Dump - 9
100 Questions
8 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following management processes allots ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Answer hidden

Which of the following practices provides the development team with a definition of security and identification of threats in designing software?

Answer hidden

Which of the following is a peor entity authentication method for Point-to-Point Protocol (PPP)?

Answer hidden

A system with Internet Protocol (IP) address 10.102.10.2 has a physical address of 00:00:08:00:12:13:14:2f. The following static entry is added to its Address Resolution Protocol (ARP) table: 10.102.10.6: 00:00:08:00:12:13:14:2f. What form of attack could this represent?

Answer hidden

Which of the following value comparisons MOST accurately reflects the agile development approach?

Answer hidden

Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages?

Answer hidden

Which of the following is the MOST effective countermeasure against Man-in-the Middle (MITM) attacks while using online banking?

Answer hidden

According to the Capability Maturity Model Integration (CMMI), which of the following levels is identified by a managed process that is tailored from the organization's set of standard processes according to the organization's tailoring guidelines?

Answer hidden

Point-to-Point Protocol (PPP) was designed to specifically address what issue?

Answer hidden

Which of the following is an advantage of' Secure Shell (SSH)?

Answer hidden

A security engineer is designing a Customer Relationship Management (CRM) application for a thirdparty vendor. In which phase of the System Development Life Cycle (SDLC) will it be MOST beneficial to conduct a data sensitivity assessment?

Answer hidden

Which of the following is a PRIMARY challenge when running a penetration test?

Answer hidden

Which one of the following would cause an immediate review and possible change to the security policies of an organization?

Answer hidden

An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the FIRST action to be taken?

Answer hidden

What is the BEST method if an investigator wishes to analyze a hard drive which may be used as evidence?

Answer hidden

Which of the following provides the GREATEST level of data security for a Virtual Private Network (VPN) connection?

Answer hidden

What is the purpose of code signing?

Answer hidden

What is the PRIMARY objective for conducting an internal security audit?

Answer hidden

What is the PRIMARY purpose for an organization to conduct a security audit?

Answer hidden

Which testing method requires very limited or no information about the network infrastructure?

Answer hidden

Which of the following is a MAJOR concern when there is a need to preserve or retain information for future retrieval?

Answer hidden

Which of the following types of data would be MOST difficult to detect by a forensic examiner?

Answer hidden

Following a penetration test, what should an organization do FIRST?

Answer hidden

An Intrusion Detection System (IDS) is based on the general hypothesis that a security violation is associated with a pattern of system usage which can be

Answer hidden

Which of the following models uses unique groups contained in unique conflict classes?

Answer hidden

When developing the entitlement review process, which of the following roles is responsible for determining who has a need for the information?

Answer hidden

What should an auditor do when conducting a periodic audit on media retention?

Answer hidden

Which of the following factors is á PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?

Answer hidden

Digital non-repudiation requires which of the following?

Answer hidden

Data remanence is the biggest threat in which of the following scenarios?

Answer hidden

Which of the following is the MOST secure password technique?

Answer hidden

Which of the following is a Key Performance Indicator (KPI) for a security training and awareness program?

Answer hidden

When are security requirements the LEAST expensive to implement?

Answer hidden

What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle?

Answer hidden

What is the HIGHEST priority in agile development?

Answer hidden

Which of the following is included in the Global System for Mobile Communications (GSM) security framework?

Answer hidden

Which of the following is the reason that transposition ciphers are easily recognizable?

Answer hidden

How is it possible to extract private keys securely stored on a cryptographic smartcard?

Answer hidden

Which of the following is an important requirement when designing a secure remote access system?

Answer hidden

Which of the following is the BEST way to mitigate circumvention of access controls?

Answer hidden

Which one of the following can be used to detect an anomaly in a system by keeping track of the state of files that do not normally change?\

Answer hidden

Which of the following is the MOST effective preventative method to identify security flaws in software?

Answer hidden

Which of the following BEST describes botnets?

Answer hidden

An organization seeks to use a cloud Identity and Access Management (IAM) provider whose protocols and data formats are incompatible with existing systems. Which of the following techniques addresses the compatibility issue?

Answer hidden

Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?

Answer hidden

The application owner of a system that handles confidential data leaves an organization. It is anticipated that a replacement will be hired in approximately six months. During that time, which of the following should the organization do?

Answer hidden

Which Redundant Array c/ Independent Disks (RAID) Level does the following diagram represent?

Answer hidden

Which of the following is used to ensure that data mining activities Will NOT reveal sensitive data?

Answer hidden

Why are packet filtering routers used in low-risk environments?

Answer hidden

Which of the following protocols will allow the encrypted transfer of content on the Internet?

Answer hidden

What requirement MUST be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation?

