Podcast
Questions and Answers
When is a Business Continuity Plan (BCP) considered to be valid?
When is a Business Continuity Plan (BCP) considered to be valid?
Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?
Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?
Which of the following is the FIRST step in the incident response process?
Which of the following is the FIRST step in the incident response process?
A continuous information security monitoring program can BEST reduce risk through which of the following?
A continuous information security monitoring program can BEST reduce risk through which of the following?
What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours?
What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours?
A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected.
What is the MOST probable security feature of Java preventing the program from operating as intended?
A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?
Which of the following is the PRIMARY risk with using open source software in a commercial software construction?
Which of the following is the PRIMARY risk with using open source software in a commercial software construction?
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
Which of the following is the BEST method to prevent malware from being introduced into a production environment?
Which of the following is the BEST method to prevent malware from being introduced into a production environment?
The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life
Cycle (SDLC)?
The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?
What is the BEST approach to addressing security issues in legacy web applications?
What is the BEST approach to addressing security issues in legacy web applications?
Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?
Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?
Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?
Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?
Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?
Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?
What is the MOST effective countermeasure to a malicious code attack against a mobile system?
What is the MOST effective countermeasure to a malicious code attack against a mobile system?
Which of the following is the BEST mitigation from phishing attacks?
Which of the following is the BEST mitigation from phishing attacks?
Which of the following is a physical security control that protects Automated Teller Machines (ATM)
from skimming?
Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?
Which of the following is an essential element of a privileged identity lifecycle management?
Which of the following is an essential element of a privileged identity lifecycle management?
Which of the following is ensured when hashing files during chain of custody handling?
Which of the following is ensured when hashing files during chain of custody handling?
Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?
Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?
Which of the following statements is TRUE of black box testing?
Which of the following statements is TRUE of black box testing?
A software scanner identifies a region within a binary image having high entropy. What does this
MOST likely indicate?
A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?
Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates
to conducting code review?
Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?
Which of the following is the MOST important consideration when storing and processing Personally
Identifiable Information (PII)?
Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?
Which of the following assessment metrics is BEST used to understand a system's vulnerability to
potential exploits?
Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?
Which of the following is an effective method for avoiding magnetic media data remanence?
Which of the following is an effective method for avoiding magnetic media data remanence?
Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?
Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?
When transmitting information over public networks, the decision to encrypt it should be based on
When transmitting information over public networks, the decision to encrypt it should be based on
Logical access control programs are MOST effective when they are
Logical access control programs are MOST effective when they are
Which one of the following considerations has the LEAST impact when considering transmission
security?
Which one of the following considerations has the LEAST impact when considering transmission security?
What principle requires that changes to the plaintext affect many parts of the ciphertext?
What principle requires that changes to the plaintext affect many parts of the ciphertext?
Which one of these risk factors would be the LEAST important consideration in choosing a building
site for a new computer facility?
Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?
Which one of the following transmission media is MOST effective in preventing data interception?
Which one of the following transmission media is MOST effective in preventing data interception?
Which security action should be taken FIRST when computer personnel are terminated from their
jobs?
Which security action should be taken FIRST when computer personnel are terminated from their jobs?
A practice that permits the owner of a data object to grant other users access to that object would
usually provide
A practice that permits the owner of a data object to grant other users access to that object would usually provide
The type of authorized interactions a subject can have with an object is
The type of authorized interactions a subject can have with an object is
Why MUST a Kerberos server be well protected from unauthorized access?
Why MUST a Kerberos server be well protected from unauthorized access?
Which one of the following effectively obscures network addresses from external exposure when
implemented on a firewall or router?
Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?
While impersonating an Information Security Officer (ISO), an attacker obtains information from
company employees about their User IDs and passwords. Which method of information gathering
has the attacker used?
While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?
Why must all users be positively identified prior to using multi-user computers?
Why must all users be positively identified prior to using multi-user computers?
The birthday attack is MOST effective against which one of the following cipher technologies?
The birthday attack is MOST effective against which one of the following cipher technologies?
