Question 1
What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?
A. Establish an ISCM technical architecture.
B. Collect the security-related information required for metrics, assessments, and reporting.
C. Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.
D. Define an ISCM strategy based on risk tolerance.
Question 2
An organization plans to acquire a commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization’s security team FIRST get involved in this acquisition’s life cycle?
A. When the system is being designed, purchased, programmed, developed, or otherwise constructed
B. When the system is verified and validated
C. When the system is deployed into production
D. When the need for a system is expressed and the purpose of the system is documented
Question 3
In addition to life, protection of which of the following elements is MOST important when planning a data center site?
A. Data and hardware
B. Property and operations
C. Profits and assets
D. Resources and reputation
Question 4
An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?
A. Deduplication
B. Compression
C. Replication
D. Caching
Question 5
Which of the following is an important requirement when designing a secure remote access system?
A. Configure a Demilitarized Zone (DMZ) to ensure that user and service traffic is separated.
B. Provide privileged access rights to computer files and systems.
C. Ensure that logging and audit controls are included.
D. Reduce administrative overhead through password self service.
Question 6
In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?
A. Organizational Security Policy
B. Security Target (ST)
C. Protection Profile (PP)
D. Target of Evaluation (TOE)
Question 7
Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?
A. Secure Shell (SSH)
B. Internet Protocol Security (IPsec)
C. Secure Sockets Layer (SSL)
D. Extensible Authentication Protocol (EAP)
Question 8
Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization’s approved policies before being allowed on the network?
A. Group Policy Object (GPO)
B. Network Access Control (NAC)
C. Mobile Device Management (MDM)
D. Privileged Access Management (PAM)
Question 9
Which of the following virtual network configuration options is BEST to protect virtual machines (VMs)?
A. Traffic filtering
B. Data encryption
C. Data segmentation
D. Traffic throttling
Question 10
Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other. The first machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address at 192.168.1.3/30 and the second machine has an IP/CIDR address 192.168.1.6/30. Which of the following is correct?
A. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network bridge in order to communicate.
B. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network bridge in order to communicate.
C. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network router in order to communicate.
D. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network router in order to communicate.
Question 11
A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?
A. Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.
B. Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.
C. Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.
D. Implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices, and applications.
Question 12
Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input?
A. Unit testing
B. Integration testing
C. Negative testing
D. Acceptance testing
Question 13
Which of the following is fundamentally required to address potential security issues when initiating software development?
A. Implement ongoing security audits in all environments.
B. Ensure isolation of development from production.
C. Add information security objectives into development.
D. Conduct independent source code review.
Question 14
A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?
A. Federated identity
B. Cloud Active Directory (AD)
C. Security Assertion Markup Language (SAML)
D. Single sign-on (SSO)
Question 15
An organization has implemented a password complexity and an account lockout policy enforcing five incorrect logins tries within ten minutes. Network users have reported significantly increased account lockouts. Which of the following security principles is this company affecting?
A. Availability
B. Integrity
C. Confidentiality
D. Authentication
Question 16
Which of the following is a PRIMARY security weakness in the design of Domain Name System (DNS)?
A. A DNS server can be disabled in a denial-of-service (DoS) attack.
B. A DNS server does not authenticate source of information.
C. Each DNS server must hold the address of the root servers.
D. A DNS server database can be injected with falsified checksums.
Question 17
A cybersecurity engineer has been tasked to research and implement an ultra-secure communications channel to protect the organization’s most valuable intellectual property (IP). The primary directive in this initiative is to ensure there is no possible way the communications can be intercepted without detection. Which of the following is the only way to ensure this outcome?
A. Diffie-Hellman key exchange
B. Symmetric key cryptography
C. Public key infrastructure (PKI)
D. Quantum Key Distribution
Question 18
Which of the following provides the MOST secure method for Network Access Control (NAC)?
A. Media Access Control (MAC) filtering
B. 802.1X authentication
C. Application layer filtering
D. Network Address Translation (NAT)
Question 19
Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?
A. Check the technical design.
B. Conduct a site survey.
C. Categorize assets.
D. Choose a suitable location.
Question 20
A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not affiliated with the organization was inquiring about the member’s work location, length of employment, and building access controls. The employee’s reporting is MOST likely the result of which of the following?
A. Risk avoidance
B. Security engineering
C. Security awareness
D. Phishing
Question 21
What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high-performance data reads and writes?
A. RAID-0
B. RAID-1
C. RAID-5
D. RAID-6
Question 22
Which of the following MUST the administrator of a security information and event management (SIEM) system ensure?
A. All sources are reporting in the exact same Extensible Markup Language (XML) format.
B. Data sources do not contain information infringing upon privacy regulations.
C. All sources are synchronized with a common time reference.
D. Each source uses the same Internet Protocol (IP) address for reporting.
Question 23
Which audit type is MOST appropriate for evaluating the effectiveness of a security program?
A. Threat
B. Assessment
C. Analysis
D. Validation
Question 24
Which of the following types of firewall only examines the “handshaking” between packets before forwarding traffic?
A. Proxy firewalls
B. Host-based firewalls
C. Circuit-level firewalls
D. Network Address Translation (NAT) firewalls
Question 25
What method could be used to prevent passive attacks against secure voice communications between an organization and its vendor?
A. Encryption in transit
B. Configure a virtual private network (VPN)
C. Configure a dedicated connection
D. Encryption at rest
Question 26
An attacker is able to remain indefinitely logged into a web service by exploiting to remain on the web service?
A. Alert management
B. Password management
C. Session management
D. Identity management (IM)
Question 27
What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?
A. Publish a social media guidelines document.
B. Publish an acceptable usage policy.
C. Document a procedure for accessing social media sites.
D. Deliver security awareness training.
Question 28
Which of the following is the MOST effective preventative method to identify security flaws in software?
A. Monitor performance in production environments.
B. Perform a structured code review.
C. Perform application penetration testing.
D. Use automated security vulnerability testing tools.
Question 29
Information security practitioners are in the midst of implementing a new firewall. Which of the following failure methods would BEST prioritize security in the event of failure?
A. Fail-Closed
B. Fail-Open
C. Fail-Safe
D. Failover
Question 30
What would be the BEST action to take in a situation where collected evidence was left unattended overnight in an unlocked vehicle?
A. Report the matter to the local police authorities.
B. Move evidence to a climate-controlled environment.
C. Re-inventory the evidence and provide it to the evidence custodian.
D. Immediately report the matter to the case supervisor.
Question 31
Which of the following is the BEST way to protect against Structured Query Language (SQL) injection?
A. Enforce boundary checking.
B. Restrict use of SELECT command.
C. Restrict HyperText Markup Language (HTML) source code.
D. Use stored procedures.
Question 32
Which of the following is the MOST effective method of detecting vulnerabilities in web-based applications early in the secure Software Development Life Cycle (SDLC)?
A. Web application vulnerability scanning
B. Application fuzzing
C. Code review
D. Penetration testing
Question 33
Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?
A. The SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets.
B. The SPI inspects the traffic in the context of a session.
C. The SPI is capable of dropping packets based on a pre-defined rule set.
D. The SPI inspects traffic on a packet-by-packet basis.
Question 34
Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?
A. Mandatory Access Control (MAC)
B. Role Based Access Control (RBAC)
C. Discretionary Access Control (DAC)
D. Attribute Based Access Control (ABAC)
Question 35
Which of the following uses the destination IP address to forward packets?
A. A bridge
B. A layer 2 switch
C. A router
D. A repeater
Question 36
A software developer installs a game on their organization-provided smartphone. Upon installing the game, the software developer is prompted to allow the game access to call logs, Short Message Service (SMS) messaging, and Global Positioning System (GPS) location data. What has the game MOST likely introduced to the smartphone?
A. Alerting
B. Vulnerability
C. Geo-fencing
D. Monitoring
Question 37
Why is data classification control important to an organization?
A. To ensure its integrity, confidentiality, and availability
B. To enable data discovery
C. To control data retention in alignment with organizational policies and regulation
D. To ensure security controls align with organizational risk appetite
Question 38
Why is authentication by ownership stronger than authentication by knowledge?
A. It is easier to change.
B. It can be kept on the user’s person.
C. It is more difficult to duplicate.
D. It is simpler to control.
Question 39
Which of the following is the BEST way to mitigate circumvention of access controls?
A. Multi-layer access controls working in isolation
B. Multi-vendor approach to technology implementation
C. Multi-layer firewall architecture with Internet Protocol (IP) filtering enabled
D. Multi-layer access controls with diversification of technologies
Question 40
Which of the following implementations will achieve high availability in a website?
A. Multiple Domain Name System (DNS) entries resolving to the same web server and large amounts of bandwidth
B. Disk mirroring of the web server with redundant disk drives in a hardened data center
C. Disk striping of the web server hard drives and large amounts of bandwidth
D. Multiple geographically dispersed web servers that are configured for failover
Question 41
Which of the following examples is BEST to minimize the attack surface for a customer’s private information?
A. Obfuscation
B. Collection limitation
C. Authentication
D. Data masking
Question 42
Which element of software supply-chain management has the GREATEST security risk to organizations?
A. New software development skills are hard to acquire.
B. Unsupported libraries are often used.
C. Applications with multiple contributors are difficult to evaluate.
D. Vulnerabilities are difficult to detect.
Question 43
Which of the following actions should be taken by a security professional when a mission-critical computer-network attack is suspected?
A. Isolate the network, log an independent report, fix the problem, and redeploy the computer.
B. Isolate the network, install patches, and report the occurrence.
C. Prioritize, report, and investigate the occurrence.
D. Turn the router off, perform forensic analysis, apply the appropriate fix, and log incidents.
Question 44
Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk-management decisions?
A. Information Security Management System (ISMS)
B. Information Sharing & Analysis Centers (ISAC)
C. Risk Management Framework (RMF)
D. Information Security Continuous Monitoring (ISCM)
Question 45
What is the BEST control to be implemented at a login page in a web application to mitigate the ability to enumerate users?
A. Implement a generic response for a failed login attempt.
B. Implement a strong password during account registration.
C. Implement numbers and special characters in the user name.
D. Implement two-factor authentication (2FA) to login process.
Question 46
An established information-technology (IT) consulting firm is considering acquiring a successful local startup. To gain a comprehensive understanding of the startup’s security posture, which type of assessment provides the BEST information?
A. A security audit
B. A penetration test
C. A tabletop exercise
D. A security threat model
Question 47
Which of the following phases in the software-acquisition process does developing evaluation criteria take place?
A. Follow-On
B. Planning
C. Contracting
D. Monitoring and Acceptance
Question 48
A network administrator is designing a new datacenter in a different region that will need to communicate to the old datacenter with a secure connection. Which of the following access methods would provide the BEST security for this new datacenter?
A. Virtual network computing
B. Secure Socket Shell
C. In-band connection
D. Site-to-site VPN
Question 49
When developing an external-facing web-based system, which of the following would be the MAIN focus of the security assessment prior to implementation and production?
A. Assessing the Uniform Resource Locator (URL)
B. Ensuring Secure Sockets Layer (SSL) certificates are signed by a certificate authority
C. Ensuring that input validation is enforced
D. Ensuring Secure Sockets Layer (SSL) certificates are internally signed
Question 50
Which of the following services can be deployed via a cloud service or on-premises to integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?
A. Directory
B. User database
C. Multi-factor authentication (MFA)
D. Single sign-on (SSO)
Question 51
What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?
A. Configuration management (CM)
B. Information Rights Management (IRM)
C. Policy creation
D. Data classification
Question 52
Using the cipher text and resultant clear-text message to derive the non-alphabetic cipher key is an example of which method of cryptanalytic attack?
A. Frequency analysis
B. Ciphertext-only attack
C. Probable-plaintext attack
D. Known-plaintext attack
Question 53
When configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network, which of the following authentication types is the MOST secure?
A. EAP-Transport Layer Security (TLS)
B. EAP-Flexible Authentication via Secure Tunneling
C. EAP-Tunneled Transport Layer Security (TTLS)
D. EAP-Protected Extensible Authentication Protocol (PEAP)
Question 54
Which of the following is included in change management?
A. Business continuity testing
B. User Acceptance Testing (UAT) before implementation
C. Technical review by business owner
D. Cost-benefit analysis (CBA) after implementation
Question 55
Which of the following is the MOST common cause of system or security failures?
A. Lack of system documentation
B. Lack of physical security controls
C. Lack of change control
D. Lack of logging and monitoring
Question 56
Which of the following are mandatory canons for the (ISC)² Code of Ethics?
A. Develop comprehensive security strategies for the organization.
B. Perform is, honestly, fairly, responsibly, and lawfully for the organization.
C. Create secure data protection policies to principals.
D. Provide diligent and competent service to principals.
Question 57
In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below. Which of the following would be a reasonable annual loss expectation?
Availability 60,000
Integrity 10,000
Confidentiality 0
Total Impact: 70,000
A. 140,000
B. 3,500
C. 350,000
D. 14,000
Question 58
Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization?
A. Maintaining the inventory through a combination of asset owner interviews, open-source system management, and open-source management tools
B. Maintaining the inventory through a combination of desktop configuration, administration management, and procurement management tools
C. Maintaining the inventory through a combination of on-premise storage configuration, cloud management, and partner management tools
D. Maintaining the inventory through a combination of system configuration, network management, and license management tools
Question 59
When testing password strength, which of the following is the BEST method for brute forcing passwords?
A. Conduct an offline attack on the hashed password information.
B. Conduct an online password attack until the account being used is locked.
C. Use a comprehensive list of words to attempt to guess the password.
D. Use social-engineering methods to attempt to obtain the password.
Question 60
A security professional was tasked with rebuilding a company’s wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy?
A. Hybrid frequency band, service set identifier (SSID), and interpolation
B. Performance, geographic location, and radio signal interference
C. Facility size, intermodulation, and direct satellite service
D. Existing client devices, manufacturer reputation, and electrical interference
Question 61
An application is used for funds transfer between an organization and a third party. During a security audit, an issue with the business continuity/disaster recovery policy and procedures for this application is found. Which of the following reports should the audit file with the organization?
A. Service Organization Control (SOC) 1
B. Statement on Auditing Standards (SAS) 70
C. Service Organization Control (SOC) 2
D. Statement on Auditing Standards (SAS) 70-1
Question 62
Which of the following determines how traffic should flow based on the status of the infrastructure layer?
A. Traffic plane
B. Application plane
C. Data plane
D. Control plane
Question 63
A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?
A. Open-source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild.
B. Open-source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited.
C. Open-source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.
D. Open-source libraries contain unknown vulnerabilities, so they should not be used.
Question 64
Which of the following criteria ensures information is protected relative to its importance to the organization?
A. The value of the data to the organization’s senior management
B. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification
C. Legal requirements determined by the organization headquarters’ location
D. Organizational stakeholders, with classification approved by the management board
Question 65
Which of the following are the BEST characteristics of security metrics?
A. They are generalized and provide a broad overview.
B. They use acronyms and abbreviations to be concise.
C. They use bar charts and Venn diagrams.
D. They are consistently measured and quantitatively expressed.
Question 66
When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?
A. Provide links to security policies
B. Log all activities associated with sensitive systems
C. Employ strong access controls
D. Confirm that confidentiality agreements are signed
Question 67
What security principle addresses the issue of “Security by Obscurity”?
A. Open design
B. Segregation of duties (SoD)
C. Role-Based Access Control (RBAC)
D. Access control
Question 68
Which of the following is a Key Performance Indicator (KPI) for a security training and awareness program?
A. The number of security audits performed
B. The number of attendees at security training events
C. The number of security training materials created
D. The number of security controls implemented
Question 69
Which of the following is a common risk with fiber-optic communications, and what is the associated mitigation measure?
A. Data emanation; deploying Category (CAT) 6 and higher cable wherever feasible
B. Light leakage; deploying shielded cable wherever feasible
C. Cable damage; deploying ring architecture wherever feasible
D. Electronic eavesdropping; deploying end-to-end encryption wherever feasible
Question 70
Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?
A. To provide each manager with precise direction on selecting an appropriate recovery alternative
B. To demonstrate to the regulatory bodies that the company takes business continuity seriously
C. To demonstrate to the board of directors that senior management is committed to continuity recovery efforts
D. To provide a formal declaration from senior management as required by internal audit to demonstrate sound business practices
Question 71
An information-technology (IT) employee who travels frequently to various sites remotely connects to an organization. Which of the following solutions BEST serves as a secure control mechanism to meet the organization’s requirements?
A. Update the firewall rules to include the static IP addresses of the locations where the employee connects from.
B. Install a third-party screen-sharing solution that provides remote connection from a public website.
C. Implement a Dynamic Domain Name Services (DDNS) account to initiate a virtual private network (VPN) using the DDNS record.
D. Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.
Question 72
Which of the following would need to be configured to ensure a device with a specific MAC address is always assigned the same IP address from DHCP?
A. Scope options
B. Reservation
C. Dynamic assignment
D. Exclusion
Question 73
Which of the following is the MAIN difference between a network-based firewall and a host-based firewall?
A. A network-based firewall is stateful, while a host-based firewall is stateless.
B. A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device.
C. A network-based firewall verifies network traffic, while a host-based firewall verifies processes and applications.
D. A network-based firewall blocks network intrusions, while a host-based firewall blocks malware.
Question 74
Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?
A. Cutover
B. Walkthrough
C. Tabletop
D. Parallel
Question 75
A colleague who recently left the organization asked a security professional for a copy of the organization’s confidential incident management policy. Which of the following is the BEST response to this request?
A. Email the policy to the colleague as they were already part of the organization and familiar with it.
B. Do not acknowledge receiving the request from the former colleague and ignore them.
C. Access the policy on a company-issued device and let the former colleague view the screen.
D. Submit the request using company official channels to ensure the policy is okay to distribute.
Question 76
Before implementing an internet-facing router, a network administrator ensures that the equipment is baselined/hardened according to approved configurations and settings. This action provides protection against which of the following attacks?
A. Blind spoofing
B. Media Access Control (MAC) flooding
C. SQL injection (SQLi)
D. Ransomware
Question 77
Which of the following terms BEST describes a system that allows a user to log in and access multiple related servers and applications?
A. Remote Desktop Protocol (RDP)
B. Federated Identity Management (FIM)
C. Single Sign-On (SSO)
D. Multi-factor Authentication (MFA)
Question 78
Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when disposing of an office printer or copier?
A. The device could contain a document with PII on the platen glass.
B. Organizational network configuration information could still be present within the device.
C. A hard disk drive (HDD) in the device could contain PII.
D. The device transfer roller could contain imprints of PII.
Question 79
In systems security engineering, what does the security principle of modularity provide?
A. Documentation of functions
B. Isolated functions and data
C. Secure distribution of programs and data
D. Minimal access to perform a function
Question 80
Dumpster diving is a technique used in which stage of penetration testing methodology?
A. Attack
B. Discovery
C. Reporting
D. Planning
Question 81
Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following attacks?
A. SQL injection (SQLi)
B. Man-in-the-Middle (MITM)
C. Cross-Site Scripting (XSS)
D. Heap overflow
Question 82
When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?
A. Annual Loss Expectancy (ALE) + Work Recovery Time (WRT)
B. Business Impact Analysis (BIA) + Recovery Point Objective (RPO)
C. Recovery Time Objective (RTO) + Work Recovery Time (WRT)
D. Estimated Maximum Loss (EML) + Recovery Time Objective (RTO)
Question 83
When assessing the audit capability of an application, which of the following activities is MOST important?
A. Determine if audit records contain sufficient information.
B. Review security plan for actions to be taken in the event of audit failure.
C. Verify sufficient storage is allocated for audit records.
D. Identify procedures to investigate suspicious activity.
Question 84
When designing a new Voice over Internet Protocol (VoIP) network, an organization’s top concern is preventing unauthorized users from accessing the VoIP network. Which of the following will BEST help secure the VoIP network?
A. Transport Layer Security (TLS)
B. 802.1x
C. 802.11g
D. Web Application Firewall (WAF)
Question 85
After the INITIAL input of a user identification (ID) and password, what is an authentication system that prompts the user for a different response each time the user logs on?
A. Personal Identification Number (PIN)
B. Secondary password
C. Challenge-response
D. Voice authentication
Question 86
An organization is trying to secure instant-messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?
A. IM clients can interoperate between multiple vendors.
B. IM clients can run without administrator privileges.
C. IM clients can utilize random port numbers.
D. IM clients can run as executables that do not require installation.
Question 87
An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take to ensure data is properly protected from public release?
A. Implement a data classification policy.
B. Implement a data encryption policy.
C. Implement a user training policy.
D. Implement a user reporting policy.
Question 88
While classifying credit-card data related to PCI-DSS, which of the following is a PRIMARY security requirement?
A. Processor agreements with cardholders
B. Three-year retention of data
C. Encryption of data
D. Specific card-disposal methodology
Question 89
The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate future occurrences?
A. Encrypt disks on personal laptops.
B. Issue cable locks for use on personal laptops.
C. Create policies addressing critical information on personal laptops.
D. Monitor personal laptops for critical information.
Question 90
An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which statement is TRUE about the baseline cybersecurity standard?
A. It should be expressed as general requirements.
B. It should be expressed in legal terminology.
C. It should be expressed in business terminology.
D. It should be expressed as technical requirements.
Question 91
What BEST describes the confidentiality, integrity, availability (CIA) triad?
A. A tool used to assist in understanding how to protect the organization’s data
B. The three-step approach to determine the risk level on an organization
C. The implementation of security systems to protect the organization’s data
D. A vulnerability assessment to see how well the organization’s data is protected
Question 92
A small office is running Wi-Fi 4 APs, and neighboring offices do not want to increase throughput to associated devices. Which is the MOST cost-efficient way for the office to increase network performance?
A. Add another AP.
B. Disable the 2.4 GHz radios.
C. Enable channel bonding.
D. Upgrade to Wi-Fi 5.
Question 93
Management has decided that a core application will be used on personal cellular phones. Continuous monitoring must be implemented. Which of the following is required to accomplish management’s directive?
A. Strict integration of application management, configuration management, and phone management
B. Management application installed on user phones that tracks all application events and cellular traffic
C. Enterprise-level SIEM dashboard with visibility of cellular phone activity
D. Routine reports generated by the user’s carrier provider
Question 94
What is static analysis intended to do when analyzing an executable file?
A. Collect evidence of the executable file’s usage, including creation and last use dates.
B. Search the documents and files associated with the executable file.
C. Analyze the position of the file in the file tree in the system and the executable file’s libraries.
D. Disassemble the file to gather information about the executable file’s function.
Question 95
Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?
A. Vendors take on liability for COTS software vulnerabilities.
B. In-house developed software is inherently less secure.
C. Exploits for COTS software are well-documented and publicly available.
D. COTS software is inherently less secure.
Question 96
Which of the following would be considered an incident if reported by a SIEM system?
A. An administrator logging in via VPN
B. A log source has stopped sending data
C. A web resource has reported a 404 error
D. A firewall logs a TCP connection on port 80
Question 97
Which of the following is the reason that transposition ciphers are easily recognizable?
A. Key
B. Block
C. Stream
D. Character
Question 98
Which of the following is MOST appropriate to collect evidence of a zero-day attack?
A. Firewall
B. Honeypot
C. Antispam
D. Antivirus
Question 99
What is the benefit of using Network Admission Control (NAC)?
A. OS versions can be validated before allowing access.
B. NAC supports validation at the endpoint’s security posture prior to allowing the session.
C. NAC can require use of certificates, passwords, or both before admission.
D. NAC only supports Windows OS.
Question 100
Which of the following is the PRIMARY issue when analyzing detailed log information?
A. Logs may be unavailable when required.
B. Timely review of data is difficult.
C. Most systems don’t support logging.
D. Logs don’t provide sufficient details of system and individual activities.
Question 101
Which of the following describes the order in which a digital-forensics process is usually conducted?
A. Ascertain legal authority, agree upon examination strategy, conduct examination, and report results.
B. Ascertain legal authority, conduct investigation, report results, and agree upon examination strategy.
C. Agree upon examination strategy, ascertain legal authority, conduct examination, and report results.
D. Agree upon examination strategy, ascertain legal authority, report results, and conduct examination.
Question 102
A CISO tasked with migrating to the cloud must ensure optimal security. Which should be the FIRST consideration?
A. Define the cloud migration roadmap and identify which applications and data should be moved.
B. Ensure the cloud contract clearly defines shared responsibilities.
C. Analyze data repositories to determine control requirements.
D. Request a third-party vendor risk assessment.
Question 103
Which of the following is the PRIMARY purpose of due diligence when an organization embarks on a merger or acquisition?
A. Assess the business risks.
B. Formulate alternative strategies.
C. Determine that all parties are equally protected.
D. Provide adequate capability for all parties.
Question 104
In a large company, a system administrator needs to assign users access to files using RBAC. Which option is an example of RBAC?
A. Allowing access based on group membership
B. Allowing access based on username
C. Allowing access based on user location
D. Allowing access based on file type
Question 105
Which of the following will an organization’s network vulnerability testing process BEST enhance?
A. Firewall log review
B. Asset management
C. Server hardening
D. Code review
Question 106
Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?
A. File Integrity Checker
B. Security information and event management (SIEM) system
C. Audit Logs
D. Intrusion Detection System (IDS)
Question 107
Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when traveling to high-risk countries?
A. Review destination laws, forensically clean devices, and only download sensitive data via VPN
B. Keep laptops and storage devices in the hotel room
C. Use VPN only upon arrival
D. Use MFA to unlock devices
Question 108
Data remanence is the biggest threat in which of the following scenarios?
A. Physical disk reused within a datacenter
B. Physical disk degaussed and released
C. Flash drive overwritten and reused
D. Flash drive overwritten and released to third party for destruction
Question 109
What are the essential elements of a Risk Assessment Report (RAR)?
A. Table of contents, testing criteria, index
B. Table of contents, chapters, and executive summary
C. Executive summary, graph of risks, and process
D. Executive summary, body of the report, and appendices
Question 110
At the destination host, which OSI model layer will discard a segment with a bad checksum in the UDP header?
A. Network
B. Data link
C. Transport
D. Session
Question 111
An organization is having an IT audit of a SaaS application to demonstrate control effectiveness over time. Which SOC report will BEST fit their needs?
A. SOC 1 Type 1
B. SOC 1 Type 2
C. SOC 2 Type 1
D. SOC 2 Type 2
Question 112
Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?
A. Lower SDLC cost
B. Facilitate root cause analysis (RCA)
C. Enable corrective action
D. Avoid lengthy reports
Question 113
A Distributed Denial of Service (DDoS) attack was carried out using Mirai malware. Which devices were the PRIMARY sources of attack traffic?
A. Internet of Things (IoT) devices
B. Microsoft Windows hosts
C. Linux web servers
D. Android phones
Question 114
An international organization is adopting a SaaS solution. Which compliance standard should it use to assess data security and privacy?
A. HIPAA
B. SOC 2
C. PCI-DSS
D. IATF
Question 115
What documentation is produced FIRST when performing a physical loss control process?
A. Deterrent controls list
B. Security standards list
C. Inventory list
D. Asset isolation list
Question 116
What is the PRIMARY goal of logical access controls?
A. Restrict access to an information asset
B. Ensure integrity
C. Restrict physical access
D. Ensure availability
Question 117
Which attack, if successful, could grant full control of a software-defined networking (SDN) architecture?
A. Sniffing compromised host
B. Sending control messages to open unauthorized flow
C. SSH brute-force on controller
D. RADIUS token replay
Question 118
When conducting a third-party risk assessment, which report verifies operating effectiveness of security, availability, and privacy controls?
A. SOC 1 Type 2, Type 2
B. SOC 2 Type 2, Type 2
C. ISO 27001
D. ISO 27002
Question 119
A network security engineer must inspect URL traffic, prevent browsing to malicious sites, and log user activity. Which solution fits best?
A. IDS
B. Circuit-level Proxy
C. Application-level Proxy
D. Host-based Firewall
Question 120
Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?
A. Disaster
B. Catastrophe
C. Crisis
D. Accident
Question 121
Where can the OWASP list of associated vulnerabilities be found?
A. OWASP Top 10 Project
B. OWASP SAMM
C. OWASP Guide Project
D. OWASP Mobile Project
Question 122
Which vulnerability assessment activity BEST exemplifies the 'Examine' method?
