Cissp Dumps All.pdf

Full Transcript

A network security hardware device manufacturer is looking to design a strong device authentication mechanism to support zero-trust
architecture (ZTA). Which of the following authentication mechanisms should the manufacturer use In its new devices to support this?

® Internet Protocol Security (rPSec) digital certificate

0 9
o Trusted Platform Module (TPM)
O Biometric authentication
4-5 2
) 9 3
09
O Multi-factor authentication {MFA)

1 ( 4
+
Which of the following is the MOST important to implement to expedite security incident investigations?

~ock synchronization
O Analyst skillset and certification

2 0 9
4-5
O System patches

O Current destruction policy

) 9 3
( 4 09
+ 1
Which tenet of information security is ensured by blockchain technology?

o Availability
~uthentldty

2 0 9
4-5
O Confidentiality

O Non-repudiation

) 9 3
( 4 09
+ 1
During an investigation of a user's Windows machine, how can the organization verify if anyone has opened shared files or folders?

ONetstat

O Forflles

2 0 9
4-5
~tsesslons
o Openflles
) 9 3
( 4 09
+ 1
Which of the following is the MOST common way to prevent ransomware attacks?

O Conduct mandatory scheduled security training sessions.

~erform regularly scheduled user space virus scans.

2 0 9
4-5
5tomplete regularly scheduled security awareness tests.

o Implement multHactor authentication (MFA) for e-mail access.
) 9 3
( 4 09
+ 1
What is the BEST data protection politY recommendation for protected data on portable media?

O Protected data may only be stored on portable media for backup purposes and must be encrypted.

0 Protected data may be stored on human resource executive home computer and must be encrypted.

2 0 9
4-5
~otected data must be encrypted on company servers and may not be copied to portable media.

9 3
o Protected data may be copied to portable m~dia for business purpose and must be encrypted.
)
( 4 09
+ 1
Which option provides the BEST solution for improving an organization's secure software development program?

~ildlng Security In Maturity Model (BSIMM)

0 Cyber security and Information systems Information analysis centerr

2 0 9
4-5
0 Governance, risk management, and compliance

o Static application security testing (SAST)
) 9 3
( 4 09
+ 1
A financial organization was fined for not being able to prove to regulators which of its employees accessed confidential information used
in a public leak. The related Information could only have been exflltrated by employees with administrative prtvlleges. What Is the BEST
solution the organization should Implement to Increase Its ability to audit activities of the employees?

0 Security information and event management (SIEM)

2 0 9
4-5
O Single sign-on (550)

0 Identity and access management (1AM)

) 9 3
O ~ivileged Access Management (PAM)

( 4 09
+ 1
What is the MOST important concept to challenge during serurity awareness training as it could decrease the effectiveness of the training?

0 False sense of serurity

O More rules slow things down

2 0 9
4-5
0 Bad user habits

~User distractions

) 9 3
( 4 09
+ 1
The information security team has discovered a security breach, and as part of the investigation, wants to submit the evidence in a court of
law. Which of the following characteristics are required for the evidence to be submitted properly?
~he evidence must be sealed, legally permissible, reliable, properly identified, and properly labeled.

0 9
o The evidence must be reliable, relevant, properly preserved, and properly Identified.

4-5 2
O The evidence must be relevant, reliable, sanitized, properly identified, and properly packaged.

) 9 3
09
O The evidence must be relevant, dearly marked, reliable, Identified, and properly preserved.

1 ( 4
+
A security engineer is tasked to prevent a malware's ability to move laterally within a corporate data center. What is the BEST method to
accomplish this?

0 Network Access Control (NAC)

0 9
o Virtual local area network (VLAN)

4-5 2
3
~era-segmentation

) 9
09
o Endpoint detection and response

1 ( 4
+
After an attacker gains initial access, the attacker obtains confidential financial documents from the target. Which of these options BEST
describes this tactic?

~ltration

0 9
o Command exerution
O Lateral movement
4-5 2
) 9 3
09
o Escalation

1 ( 4
+
What is the MAIN drawback of a possession-based authentication system?

O The need to synchronize data over the network with the authentication server

O The need to possess and power the authentication module

2 0 9
4-5
~he need to obtain and manage tokens

o The need to physically isolate the authentication module
) 9 3
( 4 09
+ 1
A financial instiMion is starting the planning for the construction of a new headquarters and data center. As this is a highly known
institution, serurlty design and fundamentals are critical. What Is the MOST Important consideration when designing the data center?

~c~s controls

0 9
O Physical exits

O Police response time

4-5 2
) 9 3
09
O Are suppression

1 ( 4
+
An organization dealing with automotive parts has observed that users lose interest when they are transferred to a partner's website using
Security Assertlon Markup Language (SAML} for customization tasks. What role Is the main automotive organization providing?

0 Service provider

0 9
o User agent

4-5 2
3
~entity provider (IdP}

) 9
09
O Certificate Authority (CA)

1 ( 4
+
An organization receives a security audit report from an external auditor. The external audit report notes the organization does not have
an adequate security strategy and has some weaknesses in Its overall security program. The organization Is surprised by this, since their
internal audit report did not Identify these Issues. Which of the following is the MOST likely cause of the situation?

~ e external auditor had more expertise to perform the audit

2 0 9
4-5
0 The Internal audit team did not consider the organization's strategic objectives.

9 3
0 The external audit team did not consider the organization's strategic objectives.

)
( 4 09
O The Internal audit team did not have sufficient resources to perform the audit

+ 1
What is the PRIMARY purpose of an information security policy?

O Specifying Information security products

O Implementing security functions

2 0 9
4-5
0 Defining blueprints for a serurity program

~etennining security roles and responsibilities

) 9 3
( 4 09
+ 1
When a user account is granted additional permissions based on new job duties, it is called which of the following?

~lvilege advancement

0 Account modification

2 0 9
4-5
O Privilege escalation

O Account revocation

) 9 3
( 4 09
+ 1
When considering which facility security level will be assigned to a facility, which of the following is MOST likely to raise concern levels
higher?

