Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this IAM action? A. Clothing retailer acts as User Self Service, confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services. B. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services. C. Clothing retailer acts as Service Provider, confirms identity of user using industry standards, then sends credentials to partner businesses that act as an identity provider (IdP) and allows access to resources. D. Clothing retailer acts as Access Control Provider, confirms access of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to resources.
Answer: B
Rationale: In federated IAM, the Identity Provider (IdP) authenticates users and issues tokens to Service Providers (SPs). Here, the retailer (IdP) validates user identity and grants access to partners (SPs).
Question 402
Question 402
Which of the following statements BEST describes least privilege principle in a cloud environment? A. A single cloud administrator is configured to access core functions. B. Internet traffic is inspected for all incoming and outgoing packets. C. Routing configurations are regularly updated with the latest routes. D. Network segments remain private if unneeded to access the internet.
Answer: D
Rationale: Least privilege in a cloud environment ensures that systems or segments have only the minimum access necessary. Keeping non-internet resources private minimizes exposure.
Question 403
Question 403
An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution? A. Compression B. Caching C. Replication D. Deduplication
Answer: D
Rationale: redundant data usually points directly to deduplication, which removes duplicate files or blocks of data to reclaim storage.
Question 404
Question 404
Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations? A. Synchronous Optical Networking (SONET) B. Multiprotocol Label Switching (MPLS) C. Fiber Channel Over Ethernet (FCoE) D. Session Initiation Protocol (SIP)
Answer: B
Rationale: MPLS pre-determines the path of packets using labels, allowing routers along the route to forward traffic without making independent routing decisions. This improves speed and performance compared to hop-by-hop routing.
Question 405
Question 405
Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes? A. File Integrity Checker B. Security information and event management (SIEM) system C. Audit Logs D. Intrusion detection system (IDS)
Answer: A
Rationale: A File Integrity Checker detects unauthorized modifications by comparing current file hashes with previously known-good hash values. It alerts when files have been changed without authorization.
Question 406
Question 406
Which of the following is included in change management? A. Technical review by business owner B. User Acceptance Testing (UAT) before implementation C. Cost-benefit analysis (CBA) after implementation D. Business continuity testing
Answer: D
Rationale: Business continuity testing is a key step in change management to ensure that any updates or modifications do not disrupt critical operations and that recovery processes remain intact.
Question 407
Question 407
A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor? A. Pinning B. Single-pass wipe C. Multi-pass wipes D. Degaussing
Answer: C
Rationale: Multi-pass wipes securely overwrite storage sectors multiple times, erasing data beyond forensic recovery while keeping the drive functional for resale.
Question 408
Question 408
When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess? A. SOC 1 Type 1 B. SOC 2 Type 1 C. SOC 2 Type 2 D. SOC 3
Answer: C
Rationale: SOC 2 Type 2 demonstrates that a vendor’s security, availability, processing integrity, confidentiality, and privacy controls were tested and operated effectively over time — the most comprehensive for data protection assurance.
Question 409
Question 409
Which application type is considered high risk and provides a common way for malware and viruses to enter a network? A. Instant messaging or chat applications B. Peer-to-Peer (P2P) file sharing applications C. E-mail applications D. End-to-end applications
Answer: B
Rationale: Peer-to-Peer (P2P) applications are high risk because they bypass security controls and enable direct file transfers, a common method for malware distribution.
Question 410
Question 410
An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference architecture would mobile devices be tracked? A. 0 B. 1 C. 2 D. 3
Answer: A
Rationale: Tier 0 represents the physical asset layer — the base hardware level where devices like mobile assets are registered and tracked within asset management frameworks.
Question 411
Question 411
Which of the following is the BEST way to protect an organization’s data assets? A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms. B. Monitor and enforce adherence to security policies. C. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD). D. Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.
Answer: A
Rationale: Encrypting data in transit and at rest ensures confidentiality and integrity against unauthorized access — it’s the fundamental method for protecting information assets.
Question 412
Question 412
Within a large organization, what business unit is BEST positioned to initiate provisioning and deprovisioning of user accounts? A. Training department B. Internal audit C. Human resources D. Information technology (IT)
Answer: C
Rationale: Human Resources (HR) initiates user provisioning based on employment status changes — new hires, transfers, or terminations — which trigger IT account management actions.
Question 413
Question 413
Which of the following is the PRIMARY purpose of installing a mantrap within a facility? A. Control traffic B. Control airflow C. Prevent piggybacking D. Prevent rapid movement
Answer: C
Rationale: A mantrap is a physical security control designed to prevent tailgating or piggybacking by only allowing one person to pass through a secure area at a time.
Question 414
Question 414
In the “Do” phase of the Plan-Do-Check-Act model, which of the following is performed? A. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review. B. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement. C. Ensure the business continuity policy, controls, processes, and procedures have been implemented. D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.
Answer: C
Rationale: In the Do phase, organizations implement the policies and controls defined in the Plan phase. This ensures that BCM processes and procedures are executed as intended before review and improvement stages.
Question 415
Question 415
What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a security assessment? A. Service Organization Control (SOC) 1 Type 2 B. Service Organization Control (SOC) 1 Type 1 C. Service Organization Control (SOC) 2 Type 2 D. Service Organization Control (SOC) 2 Type 1
Answer: D
Rationale: SOC 2 Type 1 provides a point-in-time assessment of a vendor’s controls related to data security and operational integrity, serving as a recognized baseline for evaluating compliance readiness.
Question 416
Question 416
A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization? A. Organization loses control of their network devices. B. Network is flooded with communication traffic by the attacker. C. Network management communications is disrupted. D. Attacker accesses sensitive information regarding the network topology.
Answer: A
Rationale: Losing control of network devices is the most critical risk — it enables attackers to reconfigure, disable, or exfiltrate data across the environment, causing total compromise.
Question 417
Question 417
Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users’ internal control over financial reporting? A. Statement on Auditing Standards (SAS) 70 B. Service Organization Control 1 (SOC1) C. Service Organization Control 2 (SOC2) D. Service Organization Control 3 (SOC3)
Answer: B
Rationale: SOC 1 reports focus on internal controls over financial reporting, ensuring that service providers protect the financial data integrity of client organizations.
Question 418
Question 418
Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks? A. Scheduled team review of coding style and techniques for vulnerability patterns B. The regular use of production code routines from similar applications already in use C. Using automated programs to test for the latest known vulnerability patterns D. Ensure code editing tools are updated against known vulnerability patterns
Answer: C
Rationale: Automated code analysis tools identify security flaws such as injection or overflow vulnerabilities by testing against continuously updated vulnerability signatures.
Question 419
Question 419
When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should the considerations be prioritized? A. Public safety, duties to individuals, duties to the profession, and duties to principals B. Public safety, duties to principals, duties to the profession, and duties to individuals C. Public safety, duties to principals, duties to individuals, and duties to the profession D. Public safety, duties to the profession, duties to principals, and duties to individuals
Answer: B
Rationale: The (ISC)² Code of Ethics prioritizes: 1️⃣ Public safety first, 2️⃣ Duties to principals (employer/client), 3️⃣ Duties to the profession, 4️⃣ Duties to individuals.
Question 420
Question 420
Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving customer service? A. Kanban B. Lean Six Sigma C. Information Technology Service Management (ITSM) D. Information Technology Infrastructure Library (ITIL)
Answer: D
Rationale: ITIL provides best practices for aligning IT services with business needs — improving efficiency, reducing risk, and enhancing service delivery.