A. Review system logs
B. Perform port scans
C. Ask ISSO about patch process
D. Logging into a web server with default admin credentials
Question 123
Within a large organization, which business unit is BEST positioned to handle provisioning and deprovisioning of user accounts?
A. Training
B. Internal Audit
C. Human Resources
D. IT
Question 124
After a ransomware attack, management wants improved availability and reduced RTO. Which solution should be implemented?
A. Virtualization
B. Antivirus
C. Process isolation
D. HIPS
Question 125
Which BEST describes the purpose of a reference monitor when defining access control?
A. Ensure quality by design
B. Validate organizational access policies
C. Cyber hygiene for system health
D. Keep staff safe
Question 126
What must be met during internal security audits to ensure objectivity and prevent retaliation?
A. Auditor must be independent and report directly to management
B. Auditor must use automated tools
C. Auditor must work closely with IT
D. Auditor must manually review processes
Question 127
A company resells decommissioned drives to vendors. Which data sanitization method ensures security while retaining resale value?
A. Pinning
B. Clearing
C. Purging
D. Overwriting
Question 128
Why is classifying data important during a risk assessment?
A. Framework for metrics
B. Justify security control cost
C. Classify control sensitivity
D. Determine appropriate control level
Question 129
OWASP SAMM allows organizations to assess impact based on which risk management aspect?
A. Risk tolerance
B. Risk exception
C. Risk treatment
D. Risk response
Question 130
A fiber link between two campuses is broken. Which tool detects the exact break point?
A. OTDR
B. Tone generator
C. Fusion splicer
D. Cable tester
Question 131
A software architect building a global content platform should focus primarily on:
A. Service-oriented architecture
B. Media caching methodology
C. ISP relationships
D. WAN design
Question 132
Which datacenter architecture is most likely used in large SDN and extends beyond the datacenter?
A. iSCSI
B. FCoE
C. Three-tiered
D. Spine-and-leaf
Question 133
What is the MOST common use of Online Certificate Status Protocol (OCSP)?
A. Get expiration date of a certificate
B. Get revocation status
C. Get author name
D. Verify certificate validity
Question 134
Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?
A. Message digest (MD)
B. Asymmetric
C. Symmetric
D. Hashing
Question 135
Which of the following is the MOST important first step in preparing for a security audit?
A. Identify team members.
B. Define the scope.
C. Notify system administrators.
D. Collect evidence.
Question 136
Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?
A. Take photos of the damage.
B. Notify all of the Board of Directors.
C. Communicate with the press.
D. Dispatch personnel to the disaster recovery site.
Question 137
Which of the following is the MOST common use of the Online Certificate Status Protocol (OCSP)?
A. To obtain the expiration date of an X.509 digital certificate
B. To obtain the revocation status of an X.509 digital certificate
C. To obtain the author name of an X.509 digital certificate
D. To verify the validity of an X.509 digital certificate
Question 138
An organization’s retail website provides its only source of revenue, so the disaster recovery plan must document estimated time for each recovery step. Which step would take the longest?
A. Update NAT table.
B. Update DNS with domain registrar.
C. Update BGP autonomous system number.
D. Update web server network configuration.
Question 139
When resolving ethical conflicts, in what order should an information security professional prioritize responsibilities?
A. Public safety, duties to individuals, duties to the profession, duties to principals
B. Public safety, duties to principals, duties to individuals, duties to the profession
C. Public safety, duties to the profession, duties to principals, duties to individuals
D. Public safety, duties to individuals, duties to the profession, duties to principals
Question 140
What HTTP response header disables execution of inline JavaScript and eval()-type functions?
A. Strict-Transport-Security
B. X-XSS-Protection
C. X-Frame-Options
D. Content-Security-Policy
Question 141
Configuring a rogue WAP with the same SSID as a legitimate WAP to trick users into connecting is an example of:
A. Jamming
B. Man-in-the-Middle (MITM)
C. War driving
D. IP spoofing
Question 142
Which of the following is a key responsibility for a data steward assigned to manage an enterprise data lake?
A. Ensure proper business definition, value, and data usage.
B. Ensure data owners for each element.
C. Ensure adequate security controls.
D. Ensure data passing is lawful.
Question 143
Which (ISC)² Code of Ethics canon is MOST reflected when preserving the value of systems, applications, and entrusted information?
A. Act honorably, honestly, justly, responsibly, and legally.
B. Protect society, the commonwealth, and the infrastructure.
C. Provide competent service.
D. Advance the profession.
Question 144
Which change management role is responsible for the overall success of the project and supporting change throughout the organization?
A. Change driver
B. Change implementer
C. Program sponsor
D. Project manager
Question 145
A subscription site with power, HVAC, raised flooring, and telecom but no hardware is a:
A. Warm site
B. Reciprocal site
C. Cold site
D. Hot site
Question 146
Which of the following is a correct feature of VLANs?
A. VLANs segregate traffic and enhance security.
B. Layer 3 routing is required to move VLANs.
C. VLANs depend on physical connections.
D. VLANs have no broadcast control.
Question 147
What is the MOST important factor in an effective Security Awareness Program?
A. Management buy-in
B. Annual training events
C. Mandatory security training
D. Posters and emails
Question 148
Which is the MOST appropriate method for destroying HDDs with HIGH security classification?
A. Drill through platters
B. Shred
C. Remove electronics
D. Degauss
Question 149
A SOC found multiple virus variants all using specific memory locations. The organization prevented infection because endpoints had which feature?
A. Process isolation
B. TPM
C. ASLR
D. Virtualization
Question 150
During an ISMS audit, when are nonconformities reviewed and corrected?
A. Planning
B. Operation
C. Assessment
D. Improvement
Question 151
Which are the three main categories of security controls?
A. Administrative, technical, physical
B. Corrective, detective, recovery
C. Confidentiality, integrity, availability
D. Preventative, corrective, detective
Question 152
When encrypting data using symmetric ciphers, which approach mitigates risk of key reuse?
A. Use SHA-256
B. Use key hierarchy
C. Use HMAC
D. Use RSA keys
Question 153
What is a common component of big data environments?
A. Consolidated data
B. Distributed storage
C. Distributed data collection
D. Centralized processing
Question 154
Which programming language type is MOST likely to ensure safe execution as intended?
A. Statically typed
B. Weakly typed
C. Strongly typed
D. Dynamically typed
Question 155
What should a business do if it refuses to accept residual risk?
A. Notify the audit committee
B. Purchase insurance
C. Implement safeguards
D. Transfer to another unit
Question 156
Which of the following is the FIRST step an organization’s security professional performs when defining a cybersecurity program based upon industry standards?
A. Map the organization’s current security practices to industry standards and frameworks.
B. Define the organization’s objectives regarding security and risk mitigation.
C. Select from a choice of security best practices.
D. Review the past security assessments.
Question 157
What is considered a compensating control for not having electrical surge protectors installed?
A. Having dual lines to network service providers built to the site.
B. Having backup diesel generators installed to the site.
C. Having a hot disaster recovery (DR) environment for the site.
D. Having network equipment in active-active clusters at the site.
Question 158
Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee records?
A. Discretionary access control (DAC)
B. Mandatory access control (MAC)
C. Role-based access control (RBAC)
D. Attribute-based access control (ABAC)
Question 159
A CISSP with IAM responsibilities is asked to perform a vulnerability assessment on a web app to pass a PCI audit but has never performed one before. What should the CISSP do?
A. Review CISSP guidelines for performing a vulnerability assessment before proceeding.
B. Review PCI requirements before performing the vulnerability assessment.
C. Inform the CISO they are unable to perform the task because they are not qualified.
D. Since they are CISSP certified, proceed with the assessment.
Question 160
An authentication system that uses challenge-response was implemented, but testers moved laterally using authenticated credentials. Which attack method was MOST likely used?
A. Cross-Site Scripting (XSS)
B. Pass-the-ticket
C. Brute force
D. Hash collision
Question 161
Which of the following BEST provides non-repudiation with regards to access to a server room?
A. Fob and PIN
B. Locked and secured cages
C. Biometric readers
D. Proximity readers
Question 162
Which of the following is a limitation of the Bell-LaPadula model?
A. Segregation of duties is difficult to implement due to the “no read-up” rule.
B. MAC is enforced at all levels making DAC impossible to implement.
C. It prioritizes confidentiality over integrity.
D. It works only with static systems.
Question 163
Which of the following BEST describes the purpose of Border Gateway Protocol (BGP)?
A. Maintain a list of network paths between internet routers.
B. Provide Routing Information Protocol (RIP) version 2 advertisements.
C. Provide firewall services.
D. Maintain a list of efficient network paths between autonomous systems.
Question 164
A network administrator wants to ensure a database engine is listening on a specific port. Which command should be used?
A. nslookup
B. netstat -a
C. ipconfig /a
D. arp -a
Question 165
Which identity model BEST allows identity providers (IdP) and relying parties (RP) to share access without disclosing subscriber lists?
A. Federation authorities
B. Proxied federation
C. Static registration
D. Dynamic registration
Question 166
Why are packet filtering routers used in low-risk environments?
A. They are high-resolution source discrimination and identification tools.
B. They are fast and flexible, and protect against Internet Protocol (IP) spoofing.
C. They are fast, flexible, and transparent.
D. They enforce strong user authentication and audit log generation.
Question 167
A web developer is completing a new web application security checklist before releasing the app to production. The task of disabling unnecessary services is on the checklist. Which web application threat is being mitigated?
A. Security misconfiguration
B. Sensitive data exposure
C. Broken access control
D. Session hijacking
Question 168
Which of the following is the name of an individual or group that is impacted by a change?
A. Change agent
B. Stakeholder
C. Sponsor
D. End User
Question 169
An organization implements Network Access Control (NAC) via IEEE 802.1x and discovers the printers do not support it. What is the BEST resolution?
A. Implement port security on the switch ports for the printers.
B. Implement a virtual local area network (VLAN) for the printers.
C. Do nothing; IEEE 802.1x is irrelevant to printers.
D. Install an IEEE 802.1x bridge for the printers.
Question 170
Which of the following BEST describes the use of network architecture in reducing corporate risks associated with mobile devices?
A. Closed application model depends on DMZ servers.
B. Split tunneling enabled for mobile devices improves DMZ posture.
C. Segmentation and DMZ monitoring are implemented to secure VPN access.
D. Applications managing mobile devices are located in a DMZ.
Question 171
Which of the following protects personally identifiable information (PII) used by financial services organizations?
A. NIST SP 800-53
B. Gramm-Leach-Bliley Act (GLBA)
C. PCI-DSS
D. HIPAA
Question 172
An organization processes personal data from both the US and UK, including EU residents. Which data must follow GDPR requirements?
A. Only the EU citizens’ data
B. Only the UK residents’ data
C. Only the US citizens’ data
D. Any data processed in the UK
Question 173
The CISO requests a Service Organization Control (SOC) report outlining security and availability over 12 months. Which type of SOC report should be used?
A. SOC 1 Type 1
B. SOC 2 Type 2
C. SOC 2 Type 1
D. SOC 3 Type 1
Question 174
A company provides employees access to travel services hosted by a third party. When employees are already authenticated, access should be seamless. Which method enables this?
A. SAML
B. Single sign-on (SSO)
C. OAuth
D. Federated access
Question 175
The CIO has decided the organization will migrate critical data to the cloud. The CIO must work with which role to ensure protection of data during and after migration?
A. Information owner
B. General Counsel
C. Chief Information Security Officer (CISO)
D. Chief Security Officer (CSO)
Question 176
Which part of an operating system is responsible for providing security interfaces among hardware, OS, and other system parts?
A. Trusted Computing Base (TCB)
B. Time separation
C. Security kernel
D. Reference monitor
Question 177
What part of an organization’s strategic risk assessment MOST likely includes items affecting success?
A. Key Risk Indicator (KRI)
B. Threat analysis
C. Vulnerability analysis
D. Key Performance Indicator (KPI)
Question 178
What is the MOST common cause of Remote Desktop Protocol (RDP) compromise?
A. Port scan
B. Brute force attack
C. Remote exploit
D. Social engineering
Question 179
Which of the following is a canon of the (ISC)² Code of Ethics?
A. Integrity first and excellence in all we do
B. Perform duties in accordance with laws and ethics
C. Provide diligent and competent service to principals
D. Cooperate with others for mutual security
Question 180
What is the PRIMARY purpose of auditing as it relates to the security review cycle?
A. To ensure the organization’s controls and policies are working as intended
B. To ensure the organization can be publicly traded
C. To ensure executives aren’t sued
D. To meet contractual requirements
Question 181
Which technique evaluates secure design principles of network or software architectures?
A. Risk modeling
B. Threat modeling
C. Fuzzing
D. Waterfall method
Question 182
How does RFID assist with asset management?
A. Uses biometric identification
B. Uses two-factor authentication
C. Transmits unique MAC addresses wirelessly
D. Transmits unique serial numbers wirelessly
Question 183
What is the MOST effective strategy to prevent an attacker from disabling a network?
A. Test DR plans
B. Design adaptive and failover networks
C. Implement segmentation
D. Follow security guidelines to prevent unauthorized access
Question 184
Who should perform the design review to uncover security design flaws in the SDLC?
A. Business owner
B. Security SME
C. Application owner
D. Developer SME
Question 185
At which phase of the software assurance life cycle should software acquisition risks be identified?
A. Follow-on phase
B. Planning phase
C. Monitoring and acceptance phase
D. Contracting phase
Question 186
How should the retention period for social media content be defined?
A. Wireless Access Points
B. Token-based authentication
C. Host-based firewalls
D. Trusted platforms
Question 187
A SaaS web app requires temporary access to logs during transition. Which privileges are MOST suitable?
A. OS administrative
B. Web server administrative
C. Application privileges on the hypervisor
D. Administrative privileges on the application folders
Question 188
Which of the following actions will reduce risk to a laptop before traveling to a high risk area?
A. Examine the device for physical tampering
B. Implement more stringent baseline configurations
C. Purge or re-image the hard disk drive
D. Change access codes
Question 189
Intellectual property rights are PRIMARY concerned with which of the following?
A. Owner’s ability to realize financial gain
B. Owner’s ability to maintain copyright
C. Right of the owner to enjoy their creation
D. Right of the owner to control delivery method
Question 190
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
A. Install mantraps at the building entrances
B. Enclose the personnel entry area with polycarbonate plastic
C. Supply a duress alarm for personnel exposed to the public
D. Hire a guard to protect the public area
Question 191
Which one of the following affects the classification of data?
A. Assigned security label
B. Multilevel Security (MLS) architecture
C. Minimum query size
D. Passage of time
Question 192
Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?
A. Common Vulnerabilities and Exposures (CVE)
B. Common Vulnerability Scoring System (CVSS)
C. Asset Reporting Format (ARF)
D. Open Vulnerability and Assessment Language (OVAL)
Question 193
The use of private and public encryption keys is fundamental in the implementation of which of the following?
A. Diffie-Hellman algorithm
B. Secure Sockets Layer (SSL)
C. Advanced Encryption Standard (AES)
D. Message Digest 5 (MD5)
Question 194
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
A. Implementation Phase
B. Initialization Phase
C. Cancellation Phase
D. Issued Phase
Question 195
Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?
A. Packet filtering
B. Port services filtering
C. Content filtering
D. Application access control
Question 196
An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?
A. Implement packet filtering on the network firewalls
B. Install Host Based Intrusion Detection Systems (HIDS)
C. Require strong authentication for administrators
D. Implement logical network segmentation at the switches
Question 197
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
A. Link layer
B. Physical layer
C. Session layer
D. Application layer
Question 198
A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?
A. Host VM monitor audit logs
B. Guest OS access controls
C. Host VM access controls
D. Guest OS audit logs
Question 199
In which of the following programs is it MOST important to include the collection of security process data?
A. Quarterly access reviews
B. Security continuous monitoring
C. Business continuity testing
D. Annual security training
Question 200
A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?
A. Guaranteed recovery of all business functions
B. Minimization of the need decision making during a crisis
C. Insurance against litigation following a disaster
D. Protection from loss of organization resources
Question 201
A continuous information security monitoring program can BEST reduce risk through which of the following?
A. Collecting security events and correlating them to identify anomalies
B. Facilitating system-wide visibility into the activities of critical user accounts
C. Encompassing people, process, and technology
D. Logging both scheduled and unscheduled system changes
Question 202
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
A. Absence of a Business Intelligence (BI) solution
B. Inadequate cost modeling
C. Improper deployment of the Service-Oriented Architecture (SOA)
D. Insufficient Service Level Agreement (SLA)
Question 203
What is the PRIMARY reason for implementing change management?
A. Certify and approve releases to the environment
B. Provide version rollbacks for system changes
C. Ensure that all applications are approved
D. Ensure accountability for changes to the environment
Question 204
What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?
A. Take the computer to a forensic lab
B. Make a copy of the hard drive
C. Start documenting
D. Turn off the computer
Question 205
Which of the following is the BEST method to prevent malware from being introduced into a production environment?
A. Purchase software from a limited list of retailers
B. Verify the hash key or certificate key of all updates
C. Do not permit programs, patches, or updates from the Internet
D. Test all new software in a segregated environment
Question 206
Internet Protocol (IP) source address spoofing is used to defeat
A. address-based authentication.
B. Address Resolution Protocol (ARP).
C. Reverse Address Resolution Protocol (RARP).
D. Transmission Control Protocol (TCP) hijacking.
Question 207
Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?
A. Immediately document the finding and report to senior management.
B. Use system privileges to alter the permissions to secure the server
C. Continue the testing to its completion and then inform IT management
D. Terminate the penetration test and pass the finding to the server management team
Question 208
Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?
A. It has normalized severity ratings.
B. It has many worksheets and practices to implement.
C. It aims to calculate the risk of published vulnerabilities.
D. It requires a robust risk management framework to be put in place.
Question 209
To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?
A. Multiple-pass overwriting
B. Degaussing
C. High-level formatting
D. Physical destruction
Question 210
A vulnerability test on an Information System (IS) is conducted to
A. exploit security weaknesses in the IS.
B. measure system performance on systems with weak security controls.
C. evaluate the effectiveness of security controls.
D. prepare for Disaster Recovery (DR) planning.
Question 211
An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?
A. Data leakage
B. Unfiltered channel
C. Data emanation
D. Covert channel
Question 212
Contingency plan exercises are intended to do which of the following?
A. Train personnel in roles and responsibilities
B. Validate service level agreements
C. Train maintenance personnel
D. Validate operation metrics
Question 213
The key benefits of a signed and encrypted e-mail include
A. confidentiality, authentication, and authorization.
B. confidentiality, non-repudiation, and authentication.
C. non-repudiation, authorization, and authentication.
D. non-repudiation, confidentiality, and authorization.
Question 214
The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using
A. INSERT and DELETE.
B. GRANT and REVOKE.
C. PUBLIC and PRIVATE.
D. ROLLBACK and TERMINATE.
Question 215
Which of the following is considered best practice for preventing e-mail spoofing?
A. Spam filtering
B. Cryptographic signature
C. Uniform Resource Locator (URL) filtering
D. Reverse Domain Name Service (DNS) lookup
Question 216
An advantage of link encryption in a communications network is that it
A. makes key management and distribution easier.
B. protects data from start to finish through the entire network.
C. improves the efficiency of the transmission.
D. encrypts all information, including headers and routing information.
Question 217
The process of mutual authentication involves a computer system authenticating a user and authenticating the
A. user to the audit process.
B. computer system to the user.
C. user's access to all authorized objects.
D. computer system to the audit process.
Question 218
Which of the following is the best practice for testing a Business Continuity Plan (BCP)?
A. Test before the IT Audit
B. Test when environment changes
C. Test after installation of security patches
D. Test after implementation of system patches
Question 219
The PRIMARY purpose of a security awareness program is to
A. ensure that everyone understands the organization's policies and procedures.
B. communicate that access to information will be granted on a need-to-know basis.
C. warn all users that access to all systems will be monitored on a daily basis.
D. comply with regulations related to data and information protection.
Question 220
A practice that permits the owner of a data object to grant other users access to that object would usually provide
A. Mandatory Access Control (MAC).
B. owner-administered control.
C. owner-dependent access control.
D. Discretionary Access Control (DAC).
Question 221
Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?
A. Role Based Access Control (RBAC)
B. Biometric access control
C. Federated Identity Management (IdM)
D. Application hardening
Question 222
An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?
A. The service provider's policies are consistent with ISO/IEC27001 and there is evidence that the service provider is following those policies.
B. The service provider will segregate the data within its systems and ensure that each region's policies are met.
C. The service provider will impose controls and protections that meet or exceed the current systemscontrols and produce audit logs as verification.
D. The service provider's policies can meet the requirements imposed by the new environment even if they differ from the organization's current policies.
Question 223
Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?
A. Determining the probability that the system functions safely during any time period
B. Quantifying the system's available services
C. Identifying the number of security flaws within the system
D. Measuring the system's integrity in the presence of failure
Question 224
An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?
A. Provide the encrypted passwords and analysis tools to the auditor for analysis.
B. Analyze the encrypted passwords for the auditor and show them the results.
C. Demonstrate that non-compliant passwords cannot be created in the system.
D. Demonstrate that non-compliant passwords cannot be encrypted in the system.
Question 225
Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?
A. Operational networks are usually shut down during testing.
B. Testing should continue even if components of the test fail.
C. The company is fully prepared for a disaster if all tests pass.
D. Testing should not be done until the entire disaster plan can be tested.
Question 226
Which one of the following describes granularity?
A. Maximum number of entries available in an Access Control List (ACL)
B. Fineness to which a trusted system can authenticate users
C. Number of violations divided by the number of total accesses
D. Fineness to which an access control system can be adjusted
Question 227
Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?
A. Encrypt and hash all PII to avoid disclosure and tampering.
B. Store PII for no more than one year.
C. Avoid storing PII in a Cloud Service Provider.
D. Adherence to collection limitation laws and regulations.
Question 228
What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?
A. Physical access to the electronic hardware
B. Regularly scheduled maintenance process
C. Availability of the network connection
D. Processing delays
Question 229
Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?
A. Network Address Translation (NAT)
B. Application Proxy
C. Routing Information Protocol (RIP) Version 2
D. Address Masking
Question 230
The Hardware Abstraction Layer (HAL) is implemented in the
A. system software.
B. system hardware.
C. application software.
D. network hardware.
Question 231
A disadvantage of an application filtering firewall is that it can lead to
A. a crash of the network as a result of user activities.
B. performance degradation due to the rules applied.
C. loss of packets on the network due to insufficient bandwidth.
D. Internet Protocol (IP) spoofing by hackers.
Question 232
Which of the following is the FIRST step of a penetration test plan?
A. Analyzing a network diagram of the target network
B. Notifying the company's customers
C. Obtaining the approval of the company's management
D. Scheduling the penetration test during a period of least impact
Question 233
Which one of the following is a fundamental objective in handling an incident?
A. To restore control of the affected systems
B. To confiscate the suspect's computers
C. To prosecute the attacker
D. To perform full backups of the system
Question 234
When transmitting information over public networks, the decision to encrypt it should be based on
A. the estimated monetary value of the information.
B. whether there are transient nodes relaying the transmission.
C. the level of confidentiality of the information.
D. the volume of the information.
Question 235
Which of the following would be the FIRST step to take when implementing a patch management program?
A. Perform automatic deployment of patches.
B. Monitor for vulnerabilities and threats.
C. Prioritize vulnerability remediation.
D. Create a system inventory.
Question 236
While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?
A. Trusted path
B. Malicious logic
C. Social engineering
D. Passive misuse
Question 237
Which of the following defines the key exchange for Internet Protocol Security (IPSec)?
A. Secure Sockets Layer (SSL) key exchange
B. Internet Key Exchange (IKE)
C. Security Key Exchange (SKE)
D. Internet Control Message Protocol (ICMP)
Question 238
Why MUST a Kerberos server be well protected from unauthorized access?
A. It contains the keys of all clients.
B. It always operates at root privilege.
C. It contains all the tickets for services.
D. It contains the Internet Protocol (IP) address of all network entities.
Question 239
When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
A. Create a user profile.
B. Create a user access matrix.
C. Develop an Access Control List (ACL).
D. Develop a Role Based Access Control (RBAC) list.
Question 240
Which of the following is an effective method for avoiding magnetic media data remanence?
A. Degaussing
B. Encryption
C. Data Loss Prevention (DLP)
D. Authentication
Question 241
What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?
A. Evaluating the efficiency of the plan
B. Identifying the benchmark required for restoration
C. Validating the effectiveness of the plan
D. Determining the Recovery Time Objective (RTO)
Question 242
Passive Infrared Sensors (PIR) used in a non-climate controlled environment should
A. reduce the detected object temperature in relation to the background temperature.
B. increase the detected object temperature in relation to the background temperature.
C. automatically compensate for variance in background temperature.
D. detect objects of a specific temperature independent of the background temperature.
Question 243
When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and
A. flexible.
B. confidential.
C. focused.
D. achievable.
Question 244
Which of the following does Temporal Key Integrity Protocol (TKIP) support?
A. Multicast and broadcast messages
B. Coordination of IEEE 802.11 protocols
C. Wired Equivalent Privacy (WEP) systems
D. Synchronization of multiple devices
Question 245
Which of the following BEST represents the principle of open design?
A. Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.
B. Algorithms must be protected to ensure the security and interoperability of the designed system.
C. A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities.
D. The security of a mechanism should not depend on the secrecy of its design or implementation.
Question 246
Which of the following statements is TRUE of black box testing?
A. Only the functional specifications are known to the test planner.
B. Only the source code and the design documents are known to the test planner.
C. Only the source code and functional specifications are known to the test planner.
D. Only the design documents and the functional specifications are known to the test planner.
Question 247
Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?
A. Write a Service Level Agreement (SLA) for the two companies.
B. Set up a Virtual Private Network (VPN) between the two companies.
C. Configure a firewall at the perimeter of each of the two companies.
D. Establish a File Transfer Protocol (FTP) connection between the two companies.
Question 248
Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?
A. Cross Origin Resource Sharing (CORS)
B. WebSockets
C. Document Object Model (DOM) trees
D. Web Interface Definition Language (IDL)
Question 249
What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?
A. Experience in the industry
B. Definition of security profiles
C. Human resource planning efforts
D. Procedures in systems development
Question 250
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?
A. Anti-virus software
B. Intrusion Prevention System (IPS)
C. Anti-spyware software
D. Integrity checking software
Question 251
Which of the following describes the concept of a Single Sign-On (SSO) system?
A. Users are authenticated to one system at a time.
B. Users are identified to multiple systems with several credentials.
C. Users are authenticated to multiple systems with one login.
D. Only one user is using the system at a time.
Question 252
Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?
A. Maintaining an inventory of authorized Access Points (AP) and connecting devices
B. Setting the radio frequency to the minimum range required
C. Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator
D. Verifying that all default passwords have been changed
Question 253
Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.
Which of the following is true according to the star property (*property)?
A. User D can write to File 1
B. User B can write to File 1
C. User A can write to File 1
D. User C can write to File 1
Question 254
Which item below is a federated identity standard?
A. 802.11i
B. Kerberos
C. Lightweight Directory Access Protocol (LDAP)
D. Security Assertion Markup Language (SAML)
Question 255
Which of the following assures that rules are followed in an identity management architecture?
A. Policy database
B. Digital signature
C. Policy decision point
D. Policy enforcement point
Question 256
Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. What MUST the plan include in order to reduce client-side exploitation?
A. Approved web browsers
B. Network firewall procedures
C. Proxy configuration
D. Employee education
Question 257
Which of the following is required to determine classification and ownership?
A. System and data resources are properly identified
B. Access violations are logged and audited
C. Data file references are identified and linked
D. System security controls are fully integrated
Question 258
Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
The third party needs to have
A. processes that are identical to that of the organization doing the outsourcing.
B. access to the original personnel that were on staff at the organization.
C. the ability to maintain all of the applications in languages they are familiar with.
D. access to the skill sets consistent with the programming languages used by the organization.
Question 259
What is the PRIMARY advantage of using automated application security testing tools?
A. The application can be protected in the production environment.
B. Large amounts of code can be tested using fewer resources.
C. The application will fail less when tested using these tools.
D. Detailed testing of code functions can be performed.
Question 260
What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service?
