During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO? A. Document the system as high risk B. Perform a vulnerability assessment C. Perform a quantitative threat assessment D. Notate the information and move on
Answer: B
Rationale: A vulnerability assessment ensures the application’s technical controls match regulatory requirements and security expectations.
Question 962
Question 962
By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key? A. Lock pinging B. Lock picking C. Lock bumping D. Lock bricking
Answer: B
Rationale: Lock picking manipulates lock components to open without the original key, representing a physical security bypass technique.
Question 963
Question 963
The MAIN reason an organization conducts a security authorization process is to A. force the organization to make conscious risk decisions. B. assure the effectiveness of security controls. C. assure the correct security organization exists. D. force the organization to enlist management support.
Answer: A
Rationale: Authorization formalizes management’s decision to accept or reject system risk prior to operation.
Question 964
Question 964
Which of the following could elicit a Denial of Service (DoS) attack against a credential management system? A. Delayed revocation or destruction of credentials B. Modification of Certificate Revocation List C. Unauthorized renewal or re-issuance D. Token use after decommissioning
Answer: B
Rationale: Tampering with the Certificate Revocation List can overwhelm or disable validation processes, causing service disruptions.
Question 965
Question 965
A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is A. the scalability of token enrollment. B. increased accountability of end users. C. it protects against unauthorized access. D. it simplifies user access administration.
Answer: C
Rationale: Hardware tokens add a possession factor, preventing access even if credentials are compromised.
Question 966
Question 966
A proxy firewall operates at what layer of the Open System Interconnection (OSI) model? A. Transport B. Data link C. Network D. Application
Answer: D
Rationale: Proxy firewalls inspect traffic at the Application layer, analyzing protocols such as HTTP and FTP for content-based threats.
Question 967
Question 967
What is the difference between media marking and media labeling? A. Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures. B. Media labeling refers to the use of human-readable security attributes, while media marking refers to the use of security attributes in internal data structures. C. Media labeling refers to security attributes required by public policy/law, while media marking refers to security required by internal organizational policy. D. Media marking refers to security attributes required by public policy/law, while media labeling refers to security attributes required by internal organizational policy.
Answer: D
Rationale: Marking aligns with public policy requirements, whereas labeling supports internal classification enforcement within systems.
Question 968
Question 968
Which of the following is a remote access protocol that uses a static authentication? A. Point-to-Point Tunneling Protocol (PPTP) B. Routing Information Protocol (RIP) C. Password Authentication Protocol (PAP) D. Challenge Handshake Authentication Protocol (CHAP)
Answer: C
Rationale: PAP sends static credentials in plaintext and lacks protection mechanisms against replay or sniffing attacks.
Question 969
Question 969
A vulnerability in which of the following components would be MOST difficult to detect? A. Kernel B. Shared libraries C. Hardware D. System application
Answer: A
Rationale: Kernel-level vulnerabilities operate at the OS core, making them low-level, hidden, and hard to detect.
Question 970
Question 970
Which of the following information MUST be provided for user account provisioning? A. Full name B. Unique identifier C. Security question D. Date of birth
Answer: B
Rationale: A unique identifier ensures traceability and prevents confusion between accounts during auditing.
Question 971
Question 971
Which of the following is the BEST method to reduce the effectiveness of phishing attacks? A. User awareness B. Two-factor authentication C. Anti-phishing software D. Periodic vulnerability scan
Answer: A
Rationale: Educated users can recognize and avoid phishing attempts better than technical controls alone.
Question 972
Question 972
Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)? A. Tactical, strategic, and financial B. Management, operational, and technical C. Documentation, observation, and manual D. Standards, policies, and procedures
Answer: B
Rationale: ST&E categorizes controls as management, operational, or technical to ensure comprehensive testing.
Question 973
Question 973
Which of the following is the MOST important goal of information asset valuation? A. Developing a consistent and uniform method of controlling access on information assets B. Developing appropriate access control policies and guidelines C. Assigning a financial value to an organization’s information assets D. Determining the appropriate level of protection
Answer: D
Rationale: Asset valuation determines required protection levels proportional to business impact and criticality.
Question 974
Question 974
Which of the following is the MAIN reason for using configuration management? A. To provide centralized administration B. To reduce the number of changes C. To reduce errors during upgrades D. To provide consistency in security controls
Answer: D
Rationale: Configuration management ensures uniformity, reducing misconfigurations and improving system reliability.
Question 975
Question 975
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is A. organization policy. B. industry best practices. C. industry laws and regulations. D. management feedback.
Answer: A
Rationale: Session timeout configurations should comply with the organization's security policy to maintain consistency and control.
Question 976
Question 976
Which of the following is MOST important when deploying digital certificates? A. Validate compliance with X.509 digital certificate standards B. Establish a certificate life cycle management framework C. Use a third-party Certificate Authority (CA) D. Use no less than 256-bit strength encryption when creating a certificate
Answer: B
Rationale: Managing certificate lifecycles—issuance, renewal, and revocation—prevents expired or misused credentials.
Question 977
Question 977
What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack? A. Radio Frequency (RF) attack B. Denial of Service (DoS) attack C. Data modification attack D. Application-layer attack
Answer: B
Rationale: EMP disrupts or disables equipment through energy bursts, effectively causing a denial of service.
Question 978
Question 978
Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item? A. Property book B. Chain of custody form C. Search warrant return D. Evidence tag
Which of the following is an advantage of on-premise Credential Management Systems? A. Lower infrastructure capital costs B. Control over system configuration C. Reduced administrative overhead D. Improved credential interoperability
Answer: B
Rationale: On-premise credential systems offer full configuration control, aligning with internal security requirements.
Question 980
Question 980
What does the Maximum Tolerable Downtime (MTD) determine? A. The estimated period of time a business critical database can remain down before customers are affected. B. The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning. C. The estimated period of time a business can remain interrupted beyond which it risks never recovering. D. The fixed length of time in a DR process before redundant systems are engaged.
Answer: C
Rationale: MTD defines the maximum interruption duration an organization can tolerate before viability is threatened.