0 Threat to tenant agencies

0 9
o Existence of other tenants
® Mission criticality

4-5 2
) 9 3
09
O Facility size

1 ( 4
+
The system administrator of an organization is exploring options to secure the user passwords file for the payroll system. What is the
BEST method to protect the password file?

0 Apply a two-way function on user passwords and store the resulting values in the password file.

0 9
o Enable multi-factor authentication (MFA) for all users of the payroll system.

4-5 2
3
~pply a one-way function on user passwords and store the resulting values in the password file.

) 9
09
o Protect the password file with a master password and retain a copy of the master password in the safe.

1 ( 4
+
~ If two or more organizations with identical system configurations and backup technologies serve as alternate sites for each other, which of
the following MUST the organizations do?

0 Develop a joint business continuity (BC) plan

0 9
o Setup a memorandum of understanding (MOU)
~Formalize a Continuity of Operations Plan (COOP)

4-5 2
) 9 3
09
O Establish a joint disaster recovery (DR) plan

1 ( 4
+
An online system seOJred with mutual authenticated Transport Layer SeOJrity (TLS) requires an update to increase the speed of mobile
device user verification. Which architectural change BEST Increases verification speeds?

® Implement certificate validation using online status certificate protocol stapling.

0 9
o Implement biometric authentication with a known user whitellst
O Implement mutual password-based authentication protocol.
4-5 2
) 9 3
09
o Implement certificate validation using delta certificate revocation 11st (CRL).

1 ( 4
+
In order to reduce the cost of replacing information technology (IT) assets, the IT manager of a global organization is developing an
approach to extend the value of certain IT assets beyond their manufacturer specified llfecyde. Which of the following should the manager
consider that will MOST likely achieve this goal?

O Continue maintenance service contracts with the original product manufacturers through the end of production and beyond, since the

0 9
original manufacturers should continue supporting their products and honoring service-level agreements (SLA).

2
3 4-5
~ior to IT asset acquisition, verify the end of service dates, determine all rurrent and future projects that will be affected, and notify

) 9
7-dset owners that they will need to assume full service responslblllfy for service and maintenance after that date.

( 4 09
0 Seek third-party service and maintenance providers that offer equivalent service-level agreements (SLA), expert support, and highly

+ 1
skilled consultants, to continue supporting IT assets beyond the manufacturer specified llfecyde.

O Negotiate a multi-year supply contract with IT asset manufacturers to lock-in asset replacement costs, support costs and service-level
agreements (SLA), which will allow the organization to predict their IT asset budget for the duration of the contract.
A new information technology (IT) manager in an organization wants to make sure all third-party software, regardless of type, is tested
for both functionality and security. As each software component Is tested and a new security risk Is discovered, what Is the BEST action to
take?
O Update the notes for the teams using the software.

2 0 9
4-5
~pdate the security requirements.
0 Update the threat models.

) 9 3
O Update the testing baseline.

( 4 09
+ 1
Which statement BEST represents the standard implementation and purpose of the nonce value in the 0penID Conned (0IDC)
authorization code flow?

~he nonce value is passed to the 0penID provider request to ensure the relaying party application is protected against token Injection
· ~cks.

2 0 9
4-5
O The nonce value Is generated as a hash of the dleot 10 and passed to the ID token to Identify the originating claim.

9 3
0 It Is passed to the 0penID provider request and the same value Is returned In the ID token to prevent token replay.

)
( 4 09
O It is passed In the 0penID provider request and the value of the daim plus the nonce value is returned in the ID token to authorize the

1
request.

+
The information security manager has engaged a third party and organization representatives to perform an audit of the organization's
perimeter security controls. This audit will lndude a comprehensive simulation of adversarial attempts to identify vulnerabiUtles that could
be exploited using real-world conditions. What type of assessment would meet the MAIN forus of this audit?

O Known environment testing

2 0 9
4-5
O Ethical hacking exercises

O Unknown environment testing

) 9 3
~ed team exercises

( 4 09
+ 1
New assets, installed in a new data center last week, lack the latest security patches and a system engineer, reviewing the vulnerability
reports that were obtained today, Is surprised that the new servers are not lnduded In the report. Based on the Information provided, what
is the MOST likely reason the servers are not lnduded In the report?

O The vulnerability scanner should use host-based agents.

2 0 9
4-5
O The servers do not have vulnerabilities.

9
O The external information does not include threats for the servers.

) 3
( 4
~he new subnet Is not lnduded In the vulnerability scan.
09
+ 1
A 419 scam is an example of which type of cyber aime?

O Extortion

0 Ransomware

2 0 9
4-5
O Malware

~raud

) 9 3
( 4 09
+ 1
A security auditor has noted that the organization's operating system (OS} security update process does not cover the organization's doud-
based environment. This environment is provided under an Infrastructure as a Service (IaaS} model by a Ooud Service Provider (CSP).
Which of the following would be the BEST recommendation for the auditor to make?

O Recommend that the organization request a serurity attestation report from the doud provider covering their patching process for the
environment.

2 0 9
3 4-5
~ecommend that the organization revise their in-house patching process to cover the doud environment

) 9
09
o Recommend that the organization reinforce Its system hardening standards to minimize the impact of missing patches.

1 ( 4
O Recommend that the organization request a security audit to determine the number of missing patches and potential business impact.

+
What information is MOST important to security managers after information security audits?

® Effedlveness of security measures with respect to the organization's risk tolerance

0 Security related, metrics-based serurity events and logs

2 0 9
4-5
O Rlsk assessment of the organization's information system

o Compliance with applicable industry standards
) 9 3
( 4 09
+ 1
Which of the following is the MOST important part of a security kernel in a system?

0 Operating System (OS)

o Central Processing Unit (CPU)

2 0 9
4-5
~erence monitor

O Rootklt

) 9 3
( 4 09
+ 1
An organization is concerned about the possibility of an attacker installing malicious tools on an endpoint. Which of the following is the
BEST way to prevent this?

0 Configure endpoint firewalls.

0 9
o Implement antlvlrus software.
O Restrict user access.

4-5 2
) 9 3
09
~estrlct user rights.

