
D. System implementation
Which of the following processes is used to align security controls with business functions? A. Data mapping B. Standards selection C. Scoping D. Tailoring
D. Tailoring (Tailoring refers to modifying the list of security controls within a baseline so that they align with the mission of the organization.)
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure? A. Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken B. Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability C. Management teams will understand the testing objectives and reputational risk to the organization D. Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels
D. Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels
Which of the following is the BEST method to prevent malware from being introduced into a production environment? A. Purchase software from a limited list of retailers B. Verify the hash key or certificate key of all updates C. Do not permit programs, patches, or updates from the Internet D. Test all new software in a segregated environment
D. Test all new software in a segregated environment
Which of the following is a characteristic of covert security testing? A. Induces less risk than overt testing B. Focuses on identifying vulnerabilities C. Tests and validates all security controls in the organization D. Tests staff knowledge and implementation of the organization's security policy
D. Tests staff knowledge and implementation of the organization's security policy ?? (As per NIST 800-115)
An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy? A. The CSP determines data criticality B. The CSP provides end-to-end encryption services C. The CSP's privacy policy may be developed by the organization D. The CSP may not be subject to the organization's country legislation
D. The CSP may not be subject to the organization's country legislation
An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses? A. The Data Protection Authority (DPA) B. The Cloud Service Provider (CSP) C. The application developers D. The data owner
D. The data owner
Which of the following is the key requirement for test results when implementing forensic procedures? A. The test results must be cost-effective. B. The test result must be authorized. C. The test results must be quantifiable. D. The test results must be reproducible
D. The test results must be reproducible (""According to the National Institute of Standards and Technology (NIST), test results must be repeatable and reproducible to be considered admissible as electronic evidence.")
Why are mobile devices sometimes difficult to investigate in a forensic examination? A. There are no forensics tools available for examination. B. They may contain cryptographic protection. C. They have password-based security at logon. D. They may have proprietary software installed to protect them
D. They may have proprietary software installed to protect them ?? (Proprietary cryptographic protection?) (https://hub.packtpub.com/mobile-forensics-and-its-challanges/)
Lack of which of the following options could cause a negative effect on an organization's reputation, revenue, and result in legal action, if the organization fails to perform due diligence? A. Threat modeling methodologies B. Service Level Requirement (SLR) C. Service Level Agreement (SLA) D. Third-party risk management
D. Third-party risk management (https://vendorcentric.com/single-post/what-is-third-party-risk-management/)
What is the purpose of an Internet Protocol (IP) spoofing attack? A. To send excessive amounts of data to a process, making it unpredictable B. To intercept network traffic without authorization C. To disguise the destination address from a target's IP filtering devices D. To convince a system that it is communicating with a known entity
D. To convince a system that it is communicating with a known entity
Which of the following explains why classifying data is an important step in performing a risk assessment? A. To provide a framework for developing good security metrics B. To justify the selection of costly security controls C. To classify the security controls sensitivity that helps scope the risk assessment D. To help determine the appropriate level of data security controls
D. To help determine the appropriate level of data security controls
What is the PRIMARY role of a scrum master in agile development? A. To choose the primary development language B. To choose the integrated development environment C. To match the software requirements to the delivery plan D. To project manage the software delivery
D. To project manage the software delivery
Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation? A. To verify that only employees have access to the facility. B. To identify present hazards requiring remediation. C. To monitor staff movement throughout the facility. D. To provide a safe environment for employees
D. To provide a safe environment for employees (Safety > security)
Which of the following is the MAIN reason for using configuration management? A. To provide centralized administration B. To reduce the number of changes C. To reduce errors during upgrades D. To provide consistency in security controls
D. To provide consistency in security controls
Why might a network administrator choose distributed virtual switches instead of stand-alone switches for network segmentation? A. To standardize on a single vendor B. To ensure isolation of management traffic C. To maximize data plane efficiency D. To reduce the risk of configuration errors
