Which of the following is part of a Trusted Platform Module (TPM)? A. A non-volatile tamper-resistant storage for storing both data and signing keys in a secure fashion B. A protected Pre-Basic Input/Output System (BIOS) which specifies a method or a metric for “measuring” the state of a computing platform C. A secure processor targeted at managing digital keys and accelerating digital signing D. A platform-independent software interface for accessing computer functions
Answer: A
Rationale: TPMs securely store encryption keys and integrity measurements in hardware-protected memory.
Question 382
Question 382
Which of the following is a responsibility of a data steward? A. Ensure alignment of the data governance effort to the organization. B. Conduct data governance interviews with the organization. C. Document data governance requirements. D. Ensure that data decisions and impacts are communicated to the organization.
Answer: A
Rationale: Data stewards align governance practices and enforce organizational data policies.
Question 383
Question 383
What does a Synchronous (SYN) flood attack do? A. Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state B. Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections C. Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections
Answer: B
Rationale: SYN flood attacks send repeated connection requests, exhausting server resources and disrupting legitimate traffic.
Question 384
Question 384
Which of the following is the MOST appropriate action when reusing media that contains sensitive data? A. Erase B. Sanitize C. Encrypt D. Degauss
Answer: B
Rationale: Sanitization removes all data traces, ensuring secure media reuse.
Question 385
Question 385
A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections? A. Develop a written organizational policy prohibiting unauthorized USB devices B. Train users on the dangers of transferring data in USB devices C. Implement centralized technical control of USB port connections D. Encrypt removable USB devices containing data at rest
Answer: C
Rationale: Centralized USB port control enforces policy automatically and prevents unauthorized devices.
Question 386
Question 386
During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL):
http://www.companysite.com/products/products.asp?productid=123 or 1=1
What type of attack does this indicate? A. Directory traversal B. Structured Query Language (SQL) injection C. Cross-Site Scripting (XSS) D. Shellcode injection
Who would be the BEST person to approve an organizations information security policy? A. Chief Information Officer (CIO) B. Chief Information Security Officer (CISO) C. Chief internal auditor D. Chief Executive Officer (CEO)
Answer: B
Rationale: The CISO oversees information security governance and ensures policies align with strategic goals.
Question 388
Question 388
In Disaster Recovery (DR) and Business Continuity (DC) training, which BEST describes a functional drill? A. a functional evacuation of personnel B. a specific test by response teams of individual emergency response functions C. an activation of the backup site D. a full-scale simulation of an emergency and the subsequent response functions.
Answer: D
Rationale: A functional drill simulates full emergency response scenarios to evaluate readiness and coordination.
Question 389
Question 389
The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data A. through a firewall at the Session layer B. through a firewall at the Transport layer C. in the Point-to-Point Protocol (PPP) D. in the Payload Compression Protocol (PCP)
Answer: C
Rationale: L2TP encapsulates PPP frames for secure tunneling across the internet.
Question 390
Question 390
Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic? A. Application proxy B. Port filter C. Network boundary router D. Access layer switch
Answer: A
Rationale: Application proxies can inspect and control P2P protocol content beyond simple port filtering.
Question 391
Question 391
Which of the following techniques is known to be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections? A. Automated dynamic analysis B. Automated static analysis C. Manual code review D. Fuzzing
Answer: A
Rationale: Dynamic analysis monitors code execution to detect memory leaks and resource exhaustion in real time.
Question 392
Question 392
A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled.
Why did the network architect likely design the VoIP system with gratuitous ARP disabled? A. Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1. B. Gratuitous ARP requires the use of insecure layer 3 protocols. C. Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone. D. Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.
Answer: D
Rationale: Disabling gratuitous ARP prevents spoofing and MITM attacks on ARP announcements.
Question 393
Question 393
Access to which of the following is required to validate web session management? A. Log timestamp B. Live session traffic C. Session state variables D. Test scripts
Answer: C
Rationale: Reviewing session state variables allows verification of how session identifiers are managed and secured.
Question 394
Question 394
Physical assets defined in an organization’s business impact analysis (BIA) could include which of the following? A. Personal belongings of organizational staff members B. Disaster recovery (DR) line-item revenues C. Cloud-based applications D. Supplies kept off-site at a remote facility
Answer: D
Rationale: Physical assets in a Business Impact Analysis (BIA) include tangible items critical to business operations such as backup equipment, facilities, and off-site supplies — not financial or digital resources.
Question 395
Question 395
When assessing the audit capability of an application, which of the following activities is MOST important? A. Identify procedures to investigate suspicious activity. B. Determine if audit records contain sufficient information. C. Verify if sufficient storage is allocated for audit records. D. Review security plan for actions to be taken in the event of audit failure.
Answer: C
Rationale: The most essential step when assessing audit capability is ensuring there is sufficient storage space for logs and audit records, as without it the system cannot effectively capture or retain evidence for auditing.
Question 396
Question 396
An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions for many users with similar job responsibilities. Which type of authorization mechanism would be the BEST choice for the organization to implement? A. Role-based access control (RBAC) B. Discretionary access control (DAC) C. Content-dependent Access Control D. Rule-based Access Control
Answer: A
Rationale: Role-Based Access Control (RBAC) simplifies permission management by assigning users to roles based on job function. This ensures consistent, scalable control across users with similar responsibilities.
Question 397
Question 397
What is the PRIMARY reason for criminal law being difficult to enforce when dealing with cybercrime? A. Jurisdiction is hard to define. B. Law enforcement agencies are understaffed. C. Extradition treaties are rarely enforced. D. Numerous language barriers exist.
Answer: A
Rationale: Deduplication removes redundant data by storing only unique instances, making it more efficient than compression for redundant data elimination.
Question 398
Question 398
Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol? A. Extensible Authentication Protocol (EAP) B. Internet Protocol Security (IPsec) C. Secure Sockets Layer (SSL) D. Secure Shell (SSH)
Answer: A
Rationale: WPA2 leverages EAP within the 802.1X framework to provide strong authentication and dynamic encryption key management for wireless security.
Question 399
Question 399
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system? A. Reference monitor B. Trusted Computing Base (TCB) C. Time separation D. Security kernel
Answer: A
Rationale: The Reference Monitor concept defines the security interfaces that control access between subjects (users/processes) and objects (data/resources). It’s the core model underpinning OS security design.
Question 400
Question 400
What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability? A. Performance testing B. Risk assessment C. Security audit D. Risk management
Answer: D
Rationale: Risk management ensures that security controls are cost-effective relative to the potential loss they mitigate, balancing security investment with business objectives.