1 ( 4
+
An organization has designed and implemented a disaster recovery plan (DRP). The organization's leading senior executive is concerned
that If a significant Incident occurs, the staff will not know what to do. What Is the BEST method to address this concern?

0 Implement a point-of-contact list.

0 9
o Ensure members of staff have access to the detailed business continuity plan (BCP).
O List the key stakeholders in the business impact analysis (BIA).
4-5 2
) 9 3
09
~evelop training and awareness programs.

1 ( 4
+
An organization would like to enhance the sea.irity of its new banking application. What is one way to implement risk-based adaptive
authentlcatlon?

0 Use cookies and facial recognition software.

0 9
~ e two-factor authentication (2FA) for users accessing the website.

O Use digital certificates and public key infrastructure (PKI).
4-5 2
) 9 3
09
O Use cookies and information about the system that is accessing the website.

1 ( 4
+
An organization's marketing team is evaluating new commercial software to replace its existing customer relationship management system.
Which type of document will be MOST helpful In assessing whether the security controls available In the new software will satisfy the
organization's regulatory obligations?

O Procedures and controls In place for the existing system maintained by the rustomer service department

2 0 9
4-5
~ r t t y standards applicable to customer information Issued by the data governance department

9 3
0 Guidelines over the processing of personal Information issued by tlhe compliance department

)
( 4 09
O The corporate Information sewrtty policy maintained by the infonnation technology (IT) department

+ 1
Which of the following is a key difference between Zenmap and Network Mapper penetration testing tools?

O An Intense ping scan can only be done in Zenmap.

~enmap can draw a visual topology.

2 0 9
4-5
O An intense ping scan can only be done in Network Mapper.

o Network Mapper can draw a visual topology.
) 9 3
( 4 09
+ 1
After choosing to accept a risk, what action should be taken after it is dowmented?

O The Impact rating of the risk should be reduced.

0 The risk should be removed from the risk register.

2 0 9
4-5
f:J.he risk should be monitored at regular intervals.

o The likelihood/probability of the risk should be reduced.
) 9 3
( 4 09
+ 1
A developer was asked to put special care in protecting a consumer-oriented mobile application. Which of the followtng is the seairity
department MOST likely to suggest for integrating authentlcatlon In the mobile application?

~0penlO Connect (0IDC)

0 9
O JavaScript Object Notation (JSON)

O Security Assertion Markup Language (SAML)
4-5 2
) 9 3
09
O Open Authorization (OAuth)

1 ( 4
+
A server administrator has been asked to design a data deletion algorirthm to be used in a new multi-tenant cloud environment What is
the MOST practical solution to apply when data Is deleted by a tenant?

rcynaypt using random keys and delete keys.

0 9
o Remove the flies from the disk allocatlon table and backups.
O Subject all relevant drtves to physical destruction.
4-5 2
) 9 3
09
O Remove all authorization records to the selected flies.

1 ( 4
+
An organization has just installed a new teleconferencing system. Users are unsatisfied with the Quality of Service (QoS) when making
calls. What is the BEST action to take that will provide users a better QoS?

~ctfvate QoS monitoring and optimization In the firewall settings.

0 9
o Deactivate QoS monitoring and optimization In the firewall settings.

4-5 2
O Activate the flrewall's application layer gateway and realtime protocol gateway features.

) 9 3
09
o Deactivate the firewall's application layer gateway and realtlme protocol gateway features.

1 ( 4
+
Which DevOps concept aims to improve security by providing greater visibility, auditability, and reliability of systems deployed in a doud
environment?

0 Continuous integrc,tion

0 9
o Software Development Life Cyde (SDLC)
~Infrclstructure as Code (IaC)
4-5 2
) 9 3
09
O Test automation

1 ( 4
+
One of the risks with centralized single sign-on (550) systems is that all credentials of individual users are protected by a single password.
What Is the PRIMARY recommended mitigation for this risk?

0 Create an 550 password change procedure.

0 9
~arden the 550 system with multi-factor authentication (MFA).

O Employ a robust de-centralized 550 system.
4-5 2
) 9 3
09
o Utlllze administrative controls over the single password.

1 ( 4
+
A construction manager requested for a solution to publish a 200 wikii pages construction design manual. End users indude 20 employees
in the office and 100 consulting field engineers. Currently, the consulting field engineers have no access to the organization's network.
Among the following proposals, which one Is the MOST cost-effective solution?

O Develop a web application to publish the manual on the organization's Internet web site and integrate the application with a third-party
authentication seivlce to grant the consulting field engineers access.

2 0 9
3 4-5
O Build an extranet to publish the manual and grant the consulting field engineers direct access.

) 9
09
o Publish the manual on the Intranet and grant the consulting field engineers access via virtual private networlc (VPN).

1 ( 4
~ubllsh the manual to a cloud service and use the provided user authentication to grant the consulting fleld engineers access.

+
Which of the following provides the BEST risk mitigation for weak infonnation storage security?

~Using approved encryption for backup tapes containing sensitive infonnatlon

0 Using a secondary operating location connected using a cold site redundancy

2 0 9
4-5
0 Using a doud provider located In another country

o Using a doud provider located In the same country
) 9 3
( 4 09
+ 1
An organization has experienced several incidents where a bad actor gained access and moved laterally across the organization's network.
What should the organization Install to prevent this from happening?

~ vfrtual local area networking (VLAN) topology

0 9
o An Intrusion detection system (LOS)
O An application level firewall
4-5 2
) 9 3
09
O A unified threat management

1 ( 4
+
A manager would like to set up controls to mitigate the risk of a single rogue employee. The manager plans to use multi-factor (MFA)
authentication and each Individual employee wlll have to take part In order to access the system. One Individual will have access to the
password while a second Individual would have access to a secret code dellvered via a MFA application. They each must separately enter
their piece of infonnation. Which of these woric area security controls should the manager pick?

0 Segregation of duties (SoD)

2 0 9
3 4-5
O Least privilege

) 9
09
® Dual control
O Split knowledge
1 ( 4
+
What is the PRIMARY concern of validating the daimed identity of a user based on their physiological characteristics?

