Set 9

Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected? A. Applying patches B. Changing access rules C. Upgrading hardware D. Backing up files

Backing up files

In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources? A. Implementing on-screen masking of passwords B. Conducting periodic security awareness programs C. Increasing the frequency of password changes D. Requiring that passwords be kept strictly confidential

Conducting periodic security awareness programs

Which of the following areas is MOST susceptible to the introduction of security weaknesses? A. Database management B. Tape backup management C. Configuration management D. Incident response management

Configuration management

Data owners are normally responsible for which of the following? A. Applying emergency changes to application data B. Administering security over database records C. Migrating application code changes to production D. Determining the level of application security required

Determining the level of application security required

Which of the following will BEST protect against malicious activity by a former employee? A. Preemployment screening B. Close monitoring of users C. Periodic awareness training D. Effective termination procedures

Effective termination procedures

What is the BEST way to ensure users comply with organizational security requirements for password complexity? A. Include password construction requirements in the security standards B. Require each user to acknowledge the password requirements C. Implement strict penalties for user noncompliance D. Enable system-enforced password configuration

Enable system-enforced password configuration

Which of the following is the MOST important action to take when engaging third-party consultants to conduct an attack and penetration test? A. Request a list of the software to be used B. Provide clear directions to IT staff C. Monitor intrusion detection system (IDS) and firewall logs closely D. Establish clear rules of engagement

Establish clear rules of engagement

Which of the following are the MOST important individuals to include as members of an information security steering committee? A. Direct reports to the chief information officer B. IT management and key business process owners C. Cross-section of end users and IT professionals D. Internal audit and corporate legal departments

IT management and key business process owners

Which of the following is the MOST appropriate method for deploying operating system (OS) patches to production application servers? A. Batch patches into frequent server updates B. Initially load the patches on a test machine C. Set up servers to automatically download patches D. Automatically push all patches to the servers

Initially load the patches on a test machine

What is the BEST way to ensure that an intruder who successfully penetrates a network will be detected before significant damage is inflicted? A. Perform periodic penetration testing B. Establish minimum security baselines C. Implement vendor default settings D. Install a honeypot on the network

Install a honeypot on the network

Which of the following environments represents the GREATEST risk to organizational security? A. Locally managed file server B. Enterprise data warehouse C. Load-balanced, web server cluster D. Centrally managed data switch

Locally managed file server

Which of the following is MOST important to the successful promotion of good security management practices? A. Security metrics B. Security baselines C. Management support D. Periodic training

Management support

What is the MOST effective access control method to prevent users from sharing files with unauthorized users? A. Mandatory B. Discretionary C. Walled garden D. Role-based

Mandatory

Which of the following represents a PRIMARY area of interest when conducting a penetration test? A. Data mining B. Network mapping C. Intrusion Detection System (IDS) D. Customer data

Network mapping

Which of the following is an inherent weakness of signature-based intrusion detection systems? A. A higher number of false positives B. New attack methods will be missed C. Long duration probing will be missed D. Attack profiles can be easily spoofed

New attack methods will be missed

Which of the following is the MOST important area of focus when examining potential security compromise of a new wireless network? A. Signal strength B. Number of administrators C. Bandwidth D. Encryption strengt

Number of administrators

Which of the following presents the GREATEST threat to the security of an enterprise resource planning (ERP) system? A. User ad hoc reporting is not logged B. Network traffic is through a single switch C. Operating system (OS) security patches have not been applied D. Database security defaults to ERP settings

Operating system (OS) security patches have not been applied

Which of the following is the MOST appropriate method to protect a password that opens a confidential file? A. Delivery path tracing B. Reverse lookup translation C. Out-of-band channels D. Digital signatures

Out-of-band channels

Which of the following is the BEST way to ensure that a corporate network is adequately secured against external attack? A. Utilize an intrusion detection system. B. Establish minimum security baselines. C. Implement vendor recommended settings. D. Perform periodic penetration testing.

Perform periodic penetration testing.

What is the BEST way to ensure that contract programmers comply with organizational security policies? A. Explicitly refer to contractors in the security standards B. Have the contractors acknowledge in writing the security policies C. Create penalties for noncompliance in the contracting agreement D. Perform periodic security reviews of the contractors

Perform periodic security reviews of the contractors

What is the BEST method to confirm that all firewall rules and router configuration settings are adequate? A. Periodic review of network configuration B. Review intrusion detection system (IDS) logs for evidence of attacks C. Periodically perform penetration tests D. Daily review of server logs for evidence of hacker activity

Periodically perform penetration tests

Which of the following is the MOST appropriate individual to implement and maintain the level of information security needed for a specific business application? A. System analyst B. Quality control manager C. Process owner D. Information security manager

Process owner

Which of the following will BEST prevent an employee from using a USB drive to copy files from desktop computers? A. Restrict the available drive allocation on all PCs B. Disable universal serial bus (USB) ports on all desktop devices C. Conduct frequent awareness training with noncompliance penalties D. Establish strict access controls to sensitive information

Restrict the available drive allocation on all PCs

Which of the following would present the GREATEST risk to information security? A. Virus signature files updates are applied to all servers every day B. Security access logs are reviewed within five business days C. Critical patches are applied within 24 hours of their release D. Security incidents are investigated within five business days

Security incidents are investigated within five business days

Which of the following will BEST ensure that management takes ownership of the decision making process for information security? A. Security policies and procedures B. Annual self-assessment by management C. Security- steering committees D. Security awareness campaigns

