Question 541
Question 541
Which of the following techniques evaluates the secure design principles of network or software architectures?
A. Risk modeling
B. Waterfall method
C. Threat modeling
D. Fuzzing
Question 542
Question 542
Which element of software supply chain management has the GREATEST security risk to organizations?
A. Unsupported libraries are often used
B. Applications with multiple contributors are difficult to evaluate
C. Vulnerabilities are difficult to detect
D. New software development skills are hard to acquire
Question 543
Question 543
Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?
A. Communicate with the press following the communications plan
B. Dispatch personnel to the disaster recovery (DR) site
C. Take photos of the damage
D. Notify all of the Board of Directors
Question 544
Question 544
When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users from accessing the VoIP network.
Which of the following will BEST help secure the VoIP network?
A. 802.11g
B. Web application firewall (WAF)
C. Transport Layer Security (TLS)
D. 802.1x
Question 545
Question 545
A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?
A. Use a salted cryptographic hash of the password
B. Validate passwords using a stored procedure
C. Allow only the application to have access to the password field in order to verify user authentication
D. Encrypt the entire database and embed an encryption key in the application
Question 546
Question 546
Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?
A. Common Vulnerabilities and Exposures (CVE)
B. Center for Internet Security (CIS)
C. Common Vulnerability Scoring System (CVSS)
D. Open Web Application Security Project (OWASP)
Question 547
Question 547
A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all infrastructure within one co-location data center. Which security principle is the architect currently assessing?
A. Disaster recovery (DR)
B. Availability
C. Redundancy
D. Business continuity (BC)
Question 548
Question 548
Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?
A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
B. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements
C. Data stewardship roles, data handling and storage standards, data lifecycle requirements
D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements
Question 549
Question 549
The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between in-house, fully outsourced, or hybrid capability, which of the following would be the MAIN consideration, regardless of the model?
A. Headcount and capacity
B. Scope and service catalog
C. Skill set and training
D. Tools and technologies
Question 550
Question 550
An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per-project basis. What type of user access administration is BEST suited to meet the organization's needs?
A. Decentralized
B. Hybrid
C. Centralized
D. Federated
Question 551
Question 551
Which of the following is a secure design principle for a new product?
A. Restrict the use of modularization
B. Do not rely on previously used code
C. Build in appropriate levels of fault tolerance
D. Utilize obfuscation whenever possible
Question 552
Question 552
What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?
A. Standardize specifications between software security products
B. Achieve organizational compliance with international standards
C. Improve vulnerability assessment capabilities
D. Save security costs for the organization
Question 553
Question 553
What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software-defined networking (SDN)?
A. Network syntax, abstraction of network flow, and abstraction of network protocols
B. Network syntax, abstraction of network commands, and abstraction of network protocols
C. Familiar syntax, abstraction of network topology, and definition of network protocols
D. Familiar syntax, abstraction of network topology, and abstraction of network protocols
Question 554
Question 554
Which of the following is a unique feature of attribute-based access control (ABAC)?
A. A user is granted access to a system at a particular time of day
B. A user is granted access to a system based on username and password
C. A user is granted access to a system based on group affinity
D. A user is granted access to a system with biometric authentication
Question 555
Question 555
Which of the following is the BEST approach to implement multiple servers on a virtual system?
A. Implement one primary function per virtual server and apply individual security configuration for each virtual server
B. Implement multiple functions within the same virtual server and apply individual security configurations to each function
C. Implement one primary function per virtual server and apply high security configuration on the host operating system
D. Implement multiple functions per virtual server and apply the same security configuration for each virtual server
Question 556
Question 556
Which of the following is the MOST common cause of system or security failures?
A. Lack of physical security controls
B. Lack of change control
C. Lack of logging and monitoring
D. Lack of system documentation
Question 557
Question 557
The Chief Information Officer (CIO) has decided that as part of business modernization efforts, the organization will move towards a cloud architecture. The CIO has a PRIMARY obligation to work with personnel in which role to ensure proper protection of data during and after the cloud migration?
A. Chief Security Officer (CSO)
B. Information owner
C. Chief Information Security Officer (CISO)
D. General Counsel
Question 558
Question 558
A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?
A. Execute
B. Read
C. Write
D. Append
Question 559
Question 559
When performing an investigation with the potential for legal action, what should be the analyst’s FIRST consideration?
A. Data decryption
B. Chain-of-custody
C. Authorization to collect
D. Court admissibility
Question 560
Question 560
Building blocks for software-defined networks (SDN) require which of the following?
A. The SDN is composed entirely of client-server pairs
B. Random-access memory (RAM) is used in preference to virtual memory
C. The SDN is mostly composed of virtual machines (VM)
D. Virtual memory is used in preference to random-access memory (RAM)