O Storage of user's data and availability of the resource

0 A compromised biomebic authentication factor cannot be trusted

2 0 9
4-5
@naccurate acceptance rate of involved devices

O A compromised biomebic authentication factor can be trusted

) 9 3
( 4 09
+ 1
An organization employs auditing as a tool in their defense-in-depth model and have deployed an allow-by-exception model. Which of the
following would MOST commonly be an attempt to change the software baseline?
0 Attempts to modify the software by organization developers

0 9
~ttempts to Install new software by users
O Attempts to change established ports and protocols of software
4-5 2
) 9 3
09
o Attempts to apply software patches by the vendor

1 ( 4
+
What components are necessary to meet the requirements of a compliance framework?
O Policies, remediation steps, and people
0 Policies, technical requirements, and people

2 0 9
4-5
O Policies, regulations, and processes
~~licies, business processes, and controls

) 9 3
( 4 09
+ 1
An organization has just gone through a security assessment based on the Risk Management Framework (RMF) for its satellite systems.
The internal assessor reviewed and submitted the assessment report for the systems. The system administrator was able to quickly fix
some of the findings while the assessor was still there. What is the NEXT step the assessor should do with the findings that were fixed?

~Reassess the c~ols

2 0 9
4-5
0 Updates the assessment report

O Updates the Plan of Action and MIiestones {POA&M)

) 9 3
O Ales an addendum to the report

( 4 09
+ 1
What is the ad of social engineering that tricks users through phone calls?

0 Phlshlng

0 Whaling

2 0 9
4-5
O Smishlng

~hlng

) 9 3
( 4 09
+ 1
What should be the FIRST step in remediating the gaps in how data is being serured on a corporate network?

~entify data owners.
O Identify data security policy.

2 0 9
4-5
0 Identify data enayptlon method.
o Identify data origin.
) 9 3
( 4 09
+ 1
Which of the following is the BEST method to detect buffer overflow vulnerabilities in a rustom-developed application?

O Dynamic vulnerability analysis

~ t i c source code analysis

2 0 9
4-5
O Penetration testing

O Fault Injection analysis

) 9 3
( 4 09
+ 1
A Chief Infonnation Security Officer (OS0) is worried that an attackeir will use the organization's network a.s a source for a Domain Name
Server (DNS) amplification attack. How can the organization BEST mitigate this concern?

~Use Domain Name Server Security Extensions (0NSSEC).

0 9
o Use response-rate limiting to throttle requests per source.
O Use a third-party distributed denial-of-service (DDoS) mitigation solution.
4-5 2
) 9 3
09
o Use a host file to mltlgate the attack.

1 ( 4
+
Which of the following is a specific process mandated by General Data Protection Regulation (GDPR)?

O External risk management program

~ta protection impact assessment

2 0 9
4-5
O Data loss prevention (DLP)

o Business Impact analysis (BIA)
) 9 3
( 4 09
+ 1
The information technology (ID department detects an unauthorized attempt to access the company network. Which is the
BEST configuration to allow the adversary network access that has no real business operations and will allow IT to learn more about the
attack tools, origins, and techniques?

O Honeypot

2 0 9
4-5
~oneynet
o Extranet
) 9 3
O Intranet

( 4 09
+ 1
A director of the information technology (IT) department in an organization has been asked to prepare a contingency plan for the unit
managing the IT helpdesk. Which of the following services should be prioritlzed for efficient recovery of this unit?

0 Security and control over dient data

~le~municatlon services

2 0 9
4-5
O Customer relationship management software

) 9 3
09
o End user computer networks

1 ( 4
+
Which of the following BEST mitigates a pass-the-hash attack?

~tr1ct local accounts with administrator privileges.

0 Update complexity of account passwords with stronger enoyptlon and password hashes.

2 0 9
4-5
O Update antivirus signatures and educate users not to open questionable e-mail attachments.

O Ensure administrator accounts do not have e-mail functionality.

) 9 3
( 4 09
+ 1
A security architect is designing an identity management solution for a global enterprise. The organization uses a combination of on-site
systems and third-party doud services. What should the architect consider to BEST support efficient access provisioning?

O Proprietary connectors

0 9
o System for cross-domain Identity management
O Lightweight Directory Access Protocol (LDAP)
4-5 2
) 9 3
09
~Active Directory (AD)

1 ( 4
+
Following a breach, an organization's internal investigation revealed that data theft occurred by an employee. Which possible escalation
action should management proceed with?
0 Reassign employees.

0 9
o Remove access privileges.
O Terminate employees.
4-5 2
) 9 3
09
~laborate with human resources.

1 ( 4
+
Access control lists (AO.) are an example of which access control model?

o Mandatory access control (MAC)
0 Non-discretionary access control

2 0 9
4-5
O Role-based access control (RBAC)

~Rule-based ace~ control

) 9 3
( 4 09
+ 1
An organization is planning to implement a solution that enables remote workers to securely access the organization's database. Which of
the following should be Implemented to provide the MOST secure access?

~ulti-factor authentication (MFA)

0 9
o Strong passwords that lndude numeric and special characters
O Single srgn-on (SSO)

4-5 2
) 9 3
09
0 Email link-based authentication

1 ( 4
+
Which of the following is the MOST critical element in order to provide adequate monitoring of an organization's serurity framework?

O The ability to detect anomalous behavior

~Performing logging on a regular basis

2 0 9
4-5
O Integrating with monitoring of other systems

o Developing triggers that Initiate Investigation
) 9 3
( 4 09
+ 1
After an employee left a car manufacturer, the organization's securtty team discovered that the employee copied several trade secrets to a
personal storage device. Which type of lnvestlgatlon wlll be conducted?

0 Administrative

~I
2 0 9
4-5
o Criminal

) 9 3
09
o Regulatory

1 ( 4
+
Which of the following is BEST used to minimize the risk of interception and re-use of session keys?

~se Transport Layer Security (TLS).

0 Use Rivest-Shamir-Adleman (RSA) key exchange.

2 0 9
4-5
0 Add user-unique values to a session key.

o Hash the session keys.
) 9 3
( 4 09
+ 1
An organization has adopted a new security policy for device hardening. Which step will administrators need to perform to ensure
complete deployment of this new policy?