A. Some users are not provisioned into the service.
B. SAML tokens are provided by the on-premise identity provider.
C. Single users cannot be revoked from the service.
D. SAML tokens contain user information.
Question 261
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?
A. Human resources policy
B. Acceptable use policy
C. Code of ethics
D. Access control policy
Question 262
Which of the following is the BEST solution to provide redundancy for telecommunications links?
A. Provide multiple links from the same telecommunications vendor.
B. Ensure that the telecommunications links connect to the network in one location.
C. Ensure that the telecommunications links connect to the network in multiple locations.
D. Provide multiple links from multiple telecommunications vendors.
Question 263
Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will indicate where the IT budget is BEST allocated during this time?
A. Policies
B. Frameworks
C. Metrics
D. Guidelines
Question 264
During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?
A. The procurement officer lacks technical knowledge.
B. The security requirements have changed during the procurement process.
C. There were no security professionals in the vendor's bidding team.
D. The description of the security requirements was insufficient.
Question 265
Which of the following BEST describes Recovery Time Objective (RTO)?
A. Time of data validation after disaster
B. Time of data restoration from backup after disaster
C. Time of application resumption after disaster
D. Time of application verification after disaster
Question 266
Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?
A. Secondary use of the data by business users
B. The organization's security policies and standards
C. The business purpose for which the data is to be used
D. The overall protection of corporate resources and data
Question 267
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Which of the following BEST describes the access control methodology used?
A. Least privilege
B. Lattice Based Access Control (LBAC)
C. Role Based Access Control (RBAC)
D. Lightweight Directory Access Control (LDAP)
Question 268
The use of proximity card to gain access to a building is an example of what type of security control?
A. Legal
B. Logical
C. Physical
D. Procedural
Question 269
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
In addition to authentication at the start of the user session, best practice would require re-authentication
A. periodically during a session.
B. for each business process.
C. at system sign-off.
D. after a period of inactivity.
Question 270
For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?
A. Hash functions
B. Data segregation
C. File system permissions
D. Non-repudiation controls
Question 271
From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?
A. Configure secondary servers to use the primary server as a zone forwarder.
B. Block all Transmission Control Protocol (TCP) connections.
C. Disable all recursive queries on the name servers.
D. Limit zone transfers to authorized devices.
Question 272
An organization's data policy MUST include a data retention period which is based on
A. application dismissal.
B. business procedures.
C. digital certificates expiration.
D. regulatory compliance.
Question 273
Without proper signal protection, embedded systems may be prone to which type of attack?
A. Brute force
B. Tampering
C. Information disclosure
D. Denial of Service (DoS)
Question 274
Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
When determining appropriate resource allocation, which of the following is MOST important to monitor?
A. Number of system compromises
B. Number of audit findings
C. Number of staff reductions
D. Number of additional assets
Question 275
Which of the following is the PRIMARY benefit of a formalized information classification program?
A. It drives audit processes.
B. It supports risk assessment.
C. It reduces asset vulnerabilities.
D. It minimizes system logging requirements.
Question 276
When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?
A. Retain intellectual property rights through contractual wording.
B. Perform overlapping code reviews by both parties.
C. Verify that the contractors attend development planning meetings.
D. Create a separate contractor development environment.
Question 277
Which of the following is the BEST countermeasure to brute force login attacks?
A. Changing all canonical passwords
B. Decreasing the number of concurrent user sessions
C. Restricting initial password delivery only in person
D. Introducing a delay after failed system access attempts
Question 278
What is the MOST important reason to configure unique user IDs?
A. Supporting accountability
B. Reducing authentication errors
C. Preventing password compromise
D. Supporting Single Sign On (SSO)
Question 279
Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?
A. Knurling
B. Grinding
C. Shredding
D. Degaussing
Question 280
Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique?
A. It is useful for testing communications protocols and graphical user interfaces.
B. It is characterized by the stateless behavior of a process implemented in a function.
C. Test inputs are obtained from the derived boundaries of the given functional specifications.
D. An entire partition can be covered by considering only one representative value from that partition.
Question 281
Data remanence refers to which of the following?
A. The remaining photons left in a fiber optic cable after a secure transmission.
B. The retention period required by law or regulation.
C. The magnetic flux created when removing the network connection from a server or personal computer.
D. The residual information left on magnetic storage media after a deletion or erasure.
Question 282
Which of the following is the MOST important element of change management documentation?
A. List of components involved
B. Number of changes being made
C. Business case justification
D. A stakeholder communication
Question 283
Which of the following is a reason to use manual patch installation instead of automated patch management?
A. The cost required to install patches will be reduced.
B. The time during which systems will remain vulnerable to an exploit will be decreased.
C. The likelihood of system or application incompatibilities will be decreased.
D. The ability to cover large geographic areas is increased.
Question 284
If compromised, which of the following would lead to the exploitation of multiple virtual machines?
A. Virtual device drivers
B. Virtual machine monitor
C. Virtual machine instance
D. Virtual machine file system
Question 285
After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue?
A. Implement strong passwords authentication for VPN
B. Integrate the VPN with centralized credential stores
C. Implement an Internet Protocol Security (IPSec) client
D. Use two-factor authentication mechanisms
Question 286
A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?
A. Onward transfer
B. Collection Limitation
C. Collector Accountability
D. Individual Participation
Question 287
Which of the following PRIMARILY contributes to security incidents in web-based applications?
A. Systems administration and operating systems
B. System incompatibility and patch management
C. Third-party applications and change controls
D. Improper stress testing and application interfaces
Question 288
Which of the following is most helpful in applying the principle of LEAST privilege?
A. Establishing a sandboxing environment
B. Setting up a Virtual Private Network (VPN) tunnel
C. Monitoring and reviewing privileged sessions
D. Introducing a job rotation program
Question 289
What is an important characteristic of Role Based Access Control (RBAC)?
A. Supports Mandatory Access Control (MAC)
B. Simplifies the management of access rights
C. Relies on rotation of duties
D. Requires two factor authentication
Question 290
Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?
A. Authorizations are not included in the server response
B. Unsalted hashes are passed over the network
C. The authentication session can be replayed
D. Passwords are passed in cleartext
Question 291
Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?
A. A strong breach notification process
B. Limited collection of individuals' confidential data
C. End-to-end data encryption for data in transit
D. Continuous monitoring of potential vulnerabilities
Question 292
Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?
A. Concept, Development, Production, Utilization, Support, Retirement
B. Stakeholder Requirements Definition, Architectural Design, Implementation, Verification, Operation
C. Acquisition, Measurement, Configuration Management, Production, Operation, Support
D. Concept, Requirements, Design, Implementation, Production, Maintenance, Support, Disposal
Question 293
Which of the following describes the BEST configuration management practice?
A. After installing a new system, the configuration files are copied to a separate back-up system and hashed to detect tampering.
B. After installing a new system, the configuration files are copied to an air-gapped system and hashed to detect tampering.
C. The firewall rules are backed up to an air-gapped system.
D. A baseline configuration is created and maintained for all relevant systems.
Question 294
Which of the following is the PRIMARY security concern associated with the implementation of smart cards?
A. The cards have limited memory
B. Vendor application compatibility
C. The cards can be misplaced
D. Mobile code can be embedded in the card
Question 295
Retaining system logs for six months or longer can be valuable for what activities?
A. Disaster recovery and business continuity
B. Forensics and incident response
C. Identity and authorization management
D. Physical and logical access control
Question 296
Secure Sockets Layer (SSL) encryption protects
A. data at rest.
B. the source IP address.
C. data transmitted.
D. data availability.
Question 297
The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?
A. Two-factor authentication
B. Single Sign-On (SSO)
C. User self-service
D. A metadirectory
Question 298
Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?
A. IEEE 802.1F
B. IEEE 802.1H
C. IEEE 802.1Q
D. IEEE 802.1X
Question 299
The PRIMARY security concern for handheld devices is the
A. strength of the encryption algorithm.
B. spread of malware during synchronization.
C. ability to bypass the authentication mechanism.
D. strength of the Personal Identification Number (PIN).
Question 300
Software Code signing is used as a method of verifying what security concept?
A. Integrity
B. Confidentiality
C. Availability
D. Access Control
Question 301
Data leakage of sensitive information is MOST often concealed by which of the following?
A. Secure Sockets Layer (SSL)
B. Secure Hash Algorithm (SHA)
C. Wired Equivalent Privacy (WEP)
D. Secure Post Office Protocol (POP)
Question 302
An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.
As part of the authentication process, which of the following must the end user provide?
A. An access token
B. A username and password
C. A username
D. A password
Question 303
The PRIMARY outcome of a certification process is that it provides documented
A. system weaknesses for remediation.
B. standards for security assessment, testing, and process evaluation.
C. interconnected systems and their implemented security controls.
D. security analyses needed to make a risk-based decision.
Question 304
Which of the following methods can be used to achieve confidentiality and integrity for data in transit?
A. Multiprotocol Label Switching (MPLS)
B. Internet Protocol Security (IPSec)
C. Federated identity management
D. Multi-factor authentication
Question 305
What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?
A. Parallel
B. Walkthrough
C. Simulation
D. Tabletop
Question 306
Which of the following questions can be answered using user and group entitlement reporting?
A. When a particular file was last accessed by a user
B. Change control activities for a particular group of users
C. The number of failed login attempts for a particular user
D. Where does a particular user have access within the network
Question 307
Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?
A. Data Custodian
B. Executive Management
C. Chief Information Security Officer
D. Data/Information/Business Owners
Question 308
A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
A. Static discharge
B. Consumption
C. Generation
D. Magnetism
Question 309
Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?
A. Policy documentation review
B. Authentication validation
C. Periodic log reviews
D. Interface testing
Question 310
In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
A. Application Layer
B. Physical Layer
C. Data-Link Layer
D. Network Layer
Question 311
The 802.1x standard provides a framework for what?
A. Network authentication for only wireless networks
B. Network authentication for wired and wireless networks
C. Wireless encryption using the Advanced Encryption Standard (AES)
D. Wireless network encryption using Secure Sockets Layer (SSL)
Question 312
While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?
A. Retention
B. Reporting
C. Recovery
D. Remediation
Question 313
Which of the following is the PRIMARY issue when collecting detailed log information?
A. Logs may be unavailable when required
B. Timely review of the data is potentially difficult
C. Most systems and applications do not support logging
D. Logs do not provide sufficient details of system and individual activities
Question 314
By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?
A. Lock pinging
B. Lock picking
C. Lock bumping
D. Lock bricking
Question 315
The BEST method to mitigate the risk of a dictionary attack on a system is to
A. use a hardware token.
B. use complex passphrases.
C. implement password history.
D. encrypt the access control list (ACL).
Question 316
Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?
A. Delayed revocation or destruction of credentials
B. Modification of Certificate Revocation List
C. Unauthorized renewal or re-issuance
D. Token use after decommissioning
Question 317
What is the difference between media marking and media labeling?
A. Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures.
B. Media labeling refers to the use of human-readable security attributes, while media marking refers to the use of security attributes in internal data structures.
C. Media labeling refers to security attributes required by public policy/law, while media marking refers to security required by internal organizational policy.
D. Media marking refers to security attributes required by public policy/law, while media labeling refers to security attributes required by internal organizational policy.
Question 318
A vulnerability in which of the following components would be MOST difficult to detect?
A. Kernel
B. Shared libraries
C. Hardware
D. System application
Question 319
The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?
A. Service Level Agreement (SLA)
B. Business Continuity Plan (BCP)
C. Business Impact Analysis (BIA)
D. Crisis management plan
Question 320
Which of the following is the BEST method to reduce the effectiveness of phishing attacks?
A. User awareness
B. Two-factor authentication
C. Anti-phishing software
D. Periodic vulnerability scan
Question 321
An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred?
A. Denial of Service (DoS) attack
B. Address Resolution Protocol (ARP) spoof
C. Buffer overflow
D. Ping flood attack
Question 322
Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?
A. Addresses and protocols of network-based logs are analyzed.
B. Host-based system logging has files stored in multiple locations.
C. Properly handled network-based logs may be more reliable and valid.
D. Network-based systems cannot capture users logging into the console.
Question 323
Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?
A. Transference
B. Covert channel
C. Bleeding
D. Cross-talk
Question 324
How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?
A. Use an impact-based approach.
B. Use a risk-based approach.
C. Use a criticality-based approach.
D. Use a threat-based approach.
Question 325
Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?
A. Tactical, strategic, and financial
B. Management, operational, and technical
C. Documentation, observation, and manual
D. Standards, policies, and procedures
Question 326
Which of the following restricts the ability of an individual to carry out all the steps of a particular process?
A. Job rotation
B. Separation of duties
C. Least privilege
D. Mandatory vacations
Question 327
Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item?
A. Property book
B. Chain of custody form
C. Search warrant return
D. Evidence tag
Question 328
What does the Maximum Tolerable Downtime (MTD) determine?
A. The estimated period of time a business critical database can remain down before customers are affected.
B. The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning
C. The estimated period of time a business can remain interrupted beyond which it risks never recovering
D. The fixed length of time in a DR process before redundant systems are engaged
Question 329
The PRIMARY purpose of accreditation is to:
A. comply with applicable laws and regulations.
B. allow senior management to make an informed decision regarding whether to accept the risk of operating the system.
C. protect an organization’s sensitive datA.
D. verify that all security controls have been implemented properly and are operating in the correct manner.
Question 330
Which of the following BEST describes a chosen plaintext attack?
A. The cryptanalyst can generate ciphertext from arbitrary text.
B. The cryptanalyst examines the communication being sent back and forth.
C. The cryptanalyst can choose the key and algorithm to mount the attack.
D. The cryptanalyst is presented with the ciphertext from which the original message is determined.
Question 331
What operations role is responsible for protecting the enterprise from corrupt or contaminated media?
A. Information security practitioner
B. Information librarian
C. Computer operator
D. Network administrator
Question 332
Which of the following BEST describes Recovery Time Objective (RTO)?
A. Time of application resumption after disaster
B. Time of application verification after disaster.
C. Time of data validation after disaster.
D. Time of data restoration from backup after disaster.
Question 333
How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?
A. Examines log messages or other indications on the system.
B. Monitors alarms sent to the system administrator
C. Matches traffic patterns to virus signature files
D. Examines the Access Control List (ACL)
Question 334
When writing security assessment procedures, what is the MAIN purpose of the test outputs and reports?
A. To force the software to fail and document the process
B. To find areas of compromise in confidentiality and integrity
C. To allow for objective pass or fail decisions
D. To identify malware or hidden code within the test results
Question 335
An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?
A. Revoke access temporarily.
B. Block user access and delete user account after six months.
C. Block access to the offices immediately.
D. Monitor account usage temporarily.
Question 336
Which of the following is the PRIMARY benefit of a formalized information classification program?
A. It minimized system logging requirements.
B. It supports risk assessment.
C. It reduces asset vulnerabilities.
D. It drives audit processes.
Question 337
Which of the following BEST represents the concept of least privilege?
A. Access to an object is denied unless access is specifically allowed.
B. Access to an object is only available to the owner.
C. Access to an object is allowed unless it is protected by the information security policy.
D. Access to an object is only allowed to authenticated users via an Access Control List (ACL).
Question 338
Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?
A. VPN bandwidth
B. Simultaneous connection to other networks
C. Users with Internet Protocol (IP) addressing conflicts
D. Remote users with administrative rights
Question 339
An organization’s information security strategic plan MUST be reviewed
A. whenever there are significant changes to a major application.
B. quarterly, when the organization’s strategic plan is updated.
C. whenever there are major changes to the business.
D. every three years, when the organization’s strategic plan is updated.
Question 340
Which of the following is a weakness of Wired Equivalent Privacy (WEP)?
A. Length of Initialization Vector (IV)
B. Protection against message replay
C. Detection of message tampering
D. Built-in provision to rotate keys
Question 341
In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of
A. systems integration.
B. risk management.
C. quality assurance.
D. change management.
Question 342
Which of the following are effective countermeasures against passive network-layer attacks?
A. Federated security and authenticated access controls
B. Trusted software development and run time integrity controls
C. Encryption and security enabled applications
D. Enclave boundary protection and computing environment defense
Question 343
A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in place. Which is the MOST suitable approach that the administrator should take?
A. Administrator should request data owner approval to the user access
B. Administrator should request manager approval for the user access
C. Administrator should directly grant the access to the non-sensitive files
D. Administrator should assess the user access need and either grant or deny the access
Question 344
When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?
A. Topology diagrams
B. Mapping tools
C. Asset register
D. Ping testing
Question 345
Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?
A. Notification tool
B. Message queuing tool
C. Security token tool
D. Synchronization tool
Question 346
A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results. What should be implemented to BEST achieve the desired results?
A. Configuration Management Database (CMDB)
B. Source code repository
C. Configuration Management Plan (CMP)
D. System performance monitoring application
Question 347
Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?
A. Use Software as a Service (SaaS)
B. Whitelist input validation
C. Require client certificates
D. Validate data output
Question 348
A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user’s desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst’s next step?
A. Send the log file co-workers for peer review
B. Include the full network traffic logs in the incident report
C. Follow organizational processes to alert the proper teams to address the issue.
D. Ignore data as it is outside the scope of the investigation and the analyst’s role.
Question 349
A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?
A. 25%
B. 50%
C. 75%
D. 100%
Question 350
Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?
A. Ensures that a trace for all deliverables is maintained and auditable
B. Enforces backward compatibility between releases
C. Ensures that there is no loss of functionality between releases
D. Allows for future enhancements to existing features
Question 351
Which of the following is the MOST important security goal when performing application interface testing?
A. Confirm that all platforms are supported and function properly
B. Evaluate whether systems or components pass data and control correctly to one another
C. Verify compatibility of software, hardware, and network connections
D. Examine error conditions related to external interfaces to prevent application details leakage
Question 352
What is the MAIN goal of information security awareness and training?
A. To inform users of the latest malware threats
B. To inform users of information assurance responsibilities
C. To comply with the organization information security policy
D. To prepare students for certification
Question 353
An organization’s security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is being used?
A. Discretionary Access Control (DAC)
B. Role Based Access Control (RBAC)
C. Media Access Control (MAC)
D. Mandatory Access Control (MAC)
Question 354
Due to system constraints, a group of system administrators must share a high-level access set of credentials. Which of the following would be MOST appropriate to implement?
A. Increased console lockout times for failed logon attempts
B. Reduce the group in size
C. A credential check-out process for a per-use basis
D. Full logging on affected systems
Question 355
Who is responsible for the protection of information when it is shared with or provided to other organizations?
A. Systems owner
B. Authorizing Official (AO)
C. Information owner
D. Security officer
Question 356
In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper connectivity?
A. Connect the device to another network jack
B. Apply remediation’s according to security requirements
C. Apply Operating System (OS) patches
D. Change the Message Authentication Code (MAC) address of the network interface
Question 357
As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?
A. Use a web scanner to scan for vulnerabilities within the website.
B. Perform a code review to ensure that the database references are properly addressed.
C. Establish a secure connection to the web server to validate that only the approved ports are open.
D. Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.
Question 358
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
A. To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
B. To validate backup sites’ effectiveness
C. To find out what does not work and fix it
D. To create a high level DRP awareness among Information Technology (IT) staff
Question 359
A company seizes a mobile device suspected of being used in committing fraud. What would be the BEST method used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence?
A. Put the device in airplane mode
B. Suspend the account with the telecommunication provider
C. Remove the SIM card
D. Turn the device off
Question 360
An organization plan on purchasing a custom software product developed by a small vendor to support its business model. Which unique consideration should be made part of the contractual agreement potential long-term risks associated with creating this dependency?
A. A source code escrow clause
B. Right to request an independent review of the software source code
C. Due diligence form requesting statements of compliance with security requirements
D. Access to the technical documentation
Question 361
An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject’s data?
A. Aggregate it into one database in the US
B. Process it in the US, but store the information in France
C. Share it with a third party
D. Anonymize it and process it in the US
Question 362
Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?
A. Code quality, security, and origin
B. Architecture, hardware, and firmware
C. Data quality, provenance, and scaling
D. Distributed, agile, and bench testing
Question 363
Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?
A. Achieving Service Level Agreements (SLA) on how quickly patches will be released when a security flaw is found.
B. Maintaining segregation of duties.
C. Standardized configurations for logging, alerting, and security metrics.
D. Availability of security teams at the end of design process to perform last-minute manual audits and reviews.
Question 364
Which of the following combinations would MOST negatively affect availability?
A. Denial of Service (DoS) attacks and outdated hardware
B. Unauthorized transactions and outdated hardware
C. Fire and accidental changes to data
D. Unauthorized transactions and denial of service attacks
Question 365
Which of the following is the MOST efficient mechanism to account for all staff during a speedy nonemergency evacuation from a large security facility?
A. Large mantrap where groups of individuals leaving are identified using facial recognition technology
B. Radio Frequency Identification (RFID) sensors worn by each employee scanned by sensors at each exitdoor
C. Emergency exits with push bars with coordinates at each exit checking off the individual against a predefined list
D. Card-activated turnstile where individuals are validated upon exit
Question 366
Which security modes is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data?
A. Biba
B. Graham-Denning
C. Clark-Wilson
D. Beil-LaPadula
Question 367
Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?
A. Password requirements are simplified.
B. Risk associated with orphan accounts is reduced.
C. Segregation of duties is automatically enforced.
D. Data confidentiality is increased.
Question 368
When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified?
A. Implementation
B. Initiation
C. Review
D. Development
Question 369
The organization would like to deploy an authorization mechanism for an Information Technology (IT) infrastructure project with high employee turnover. Which access control mechanism would be preferred?
A. Attribute Based Access Control (ABAC)
B. Discretionary Access Control (DAC)
C. Mandatory Access Control (MAC)
D. Role-Based Access Control (RBAC)
Question 370
Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?
A. Inert gas fire suppression system
B. Halon gas fire suppression system
C. Dry-pipe sprinklers
D. Wet-pipe sprinklers
Question 371
Which of the following is a common characteristic of privacy?
A. Provision for maintaining an audit trail of access to the private data
B. Notice to the subject of the existence of a database containing relevant credit card data
C. Process for the subject to inspect and correct personal data on-site
D. Database requirements for integration of privacy data
Question 372
Which of the following is a responsibility of the information owner?
A. Ensure that users and personnel complete the required security training to access the Information System (IS)
B. Defining proper access to the Information System (IS), including privileges or access rights
C. Managing identification, implementation, and assessment of common security controls
D. Ensuring the Information System (IS) is operated according to agreed upon security requirements
Question 373
Proven application security principles include which of the following?
A. Minimizing attack surface area
B. Hardening the network perimeter
C. Accepting infrastructure security controls
D. Developing independent modules
Question 374
Which type of test would an organization perform in order to locate and target exploitable defects?
A. Penetration
B. System
C. Performance
D. Vulnerability
Question 375
Assessing a third party’s risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain. Which of the following is LEAST associated with the attack surface?
A. Input protocols
B. Target processes
C. Error messages
D. Access rights
Question 376
What is the second step in the identity and access provisioning lifecycle?
A. Provisioning
B. Review
C. Approval
D. Revocation
Question 377
Which of the following is the MOST challenging issue in apprehending cyber criminals?
A. They often use sophisticated method to commit a crime.
B. It is often hard to collect and maintain integrity of digital evidence.
C. The crime is often committed from a different jurisdiction.
D. There is often no physical evidence involved.
Question 378
Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services?
A. Mandatory Access Controls (MAC)
B. Enterprise security architecture
C. Enterprise security procedures
D. Role Based Access Controls (RBAC)
Question 379
At a MINIMUM, audits of permissions to individual or group accounts should be scheduled
A. annually
B. to correspond with staff promotions
C. to correspond with terminations
D. continually
Question 380
Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?
A. identity provisioning
B. access recovery
C. multi-factor authentication (MFA)
D. user access review
Question 381
Which of the following is part of a Trusted Platform Module (TPM)?
A. A non-volatile tamper-resistant storage for storing both data and signing keys in a secure fashion
B. A protected Pre-Basic Input/Output System (BIOS) which specifies a method or a metric for “measuring” the state of a computing platform
C. A secure processor targeted at managing digital keys and accelerating digital signing
D. A platform-independent software interface for accessing computer functions
Question 382
Which of the following is a responsibility of a data steward?
A. Ensure alignment of the data governance effort to the organization.
B. Conduct data governance interviews with the organization.
C. Document data governance requirements.
D. Ensure that data decisions and impacts are communicated to the organization.
Question 383
What does a Synchronous (SYN) flood attack do?
A. Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state
B. Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections
C. Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests
D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections
Question 384
Which of the following is the MOST appropriate action when reusing media that contains sensitive data?
A. Erase
B. Sanitize
C. Encrypt
D. Degauss
Question 385
A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections?
A. Develop a written organizational policy prohibiting unauthorized USB devices
B. Train users on the dangers of transferring data in USB devices
C. Implement centralized technical control of USB port connections
D. Encrypt removable USB devices containing data at rest
Question 386
During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL):
http://www.companysite.com/products/products.asp?productid=123
or 1=1
What type of attack does this indicate?
A. Directory traversal
B. Structured Query Language (SQL) injection
C. Cross-Site Scripting (XSS)
D. Shellcode injection
Question 387
Who would be the BEST person to approve an organizations information security policy?
A. Chief Information Officer (CIO)
B. Chief Information Security Officer (CISO)
C. Chief internal auditor
D. Chief Executive Officer (CEO)
Question 388
In Disaster Recovery (DR) and Business Continuity (DC) training, which BEST describes a functional drill?
A. a functional evacuation of personnel
B. a specific test by response teams of individual emergency response functions
C. an activation of the backup site
D. a full-scale simulation of an emergency and the subsequent response functions.
Question 389
The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data
A. through a firewall at the Session layer
B. through a firewall at the Transport layer
C. in the Point-to-Point Protocol (PPP)
D. in the Payload Compression Protocol (PCP)
Question 390
Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic?
A. Application proxy
B. Port filter
C. Network boundary router
D. Access layer switch
Question 391
Which of the following techniques is known to be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections?
A. Automated dynamic analysis
B. Automated static analysis
C. Manual code review
D. Fuzzing
Question 392
A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled.
Why did the network architect likely design the VoIP system with gratuitous ARP disabled?
A. Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1.
B. Gratuitous ARP requires the use of insecure layer 3 protocols.
C. Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone.
D. Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.
Question 393
Access to which of the following is required to validate web session management?
A. Log timestamp
B. Live session traffic
C. Session state variables
D. Test scripts
Question 394
Physical assets defined in an organization’s business impact analysis (BIA) could include which of the following?
A. Personal belongings of organizational staff members
B. Disaster recovery (DR) line-item revenues
C. Cloud-based applications
D. Supplies kept off-site at a remote facility
Question 395
When assessing the audit capability of an application, which of the following activities is MOST important?
A. Identify procedures to investigate suspicious activity.
B. Determine if audit records contain sufficient information.
C. Verify if sufficient storage is allocated for audit records.
D. Review security plan for actions to be taken in the event of audit failure.
Question 396
An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions for many users with similar job responsibilities. Which type of authorization mechanism would be the BEST choice for the organization to implement?
A. Role-based access control (RBAC)
B. Discretionary access control (DAC)
C. Content-dependent Access Control
D. Rule-based Access Control
Question 397
What is the PRIMARY reason for criminal law being difficult to enforce when dealing with cybercrime?
A. Jurisdiction is hard to define.
B. Law enforcement agencies are understaffed.
C. Extradition treaties are rarely enforced.
D. Numerous language barriers exist.
Question 398
Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?
A. Extensible Authentication Protocol (EAP)
B. Internet Protocol Security (IPsec)
C. Secure Sockets Layer (SSL)
D. Secure Shell (SSH)
Question 399
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
A. Reference monitor
B. Trusted Computing Base (TCB)
C. Time separation
D. Security kernel
Question 400
What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?
A. Performance testing
B. Risk assessment
C. Security audit
D. Risk management
Question 401
Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this IAM action?
A. Clothing retailer acts as User Self Service, confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services.
B. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services.
C. Clothing retailer acts as Service Provider, confirms identity of user using industry standards, then sends credentials to partner businesses that act as an identity provider (IdP) and allows access to resources.