An advantage of link encryption in a communications network is that it
An advantage of link encryption in a communications network is that it
Which one of the following is the MOST important in designing a biometric access system if it is
essential that no one other than authorized individuals are admitted?
Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?
What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?
What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?
The PRIMARY purpose of a security awareness program is to
The PRIMARY purpose of a security awareness program is to
As one component of a physical security system, an Electronic Access Control (EAC) token is BEST
known for its ability to
As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to
Which one of the following is a fundamental objective in handling an incident?
Which one of the following is a fundamental objective in handling an incident?
In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?
In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?
The process of mutual authentication involves a computer system authenticating a user and
authenticating the
The process of mutual authentication involves a computer system authenticating a user and authenticating the
What maintenance activity is responsible for defining, implementing, and testing updates to
application systems?
What maintenance activity is responsible for defining, implementing, and testing updates to application systems?
Which one of the following describes granularity?
Which one of the following describes granularity?
In a basic SYN flood attack, what is the attacker attempting to achieve?
In a basic SYN flood attack, what is the attacker attempting to achieve?
The FIRST step in building a firewall is to
The FIRST step in building a firewall is to
A system has been scanned for vulnerabilities and has been found to contain a number of
communication ports that have been opened without authority. To which of the following might this
system have been subjected?
A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?
Which type of control recognizes that a transaction amount is excessive in accordance with corporate
policy?
Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?
Which of the following defines the key exchange for Internet Protocol Security (IPSec)?
Which of the following defines the key exchange for Internet Protocol Security (IPSec)?
The overall goal of a penetration test is to determine a system's
The overall goal of a penetration test is to determine a system's
When constructing an Information Protection Policy (IPP), it is important that the stated rules are
necessary, adequate, and
When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and
Which of the following is a security limitation of File Transfer Protocol (FTP)?
Which of the following is a security limitation of File Transfer Protocol (FTP)?
In Business Continuity Planning (BCP), what is the importance of documenting business processes?
In Business Continuity Planning (BCP), what is the importance of documenting business processes?
The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using
The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using
Which layer of the Open Systems Interconnections (OSI) model implementation adds information
concerning the logical connection between the sender and receiver?
Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?
Which of the following is a network intrusion detection technique?
Which of the following is a network intrusion detection technique?
Internet Protocol (IP) source address spoofing is used to defeat
Internet Protocol (IP) source address spoofing is used to defeat
Which of the following is an authentication protocol in which a new random number is generated
uniquely for each login session?
Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?
What security management control is MOST often broken by collusion?
What security management control is MOST often broken by collusion?
An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login
attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are
noted. Which of the following is MOST likely occurring?
An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?
An engineer in a software company has created a virus creation tool. The tool can generate
thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled
environment to test the company's next generation virus scanning software. Which would BEST
describe the behavior of the engineer and why?
An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?
Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?
Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?
Which of the following statements is TRUE for point-to-point microwave transmissions?
Which of the following statements is TRUE for point-to-point microwave transmissions?
The key benefits of a signed and encrypted e-mail include
The key benefits of a signed and encrypted e-mail include
Copyright provides protection for which of the following?
Copyright provides protection for which of the following?
Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?
Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?
Which of the following is the FIRST step of a penetration test plan?
Which of the following is the FIRST step of a penetration test plan?
Which of the following actions should be performed when implementing a change to a database
schema in a production system?
Which of the following actions should be performed when implementing a change to a database schema in a production system?
Which of the following is a method used to prevent Structured Query Language (SQL) injection
attacks?
Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?
The BEST method of demonstrating a company's security level to potential customers is
The BEST method of demonstrating a company's security level to potential customers is
Which of the following does Temporal Key Integrity Protocol (TKIP) support?
Which of the following does Temporal Key Integrity Protocol (TKIP) support?
The stringency of an Information Technology (IT) security assessment will be determined by the
The stringency of an Information Technology (IT) security assessment will be determined by the
What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System
(IDS/IPS) alerts?
What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?
At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted
At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted
Checking routing information on e-mail to determine it is in a valid format and contains valid
information is an example of which of the following anti-spam approaches?
Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?
During an audit of system management, auditors find that the system administrator has not been
trained. What actions need to be taken at once to ensure the integrity of systems?
During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?
An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in
place. When should compliance to the SLA be reviewed to ensure that a good security posture is
being delivered?
An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?
Which of the following is the best practice for testing a Business Continuity Plan (BCP)?
Which of the following is the best practice for testing a Business Continuity Plan (BCP)?
Which of the following MUST be done when promoting a security awareness program to senior
management?
Which of the following MUST be done when promoting a security awareness program to senior management?
Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?
Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?
A disadvantage of an application filtering firewall is that it can lead to
A disadvantage of an application filtering firewall is that it can lead to
What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?
What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?
Following the completion of a network security assessment, which of the following can BEST be
demonstrated?
Following the completion of a network security assessment, which of the following can BEST be demonstrated?
Passive Infrared Sensors (PIR) used in a non-climate controlled environment should
Passive Infrared Sensors (PIR) used in a non-climate controlled environment should
The use of strong authentication, the encryption of Personally Identifiable Information (PII) on
database servers, application security reviews, and the encryption of data transmitted across
networks provide
The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide
An organization is selecting a service provider to assist in the consolidation of multiple computing
sites including development, implementation and ongoing support of various computer systems.
Which of the following MUST be verified by the Information Security Department?
An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?
Which of the following is an appropriate source for test data?
Which of the following is an appropriate source for test data?
What is the FIRST step in developing a security test and its evaluation?
What is the FIRST step in developing a security test and its evaluation?
How can a forensic specialist exclude from examination a large percentage of operating system files
residing on a copy of the target system?
How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?
Which one of the following is a threat related to the use of web-based client side input validation?
Which one of the following is a threat related to the use of web-based client side input validation?
To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?
To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?
Multi-threaded applications are more at risk than single-threaded applications to
Multi-threaded applications are more at risk than single-threaded applications to
Which of the following is a potential risk when a program runs in privileged mode?
Which of the following is a potential risk when a program runs in privileged mode?
The goal of software assurance in application development is to
The goal of software assurance in application development is to
What is the ultimate objective of information classification?
What is the ultimate objective of information classification?
In a financial institution, who has the responsibility for assigning the classification to a piece of
information?
In a financial institution, who has the responsibility for assigning the classification to a piece of information?
An organization is designing a large enterprise-wide document repository system. They plan to have
several different classification level areas with increasing levels of controls. The BEST way to ensure
document confidentiality in the repository is to
An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to
What technique BEST describes antivirus software that detects viruses by watching anomalous
behavior?
What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?
Contingency plan exercises are intended to do which of the following?
Contingency plan exercises are intended to do which of the following?
Two companies wish to share electronic inventory and purchase orders in a supplier and client
relationship. What is the BEST security solution for them?
Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?
Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a
technique to what?
Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?
What a patch management program?
What a patch management program?
Which of the following is an open standard for exchanging authentication and authorization data
between parties?
Which of the following is an open standard for exchanging authentication and authorization data between parties?
When designing a networked Information System (IS) where there will be several different types of
individual access, what is the FIRST step that should be taken to ensure all access control
requirements are addressed?
When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
Which of the following is the BEST way to verify the integrity of a software patch?
Which of the following is the BEST way to verify the integrity of a software patch?
Which of the following is considered best practice for preventing e-mail spoofing?
Which of the following is considered best practice for preventing e-mail spoofing?
Alternate encoding such as hexadecimal representations is MOST often observed in which of the
following forms of attack?
Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?
What would be the PRIMARY concern when designing and coordinating a security assessment for an
Automatic Teller Machine (ATM) system?
What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?
The Hardware Abstraction Layer (HAL) is implemented in the
The Hardware Abstraction Layer (HAL) is implemented in the
A security professional has just completed their organization's Business Impact Analysis (BIA).
Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be
the professional's NEXT step?
A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step?
A vulnerability test on an Information System (IS) is conducted to
A vulnerability test on an Information System (IS) is conducted to
Who must approve modifications to an organization's production infrastructure configuration?