~rform a vulnerability scan of the network and go through remediation efforts.

0 9
o Complete a threat assessment of the network and compare to the new security policy.

4-5
O Create a network diagram of all network devices, endpoints, servers, and dataflows.
2
) 9 3
09
o Have a third-party audit review the Implementation of the new sea.irlty pollcy.

1 ( 4
+
What is the MOST secure method that can be used to ensure that data from one organization cannot be viewed by another organization
when both are using a Ooud Service Provider's (CSP) Database as a Service (DBaaS)?

0 Implement a firewall at the perimeter and between virtual machines (VM).

0 9
o Use network segmentation with virtual local area networks (VLAN).

4-5 2
3
~naypt the data with an individually stored key.

) 9
09
O Inform the CSP that a dedicated account Is needed.

1 ( 4
+
An organization has recently conducted a penetration testing on an external facing application and found that an attacker can identify valid
user account and password Information from the error codes returned on a login page. The login page is presented separately and before
a two-factor autheotlcatlon (2FA) requirement Which of the following will make the organization MOST secure?

O Eliminate the error responses and continue 2FA requirement as rurrently designed.

2 0 9
4-5
O Eliminate all error responses and Implement 2FA requirement on the login page.

9 3
~Modify the error responses and continue 2FA requirement as rurrently designed.

)
( 4 09
0 Modify all error responses and Implement 2FA requirement on the login page.

+ 1
Logs show that an air gapped, biometrically-protected computer was accessed by someone who was outside of the organization. What
attack method was MOST likely used?

~~slcal attack

0 9
o Denial-of-service (DoS) attack
o Phishing attack
4-5 2
) 9 3
09
O Replay attack

1 ( 4
+
Following an audit of network sewrity, an organization's internal audit team has identified that the network allows non-employees to
access the Internet via the corporate network. What is the BEST solution to protect the corporate network?

0 Access control list (AO..)

0 9
o Mobile Device Management (MOM)
O Multi-factor authentication (MFA)

4-5 2
) 9 3
09
00Network Access Control (NAC)

1 ( 4
+
An organization has a website that is used by its rustomers to buy a variety of products. What is the BEST technique to mitigate the risk
of website impersonation by a misbehaving Certificate Authority (CA) obtaining an on-path position?

~~ic key[$nning

0 9
o Certificate revocation
O Hypertext Transfer Protocol (HTTP) Strict-Transport-Security header
4-5 2
) 9 3
09
O dlent authentication

1 ( 4
+
A past incident in which an adversary was able to get access to the pre-shared key and impersonate a Wi-Fi access point raised concerns
that the current setup Is not sufficient from a serurlty point of view. Moving to WI-A Protected Access 3 (WPA3), which functionality would
be MOST suitable to reduce the impact of a disdosed pre-shared key while not adding signiflc.ant additional administrative workload on
the information technology (IT) department?

O Wireless Intrusion detection system (IDS)

2 0 9
4-5
o Wi-Fl protected setup

) 9 3
09
o Rogue access point detection

1 ( 4
+
~multaneous authentic.atlon of equals
A system owner is concerned that if they do not demonstrate a high enough level of system criticality, then operations and maintenance
funding for the system will be reduced In future years. During the control selection process, the system owner self-elevates the Impact
rating of the system from moderate to high In an attempt to demonstrate the increased mission criticality. What Is the GREATEST effect
that this inflated impact rating will have on the organization?

2 0 9
O The risk management strategy for the organization will not match the true risks that their systems are Introducing to the environment.

3 4-5
O The selection and deployment of security controls for the system will improve the operations and assets of an organization.

) 9
09
~rganlzatlonal funding will be mlsallgned, and crttlcal needs may go unmet due to the required Increase In funding needed for the

( 4
high-risk system.

+ 1
O Controls and control enhancements se.lected will not accurately reflect the specific privacy and security requirements needed to satisfy
policies, standards, and regulations.
Which application security testing methodology is the MOST desirable if a security practitioner's primary objective is to produce a result
with assurance that a software flaw Is exploitable?

O rnteractive Application Security Test (TAST)

o Static code analysis
2 0 9
3 4-5
~ m i c application serurity testing (DAST)

) 9
09
O Fuzz testing

1 ( 4
+
The secre.rary of a charity association is sharing a spreadsheet of the membership roster for review and validation by other association
members. Due to privacy concerns, the secrerary wants to apply security to prevent unintended exposure and render the file unusable after
a defined review period. What Is the MOST sulrable sewrity control for the secretary to consider?

o Dara reduction

2 0 9
4-5
~formation rights management

O Data leakage prevention

) 9 3
o Dara redaction
( 4 09
+ 1
An organization performing an internal network audit discovered there are several legacy switches running an operating system (OS) that
has reached its end-of-life (EOL). Which of the following Is the BEST course of action to minimize the probablllty of a successful zero-day
attack until the switches can be replaced?

9
O Increase log collection from the security Information and event management (SIEM) system.

2 0
4-5
0 Roll OS version back to a previously serured version.

O Deploy a honeypot to the demilitarized zone (DMZ).

) 9 3
( 4
~mplement a behavior-based Intrusion prevention system (IPS).
09
+ 1
What are exploitable, non-exploitable, canary, high interaction, and low interaction examples of?

O Data loss prevention (OLP) systems

0 Intrusion detection systems (IDS)

2 0 9
4-5
~oneypots
O Embedded systems

) 9 3
( 4 09
+ 1
When assessing the security impact of acquired software, which standard is used to evaluate security capabilities of commercial
Information technology (IT) products?

0 Risk Management Framework (RMF)

o Information assurance vulnerability alerts
2 0 9
3 4-5
O Common Vulnerabilities and Exposures (CVE)

) 9
09
~mmon Criteria (CC)

1 ( 4
+
Which of the following metrics BEST demonstrates the effectiveness of sewrity awareness within an organization?

0 Decrease In time It takes for security team to react to a phlshlng campaign

0 Decrease in number of devices infected by a specific malware

2 0 9
4-5
0 Increase In number of employees completing serurity training

~ncrease in number of reported phishing incidents

) 9 3
( 4 09
+ 1
What exploits are unique to cellular (4G, SG) network architectures?

