Question 761
If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol (VoIP), which of the following becomes even MORE essential to the assurance of the network?
A. Boundary routing
B. Classless Inter-Domain Routing (CIDR)
C. Internet Protocol (IP) routing lookups
D. Deterministic routing
Question 762
Why would a system be structured to isolate different classes of information from one another and segregate them by user jurisdiction?
A. The organization is required to provide different services to various third-party organizations.
B. The organization can avoid e-discovery processes in the event of litigation.
C. The organization’s infrastructure is clearly arranged and scope of responsibility is simplified.
D. The organization can vary its system policies to comply with conflicting national laws.
Question 763
An organization implements Network Access Control (NAC) using Institute of Electrical and Electronics Engineers (IEEE) 802.1x and discovers the printers do not support the IEEE 802.1x standard. Which of the following is the BEST resolution?
A. Implement port security on the switch ports for the printers.
B. Do nothing; IEEE 802.1x is irrelevant to printers.
C. Install an IEEE 802.1x bridge for the printers.
D. Implement a virtual local area network (VLAN) for the printers.
Question 764
Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?
A. Provide an improved mission accomplishment approach.
B. Focus on operating environments that are changing, evolving, and full of emerging threats.
C. Enable management to make well-informed risk-based decisions justifying security expenditure.
D. Secure information technology (IT) systems that store, mass, or transmit organizational information.
Question 765
Which of the following security tools monitors devices and records the information in a central database for further analysis?
A. Antivirus
B. Host-based intrusion detection system (HIDS)
C. Security orchestration automation and response
D. Endpoint detection and response (EDR)
Question 766
In addition to life, protection of which of the following elements is MOST important when planning a data center site?
A. Data and hardware
B. Property and operations
C. Resources and reputation
D. Profits and assets
Question 767
Which of the following documents specifies services from the client’s viewpoint?
A. Business Impact Analysis (BIA)
B. Service Level Agreement (SLA)
C. Service Level Requirement (SLR)
D. Service Level Report
Question 768
Which of the following should be included in a good defense-in-depth strategy provided by object-oriented programming for software development?
A. Polymorphism
B. Inheritance
C. Polyinstantiation
D. Encapsulation
Question 769
Which of the following is a key responsibility for a data steward assigned to manage an enterprise data lake?
A. Ensure proper business definition, value, and usage of data
B. Ensure adequate security controls applied to the enterprise data lake
C. Ensure proper and identifiable data owners for each data element
D. Ensure that any data passing within remit is being used in accordance with rules and regulations
Question 770
What is the FIRST step prior to executing a test of an organization’s disaster recovery (DR) or business continuity plan (BCP)?
A. Develop clear evaluation criteria.
B. Identify key stakeholders.
C. Develop recommendations for disaster scenarios.
D. Identify potential failure points.
Question 771
A breach investigation found a website was exploited through an open-source component. What is the FIRST step in the process that could have prevented this breach?
A. Application whitelisting
B. Vulnerability remediation
C. Web application firewall (WAF)
D. Software inventory
Question 772
What security principle addresses the issue of “Security by Obscurity”?
A. Open design
B. Role-Based Access Control (RBAC)
C. Segregation of duties (SoD)
D. Least privilege
Question 773
What is the MOST important goal of conducting security assessments?
A. To align the security program with organizational risk appetite
B. To demonstrate proper function of security controls and processes to senior management
C. To prepare the organization for an external audit, particularly by a regulatory entity
D. To discover unmitigated security vulnerabilities, and propose paths for mitigating them
Question 774
Which of the following virtual network configuration options is BEST to protect virtual machines (VM)?
A. Data segmentation
B. Data encryption
C. Traffic filtering
D. Traffic throttling
Question 775
Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device which has been stolen?
A. Mobile Device Management (MDM) with device wipe
B. Mobile device tracking with geolocation
C. Virtual private network (VPN) with traffic encryption
D. Whole device encryption with key escrow
Question 776
An organization is implementing data encryption using symmetric ciphers and the Chief Information Officer (CIO) is concerned about the risk of using one key to protect all sensitive data. The security practitioner has been tasked with recommending a solution to address the CIO’s concerns. Which of the following is the BEST approach to achieving the objective by encrypting all sensitive data?
A. Use a Secure Hash Algorithm 256 (SHA-256).
B. Use Rivest-Shamir-Adleman (RSA) keys.
C. Use a hierarchy of encryption keys.
D. Use Hash Message Authentication Code (HMAC) keys.
Question 777
Which of the following is a MUST for creating a new custom-built, cloud-native application designed to be horizontally scalable?
A. Network as a Service (NaaS)
B. Platform as a Service (PaaS)
C. Infrastructure as a Service (IaaS)
D. Software as a Service (SaaS)
Question 778
Single sign-on (SSO) for federated identity management (FIM) must be implemented and managed so that authorization mechanisms protect access to privileged information using OpenID Connect (OIDC) tokens or Security Assertion Markup Language (SAML) assertions. What is the BEST method to protect them?
A. Pass data in a bearer assertion, only signed by the identity provider.
B. Tokens and assertions should use base64 encoding to assure confidentiality.
C. Use a challenge and response mechanism such as CHAP.
D. The access token or assertion should be encrypted to ensure privacy.
Question 779
The client of a security firm reviewed a vulnerability assessment report and claims it is inaccurate. The client states that the vulnerabilities listed are invalid because the host’s operating system (OS) was not properly detected. Where in the vulnerability assessment process did this error MOST likely occur?
A. Report writing
B. Detection
C. Enumeration
D. Scanning
Question 780
For a victim of a security breach to prevail in a negligence claim, what MUST the victim establish?
A. Concern
B. Breach of contract
C. Proximate cause
D. Hardship