D. Clothing retailer acts as Access Control Provider, confirms access of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to resources.
Question 402
Which of the following statements BEST describes least privilege principle in a cloud environment?
A. A single cloud administrator is configured to access core functions.
B. Internet traffic is inspected for all incoming and outgoing packets.
C. Routing configurations are regularly updated with the latest routes.
D. Network segments remain private if unneeded to access the internet.
Question 403
An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?
A. Compression
B. Caching
C. Replication
D. Deduplication
Question 404
Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations?
A. Synchronous Optical Networking (SONET)
B. Multiprotocol Label Switching (MPLS)
C. Fiber Channel Over Ethernet (FCoE)
D. Session Initiation Protocol (SIP)
Question 405
Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?
A. File Integrity Checker
B. Security information and event management (SIEM) system
C. Audit Logs
D. Intrusion detection system (IDS)
Question 406
Which of the following is included in change management?
A. Technical review by business owner
B. User Acceptance Testing (UAT) before implementation
C. Cost-benefit analysis (CBA) after implementation
D. Business continuity testing
Question 407
A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?
A. Pinning
B. Single-pass wipe
C. Multi-pass wipes
D. Degaussing
Question 408
When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?
A. SOC 1 Type 1
B. SOC 2 Type 1
C. SOC 2 Type 2
D. SOC 3
Question 409
Which application type is considered high risk and provides a common way for malware and viruses to enter a network?
A. Instant messaging or chat applications
B. Peer-to-Peer (P2P) file sharing applications
C. E-mail applications
D. End-to-end applications
Question 410
An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference architecture would mobile devices be tracked?
A. 0
B. 1
C. 2
D. 3
Question 411
Which of the following is the BEST way to protect an organization’s data assets?
A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.
B. Monitor and enforce adherence to security policies.
C. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).
D. Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.
Question 412
Within a large organization, what business unit is BEST positioned to initiate provisioning and deprovisioning of user accounts?
A. Training department
B. Internal audit
C. Human resources
D. Information technology (IT)
Question 413
Which of the following is the PRIMARY purpose of installing a mantrap within a facility?
A. Control traffic
B. Control airflow
C. Prevent piggybacking
D. Prevent rapid movement
Question 414
In the “Do” phase of the Plan-Do-Check-Act model, which of the following is performed?
A. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review.
B. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement.
C. Ensure the business continuity policy, controls, processes, and procedures have been implemented.
D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.
Question 415
What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a security assessment?
A. Service Organization Control (SOC) 1 Type 2
B. Service Organization Control (SOC) 1 Type 1
C. Service Organization Control (SOC) 2 Type 2
D. Service Organization Control (SOC) 2 Type 1
Question 416
A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?
A. Organization loses control of their network devices.
B. Network is flooded with communication traffic by the attacker.
C. Network management communications is disrupted.
D. Attacker accesses sensitive information regarding the network topology.
Question 417
Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users’ internal control over financial reporting?
A. Statement on Auditing Standards (SAS) 70
B. Service Organization Control 1 (SOC1)
C. Service Organization Control 2 (SOC2)
D. Service Organization Control 3 (SOC3)
Question 418
Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?
A. Scheduled team review of coding style and techniques for vulnerability patterns
B. The regular use of production code routines from similar applications already in use
C. Using automated programs to test for the latest known vulnerability patterns
D. Ensure code editing tools are updated against known vulnerability patterns
Question 419
When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should the considerations be prioritized?
A. Public safety, duties to individuals, duties to the profession, and duties to principals
B. Public safety, duties to principals, duties to the profession, and duties to individuals
C. Public safety, duties to principals, duties to individuals, and duties to the profession
D. Public safety, duties to the profession, duties to principals, and duties to individuals
Question 420
Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving customer service?
A. Kanban
B. Lean Six Sigma
C. Information Technology Service Management (ITSM)
D. Information Technology Infrastructure Library (ITIL)
Question 421
A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?
A. In-house team lacks resources to support an on-premise solution.
B. Third-party solutions are inherently more secure.
C. Third-party solutions are known for transferring the risk to the vendor.
D. In-house development provides more control.
Question 422
An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user's browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?
A. SQL injection (SQLi)
B. Extensible Markup Language (XML) external entities
C. Cross-Site Scripting (XSS)
D. Cross-Site Request Forgery (CSRF)
Question 423
An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim’s existing browser session with a web application is an example of which of the following types of attack?
A. Clickjacking
B. Cross-site request forgery (CSRF)
C. Cross-Site Scripting (XSS)
D. Injection
Question 424
Which of the following encryption technologies has the ability to function as a stream cipher?
A. Cipher Block Chaining (CBC) with error propagation
B. Electronic Code Book (ECB)
C. Cipher Feedback (CFB)
D. Feistel cipher
Question 425
In a disaster recovery (DR) test, which of the following would be a trait of crisis management?
A. Process
B. Anticipate
C. Strategic
D. Wide focus
Question 426
Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?
A. Strong operational security to keep unit members safe
B. Policies to validate organization rules
C. Cyber hygiene to ensure organizations can keep systems healthy
D. Quality design principles to ensure quality by design
Question 427
Which of the following is security control volatility?
A. A reference to the impact of the security control.
B. A reference to the likelihood of change in the security control.
C. A reference to how unpredictable the security control is.
D. A reference to the stability of the security control.
Question 428
When auditing the Software Development Life Cycle (SDLC), which of the following is one of the high-level audit phases?
A. Planning
B. Risk assessment
C. Due diligence
D. Requirements
Question 429
What is the term used to define where data is geographically stored in the cloud?
A. Data privacy rights
B. Data sovereignty
C. Data warehouse
D. Data subject rights
Question 430
Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?
A. Proper security controls, security objectives, and security goals are properly initiated.
B. Security objectives, security goals, and system test are properly conducted.
C. Proper security controls, security goals, and fault mitigation are properly conducted.
D. Security goals, proper security controls, and validation are properly initiated.
Question 431
Which of the following is MOST important to follow when developing information security controls for an organization?
A. Use industry standard best practices for security controls in the organization.
B. Exercise due diligence with regard to all risk management information to tailor appropriate controls.
C. Review all local and international standards and choose the most stringent based on location.
D. Perform a risk assessment and choose a standard that addresses existing gaps.
Question 432
When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?
A. The RPO is the minimum amount of data that needs to be recovered.
B. The RPO is the amount of time it takes to recover an acceptable percentage of data lost.
C. The RPO is a goal to recover a targeted percentage of data lost.
D. The RPO is the maximum amount of time for which loss of data is acceptable.
Question 433
Which of the following attacks, if successful, could give an intruder complete control of a software-defined networking (SDN) architecture?
A. A brute force password attack on the Secure Shell (SSH) port of the controller
B. Sending control messages to open a flow that does not pass a firewall from a compromised host within the network
C. Remote Authentication Dial-In User Service (RADIUS) token replay attack
D. Sniffing the traffic of a compromised host inside the network
Question 434
Which of the following is the BEST option to reduce the network attack surface of a system?
A. Disabling unnecessary ports and services
B. Ensuring that there are no group accounts on the system
C. Uninstalling default software on the system
D. Removing unnecessary system user accounts
Question 435
The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?
A. Physically secured storage device
B. Trusted Platform Module (TPM)
C. Encrypted flash drive
D. Public key infrastructure (PKI)
Question 436
The existence of physical barriers, card and personal identification number (PIN) access systems, cameras, alarms, and security guards BEST describes this security approach?
A. Access control
B. Security information and event management (SIEM)
C. Defense-in-depth
D. Security perimeter
Question 437
A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?
A. Purpose specification
B. Collection limitation
C. Use limitation
D. Individual participation
Question 438
A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?
A. Access the policy on a company-issued device and let the former colleague view the screen.
B. E-mail the policy to the colleague as they were already part of the organization and familiar with it.
C. Do not acknowledge receiving the request from the former colleague and ignore them.
D. Submit the request using company official channels to ensure the policy is okay to distribute.
Question 439
Which of the following BEST describes when an organization should conduct a black box security audit on a new software project?
A. When the organization wishes to check for non-functional compliance
B. When the organization wants to enumerate known security vulnerabilities across their infrastructure
C. When the organization is confident final source code is complete
D. When the organization has experienced a security incident
Question 440
In software development, which of the following entities normally signs the code to protect the code integrity?
A. The organization developing the code
B. The quality control group
C. The developer
D. The data owner
Question 441
Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?
A. Field-level tokenization
B. Web application vulnerability scanners
C. Runtime application self-protection (RASP)
D. Security Assertion Markup Language (SAML)
Question 442
A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against common vulnerabilities and attacks. What is the MOST efficient option used to prevent buffer overflow attacks?
A. Access control mechanisms
B. Process isolation
C. Address Space Layout Randomization (ASLR)
D. Processor states
Question 443
In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?
A. Implement bi-annual reviews
B. Create policies for system access
C. Implement and review risk-based alerts
D. Increase logging levels
Question 444
A corporation does not have a formal data destruction policy. During which phase of a criminal legal proceeding will this have the MOST impact?
A. Sentencing
B. Trial
C. Discovery
D. Arraignment
Question 445
What is considered the BEST explanation when determining whether to provide remote network access to a third-party security service?
A. Contract negotiation
B. Supplier request
C. Business need
D. Vendor demonstration
Question 446
The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?
A. Collection Limitation Principle
B. Openness Principle
C. Purpose Specification Principle
D. Data Quality Principle
Question 447
Which of the following is the MOST appropriate control for asset data labeling procedures?
A. Categorizing the types of media being used
B. Logging data media to provide a physical inventory control
C. Reviewing off-site storage access controls
D. Reviewing audit trails of logging records
Question 448
What is the BEST approach to anonymizing personally identifiable information (PII) in a test environment?
A. Swapping data
B. Randomizing data
C. Encoding data
D. Encrypting data
Question 449
Which of the following departments initiates the request, approval, and provisioning business process?
A. Operations
B. Security
C. Human resources (HR)
D. Information technology (IT)
Question 450
An organization is setting a security assessment scope with the goal of developing a Security Management Program (SMP). The next step is to select an approach for conducting the risk assessment. Which of the following approaches is MOST effective for the SMP?
A. Security controls–driven assessment
B. Business process–based risk assessment
C. Asset-driven assessment
D. Data-driven assessment
Question 451
Which technique helps system designers consider potential security concerns of their systems and applications?
A. Threat modeling
B. Manual inspections and reviews
C. Source code review
D. Penetration testing
Question 452
A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place?
A. Network segmentation
B. Blacklisting application
C. Whitelisting application
D. Hardened configuration
Question 453
Which of the following BEST describes centralized identity management?
A. Service providers perform as both the credential and identity provider (IdP).
B. Service providers identify an entity by behavioral analysis versus an identification factor.
C. Service providers agree to integrate identity system recognition across organizational boundaries.
D. Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers.
Question 454
What is the MOST significant benefit of role-based access control (RBAC)?
A. Reduces inappropriate access
B. Management of least privilege
C. Most granular form of access control
D. Reduction in authorization administration overhead
Question 455
What is the MOST common security risk of a mobile device?
A. Data spoofing
B. Malware infection
C. Insecure communications link
D. Data leakage
Question 456
What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high-performance data reads and writes?
A. RAID-0
B. RAID-1
C. RAID-5
D. RAID-6
Question 457
What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?
A. Control risk
B. Demand risk
C. Supply risk
D. Process risk
Question 458
International bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of the following?
A. International Traffic in Arms Regulations (ITAR)
B. Palermo convention
C. Wassenaar arrangement
D. General Data Protection Regulation (GDPR)
Question 459
An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?
A. Port security
B. Two-factor authentication (2FA)
C. Strong passwords
D. Application firewall
Question 460
Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?
A. Findings definition section
B. Risk review section
C. Executive summary with full details
D. Key findings section
Question 461
Why is data classification control important to an organization?
A. To enable data discovery
B. To ensure security controls align with organizational risk appetite
C. To ensure its integrity, confidentiality and availability
D. To control data retention in alignment with organizational policies and regulation
Question 462
To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control?
A. Fencing around the facility with closed-circuit television (CCTV) cameras at all entry points
B. Ground sensors installed and reporting to a security event management (SEM) system
C. Regular sweeps of the perimeter, including manual inspection of the cable ingress points
D. Steel casing around the facility ingress points
Question 463
An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?
A. It should be expressed as general requirements.
B. It should be expressed as technical requirements.
C. It should be expressed in business terminology.
D. It should be expressed in legal terminology.
Question 464
Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?
A. Mandatory Access Control (MAC)
B. Attribute Based Access Control (ABAC)
C. Role Based Access Control (RBAC)
D. Discretionary Access Control (DAC)
Question 465
What is a security concern when considering implementing software-defined networking (SDN)?
A. It has a decentralized architecture.
B. It increases the attack footprint.
C. It uses open source protocols.
D. It is cloud based.
Question 466
What is the BEST way to restrict access to a file system on computing systems?
A. Use least privilege at each level to restrict access.
B. Restrict access to all users.
C. Allow a user group to restrict access.
D. Use a third-party tool to restrict access.
Question 467
Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?
A. Avoid lengthy audit reports
B. Enable generation of corrective action reports
C. Facilitate a root cause analysis (RCA)
D. Lower costs throughout the System Development Life Cycle (SDLC)
Question 468
What is the correct order of execution for security architecture?
A. Governance, strategy and program management, operations, project delivery
B. Governance, strategy and program management, project delivery, operations
C. Strategy and program management, project delivery, governance, operations
D. Strategy and program management, governance, project delivery, operations
Question 469
An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the following compliance standards should the organization use to assess the international code security and data privacy of the solution?
A. Service Organization Control (SOC) 2
B. Information Assurance Technical Framework (IATF)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. Payment Card Industry (PCI)
Question 470
An authentication system that uses challenge and response was recently implemented on an organization’s network, because the organization conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was MOST likely used to achieve this?
A. Hash collision
B. Pass the ticket
C. Brute force
D. Cross-Site Scripting (XSS)
Question 471
Which of the following would qualify as an exception to the “right to be forgotten” of the General Data Protection Regulation (GDPR)?
A. For the establishment, exercise, or defense of legal claims
B. The personal data has been lawfully processed and collected
C. For the reasons of private interest
D. The personal data remains necessary to the purpose for which it was collected
Question 472
Dumpster diving is a technique used in which stage of penetration testing methodology?
A. Attack
B. Reporting
C. Planning
D. Discovery
Question 473
Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?
A. Employee evaluation of the training program
B. Internal assessment of the training program’s effectiveness
C. Multiple choice tests to participants
D. Management control of reviews
Question 474
The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?
A. Data loss protection (DLP)
B. Intrusion detection
C. Vulnerability scanner
D. Information Technology Asset Management (ITAM)
Question 475
Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?
A. Distributed denial-of-service (DDoS) attack
B. Advanced persistent threat (APT) attempt
C. Zero-day attack
D. Phishing attempt
Question 476
As a design principle, which one of the following actors is responsible for identifying and approving data security requirement in a cloud ecosystem?
A. Cloud auditor
B. Cloud broker
C. Cloud provider
D. Cloud consumer
Question 477
Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization’s approved policies before being allowed on the network?
A. Network Access Control (NAC)
B. Privileged Access Management (PAM)
C. Group Policy Object (GPO)
D. Mobile Device Management (MDM)
Question 478
Which one of the following BEST protects vendor accounts that are used for emergency maintenance?
A. Vendor access should be disabled until needed
B. Frequent monitoring of vendor access
C. Role-based access control (RBAC)
D. Encryption of routing tables
Question 479
Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?
A. Crisis
B. Catastrophe
C. Accident
D. Disaster
Question 480
Which of the following BEST describes the purpose of software forensics?
A. To analyze possible malicious intent of malware
B. To perform cyclic redundancy check (CRC) verification and detect changed applications
C. To determine the author and behavior of the code
D. To review program code to determine the existence of backdoors
Question 481
A web developer is completing a new web application security checklist before releasing the application to production. The task of disabling unnecessary services is on the checklist. Which web application threat is being mitigated by this action?
A. Session hijacking
B. Security misconfiguration
C. Broken access control
D. Sensitive data exposure
Question 482
What is the BEST method to use for assessing the security impact of acquired software?
A. Threat modeling
B. Common vulnerability review
C. Software security compliance validation
D. Vendor assessment
Question 483
Which of the following ensures old log data is not overwritten?
A. Log retention
B. Implement Syslog
C. Increase log file size
D. Log preservation
Question 484
Under the General Data Protection Regulation (GDPR), what is the maximum amount of time allowed for reporting a personal data breach?
A. 24 hours
B. 48 hours
C. 72 hours
D. 96 hours
Question 485
A financial organization that works according to agile principles has developed a new application for their external customer base to request a line of credit. A security analyst has been asked to assess the security risk of the minimum viable product (MVP). Which is the MOST important activity the analyst should assess?
A. The software has been signed off for release by the product owner.
B. The software had been branded according to corporate standards.
C. The software has the correct functionality.
D. The software has been code reviewed.
Question 486
An application developer receives a report back from the security team showing their automated tools were able to successfully enter unexpected data into the organization’s customer service portal, causing the site to crash. This is an example of which type of testing?
A. Performance
B. Positive
C. Non-functional
D. Negative
Question 487
Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?
A. Design networks with the ability to adapt, reconfigure, and fail over.
B. Test business continuity and disaster recovery (DR) plans.
C. Follow security guidelines to prevent unauthorized network access.
D. Implement network segmentation to achieve robustness.
Question 488
What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?
A. Policy creation
B. Information Rights Management (IRM)
C. Data classification
D. Configuration management (CM)
Question 489
Which change management role is responsible for the overall success of the project and supporting the change throughout the organization?
A. Change driver
B. Project manager
C. Program sponsor
D. Change implementer
Question 490
A company needs to provide shared access of sensitive data on a cloud storage to external business partners. Which of the following identity models is the BEST to blind identity providers (IdP) and relying parties (RP) so that subscriber lists of other parties are not disclosed?
A. Proxied federation
B. Dynamic registration
C. Federation authorities
D. Static registration
Question 491
A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?
A. Bitlocker
B. Trusted Platform Module (TPM)
C. Virtual storage array network (VSAN)
D. Hardware security module (HSM)
Question 492
Which combination of cryptographical algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?
A. Diffie-Hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) >128 bits Digital Signature: Digital Signature Algorithm (DSA) (>=2048 bits)
B. Diffie-Hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) >128 bits Digital Signature: Rivest-Shamir-Adleman (RSA) (1024 bits)
C. Diffie-Hellman (DH) key exchange: DH (<=1024 bits) Symmetric Key: Blowfish Digital Signature: Rivest-Shamir-Adleman (RSA) (>=2048 bits)
D. Diffie-Hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) <128 bits Digital Signature: Elliptic Curve Digital Signature Algorithm (ECDSA) (>=256 bits)
Question 493
What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?
A. Measure the effect of the program on the organization’s workforce.
B. Make all stakeholders aware of the program’s progress.
C. Facilitate supervision of periodic training events.
D. Comply with legal regulations and document due diligence in security practices.
Question 494
In a DevOps environment, which of the following actions is MOST necessary to have confidence in the quality of the changes being made?
A. Prepare to take corrective actions quickly.
B. Automate functionality testing.
C. Review logs for any anomalies.
D. Receive approval from the change review board.
Question 495
What is the MAIN purpose of a security assessment plan?
A. Provide education to employees on security and privacy, to ensure their awareness on policies and procedures.
B. Provide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments.
C. Provide guidance on security requirements, to ensure the identified security risks are properly addressed based on the recommendation.
D. Provide technical information to executives to help them understand information security postures and secure funding.
Question 496
What documentation is produced FIRST when performing an effective physical loss control process?
A. Deterrent controls list
B. Security standards list
C. Asset valuation list
D. Inventory list
Question 497
Which organizational department is ultimately responsible for information governance related to e-mail and other e-records?
A. Legal
B. Audit
C. Compliance
D. Security
Question 498
A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The audit logging gene has extremely high amount of logs. What is the MOST appropriate strategy for the log retention?
A. Keep all logs in an online storage.
B. Keep last week’s logs in an online storage and the rest in an offline storage.
C. Keep last week’s logs in an online storage and the rest in a near-line storage.
D. Keep all logs in an offline storage.
Question 499
In Federated Identity Management (FIM), which of the following represents the concept of federation?
A. Collection, maintenance, and deactivation of user objects and attributes in one or more systems, directories or applications
B. Collection of information logically grouped into a single entity
C. Collection of information for common identities in a system
D. Collection of domains that have established trust among themselves
Question 500
Which of the following is an indicator that a company’s new user security awareness training module has been effective?
A. There are more secure connections to internal e-mail servers.
B. More incidents of phishing attempts are being reported.
C. Fewer incidents of phishing attempts are being reported.
D. There are more secure connections to the internal database servers.
Question 501
An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?
A. IM clients can interoperate between multiple vendors.
B. IM clients can run as executables that do not require installation.
C. IM clients can utilize random port numbers.
D. IM clients can run without administrator privileges.
Question 502
Using the ciphertext and resultant cleartext message to derive the monoalphabetic cipher key is an example of which method of cryptanalytic attack?
A. Known-plaintext attack
B. Ciphertext-only attack
C. Frequency analysis
D. Probable-plaintext attack
Question 503
When developing an organization’s information security budget, it is important that the:
A. Requested funds are at an equal amount to the expected cost of breaches.
B. Expected risk can be managed appropriately with the funds allocated.
C. Requested funds are part of a shared funding pool with other areas.
D. Expected risk to the organization does not exceed the funds allocated.
Question 504
A subscription service which provides power, climate control, raised flooring, and telephone wiring equipment is BEST described as a:
A. Cold site
B. Warm site
C. Hot site
D. Reciprocal site
Question 505
An international trading organization with ISO 27001 certification is outsourcing security monitoring to an MSSP. What MUST be included in the contract?
A. A detailed overview of all equipment involved
B. The right to perform security compliance tests on the MSSP’s equipment
C. The MSSP having an executive responsible for information security
D. The right to audit the MSSP’s security process
Question 506
Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?
A. Hashing
B. Message digest (MD)
C. Symmetric
D. Asymmetric
Question 507
What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?
A. Two-factor authentication
B. Reusable tokens for application level authentication
C. High performance encryption algorithms
D. Secure Sockets Layer (SSL) for all communications
Question 508
Which of the following is MOST appropriate to collect evidence of a zero-day attack?
A. Honeypot
B. Antispam
C. Antivirus
D. Firewall
Question 509
When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?
A. Information may be found on hidden vendor patches.
B. The actual origin and tools used for the test can be hidden.
C. Information may be found on related breaches and hacking.
D. Vulnerabilities can be tested without impact on the tested environment.
Question 510
The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?
A. Change management
B. Separation of environments
C. Program management
D. Mobile code controls
Question 511
Which of the following criteria ensures information is protected relative to its importance to the organization?
A. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification
B. The value of the data to the organization’s senior management
C. Organizational stakeholders, with classification approved by the management board
D. Legal requirements determined by the organization headquarters' location
Question 512
What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?
A. Collect the security-related information required for metrics, assessments, and reporting.
B. Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.
C. Define an ISCM strategy based on risk tolerance.
D. Establish an ISCM technical architecture.
Question 513
Which RAID level provides the BEST redundancy and fault tolerance?
A. RAID level 1
B. RAID level 3
C. RAID level 4
D. RAID level 5
Question 514
Compared to a traditional network, which of the following is a security-related benefit that software-defined networking (SDN) provides?
A. Centralized network provisioning
B. Reduced network latency when scaled
C. Centralized network administrative control
D. Reduced hardware footprint and cost
Question 515
What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?
A. Warn users of a breach.
B. Reset all passwords.
C. Segment the network.
D. Shut down the network.
Question 516
Which of the following is a common term for log reviews, synthetic transactions, and code reviews?
A. Application development
B. Spiral development functional testing
C. Security control testing
D. DevOps Integrated Product Team (IPT) development
Question 517
A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?
A. Data sanitization
B. Data validation
C. Service accounts removal
D. Logging and monitoring
Question 518
The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the MOST challenging aspect of this investigation?
A. Group policy implementation
B. SCADA network latency
C. Physical access to the system
D. Volatility of data
Question 519
What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?
A. Configuration item
B. Configuration element
C. Ledger item
D. Asset register
Question 520
A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?
A. Implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices, and applications.
B. Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.
C. Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.
D. Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.
Question 521
Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?
A. Mean time to repair (MTTR)
B. Quality of Service (QoS) between applications
C. Financial penalties in case of disruption
D. Availability of network services
Question 522
A company hired an external vendor to perform a penetration test of a new payroll system. The company’s internal test team had already performed an in-depth application and security test and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?
A. Inadequate performance testing
B. Inadequate application level testing
C. Failure to perform negative testing
D. Failure to perform interface testing
Question 523
An organization wants to define its physical perimeter. What primary device should be used to accomplish this objective if the organization’s perimeter MUST cost-effectively deter casual trespassers?
A. Fences three to four feet high with a turnstile
B. Fences six to seven feet high with a painted gate
C. Fences accompanied by patrolling security guards
D. Fences eight or more feet high with three strands of barbed wire
Question 524
Which of the following vulnerabilities can be BEST detected using automated analysis?
A. Multi-step process attack vulnerabilities
B. Business logic flaw vulnerabilities
C. Valid cross-site request forgery (CSRF) vulnerabilities
D. Typical source code vulnerabilities
Question 525
A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization’s information security manager received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?
A. PM
B. Information owner
C. Data Custodian
D. Mission/Business Owner
Question 526
Which of the following determines how traffic should flow based on the status of the infrastructure layer?
A. Control plane
B. Application plane
C. Traffic plane
D. Data plane
Question 527
What is the PRIMARY benefit of incident reporting and computer crime investigations?
A. Complying with security policy
B. Repairing the damage and preventing future occurrences
C. Providing evidence to law enforcement
D. Appointing a computer emergency response team
Question 528
Which of the following is the MOST common method of memory protection?
A. Error correction
B. Virtual local area network (VLAN) tagging
C. Segmentation
D. Compartmentalization
Question 529
What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?
A. Source code review
B. Threat modeling
C. Penetration testing
D. Manual inspections and reviews
Question 530
When testing password strength, which of the following is the BEST method for brute forcing passwords?
A. Conduct an offline attack on the hashed password information
B. Use a comprehensive list of words to attempt to guess the password
C. Use social engineering methods to attempt to obtain the password
D. Conduct an online password attack until the account being used is locked
Question 531
Which of the following is the name of an individual or group that is impacted by a change?
A. Change agent
B. End User
C. Stakeholder
D. Sponsor
Question 532
The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?
A. Never to store personal data of EU citizens outside the EU
B. Data masking and encryption of personal data
C. Only to use encryption protocols approved by the EU
D. Anonymization of personal data when transmitted to sources outside the EU
Question 533
Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?
A. Store information about browsing activities on the personal device
B. Prevent information about browsing activities from being stored on the personal device
C. Prevent information about browsing activities from being stored in the cloud
D. Store browsing activities in the cloud
Question 534
A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?
A. Deployment
B. Development
C. Test
D. Design
Question 535
A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?
A. Administrative privileges on the hypervisor
B. Administrative privileges on the application folders
C. Administrative privileges on the web server
D. Administrative privileges on the OS
Question 536
A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?
A. Remove all non-essential client-side web services from the network
B. Harden the client image before deployment
C. Screen for harmful exploits of client-side services before implementation
D. Block all client-side web exploits at the perimeter
Question 537
What are the essential elements of a Risk Assessment Report (RAR)?
A. Executive summary, body of the report, and appendices
B. Executive summary, graph of risks, and process
C. Table of contents, testing criteria, and index
D. Table of contents, chapters, and executive summary
Question 538
The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a destructive virus. After obtaining samples and reverse engineering them, analysts found all variants targeted the same memory location. The organization is not affected because they enabled what feature?
A. Address Space Layout Randomization (ASLR)
B. Trusted Platform Module (TPM)
C. Virtualization
D. Process isolation
Question 539
The Chief Information Security Officer (CISO) wants to establish a centralized repository to store all software and hardware asset information. Which of the following would be the BEST option?
A. Information Security Management System (ISMS)
B. Configuration Management Database (CMDB)
C. Security Information and Event Management (SIEM)
D. Information Technology Asset Management (ITAM)
Question 540
What type of investigation applies when malicious behavior is suspected between two organizations?