O Denial-of-service (DoS) and on-path attacks

0 Denial-of-service (DoS) and bidding attac.ks

2 0 9
4-5
~ interface jamming and on-path attacks

O Air interface jamming and bidding attacks

) 9 3
( 4 09
+ 1
The information system owner, information system security officer, and security control assessor are all active roles and responsibilities
within which of the following processes?

0 Determining requirements

~plementing supply chain security

2 0 9
4-5
o Information security continuous monitoring

) 9 3
09
O Information Technology Infrastructure Library (ITIL)

1 ( 4
+
Which of the following is the MOST compelling reason for an organization to institute centralized control of secrets such as application
programming Interface (API) keys and certificates?

~ reduce the impact of an accidental secrets exposure

o To reduce the likelihood of secrets being written to code repositories or Internal wilds
2 0 9
4-5
o To reduce the likelihood of an outage impacting many critical applications

) 9 3
09
o To reduce the impact of an insider threat

1 ( 4
+
A software provider, based in the European Union (EU), is offering a Software as a Service (SaaS) solution to its rustomers. The software
is hosted by a third-party hosting provider. As part of the solution, the software provider Is using rustomers' activity logs, compiled by the
hosting provider to Improve the solution. According to the General Data Protection Regulation (GDPR), who is the controller for the
processing associated to the solution improvement purpose?

~erustomer

2 0 9
3 4-5
O The hosting provider

) 9
09
O The software provider

1 ( 4
+
0 The software provider and the customer
When an application transfers unenaypted sensitive data, what type of flaw is this?

~ign

O Operational

2 0 9
4-5
0 Configuration

O I mplementation

) 9 3
( 4 09
+ 1
After a breach incident, investigators narrowed the attack to a specific network administrator's credentials. However, there was no evidence
to determine how the hackers obtained the credentials. Which of the following actions could have BEST avoided the above breach per the
investigation described above?

9
O A periodic review of network access logs

2 0
4-5
O A periodic review of active users on the network

~ periodic review of all privileged accounts actions

) 9 3
( 4 09
O A p~odic review of password strength of all users across the organization

+ 1
A network security team is concerned about personal devices connected to the network with the recent bring your own device (BYOD)
policy In place. The security team Is looking for ways to Increase security while allowing easy use of these devices. Which of the following
actions should the network security team take In order to provide the MOST Internal protection?

o Require all BYOD users to go through a risk assessment process on their devices.

2 0 9
4-5
~ e r o trust (ZT) access.

O Enable multl-factor authentlcatlon (MFA).

) 9 3
( 4 09
O Setup a WiA segment only allowing known Media Access Control (MAC) addresses.

+ 1
A manufacturer of medical devices requires periodic communication with deployed devices to support scheduled maintenance. The
manufacturer has determined doud-based data storage will best flt the requirement. The endpoints will communicate with the data storage
at flxed times, on fixed days of the week, and the endpoint location wlll determine what cloud storage the device can access. What type of
security authorization mechanism would provide the BEST authorization mechanism for the endpoints?

O Mandatory access control (MAC)

2 0 9
3 4-5
O Role-based access control (RBAC)

) 9
09
O Rule based access control

1 ( 4
+
~bute-based access control (ABAC)
Where is the BEST place to perform synthetic transactions to evaluate the overall user experience on a web facing application?
O Database

9
~ebserver

2 0
4-5
0 Intranet
O Internet

) 9 3
( 4 09
+ 1
During the final source code review with the rustomer, the quality assurance (QA) team discovered embedded credentials within the code.
What ls the BEST way to ensure this is discovered sooner?

O Enforce strict configuration management (CM)

~outln~canning

2 0 9
4-5
o Routine log review

) 9 3
09
O Enforce strict need-to-know

1 ( 4
+
A system sewrity officer is reviewing the human resources data classmcation policy because the organization is replacing a legacy
on-premises system with a new Software as a Service (SaaS) implementation. For the new human resources system, who Is responsible
for the security of the data?

o Organization's Information technology (IT) director

2 0 9
4-5
®tsan resources department

O Individual employees

) 9 3
o Saas provider's Chief Compliance Officer
( 4 09
+ 1
After identifying and conraining a ransomware attack, an organization doses out its incident investigation. Two weeks later, the same
attack recurs In a different network of the same organization. What Is the MOST probable reason for the attack's rerurrence?

O End users were not properly trained in the recognition and containment of ransomware.

o A new variant of the ransomware was introduced Into the agency's information systems.
2 0 9
3 4-5
~ e scope of the original Investigation was too narrow.

) 9
09
O The ransomware remained In an Infected backup software medium.

1 ( 4
+
The unauthorized modification of infonnation applies to what security principle?

O ConfldenUality

O Availability

0 9
-52
~rity
0 Accountability

9 3 4
( 4 0 9)
+1
An organization Is providing information technology (IT) services to many United States (US) and European Union (EU) clients belonging
to different sectors such as defense, energy, and finance. The security officer Is reviewing the policy hierarchy and the security
Infrastructure to provide evidence to dlents that all the regulatory requirements are met by the provider organization. Which of the
following will help the MOST to build such a policy structure?

O General Data Protection Regulation (GDPR)

2 0 9
3 4-5
O Payment Card Industry Data Security Standard (PO DSS)

) 9
09
O Control Objectives for Information and Related TechnolOQY (COBITI

1 ( 4
+
,:satlonal Institute of standards and Technology (NIST) standards
What is the BEST procedure to implement a zero trust (ZT) secure design and allow a worker to access dat, or applications on the
enterprise network?

~nly allow the worker to access data once the laptop Is fully patched with the latest operating system (OS) patches.

0 9
o Deny all access from the worker's laptop. All data must be approved and passed on by the worker's manager.
2
3 4-5
O Use the query from the worker to chedc the enterprise network's sea1rity policy and allow or deny access.

) 9
09
O Allow the laptop to access based on the worker's local account prlvllege.