Security- steering committees

Which of the following provides the linkage to ensure that procedures are correctly aligned with information security policy requirements? A. Standards B. Guidelines C. Security metrics D. IT governance

Standards

The return on investment of information security can BEST be evaluated through which of the following? A. Support of business objectives B. Security metrics C. Security deliverables D. Process improvement models

Support of business objectives

Which of the following is the MOST appropriate individual to ensure that new exposures have not been introduced into an existing application during the change management process? A. System analyst B. System user C. Operations manager D. Data security officer

System user

What is the BEST method to verify that all security patches applied to servers were properly documented? A. Trace change control requests to operating system (OS) patch logs B. Trace OS patch logs to OS vendor's update documentation C. Trace OS patch logs to change control requests D. Review change control documentation for key servers

Trace OS patch logs to change control requests

Which of the following is the MOST important management signoff for migrating an order processing system from a test environment to a production environment? A. User B. Security C. Operations D. Database

User

Which of the following presents the GREATEST exposure to internal attack on a network? A. User passwords are not automatically expired B. All network traffic goes through a single switch C. User passwords are encoded but not encrypted D. All users reside on a single internal subnet

User passwords are encoded but not encrypted

A security awareness program should: A. present top management's perspective. B. address details on specific exploits. C. address specific groups and roles. D. promote security department procedures.

address specific groups and roles.

What is the MAIN drawback of e-mailing password-protected zip files across the Internet? They: A. all use weak encryption. B. are decrypted by the firewall. C. may be quarantined by mail filters. D. may be corrupted by the receiving mail server.

may be quarantined by mail filters.

Security policies should be aligned MOST closely with: A. industry' best practices. B. organizational needs. C. generally accepted standards. D. local laws and regulations.

organizational needs.

Successful social engineering attacks can BEST be prevented through: A. preemployment screening. B. close monitoring of users' access patterns. C. periodic awareness training. D. efficient termination procedures.

periodic awareness training.

Of the following, the BEST method for ensuring that temporary employees do not receive excessive access rights is: A. mandatory access controls. B. discretionary access controls. C. lattice-based access controls. D. role-based access controls.

role-based access controls.

The BEST way to determine if an anomaly-based intrusion detection system (IDS) is properly installed is to: A. simulate an attack and review IDS performance. B. use a honeypot to check for unusual activity. C. audit the configuration of the IDS. D. benchmark the IDS against a peer site.

simulate an attack and review IDS performance.

The BEST time to perform a penetration test is after: A. an attempted penetration has occurred. B. an audit has reported weaknesses in security controls. C. various infrastructure changes are made. D. a high turnover in systems staff.

various infrastructure changes are made.

Which of the following is MOST important for measuring the effectiveness of a security awareness program? A. Reduced number of security violation reports B. A quantitative evaluation to ensure user comprehension C. Increased interest in focus groups on security issues D. Increased number of security violation reports

A quantitative evaluation to ensure user comprehension

To help ensure that contract personnel do not obtain unauthorized access to sensitive information, an information security manager should PRIMARILY: A. set their accounts to expire in six months or less. B. avoid granting system administration roles. C. ensure they successfully pass background checks. D. ensure their access is approved by the data owner.

avoid granting system administration roles.

Information security policies should: A. address corporate network vulnerabilities. B. address the process for communicating a violation. C. be straightforward and easy to understand. D. be customized to specific groups and roles.

be straightforward and easy to understand.

Good information security procedures should: A. define the allowable limits of behavior. B. underline the importance of security governance. C. describe security baselines for each platform. D. be updated frequently as new software is released.

be updated frequently as new software is released.

Security awareness training should be provided to new employees: A. on an as-needed basis. B. during system user training. C. before they have access to data. D. along with department staff.

before they have access to data.

When a departmental system continues to be out of compliance with an information security policy's password strength requirements, the BEST action to undertake is to: A. submit the issue to the steering committee. B. conduct an impact analysis to quantify the risks. C. isolate the system from the rest of the network. D. request a risk acceptance from senior management.

conduct an impact analysis to quantify the risks.

Good information security standards should: A. define precise and unambiguous allowable limits. B. describe the process for communicating violations. C. address high-level objectives of the organization. D. be updated frequently as new software is released.

define precise and unambiguous allowable limits.

Nonrepudiation can BEST be assured by using: A. delivery path tracing. B. reverse lookup translation. C. out-of-hand channels. D. digital signatures.

digital signatures.

The PRIMARY reason for using metrics to evaluate information security is to: A. identify security weaknesses. B. justify budgetary expenditures. C. enable steady improvement. D. raise awareness on security issues.

enable steady improvement.

Security audit reviews should PRIMARILY: A. ensure that controls operate as required. B. ensure that controls are cost-effective. C. focus on preventive controls. D. ensure controls are technologically current.

ensure that controls operate as required.

Prior to having a third party perform an attack and penetration test against an organization, the MOST important action is to ensure that: A. the third party provides a demonstration on a test system. B. goals and objectives are clearly defined. C. the technical staff has been briefed on what to expect. D. special backups of production servers are taken.

goals and objectives are clearly defined.

The PRIMARY objective of security awareness is to: A. ensure that security policies are understood. B. influence employee behavior. C. ensure legal and regulatory compliance D. notify of actions for noncompliance.

influence employee behavior.