Question 641
What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?
A. Publish an acceptable usage policy.
B. Publish a social media guidelines document.
C. Deliver security awareness training.
D. Document a procedure for accessing social media sites.
Question 642
A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon auditing the internal configuration, the network administrator discovered that split-tunneling was enabled. What is the concern with this configuration?
A. The network intrusion detection system (NIDS) will fail to inspect Secure Sockets Layer (SSL) traffic.
B. Remote sessions will not require multi-layer authentication.
C. Remote clients are permitted to exchange traffic with the public and private network.
D. Multiple Internet Protocol Security (IPSec) tunnels may be exploitable in specific circumstances.
Question 643
In an IDEAL encryption system, who has sole access to the decryption key?
A. Data custodian
B. System owner
C. System administrator
D. Data owner
Question 644
Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?
A. Cutover
B. Parallel
C. Walkthrough
D. Tabletop
Question 645
Which of the following methods provides the MOST protection for user credentials?
A. Forms-based authentication
B. Self-registration
C. Basic authentication
D. Digest authentication
Question 646
An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?
A. Functional test
B. Unit test
C. Grey box
D. White box
Question 647
How does Radio-Frequency Identification (RFID) assist with asset management?
A. It uses biometric information for system identification.
B. It uses two-factor authentication (2FA) for system identification.
C. It transmits unique serial numbers wirelessly.
D. It transmits unique Media Access Control (MAC) addresses wirelessly.
Question 648
Which of the following is the FIRST step an organization’s professional performs when defining a cyber-security program based upon industry standards?
A. Review the past security assessments
B. Define the organization’s objectives regarding security and risk mitigation
C. Map the organization’s current security practices to industry standards and frameworks
D. Select from a choice of security best practices
Question 649
What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?
A. Maintaining the chain of custody
B. Capturing an image of the system
C. Outlining all actions taken during the investigation
D. Complying with the organization’s security policy
Question 650
Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other. The first machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address of 192.168.1.3/30 and the second machine has an IP/CIDR address 192.168.1.6/30. Which of the following is correct?
A. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network bridge in order to communicate
B. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network router in order to communicate
C. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network bridge in order to communicate
D. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network router in order to communicate
Question 651
Security Software Development Life Cycle (SDLC) expects application code to be written in a consistent manner to allow ease of auditing and which of the following?
A. Protecting
B. Copying
C. Enhancing
D. Executing
Question 652
Which of the following is a risk matrix?
A. A tool for determining risk management decisions for an activity or system.
B. A database of risks associated with a specific information system.
C. A two-dimensional picture of risk for organizations, products, projects, or other items of interest.
D. A table of risk management factors for management to consider.
Question 653
What part of an organization’s strategic risk assessment MOST likely includes information on items affecting the success of the organization?
A. Threat analysis
B. Vulnerability analysis
C. Key Performance Indicator (KPI)
D. Key Risk Indicator (KRI)
Question 654
A company needs to provide employee access to travel services, which are hosted by a third-party service provider. Employee experience is important, and when users are already authenticated, access to the travel portal is seamless. Which of the following methods is used to share information and grant user access to the travel portal?
A. Single sign-on (SSO) access
B. Security Assertion Markup Language (SAML) access
C. Open Authorization (OAuth) access
D. Federated access
Question 655
The Chief Executive Officer (CEO) wants to implement an internal audit of the company’s information security posture. The CEO wants to avoid any bias in the audit process; therefore, has assigned the Sales Director to conduct the audit. After significant interaction over a period of weeks the audit concludes that the company’s policies and procedures are sufficient, robust and well established. The CEO then moves on to engage an external penetration testing company in order to showcase the organization’s robust information security stance. This exercise reveals significant failings in several critical security controls and shows that the incident response processes remain undocumented. What is the MOST likely reason for this disparity in the results of the audit and the external penetration test?
A. The audit team lacked the technical experience and training to make insightful and objective assessments of the data provided to them.
B. The scope of the penetration test exercise and the internal audit were significantly different.
C. The external penetration testing company used custom zero-day attacks that could not have been predicted.
D. The information technology (IT) and governance teams have failed to disclose relevant information to the internal audit team leading to an incomplete assessment being formulated.
Question 656
An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?
A. Application
B. Transport
C. Session
D. Presentation
Question 657
A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?
A. System security officer
B. System processor
C. System custodian
D. System analyst
Question 658
Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?
A. Conduct a site survey.
B. Choose a suitable location.
C. Check the technical design.
D. Categorize assets.
Question 659
Management has decided that a core application will be used on personal cellular phones. As an implementation requirement, regularly scheduled analysis of the security posture needs to be conducted. Management has also directed that continuous monitoring be implemented. Which of the following is required to accomplish management’s directive?
A. Routine reports generated by the user’s cellular phone provider that detail security events
B. Strict integration of application management, configuration management (CM), and phone management
C. Management application installed on user phones that tracks all application events and cellular traffic
D. Enterprise-level security information and event management (SIEM) dashboard that provides full visibility of cellular phone activity
Question 660
A systems engineer is designing a wide area network (WAN) environment for a new organization. The WAN will connect sites holding information at various levels of sensitivity, from publicly available to highly confidential. The organization requires a high degree of interconnectedness to support existing business processes.
What is the BEST design approach to securing this environment?
A. Use reverse proxies to create a secondary “shadow” environment for critical systems.
B. Place firewalls around critical devices, isolating them from the rest of the environment.
C. Layer multiple detective and preventative technologies at the environment perimeter.
D. Align risk across all interconnected elements to ensure critical threats are detected and handled.