1 ( 4
+
A startup organization plans on offering services to business enterprises through a system with web and mobile interfaces. The dients
would like to avoid making employees set-up, remember, and manage dlfferent sets of usemames and passwords. Which of the following
Is the BEST reason to use Security Assertion Markup Language (SAML) in their system?

O Allow users to employ an account they already have such as at a social network provider.

2 0 9
4-5
0 Allow users to employ an account they already have that authenticates directly with an organization's internally hosted database or

3
directory service.

) 9
09
o Allow users to Mnploy an account they already have that authenticates directly with a government identity provider {IdP) database or

( 4
directory service.

+ 1
~flow users to employ an account they already have such as at a corporate Identity provider (IdP) service operated by their employer.
Web portals that sit at the boundary of a service-oriented architecture (S0A) can pose some security concerns. Which of the
following BEST describes a security lmplication of authentication In the S0A?

0 Verification the recipient is entitled to the access

o Validation that the data had not been tampered with
2 0 9
3 4-5
~eriftcation of who is sending transmitting information

) 9
09
o Validation of the respective transaction ocrurred

1 ( 4
+
A popular organization has prepared a new service. What kind of protection should be applied to emphasize that the service belongs to the
organization's product portfolio?

0 Copyright

o Trademark
2 0 9
3 4-5
~tent

) 9
09
o Trade secret

1 ( 4
+
After a recent evacuation, an organization identified a risk to critical assets that were left unattended for the duration of the event If a
threat actor activates an alarm that resulted In an evaruatlon to gain access to those critical assets, what solution would provide the DEST
method to verify employees are away from the threat until first responders arrive?

O Relocate to a secondary site

2 0 9
4-5
0 Authenticate at muster stations

O Engage the security team

) 9 3
~ecute the evaruation plan

( 4 09
+ 1
An organization has contacted an assessor to request an external securrity audit. The audit is to indude all of the organization's external
resources. Which of the following steps should the assessor take FIRS,T?

~termine the organization's external resources' visibility and exposure.

o Establish Quality of Service (QoS) objectives and requirements.
2 0 9
3 4-5
O Request a statement of work (SOW) from the company.

) 9
09
O Determine the organization's Industry sector and compliance requirements.

1 ( 4
+
follo\ving the acquisition of a company, the business continuity plan (BCP) coordinator has updated the BCP to reflect the organizational
changes and personnel have been trained for their new responsibilities. What would be the NEXT step to ensure the viability of the plan?

o A countertop exercise
2 0 9
9 3 4-5
® A tabletop exercise
09 )
1 ( 4
O A functional exercise +
O A lessons learned exerdse
When implementing Voice over Internet Protocol (VoIP), which securre communication practice BEST protects telephony data in-transit?

@]Encrypted solutlons
2 0 9
0 Caller serure authentication
34 -5
0 9 )9
O Secure call management
1( 4
0 Digital signature
+
Which of the followlng Is the process in which a reasonable person addresses any risk given the same set of facts?

9
®Due care

-52 0
3 4
9) 9
0 Due process

( 4 0
+1
o Due diligence
0 Legal compliance
An organization using multiple doud providers for hosting is planning to conduct a vulnerability assessment to assess how sea.1re their
services are within each provider. Which of the follo\vlng MOST represents a significant concern whlle performing on-site vulnerability
assessments?

2 09
o Applications that each provider uses to patch their systems
3 4- 5
9 ) 9
(40
Potential gaps in each provider's physical security program

+1
O Providers' use of third-party libraries In thek build systems

O Are\·.rall rulesets used to protect each of the provider's customers
An organization uses a commercial off-the-shelf (COTS) product, the developer of whidl is acquired by a second organization. Which
adlon BEST describes what the organization's sewrity officer should do?

o call the original support contact at the first organization to see what may change
2 0 9
3 4 - 5
9
~erform the usual sea.irfty checks the next time a new version of the COTS product ls released

0 9 )
4
+1 (
o Perform due diligence on the new organization
O Put the current COTS product through vulnerabiltty tests to check for changes
Which of the following has the advantage of being user-centric?

o Dlsaetlonary access control (DAC)
2 09
0 Attribute-based access control (ABAC) 4-5
9 ) 93
~ole-based access control(4 0
+1
(RBAC)

0 Mandatory access control (MAC)
When an application transfers unenaypted sensitive data, what type of flaw is this?

o Operational
2 0 9
34-5
0 Implementation

9 ) 9
@]Design
+1 (40
0 Conflguratlon
A network security team is concerned about personal devices connected to the network \Vith the recent bring your own device (BYOD)
policy in place. The sewrtty team Is looking for ways to increase security while allowing easy use of these devfces. Which of the following
actJons should the nel\vork security team take in order to provide the MOST Internal protection?

2 0 9
4-5
o Enable multi-factor authentication (MFA).

) 9 3
09
O Require all BYOD users to go through a risk assessment process on their devices.

1 ( 4
+
I®[Use a zero trust access.
O Setup a WIA segment only allowing known Media Access Control (MAC) addresses.
What should a sea.1rity practitioner recommend to an organization that is struggling to manually update the baselines of servers and end
user equipment, such as workstations and laptops?

o Configuration management (CM) tools specialized In firmware Inventory
2 0 9
@ !Automated tools at system level capable of tracking the operating system3 4 5 level, network conflguratlon, and Installed software
-patch
9 ) 9 (OS)

( 4 0system (OS) patch level, net\vork configuration, and Installed software
+1
o Automated network-level tools capabfe of tracking the operating
0 Configuration management (CM) tools specialized in equipment Inventory
Which of the follo\ving elements should be induded in one-on-ne sessions while performing an external audit of an organization?

o Review of previous audits
2 0 9
~Review of security training
34- 5
9 ) 9
0
o Walk-throughs
+ 1 (4
O Report \Vriting
Which application security testing methodology is the MOST desirable if a security practitioner's primary objective is to produce a result
with assurance that a software flaw Is exploitable?

o Fuzz testing
2 09
) 9 34-5
9
O Interactive Application Sooltity Test (!AST)

o Static code analysis +1 (40
~Dynamic application security testing (OAST)
Which term BEST identifies the Individual within a compliance control framework who is required to maintain backups and ensure that
systems holding the data are sufficiently protected and that all applicable governance processes are followed?

o System administrator
2 0 9
93 4-5
~ata custodian
09 )
1 ( 4
o Business owner +
0 Data owner
Which method is MOST effective for thorough and accurate access deprovisloning?

