Dump -1-2
250 Questions
29 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

When is a Business Continuity Plan (BCP) considered to be valid?

Answer hidden

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Answer hidden

Which of the following is the FIRST step in the incident response process?

Answer hidden

A continuous information security monitoring program can BEST reduce risk through which of the following?

Answer hidden

What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours?

Answer hidden

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Answer hidden

Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Answer hidden

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Answer hidden

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Answer hidden

The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Answer hidden

What is the BEST approach to addressing security issues in legacy web applications?

Answer hidden

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Answer hidden

Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

Answer hidden

Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?

Answer hidden

What is the MOST effective countermeasure to a malicious code attack against a mobile system?

Answer hidden

Which of the following is the BEST mitigation from phishing attacks?

Answer hidden

Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?

Answer hidden

Which of the following is an essential element of a privileged identity lifecycle management?

Answer hidden

Which of the following is ensured when hashing files during chain of custody handling?

Answer hidden

Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?

Answer hidden

Which of the following statements is TRUE of black box testing?

Answer hidden

A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

Answer hidden

Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?

Answer hidden

Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

Answer hidden

Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?

Answer hidden

Which of the following is an effective method for avoiding magnetic media data remanence?

Answer hidden

Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?

Answer hidden

When transmitting information over public networks, the decision to encrypt it should be based on

Answer hidden

Logical access control programs are MOST effective when they are

Answer hidden

Which one of the following considerations has the LEAST impact when considering transmission security?

Answer hidden

What principle requires that changes to the plaintext affect many parts of the ciphertext?

Answer hidden

Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?

Answer hidden

Which one of the following transmission media is MOST effective in preventing data interception?

Answer hidden

Which security action should be taken FIRST when computer personnel are terminated from their jobs?

Answer hidden

A practice that permits the owner of a data object to grant other users access to that object would usually provide

Answer hidden

The type of authorized interactions a subject can have with an object is

Answer hidden

Why MUST a Kerberos server be well protected from unauthorized access?

Answer hidden

Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?

Answer hidden

While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?

Answer hidden

Why must all users be positively identified prior to using multi-user computers?

Answer hidden

The birthday attack is MOST effective against which one of the following cipher technologies?

Answer hidden

An advantage of link encryption in a communications network is that it

Answer hidden

Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

Answer hidden

What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?

Answer hidden

The PRIMARY purpose of a security awareness program is to

Answer hidden

As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to

Answer hidden

Which one of the following is a fundamental objective in handling an incident?

Answer hidden

In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?

Answer hidden

The process of mutual authentication involves a computer system authenticating a user and authenticating the

Answer hidden

What maintenance activity is responsible for defining, implementing, and testing updates to application systems?

Answer hidden

Which one of the following describes granularity?

Answer hidden

In a basic SYN flood attack, what is the attacker attempting to achieve?

Answer hidden

The FIRST step in building a firewall is to

Answer hidden

A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?

Answer hidden

Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?

Answer hidden

Which of the following defines the key exchange for Internet Protocol Security (IPSec)?

Answer hidden

The overall goal of a penetration test is to determine a system's

Answer hidden

When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and

Answer hidden

Which of the following is a security limitation of File Transfer Protocol (FTP)?

Answer hidden

In Business Continuity Planning (BCP), what is the importance of documenting business processes?

Answer hidden

The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using

Answer hidden

Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?

Answer hidden

Which of the following is a network intrusion detection technique?

Answer hidden

Internet Protocol (IP) source address spoofing is used to defeat

Answer hidden

Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

Answer hidden

What security management control is MOST often broken by collusion?

Answer hidden

An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

Answer hidden

An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?

Answer hidden

Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?

Answer hidden

Which of the following statements is TRUE for point-to-point microwave transmissions?

Answer hidden

The key benefits of a signed and encrypted e-mail include

Answer hidden

Copyright provides protection for which of the following?

Answer hidden

Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?

Answer hidden

Which of the following is the FIRST step of a penetration test plan?

Answer hidden

Which of the following actions should be performed when implementing a change to a database schema in a production system?

Answer hidden

Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

Answer hidden

The BEST method of demonstrating a company's security level to potential customers is

Answer hidden

Which of the following does Temporal Key Integrity Protocol (TKIP) support?

Answer hidden

The stringency of an Information Technology (IT) security assessment will be determined by the

Answer hidden

What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?

Answer hidden

At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted

Answer hidden

Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?

Answer hidden

During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?

Answer hidden

An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?

Answer hidden

Which of the following is the best practice for testing a Business Continuity Plan (BCP)?

Answer hidden

Which of the following MUST be done when promoting a security awareness program to senior management?

Answer hidden

Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

Answer hidden

A disadvantage of an application filtering firewall is that it can lead to

Answer hidden

What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?

Answer hidden

Following the completion of a network security assessment, which of the following can BEST be demonstrated?

Answer hidden

Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

Answer hidden

The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide

Answer hidden

An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?