Who must approve modifications to an organization's production infrastructure configuration?
When implementing controls in a heterogeneous end-point network for an organization, it is critical
that
When implementing controls in a heterogeneous end-point network for an organization, it is critical that
Which of the following is the FIRST action that a system administrator should take when it is revealed
during a penetration test that everyone in an organization has unauthorized access to a server
holding sensitive data?
Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?
Which of the following wraps the decryption key of a full disk encryption implementation and ties
the hard disk drive to a particular device?
Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?
The three PRIMARY requirements for a penetration test are
The three PRIMARY requirements for a penetration test are
Which of the following is an attacker MOST likely to target to gain privileged access to a system?
Which of the following is an attacker MOST likely to target to gain privileged access to a system?
Why is a system's criticality classification important in large organizations?
Why is a system's criticality classification important in large organizations?
By allowing storage communications to run on top of Transmission Control Protocol/Internet
Protocol (TCP/IP) with a Storage Area Network (SAN), the
By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the
In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?
In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?
Which of the following does the Encapsulating Security Payload (ESP) provide?
Which of the following does the Encapsulating Security Payload (ESP) provide?
Which one of the following security mechanisms provides the BEST way to restrict the execution of
privileged procedures?
Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?
What is an effective practice when returning electronic storage media to third parties for repair?
What is an effective practice when returning electronic storage media to third parties for repair?
Which of the following BEST represents the principle of open design?
Which of the following BEST represents the principle of open design?
The BEST way to check for good security programming practices, as well as auditing for possible
backdoors, is to conduct
The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct
An auditor carrying out a compliance audit requests passwords that are encrypted in the system to
verify that the passwords are compliant with policy. Which of the following is the BEST response to
the auditor?
An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?
When building a data center, site location and construction factors that increase the level of
vulnerability to physical threats include
When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include
An organization allows ping traffic into and out of their network. An attacker has installed a program
on the network that uses the payload portion of the ping packet to move data into and out of the
network. What type of attack has the organization experienced?
An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?
Which of the following can BEST prevent security flaws occurring in outsourced software
development?
Which of the following can BEST prevent security flaws occurring in outsourced software development?
Which of the following is the MAIN reason that system re-certification and re-accreditation are
needed?
Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?
An external attacker has compromised an organization's network security perimeter and installed a
sniffer onto an inside computer. Which of the following is the MOST effective layer of security the
organization could have implemented to mitigate the attacker's ability to gain further information?
An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?
A security consultant has been asked to research an organization's legal obligations to protect
privacy-related information. What kind of reading material is MOST relevant to this project?
A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?
According to best practice, which of the following groups is the MOST effective in performing an
information security compliance audit?
According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?
When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST
beneficial?
When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?
A large bank deploys hardware tokens to all customers that use their online banking system. The
token generates and displays a six digit numeric password every 60 seconds. The customers must log
into their bank accounts using this numeric password. This is an example of
A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of
Which of the following is the BEST reason to review audit logs periodically?
Which of the following is the BEST reason to review audit logs periodically?
What is the PRIMARY reason for ethics awareness and related policy implementation?
What is the PRIMARY reason for ethics awareness and related policy implementation?
Which of the following is critical for establishing an initial baseline for software components in the
operation and maintenance of applications?
Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?
Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance
stage in a System Development Life Cycle (SDLC)?
Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?
Which of the following provides effective management assurance for a Wireless Local Area Network
(WLAN)?
Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?
From a security perspective, which of the following is a best practice to configure a Domain Name
Service (DNS) system?
From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?
Which of the following is the MOST beneficial to review when performing an IT audit?
Which of the following is the MOST beneficial to review when performing an IT audit?
During an investigation of database theft from an organization's web site, it was determined that the
Structured Query Language (SQL) injection technique was used despite input validationwithclient -
side scripting. Which of the following provides the GREATEST protection against the same attack
occurring again?
During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validationwithclient - side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?
With data labeling, which of the following MUST be the key decision maker?