A. Regulatory
B. Operational
C. Civil
D. Criminal
Question 541
Which of the following techniques evaluates the secure design principles of network or software architectures?
A. Risk modeling
B. Waterfall method
C. Threat modeling
D. Fuzzing
Question 542
Which element of software supply chain management has the GREATEST security risk to organizations?
A. Unsupported libraries are often used
B. Applications with multiple contributors are difficult to evaluate
C. Vulnerabilities are difficult to detect
D. New software development skills are hard to acquire
Question 543
Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?
A. Communicate with the press following the communications plan
B. Dispatch personnel to the disaster recovery (DR) site
C. Take photos of the damage
D. Notify all of the Board of Directors
Question 544
When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users from accessing the VoIP network.
Which of the following will BEST help secure the VoIP network?
A. 802.11g
B. Web application firewall (WAF)
C. Transport Layer Security (TLS)
D. 802.1x
Question 545
A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?
A. Use a salted cryptographic hash of the password
B. Validate passwords using a stored procedure
C. Allow only the application to have access to the password field in order to verify user authentication
D. Encrypt the entire database and embed an encryption key in the application
Question 546
Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?
A. Common Vulnerabilities and Exposures (CVE)
B. Center for Internet Security (CIS)
C. Common Vulnerability Scoring System (CVSS)
D. Open Web Application Security Project (OWASP)
Question 547
A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all infrastructure within one co-location data center. Which security principle is the architect currently assessing?
A. Disaster recovery (DR)
B. Availability
C. Redundancy
D. Business continuity (BC)
Question 548
Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?
A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
B. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements
C. Data stewardship roles, data handling and storage standards, data lifecycle requirements
D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements
Question 549
The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between in-house, fully outsourced, or hybrid capability, which of the following would be the MAIN consideration, regardless of the model?
A. Headcount and capacity
B. Scope and service catalog
C. Skill set and training
D. Tools and technologies
Question 550
An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per-project basis. What type of user access administration is BEST suited to meet the organization's needs?
A. Decentralized
B. Hybrid
C. Centralized
D. Federated
Question 551
Which of the following is a secure design principle for a new product?
A. Restrict the use of modularization
B. Do not rely on previously used code
C. Build in appropriate levels of fault tolerance
D. Utilize obfuscation whenever possible
Question 552
What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?
A. Standardize specifications between software security products
B. Achieve organizational compliance with international standards
C. Improve vulnerability assessment capabilities
D. Save security costs for the organization
Question 553
What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software-defined networking (SDN)?
A. Network syntax, abstraction of network flow, and abstraction of network protocols
B. Network syntax, abstraction of network commands, and abstraction of network protocols
C. Familiar syntax, abstraction of network topology, and definition of network protocols
D. Familiar syntax, abstraction of network topology, and abstraction of network protocols
Question 554
Which of the following is a unique feature of attribute-based access control (ABAC)?
A. A user is granted access to a system at a particular time of day
B. A user is granted access to a system based on username and password
C. A user is granted access to a system based on group affinity
D. A user is granted access to a system with biometric authentication
Question 555
Which of the following is the BEST approach to implement multiple servers on a virtual system?
A. Implement one primary function per virtual server and apply individual security configuration for each virtual server
B. Implement multiple functions within the same virtual server and apply individual security configurations to each function
C. Implement one primary function per virtual server and apply high security configuration on the host operating system
D. Implement multiple functions per virtual server and apply the same security configuration for each virtual server
Question 556
Which of the following is the MOST common cause of system or security failures?
A. Lack of physical security controls
B. Lack of change control
C. Lack of logging and monitoring
D. Lack of system documentation
Question 557
The Chief Information Officer (CIO) has decided that as part of business modernization efforts, the organization will move towards a cloud architecture. The CIO has a PRIMARY obligation to work with personnel in which role to ensure proper protection of data during and after the cloud migration?
A. Chief Security Officer (CSO)
B. Information owner
C. Chief Information Security Officer (CISO)
D. General Counsel
Question 558
A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?
A. Execute
B. Read
C. Write
D. Append
Question 559
When performing an investigation with the potential for legal action, what should be the analyst’s FIRST consideration?
A. Data decryption
B. Chain-of-custody
C. Authorization to collect
D. Court admissibility
Question 560
Building blocks for software-defined networks (SDN) require which of the following?
A. The SDN is composed entirely of client-server pairs
B. Random-access memory (RAM) is used in preference to virtual memory
C. The SDN is mostly composed of virtual machines (VM)
D. Virtual memory is used in preference to random-access memory (RAM)
Question 561
What is the MINIMUM standard for testing a disaster recovery plan (DRP)?
A. Quarterly or more frequently depending upon the advice of the information security manager
B. As often as necessary depending upon stability and business requirements
C. Annually or less frequently depending upon audit department requirements
D. Semi-annually and in alignment with a fiscal half-year business cycle
Question 562
Which security audit standard provides the BEST way for an organization to understand a vendor’s Information Systems (IS) in relation to confidentiality, integrity, and availability?
A. Service Organization Control (SOC) 2
B. Statement on Standards for Attestation Engagements (SSAE) 18
C. Statement on Auditing Standards (SAS) 70
D. Service Organization Control (SOC) 1
Question 563
An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?
A. Allowed number of characters
B. Population of required fields
C. Reasonable data
D. Session testing
Question 564
An organization is partnering with a third-party cloud supplier that provides security controls while the organization provides only data. Which of the following BEST describes this service offering?
A. Platform as a Service (PaaS)
B. Anything as a Service (XaaS)
C. Infrastructure as a Service (IaaS)
D. Software as a Service (SaaS)
Question 565
Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?
A. Mandatory Access Control (MAC) and Discretionary Access Control (DAC)
B. Discretionary Access Control (DAC) and Access Control List (ACL)
C. Role Based Access Control (RBAC) and Mandatory Access Control (MAC)
D. Role Based Access Control (RBAC) and Access Control List (ACL)
Question 566
Which of the following is the MOST significant key management problem due to the number of keys created?
A. Exponential growth when using symmetric keys
B. Exponential growth when using asymmetric keys
C. Storage of the keys requires increased security
D. Keys are more difficult to provision and revoke
Question 567
A CISSP is asked to perform a vulnerability assessment for PCI compliance but has never done so before. According to (ISC)² Code of Ethics, what should the CISSP do?
A. Inform the CISO they are unable to perform the task because they must only offer services for which they are competent
B. Since certified, attempt with assistance to complete the assessment
C. Review CISSP guidelines before performing the assessment
D. Review PCI requirements before performing the assessment
Question 568
While performing a security review for a new product, a security professional learns that the product team plans to use government-issued IDs as unique customer identifiers. What should be recommended?
A. Customer identifiers should be a variant of the user’s government-issued ID number
B. Customer identifiers should be a cryptographic hash of the user’s government-issued ID number
C. Customer identifiers that do not resemble the user’s government-issued ID number should be used
D. Customer identifiers should be based on the user’s name, such as “jdoe”
Question 569
The development team collects biometric data in a secure testing environment. During testing, data from an old production database is used. What principle must the team consider?
A. Biometric data cannot be changed
B. The biometric devices are unknown
C. Biometric data must be protected from disclosure
D. Separate biometric data streams require increased security
Question 570
During firewall implementation, which failure method BEST prioritizes security?
A. Failover
B. Fail-Closed
C. Fail-Safe
D. Fail-Open
Question 571
Which of the following services can integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?
A. Multi-factor authentication (MFA)
B. Directory
C. User database
D. Single sign-on (SSO)
Question 572
Which of the following statements is TRUE about Secure Shell (SSH)?
A. SSH supports port forwarding, which can be used to protect less secured protocols
B. SSH does not protect against man-in-the-middle (MITM) attacks
C. SSH is easy to deploy because it requires a web browser only
D. SSH can be used with almost any application because it maintains a circuit
Question 573
What is considered a compensating control for not having electrical surge protectors installed?
A. Having dual lines to network service providers built to the site
B. Having a hot disaster recovery (DR) environment for the site
C. Having network equipment in active-active clusters at the site
D. Having backup diesel generators installed to the site
Question 574
What is the FIRST step in risk management?
A. Identify the factors that have potential to impact business
B. Establish the scope and actions required
C. Identify existing controls in the environment
D. Establish the expectations of stakeholder involvement
Question 575
Which of the following is the PRIMARY goal of logical access controls?
A. Restrict access to an information asset
B. Ensure availability of an information asset
C. Restrict physical access to an information asset
D. Ensure integrity of an information asset
Question 576
Which of the following is a covert channel type?
A. Pipe
B. Memory
C. Storage
D. Monitoring
Question 577
A software developer wishes to write code that will execute safely and only as intended. Which programming language type is MOST likely to achieve this goal?
A. Weakly typed
B. Dynamically typed
C. Strongly typed
D. Statically typed
Question 578
Which role ensures that important datasets are developed, maintained, and accessible within defined specifications?
A. Data Custodian
B. Data Reviewer
C. Data User
D. Data Owner
Question 579
What is static analysis intended to do when analyzing an executable file?
A. Search documents and files associated with the executable file
B. Analyze the position of the file in the file system and its libraries
C. Collect evidence of usage and file creation details
D. Disassemble the file to gather information about the executable file’s function
Question 580
A network security engineer must ensure that URL traffic is inspected and malicious sites are blocked. Which solution should be implemented?
A. Application-Level Proxy
B. Intrusion detection system (IDS)
C. Host-based Firewall
D. Circuit-Level Proxy
Question 581
What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?
A. ICS often run on UNIX operating systems.
B. ICS often do not have availability requirements.
C. ICS are often sensitive to unexpected traffic.
D. ICS are often isolated and difficult to access.
Question 582
The security team plans to use automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with the fewest errors when running the audit?
A. Frequent audits
B. Segregation of Duties (SoD)
C. Removal of service accounts from review
D. Clear provisioning policies
Question 583
In the Common Criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?
A. Organizational Security Policy
B. Security Target (ST)
C. Protection Profile (PP)
D. Target of Evaluation (TOE)
Question 584
Which of the following is an example of a vulnerability of full-disk encryption (FDE)?
A. Data on the device cannot be restored from backup.
B. Data on the device cannot be backed up.
C. Data in transit has been compromised when the user has authenticated to the device.
D. Data at rest has been compromised when the user has authenticated to the device.
Question 585
What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?
A. Implement network access control lists (ACL).
B. Implement an intrusion prevention system (IPS).
C. Implement a web application firewall (WAF).
D. Implement egress filtering at the organization’s network boundary.
Question 586
A large organization’s HR and security teams plan to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve these issues?
A. Implement a Privileged Access Management (PAM) system.
B. Implement a role-based access control (RBAC) system.
C. Implement an identity and access management (IAM) platform.
D. Implement a single sign-on (SSO) platform.
Question 587
A cloud service accepts SAML assertions from users for authentication between domains. An attacker spoofed a registered account and queried the SAML provider. What is the MOST common attack leveraged against this flaw?
A. Attacker leverages SAML assertion to register an account on the security domain.
B. Attacker forges requests to authenticate as a different user.
C. Attacker exchanges authentication and authorization data between domains.
D. Attacker conducts denial-of-service (DoS) attacks by authenticating repeatedly.
Question 588
An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow?
A. Perform incremental assessments.
B. Engage a third-party auditing firm.
C. Review security architecture.
D. Conduct penetration testing.
Question 589
What HTTP response header can be used to disable the execution of inline JavaScript and eval()-type functions?
A. X-XSS-Protection
B. Content-Security-Policy
C. X-Frame-Options
D. Strict-Transport-Security
Question 590
A security professional is rebuilding a company’s wireless infrastructure. Which of the following are the MOST important factors when deciding which wireless spectrum to deploy?
A. Facility size, intermodulation, and direct satellite service
B. Performance, geographic location, and radio signal interference
C. Existing client devices, manufacturer reputation, and electrical interference
D. Hybrid frequency band, SSID, and interpolation
Question 591
A software development team uses open-source libraries to reduce delivery time. What must they consider when using open-source software libraries?
A. Open source libraries contain known vulnerabilities, and adversaries regularly exploit them.
B. Open source libraries can be used by everyone safely.
C. Open source libraries contain unknown vulnerabilities, so they should not be used.
D. Open source libraries are constantly updated, reducing exploit risks.
Question 592
A security engineer has completed research for a new patch. Where should the patch be applied FIRST?
A. Lower environment
B. Desktop environment
C. Server environment
D. Production environment
Question 593
What BEST describes the confidentiality, integrity, availability triad?
A. A vulnerability assessment to see how well the organization’s data is protected
B. The three-step approach to determine organizational risk
C. The implementation of security systems to protect organizational data
D. A tool used to assist in understanding how to protect data
Question 594
Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?
A. To provide precise direction for selecting recovery alternatives
B. To show commitment to continuity efforts to the board of directors
C. To provide a formal declaration for internal audit requirements
D. To demonstrate to regulators that the company takes business continuity seriously
Question 595
A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
A. Magnetism
B. Generation
C. Consumption
D. Static discharge
Question 596
Which of the following MUST the administrator of a SIEM system ensure?
A. All sources are synchronized with a common time reference.
B. All sources are reporting in the same XML format.
C. Data sources do not contain privacy violations.
D. Each source uses the same IP address for reporting.
Question 597
An organization wants to share data securely with partners over the Internet. Which standard port is typically used to meet this requirement?
A. UDP port 69
B. TCP port 21
C. TCP port 22
D. TCP port 80
Question 598
When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?
A. Estimated Maximum Loss (EML) + Recovery Time Objective (RTO)
B. Business Impact Analysis (BIA) + Recovery Point Objective (RPO)
C. Annual Loss Expectancy (ALE) + Work Recovery Time (WRT)
D. Recovery Time Objective (RTO) + Work Recovery Time (WRT)
Question 599
In systems security engineering, what does the security principle of modularity provide?
A. Minimal access to perform a function
B. Documentation of functions
C. Isolated functions and data
D. Secure distribution of programs and data
Question 600
Which of the following is the strongest physical access control?
A. Biometrics, a password, and personal identification number (PIN)
B. Individual password for each user
C. Biometrics and badge reader
D. Biometrics, a password, and badge reader
Question 601
An access control list (ACL) on a router is MOST similar to which type of firewall?
A. Stateful firewall
B. Packet filtering firewall
C. Application gateway firewall
D. Heuristic firewall
Question 602
While dealing with the consequences of a security incident, which security controls are MOST appropriate?
A. Detective and recovery controls
B. Corrective and recovery controls
C. Preventative and corrective controls
D. Recovery and proactive controls
Question 603
A cloud hosting provider wants to offer a freely distributable report relevant to its security program. Which SOC report BEST meets this requirement?
A. SOC 1
B. SOC 2 Type 1
C. SOC 2 Type 2
D. SOC 3
Question 604
Which of the following is TRUE for an organization using a third-party federated identity service?
A. The organization specifies alone how to authenticate other users
B. The organization defines internal user ID standards
C. The organization establishes a trust relationship with other organizations
D. The organization enforces rules to other organizations’ user provisioning
Question 605
Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization?
A. Asset owner interviews and open-source tools
B. Desktop configuration, administration, and procurement tools
C. On-premise storage configuration, cloud management, and partner tools
D. System configuration, network management, and license management tools
Question 606
Which outsourcing agreement provision has the HIGHEST priority from a security operations perspective?
A. Preventing subcontractor use
B. Contract renegotiation terms in disaster
C. Root cause analysis for performance issues
D. Escalation process for incident resolution
Question 607
Which of the following is the MOST comprehensive Business Continuity (BC) test?
A. Full interruption
B. Full simulation
C. Tabletop exercise
D. Full functional drill
Question 608
A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the following is the BEST solution to implement?
A. An intrusion prevention system (IPS)
B. Network Access Control (NAC)
C. Active Directory (AD) authentication
D. A firewall
Question 609
During an internal audit of an Information Security Management System (ISMS), nonconformities are identified. In which management stage are nonconformities reviewed, assessed, and corrected by the organization?
A. Assessment
B. Planning
C. Improvement
D. Operation
Question 610
When developing an external-facing web-based system, which of the following should be the MAIN focus of the security assessment prior to implementation and production?
A. Ensuring Secure Sockets Layer (SSL) certificates are signed by a certificate authority
B. Ensuring SSL certificates are internally signed
C. Assessing the Uniform Resource Locator (URL)
D. Ensuring that input validation is enforced
Question 611
A financial services organization hired a consultant to review security processes. During the review, gaps were found in the threat model. When should a threat model be revised?
A. After OS patches are applied
B. When a new developer joins the team
C. After modification to the firewall rule policy
D. When a new data repository is added
Question 612
The CISO requested a Service Organization Control (SOC) report outlining the security and availability of a system over a 12-month period. Which SOC report should be used?
A. SOC 1 Type 1
B. SOC 1 Type 2
C. SOC 2 Type 2
D. SOC 3 Type 1
Question 613
An organization implemented a VoIP system and assigned unique PIN codes to users. To secure the system from unauthorized phone usage, what is the BEST solution?
A. Have the administrator enforce a policy to change the PIN regularly. Implement call detail records (CDR) reports to track usage.
B. Have the administrator change the PIN regularly. Implement CDR reports to track usage.
C. Use phone locking software to enforce PIN changes and policies. Inform users to change their PIN regularly.
D. Implement CDR reports only to track usage.
Question 614
Which of the following protection is provided when using a VPN with Authentication Header (AH)?
A. Sender non-repudiation
B. Multi-factor authentication (MFA)
C. Payload encryption
D. Sender confidentiality
Question 615
A consultant performing a SOC 2 audit finds an API performing actions outside its defined purpose. Which trust service principle is MOST applicable?
A. Confidentiality
B. Processing Integrity
C. Security
D. Availability
Question 616
In which process MUST security be considered during the acquisition of new software?
A. Request for proposal (RFP)
B. Implementation
C. Vendor selection
D. Contract negotiation
Question 617
What is the MAIN difference between a network-based firewall and a host-based firewall?
A. Network-based firewalls are stateful, while host-based are stateless.
B. Network-based firewalls block intrusions; host-based block malware.
C. Network-based firewalls control traffic passing through the device, while host-based firewalls control traffic destined for the device.
D. Network-based firewalls verify traffic, while host-based verify processes and applications.
Question 618
Which of the following measures BEST protects data on devices when traveling to high-risk countries?
A. Review country laws and clean devices before travel.
B. Use SSL VPNs to download sensitive data at the destination.
C. Keep devices in hotel rooms when not in use.
D. Use MFA for access and biometric controls on devices.
Question 619
When network management is outsourced to third parties, which method is MOST effective for protecting critical data assets?
A. Confirm confidentiality agreements are signed.
B. Employ strong access controls.
C. Log all activities associated with sensitive systems.
D. Provide links to security policies.
Question 620
Which regulation dictates how data breaches are handled?
A. PCI-DSS
B. NIST
C. Sarbanes-Oxley (SOX)
D. General Data Protection Regulation (GDPR)
Question 621
In software development, which type of queries should be used to prevent SQL injection?
A. Parameterized
B. Controlled
C. Dynamic
D. Static
Question 622
Which type of access control allows only users meeting multiple attribute conditions (e.g., type=manager and department=sales)?
A. Role-based access control (RBAC)
B. Attribute-based access control (ABAC)
C. Discretionary access control (DAC)
D. Mandatory access control (MAC)
Question 623
Which of the following BEST minimizes the attack surface for customer private information?
A. Data masking
B. Authentication
C. Obfuscation
D. Collection limitation
Question 624
Which evidence collection technique is used when a rootkit is suspected and rapid analysis is required?
A. Forensic disk imaging
B. Live response
C. Memory collection
D. Malware analysis
Question 625
An auditor finds issues in the disaster recovery procedures of a third-party funds transfer application. Which report should be filed?
A. SAS 70-1
B. SAS 70
C. SOC 1
D. SOC 2
Question 626
Which of the following is a common component of big data environments?
A. Distributed storage locations
B. Centralized processing location
C. Distributed data collection
D. Consolidated data collection
Question 627
A CISO is planning a cloud migration. What should be the FIRST consideration?
A. Analyze firm’s applications and data repositories to determine control requirements.
B. Request a third-party risk assessment.
C. Define the cloud migration roadmap and set application scope.
D. Ensure the contract defines shared security responsibilities.
Question 628
Which BEST describes the purpose of Border Gateway Protocol (BGP)?
A. Provide RIP version 2 advertisements to layer 3 devices.
B. Maintain a list of network paths between routers.
C. Provide firewall services to cloud applications.
D. Maintain a list of efficient network paths between autonomous systems.
Question 629
What is the BEST design for securing physical perimeter protection?
A. Closed-circuit television (CCTV)
B. Business continuity planning (BCP)
C. Barriers, fences, gates, and walls
D. Crime Prevention Through Environmental Design (CPTED)
Question 630
Which solution is MOST effective at discovering a successful network breach?
A. Developing a sandbox
B. Installing an intrusion detection system (IDS)
C. Deploying a honeypot
D. Installing an intrusion prevention system (IPS)
Question 631
Which is a benefit of implementing data-in-use controls?
A. Data must be decrypted to be opened.
B. When the data is being viewed, it can only be printed by authorized users.
C. Data in use is accessed through secure protocols.
D. Lost data cannot be accessed by unauthorized users.
Question 632
When configuring EAP in a VoIP network, which authentication type is MOST secure?
A. PEAP
B. EAP-Transport Layer Security (TLS)
C. EAP-Tunneled TLS
D. EAP-Flexible Authentication via Secure Tunneling
Question 633
Which is the BEST guideline to follow to avoid exposure of sensitive data?
A. Monitor mail servers for exfiltration.
B. Educate users about attacks.
C. Establish report parameters.
D. Store sensitive data only when necessary.
Question 634
An organization with divisions in the United States (US) and the United Kingdom (UK) processes data comprised of personal information belonging to subjects living in the European Union (EU) and in the US. Which data MUST be handled according to the privacy protections of General Data Protection Regulation (GDPR)?
A. Only the UK citizens’ data
B. Only the EU residents’ data
C. Only data processed in the UK
D. Only the EU citizens’ data
Question 635
What are the first two components of logical access control?
A. Authentication and availability
B. Authentication and identification
C. Identification and confidentiality
D. Confidentiality and authentication
Question 636
Which of the following is the MOST effective measure for dealing with rootkit attacks?
A. Restoring the system from the last backup
B. Finding and replacing the altered binaries with legitimate ones
C. Turning off unauthorized services and rebooting the system
D. Reinstalling the system from trusted sources
Question 637
Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy?
A. Storage
B. Training
C. Legal
D. Business
Question 638
A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not affiliated with the organization was inquiring about the member’s work location, length of employment, and building access controls. The employee’s reporting is MOST likely the result of which of the following?
A. Security engineering
B. Security awareness
C. Phishing
D. Risk avoidance
Question 639
The disaster recovery (DR) process should always include:
A. periodic inventory review
B. financial data analysis
C. plan maintenance
D. periodic vendor review
Question 640
An organization has determined that its previous waterfall approach to software development is not keeping pace with business demands. To adapt to the rapid changes required for product delivery, the organization has decided to move towards an Agile software development and release cycle. In order to ensure the success of the Agile methodology, who is the MOST critical in creating acceptance criteria for each release?
A. Business customers
B. Software developers
C. Independent testers
D. Project managers
Question 641
What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?
A. Publish an acceptable usage policy.
B. Publish a social media guidelines document.
C. Deliver security awareness training.
D. Document a procedure for accessing social media sites.
Question 642
A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon auditing the internal configuration, the network administrator discovered that split-tunneling was enabled. What is the concern with this configuration?
A. The network intrusion detection system (NIDS) will fail to inspect Secure Sockets Layer (SSL) traffic.
B. Remote sessions will not require multi-layer authentication.
C. Remote clients are permitted to exchange traffic with the public and private network.
D. Multiple Internet Protocol Security (IPSec) tunnels may be exploitable in specific circumstances.
Question 643
In an IDEAL encryption system, who has sole access to the decryption key?
A. Data custodian
B. System owner
C. System administrator
D. Data owner
Question 644
Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?
A. Cutover
B. Parallel
C. Walkthrough
D. Tabletop
Question 645
Which of the following methods provides the MOST protection for user credentials?
A. Forms-based authentication
B. Self-registration
C. Basic authentication
D. Digest authentication
Question 646
An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?
A. Functional test
B. Unit test
C. Grey box
D. White box
Question 647
How does Radio-Frequency Identification (RFID) assist with asset management?
A. It uses biometric information for system identification.
B. It uses two-factor authentication (2FA) for system identification.
C. It transmits unique serial numbers wirelessly.
D. It transmits unique Media Access Control (MAC) addresses wirelessly.
Question 648
Which of the following is the FIRST step an organization’s professional performs when defining a cyber-security program based upon industry standards?
A. Review the past security assessments
B. Define the organization’s objectives regarding security and risk mitigation
C. Map the organization’s current security practices to industry standards and frameworks
D. Select from a choice of security best practices
Question 649
What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?
A. Maintaining the chain of custody
B. Capturing an image of the system
C. Outlining all actions taken during the investigation
D. Complying with the organization’s security policy
Question 650
Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other. The first machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address of 192.168.1.3/30 and the second machine has an IP/CIDR address 192.168.1.6/30. Which of the following is correct?
A. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network bridge in order to communicate
B. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network router in order to communicate
C. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network bridge in order to communicate
D. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network router in order to communicate
Question 651
Security Software Development Life Cycle (SDLC) expects application code to be written in a consistent manner to allow ease of auditing and which of the following?
A. Protecting
B. Copying
C. Enhancing
D. Executing
Question 652
Which of the following is a risk matrix?
A. A tool for determining risk management decisions for an activity or system.
B. A database of risks associated with a specific information system.
C. A two-dimensional picture of risk for organizations, products, projects, or other items of interest.
D. A table of risk management factors for management to consider.
Question 653
What part of an organization’s strategic risk assessment MOST likely includes information on items affecting the success of the organization?
A. Threat analysis
B. Vulnerability analysis
C. Key Performance Indicator (KPI)
D. Key Risk Indicator (KRI)
Question 654
A company needs to provide employee access to travel services, which are hosted by a third-party service provider. Employee experience is important, and when users are already authenticated, access to the travel portal is seamless. Which of the following methods is used to share information and grant user access to the travel portal?
A. Single sign-on (SSO) access
B. Security Assertion Markup Language (SAML) access
C. Open Authorization (OAuth) access
D. Federated access
Question 655
The Chief Executive Officer (CEO) wants to implement an internal audit of the company’s information security posture. The CEO wants to avoid any bias in the audit process; therefore, has assigned the Sales Director to conduct the audit. After significant interaction over a period of weeks the audit concludes that the company’s policies and procedures are sufficient, robust and well established. The CEO then moves on to engage an external penetration testing company in order to showcase the organization’s robust information security stance. This exercise reveals significant failings in several critical security controls and shows that the incident response processes remain undocumented. What is the MOST likely reason for this disparity in the results of the audit and the external penetration test?
A. The audit team lacked the technical experience and training to make insightful and objective assessments of the data provided to them.
B. The scope of the penetration test exercise and the internal audit were significantly different.
C. The external penetration testing company used custom zero-day attacks that could not have been predicted.
D. The information technology (IT) and governance teams have failed to disclose relevant information to the internal audit team leading to an incomplete assessment being formulated.
Question 656
An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?
A. Application
B. Transport
C. Session
D. Presentation
Question 657
A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?
A. System security officer
B. System processor
C. System custodian
D. System analyst
Question 658
Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?
A. Conduct a site survey.
B. Choose a suitable location.
C. Check the technical design.
D. Categorize assets.
Question 659
Management has decided that a core application will be used on personal cellular phones. As an implementation requirement, regularly scheduled analysis of the security posture needs to be conducted. Management has also directed that continuous monitoring be implemented. Which of the following is required to accomplish management’s directive?
