Dump - 6

An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test data?

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain. Which of the following is LEAST associated with the attack surface?

What are the steps of a risk assessment?

After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT affect the network security posture?

DRAG DROP What is the correct order of steps in an information security assessment? Place the information security assessment steps on the left next to the numbered boxes on the right in the correct order.

What MUST each information owner do when a system contains data from multiple information owners?

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was this error MOST likely made?

Which of the following is a responsibility of the information owner?

Who is accountable for the information within an Information System (IS)?

It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?

A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and communications are established. What MUST be considered or evaluated before performing the next step?

Due to system constraints, a group of system administrators must share a high-level access set of credentials. Which of the following would be MOST appropriate to implement?

Which of the following is the MOST efficient mechanism to account for all staff during a speedy non-emergency evacuation from a large security facility?

What does electronic vaulting accomplish?

Who would be the BEST person to approve an organizations information security policy?

A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst's next step?

An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies. What code of ethics canon is being observed?

An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?

What is the MAIN purpose of a change management policy?

DRAG DROP Match the functional roles in an external audit to their responsibilities. Drag each role on the left to its corresponding responsibility on the right. Select and Place:

Who is responsible for the protection of information when it is shared with or provided to other organizations?

Which of the following is the MOST challenging issue in apprehending cyber criminals?

DRAG DROP Match the name of access control model with its associated restriction. Drag each access control model to its appropriate restriction access on the right.

Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?

Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses?

What is the PRIMARY role of a scrum master in agile development?

What capability would typically be included in a commercially available software package designed for access control?

An organization plan on purchasing a custom software product developed by a small vendor to support its business model. Which unique consideration should be made part of the contractual agreement potential long-term risks associated with creating this dependency?

When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified?

Which of the following is the MOST important security goal when performing application interface testing?

Which of the following is the MOST common method of memory protection?

Attack trees are MOST useful for which of the following?

Question: 635 Which of the following techniques is known to be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections?

Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?

The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity?

What is the BEST location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access?

Which of the following access management procedures would minimize the possibility of an organization's employees retaining access to secure werk areas after they change roles?

What Is the FIRST step in establishing an information security program?

Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/internet Protocol (TCP/IP) traffic?

Which of the following is the BEST way to reduce the impact of an externally sourced flood attack?

Which of the following is the BEST Identity-as-a-Service (IDaaS) solution for validating users?

When conducting a security assessment of access controls, which activity is part of the data analysis phase?

Which of the following is used to support the of defense in depth during development phase of a software product?

When a system changes significantly, who is PRIMARILY responsible for assessing the security impact?

When selecting a disk encryption technology, which of the following MUST also be assured to be encrypted?

Which of the following attacks is dependent upon the compromise of a secondary target in order to reach the primary target?

Additional padding may be added to toe Encapsulating Security Protocol (ESP) b trailer to provide which of the following?

Company A is evaluating new software to replace an in-house developed application. During the acquisition process. Company A specified the security retirement, as well as the functional requirements. Company B responded to the acquisition request with their flagship product that runs on an Operating System (OS) that Company A has never used nor evaluated. The flagship product meets all security -and functional requirements as defined by Company A. Based upon Company B's response, what step should Company A take?

What is maintained by using write blocking devices whan forensic evidence is examined?

Which of the following is a characteristic of a challenge/response authentication process?

Which of the following is the PRIMARY risk associated with Extensible Markup Language (XML) applications?

Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?

A large corporation is locking for a solution to automate access based on where on request is coming from, who the user is, what device they are connecting with, and what time of day they are attempting this access. What type of solution would suit their needs?

Which one of the following is an advantage of an effective release control strategy from a configuration control standpoint?

When adopting software as a service (Saas), which security responsibility will remain with remain with the adopting organization?

Secure real-time transport protocol (SRTP) provides security for which of the following?

Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?

Which programming methodology allows a programmer to use pre-determined blocks of code end consequently reducing development time and programming costs?

Why do certificate Authorities (CA) add value to the security of electronic commerce transactions?

If a content management system (CSM) is implemented, which one of the following would occur?

During a Disaster Recovery (DR) assessment, additional coverage for assurance is required. What should en assessor do?

Which of the following is an accurate statement when an assessment results in the discovery of vulnerabilities in a critical network component?

What technique used for spoofing the origin of an email can successfully conceal the sender s Internet Protocol (IP) address?

What is a warn site when conducting Business continuity planning (BCP)

DRAG DROP Match the level of evaluation to the correct common criteria (CC) assurance level. Drag each level of evaluation on the left to is corresponding CC assurance level on the right

Which of the following four iterative steps are conducted on third-party vendors in an on-going basis?

Which of the following media is least problematic with data remanence?

During a recent assessment an organization has discovered that the wireless signal can be detected outside the campus are a. What logical control should be implemented in order to BFST protect One confidentiality of information traveling One wireless transmission media?

Who is essential for developing effective test scenarios for disaster recovery (DR) test plans?

Which is the second phase of public key Infrastructure (pk1) key/certificate life-cycle management?

Which of the following is MOST important when determining appropriate countermeasures for an identified risk?

When a flaw in Industrial control (ICS) software is discovered, what is the GREATEST impediment to deploying a patch?

Which of the following is the BEST approach for a forensic examiner to obtain the greatest amount of relevant information form malicious software?

In fault-tolerant systems, what do rollback capabilities permit?

How does identity as a service (IDaaS) provide an easy mechanism for integrating identity service into individual applications with minimal development effort?

A security practitioner has been tasked with establishing organizational asset handling procedures. What should be considered that would have the GRFATEST impact to the development of these procedures?

From an asset security perspective, what is the BEST countermeasure to prevent data theft due to data remanence when a sensitive data storage media is no longer needed?

A project requires the use of en authentication mechanism where playback must be protected and plaintext secret must be used. Which of the following should be used?

Which of the following threats exists with an implementation of digital signatures?

What should be used immediately after a Business Continuity Plan (BCP) has been invoked?

When deploying en Intrusion Detection System (IDS) on a high-volume network, the need to distribute the load across multiple sensors would create which technical problem?

How can a security engineer maintain network separation from a secure environment while allowing remote users to work in the secure environment?

Which of the following is the MOST important consideration that must be taken into account when deploying an enterprise patching solution that includes mobile devices?

Which of the following is the weakest form of protection for an application that handles Personally Identifiable Information (PII)?

Which is the MOST effective countermeasure to prevent electromagnetic emanations on unshielded data cable?

Which of the following is the MOST significant benefit to implementing a third-party federated identity architecture?

A criminal organization is planning an attack on a government network. Which of the following is the MOST severe attack to the network availability?

Limiting the processor, memory, and Input/output (I/O) capabilities of mobile code is known as

Which of the following security testing strategies is BEST suited for companies with low to moderate security maturity?

Which of the following are core categories of malicious attack against Internet of Things (IOT) devices?

Which of the following entails identification of data end links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

Which of the following is critical if an employee is dismissed due to violation of an organization's Acceptable Use Policy (ALP)?

Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

In a dispersed network that lacks central control, which of the following is die PRIMARY course of action to mitigate exposure?

What are the roles wA. Scrum master, retirements manager, and development teamithin a scrum methodology?

When conducting a forensic criminal investigation on a computer had drive, what should be dene PRIOR to analysis?

Which of the following initiates the systems recovery phase of a disaster recovery plan?

Which type of fire alarm system sensor is intended to detect fire at its earliest stage?