With data labeling, which of the following MUST be the key decision maker?
Which of the following is a critical factor for implementing a successful data classification program?
Which of the following is a critical factor for implementing a successful data classification program?
An organization's data policy MUST include a data retention period which is based on
An organization's data policy MUST include a data retention period which is based on
What is the MOST important reason to configure unique user IDs?
What is the MOST important reason to configure unique user IDs?
What is the PRIMARY advantage of using automated application security testing tools?
What is the PRIMARY advantage of using automated application security testing tools?
When using third-party software developers, which of the following is the MOST effective method of
providing software development Quality Assurance (QA)?
When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?
What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?
What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?
Which of the following is the MOST crucial for a successful audit plan?
Which of the following is the MOST crucial for a successful audit plan?
An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers
having digital certificates. What is the security benefit of this implementation?
An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?
Which of the following is the PRIMARY benefit of a formalized information classification program?
Which of the following is the PRIMARY benefit of a formalized information classification program?
If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the
system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the
If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the
According to best practice, which of the following is required when implementing third party
software in a production environment?
According to best practice, which of the following is required when implementing third party software in a production environment?
Which of the following is the BEST solution to provide redundancy for telecommunications links?
Which of the following is the BEST solution to provide redundancy for telecommunications links?
The amount of data that will be collected during an audit is PRIMARILY determined by the
The amount of data that will be collected during an audit is PRIMARILY determined by the
Which of the following are required components for implementing software configuration
management systems?
Which of the following are required components for implementing software configuration management systems?
For a service provider, which of the following MOST effectively addresses confidentiality concerns for
customers using cloud computing?
For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?
Which of the following BEST mitigates a replay attack against a system using identity federation and
Security Assertion Markup Language (SAML) implementation?
Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?
What is the BEST method to detect the most common improper initialization problems in
programming languages?
What is the BEST method to detect the most common improper initialization problems in programming languages?
During the procurement of a new information system, it was determined that some of the security
requirements were not addressed in the system specification. Which of the following is the MOST
likely reason for this?
During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?
Which of the following is required to determine classification and ownership?
Which of the following is required to determine classification and ownership?
A large university needs to enable student access to university resources from their homes. Which of
the following provides the BEST option for low maintenance and ease of deployment?
A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?
A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular
finding. Which of the following BEST supports this recommendation?
A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?
A system is developed so that its business users can perform business functions but not user
administration functions. Application administrators can perform administration functions but not
user business functions. These capabilities are BEST described as
A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as
What is the MOST effective method for gaining unauthorized access to a file protected with a long
complex password?
What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?
A security manager has noticed an inconsistent application of server security controls resulting in
vulnerabilities on critical systems. What is the MOST likely cause of this issue?
A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?
Which of the following is the BEST countermeasure to brute force login attacks?
Which of the following is the BEST countermeasure to brute force login attacks?
A Business Continuity Plan (BCP) is based on
A Business Continuity Plan (BCP) is based on
When implementing a secure wireless network, which of the following supports authentication and
authorization for individual client endpoints?
When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?
A thorough review of an organization's audit logs finds that a disgruntled network administrator has
intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding
them to their intended recipient. What type of attack has MOST likely occurred?
A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?
Which of the following is the MOST effective attack against cryptographic hardware modules?
Which of the following is the MOST effective attack against cryptographic hardware modules?
Which of the following is the MOST difficult to enforce when using cloud computing?
Which of the following is the MOST difficult to enforce when using cloud computing?
Which of the following is the BEST way to determine if a particular system is able to identify
malicious software without executing it?
Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?
Which of the following is a BEST practice when traveling internationally with laptops containing
Personally Identifiable Information (PII)?
Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?
Which of the following assures that rules are followed in an identity management architecture?
Which of the following assures that rules are followed in an identity management architecture?
Which of the following violates identity and access management best practices?
Which of the following violates identity and access management best practices?
When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an
organization that shares card holder information with a service provider MUST do which of the
following?
When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?
What is the MAIN feature that onion routing networks offer?