A. Routine reports generated by the user’s cellular phone provider that detail security events
B. Strict integration of application management, configuration management (CM), and phone management
C. Management application installed on user phones that tracks all application events and cellular traffic
D. Enterprise-level security information and event management (SIEM) dashboard that provides full visibility of cellular phone activity
Question 660
A systems engineer is designing a wide area network (WAN) environment for a new organization. The WAN will connect sites holding information at various levels of sensitivity, from publicly available to highly confidential. The organization requires a high degree of interconnectedness to support existing business processes.
What is the BEST design approach to securing this environment?
A. Use reverse proxies to create a secondary “shadow” environment for critical systems.
B. Place firewalls around critical devices, isolating them from the rest of the environment.
C. Layer multiple detective and preventative technologies at the environment perimeter.
D. Align risk across all interconnected elements to ensure critical threats are detected and handled.
Question 661
Which of the following techniques is MOST useful when dealing with advanced persistent threat (APT) intrusions on live virtualized environments?
A. Memory forensics
B. Logfile analysis
C. Reverse engineering
D. Antivirus operations
Question 662
Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user realizing it?
A. Process injection
B. Cross-Site request forgery (CSRF)
C. Cross-Site Scripting (XSS)
D. Broken Authentication And Session Management
Question 663
A scan report returned multiple vulnerabilities affecting several production servers that are mission critical. Attempts to apply the patches in the development environment have caused the servers to crash. What is the BEST course of action?
A. Mitigate the risks with compensating controls.
B. Upgrade the software affected by the vulnerability.
C. Remove the affected software from the servers.
D. Inform management of possible risks.
Question 664
A security professional has reviewed a recent site assessment and has noted that a server room on the second floor of a building has Heating, Ventilation, and Air Conditioning (HVAC) intakes on the ground level that have ultraviolet light filters installed, Aero-K Fire suppression in the server room, and pre-action fire suppression on floors above the server room. Which of the following changes can the security professional recommend to reduce risk associated with these conditions?
A. Remove the ultraviolet light filters on the HVAC intake and replace the fire suppression system on the upper floors with a dry system
B. Elevate the HVAC intake by constructing a plenum or external shaft over it and convert the server room fire suppression to a pre-action system
C. Add additional ultraviolet light filters to the HVAC intake supply and return ducts and change server room fire suppression to FM-200
D. Apply additional physical security around the HVAC intakes and update upper floor fire suppression to FM-200
Question 665
Which of the following is the MOST common use of the Online Certificate Status Protocol (OCSP)?
A. To verify the validity of an X.509 digital certificate
B. To obtain the expiration date of an X.509 digital certificate
C. To obtain the revocation status of an X.509 digital certificate
D. To obtain the author name of an X.509 digital certificate
Question 666
A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language (SAML). What is the PRIMARY security benefit in switching to SAML?
A. It enables single sign-on (SSO) for web applications.
B. It uses Transport Layer Security (TLS) to address confidentiality.
C. It limits unnecessary data entry on web forms.
D. The users’ password is not passed during authentication.
Question 667
An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization’s dedicated environment with a cloud service provider. What is the BEST way to prevent and correct the software’s security weaknesses?
A. Follow the software end-of-life schedule
B. Implement a dedicated COTS sandbox environment
C. Transfer the risk to the cloud service provider
D. Examine the software updating and patching process
Question 668
What type of database attack would allow a customer service employee to determine quarterly sales results before they are publicly announced?
A. Inference
B. Aggregation
C. Polyinstantiation
D. Data mining
Question 669
In a multi-tenant cloud environment, what approach will secure logical access to assets?
A. Controlled configuration management (CM)
B. Transparency/Auditability of administrative access
C. Virtual private cloud (VPC)
D. Hybrid cloud
Question 670
An information technology (IT) employee who travels frequently to various countries remotely connects to an organization’s resources to troubleshoot problems. Which of the following solutions BEST serves as a secure control mechanism to meet the organization’s requirements?
A. Install a third-party screen sharing solution that provides remote connection from a public website.
B. Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.
C. Implement a Dynamic Domain Name Services (DDNS) account to initiate a virtual private network (VPN) using the DDNS record.
D. Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.
Question 671
Which of the following is the BEST way to determine the success of a patch management process?
A. Change management
B. Configuration management (CM)
C. Analysis and impact assessment
D. Auditing and assessment
Question 672
An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take to ensure data is properly protected from public release?
A. Implement a user reporting policy.
B. Implement a data encryption policy.
C. Implement a user training policy.
D. Implement a data classification policy.
Question 673
A security engineer is required to integrate security into a software project that is implemented by small groups that quickly, continuously, and independently develop, test, and deploy code to the cloud. The engineer will MOST likely integrate with which software development process?
A. Devops Integrated Product Team (IPT)
B. Structured Waterfall Programming Development
C. Service-oriented architecture (SOA)
D. Spiral Methodology
Question 674
Which of the following is the BEST method to identify security controls that should be implemented for a web-based application while in development?
A. Agile software development
B. Secure software development
C. Application threat modeling
D. Penetration testing
Question 675
Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
A. Data Link and Physical Layers
B. Session and Network Layers
C. Transport Layer
D. Application, Presentation, and Session Layers
Question 676
An organization’s retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan. Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?
A. Update the Network Address Translation (NAT) table.
B. Update Domain Name System (DNS) server addresses with domain registrar.
C. Update the Border Gateway Protocol (BGP) autonomous system number.
D. Update the web server network adapter configuration.
Question 677
In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?
A. Disallow untested code in the execution space of the SCADA device.
B. Disable all command line interfaces.
C. Disable Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port 138 and 139 on the SCADA device.
D. Prohibit the use of unsecure scripting languages.
Question 678
Which of the following secure transport protocols is often used to secure Voice over Internet Protocol (VoIP) communications on a network from end to end?
A. Secure File Transfer Protocol (SFTP)
B. Secure Real-time Transport Protocol (SRTP)
C. Generic Routing Encapsulation (GRE)
D. Internet Protocol Security (IPSec)
Question 679
A healthcare insurance organization chose a vendor to develop a software application. Upon review of the draft contract, the information security professional notices that software security is not addressed. What is the BEST approach to address the issue?
A. Update the contract to require the vendor to perform security code reviews.
B. Update the service level agreement (SLA) to provide the organization the right to audit the vendor.
C. Update the contract so that the vendor is obligated to provide security capabilities.
D. Update the service level agreement (SLA) to require the vendor to provide security capabilities.
Question 680
Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud-based application?
A. Host-based intrusion prevention system (HIPS)
B. Access control list (ACL)
C. Data loss prevention (DLP)
D. File integrity monitoring (FIM)
Question 681
A client server infrastructure that provides user-to-server authentication describes which one of the following?
A. Secure Sockets Layer (SSL)
B. User-based authorization
C. Kerberos
D. X.509
Question 682
A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user’s laptop. Which security mechanism addresses this requirement?
A. Trusted Platform Module (TPM)
B. Certificate revocation list (CRL) policy
C. Key exchange
D. Hardware encryption
Question 683
Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?
A. Information Security Continuous Monitoring (ISCM)
B. Risk Management Framework (RMF)
C. Information Sharing & Analysis Centers (ISAC)
D. Information Security Management System (ISMS)
Question 684
Which of the following types of firewall only examines the “handshaking” between packets before forwarding traffic?
A. Proxy firewalls
B. Circuit-level firewalls
C. Network Address Translation (NAT) firewalls
D. Host-based firewalls
Question 685
What is a use for mandatory access control (MAC)?
A. Allows for mandatory user identity and passwords based on sensitivity
B. Allows for mandatory system administrator access control over objects
C. Allows for labeling of sensitive user accounts for access control
D. Allows for object security based on sensitivity represented by a label
Question 686
An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization’s business goals?
A. Share only what the organization decides is best.
B. Stop sharing data with the other users.
C. Default the user to not share any information.
D. Inform the user of the sharing feature changes after implemented.
Question 687
Which of the following system components enforces access controls on an object?
A. Security perimeter
B. Access control matrix
C. Trusted domain
D. Reference monitor
Question 688
In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?
A. The accuracy of testing results can be greatly improved if the target(s) are properly hardened.
B. The results of the tests represent a point-in-time assessment of the target(s).
C. The deficiencies identified can be corrected immediately.
D. The target’s security posture cannot be further compromised.
Question 689
What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?
A. Identifies which security patches still need to be installed on the system
B. Reduces the risk of polymorphic viruses from encrypting their payload
C. Stops memory resident viruses from propagating their payload
D. Helps prevent certain exploits that store code in buffers
Question 690
What is the overall goal of software security testing?
A. Identifying the key security features of the software
B. Ensuring all software functions perform as specified
C. Reducing vulnerabilities within a software system
D. Making software development more agile
Question 691
Which of the following implementations will achieve high availability in a website?
A. Disk mirroring of the web server with redundant disk drives in a hardened data center
B. Disk striping of the web server hard drives and large amounts of bandwidth
C. Multiple geographically dispersed web servers that are configured for failover
D. Multiple Domain Name System (DNS) entries resolving to the same web server and large amounts of bandwidth
Question 692
Which of the following is an important design feature for the outer door of a mantrap?
A. Allow it to be opened by an alarmed emergency button.
B. Do not allow anyone to enter it alone.
C. Do not allow it to be observed by closed-circuit television (CCTV) cameras.
D. Allow it be opened when the inner door of the mantrap is also open.
Question 693
Which of the following is the MOST important rule for digital investigations?
A. Ensure original data is never modified.
B. Ensure systems are powered on.
C. Ensure event logs are rotated.
D. Ensure individual privacy is protected.
Question 694
An information security professional is reviewing user access controls on a customer-facing application. The application must have multi-factor authentication (MFA) in place. The application currently requires a username and password to login. Which of the following options would BEST implement MFA?
A. Geolocate the user and compare to previous logins
B. Require a pre-selected number as part of the login
C. Have the user answer a secret question that is known to them
D. Enter an automatically generated number from a hardware token
Question 695
Which of the following is a MAJOR consideration in implementing a Voice over Internet Protocol (VoIP) network?
A. Use of Request for Comments (RFC) 1918 addressing.
B. Use of Network Access Control (NAC) on switches.
C. Use of separation for the voice network.
D. Use of a unified messaging.
Question 696
During testing, where are the requirements to inform parent organizations, law enforcement, and a computer incident response team documented?
A. Security Assessment Report (SAR)
B. Security assessment plan
C. Unit test results
D. System integration plan
Question 697
The security architect has been mandated to assess the security of various brands of mobile devices. At what phase of the product lifecycle would this be MOST likely to occur?
A. Implementation
B. Operations and maintenance
C. Disposal
D. Development
Question 698
Which of the following statements is MOST accurate regarding information assets?
A. International Organization for Standardization (ISO) 27001 compliance specifies which information assets must be included in asset inventory.
B. Information assets include any information that is valuable to the organization.
C. Building an information assets register is a resource-intensive job.
D. Information assets inventory is not required for risk assessment.
Question 699
Which of the following attack types can be used to compromise the integrity of data during transmission?
A. Synchronization flooding
B. Session hijacking
C. Keylogging
D. Packet sniffing
Question 700
A malicious user gains access to unprotected directories on a web server. Which of the following is MOST likely the cause for this information disclosure?
A. Broken authentication management
B. Security misconfiguration
C. Cross-site request forgery (CSRF)
D. Structured Query Language injection (SQLi)
Question 701
When reviewing the security logs, the password shown for an administrative login event was ‘OR ‘1’=‘1’–. This is an example of which of the following kinds of attack?
A. Structured Query Language (SQL) Injection
B. Brute Force Attack
C. Rainbow Table Attack
D. Cross-Site Scripting (XSS)
Question 702
Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) confidentiality category?
A. File hashing
B. Storage encryption
C. Data retention policy
D. Data processing
Question 703
Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?
A. Request for proposals (RFP) avoid purchasing software that does not meet business needs.
B. Contracting processes eliminate liability for security vulnerabilities for the purchaser.
C. Decommissioning of old software reduces long-term costs related to technical debt.
D. Software that does not perform as intended may be exploitable which makes it vulnerable to attack.
Question 704
An employee’s home address should be categorized according to which of the following references?
A. The consent form terms and conditions signed by employees
B. An organization security plan for human resources
C. Existing employee data classifications
D. The organization’s data classification model
Question 705
Which of the following activities should a forensic examiner perform FIRST when determining the priority of digital evidence collection at a crime scene?
A. Gather physical evidence.
B. Assign responsibilities to personnel on the scene.
C. Establish a list of files to examine.
D. Establish order of volatility.
Question 706
Which software defined networking (SDN) architectural component is responsible for translating network requirements?
A. SDN Controller
B. SDN Datapath
C. SDN Northbound Interfaces
D. SDN Application
Question 707
An internal audit for an organization recently identified malicious actions by a user account. Upon further investigation, it was determined the offending user account was used by multiple people at multiple locations simultaneously for various services and applications. What is the BEST method to prevent this problem in the future?
A. Ensure each user has their own unique account.
B. Allow several users to share a generic account.
C. Ensure the security information and event management (SIEM) is set to alert.
D. Inform users only one user should be using the account at a time.
Question 708
Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?
A. A security subject matter expert (SME)
B. A developer subject matter expert (SME)
C. The business owner
D. The application owner
Question 709
The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?
A. It determines the functional and operational requirements.
B. It determines the security requirements.
C. It affects other steps in the certification and accreditation process.
D. The system engineering process works with selected security controls.
Question 710
When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner’s first consideration?
A. Detection of sophisticated attackers
B. Topology of the network used for the system
C. Risk assessment of the system
D. Resiliency of the system
Question 711
Which of the following events prompts a review of the disaster recovery plan (DRP)?
A. Change in senior management
B. Completion of the security policy review
C. Organizational merger
D. New members added to the steering committee
Question 712
A user is allowed to access the file labeled “Financial Forecast,” but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of access mechanism should be used to accomplish this?
A. Minimum access control
B. Limited role-based access control (RBAC)
C. Access control list (ACL)
D. Rule-based access control
Question 713
What is the benefit of using Network Admission Control (NAC)?
A. NAC only supports Windows operating systems (OS).
B. NAC supports validation of the endpoint’s security posture prior to allowing the session to go into an authorized state.
C. NAC can require the use of certificates, passwords, or a combination of both before allowing network admission.
D. Operating system (OS) versions can be validated prior to allowing network access.
Question 714
When MUST an organization’s information security strategic plan be reviewed?
A. Whenever there are major changes to the business
B. Quarterly, when the organization’s strategic plan is updated
C. Every three years, when the organization’s strategic plan is updated
D. Whenever there are significant changes to a major application
Question 715
An established information technology (IT) consulting firm is considering acquiring a successful local startup. To gain a comprehensive understanding of the startup’s security posture, which type of assessment provides the BEST information?
A. A security audit
B. A tabletop exercise
C. A penetration test
D. A security threat model
Question 716
An organization plans to acquire a commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization’s security team FIRST get involved in this acquisition’s life cycle?
A. When the system is verified and validated
B. When the need for a system is expressed and the purpose of the system is documented
C. When the system is deployed into production
D. When the system is being designed, purchased, programmed, developed, or otherwise constructed
Question 717
Which of the following is a PRIMARY security weakness in the design of Domain Name System (DNS)?
A. Each DNS server must hold the address of the root servers.
B. A DNS server can be disabled in a denial-of-service (DoS) attack.
C. A DNS server does not authenticate source of information.
D. A DNS server database can be injected with falsified checksums.
Question 718
To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk of an attack?
A. Apply the latest vendor patches and updates
B. Run a vulnerability scanner
C. Review access controls
D. Install an antivirus on the server
Question 719
An organization has implemented a password complexity and an account lockout policy enforcing five incorrect logins tries within ten minutes. Network users have reported significantly increased account lockouts. Which of the following security principles is this company affecting?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
Question 720
In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below. Which of the following would be a reasonable annual loss expectation?
Availability – 60,000
Integrity – 10,000
Confidentiality – 0
Total Impact – 70,000
A. 3,500
B. 14,000
C. 10,000
D. 350,000
Question 721
A security practitioner has been asked to model best practices for disaster recovery (DR) and business continuity. The practitioner has decided that a formal committee is needed to establish a business continuity policy. Which of the following BEST describes this stage of business continuity development?
A. Developing and Implementing business continuity plans (BCP)
B. Project Initiation and Management
C. Risk Evaluation and Control
D. Business impact analysis (BIA)
Question 722
What physical characteristic does a retinal scan biometric device measure?
A. The amount of light reflected by the retina
B. The pattern of blood vessels at the back of the eye
C. The size, curvature, and shape of the retina
D. The pattern of light receptors in the back of the eye
Question 723
Which of the following BEST represents a defense in depth concept?
A. Network-based data loss prevention (DLP), Network Access Control (NAC), network-based Intrusion prevention system (NIPS), Port security on core switches
B. Host-based data loss prevention (DLP), Endpoint anti-malware solution, Host-based integrity checker, Laptop locks, hard disk drive (HDD) encryption
C. Endpoint security management, network intrusion detection system (NIDS), Network Access Control (NAC), Privileged Access Management (PAM), security information and event management (SIEM)
D. Web application firewall (WAF), Gateway network device tuning, Database firewall, Next-Generation Firewall (NGFW), Tier-2 demilitarized zone (DMZ) tuning
Question 724
Which of the following is required to verify the authenticity of a digitally signed document?
A. Agreed upon shared secret
B. Digital hash of the signed document
C. Recipient’s public key
D. Sender’s private key
Question 725
Which of the following contributes MOST to the effectiveness of a security officer?
A. Developing precise and practical security plans
B. Integrating security into the business strategies
C. Understanding the regulatory environment
D. Analyzing the strengths and weaknesses of the organization
Question 726
Where can the Open Web Application Security Project (OWASP) list of associated vulnerabilities be found?
A. OWASP Mobile Project
B. OWASP Software Assurance Maturity Model (SAMM) Project
C. OWASP Guide Project
D. OWASP Top 10 Project
Question 727
Employee training, risk management, and data handling procedures and policies could be characterized as which type of security measure?
A. Preventative
B. Management
C. Non-essential
D. Administrative
Question 728
A hospital’s building controls system monitors and operates the environmental equipment to maintain a safe and comfortable environment. Which of the following could be used to minimize the risk of utility supply interruption?
A. Digital protection and control devices capable of minimizing the adverse impact to critical utility
B. Standardized building controls system software with high connectivity to hospital networks
C. Lock out maintenance personnel from the building controls system access that can impact critical utility supplies
D. Digital devices that can turn equipment off and continuously cycle rapidly in order to increase supplies and conceal activity on the hospital network
Question 729
Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?
A. The SPI inspects traffic on a packet-by-packet basis.
B. The SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets.
C. The SPI is capable of dropping packets based on a pre-defined rule set.
D. The SPI inspects the traffic in the context of a session.
Question 730
What is the MAIN purpose of conducting a business impact analysis (BIA)?
A. To determine the cost for restoration of damaged information system
B. To determine the controls required to return to business critical operations
C. To determine the critical resources required to recover from an incident within a specified time period
D. To determine the effect of mission-critical information system failures on core business processes
Question 731
Which algorithm gets its security from the difficulty of calculating discrete logarithms in a finite field and is used to distribute keys, but cannot be used to encrypt or decrypt messages?
A. Kerberos
B. Digital Signature Algorithm (DSA)
C. Diffie-Hellman
D. Rivest-Shamir-Adleman (RSA)
Question 732
Which of the following is established to collect information in accordance with pre-established metrics, utilizing information readily available in part through implemented security controls?
A. Security Assessment Report (SAR)
B. Organizational risk tolerance
C. Risk assessment report
D. Information Security Continuous Monitoring (ISCM)
Question 733
When conducting a remote access session using Internet Protocol Security (IPSec), which Open Systems Interconnection (OSI) model layer does this connection use?
A. Presentation
B. Transport
C. Network
D. Data link
Question 734
Which of the following is the MOST effective corrective control to minimize the effects of a physical intrusion?
A. Rapid response by guards or police to apprehend a possible intruder
B. Sounding a loud alarm to frighten away a possible intruder
C. Automatic videotaping of a possible intrusion
D. Activating bright lighting to frighten away a possible intruder
Question 735
Which of the following are the three MAIN categories of security controls?
A. Preventative, corrective, detective
B. Administrative, technical, physical
C. Corrective, detective, recovery
D. Confidentiality, integrity, availability
Question 736
Which is the PRIMARY mechanism for providing the workforce with the information needed to protect an agency’s vital information resources?
A. Implementation of access provisioning process for coordinating the creation of user accounts
B. Incorporating security awareness and training as part of the overall information security program
C. An information technology (IT) security policy to preserve the confidentiality, integrity, and availability of systems
D. Execution of periodic security and privacy assessments to the organization
Question 737
Which of the following is considered the FIRST step when designing an internal security control assessment?
A. Create a plan based on comprehensive knowledge of known breaches.
B. Create a plan based on reconnaissance of the organization’s infrastructure.
C. Create a plan based on a recognized framework of known controls.
D. Create a plan based on recent vulnerability scans of the systems in question.
Question 738
The Open Web Application Security Project’s (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a flexible software security strategy to measure organizational impact based on what risk management aspect?
A. Risk exception
B. Risk tolerance
C. Risk treatment
D. Risk response
Question 739
What is the PRIMARY reason that a bit-level copy is more desirable than a file-level copy when replicating a hard drive’s contents for an e-discovery investigation?
A. The corruption of files is less likely.
B. Files that have been deleted will be transferred.
C. The file and directory structure is retained.
D. File-level security settings will be preserved.
Question 740
An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?
A. Facility provides an acceptable level of risk
B. Facility provides disaster recovery (DR) services
C. Facility has physical access protection measures
D. Facility provides the most cost-effective solution
Question 741
A large manufacturing organization arranges to buy an industrial machine system to produce a new line of products. The system includes software provided to the vendor by a third-party organization. The financial risk to the manufacturing organization starting production is high. What step should the manufacturing organization take to minimize its financial risk in the new venture prior to the purchase?
A. Require that the software be thoroughly tested by an accredited independent software testing company.
B. Hire a performance tester to execute offline tests on a system.
C. Calculate the possible loss in revenue to the organization due to software bugs and vulnerabilities, and compare that to the system’s overall price.
D. Place the machine behind a Layer 3 firewall.
Question 742
Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input?
A. Unit testing
B. Acceptance testing
C. Integration testing
D. Negative testing
Question 743
Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?
A. Vendors take on the liability for COTS software vulnerabilities.
B. In-house developed software is inherently less secure.
C. COTS software is inherently less secure.
D. Exploits for COTS software are well documented and publicly available.
Question 744
When conducting a third-party risk assessment of a new supplier, which of the following reports should be reviewed to confirm the operating effectiveness of the security, availability, confidentiality, and privacy trust principles?
A. Service Organization Control (SOC) 1, Type 2
B. Service Organization Control (SOC) 2, Type 2
C. International Organization for Standardization (ISO) 27001
D. International Organization for Standardization (ISO) 27002
Question 745
Which of the following would be the BEST mitigation practice for man-in-the-middle (MITM) Voice over Internet Protocol (VoIP) attacks?
A. Use Secure Shell (SSH) protocol
B. Use File Transfer Protocol (FTP)
C. Use Transport Layer Security (TLS) protocol
D. Use Media Gateway Control Protocol (MGCP)
Question 746
The Chief Information Security Officer (CISO) is concerned about business application availability. The organization was recently subject to a ransomware attack that resulted in the unavailability of applications and services for 10 working days that required paper-based running of all main business processes. There are now aggressive plans to enhance the Recovery Time Objective (RTO) and cater for more frequent data captures. Which of the following solutions should be implemented to fully comply to the new business requirements?
A. Virtualization
B. Antivirus
C. Host-based intrusion prevention system (HIPS)
D. Process isolation
Question 747
What is the MOST appropriate hierarchy of documents when implementing a security program?
A. Policy, organization principle, standard, guideline
B. Standard, policy, organization principle, guideline
C. Organization principle, policy, standard, guideline
D. Organization principle, guideline, policy, standard
Question 748
Which of the following is the MOST important consideration in selecting a security testing method based on different Radio-Frequency Identification (RFID) vulnerability types?
A. An understanding of the attack surface
B. Adaptability of testing tools to multiple technologies
C. The quality of results and usability of tools
D. The performance and resource utilization of tools
Question 749
An organization’s internal audit team performed a security audit on the company’s system and reported that the manufacturing application is rarely updated along with other issues categorized as minor. Six months later, an external audit team reviewed the same system with the same scope but identified severe weaknesses in the manufacturing application’s security controls. What is MOST likely to be the root cause of the internal audit team’s failure in detecting these security issues?
A. Inadequate security patch testing
B. Inadequate test coverage analysis
C. Inadequate log reviews
D. Inadequate change control procedures
Question 750
Which of the following is a limitation of the Bell-LaPadula model?
A. Segregation of duties (SoD) is difficult to implement as the “no read-up” rule limits the ability of an object to access information with a higher classification.
B. Mandatory access control (MAC) is enforced at all levels making discretionary access control (DAC) impossible to implement.
C. It contains no provision or policy for changing data access control and works well only with access systems that are static in nature.
D. It prioritizes integrity over confidentiality which can lead to inadvertent information disclosure.
Question 751
Which of the following vulnerability assessment activities BEST exemplifies the Examine method of assessment?
A. Asking the Information System Security Officer (ISSO) to describe the organization’s patch management processes
B. Ensuring that system audit logs capture all relevant data fields required by the security controls baseline
C. Logging into a web server using the default administrator account and a default password
D. Performing Port Scans of selected network hosts to enumerate active services
Question 752
Which of the following BEST ensures the integrity of transactions to intended recipients?
A. Public key infrastructure (PKI)
B. Blockchain technology
C. Pre-shared key (PSK)
D. Web of trust
Question 753
Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network engineers have asked for assistance in identifying the root cause of the event. Which of the following is the MOST likely cause?
A. Smurf attack
B. Misconfigured routing protocol
C. Broadcast domain too large
D. Address spoofing
Question 754
A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design principles are implemented in the new methodology?
A. Information security requirements are captured in mandatory user stories.
B. All developers receive a mandatory targeted information security training.
C. The information security department performs an information security assessment after each sprint.
D. The non-financial information security requirements remain mandatory for the new model.
Question 755
Which of the (ISC)² Code of Ethics canons is MOST reflected when preserving the value of systems, applications, and entrusted information while avoiding conflicts of interest?
A. Provide diligent and competent service to principles.
B. Act honorably, honestly, justly, responsibly, and legally.
C. Advance and protect the profession.
D. Protect society, the commonwealth, and the infrastructure.
Question 756
Which of the following should exist in order to perform a security audit?
A. Neutrality of the auditor
B. Industry framework to audit against
C. External (third-party) auditor
D. Internal certified auditor
Question 757
When telephones in a city are connected by a single exchange, the caller can only connect with the switchboard operator. The operator then manually connects the call. This is an example of which type of network topology?
A. Point-to-Point Protocol (PPP)
B. Bus
C. Star
D. Tree
Question 758
A firm within the defense industry has been directed to comply with contractual requirements for encryption of a government client’s Controlled Unclassified Information (CUI). What encryption strategy represents how to protect data at rest in the MOST efficient and cost-effective manner?
A. Perform logical separation of program information, using virtualized storage solutions with encryption management in the back-end disk systems
B. Perform logical separation of program information, using virtualized storage solutions with built-in encryption at the virtualization layer
C. Perform physical separation of program information and encrypt only information deemed critical by the defense client
D. Implement data at rest encryption across the entire storage area network (SAN)
Question 759
Which audit type is MOST appropriate for evaluating the effectiveness of a security program?
A. Analysis
B. Threat
C. Assessment
D. Validation
Question 760
Before allowing a web application into the production environment, the security practitioner performs multiple types of tests to confirm that the web application performs as expected. To test the username field, the security practitioner creates a test that enters more characters into the field than is allowed. Which of the following BEST describes the type of test performed?
A. Misuse case testing
B. Interface testing
C. Web session testing
D. Penetration testing
Question 761
If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol (VoIP), which of the following becomes even MORE essential to the assurance of the network?
A. Boundary routing
B. Classless Inter-Domain Routing (CIDR)
C. Internet Protocol (IP) routing lookups
D. Deterministic routing
Question 762
Why would a system be structured to isolate different classes of information from one another and segregate them by user jurisdiction?