~ngle sign-on (SSO)

2 0 9
4 -5
) 93
0 Role-based access control (RBAC)

( 4
o Quarterty privileged access reviews0 9
+
0 Automated password rotations
1
What is the BEST data protection policy recommendation for protected data on portable media?

o Protected data may be copied to portable media ~or business purpose and must be encrypted.
20 9
4-5
® Protected data must be enaypted on company servers and may not be copied to portable media.
) 3
9 home cornputer and must be enaypted.
( 40 9
o Protected data may be stored on human resource executive
1
+portable media for backup purposes and must be encrypted.
0 Protected data may only be stored on
A new information sewrity manager \vas hired at a company and tasked with setting up a new security operations center (SOC). Which of
the following is MOST likely to ~ induded in the SOC seauity policy?

2 0 9
@Goats, objectives, roles and responsibilities
34 - 5
9 ) 9
(40
0 Business Continuity (BC) and disaster recovery (OR)

o La\\/ and regulatory doctrine +1
O Baselines, procedures, and guidelines
What exploits are unique to cellular (4G, SG) network architectures?

o Air Interface Jamming and on-path attacks
2 09
3 4 - 5
)9
~Ir Interface jamming and bidding attacks
4 0 9
+1and( bidding attacks
o Denial-of-service (DoS)
0 Denial-of-service (DoS) and on-path attacks
Which of the following backup procedure BEST protects an organization from ransomware attacks?

09
@solated backup
- 52
o Ooud backup )9 34
(4 0 9
o Network backup +1
O Encrypted backup
An organization would like to enhance the security of its new banking application. What is one way to implement risk-based adaptive
authentication?

0 Use cookies and facial recognition sofuwre.
2 0 9
934-5
0 Use dlgitaJ certlflc.ates and public key infrastructure (PK!).
09 )
1 ( 4
+
®'se two-factor authentication (2FA) for users accessing the website.

0 Use cookies and information about the system that Is accessing the website.
If two or more organizations wtth identical system configurations and backup technologies serve as alternate sites for each other, which of
the following MUST the organizations do?
O Establish a joint disaster recovery {OR) plan
20 9
34- 5
~ormallze
9 ) 9
0
a Continuity of Operations Plan (COOP)
0 Setup a memorandum of understanding (MOU) + 1 (4
O Develop a joint business continuity (BC) plan
What is the BEST procedure to implement a zero trust serure design and allow a ~vorker to access data or applications on the enterprise
net\vork?
~ly
2 0 9
allow the worker to access data once the laptop Is fully patched with the latest operating system {OS) patches.

9 3 4-5
09 )
O Allow the laptop to access based on the worker's local account privilege.

1 ( 4
+
0 Deny all access from the worker's laptop. All data must be approved and passed on by the worker's manager.
O Use the query from the worker to check the enterprise network's security policy and allow or deny access.
Which of the following is considered the MOST important constraint on a system solution?

O Network systems
2 09
34 - 5
O Database systems
9 ) 9
( 4 0
o End-user systems +1
I®llnterfadng systems
A security professional is performing a vulnerability assessment and noticed that the cntical wlnerabilities exceeds an agreed~upon
percentage. Which of the following Key Rlsk lndicator (KRI) is MOST likely associated with this observation?

~tching compliance
2 0 9
O Rlsk assessment ratings
9 3 4-5
09 )
0 Account management status and issue rate
1 ( 4
O Measures of the use of unapproved software +
A 419 scam is an example of which type of cyber crime?

O Malware
2 09
34- 5
@=~ ) 9
(409
+1
O Extortion

O Ransomware
A sofuvare developer discovers a flaw that allows an attacker to inject commands within a front-facing webform, potentially oompromislng
underlying system tnfrastructure. The organization has already fielded the application to rustomers. Which is the MOST responsible
approach for disdosing the vulnerability?

2 0 9
O The developer should anonymousiy report the vulnerability to an auditing agency so they can formally investigate the cause.

3 4 - 5
9
0 Despite a non-cUsdosure agreement (NOA), the developer should fully disdose the vulnerability to both the rustomer and organization
so the vulnerablllty is resolved as quickly as possible.
0 9 )
1 ( 4
+
O The developer signed a non-disdosure agreement (NOA),
~he
and so cannot disclose It to the organization or the affected customers.
developer should limit disdosure within the organization's proper internal reporting procedures, allowing the organization to
decide how to patch the vulnerability.
An organization has recently undergone some personnel changes and senior management is concerned about the impact related to data
and ownership. Which of the following should be the PRIMARY areas or focus?

~ccession planning, training, legal Issues, and data ownership
2 0 9
34- 5
9 )9
O Custodianship, O\Vnership, data manaQe"ment, and points of contact
0
4 policy
+1 (
0 Metadata metrics, continuous data monitoring, and need-to~kno\v

0 Stolen data, removable medla, or expatriate data
An organiiation wishes to incorporate serurity scanning for code written in-house by its software developers. The solution should be
automated \vithin the organization's Continuous Integration and Continuous Delivery (Q/CO) processes while minimizing the time It takes
to run the scan. Which of the following approaches Is MOST appropriate?

2 0 9
4-5
0 Software composition analysis

) 9 3
0 Application pr09ramming Interface {API) testing
( 4 09
~tic application securtty testing (SAST) + 1
0 Dynamic application sewrity testing (DAST)
An audit of a financial institution cited the lack of Separation of Duties (SoO) between the software developers wtio write the code and the
operations teams that maintain the production systems. This resulted In undocumented updates and changes to a production system. What
weakness was identified during the audit?

2 0 9
0 Application development
3 4-5
@..ack of change management
( 4 0 9) 9
0 Operations tempo +1
0 Lade of configuration management
After a recent evacuation, an organization identified a risk to critical assets that were left unattended f