Exam practise

Physical assets defined in an organization's business impact analysis (BIA) could include which of the following?

When assessing the audit capability of an application, which of the following activities is MOST important?

An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions for many users with similar job responsibilities. Which type of authorization mechanism would be the BEST choice for the organization to implement?

What is the PRIMARY reason for criminal law being difficult to enforce when dealing with cybercrime?

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?

Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?

What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this IAM action?

Which of the following statements BEST describes least privilege principle in a cloud environment?

An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?

Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations?

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

Which of the following is included in change management?

A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?

When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?

Which application type is considered high risk and provides a common way for malware and viruses to enter a network?

An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference architecture would mobile devices be tracked?

Which of the following is the BEST way to protect an organization's data assets?

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

What is the purpose of an internal audit of an organizational Information Security Management System (ISMS)?

Which management stage of an organizational Information Security Management System (ISMS) involves planning and establishing security objectives and processes?

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

What is the purpose of an internal audit of an organizational Information Security Management System (ISMS)?

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. Under the Extended Identity principle, what is the process flow between partner businesses to allow this IAM action?

Which of the following features are unlocked instantly after purchasing Contributor Access for CISSP?

Under the Extended Identity principle, what is the process flow between partner businesses to allow clothing retailer employees access to resources?

Which part of the computing system is responsible for providing security interfaces among the hardware, operating system, and other parts?

In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?

What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a security assessment?

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?

Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users' internal control over financial reporting?

Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?

When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should the considerations be prioritized?

Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving customer service?

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?

An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user's browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?

An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim's existing browser session with a web application is an example of which of the following types of attack?

Which of the following encryption technologies has the ability to function as a stream cipher?

In a disaster recovery (DR) test, which of the following would be a trait of crisis management?

Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?

Which of the following is security control volatility?

When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?

What is the term used to define where data is geographically stored in the cloud?

Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

Which of the following is MOST important to follow when developing information security controls for an organization?

When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?

Which of the following attacks, if successful, could give an intruder complete control of a software-defined networking (SDN) architecture?

Which of the following is the BEST option to reduce the network attack surface of a system?

The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?

The existence of physical barriers, card and personal identification number (PIN) access systems, cameras, alarms, and security guards BEST describes this security approach?

A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?

A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?

Which of the following BEST describes when an organization should conduct a black box security audit on a new software protect?

In software development, which of the following entities normally signs the code to protect the code integrity?

Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?

A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against common vulnerabilities and attacks. What is the MOST efficient option used to prevent buffer overflow attacks?

In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?

Question #51Topic 1 A corporation does not have a formal data destruction policy. During which phase of a criminal legal proceeding will this have the MOST impact?

What is considered the BEST explanation when determining whether to provide remote network access to a third-party security service?

The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?

Which of the following is the MOST appropriate control for asset data labeling procedures?

What is the BEST approach to anonymizing personally identifiable information (PII) in a test environment?

Which of the following departments initiates the request, approval, and provisioning business process?

An organization is setting a security assessment scope with the goal of developing a Security Management Program (SMP). The next step is to select an approach for conducting the risk assessment. Which of the following approaches is MOST effective for the SMP?

Which technique helps system designers consider potential security concerns of their systems and applications?

A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place?

Which of the following BEST describes centralized identity management?

What is the MOST significant benefit of role-based access control (RBAC)?

What is the MOST common security risk of a mobile device?

What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high-performance data reads and writes?

What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?

International bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of the following?

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?

Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?

Why is data classification control important to an organization?

To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control?

An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?

What is a security concern when considering implementing software-defined networking (SDN)?

What is the BEST way to restrict access to a file system on computing systems?

Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?

What is the correct order of execution for security architecture?

An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the following compliance standards should the organization use to assess the international code security and data privacy of the solution?

An authentication system that uses challenge and response was recently implemented on an organization's network, because the organization conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was MOST likely used to achieve this?

Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation (GDPR)?

Dumpster diving is a technique used in which stage of penetration testing methodology?

Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?

The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?

Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?

As a design principle, which one of the following actors is responsible for identifying and approving data security requirement in a cloud ecosystem?

Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization's approved policies before being allowed on the network?

Which one of the following BEST protects vendor accounts that are used for emergency maintenance?

Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?

Which of the following BEST describes the purpose of software forensics?

A web developer is completing a new web application security checklist before releasing the application to production. The task of disabling unnecessary services is on the checklist. Which web application threat is being mitigated by this action?

What is the BEST method to use for assessing the security impact of acquired software?

Which of the following ensures old log data is not overwritten?

Under the General Data Protection Regulation (GDPR), what is the maximum amount of time allowed for reporting a personal data breach?

A financial organization that works according to agile principles has developed a new application for their external customer base to request a line of credit. A security analyst has been asked to assess the security risk of the minimum viable product (MVP). Which is the MOST important activity the analyst should assess?

An application developer receives a report back from the security team showing their automated tools were able to successfully enter unexpected data into the organization's customer service portal, causing the site to crash. This is an example of which type of testing?

Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?

What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?

Which change management role is responsible for the overall success of the project and supporting the change throughout the organization?

