Question 301
Question 301
Data leakage of sensitive information is MOST often concealed by which of the following?
A. Secure Sockets Layer (SSL)
B. Secure Hash Algorithm (SHA)
C. Wired Equivalent Privacy (WEP)
D. Secure Post Office Protocol (POP)
Question 302
Question 302
An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.
As part of the authentication process, which of the following must the end user provide?
A. An access token
B. A username and password
C. A username
D. A password
Question 303
Question 303
The PRIMARY outcome of a certification process is that it provides documented
A. system weaknesses for remediation.
B. standards for security assessment, testing, and process evaluation.
C. interconnected systems and their implemented security controls.
D. security analyses needed to make a risk-based decision.
Question 304
Question 304
Which of the following methods can be used to achieve confidentiality and integrity for data in transit?
A. Multiprotocol Label Switching (MPLS)
B. Internet Protocol Security (IPSec)
C. Federated identity management
D. Multi-factor authentication
Question 305
Question 305
What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?
A. Parallel
B. Walkthrough
C. Simulation
D. Tabletop
Question 306
Question 306
Which of the following questions can be answered using user and group entitlement reporting?
A. When a particular file was last accessed by a user
B. Change control activities for a particular group of users
C. The number of failed login attempts for a particular user
D. Where does a particular user have access within the network
Question 307
Question 307
Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?
A. Data Custodian
B. Executive Management
C. Chief Information Security Officer
D. Data/Information/Business Owners
Question 308
Question 308
A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
A. Static discharge
B. Consumption
C. Generation
D. Magnetism
Question 309
Question 309
Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?
A. Policy documentation review
B. Authentication validation
C. Periodic log reviews
D. Interface testing
Question 310
Question 310
In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
A. Application Layer
B. Physical Layer
C. Data-Link Layer
D. Network Layer
Question 311
Question 311
The 802.1x standard provides a framework for what?
A. Network authentication for only wireless networks
B. Network authentication for wired and wireless networks
C. Wireless encryption using the Advanced Encryption Standard (AES)
D. Wireless network encryption using Secure Sockets Layer (SSL)
Question 312
Question 312
While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?
A. Retention
B. Reporting
C. Recovery
D. Remediation
Question 313
Question 313
Which of the following is the PRIMARY issue when collecting detailed log information?
A. Logs may be unavailable when required
B. Timely review of the data is potentially difficult
C. Most systems and applications do not support logging
D. Logs do not provide sufficient details of system and individual activities
Question 314
Question 314
By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?
A. Lock pinging
B. Lock picking
C. Lock bumping
D. Lock bricking
Question 315
Question 315
The BEST method to mitigate the risk of a dictionary attack on a system is to
A. use a hardware token.
B. use complex passphrases.
C. implement password history.
D. encrypt the access control list (ACL).
Question 316
Question 316
Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?
A. Delayed revocation or destruction of credentials
B. Modification of Certificate Revocation List
C. Unauthorized renewal or re-issuance
D. Token use after decommissioning
Question 317
Question 317
What is the difference between media marking and media labeling?
A. Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures.
B. Media labeling refers to the use of human-readable security attributes, while media marking refers to the use of security attributes in internal data structures.
C. Media labeling refers to security attributes required by public policy/law, while media marking refers to security required by internal organizational policy.
D. Media marking refers to security attributes required by public policy/law, while media labeling refers to security attributes required by internal organizational policy.
Question 318
Question 318
A vulnerability in which of the following components would be MOST difficult to detect?
A. Kernel
B. Shared libraries
C. Hardware
D. System application
Question 319
Question 319
The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?
A. Service Level Agreement (SLA)
B. Business Continuity Plan (BCP)
C. Business Impact Analysis (BIA)
D. Crisis management plan
Question 320
Question 320
Which of the following is the BEST method to reduce the effectiveness of phishing attacks?
A. User awareness
B. Two-factor authentication
C. Anti-phishing software
D. Periodic vulnerability scan