D. To reduce the risk of configuration errors (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-125B.pdf)
What is the MAIN reason to ensure the appropriate retention periods are enforced for data stored on electronic media? A. To reduce the carbon footprint by eliminating paper B. To create an inventory of data assets stored on disk for backup recovery C. To declassify information that has been improperly classified D. To reduce the risk of loss, unauthorized access, use, modification, and disclosure Reveal Solution
D. To reduce the risk of loss, unauthorized access, use, modification, and disclosure
A. Using a password history blacklist B. Requiring the use of non-consecutive numeric characters C. Presenting distorted graphics of text for authentication D. Transmitting a hash based on the user's password
D. Transmitting a hash based on the user's password
What is the BEST way to encrypt web application communications? A. Secure Hash Algorithm 1 (SHA-1) B. Secure Sockets Layer (SSL) C. Cipher Block Chaining Message Authentication Code (CBC-MAC) D. Transport Layer Security (TLS)
D. Transport Layer Security (TLS)
An organization has a short-term agreement with a public Cloud Service Provider (CSP). Which of the following BEST protects sensitive data once the agreement expires and the assets are reused? A. Recommend that the business data owners use continuous monitoring and analysis of applications to prevent data loss B. Recommend that the business data owners use internal encryption keys for data-at-rest and data-in-transit to the storage environment C. Use a contractual agreement to ensure the CSP wipes and data from the storage environment D. Use a National Institute of Standards and Technology (NIST) recommendation for wiping data on the storage environment
D. Use a National Institute of Standards and Technology (NIST) recommendation for wiping data on the storage environment ??
Which of the following is the BEST way to protect against Structured Query Language (SQL) injection? A. Enforce boundary checking B. Restrict use of SELECT command C. Restrict HyperText Markup Language (HTML) source code access D. Use stored procedures
D. Use stored procedures
What is the PRIMARY objective for conducting an internal security audit? A. Verify that all systems and Standard Operating Procedures (SOP) are properly documented B. Verify that all personnel supporting a system are knowledgeable of their responsibilities C. Verify that security controls are established following best practices D. Verify that applicable security controls are implemented and effective
D. Verify that applicable security controls are implemented and effective
A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system? A. Intrusion Prevention System (IPS) B. Denial of Service (DoS) protection solution C. One-time Password (OTP) token D. Web Application Firewall (WAF)
D. Web Application Firewall (WAF) (Web application firewalls are a common security control used by enterprises to protect web systems against zero-day exploits, malware infections, impersonation, and other known and unknown threats and vulnerabilities. Through customized inspections, a WAF is able to detect and immediately prevent several of the most dangerous web application security flaws, which traditional network firewalls and other intrusion detection systems (IDSes) and intrusion prevention systems (IPSes) may not be capable of doing. WAFs are especially useful to companies that provide products or services over the Internet such as e-commerce shopping, online banking and other interactions between customers or business partners)
When are security requirements the LEAST expensive to implement? A. When identified by external consultants B. During the application rollout phase C. During each phase of the project cycle D. When built into application design
D. When built into application design
When is a Business Continuity Plan (BCP) considered to be valid? A. When it has been validated by the Business Continuity (BC) manager B. When it has been validated by the board of directors C. When it has been validated by all threat scenarios D. When it has been validated by realistic exercises
D. When it has been validated by realistic exercises ✔ (http://www.manchester.gov.uk/info/200039/emergencies/6174/business_continuity_planning/5)
A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration test. What is the BEST course of action? A. Review data localization requirements and regulations B. Review corporate security policies and procedures C. With notice to the organization, perform an internal penetration test first, then an external test D. With notice to the organization, perform an external penetration test first, then an internal test
D. With notice to the organization, perform an external penetration test first, then an internal test ???
Which of the following value comparisons MOST accurately reflects the agile development approach? A. Processes and tools over individuals and interactions B. Contract negotiation over customer collaboration C. Following a plan over responding to change D. Working software over comprehensive documentation
D. Working software over comprehensive documentation
In Disaster Recovery (DR) and Business Continuity (DC) training, which BEST describes a functional drill? A. a functional evacuation of personnel B. a specific test by response teams of individual emergency response functions C. an activation of the backup site D. a full-scale simulation of an emergency and the subsequent response functions.