Answer hidden

Which of the following is an appropriate source for test data?

Answer hidden

What is the FIRST step in developing a security test and its evaluation?

Answer hidden

How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?

Answer hidden

Which one of the following is a threat related to the use of web-based client side input validation?

Answer hidden

To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?

Answer hidden

Multi-threaded applications are more at risk than single-threaded applications to

Answer hidden

Which of the following is a potential risk when a program runs in privileged mode?

Answer hidden

The goal of software assurance in application development is to

Answer hidden

What is the ultimate objective of information classification?

Answer hidden

In a financial institution, who has the responsibility for assigning the classification to a piece of information?

Answer hidden

An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to

Answer hidden

What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?

Answer hidden

Contingency plan exercises are intended to do which of the following?

Answer hidden

Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?

Answer hidden

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

Answer hidden

What a patch management program?

Answer hidden

Which of the following is an open standard for exchanging authentication and authorization data between parties?

Answer hidden

When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?

Answer hidden

Which of the following is the BEST way to verify the integrity of a software patch?

Answer hidden

Which of the following is considered best practice for preventing e-mail spoofing?

Answer hidden

Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?

Answer hidden

What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?

Answer hidden

The Hardware Abstraction Layer (HAL) is implemented in the

Answer hidden

A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step?

Answer hidden

A vulnerability test on an Information System (IS) is conducted to

Answer hidden

Who must approve modifications to an organization's production infrastructure configuration?

Answer hidden

When implementing controls in a heterogeneous end-point network for an organization, it is critical that

Answer hidden

Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?

Answer hidden

Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?

Answer hidden

The three PRIMARY requirements for a penetration test are

Answer hidden

Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Answer hidden

Why is a system's criticality classification important in large organizations?

Answer hidden

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

Answer hidden

In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

Answer hidden

Which of the following does the Encapsulating Security Payload (ESP) provide?

Answer hidden

Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?

Answer hidden

What is an effective practice when returning electronic storage media to third parties for repair?

Answer hidden

Which of the following BEST represents the principle of open design?

Answer hidden

The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

Answer hidden

An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?

Answer hidden

When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

Answer hidden

An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?

Answer hidden

Which of the following can BEST prevent security flaws occurring in outsourced software development?

Answer hidden

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

Answer hidden

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Answer hidden

A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

Answer hidden

According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

Answer hidden

When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?

Answer hidden

A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of

Answer hidden

Which of the following is the BEST reason to review audit logs periodically?

Answer hidden

What is the PRIMARY reason for ethics awareness and related policy implementation?

Answer hidden

Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

Answer hidden

Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?

Answer hidden

Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

Answer hidden

From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?

Answer hidden

Which of the following is the MOST beneficial to review when performing an IT audit?

Answer hidden

During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validationwithclient - side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?

Answer hidden

With data labeling, which of the following MUST be the key decision maker?

Answer hidden

Which of the following is a critical factor for implementing a successful data classification program?

Answer hidden

An organization's data policy MUST include a data retention period which is based on

Answer hidden

What is the MOST important reason to configure unique user IDs?

Answer hidden

What is the PRIMARY advantage of using automated application security testing tools?

Answer hidden

When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?

Answer hidden

What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?

Answer hidden

Which of the following is the MOST crucial for a successful audit plan?

Answer hidden

An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?

Answer hidden

Which of the following is the PRIMARY benefit of a formalized information classification program?

Answer hidden

If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the

Answer hidden

According to best practice, which of the following is required when implementing third party software in a production environment?

Answer hidden

Which of the following is the BEST solution to provide redundancy for telecommunications links?

Answer hidden

The amount of data that will be collected during an audit is PRIMARILY determined by the

Answer hidden

Which of the following are required components for implementing software configuration management systems?

Answer hidden

For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?

Answer hidden

Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?

Answer hidden

What is the BEST method to detect the most common improper initialization problems in programming languages?

Answer hidden

During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?

Answer hidden

Which of the following is required to determine classification and ownership?

Answer hidden

A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?

Answer hidden

A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

Answer hidden

A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as

Answer hidden

What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?

Answer hidden

A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

Answer hidden

Which of the following is the BEST countermeasure to brute force login attacks?

Answer hidden

A Business Continuity Plan (BCP) is based on

Answer hidden

When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?

Answer hidden

A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

Answer hidden

Which of the following is the MOST effective attack against cryptographic hardware modules?

Answer hidden

Which of the following is the MOST difficult to enforce when using cloud computing?

Answer hidden

Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?

Answer hidden

Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?

Answer hidden

Which of the following assures that rules are followed in an identity management architecture?

Answer hidden

Which of the following violates identity and access management best practices?

Answer hidden

When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?

Answer hidden

What is the MAIN feature that onion routing networks offer?

Answer hidden

Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?

Answer hidden

Which of the following methods provides the MOST protection for user credentials?

