Question 981
The PRIMARY purpose of accreditation is to:
A. comply with applicable laws and regulations.
B. allow senior management to make an informed decision regarding whether to accept the risk of operating the system.
C. protect an organization’s sensitive data.
D. verify that all security controls have been implemented properly and are operating in the correct manner.
Question 982
Which of the following media sanitization techniques is MOST likely to be effective for an organization using public cloud services?
A. Low-level formatting
B. Secure-grade overwrite erasure
C. Cryptographic erasure
D. Drive degaussing
Question 983
Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?
A. Transport and Session
B. Data-Link and Transport
C. Network and Session
D. Physical and Data-Link
Question 984
Which of the following BEST describes a chosen plaintext attack?
A. The cryptanalyst can generate ciphertext from arbitrary text.
B. The cryptanalyst examines the communication being sent back and forth.
C. The cryptanalyst can choose the key and algorithm to mount the attack.
D. The cryptanalyst is presented with the ciphertext from which the original message is determined.
Question 985
What operations role is responsible for protecting the enterprise from corrupt or contaminated media?
A. Information security practitioner
B. Information librarian
C. Computer operator
D. Network administrator
Question 986
Which of the following BEST describes Recovery Time Objective (RTO)?
A. Time of application resumption after disaster
B. Time of application verification after disaster
C. Time of data validation after disaster
D. Time of data restoration from backup after disaster
Question 987
Which of the following command line tools can be used in the reconnaissance phase of a network vulnerability assessment?
A. dig
B. ipconfig
C. ifconfig
D. nbstat
Question 988
In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?
A. Reduced risk to internal systems.
B. Prepare the server for potential attacks.
C. Mitigate the risk associated with the exposed server.
D. Bypass the need for a firewall.
Question 989
An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?
A. Revoke access temporarily.
B. Block user access and delete user account after six months.
C. Block access to the offices immediately.
D. Monitor account usage temporarily.
Question 990
Which of the following BEST represents the concept of least privilege?
A. Access to an object is denied unless access is specifically allowed.
B. Access to an object is only available to the owner.
C. Access to an object is allowed unless it is protected by the information security policy.
D. Access to an object is only allowed to authenticated users via an Access Control List (ACL).
Question 991
Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation?
A. To verify that only employees have access to the facility.
B. To identify present hazards requiring remediation.
C. To monitor staff movement throughout the facility.
D. To provide a safe environment for employees.
Question 992
Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment?
A. Lightweight Directory Access Protocol (LDAP)
B. Security Assertion Markup Language (SAML)
C. Internet Mail Access Protocol
D. Transport Layer Security (TLS)
Question 993
A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?
A. Confidentiality
B. Integrity
C. Availability
D. Accessibility
Question 994
Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?
A. It must be known to both sender and receiver.
B. It can be transmitted in the clear as a random number.
C. It must be retained until the last block is transmitted.
D. It can be used to encrypt and decrypt information.
Question 995
Which of the following are effective countermeasures against passive network-layer attacks?
A. Federated security and authenticated access controls
B. Trusted software development and run time integrity controls
C. Encryption and security enabled applications
D. Enclave boundary protection and computing environment defense
Question 996
When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?
A. Accept the risk on behalf of the organization.
B. Report findings to the business to determine security gaps.
C. Quantify the risk to the business for product selection.
D. Approve the application that best meets security requirements.
Question 997
When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?
A. Topology diagrams
B. Mapping tools
C. Asset register
D. Ping testing
Question 998
Reciprocal backup site agreements are considered to be
A. a better alternative than the use of warm sites.
B. difficult to test for complex systems.
C. easy to implement for similar types of organizations.
D. easy to test and implement for complex systems.
Question 999
Backup information that is critical to the organization is identified through a
A. Vulnerability Assessment (VA).
B. Business Continuity Plan (BCP).
C. Business Impact Analysis (BIA).
D. data recovery analysis.
Question 1000
In which identity management process is the subject’s identity established?
A. Trust
B. Provisioning
C. Authorization
D. Enrollment