CISSP Final Question Set v2.docx PDF

1. All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that **a) determine the risk of a business interruption occurring\ **b) determine the technological dependence of the business processes\ c) Identify the operational impacts of a business interruption\ d) Identify the financial impacts of a business interruption 2. Which of the following actions will reduce risk to a laptop before traveling to a high-risk area? a\) Examine the device for physical tampering\ b) Implement more stringent baseline configurations\ **c) Purge or re-image the hard disk drive\ **d) Change access codes 3. A company whose Information Technology (IT) services are being delivered from a Tier 4 data centre, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with? **a) Application**\ b) Storage\ c) Power\ d) Network 4. Which of the following represents the GREATEST risk to data confidentiality? a\) Network redundancies are not implemented\ b) Security awareness training is not completed\ **c) Backup tapes are generated unencrypted**\ d) Users have administrative privileges 5. What is the MOST important consideration from a data security perspective when an organization plans to relocate? a\) Ensure the fire prevention and detection systems are sufficient to protect personnel\ b) Review the architectural plans to determine how many emergency exits are present\ **c) Conduct a gap analysis of a new facilities against existing security requirements**\ d) Revise the Disaster Recovery and Business Continuity (DR/BC) plan 6. International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined? **a) Only when assets are clearly defined**\ b) Only when standards are defined\ c) Only when controls are put in place\ d) Only procedures are defined 7. Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas? a\) Install mantraps at the building entrances\ b) Enclose the personnel entry area with polycarbonate plastic\ **c) Supply a duress alarm for personnel exposed to the public**\ d) Hire a guard to protect the public area 8. Which of the following is MOST important when assigning ownership of an asset to a department? a\) The department should report to the business owner\ b) Ownership of the asset should be periodically reviewed\ **c) Individual accountability should be ensured**\ d) All members should be trained on their responsibilities 9. Which one of the following affects the classification of data? **a) Assigned security label**\ b) Multilevel Security (MLS) architecture\ c) Minimum query size\ d) Passage of time 10. An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests. Which contract is BEST in offloading the task from the IT staff? a\) Platform as a Service (PaaS)\ **b) Identity as a Service (IDaaS)**\ c) Desktop as a Service (DaaS)\ d) Software as a Service (SaaS) 11. In a data classification scheme, the data is owned by the a\) system security managers\ **b) business managers**\ c) Information Technology (IT) managers\ d) end users 12. Which of the following is an initial consideration when developing an information security management system? a\) Identify the contractual security obligations that apply to the organizations\ **b) Understand the value of the information assets**\ c) Identify the level of residual risk that is tolerable to management\ d) Identify relevant legislative and regulatory compliance requirements 13. Which technique can be used to make an encryption scheme more resistant to a known plaintext attack? a\) Hashing the data before encryption\ b) Hashing the data after encryption\ c) Compressing the data after encryption\ **d) Compressing the data before encryption** 14. Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments? a\) Common Vulnerabilities and Exposures (CVE)\ **b) Common Vulnerability Scoring System (CVSS)**\ c) Asset Reporting Format (ARF)\ d) Open Vulnerability and Assessment Language (OVAL) 15. Who in the organization is accountable for classification of data information assets? **a) Data owner**\ b) Data architect\ c) Chief Information Security Officer (CISO)\ d) Chief Information Officer (CIO) 16. The use of private and public encryption keys is fundamental in the implementation of which of the following? a\) Diffie-Hellman algorithm\ **b) Secure Sockets Layer (SSL)**\ c) Advanced Encryption Standard (AES)\ d) Message Digest 5 (MD5) 17. At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located? a\) Link layer\ **b) Physical layer**\ c) Session layer\ d) Application layer 18. In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node? **a) Transport layer**\ b) Application layer\ c) Network layer\ d) Session layer 19. Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats? a\) Layer 2 Tunnelling Protocol (L2TP)\ **b) Link Control Protocol (LCP)**\ c) Challenge Handshake Authentication Protocol (CHAP)\ d) Packet Transfer Protocol (PTP) 20. Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model? **a) Packet filtering**\ b) Port services filtering\ c) Content filtering\ d) Application access control 21. An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control? **a) Add a new rule to the application layer firewall**\ b) Block access to the service\ c) Install an Intrusion Detection System (IDS)\ d) Patch the application source code 22. Which of the following is the BEST network defence against unknown types of attacks or stealth attacks in progress? a\) Intrusion Prevention Systems (IPS)\ b) Intrusion Detection Systems (IDS)\ c) Stateful firewalls\ **d) Network Behaviour Analysis (NBa) tools** 23. Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol? **a) WEP uses a small range Initialization Vector (IV)**\ b) WEP uses Message Digest 5 (MD5)\ c) WEP uses Diffie-Hellman\ d) WEP does not use any Initialization Vector (IV) 24. An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information? a\) Implement packet filtering on the network firewalls\ b) Install Host Based Intrusion Detection Systems (HIDS)\ c) Require strong authentication for administrators\ **d) Implement logical network segmentation at the switches** 25. Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary? **a) Limit access to predefined queries**\ b) Segregate the database into a small number of partitions each with a separate security level\ c) Implement Role Based Access Control (RBAC)\ d) Reduce the number of people who have access to the system for statistical purposes 26. What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance? a\) Audit logs\ b) Role-Based Access Control (RBAC)\ c) Two-f act or authentication\ **d) Application of least privilege** 27. A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files? a\) Host VM monitor audit logs\ b) Guest OS access controls\ c) Host VM access controls\ **d) Guest OS audit logs** 28. Which of the following could cause a Denial of Service (DoS) against an authentication system? a\) Encryption of audit logs\ **b) No archiving of audit logs**\ c) Hashing of audit logs\ d) Remote access audit logs 29. An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause? a\) Absence of a Business Intelligence (BI) solution\ b) Inadequate cost modelling\ c) Improper deployment of the Service-Oriented Architecture (SOa)\ **d) Insufficient Service Level Agreement (SLa)** 30. Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations? a\) Walkthrough\ **b) Simulation**\ c) Parallel\ d) White box 31. What is the PRIMARY reason for implementing change management? a\) Certify and approve releases to the environment\ b) Provide version rollbacks for system changes\ c) Ensure that all applications are approved\ **d) Ensure accountability for changes to the environment** 32. What should be the FIRST action to protect the chain of evidence when a desktop computer is involved? a\) Take the computer to a forensic lab\ b) Make a copy of the hard drive\ **c) Start documenting**\ d) Turn off the computer 33. What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application? a\) Disable all unnecessary services\ b) Ensure chain of custody\ c) Prepare another backup of the system\ **d) Isolate the system from the network** 34. A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following? a\) Guaranteed recovery of all business functions\ **b) Minimization of the need decision making during a crisis**\ c) Insurance against litigation following a disaster\ d) Protection from loss of organization resources 35. What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours? **a) Warm site**\ b) Hot site\ c) Mirror site\ d) Cold site 36. Which of the following is the PRIMARY risk with using open-source software in a commercial software construction? a\) Lack of software documentation\ **b) License agreements requiring release of modified code**\ c) Expiration of the license agreement\ d) Costs associated with support of the software 37. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined? a\) After the system preliminary design has been developed and the data security categorization has been performed\ b) After the vulnerability analysis has been performed and before the system detailed design begins\ c) After the system preliminary design has been developed and before the data security categorization begins\ **d) After the business functional analysis and the data security categorization have been performed** 38. Which of the following is the BEST method to prevent malware from being introduced into a production environment? a\) Purchase software from a limited list of retailers\ b) Verify the hash key or certificate key of all updates\ c) Do not permit programs, patches, or updates from the Internet\ **d) Test all new software in a segregated environment** 39. Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element? a\) Transparent Database Encryption (TDE)\ b) Column level database encryption\ c) Volume encryption\ **d) Data tokenization** 40. What is the MOST effective countermeasure to a malicious code attack against a mobile system? **a) Sandbox**\ b) Change control\ c) Memory management\ d) Public-Key Infrastructure (PKI 41. Which of the following is ensured when hashing files during chain of custody handling? a\) Availability\ b) Accountability\ **c) Integrity**\ d) Non-repudiation 42. Which of the following statements is TRUE of black box testing? **a) Only the functional specifications are known to the test planner.