Answer hidden

Which of the following MOST influences the design of the organization's electronic monitoring policies?

Answer hidden

Without proper signal protection, embedded systems may be prone to which type of attack?

Answer hidden

Which of the following is a detective access control mechanism?

Answer hidden

Which of the following BEST describes Recovery Time Objective (RTO)?

Answer hidden

An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?

Answer hidden

An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule?

Answer hidden

Which of the following is the MAIN goal of a data retention policy?

Answer hidden

DRAG DROP Given the various means to protect physical and logical assets, match the access management area to the technology.

Answer hidden

Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0 to integrate a third-party identity provider for a service?

Answer hidden

The use of proximity card to gain access to a building is an example of what type of security control?

Answer hidden

Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?

Answer hidden

Which of the following is an example of two-factor authentication?

Answer hidden

Which item below is a federated identity standard?

Answer hidden

What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service?

Answer hidden

Refer to the information below to answer the question. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program from being installed on the computer?

Answer hidden

Refer to the information below to answer the question. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, and use instant messaging. The Information Technology (IT) Questions and Answers 74/451 department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?

Answer hidden

Refer to the information below to answer the question. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, and use instant messaging. The organizatio department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?

Answer hidden

Refer to the information below to answer the question. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive email, search the web, and use instant messaging. The organizatio department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following documents explains the proper use of the organization's assets?

Answer hidden

Refer to the information below to answer the question. A security practitioner detects client-based attacks on the Org. network. A plan will be necessary to address these concerns. In the plan, what is the BEST approach to mitigate future internal client-based attacks?

Answer hidden

Refer to the information below to answer the question. A security practitioner detects client-based attacks on the network. A plan will be necessary to address these concerns. In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?

Answer hidden

Refer to the information below to answer the question. A security practitioner detects client-based attacks on the Org. network. A plan will be necessary to address these concerns. What MUST the plan include in order to reduce client-side exploitation?

Answer hidden

Refer to the information below to answer the question. A security practitioner detects client-based attacks on the Org network. A plan will be necessary to address these concerns. What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?

Answer hidden

Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. Which of the following BEST describes the access control methodology used?

Answer hidden

Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. In addition to authentication at the start of the user session, best practice would require reauthentication

Answer hidden

Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. Following best practice, where should the permitted access for each department and job classification combination be specified?

Answer hidden

Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. What MUST the access control logs contain in addition to the identifier?

Answer hidden

Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. Which of the following is considered the MOST important priority for the information security officer?

Answer hidden

Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. The effectiveness of the security program can PRIMARILY be measured through

Answer hidden

Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?

Answer hidden

Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. The security program can be considered effective when

Answer hidden

Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information?

Answer hidden

Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?

Answer hidden

Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. If the intrusion causes the system processes to hang, which of the following has been affected?

Answer hidden

Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will be the PRIMARY security concern as staff is released from the organization?

Answer hidden

Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will MOST likely allow the organization to keep risk at an acceptable level?

Answer hidden

Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will indicate where the IT budget is BEST allocated during this time?

Answer hidden

Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. When determining appropriate resource allocation, which of the following is MOST important to monitor?

Answer hidden

Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. Which of the following is true according to the star property (*property)?

Answer hidden

Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. In a Bell-LaPadula system, which user cannot write to File 3?

Answer hidden

Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four files?

Answer hidden

Refer to the information below to answer the question. Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed. After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?

Answer hidden

Refer to the information below to answer the question. Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed. Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?

Answer hidden

Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. The third party needs to have

Answer hidden

Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party providers facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. The organization should ensure that the third party's physical security controls are in place so that they

Answer hidden

Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. What additional considerations are there if the third party is located in a different country?

Answer hidden

What is the MOST critical factor to achieve the goals of a security program?

Answer hidden

A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?

Answer hidden

HOTSPOT Identify the component that MOST likely lacks digital accountability related to information access. Click on the correct device in the image below.

Answer hidden

During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

Answer hidden

DRAG DROP Place the following information classification steps in sequential order.

Answer hidden

Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?

Answer hidden

What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?

Answer hidden

Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?

Answer hidden

Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage?

Answer hidden

What component of a web application that stores the session state in a cookie can be bypassed by an attacker?

Answer hidden

Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?

Answer hidden

Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?

Answer hidden

Which of the following describes the concept of a Single Sign -On (SSO) system?

Answer hidden

What physical characteristic does a retinal scan biometric device measure?

Answer hidden

What does secure authentication with logging provide?

Answer hidden

Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?

Answer hidden

More Like This

Dump - 8
100 questions

Dump - 8

FondNarwhal avatar
FondNarwhal
Dump - 9
100 questions

Dump - 9

FondNarwhal avatar
FondNarwhal
Dump - 11
100 questions

Dump - 11

FondNarwhal avatar
FondNarwhal
Dump - 12
100 questions

Dump - 12

FondNarwhal avatar
FondNarwhal
Use Quizgecko on...
Browser
Browser