Question 521
Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?
A. Mean time to repair (MTTR)
B. Quality of Service (QoS) between applications
C. Financial penalties in case of disruption
D. Availability of network services
Question 522
A company hired an external vendor to perform a penetration test of a new payroll system. The company’s internal test team had already performed an in-depth application and security test and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?
A. Inadequate performance testing
B. Inadequate application level testing
C. Failure to perform negative testing
D. Failure to perform interface testing
Question 523
An organization wants to define its physical perimeter. What primary device should be used to accomplish this objective if the organization’s perimeter MUST cost-effectively deter casual trespassers?
A. Fences three to four feet high with a turnstile
B. Fences six to seven feet high with a painted gate
C. Fences accompanied by patrolling security guards
D. Fences eight or more feet high with three strands of barbed wire
Question 524
Which of the following vulnerabilities can be BEST detected using automated analysis?
A. Multi-step process attack vulnerabilities
B. Business logic flaw vulnerabilities
C. Valid cross-site request forgery (CSRF) vulnerabilities
D. Typical source code vulnerabilities
Question 525
A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization’s information security manager received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?
A. PM
B. Information owner
C. Data Custodian
D. Mission/Business Owner
Question 526
Which of the following determines how traffic should flow based on the status of the infrastructure layer?
A. Control plane
B. Application plane
C. Traffic plane
D. Data plane
Question 527
What is the PRIMARY benefit of incident reporting and computer crime investigations?
A. Complying with security policy
B. Repairing the damage and preventing future occurrences
C. Providing evidence to law enforcement
D. Appointing a computer emergency response team
Question 528
Which of the following is the MOST common method of memory protection?
A. Error correction
B. Virtual local area network (VLAN) tagging
C. Segmentation
D. Compartmentalization
Question 529
What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?
A. Source code review
B. Threat modeling
C. Penetration testing
D. Manual inspections and reviews
Question 530
When testing password strength, which of the following is the BEST method for brute forcing passwords?
A. Conduct an offline attack on the hashed password information
B. Use a comprehensive list of words to attempt to guess the password
C. Use social engineering methods to attempt to obtain the password
D. Conduct an online password attack until the account being used is locked
Question 531
Which of the following is the name of an individual or group that is impacted by a change?
A. Change agent
B. End User
C. Stakeholder
D. Sponsor
Question 532
The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?
A. Never to store personal data of EU citizens outside the EU
B. Data masking and encryption of personal data
C. Only to use encryption protocols approved by the EU
D. Anonymization of personal data when transmitted to sources outside the EU
Question 533
Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?
A. Store information about browsing activities on the personal device
B. Prevent information about browsing activities from being stored on the personal device
C. Prevent information about browsing activities from being stored in the cloud
D. Store browsing activities in the cloud
Question 534
A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?
A. Deployment
B. Development
C. Test
D. Design
Question 535
A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?
A. Administrative privileges on the hypervisor
B. Administrative privileges on the application folders
C. Administrative privileges on the web server
D. Administrative privileges on the OS
Question 536
A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?
A. Remove all non-essential client-side web services from the network
B. Harden the client image before deployment
C. Screen for harmful exploits of client-side services before implementation
D. Block all client-side web exploits at the perimeter
Question 537
What are the essential elements of a Risk Assessment Report (RAR)?
A. Executive summary, body of the report, and appendices
B. Executive summary, graph of risks, and process
C. Table of contents, testing criteria, and index
D. Table of contents, chapters, and executive summary
Question 538
The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a destructive virus. After obtaining samples and reverse engineering them, analysts found all variants targeted the same memory location. The organization is not affected because they enabled what feature?
A. Address Space Layout Randomization (ASLR)
B. Trusted Platform Module (TPM)
C. Virtualization
D. Process isolation
Question 539
The Chief Information Security Officer (CISO) wants to establish a centralized repository to store all software and hardware asset information. Which of the following would be the BEST option?
A. Information Security Management System (ISMS)
B. Configuration Management Database (CMDB)
C. Security Information and Event Management (SIEM)
D. Information Technology Asset Management (ITAM)
Question 540
What type of investigation applies when malicious behavior is suspected between two organizations?
A. Regulatory
B. Operational
C. Civil
D. Criminal