What is the MAIN feature that onion routing networks offer?
Which of the following MUST system and database administrators be aware of and apply when
configuring systems used for storing personal employee data?
Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?
Which of the following methods provides the MOST protection for user credentials?
Which of the following methods provides the MOST protection for user credentials?
Which of the following MOST influences the design of the organization's electronic monitoring
policies?
Which of the following MOST influences the design of the organization's electronic monitoring policies?
Without proper signal protection, embedded systems may be prone to which type of attack?
Without proper signal protection, embedded systems may be prone to which type of attack?
Which of the following is a detective access control mechanism?
Which of the following is a detective access control mechanism?
Which of the following BEST describes Recovery Time Objective (RTO)?
Which of the following BEST describes Recovery Time Objective (RTO)?
An organization publishes and periodically updates its employee policies in a file on their intranet.
Which of the following is a PRIMARY security concern?
An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?
An online retail company has formulated a record retention schedule for customer transactions.
Which of the following is a valid reason a customer transaction is kept beyond the retention
schedule?
An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule?
Which of the following is the MAIN goal of a data retention policy?
Which of the following is the MAIN goal of a data retention policy?
DRAG DROP
Given the various means to protect physical and logical assets, match the access management area
to the technology.
DRAG DROP Given the various means to protect physical and logical assets, match the access management area to the technology.
Which of the following problems is not addressed by using OAuth (Open Standard to Authorization)
2.0 to integrate a third-party identity provider for a service?
Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0 to integrate a third-party identity provider for a service?
The use of proximity card to gain access to a building is an example of what type of security control?
The use of proximity card to gain access to a building is an example of what type of security control?
Multi-Factor Authentication (MFA) is necessary in many systems given common types of password
attacks. Which of the following is a correct list of password attacks?
Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?
Which of the following is an example of two-factor authentication?
Which of the following is an example of two-factor authentication?
Which item below is a federated identity standard?
Which item below is a federated identity standard?
What is a common challenge when implementing Security Assertion Markup Language (SAML) for
identity integration between on-premise environment and an external identity provider service?
What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service?
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not
have a personal computer at home and has a child that uses the computer to send and receive email,
search the web,
department discovers that a peer-to-peer program has been installed on the computer using the
employee's access.
Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program from being
installed on the computer?
Refer to the information below to answer the question. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program from being installed on the computer?
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not
have a personal computer at home and has a child that uses the computer to send and receive email,
search the web, and use instant messaging. The Information Technology (IT)
Questions and Answers 74/451
department discovers that a peer-to-peer program has been installed on the computer using the
employee's access.
Which of the following solutions would have MOST likely detected the use of peer-to-peer programs
when the computer was connected to the office network?
Refer to the information below to answer the question. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, and use instant messaging. The Information Technology (IT) Questions and Answers 74/451 department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not
have a personal computer at home and has a child that uses the computer to send and receive email,
search the web, and use instant messaging. The organizatio
department discovers that a peer-to-peer program has been installed on the computer using the
employee's access.
Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P)
program from the computer?
Refer to the information below to answer the question. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, and use instant messaging. The organizatio department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not
have a personal computer at home and has a child that uses the computer to send and receive email,
search the web, and use instant messaging. The organizatio
department discovers that a peer-to-peer program has been installed on the computer using the
employee's access.
Which of the following documents explains the proper use of the organization's assets?
Refer to the information below to answer the question. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, and use instant messaging. The organizatio department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following documents explains the proper use of the organization's assets?
Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the Org. network. A plan will be
necessary to address these concerns.
In the plan, what is the BEST approach to mitigate future internal client-based attacks?
Refer to the information below to answer the question. A security practitioner detects client-based attacks on the Org. network. A plan will be necessary to address these concerns. In the plan, what is the BEST approach to mitigate future internal client-based attacks?
Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the network. A plan will be
necessary to address these concerns.
In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code
used for malicious purposes?
Refer to the information below to answer the question. A security practitioner detects client-based attacks on the network. A plan will be necessary to address these concerns. In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?
Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the Org. network. A plan will be
necessary to address these concerns.
What MUST the plan include in order to reduce client-side exploitation?
Refer to the information below to answer the question. A security practitioner detects client-based attacks on the Org. network. A plan will be necessary to address these concerns. What MUST the plan include in order to reduce client-side exploitation?
Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the Org network. A plan will be
necessary to address these concerns.
What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?
Refer to the information below to answer the question. A security practitioner detects client-based attacks on the Org network. A plan will be necessary to address these concerns. What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session.
Application access is based on job classification. The organization is subject to periodic independent
reviews of access controls and violations. The organization uses wired and wireless networks and
remote access. The organization also uses secure connections to branch offices and secure backup
and recovery strategies for selected information and processes.
Which of the following BEST describes the access control methodology used?
Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. Which of the following BEST describes the access control methodology used?
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session.
Application access is based on job classification. The organization is subject to periodic independent
reviews of access controls and violations. The organization uses wired and wireless networks and
remote access. The organization also uses secure connections to branch offices and secure backup
and recovery strategies for selected information and processes.
In addition to authentication at the start of the user session, best practice would require reauthentication
Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. In addition to authentication at the start of the user session, best practice would require reauthentication
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session.
Application access is based on job classification. The organization is subject to periodic independent
reviews of access controls and violations. The organization uses wired and wireless networks and
remote access. The organization also uses secure connections to branch offices and secure backup
and recovery strategies for selected information and processes.
Following best practice, where should the permitted access for each department and job
classification combination be specified?
Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. Following best practice, where should the permitted access for each department and job classification combination be specified?
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session.
Application access is based on job classification. The organization is subject to periodic independent
reviews of access controls and violations. The organization uses wired and wireless networks and
remote access. The organization also uses secure connections to branch offices and secure backup
and recovery strategies for selected information and processes.
What MUST the access control logs contain in addition to the identifier?
Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. What MUST the access control logs contain in addition to the identifier?
Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The
officer has adequate people resources but is lacking the other necessary components to have an
effective security program. There are numerous initiatives requiring security involvement.
Which of the following is considered the MOST important priority for the information security
officer?
Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. Which of the following is considered the MOST important priority for the information security officer?
Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The
officer has adequate people resources but is lacking the other necessary components to have an
effective security program. There are numerous initiatives requiring security involvement.
The effectiveness of the security program can PRIMARILY be measured through
Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. The effectiveness of the security program can PRIMARILY be measured through
Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The
officer has adequate people resources but is lacking the other necessary components to have an
effective security program. There are numerous initiatives requiring security involvement.
Given the number of priorities, which of the following will MOST likely influence the selection of top
initiatives?
Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?
Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The
officer has adequate people resources but is lacking the other necessary components to have an
effective security program. There are numerous initiatives requiring security involvement.
The security program can be considered effective when
Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. The security program can be considered effective when
Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual
accessed a system which hosts a database containing financial information.
Aside from the potential records which may have been viewed, which of the following should be the
PRIMARY concern regarding the database information?
Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information?
Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual
accessed a system which hosts a database containing financial information.
If it is discovered that large quantities of information have been copied by the unauthorized
individual, what attribute of the data has been compromised?
Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?
Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual
accessed a system which hosts a database containing financial information.
If the intrusion causes the system processes to hang, which of the following has been affected?
Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. If the intrusion causes the system processes to hang, which of the following has been affected?
Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number
of Information Technology (IT) operations staff performing basic logical access security
administration functions. Security processes have been tightly integrated into normal IT operations
and are not separate and distinct roles.
Which of the following will be the PRIMARY security concern as staff is released from the
organization?
Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will be the PRIMARY security concern as staff is released from the organization?
Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number
of Information Technology (IT) operations staff performing basic logical access security
administration functions. Security processes have been tightly integrated into normal IT operations
and are not separate and distinct roles.
Which of the following will MOST likely allow the organization to keep risk at an acceptable level?
Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will MOST likely allow the organization to keep risk at an acceptable level?
Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number
of Information Technology (IT) operations staff performing basic logical access security
administration functions. Security processes have been tightly integrated into normal IT operations
and are not separate and distinct roles.
Which of the following will indicate where the IT budget is BEST allocated during this time?
Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will indicate where the IT budget is BEST allocated during this time?
Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number
of Information Technology (IT) operations staff performing basic logical access security
administration functions. Security processes have been tightly integrated into normal IT operations
and are not separate and distinct roles.
When determining appropriate resource allocation, which of the following is MOST important to
monitor?
Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. When determining appropriate resource allocation, which of the following is MOST important to monitor?
Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of
sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users,
while Table B lists the security classes of four different files.
Which of the following is true according to the star property (*property)?
Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. Which of the following is true according to the star property (*property)?
Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of
sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users,
while Table B lists the security classes of four different files.
In a Bell-LaPadula system, which user cannot write to File 3?
Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. In a Bell-LaPadula system, which user cannot write to File 3?
Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of
sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users,
while Table B lists the security classes of four different files.
In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four
files?
Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four files?
Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security
environment. The data was destroyed in accordance with organizational policy and all marking and
other external indications of the sensitivity of the data that was formerly stored on the magnetic
drives were removed.
After magnetic drives were degaussed twice according to the product manufacturer's directions,
what is the MOST LIKELY security issue with degaussing?
Refer to the information below to answer the question. Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed. After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?
Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security
environment. The data was destroyed in accordance with organizational policy and all marking and
other external indications of the sensitivity of the data that was formerly stored on the magnetic
drives were removed.
Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices
before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which
destruction method below provides the BEST assurance that the data has been removed?
Refer to the information below to answer the question. Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed. Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?
Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information
Technology (IT) organization to a third-party provider's facility. This provider will be responsible for
the design, development, testing, and support of several critical, customer-based applications used
by the organization.
The third party needs to have
Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. The third party needs to have
Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information
Technology (IT) organization to a third-party providers facility. This provider will be responsible for
the design, development, testing, and support of several critical, customer-based applications used
by the organization.
The organization should ensure that the third party's physical security controls are in place so that
they
Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party providers facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. The organization should ensure that the third party's physical security controls are in place so that they
Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information
Technology (IT) organization to a third-party provider's facility. This provider will be responsible for
the design, development, testing, and support of several critical, customer-based applications used
by the organization.
What additional considerations are there if the third party is located in a different country?
Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. What additional considerations are there if the third party is located in a different country?
What is the MOST critical factor to achieve the goals of a security program?
What is the MOST critical factor to achieve the goals of a security program?
A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant
handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network
team partitioned the WLAN to create a private segment for credit card processing using a firewall to
control device access and route traffic to the card processor on the Internet. What components are in
the scope of PCI-DSS?
A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?
HOTSPOT
Identify the component that MOST likely lacks digital accountability related to information access.
Click on the correct device in the image below.
HOTSPOT Identify the component that MOST likely lacks digital accountability related to information access. Click on the correct device in the image below.
During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the
MOST appropriate action to take?
During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?
DRAG DROP
Place the following information classification steps in sequential order.
DRAG DROP Place the following information classification steps in sequential order.
Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?
Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?
What is the BEST first step for determining if the appropriate security controls are in place for
protecting data at rest?
What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?
Which of the following provides the MOST protection against data theft of sensitive information
when a laptop is stolen?
Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?
Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage?
Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage?
What component of a web application that stores the session state in a cookie can be bypassed by an
attacker?
What component of a web application that stores the session state in a cookie can be bypassed by an attacker?
Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?
Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?
Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode
during their initial implementation. What is the objective of starting in this mode?
Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?
Which of the following describes the concept of a Single Sign -On (SSO) system?
Which of the following describes the concept of a Single Sign -On (SSO) system?
What physical characteristic does a retinal scan biometric device measure?
What physical characteristic does a retinal scan biometric device measure?
What does secure authentication with logging provide?
What does secure authentication with logging provide?
Which of the following provides the minimum set of privileges required to perform a job function
and restricts the user to a domain with the required privileges?
Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?
Flashcards are hidden until you start studying