A. The organization is required to provide different services to various third-party organizations.
B. The organization can avoid e-discovery processes in the event of litigation.
C. The organization’s infrastructure is clearly arranged and scope of responsibility is simplified.
D. The organization can vary its system policies to comply with conflicting national laws.
Question 763
An organization implements Network Access Control (NAC) using Institute of Electrical and Electronics Engineers (IEEE) 802.1x and discovers the printers do not support the IEEE 802.1x standard. Which of the following is the BEST resolution?
A. Implement port security on the switch ports for the printers.
B. Do nothing; IEEE 802.1x is irrelevant to printers.
C. Install an IEEE 802.1x bridge for the printers.
D. Implement a virtual local area network (VLAN) for the printers.
Question 764
Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?
A. Provide an improved mission accomplishment approach.
B. Focus on operating environments that are changing, evolving, and full of emerging threats.
C. Enable management to make well-informed risk-based decisions justifying security expenditure.
D. Secure information technology (IT) systems that store, mass, or transmit organizational information.
Question 765
Which of the following security tools monitors devices and records the information in a central database for further analysis?
A. Antivirus
B. Host-based intrusion detection system (HIDS)
C. Security orchestration automation and response
D. Endpoint detection and response (EDR)
Question 766
In addition to life, protection of which of the following elements is MOST important when planning a data center site?
A. Data and hardware
B. Property and operations
C. Resources and reputation
D. Profits and assets
Question 767
Which of the following documents specifies services from the client’s viewpoint?
A. Business Impact Analysis (BIA)
B. Service Level Agreement (SLA)
C. Service Level Requirement (SLR)
D. Service Level Report
Question 768
Which of the following should be included in a good defense-in-depth strategy provided by object-oriented programming for software development?
A. Polymorphism
B. Inheritance
C. Polyinstantiation
D. Encapsulation
Question 769
Which of the following is a key responsibility for a data steward assigned to manage an enterprise data lake?
A. Ensure proper business definition, value, and usage of data
B. Ensure adequate security controls applied to the enterprise data lake
C. Ensure proper and identifiable data owners for each data element
D. Ensure that any data passing within remit is being used in accordance with rules and regulations
Question 770
What is the FIRST step prior to executing a test of an organization’s disaster recovery (DR) or business continuity plan (BCP)?
A. Develop clear evaluation criteria.
B. Identify key stakeholders.
C. Develop recommendations for disaster scenarios.
D. Identify potential failure points.
Question 771
A breach investigation found a website was exploited through an open-source component. What is the FIRST step in the process that could have prevented this breach?
A. Application whitelisting
B. Vulnerability remediation
C. Web application firewall (WAF)
D. Software inventory
Question 772
What security principle addresses the issue of “Security by Obscurity”?
A. Open design
B. Role-Based Access Control (RBAC)
C. Segregation of duties (SoD)
D. Least privilege
Question 773
What is the MOST important goal of conducting security assessments?
A. To align the security program with organizational risk appetite
B. To demonstrate proper function of security controls and processes to senior management
C. To prepare the organization for an external audit, particularly by a regulatory entity
D. To discover unmitigated security vulnerabilities, and propose paths for mitigating them
Question 774
Which of the following virtual network configuration options is BEST to protect virtual machines (VM)?
A. Data segmentation
B. Data encryption
C. Traffic filtering
D. Traffic throttling
Question 775
Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device which has been stolen?
A. Mobile Device Management (MDM) with device wipe
B. Mobile device tracking with geolocation
C. Virtual private network (VPN) with traffic encryption
D. Whole device encryption with key escrow
Question 776
An organization is implementing data encryption using symmetric ciphers and the Chief Information Officer (CIO) is concerned about the risk of using one key to protect all sensitive data. The security practitioner has been tasked with recommending a solution to address the CIO’s concerns. Which of the following is the BEST approach to achieving the objective by encrypting all sensitive data?
A. Use a Secure Hash Algorithm 256 (SHA-256).
B. Use Rivest-Shamir-Adleman (RSA) keys.
C. Use a hierarchy of encryption keys.
D. Use Hash Message Authentication Code (HMAC) keys.
Question 777
Which of the following is a MUST for creating a new custom-built, cloud-native application designed to be horizontally scalable?
A. Network as a Service (NaaS)
B. Platform as a Service (PaaS)
C. Infrastructure as a Service (IaaS)
D. Software as a Service (SaaS)
Question 778
Single sign-on (SSO) for federated identity management (FIM) must be implemented and managed so that authorization mechanisms protect access to privileged information using OpenID Connect (OIDC) tokens or Security Assertion Markup Language (SAML) assertions. What is the BEST method to protect them?
A. Pass data in a bearer assertion, only signed by the identity provider.
B. Tokens and assertions should use base64 encoding to assure confidentiality.
C. Use a challenge and response mechanism such as CHAP.
D. The access token or assertion should be encrypted to ensure privacy.
Question 779
The client of a security firm reviewed a vulnerability assessment report and claims it is inaccurate. The client states that the vulnerabilities listed are invalid because the host’s operating system (OS) was not properly detected. Where in the vulnerability assessment process did this error MOST likely occur?
A. Report writing
B. Detection
C. Enumeration
D. Scanning
Question 780
For a victim of a security breach to prevail in a negligence claim, what MUST the victim establish?
A. Concern
B. Breach of contract
C. Proximate cause
D. Hardship
Question 781
A large international organization that collects consumer data has contracted with a SaaS provider to process it. The SaaS vendor uses additional processing for demonstration purposes, claiming it is not disclosing to other organizations. Which of the following BEST supports this rationale?
A. The data was encrypted and only a few cloud provider employees had access.
B. As the data owner, the cloud provider directs how the data will be processed.
C. As the data processor, the cloud provider has authority to direct how the data will be processed.
D. The agreement between both parties is vague and does not detail how data can be used.
Question 782
A security engineer auditing a company’s VoIP network finds unauthorized calls being placed internationally. Which type of attack occurred?
A. Control eavesdropping
B. Toll fraud
C. Call hijacking
D. Address spoofing
Question 783
An organization wants to enhance wireless network threat detection. To improve response and automate alerts, which best practice should be implemented FIRST?
A. Deploy a standalone guest Wi-Fi network.
B. Implement MFA on all domain accounts.
C. Deploy a wireless intrusion detection system (IDS).
D. Implement 802.1x authentication.
Question 784
Security personnel should be trained by emergency management staff in disaster response and recovery. Which part of physical security design does this fall under?
A. Legal concerns
B. Loss prevention
C. Emergency preparedness
D. Liability for employee conduct
Question 785
How is protection for hypervisor host and software administration functions BEST achieved?
A. Enforce network controls using a host-based firewall.
B. Deploy the management interface in a dedicated virtual network segment.
C. Separate physical NICs for management traffic and network traffic.
D. Deny permissions to specific VMs and objects.
Question 786
To ensure compliance with GDPR, who should the help desk manager consult before selecting a SaaS solution?
A. Data owner
B. Database administrator (DBA)
C. Data center manager
D. Data Protection Officer (DPO)
Question 787
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
A. Application
B. Storage
C. Power
D. Network
Question 788
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
A. determine the risk of a business interruption occurring
B. determine the technological dependence of the business processes
C. identify the operational impacts of a business interruption
D. identify the financial impacts of a business interruption
Question 789
Which of the following actions will reduce risk to a laptop before traveling to a high risk area?
A. Examine the device for physical tampering
B. Implement more stringent baseline configurations
C. Purge or re-image the hard disk drive
D. Change access codes
Question 790
Intellectual property rights are PRIMARY concerned with which of the following?
A. Owner’s ability to realize financial gain
B. Owner’s ability to maintain copyright
C. Right of the owner to enjoy their creation
D. Right of the owner to control delivery method
Question 791
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
A. Install mantraps at the building entrances
B. Enclose the personnel entry area with polycarbonate plastic
C. Supply a duress alarm for personnel exposed to the public
D. Hire a guard to protect the public area
Question 792
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
A. Ensure the fire prevention and detection systems are sufficient to protect personnel
B. Review the architectural plans to determine how many emergency exits are present
C. Conduct a gap analysis of a new facilities against existing security requirements
D. Revise the Disaster Recovery and Business Continuity (DR/BC) plan
Question 793
Which one of the following affects the classification of data?
A. Assigned security label
B. Multilevel Security (MLS) architecture
C. Minimum query size
D. Passage of time
Question 794
When implementing a data classification program, why is it important to avoid too much granularity?
A. The process will require too many resources
B. It will be difficult to apply to both hardware and software
C. It will be difficult to assign ownership to the data
D. The process will be perceived as having value
Question 795
Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?
A. Confidentiality
B. Integrity
C. Identification
D. Availability
Question 796
Who in the organization is accountable for classification of data information assets?
A. Data owner
B. Data architect
C. Chief Information Security Officer (CISO)
D. Chief Information Officer (CIO)
Question 797
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
A. Implementation Phase
B. Initialization Phase
C. Cancellation Phase
D. Issued Phase
Question 798
Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?
A. Packet filtering
B. Port services filtering
C. Content filtering
D. Application access control
Question 799
Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?
A. Layer 2 Tunneling Protocol (L2TP)
B. Link Control Protocol (LCP)
C. Challenge Handshake Authentication Protocol (CHAP)
D. Packet Transfer Protocol (PTP)
Question 800
Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?
A. WEP uses a small range Initialization Vector (IV)
B. WEP uses Message Digest 5 (MD5)
C. WEP uses Diffie-Hellman
D. WEP does not use any Initialization Vector (IV)
Question 801
Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?
A. Derived credential
B. Temporary security credential
C. Mobile device credentialing service
D. Digest authentication
Question 802
Which of the following could cause a Denial of Service (DoS) against an authentication system?
A. Encryption of audit logs
B. No archiving of audit logs
C. Hashing of audit logs
D. Remote access audit logs
Question 803
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
A. Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken
B. Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability
C. Management teams will understand the testing objectives and reputational risk to the organization
D. Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels
Question 804
Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?
A. Hardware and software compatibility issues
B. Applications’ critically and downtime tolerance
C. Budget constraints and requirements
D. Cost/benefit analysis and business objectives
Question 805
Which of the following is a PRIMARY advantage of using a third-party identity service?
A. Consolidation of multiple providers
B. Directory synchronization
C. Web based logon
D. Automated account management
Question 806
What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?
A. Disable all unnecessary services
B. Ensure chain of custody
C. Prepare another backup of the system
D. Isolate the system from the network
Question 807
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
A. Absence of a Business Intelligence (BI) solution
B. Inadequate cost modeling
C. Improper deployment of the Service-Oriented Architecture (SOA)
D. Insufficient Service Level Agreement (SLA)
Question 808
When is a Business Continuity Plan (BCP) considered to be valid?
A. When it has been validated by the Business Continuity (BC) manager
B. When it has been validated by the board of directors
C. When it has been validated by all threat scenarios
D. When it has been validated by realistic exercises
Question 809
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
A. After the system preliminary design has been developed and the data security categorization has been performed
B. After the vulnerability analysis has been performed and before the system detailed design begins
C. After the system preliminary design has been developed and before the data security categorization begins
D. After the business functional analysis and the data security categorization have been performed
Question 810
Which of the following is the BEST method to prevent malware from being introduced into a production environment?
A. Purchase software from a limited list of retailers
B. Verify the hash key or certificate key of all updates
C. Do not permit programs, patches, or updates from the Internet
D. Test all new software in a segregated environment
Question 811
The three PRIMARY requirements for a penetration test are
A. A defined goal, limited time period, and approval of management
B. A general objective, unlimited time, and approval of the network administrator
C. An objective statement, disclosed methodology, and fixed cost
D. A stated objective, liability waiver, and disclosed methodology
Question 812
Internet Protocol (IP) source address spoofing is used to defeat
A. address-based authentication.
B. Address Resolution Protocol (ARP).
C. Reverse Address Resolution Protocol (RARP).
D. Transmission Control Protocol (TCP) hijacking.
Question 813
Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?
A. Immediately document the finding and report to senior management.
B. Use system privileges to alter the permissions to secure the server
C. Continue the testing to its completion and then inform IT management
D. Terminate the penetration test and pass the finding to the server management team
Question 814
Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?
A. Integration with organizational directory services for authentication
B. Tokenization of data
C. Accommodation of hybrid deployment models
D. Identification of data location
Question 815
Logical access control programs are MOST effective when they are
A. approved by external auditors.
B. combined with security token technology.
C. maintained by computer security officers.
D. made part of the operating system.
Question 816
Contingency plan exercises are intended to do which of the following?
A. Train personnel in roles and responsibilities
B. Validate service level agreements
C. Train maintenance personnel
D. Validate operation metrics
Question 817
The key benefits of a signed and encrypted e-mail include
A. confidentiality, authentication, and authorization.
B. confidentiality, non-repudiation, and authentication.
C. non-repudiation, authorization, and authentication.
D. non-repudiation, confidentiality, and authorization.
Question 818
What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?
A. Signature
B. Inference
C. Induction
D. Heuristic
Question 819
Why is a system's criticality classification important in large organizations?
A. It provides for proper prioritization and scheduling of security and maintenance tasks.
B. It reduces critical system support workload and reduces the time required to apply patches.
C. It allows for clear systems status communications to executive management.
D. It provides for easier determination of ownership, reducing confusion as to the status of the asset.
Question 820
Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?
A. Physical
B. Session
C. Transport
D. Data-Link
Question 821
The overall goal of a penetration test is to determine a system's
A. ability to withstand an attack.
B. capacity management.
C. error recovery capabilities.
D. reliability under stress.
Question 822
Which security action should be taken FIRST when computer personnel are terminated from their jobs?
A. Remove their computer access
B. Require them to turn in their badge
C. Conduct an exit interview
D. Reduce their physical access level to the facility
Question 823
The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using
A. INSERT and DELETE.
B. GRANT and REVOKE.
C. PUBLIC and PRIVATE.
D. ROLLBACK and TERMINATE.
Question 824
Which one of the following considerations has the LEAST impact when considering transmission security?
A. Network availability
B. Data integrity
C. Network bandwidth
D. Node locations
Question 825
The stringency of an Information Technology (IT) security assessment will be determined by the
A. system's past security record.
B. size of the system's database.
C. sensitivity of the system's data.
D. age of the system.
Question 826
Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?
A. Interface with the Public Key Infrastructure (PKI)
B. Improve the quality of security software
C. Prevent Denial of Service (DoS) attacks
D. Establish a secure initial state
Question 827
Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?
A. Challenge Handshake Authentication Protocol (CHAP)
B. Point-to-Point Protocol (PPP)
C. Extensible Authentication Protocol (EAP)
D. Password Authentication Protocol (PAP)
Question 828
Which of the following is the best practice for testing a Business Continuity Plan (BCP)?
A. Test before the IT Audit
B. Test when environment changes
C. Test after installation of security patches
D. Test after implementation of system patches
Question 829
A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step?
A. Identify and select recovery strategies.
B. Present the findings to management for funding.
C. Select members for the organization's recovery teams.
D. Prepare a plan to test the organization's ability to recover its operations.
Question 830
In a financial institution, who has the responsibility for assigning the classification to a piece of information?
A. Chief Financial Officer (CFO)
B. Chief Information Security Officer (CISO)
C. Originator or nominated owner of the information
D. Department head responsible for ensuring the protection of the information
Question 831
When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include
A. hardened building construction with consideration of seismic factors.
B. adequate distance from and lack of access to adjacent buildings.
C. curved roads approaching the data center.
D. proximity to high crime areas of the city.
Question 832
The PRIMARY purpose of a security awareness program is to
A. ensure that everyone understands the organization's policies and procedures.
B. communicate that access to information will be granted on a need-to-know basis.
C. warn all users that access to all systems will be monitored on a daily basis.
D. comply with regulations related to data and information protection.
Question 833
The BEST method of demonstrating a company's security level to potential customers is
A. a report from an external auditor.
B. responding to a customer's security questionnaire.
C. a formal report from an internal auditor.
D. a site visit by a customer's security team.
Question 834
Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?
A. False Acceptance Rate (FAR)
B. False Rejection Rate (FRR)
C. Crossover Error Rate (CER)
D. Rejection Error Rate
Question 835
Which of the following is an essential element of a privileged identity lifecycle management?
A. Regularly perform account re-validation and approval
B. Account provisioning based on multi-factor authentication
C. Frequently review performed activities and request justification
D. Account information to be provided by supervisor or line manager
Question 836
A practice that permits the owner of a data object to grant other users access to that object would usually provide
A. Mandatory Access Control (MAC).
B. owner-administered control.
C. owner-dependent access control.
D. Discretionary Access Control (DAC).
Question 837
Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?
A. It uses a Subscriber Identity Module (SIM) for authentication.
B. It uses encrypting techniques for all communications.
C. The radio spectrum is divided with multiple frequency carriers.
D. The signal is difficult to read as it provides end-to-end encryption.
Question 838
Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?
A. Determining the probability that the system functions safely during any time period
B. Quantifying the system's available services
C. Identifying the number of security flaws within the system
D. Measuring the system's integrity in the presence of failure
Question 839
The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide
A. data integrity.
B. defense in depth.
C. data availability.
D. non-repudiation.
Question 840
What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?
A. Physical access to the electronic hardware
B. Regularly scheduled maintenance process
C. Availability of the network connection
D. Processing delays
Question 841
The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct
A. log auditing.
B. code reviews.
C. impact assessments.
D. static analysis.
Question 842
An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?
A. Implement packet filtering on the network firewalls
B. Require strong authentication for administrators
C. Install Host Based Intrusion Detection Systems (HIDS)
D. Implement logical network segmentation at the switches
Question 843
In Business Continuity Planning (BCP), what is the importance of documenting business processes?
A. Provides senior management with decision-making tools
B. Establishes and adopts ongoing testing and maintenance strategies
C. Defines who will perform which functions during a disaster or emergency
D. Provides an understanding of the organization's interdependencies
Question 844
Which of the following can BEST prevent security flaws occurring in outsourced software development?
A. Contractual requirements for code quality
B. Licensing, code ownership and intellectual property rights
C. Certification of the quality and accuracy of the work done
D. Delivery dates, change management control and budgetary control
Question 845
The birthday attack is MOST effective against which one of the following cipher technologies?
A. Chaining block encryption
B. Asymmetric cryptography
C. Cryptographic hash
D. Streaming cryptography
Question 846
A disadvantage of an application filtering firewall is that it can lead to
A. a crash of the network as a result of user activities.
B. performance degradation due to the rules applied.
C. loss of packets on the network due to insufficient bandwidth.
D. Internet Protocol (IP) spoofing by hackers.
Question 847
Which of the following is the FIRST step of a penetration test plan?
A. Analyzing a network diagram of the target network
B. Notifying the company's customers
C. Obtaining the approval of the company's management
D. Scheduling the penetration test during a period of least impact
Question 848
Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?
A. Detection
B. Prevention
C. Investigation
D. Correction
Question 849
Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?
A. An Explanation: of how long the data subject's collected information will be retained for and how it will be eventually disposed.
B. An Explanation: of who can be contacted at the organization collecting the information if corrections are required by the data subject.
C. An Explanation: of the regulatory frameworks and compliance standards the information collecting organization adheres to.
D. An Explanation: of all the technologies employed by the collecting organization in gathering information on the data subject.
Question 850
Which of the following would be the FIRST step to take when implementing a patch management program?
A. Perform automatic deployment of patches.
B. Monitor for vulnerabilities and threats.
C. Prioritize vulnerability remediation.
D. Create a system inventory.
Question 851
Following the completion of a network security assessment, which of the following can BEST be demonstrated?
A. The effectiveness of controls can be accurately measured
B. A penetration test of the network will fail
C. The network is compliant to industry standards
D. All unpatched vulnerabilities have been identified
Question 852
When implementing controls in a heterogeneous end-point network for an organization, it is critical that
A. hosts are able to establish network communications.
B. users can make modifications to their security software configurations.
C. common software security components be implemented across all hosts.
D. firewalls running on each host are fully customizable by the user.
Question 853
While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?
A. Trusted path
B. Malicious logic
C. Social engineering
D. Passive misuse
Question 854
Which of the following defines the key exchange for Internet Protocol Security (IPSec)?
A. Secure Sockets Layer (SSL) key exchange
B. Internet Key Exchange (IKE)
C. Security Key Exchange (SKE)
D. Internet Control Message Protocol (ICMP)
Question 855
Who must approve modifications to an organization's production infrastructure configuration?
A. Technical management
B. Change control board
C. System operations
D. System users
Question 856
What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?
A. Evaluating the efficiency of the plan
B. Identifying the benchmark required for restoration
C. Validating the effectiveness of the plan
D. Determining the Recovery Time Objective (RTO)
Question 857
Passive Infrared Sensors (PIR) used in a non-climate controlled environment should
A. reduce the detected object temperature in relation to the background temperature.
B. increase the detected object temperature in relation to the background temperature.
C. automatically compensate for variance in background temperature.
D. detect objects of a specific temperature independent of the background temperature.
Question 858
When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and
A. flexible.
B. confidential.
C. focused.
D. achievable.
Question 859
Which of the following MUST be done when promoting a security awareness program to senior management?
A. Show the need for security; identify the message and the audience
B. Ensure that the security presentation is designed to be all-inclusive
C. Notify them that their compliance is mandatory
D. Explain how hackers have enhanced information security
Question 860
A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?
A. Trojan horse
B. Denial of Service (DoS)
C. Spoofing
D. Man-in-the-Middle (MITM)
Question 861
Which of the following does Temporal Key Integrity Protocol (TKIP) support?
A. Multicast and broadcast messages
B. Coordination of IEEE 802.11 protocols
C. Wired Equivalent Privacy (WEP) systems
D. Synchronization of multiple devices
Question 862
The goal of software assurance in application development is to
A. enable the development of High Availability (HA) systems.
B. facilitate the creation of Trusted Computing Base (TCB) systems.
C. prevent the creation of vulnerable applications.
D. encourage the development of open source applications.
Question 863
Which of the following BEST represents the principle of open design?
A. Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.
B. Algorithms must be protected to ensure the security and interoperability of the designed system.
C. A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities.
D. The security of a mechanism should not depend on the secrecy of its design or implementation.
Question 864
Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?
A. Trusted Platform Module (TPM)
B. Preboot eXecution Environment (PXE)
C. Key Distribution Center (KDC)
D. Simple Key-Management for Internet Protocol (SKIP)
Question 865
Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?
A. Write a Service Level Agreement (SLA) for the two companies.
B. Set up a Virtual Private Network (VPN) between the two companies.
C. Configure a firewall at the perimeter of each of the two companies.
D. Establish a File Transfer Protocol (FTP) connection between the two companies.
Question 866
Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?
A. Cross Origin Resource Sharing (CORS)
B. WebSockets
C. Document Object Model (DOM) trees
D. Web Interface Definition Language (IDL)
Question 867
At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted
A. monthly.
B. quarterly.
C. annually.
D. bi-annually.
Question 868
In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?
A. A full-scale simulation of an emergency and the subsequent response functions
B. A specific test by response teams of individual emergency response functions
C. A functional evacuation of personnel
D. An activation of the backup site
Question 869
What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?
A. Experience in the industry
B. Definition of security profiles
C. Human resource planning efforts
D. Procedures in systems development
Question 870
Which of the following is an example of two-factor authentication?
A. Retina scan and a palm print
B. Fingerprint and a smart card
C. Magnetic stripe card and an ID badge
D. Password and Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)
Question 871
Which of the following is the MOST beneficial to review when performing an IT audit?
A. Audit policy
B. Security log
C. Security policies
D. Configuration settings
Question 872
When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?
A. Perform a service provider PCI-DSS assessment on a yearly basis.
B. Validate the service provider's PCI-DSS compliance status on a regular basis.
C. Validate that the service providers security policies are in alignment with those of the organization.
D. Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis.
Question 873
Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?
A. Maintaining an inventory of authorized Access Points (AP) and connecting devices
B. Setting the radio frequency to the minimum range required
C. Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator
D. Verifying that all default passwords have been changed
Question 874
Which of the following MOST influences the design of the organization's electronic monitoring policies?
A. Workplace privacy laws
B. Level of organizational trust
C. Results of background checks
D. Business ethical considerations
Question 875
According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?
A. In-house security administrators
B. In-house Network Team
C. Disaster Recovery (DR) Team
D. External consultants
Question 876
What physical characteristic does a retinal scan biometric device measure?
A. The amount of light reflected by the retina
B. The size, curvature, and shape of the retina
C. The pattern of blood vessels at the back of the eye
D. The pattern of light receptors at the back of the eye
Question 877
What does secure authentication with logging provide?
A. Data integrity
B. Access accountability
C. Encryption logging format
D. Segregation of duties
Question 878
Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?
A. Text editors, database, and Internet phone applications
B. Email, presentation, and database applications
C. Image libraries, presentation and spreadsheet applications
D. Email, media players, and instant messaging applications
Question 879
Which of the following assures that rules are followed in an identity management architecture?
A. Policy database
B. Digital signature
C. Policy decision point
D. Policy enforcement point
Question 880
Which of the following is the MOST difficult to enforce when using cloud computing?
A. Data access
B. Data backup
C. Data recovery
D. Data disposal
Question 881
What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?
A. Brute force attack
B. Frequency analysis
C. Social engineering
D. Dictionary attack
Question 882
Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
The third party needs to have
A. processes that are identical to that of the organization doing the outsourcing.
B. access to the original personnel that were on staff at the organization.
C. the ability to maintain all of the applications in languages they are familiar with.
D. access to the skill sets consistent with the programming languages used by the organization.
Question 883
Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?
A. Two-factor authentication
B. Digital certificates and hardware tokens
C. Timed sessions and Secure Socket Layer (SSL)
D. Passwords with alpha-numeric and special characters
Question 884
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
What MUST the access control logs contain in addition to the identifier?
A. Time of the access
B. Security classification
C. Denied access attempts
D. Associated clearance
Question 885
What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?
A. Identify regulatory requirements
B. Conduct a risk assessment
C. Determine business drivers
D. Review the security baseline configuration
Question 886
What is the PRIMARY advantage of using automated application security testing tools?
A. The application can be protected in the production environment.
B. Large amounts of code can be tested using fewer resources.
C. The application will fail less when tested using these tools.
D. Detailed testing of code functions can be performed.
Question 887
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?
A. Human resources policy
B. Acceptable use policy
C. Code of ethics
D. Access control policy
Question 888
Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will indicate where the IT budget is BEST allocated during this time?
A. Policies
B. Frameworks
C. Metrics
D. Guidelines
Question 889
Which of the following is the MOST effective attack against cryptographic hardware modules?
A. Plaintext
B. Brute force
C. Power analysis
D. Man-in-the-middle (MITM)
Question 890
Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. In the plan, what is the BEST approach to mitigate future internal client-based attacks?
A. Block all client side web exploits at the perimeter.
B. Remove all non-essential client-side web services from the network.
C. Screen for harmful exploits of client-side services before implementation.
D. Harden the client image before deployment.
Question 891
When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?
A. Temporal Key Integrity Protocol (TKIP)
B. Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK)
C. Wi-Fi Protected Access 2 (WPA2) Enterprise
D. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Question 892
Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.
In a Bell-LaPadula system, which user cannot write to File 3?
A. User A
B. User B
C. User C
D. User D
Question 893
Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will MOST likely allow the organization to keep risk at an acceptable level?
A. Increasing the amount of audits performed by third parties
B. Removing privileged accounts from operational staff
C. Assigning privileged functions to appropriate staff
D. Separating the security function into distinct roles
Question 894
Which of the following BEST describes Recovery Time Objective (RTO)?
A. Time of data validation after disaster
B. Time of data restoration from backup after disaster
C. Time of application resumption after disaster
D. Time of application verification after disaster
Question 895
A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of
A. asynchronous token.
B. Single Sign-On (SSO) token.
C. single factor authentication token.
D. synchronous token.
Question 896
Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0 to integrate a third-party identity provider for a service?
A. Resource Servers are required to use passwords to authenticate end users.
B. Revocation of access of some users of the third party instead of all the users from the third party.
C. Compromise of the third party means compromise of all the users in the service.
D. Guest users need to authenticate with the third party identity provider.
Question 897
A Business Continuity Plan (BCP) is based on
A. the policy and procedures manual.
B. an existing BCP from a similar organization.
C. a review of the business processes and procedures.
D. a standard checklist of required items and objectives.
Question 898
Which of the following is the MAIN goal of a data retention policy?