Answer hidden

In order to support the least privilege security principle when a resource is transferring within the organization from a production support system administration role to a developer role, what changes should be made to that resource's access to the production Operating System (OS) directory structure?

Answer hidden

What is the FINAL step in the waterfall method for contingency planning?

Answer hidden

Which of the following is a security weakness in the evaluation of common criteria (CC) products?

Answer hidden

What is the second phase of public key infrastructure (PKI) key/certificate life-cycle management?

Answer hidden

Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

Answer hidden

What is the PRIMARY objective of an application security assessment?

Answer hidden

The security team has been tasked with performing an interface test against a frontend external facing application and needs to verify that all input fields protect against invalid input. Which of the following BEST assists this process?

Answer hidden

Which of the following is the FIRST step during digital identity provisioning?

Answer hidden

Physical Access Control Systems (PACS) allow authorized security personnel to manage and monitor access control for subjects through which function?

Answer hidden

In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?

Answer hidden

During a Disaster Recovery (DR) simulation, it is discovered that the shared recovery site lacks adequate data restoration capabilities to support the implementation of multiple plans simultaneously. What would be impacted by this fact if left unchanged?

Answer hidden

What is the MAIN objective of risk analysis in Disaster Recovery (DR) planning?

Answer hidden

The adoption of an enterprise-wide Business Continuity (BC) program requires which of the following?

Answer hidden

A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of which of the following?

Answer hidden

Which of the following is the BEST way to protect against Structured Query language (SQL) injection?

Answer hidden

When defining a set of security controls to mitigate a risk, which of the following actions MUST occur?

Answer hidden

A company-wide penetration test result shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability?

Answer hidden

Which of the following provides the MOST secure method for Network Access Control (NAC)?

Answer hidden

What does the result of Cost-Benefit Analysis (C8A) on new security initiatives provide?

Answer hidden

Which of the following is considered the PRIMARY security issue associated with encrypted e-mail messages?

Answer hidden

Which media sanitization methods should be used for data with a high security categorization?

Answer hidden

Which of the following is the MOST secure protocol for zremote command access to the firewall?

Answer hidden

A minimal implementation of endpoint security includes which of the following?

Answer hidden

How should the retention period for an organization's social media content be defined?

Answer hidden

In Identity Management (IdM), when is the verification stage performed?

Answer hidden

What is the PRIMARY purpose of auditing, as it relates to the security review cycle?

Answer hidden

Which of the following access control models is MOST restrictive?

Answer hidden

Which of the following is a canon of the (ISC)2 Code of Ethics?

Answer hidden

Which of the following will an organization's network vulnerability testing process BEST enhance?

Answer hidden

Which of the following is the MOST effective countermeasure against data remanence?

Answer hidden

A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration test. What is the BEST course of action?

Answer hidden

The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for which of the following operations?

Answer hidden

Configuring a Wireless Access Point (WAP) with the same Service Set Identifier (SSID) as another WAP in order to have users unknowingly connect is referred to as which of the following?

Answer hidden

Which of the following actions should be taken by a security professional when a mission critical computer network attack is suspected?

Answer hidden

In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?

Answer hidden

Of the following, which BEST provides non- repudiation with regards to access to a server room?

Answer hidden

The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate future occurrences?

Answer hidden

Which of the following is a standard Access Control List (ACL) element that enables a router to filter Internet traffic?

Answer hidden

Which of the following will accomplish Multi-Factor Authentication (MFA)?

Answer hidden

Which of the following is the PRIMARY issue when analyzing detailed log information?

Answer hidden

How does security in a distributed file system using mutual authentication differ from file security in a multi-user host?

Answer hidden

Which of the following explains why classifying data is an important step in performing a Risk assessment?

Answer hidden

How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished?

Answer hidden

A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used?

Answer hidden

What documentation is produced FIRST when performing an effective physical loss control process?

Answer hidden

Who should formulate conclusions from a particular digital fore Ball, Submit a Toper Of Tags, and the results?

Answer hidden

A manager identified two conflicting sensitive user functions that were assigned to a single user account that had the potential to result in financial and regulatory risk to the company. The manager MOST likely discovered this during which of the following?

Answer hidden

When assessing the audit capability of an application, which of the following activities is MOST important?

Answer hidden

A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to injection attacks specifically, What strategy will work BEST for the organization's situation?

Answer hidden

More Like This

Dump -1-2
250 questions

Dump -1-2

FondNarwhal avatar
FondNarwhal
Dump - 8
100 questions

Dump - 8

FondNarwhal avatar
FondNarwhal
Dump - 11
100 questions

Dump - 11

FondNarwhal avatar
FondNarwhal
Dump - 14
87 questions

Dump - 14

FondNarwhal avatar
FondNarwhal
Use Quizgecko on...
Browser
Browser