Question 161
Question 161
Which of the following BEST provides non-repudiation with regards to access to a server room?
A. Fob and PIN
B. Locked and secured cages
C. Biometric readers
D. Proximity readers
Question 162
Question 162
Which of the following is a limitation of the Bell-LaPadula model?
A. Segregation of duties is difficult to implement due to the “no read-up” rule.
B. MAC is enforced at all levels making DAC impossible to implement.
C. It prioritizes confidentiality over integrity.
D. It works only with static systems.
Question 163
Question 163
Which of the following BEST describes the purpose of Border Gateway Protocol (BGP)?
A. Maintain a list of network paths between internet routers.
B. Provide Routing Information Protocol (RIP) version 2 advertisements.
C. Provide firewall services.
D. Maintain a list of efficient network paths between autonomous systems.
Question 164
Question 164
A network administrator wants to ensure a database engine is listening on a specific port. Which command should be used?
A. nslookup
B. netstat -a
C. ipconfig /a
D. arp -a
Question 165
Question 165
Which identity model BEST allows identity providers (IdP) and relying parties (RP) to share access without disclosing subscriber lists?
A. Federation authorities
B. Proxied federation
C. Static registration
D. Dynamic registration
Question 166
Question 166
Why are packet filtering routers used in low-risk environments?
A. They are high-resolution source discrimination and identification tools.
B. They are fast and flexible, and protect against Internet Protocol (IP) spoofing.
C. They are fast, flexible, and transparent.
D. They enforce strong user authentication and audit log generation.
Question 167
Question 167
A web developer is completing a new web application security checklist before releasing the app to production. The task of disabling unnecessary services is on the checklist. Which web application threat is being mitigated?
A. Security misconfiguration
B. Sensitive data exposure
C. Broken access control
D. Session hijacking
Question 168
Question 168
Which of the following is the name of an individual or group that is impacted by a change?
A. Change agent
B. Stakeholder
C. Sponsor
D. End User
Question 169
Question 169
An organization implements Network Access Control (NAC) via IEEE 802.1x and discovers the printers do not support it. What is the BEST resolution?
A. Implement port security on the switch ports for the printers.
B. Implement a virtual local area network (VLAN) for the printers.
C. Do nothing; IEEE 802.1x is irrelevant to printers.
D. Install an IEEE 802.1x bridge for the printers.
Question 170
Question 170
Which of the following BEST describes the use of network architecture in reducing corporate risks associated with mobile devices?
A. Closed application model depends on DMZ servers.
B. Split tunneling enabled for mobile devices improves DMZ posture.
C. Segmentation and DMZ monitoring are implemented to secure VPN access.
D. Applications managing mobile devices are located in a DMZ.
Question 171
Question 171
Which of the following protects personally identifiable information (PII) used by financial services organizations?
A. NIST SP 800-53
B. Gramm-Leach-Bliley Act (GLBA)
C. PCI-DSS
D. HIPAA
Question 172
Question 172
An organization processes personal data from both the US and UK, including EU residents. Which data must follow GDPR requirements?
A. Only the EU citizens’ data
B. Only the UK residents’ data
C. Only the US citizens’ data
D. Any data processed in the UK
Question 173
Question 173
The CISO requests a Service Organization Control (SOC) report outlining security and availability over 12 months. Which type of SOC report should be used?
A. SOC 1 Type 1
B. SOC 2 Type 2
C. SOC 2 Type 1
D. SOC 3 Type 1
Question 174
Question 174
A company provides employees access to travel services hosted by a third party. When employees are already authenticated, access should be seamless. Which method enables this?
A. SAML
B. Single sign-on (SSO)
C. OAuth
D. Federated access
Question 175
Question 175
The CIO has decided the organization will migrate critical data to the cloud. The CIO must work with which role to ensure protection of data during and after migration?
A. Information owner
B. General Counsel
C. Chief Information Security Officer (CISO)
D. Chief Security Officer (CSO)
Question 176
Question 176
Which part of an operating system is responsible for providing security interfaces among hardware, OS, and other system parts?
A. Trusted Computing Base (TCB)
B. Time separation
C. Security kernel
D. Reference monitor
Question 177
Question 177
What part of an organization’s strategic risk assessment MOST likely includes items affecting success?
A. Key Risk Indicator (KRI)
B. Threat analysis
C. Vulnerability analysis
D. Key Performance Indicator (KPI)
Question 178
Question 178
What is the MOST common cause of Remote Desktop Protocol (RDP) compromise?
A. Port scan
B. Brute force attack
C. Remote exploit
D. Social engineering
Question 179
Question 179
Which of the following is a canon of the (ISC)² Code of Ethics?
A. Integrity first and excellence in all we do
B. Perform duties in accordance with laws and ethics
C. Provide diligent and competent service to principals
D. Cooperate with others for mutual security
Question 180
Question 180
What is the PRIMARY purpose of auditing as it relates to the security review cycle?
A. To ensure the organization’s controls and policies are working as intended
B. To ensure the organization can be publicly traded
C. To ensure executives aren’t sued
D. To meet contractual requirements