A. Ensure that data is destroyed properly.
B. Ensure that data recovery can be done on the data.
C. Ensure the integrity and availability of data for a predetermined amount of time.
D. Ensure the integrity and confidentiality of data for a predetermined amount of time.
Question 899
A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?
A. Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software.
B. Use Secure Sockets Layer (SSL) VPN technology.
C. Use Secure Shell (SSH) with public/private keys.
D. Require students to purchase home router capable of VPN.
Question 900
Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The security program can be considered effective when
A. vulnerabilities are proactively identified.
B. audits are regularly performed and reviewed.
C. backups are regularly performed and validated.
D. risk is lowered to an acceptable level.
Question 901
Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?
A. Commercial products often have serious weaknesses of the magnetic force available in the degausser product.
B. Degausser products may not be properly maintained and operated.
C. The inability to turn the drive around in the chamber for the second pass due to human error.
D. Inadequate record keeping when sanitizing media.
Question 902
An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?
A. Clients can authenticate themselves to the servers.
B. Mutual authentication is available between the clients and servers.
C. Servers are able to issue digital certificates to the client.
D. Servers can authenticate themselves to the client.
Question 903
An organization's data policy MUST include a data retention period which is based on
A. application dismissal.
B. business procedures.
C. digital certificates expiration.
D. regulatory compliance.
Question 904
Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
When determining appropriate resource allocation, which of the following is MOST important to monitor?
A. Number of system compromises
B. Number of audit findings
C. Number of staff reductions
D. Number of additional assets
Question 905
A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?
A. The inherent risk is greater than the residual risk.
B. The Annualized Loss Expectancy (ALE) approaches zero.
C. The expected loss from the risk exceeds mitigation costs.
D. The infrastructure budget can easily cover the upgrade costs.
Question 906
A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?
A. Spoofing
B. Eavesdropping
C. Man-in-the-middle
D. Denial of service
Question 907
During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?
A. Immediately call the police
B. Work with the client to resolve the issue internally
C. Advise the person performing the illegal activity to cease and desist
D. Work with the client to report the activity to the appropriate authority
Question 908
Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The effectiveness of the security program can PRIMARILY be measured through
A. audit findings.
B. risk elimination.
C. audit requirements.
D. customer satisfaction.
Question 909
When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?
A. Retain intellectual property rights through contractual wording.
B. Perform overlapping code reviews by both parties.
C. Verify that the contractors attend development planning meetings.
D. Create a separate contractor development environment.
Question 910
Which of the following is the BEST countermeasure to brute force login attacks?
A. Changing all canonical passwords
B. Decreasing the number of concurrent user sessions
C. Restricting initial password delivery only in person
D. Introducing a delay after failed system access attempts
Question 911
Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?
A. Set up a BIOS and operating system password
B. Encrypt the virtual drive where confidential files can be stored
C. Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network
D. Encrypt the entire disk and delete contents after a set number of failed access attempts
Question 912
What is the MOST important reason to configure unique user IDs?
A. Supporting accountability
B. Reducing authentication errors
C. Preventing password compromise
D. Supporting Single Sign On (SSO)
Question 913
Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?
A. Knurling
B. Grinding
C. Shredding
D. Degaussing
Question 914
What is the process called when impact values are assigned to the security objectives for information types?
A. Qualitative analysis
B. Quantitative analysis
C. Remediation
D. System security categorization
Question 915
Which of the following BEST describes the purpose of performing security certification?
A. To identify system threats, vulnerabilities, and acceptable level of risk
B. To formalize the confirmation of compliance to security policies and standards
C. To formalize the confirmation of completed risk mitigation and risk analysis
D. To verify that system architecture and interconnections with other systems are effectively implemented
Question 916
The application of which of the following standards would BEST reduce the potential for data breaches?
A. ISO 9000
B. ISO 20121
C. ISO 26000
D. ISO 27001
Question 917
A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?
A. Public Key Infrastructure (PKI) and digital signatures
B. Trusted server certificates and passphrases
C. User ID and password
D. Asymmetric encryption and User ID
Question 918
Which of the following is generally indicative of a replay attack when dealing with biometric authentication?
A. False Acceptance Rate (FAR) is greater than 1 in 100,000
B. False Rejection Rate (FRR) is greater than 5 in 100
C. Inadequately specified templates
D. Exact match
Question 919
If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?
A. User error
B. Suspected tampering
C. Accurate identification
D. Unsuccessful identification
Question 920
A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.
Which of the following is the BEST location?
A. On the top floor
B. In the basement
C. In the core of the building
D. In an exterior room with windows
Question 921
Which of the following is a function of Security Assertion Markup Language (SAML)?
A. File allocation
B. Redundancy check
C. Extended validation
D. Policy enforcement
Question 922
Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?
A. Ensure end users are aware of the planning activities
B. Validate all regulatory requirements are known and fully documented
C. Develop training and awareness programs that involve all stakeholders
D. Ensure plans do not violate the organization's cultural objectives and goals
Question 923
If compromised, which of the following would lead to the exploitation of multiple virtual machines?
A. Virtual device drivers
B. Virtual machine monitor
C. Virtual machine instance
D. Virtual machine file system
Question 924
A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?
A. Onward transfer
B. Collection Limitation
C. Collector Accountability
D. Individual Participation
Question 925
Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?
A. Security control baselines, access controls, employee awareness and training
B. Human resources, asset management, production management
C. Supply chain lead time, inventory control, encryption
D. Polygraphs, crime statistics, forensics
Question 926
Disaster Recovery Plan (DRP) training material should be
A. consistent so that all audiences receive the same training.
B. stored in a fire proof safe to ensure availability when needed.
C. only delivered in paper format.
D. presented in a professional looking manner.
Question 927
Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?
A. External
B. Overt
C. Internal
D. Covert
Question 928
Which of the following is the BEST method to assess the effectiveness of an organization's vulnerability management program?
A. Review automated patch deployment reports
B. Periodic third party vulnerability assessment
C. Automated vulnerability scanning
D. Perform vulnerability scan by security team
Question 929
Which of the following entities is ultimately accountable for data remanence vulnerabilities with data replicated by a cloud service provider?
A. Data owner
B. Data steward
C. Data custodian
D. Data processor
Question 930
Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?
A. Data Custodian
B. Data Owner
C. Data Creator
D. Data User
Question 931
What is the PRIMARY difference between security policies and security procedures?
A. Policies are used to enforce violations, and procedures create penalties
B. Policies point to guidelines, and procedures are more contractual in nature
C. Policies are included in awareness training, and procedures give guidance
D. Policies are generic in nature, and procedures contain operational details
Question 932
How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)?
A. Encrypts and optionally authenticates the IP header, but not the IP payload
B. Encrypts and optionally authenticates the IP payload, but not the IP header
C. Authenticates the IP payload and selected portions of the IP header
D. Encrypts and optionally authenticates the complete IP packet
Question 933
When planning a penetration test, the tester will be MOST interested in which information?
A. Places to install back doors
B. The main network access points
C. Job application handouts and tours
D. Exploits that can attack weaknesses
Question 934
Which of the following describes the BEST configuration management practice?
A. After installing a new system, the configuration files are copied to a separate back-up system and hashed to detect tampering.
B. After installing a new system, the configuration files are copied to an air-gapped system and hashed to detect tampering.
C. The firewall rules are backed up to an air-gapped system.
D. A baseline configuration is created and maintained for all relevant systems.
Question 935
To protect auditable information, which of the following MUST be configured to only allow read access?
A. Logging configurations
B. Transaction log files
C. User account configurations
D. Access control lists (ACL)
Question 936
Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?
A. Poor governance over security processes and procedures
B. Immature security controls and procedures
C. Variances against regulatory requirements
D. Unanticipated increases in security incidents and threats
Question 937
The BEST example of the concept of "something that a user has" when providing an authorized user access to a computing system is
A. the user's hand geometry.
B. a credential stored in a token.
C. a passphrase.
D. the user's face.
Question 938
A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?
A. Access is based on rules.
B. Access is determined by the system.
C. Access is based on user's role.
D. Access is based on data sensitivity.
Question 939
Which methodology is recommended for penetration testing to be effective in the development phase of the life-cycle process?
A. White-box testing
B. Software fuzz testing
C. Black-box testing
D. Visual testing
Question 940
The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?
A. Two-factor authentication
B. Single Sign-On (SSO)
C. User self-service
D. A metadirectory
Question 941
Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?
A. IEEE 802.1F
B. IEEE 802.1H
C. IEEE 802.1Q
D. IEEE 802.1X
Question 942
Software Code signing is used as a method of verifying what security concept?
A. Integrity
B. Confidentiality
C. Availability
D. Access Control
Question 943
What does an organization FIRST review to assure compliance with privacy requirements?
A. Best practices
B. Business objectives
C. Legal and regulatory mandates
D. Employee's compliance to policies and standards
Question 944
Which one of the following is a common risk with network configuration management?
A. Patches on the network are difficult to keep current.
B. It is the responsibility of the systems administrator.
C. User ID and passwords are never set to expire.
D. Network diagrams are not up to date.
Question 945
Which of the following methods can be used to achieve confidentiality and integrity for data in transit?
A. Multiprotocol Label Switching (MPLS)
B. Internet Protocol Security (IPSec)
C. Federated identity management
D. Multi-factor authentication
Question 946
What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?
A. Integrity
B. Confidentiality
C. Accountability
D. Availability
Question 947
A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?
A. Assess vulnerability risk and program effectiveness.
B. Assess vulnerability risk and business impact.
C. Disconnect all systems with critical vulnerabilities.
D. Disconnect systems with the most number of vulnerabilities.
Question 948
Which of the following BEST avoids data remanence disclosure for cloud hosted resources?
A. Strong encryption and deletion of the keys after data is deleted.
B. Strong encryption and deletion of the virtual host after data is deleted.
C. Software based encryption with two factor authentication.
D. Hardware based encryption on dedicated physical servers.
Question 949
Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?
A. Data Custodian
B. Executive Management
C. Chief Information Security Officer
D. Data/Information/Business Owners
Question 950
Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage?
A. Lightweight Directory Access Control (LDAP)
B. Security Assertion Markup Language (SAML)
C. Hypertext Transfer Protocol (HTTP)
D. Kerberos
Question 951
A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
A. Static discharge
B. Consumption
C. Generation
D. Magnetism
Question 952
Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?
A. Policy documentation review
B. Authentication validation
C. Periodic log reviews
D. Interface testing
Question 953
While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following is the correct procedure for handling such equipment?
A. They should be recycled to save energy.
B. They should be recycled according to NIST SP 800-88.
C. They should be inspected and sanitized following the organizational policy.
D. They should be inspected and categorized properly to sell them for reuse.
Question 954
In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
A. Application Layer
B. Physical Layer
C. Data-Link Layer
D. Network Layer
Question 955
Which of the following secures web transactions at the Transport Layer?
A. Secure HyperText Transfer Protocol (S-HTTP)
B. Secure Sockets Layer (SSL)
C. Socket Security (SOCKS)
D. Secure Shell (SSH)
Question 956
Are companies legally required to report all data breaches?
A. No, different jurisdictions have different rules.
B. No, not if the data is encrypted.
C. No, companies' codes of ethics don't require it.
D. No, only if the breach had a material impact.
Question 957
While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?
A. Retention
B. Reporting
C. Recovery
D. Remediation
Question 958
Which of the following is the PRIMARY issue when collecting detailed log information?
A. Logs may be unavailable when required
B. Timely review of the data is potentially difficult
C. Most systems and applications do not support logging
D. Logs do not provide sufficient details of system and individual activities
Question 959
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
A. Improper deployment of the Service-Oriented Architecture (SOA)
B. Absence of a Business Intelligence (BI) solution
C. Inadequate cost modeling
D. Insufficient Service Level Agreement (SLA)
Question 960
Which of the following is the PRIMARY benefit of implementing data-in-use controls?
A. If the data is lost, it must be decrypted to be opened.
B. If the data is lost, it will not be accessible to unauthorized users.
C. When the data is being viewed, it can only be printed by authorized users.
D. When the data is being viewed, it must be accessed using secure protocols.
Question 961
During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
A. Document the system as high risk
B. Perform a vulnerability assessment
C. Perform a quantitative threat assessment
D. Notate the information and move on
Question 962
By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?
A. Lock pinging
B. Lock picking
C. Lock bumping
D. Lock bricking
Question 963
The MAIN reason an organization conducts a security authorization process is to
A. force the organization to make conscious risk decisions.
B. assure the effectiveness of security controls.
C. assure the correct security organization exists.
D. force the organization to enlist management support.
Question 964
Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?
A. Delayed revocation or destruction of credentials
B. Modification of Certificate Revocation List
C. Unauthorized renewal or re-issuance
D. Token use after decommissioning
Question 965
A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is
A. the scalability of token enrollment.
B. increased accountability of end users.
C. it protects against unauthorized access.
D. it simplifies user access administration.
Question 966
A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?
A. Transport
B. Data link
C. Network
D. Application
Question 967
What is the difference between media marking and media labeling?
A. Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures.
B. Media labeling refers to the use of human-readable security attributes, while media marking refers to the use of security attributes in internal data structures.
C. Media labeling refers to security attributes required by public policy/law, while media marking refers to security required by internal organizational policy.
D. Media marking refers to security attributes required by public policy/law, while media labeling refers to security attributes required by internal organizational policy.
Question 968
Which of the following is a remote access protocol that uses a static authentication?
A. Point-to-Point Tunneling Protocol (PPTP)
B. Routing Information Protocol (RIP)
C. Password Authentication Protocol (PAP)
D. Challenge Handshake Authentication Protocol (CHAP)
Question 969
A vulnerability in which of the following components would be MOST difficult to detect?
A. Kernel
B. Shared libraries
C. Hardware
D. System application
Question 970
Which of the following information MUST be provided for user account provisioning?
A. Full name
B. Unique identifier
C. Security question
D. Date of birth
Question 971
Which of the following is the BEST method to reduce the effectiveness of phishing attacks?
A. User awareness
B. Two-factor authentication
C. Anti-phishing software
D. Periodic vulnerability scan
Question 972
Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?
A. Tactical, strategic, and financial
B. Management, operational, and technical
C. Documentation, observation, and manual
D. Standards, policies, and procedures
Question 973
Which of the following is the MOST important goal of information asset valuation?
A. Developing a consistent and uniform method of controlling access on information assets
B. Developing appropriate access control policies and guidelines
C. Assigning a financial value to an organization’s information assets
D. Determining the appropriate level of protection
Question 974
Which of the following is the MAIN reason for using configuration management?
A. To provide centralized administration
B. To reduce the number of changes
C. To reduce errors during upgrades
D. To provide consistency in security controls
Question 975
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is
A. organization policy.
B. industry best practices.
C. industry laws and regulations.
D. management feedback.
Question 976
Which of the following is MOST important when deploying digital certificates?
A. Validate compliance with X.509 digital certificate standards
B. Establish a certificate life cycle management framework
C. Use a third-party Certificate Authority (CA)
D. Use no less than 256-bit strength encryption when creating a certificate
Question 977
What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?
A. Radio Frequency (RF) attack
B. Denial of Service (DoS) attack
C. Data modification attack
D. Application-layer attack
Question 978
Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item?
A. Property book
B. Chain of custody form
C. Search warrant return
D. Evidence tag
Question 979
Which of the following is an advantage of on-premise Credential Management Systems?
A. Lower infrastructure capital costs
B. Control over system configuration
C. Reduced administrative overhead
D. Improved credential interoperability
Question 980
What does the Maximum Tolerable Downtime (MTD) determine?
A. The estimated period of time a business critical database can remain down before customers are affected.
B. The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning.
C. The estimated period of time a business can remain interrupted beyond which it risks never recovering.
D. The fixed length of time in a DR process before redundant systems are engaged.
Question 981
The PRIMARY purpose of accreditation is to:
A. comply with applicable laws and regulations.
B. allow senior management to make an informed decision regarding whether to accept the risk of operating the system.
C. protect an organization’s sensitive data.
D. verify that all security controls have been implemented properly and are operating in the correct manner.
Question 982
Which of the following media sanitization techniques is MOST likely to be effective for an organization using public cloud services?
A. Low-level formatting
B. Secure-grade overwrite erasure
C. Cryptographic erasure
D. Drive degaussing
Question 983
Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?
A. Transport and Session
B. Data-Link and Transport
C. Network and Session
D. Physical and Data-Link
Question 984
Which of the following BEST describes a chosen plaintext attack?
A. The cryptanalyst can generate ciphertext from arbitrary text.
B. The cryptanalyst examines the communication being sent back and forth.
C. The cryptanalyst can choose the key and algorithm to mount the attack.
D. The cryptanalyst is presented with the ciphertext from which the original message is determined.
Question 985
What operations role is responsible for protecting the enterprise from corrupt or contaminated media?
A. Information security practitioner
B. Information librarian
C. Computer operator
D. Network administrator
Question 986
Which of the following BEST describes Recovery Time Objective (RTO)?
A. Time of application resumption after disaster
B. Time of application verification after disaster
C. Time of data validation after disaster
D. Time of data restoration from backup after disaster
Question 987
Which of the following command line tools can be used in the reconnaissance phase of a network vulnerability assessment?
A. dig
B. ipconfig
C. ifconfig
D. nbstat
Question 988
In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?
A. Reduced risk to internal systems.
B. Prepare the server for potential attacks.
C. Mitigate the risk associated with the exposed server.
D. Bypass the need for a firewall.
Question 989
An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?
A. Revoke access temporarily.
B. Block user access and delete user account after six months.
C. Block access to the offices immediately.
D. Monitor account usage temporarily.
Question 990
Which of the following BEST represents the concept of least privilege?
A. Access to an object is denied unless access is specifically allowed.
B. Access to an object is only available to the owner.
C. Access to an object is allowed unless it is protected by the information security policy.
D. Access to an object is only allowed to authenticated users via an Access Control List (ACL).
Question 991
Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation?
A. To verify that only employees have access to the facility.
B. To identify present hazards requiring remediation.
C. To monitor staff movement throughout the facility.
D. To provide a safe environment for employees.
Question 992
Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment?
A. Lightweight Directory Access Protocol (LDAP)
B. Security Assertion Markup Language (SAML)
C. Internet Mail Access Protocol
D. Transport Layer Security (TLS)
Question 993
A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?
A. Confidentiality
B. Integrity
C. Availability
D. Accessibility
Question 994
Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?
A. It must be known to both sender and receiver.
B. It can be transmitted in the clear as a random number.
C. It must be retained until the last block is transmitted.
D. It can be used to encrypt and decrypt information.
Question 995
Which of the following are effective countermeasures against passive network-layer attacks?
A. Federated security and authenticated access controls
B. Trusted software development and run time integrity controls
C. Encryption and security enabled applications
D. Enclave boundary protection and computing environment defense
Question 996
When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?
A. Accept the risk on behalf of the organization.
B. Report findings to the business to determine security gaps.
C. Quantify the risk to the business for product selection.
D. Approve the application that best meets security requirements.
Question 997
When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?
A. Topology diagrams
B. Mapping tools
C. Asset register
D. Ping testing
Question 998
Reciprocal backup site agreements are considered to be
A. a better alternative than the use of warm sites.
B. difficult to test for complex systems.
C. easy to implement for similar types of organizations.
D. easy to test and implement for complex systems.
Question 999
Backup information that is critical to the organization is identified through a
A. Vulnerability Assessment (VA).
B. Business Continuity Plan (BCP).
C. Business Impact Analysis (BIA).
D. data recovery analysis.
Question 1000
In which identity management process is the subject’s identity established?
A. Trust
B. Provisioning
C. Authorization
D. Enrollment
Question 1001
During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?
A. Calculate the value of assets being accredited.
B. Create a list to include in the Security Assessment and Authorization package.
C. Identify obsolete hardware and software.
D. Define the boundaries of the information system.
Question 1002
Which of the following countermeasures is the MOST effective in defending against a social engineering attack?
A. Mandating security policy acceptance
B. Changing individual behavior
C. Evaluating security awareness training
D. Filtering malicious e-mail content
Question 1003
Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?
A. Provide vulnerability reports to management.
B. Validate vulnerability remediation activities.
C. Prevent attackers from discovering vulnerabilities.
D. Remediate known vulnerabilities.
Question 1004
A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user’s desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst’s next step?
A. Send the log file co-workers for peer review
B. Include the full network traffic logs in the incident report
C. Follow organizational processes to alert the proper teams to address the issue.
D. Ignore data as it is outside the scope of the investigation and the analyst’s role.
Question 1005
Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?
A. undergo a security assessment as part of authorization process
B. establish a risk management strategy
C. harden the hosting server, and perform hosting and application vulnerability scans
D. establish policies and procedures on system and services acquisition
Question 1006
What is the MAIN goal of information security awareness and training?
A. To inform users of the latest malware threats
B. To inform users of information assurance responsibilities
C. To comply with the organization information security policy
D. To prepare students for certification
Question 1007
What protocol is often used between gateway hosts on the Internet?
A. Exterior Gateway Protocol (EGP)
B. Border Gateway Protocol (BGP)
C. Open Shortest Path First (OSPF)
D. Internet Control Message Protocol (ICMP)
Question 1008
From a security perspective, which of the following assumptions MUST be made about input to an application?
A. It is tested
B. It is logged
C. It is verified
D. It is untrusted
Question 1009
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
A. To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
B. To validate backup sites’ effectiveness
C. To find out what does not work and fix it
D. To create a high level DRP awareness among Information Technology (IT) staff
Question 1010
What is the PRIMARY role of a scrum master in agile development?
A. To choose the primary development language
B. To choose the integrated development environment
C. To match the software requirements to the delivery plan
D. To project manage the software delivery
Question 1011
Which security access policy contains fixed security attributes that are used by the system to determine a user’s access to a file or object?
A. Mandatory Access Control (MAC)
B. Access Control List (ACL)
C. Discretionary Access Control (DAC)
D. Authorized user control
Question 1012
It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?
A. Negotiate schedule with the Information Technology (IT) operation’s team
B. Log vulnerability summary reports to a secured server
C. Enable scanning during off-peak hours
D. Establish access for Information Technology (IT) management
Question 1013
Which security modes is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data?
A. Biba
B. Graham-Denning
C. Clark-Wilson
D. Beil-LaPadula
Question 1014
Which of the following is the BEST reason for the use of security metrics?
A. They ensure that the organization meets its security objectives.
B. They provide an appropriate framework for Information Technology (IT) governance.
C. They speed up the process of quantitative risk assessment.
D. They quantify the effectiveness of security processes.
Question 1015
When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified?
A. Implementation
B. Initiation
C. Review
D. Development
Question 1016
Mandatory Access Controls (MAC) are based on:
A. security classification and security clearance
B. data segmentation and data classification
C. data labels and user access permissions
D. user roles and data encryption
Question 1017
Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?
A. Inert gas fire suppression system
B. Halon gas fire suppression system
C. Dry-pipe sprinklers
D. Wet-pipe sprinklers
Question 1018
What are the steps of a risk assessment?
A. identification, analysis, evaluation
B. analysis, evaluation, mitigation
C. classification, identification, risk management
D. identification, evaluation, mitigation
Question 1019
Which of the following is a common characteristic of privacy?
A. Provision for maintaining an audit trail of access to the private data
B. Notice to the subject of the existence of a database containing relevant credit card data
C. Process for the subject to inspect and correct personal data on-site
D. Database requirements for integration of privacy data
Question 1020
What does electronic vaulting accomplish?
A. It protects critical files.
B. It ensures the fault tolerance of Redundant Array of Independent Disks (RAID) systems
C. It stripes all database records
D. It automates the Disaster Recovery Process (DRP)
Question 1021
Which of the following is a responsibility of the information owner?
A. Ensure that users and personnel complete the required security training to access the Information System (IS)
B. Defining proper access to the Information System (IS), including privileges or access rights
C. Managing identification, implementation, and assessment of common security controls
D. Ensuring the Information System (IS) is operated according to agreed upon security requirements
Question 1022
Proven application security principles include which of the following?
A. Minimizing attack surface area
B. Hardening the network perimeter
C. Accepting infrastructure security controls
D. Developing independent modules
Question 1023
Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?
A. Reduce the probability of identification
B. Detect further compromise of the target
C. Destabilize the operation of the host
D. Maintain and expand control
Question 1024
What is the PRIMARY goal of fault tolerance?
A. Elimination of single point of failure
B. Isolation using a sandbox
C. Single point of repair
D. Containment to prevent propagation
Question 1025
An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?
A. Diffle-Hellman (DH) algorithm
B. Elliptic Curve Cryptography (ECC) algorithm
C. Digital Signature algorithm (DSA)
D. Rivest-Shamir-Adleman (RSA) algorithm
Question 1026
Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP). Which of the following represents a valid measure to help protect the network against unauthorized access?
A. Implement patch management
B. Implement port based security through 802.1x
C. Implement session border controllers
D. Implement application white listing
Question 1027
What is the PRIMARY reason to conduct periodic security audits?
A. Ensure compliance and verify control effectiveness
B. Detect intrusions in real time
C. Monitor bandwidth usage
D. Validate encryption algorithms
Question 1028
Which of the following is MOST appropriate for protecting confidentiality of data stored on a hard drive?
A. Triple Data Encryption Standard (3DES)
B. Advanced Encryption Standard (AES)
C. Message Digest 5 (MD5)
D. Secure Hash Algorithm 2 (SHA-2)
Question 1029
What is the expected outcome of security awareness in support of a security awareness program?
A. Awareness activities should be used to focus on security concerns and respond to those concerns accordingly
B. Awareness is not an activity or part of the training but rather a state of persistence to support the program
C. Awareness is training. The purpose of awareness presentations is to broaden attention of security.
D. Awareness is not training. The purpose of awareness presentation is simply to focus attention on security.
Question 1030
An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies. What code of ethics canon is being observed?
A. Provide diligent and competent service to principals
B. Protect society, the commonwealth, and the infrastructure
C. Advance and protect the profession
D. Act honorably, honestly, justly, responsibly, and legally
Question 1031
Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?
A. Transport layer handshake compression
B. Application layer negotiation
C. Peer identity authentication
D. Digital certificate revocation
Question 1032
Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services?
A. Mandatory Access Controls (MAC)
B. Enterprise security architecture
C. Enterprise security procedures
D. Role Based Access Controls (RBAC)
Question 1033
Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
A. Security governance
B. Risk management
C. Security portfolio management
D. Risk assessment
Question 1034
When developing a business case for updating a security program, the security program owner MUST do which of the following?
A. Identify relevant metrics
B. Prepare performance test reports
C. Obtain resources for the security program
D. Interview executive management
Question 1035
When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?
A. Log all activities associated with sensitive systems
B. Provide links to security policies
C. Confirm that confidentiality agreements are signed
D. Employ strong access controls
Question 1036
Who is accountable for the information within an Information System (IS)?
A. Security manager
B. System owner
C. Data owner
D. Data processor
Question 1037
A chemical plant wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?
A. The network administrators have no knowledge of ICS
B. The ICS is now accessible from the office network
C. The ICS does not support the office password policy
D. RS422 is more reliable than Ethernet
Question 1038
Which of the following is part of a Trusted Platform Module (TPM)?
A. A non-volatile tamper-resistant storage for storing both data and signing keys in a secure fashion
B. A protected Pre-Basic Input/Output System (BIOS) which specifies a method or a metric for “measuring” the state of a computing platform
C. A secure processor targeted at managing digital keys and accelerating digital signing
D. A platform-independent software interface for accessing computer functions
Question 1039
Which of the following is a responsibility of a data steward?
A. Ensure alignment of the data governance effort to the organization
B. Conduct data governance interviews with the organization
C. Document data governance requirements
D. Ensure that data decisions and impacts are communicated to the organization
Question 1040
What does a Synchronous (SYN) flood attack do?
A. Forces Transmission Control Protocol/Internet Protocol (TCP/IP) connections into a reset state
B. Establishes many new Transmission Control Protocol/Internet Protocol (TCP/IP) connections
C. Empties the queue of pending Transmission Control Protocol/Internet Protocol (TCP/IP) requests
D. Exceeds the limits for new Transmission Control Protocol/Internet Protocol (TCP/IP) connections