**\ b) Only the source code and the design documents are known to the test planner.\ c) Only the source code and functional specifications are known to the test planner.\ d) Only the design documents and the functional specifications are known to the test planner. 43. A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate? a\) Encryption routines\ b) Random number generator\ **c) Obfuscated code**\ d) Botnet command and control 44. Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)? a\) Encrypt and hash all PII to avoid disclosure and tampering.\ b) Store PII for no more than one year.\ c) Avoid storing PII in a Cloud Service Provider.\ **d) Adherence to collection limitation laws and regulations.** 45. Which of the following assessment metrics is BEST used to understand a system\'s vulnerability to potential exploits? a\) Determining the probability that the system functions safely during any time period\ b) Quantifying the system\'s available services\ **c) Identifying the number of security flaws within the system**\ d) Measuring the system\'s integrity in the presence of failure 46. Which of the following is an effective method for avoiding magnetic media data remanence? **a) Degaussing**\ b) Encryption\ c) Data Loss Prevention (DLP)\ d) Authentication 47. When transmitting information over public networks, the decision to encrypt it should be based on a\) the estimated monetary value of the information.\ b) whether there are transient nodes relaying the transmission.\ **c) the level of confidentiality of the information.**\ d) the volume of the information. 48. What principle requires that changes to the plaintext affect many parts of the ciphertext? **a) Diffusion**\ b) Encapsulation\ c) Obfuscation\ d) Permutation 49. Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility? a\) Vulnerability to crime\ b) Adjacent buildings and businesses\ **c) Proximity to an airline flight path**\ d) Vulnerability to natural disasters 50. Which one of the following transmission media is MOST effective in preventing data interception? a\) Microwave\ b) Twisted pair\ **c) Fiber optic**\ d) Coaxial cable 51. Which security action should be taken FIRST when computer personnel are terminated from their jobs? **a) Remove their computer access**\ b) Require them to turn in their badge\ c) Conduct an exit interview\ d) Reduce their physical access level to the facility 52. The type of authorized interactions a subject can have with an object is a\) control.\ **b) permission.**\ c) procedure.\ d) protocol. 53. Why MUST a Kerberos server be well protected from unauthorized access? **a) It contains the keys of all clients.**\ b) It always operates at root privilege.\ c) It contains all the tickets for services.\ d) It contains the Internet Protocol (IP) address of all network entities. 54. Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router? **a) Network Address Translation (NAT)**\ b) Application Proxy\ c) Routing Information Protocol (RIP) Version 2\ d) Address Masking 55. While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used? a\) Trusted path\ b) Malicious logic\ **c) Social engineering**\ d) Passive misuse 56. Why must all users be positively identified prior to using multi-user computers? a\) To provide access to system privileges\ b) To provide access to the operating system\ **c) To ensure that unauthorized persons cannot access the computers**\ d) To ensure that management knows what users are currently logged on 57. An advantage of link encryption in a communications network is that it a\) makes key management and distribution easier.\ b) protects data from start to finish through the entire network.\ c) improves the efficiency of the transmission.\ **d) encrypts all information, including headers and routing information.** 58. What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source? a\) Man-in-the-Middle (MITM) attack\ b) Smurfing\ c) Session redirect\ **d) Spoofing** 59. The PRIMARY purpose of a security awareness program is to **a) ensure that everyone understands the organization\'s policies and procedures.**\ b) communicate that access to information will be granted on a need-to-know basis.\ c) warn all users that access to all systems will be monitored on a daily basis.\ d) comply with regulations related to data and information protection. 60. The process of mutual authentication involves a computer system authenticating a user and authenticating the a\) user to the audit process.\ **b) computer system to the user.**\ c) user\'s access to all authorized objects.\ d) computer system to the audit process. 61. The FIRST step in building a firewall is to a\) assign the roles and responsibilities of the firewall administrators.\ b) define the intended audience who will read the firewall policy.\ c) identify mechanisms to encourage compliance with the policy.