A company needs to provide shared access of sensitive data on a cloud storage to external business partners. Which of the following identity models is the BEST to blind identity providers (IdP) and relying parties (RP) so that subscriber lists of other parties are not disclosed?

A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?

Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?

What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?

In a DevOps environment, which of the following actions is MOST necessary to have confidence in the quality of the changes being made?

What is the MAIN purpose of a security assessment plan?

What documentation is produced FIRST when performing an effective physical loss control process?

Which organizational department is ultimately responsible for information governance related to e-mail and other e-records?

A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The audit logging gene has extremely high amount of logs. What is the MOST appropriate strategy for the log retention?

In Federated Identity Management (FIM), which of the following represents the concept of federation?

Which of the following is an indicator that a company's new user security awareness training module has been effective?

An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?

Using the cipher text and resultant cleartext message to derive the monoalphabetic cipher key is an example of which method of cryptanalytic attack?

When developing an organization's information security budget, it is important that the:

A subscription service which provides power, climate control, raised flooring, and telephone wiring but NOT the computer and peripheral equipment is BEST described as a:

An international trading organization that holds an International Organization for Standardization (ISO) 27001 certification is seeking to outsource their security monitoring to a managed security service provider (MSSP). The trading organization's security officer is tasked with drafting the requirements that need to be included in the outsourcing contract. Which of the following MUST be included in the contract?

Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?

What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?

Which of the following is MOST appropriate to collect evidence of a zero-day attack?

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?

The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?

Which of the following criteria ensures information is protected relative to its importance to the organization?

What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?

An organization has requested storage area network (SAN) disks for a new project. What Redundant Array of Independent Disks (RAID) level provides the BEST redundancy and fault tolerance?

Compared to a traditional network, which of the following is a security-related benefit that software-defined networking (SDN) provides?

What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?

Which of the following is a common term for log reviews, synthetic transactions, and code reviews?

A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the MOST challenging aspect of this investigation?

What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?

Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?

A company hired an external vendor to perform a penetration test of a new payroll system. The company's internal test team had already performed an in-depth application and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?

An organization wants to define as physical perimeter. What primary device should be used to accomplish this objective if the organization's perimeter MUST cost- efficiently deter casual trespassers?

Which of the following vulnerabilities can be BEST detected using automated analysis?

A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's information security manager had received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?

Which of the following determines how traffic should flow based on the status of the infrastructure layer?

When testing password strength, which of the following is the BEST method for brute forcing passwords?

Which of the following is the name of an individual or group that is impacted by a change?

The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?

What is the PRIMARY benefit of incident reporting and computer crime investigations?

Which of the following is the MOST common method of memory protection?

What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?

Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?

A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?

A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?

A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?

What are the essential elements of a Risk Assessment Report (RAR)?

The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a destructive virus. After obtaining a sample set of this virus' variants and reverse engineering them to understand how they work, a commonality was found. All variants are coded to write to a specific memory location. It is determined this virus is of no threat to the organization because they had the foresight to enable what feature on all endpoints?

The Chief Information Security Officer (CISO) is to establish a single, centralized, and relational repository to hold all information regarding the software and hardware assets. Which of the following s ions would be the BEST option?

What type of investigation applies when malicious behavior is suspected between two organizations?

Which of the following techniques evaluates the secure design principles of network or software architectures?

Which element of software supply chain management has the GREATEST security risk to organizations?

Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?

When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users accessing the VoIP network. Which of the following will BEST help secure the VoIP network?

A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?

Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?

A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the application infrastructure located within one co-location data center. Which security principle is the architect currently assessing?

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?

An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per-project basis. What type of user access administration is BEST suited to meet the organization's needs?

Which of the following is a secure design principle for a new product?

What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?

What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software defined networking (SDN)?

Which of the following is a unique feature of attribute-based access control (ABAC)?

Which of the following is the BEST approach to implement multiple servers on a virtual system?

Which of the following is the MOST common cause of system or security failures?

The Chief Information Officer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud architecture. All business-critical data will be migrated to either internal or external cloud services within the next two years. The CIO has a PRIMARY obligation to work with personnel in which role in order to ensure proper protection of data during and after the cloud migration?

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

When performing an investigation with the potential for legal action, what should be the analyst's FIRST consideration?

Building blocks for software-defined networks (SDN) require which of the following?

What is the MINIMUM standard for testing a disaster recovery plan (DRP)?

Which security audit standard provides the BEST way for an organization to understand a vendor's Information Systems (IS) in relation to confidentiality, integrity, and availability?

An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?

An organization is considering partnering with a third-party supplier of cloud services. The organization will only be providing the data and the third-party supplier will be providing the security controls. Which of the following BEST describes this service offering?

Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?

Which of the following is the MOST significant key management problem due to the number of keys created?

Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC) Code of Professional Ethics, which of the following should the CISSP do?

While performing a security review for a new product, an information security professional discovers that the organization's product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?

The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the team taken into consideration?

Information security practitioners are in the midst of implementing a new firewall. Which of the following failure methods would BEST prioritize security in the event of failure?

Which of the following services can be deployed via a cloud service or on-premises to integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?