D. a full-scale simulation of an emergency and the subsequent response functions
The Secure Shell (SSH) version 2 protocol supports A. availability, accountability, compression, and integrity B. authentication, availability, confidentiality, and integrity C. accountability, compression, confidentiality, and integrity D. authentication, compression, confidentiality, and integrity
D. authentication, compression, confidentiality, and integrity
In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of A. systems integration. B. risk management. C. quality assurance. D. change management.
D. change management
Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software? A. undergo a security assessment as part of authorization process B. establish a risk management strategy C. harden the hosting server, and perform hosting and application vulnerability scans D. establish policies and procedures on system and services acquisition
D. establish policies and procedures on system and services acquisition
The PRIMARY outcome of a certification process is that it provides documented A. interconnected systems and their implemented security controls. B. standards for security assessment, testing, and process evaluation. C. system weakness for remediation. D. security analyses needed to make a risk-based decision
D. security analyses needed to make a risk-based decision
Although code using a specific program language may not be susceptible to a buffer overflow attack, A. most calls to plug-in programs are susceptible. B. most supporting application code is susceptible. C. the graphical images used by the application could be susceptible. D. the supporting virtual machine could be susceptible.
D. the supporting virtual machine could be susceptible (Images, themselves, aren't susceptible)
Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege? A. identity provisioning B. access recovery C. multi-factor authentication (MFA) D. user access review
D. user access review ??
DRAG DROP - Match the functional roles in an external audit to their responsibilities. Drag each role on the left to its corresponding responsibility on the right. Select and Place:
Executive Management - Approve budget and resource allocation Audit Committee - Provide audit oversight External Auditor - Ensure the achievement and maintenance of organizational requirements with applicable certifications Compliance Officer - Develop and maintain knowledge and subject matter expertise relevant to the type of audit
DRAG DROP -Match the name of access control model with its associated restriction.Drag each access control model to its appropriate restriction access on the right: Mandatory Access Control Discretionary Access Control (DAC) Role Based Access Control (RBAC) Rule Based Access Control
Mandatory Access Control - user cannot Discretionary Access Control (DAC) - subject has total control over objects Role Based Access Control (RBAC) - dynamically assigns permissions based on job function Rule Based Access Control - dynamically assigns roles to subjects based on criteria assigned by a custodian
DRAG DROP - Match the types of e-authentication tokens to their description. Drag each e-authentication token on the left to its corresponding description on the right. Select and Place: Memorized Secret Token Out-Of-Band Token Look-up Secret Token Pre-registered Knowledge Token
Memorized Secret Token - A secret shared between the subscriber and credential service provider that is typically character strings Out-Of-Band Token - A physical token that is uniquely addressable and can receive a verifier-selected secret for one-time use Look-up Secret Token - A physical or electronic token that stores a set of secrets between the claimant and the credential service provider Pre-registered Knowledge Token - A series of responses to a set of prompts or challenges established by the subscriber and credential service provider during the registration process
DRAG DROP - Match the following generic software testing methods with their major focus and objective. Drag each testing method next to its corresponding set of testing objectives. Select and Place: Nonfunctional testing Functional testing Structural testing Regression testing
Nonfunctional testing - Tests reliability, usability, efficiency and compatibility characteristics Functional testing - Tests suitability, accuracy, interoperability and security characteristics Structural testing - Tests control flow, call hierarchies, menu, component and integration characteristics Regression testing - Tests functionality related to changes in software or the environment
DRAG DROP - What is the correct order of steps in an information security assessment? Place the information security assessment steps on the left next to the numbered boxes on the right in the correct order. Select and Place: - Define the perimeter - Identify the vulnerability - Assess the risk - Determine the actions
Step 1: Identify the vulnerability Step 2: Define the perimeter Step 3: Assess the risk Step 4: Determine the actions