Which of the following statements is TRUE about Secure Shell (SSH)?

What is considered a compensating control for not having electrical surge protectors installed?

What is the FIRST step in risk management?

Which of the following is the PRIMARY goal of logical access controls?

Which of the following is a covert channel type?

A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is MOST likely to achieve this goal?

Which of the following roles is responsible for ensuring that important datasets are developed, maintained, and are accessible within their defined specifications?

What is static analysis intended to do when analyzing an executable file?

A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?

What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?

The security team plans on using automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with fewest errors when running the audit?

In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?

Which of the following is an example of a vulnerability of full-disk encryption (FDE)?

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?

A large organization's human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?

A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to exchange authentication and authorization data between security domains. However, an attacker was able to spoof a registered account on the network and query the SAML provider. What is the MOST common attack leveraged against this flaw?

An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow?

What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline JavaScript and the execution of eval()-type functions?

A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy?

A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?

A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied. The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?

What BEST describes the confidentiality, integrity, availability triad?

sample

sample

sample

Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?

A Simple Power Analysis (SPA) attack against a device directly observes which of the following?

Which of the following MUST the administrator of a security information and event management (SIEM) system ensure?

An organization wants to share data securely with their partners via the Internet. Which standard port is typically used to meet this requirement?

When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?

In systems security engineering, what does the security principle of modularity provide?

Which of the following is the strongest physical access control?

An access control list (ACL) on a router is a feature MOST similar to which type of firewall?

While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?

A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?

Which of the following is TRUE for an organization that is using a third-party federated identity service?

Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization?

Which of the following outsourcing agreement provisions has the HIGHEST priority from a security operations perspective?

Which of the following is the MOST comprehensive Business Continuity (BC) test?

A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the following is the BEST solution to implement?

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

When developing an external facing web-based system, which of the following would be the MAIN focus of the security assessment prior to implementation and production?

A financial services organization has employed a security consultant to review processes used by employees across various teams. The consultant interviewed a member of the application development practice and found gaps in their threat model. Which of the following correctly represents a trigger for when a threat model should be revised?

The Chief Information Security Officer (CISO) of an organization has requested that a Service Organization Control (SOC) report be created to outline the security and availability of a particular system over a 12-month period. Which type of SOC report should be utilized?

An organization recently upgraded to a Voice over Internet Protocol (VoIP) phone system. Management is concerned with unauthorized phone usage. The security consultant is responsible for putting together a plan to secure these phones. Administrators have assigned unique personal identification number (PIN) codes for each person in the organization. What is the BEST solution?

Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?

An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding a related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective of the system. Which trust service principle would be MOST applicable in th is situation?

In which process MUST security be considered during the acquisition of new software?

Which of the following is the MAIN difference between a network-based firewall and a host-based firewall?

Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when traveling to high- risk countries?

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

Which of the following regulations dictates how data breaches are handled?

In software development, developers should use which type of queries to prevent a Structured Query Language (SQL) injection?

Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee records?

Which of the following examples is BEST to minimize the attack surface for a customer's private information?

Which evidence collecting technique would be utilized when it is believed an attacker is employing a rootkit and a quick analysis is needed?

An application is used for funds transfers between an organization and a third-party. During a security audit, an auditor has found an issue with the business continuity disaster recovery policy and procedures for this application. Which of the following reports should the auditor file with the organization?

When determining data and information asset handling, regardless of the specific toolset being used, which of the following is one of the common components of big data?

A Chief Information Security Officer (CISO) of a firm which decided to migrate to cloud has been tasked with ensuring an optimal level of security. Which of the following would be the FIRST consideration?

Which of the following BEST describes the purpose of Border Gateway Protocol (BGP)?

What is the BEST design for securing physical perimeter protection?

The security organization is looking for a solution that could help them determine with a strong level of confidence that attackers have breached their network. Which solution is MOST effective at discovering a successful network breach?

Which of the following is a benefit of implementing data-in-use controls?

When configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network, which of the following authentication types is the

Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Which of the following represents the GREATEST risk to data confidentiality?

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Intellectual property rights are PRIMARY concerned with which of the following?

Which of the following is MOST important when assigning ownership of an asset to a department?

Which one of the following affects the classification of data?

Which of the following BEST describes the responsibilities of a data owner?

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests. Which contract is BEST in offloading the task from the IT staff?

When implementing a data classification program, why is it important to avoid too much granularity?

In a data classification scheme, the data is owned by the

Which of the following is an initial consideration when developing an information security management system?

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Which security service is served by the process of encryption plaintext with the sender's private key and decrypting cipher text with the sender's public key?

Which of the following mobile code security models relies only on trust?

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

Who in the organization is accountable for classification of data information assets?

The use of private and public encryption keys is fundamental in the implementation of which of the following?

What is the purpose of an Internet Protocol (IP) spoofing attack?

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary?

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

In which of the following programs is it MOST important to include the collection of security process data?

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files?

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Which of the following could cause a Denial of Service (DoS) against an authentication system?

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

What is the PRIMARY reason for implementing change management?

Which of the following is a PRIMARY advantage of using a third-party identity service?

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?