\ **d) perform a risk analysis to identify issues to be addressed.** 62. A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected? **a) Trojan horse**\ b) Denial of Service (DoS)\ c) Spoofing\ d) Man-in-the-Middle (MITM) 63. Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy? **a) Detection**\ b) Prevention\ c) Investigation\ d) Correction 64. Which of the following defines the key exchange for Internet Protocol Security (IPSec)? a\) Secure Sockets Layer (SSL) key exchange\ **b) Internet Key Exchange (IKE)**\ c) Security Key Exchange (SKE)\ d) Internet Control Message Protocol (ICMP) 65. The overall goal of a penetration test is to determine a system\'s **a) ability to withstand an attack.**\ b) capacity management.\ c) error recovery capabilities.\ d) reliability under stress. 66. When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and a\) flexible.\ b) confidential.\ c) focused.\ **d) achievable.** 67. Which of the following is a security limitation of File Transfer Protocol (FTP)? a\) Passive FTP is not compatible with web browsers.\ b) Anonymous access is allowed.\ c) FTP uses Transmission Control Protocol (TCP) ports 20 and 21.\ **d) Authentication is not encrypted.** 68. In Business Continuity Planning (BCP), what is the importance of documenting business processes? a\) Provides senior management with decision-making tools\ b) Establishes and adopts ongoing testing and maintenance strategies\ c) Defines who will perform which functions during a disaster or emergency\ **d) Provides an understanding of the organization\'s interdependencies** 69. Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver? a\) Physical\ **b) Session**\ c) Transport\ d) Data link 70. Which of the following is a network intrusion detection technique? **a) Statistical anomaly**\ b) Perimeter intrusion\ c) Port scanning\ d) Network spoofing 71. Internet Protocol (IP) source address spoofing is used to defeat **a) address-based authentication.**\ b) Address Resolution Protocol (ARP).\ c) Reverse Address Resolution Protocol (RARP).\ d) Transmission Control Protocol (TCP) hijacking. 72. An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring? **a) A dictionary attack**\ b) A Denial of Service (DoS) attack\ c) A spoofing attack\ d) A backdoor installation 73. Which of the following Disaster Recovery (DR) sites is the MOST difficult to test? a\) Hot site\ **b) Cold site**\ c) Warm site\ d) Mobile site 74. Which of the following statements is TRUE for point-to-point microwave transmissions? a\) They are not subject to interception due to encryption.\ b) Interception only depends on signal strength.\ c) They are too highly multiplexed for meaningful interception.\ **d) They are subject to interception by an antenna within proximity.** 75. Which of the following is TRUE about Disaster Recovery Plan (DRP) testing? a\) Operational networks are usually shut down during testing.\ **b) Testing should continue even if components of the test fail.**\ c) The company is fully prepared for a disaster if all tests pass.\ d) Testing should not be done until the entire disaster plan can be tested. 76. Which of the following is the FIRST step of a penetration test plan? a\) Analysing a network diagram of the target network\ b) Notifying the company\'s customers\ **c) Obtaining the approval of the company\'s management**\ d) Scheduling the penetration test during a period of least impact 77. Which of the following actions should be performed when implementing a change to a database schema in a production system? a\) Test in development, determine dates, notify users, and implement in production\ b) Apply change to production, run in parallel, finalize change in production, and develop a back-out Strategy\ c) Perform user acceptance testing in production, have users sign off, and finalize change\ **d) Change in development, perform user acceptance testing, develop a back-out strategy, and implement change** 78. Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks? a\) Data compression\ b) Data classification\ c) Data warehousing\ **d) Data validation** 79. The BEST method of demonstrating a company\'s security level to potential customers is **a) a report from an external auditor.**\ b) responding to a customer\'s security questionnaire.\ c) a formal report from an internal auditor.\ d) a site visit by a customer\'s security team. 80. Which of the following does Temporal Key Integrity Protocol (TKIP) support? **a) Multicast and broadcast messages**\ b) Coordination of IEEE 802.11 protocols\ c) Wired Equivalent Privacy (WEP) systems\ d) Synchronization of multiple devices 81. The stringency of an Information Technology (IT) security assessment will be determined by the a\) system\'s past security record.\ b) size of the system\'s database.\ **c) sensitivity of the system\'s data)**\ d) age of the system. 82. At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted a\) monthly.\ b) quarterly.\ **c) annually.**\ d) bi-annually. 83. Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches? a\) Simple Mail Transfer Protocol (SMTP) blacklist\ b) Reverse Domain Name System (DNS) lookup\ c) Hashing algorithm\ **d) Header analysis** 84. During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems? a\) A review of hiring policies and methods of verification of new employees\ b) A review of all departmental procedures\ c) A review of all training procedures to be undertaken\ **d) A review of all systems by an experienced administrator** 85. An internal Service Level Agreement (SLa) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered? a\) As part of the SLA renewal process\ b) Prior to a planned security audit\ c) Immediately after a security breach\ **d) At regularly scheduled meetings** 86. Which of the following is the best practice for testing a Business Continuity Plan (BCP)? a\) Test before the IT Audit\ **b) Test when environment changes**\ c) Test after installation of security patches\ d) Test after implementation of system patches 87. Which of the following MUST be done when promoting a security awareness program to senior management? **a) Show the need for security; identify the message and the audience**\ b) Ensure that the security presentation is designed to be all-inclusive\ c) Notify them that their compliance is mandatory\ d) Explain how hackers have enhanced information security 88. Which of the following is a security feature of Global Systems for Mobile Communications (GSM)? **a) It uses a Subscriber Identity Module (SIM) for authentication.**\ b) It uses encrypting techniques for all communications.\ c) The radio spectrum is divided with multiple frequency carriers.\ d) The signal is difficult to read as it provides end-to-end encryption. 89. A disadvantage of an application filtering firewall is that it can lead to a\) a crash of the network as a result of user activities.\ **b) performance degradation due to the rules applied.**\ c) loss of packets on the network due to insufficient bandwidth.\ d) Internet Protocol (IP) spoofing by hackers. 90. What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)? a\) Evaluating the efficiency of the plan\ b) Identifying the benchmark required for restoration\ **c) Validating the effectiveness of the plan**\ d) Determining the Recovery Time Objective (RTO) 91. Following the completion of a network security assessment, which of the following can BEST be demonstrated? a\) The effectiveness of controls can be accurately measured\ b) A penetration test of the network will fail\ **c) The network is compliant to industry standards**\ d) All unpatched vulnerabilities have been identified 92. Passive Infrared Sensors (PIR) used in a non-climate-controlled environment should a\) reduce the detected object temperature in relation to the background temperature.\ b) increase the detected object temperature in relation to the background temperature.\ **c) automatically compensate for variance in background temperature.**\ d) detect objects of a specific temperature independent of the background temperature. 93. The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide a\) data integrity.\ **b) defence in depth.**\ c) data availability.\ d) non-repudiation. 94. An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department? a\) The service provider\'s policies are consistent with ISO/IEC27001 and there is evidence that the service provider is following those policies.\ b) The service provider will segregate the data within its systems and ensure that each region\'s policies are met.\ **c) The service provider will impose controls and protections that meet or exceed the current systems controls and produce audit logs as verification.**\ d) The service provider\'s policies can meet the requirements imposed by the new environment even if they differ from the organization\'s current policies. 95. Which of the following is an appropriate source for test data? a\) Production data that is secured and maintained only in the production environment.\ b) Test data that has no similarities to production data)\ c) Test data that is mirrored and kept up to date with production data)\ **d) Production data that has been sanitized before loading into a test environment.** 96. What is the FIRST step in developing a security test and its evaluation? a\) Determine testing methods\ b) Develop testing procedures\ **c) Identify all applicable security requirements**\ d) Identify people, processes, and products not in compliance 97. To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded? a\) Multiple-pass overwriting\ b) Degaussing\ **c) High-level formatting**\ d) Physical destruction 98. Multi-threaded applications are more at risk than single-threaded applications to **a) race conditions.**\ b) virus infection.\ c) packet sniffing.\ d) database injection. 99. Which of the following is a potential risk when a program runs in privileged mode? a\) It may serve to create unnecessary code complexity\ b) It may not enforce job separation duties\ c) It may create unnecessary application hardening\ **d) It may allow malicious code to be inserted** 100. The goal of software assurance in application development is to a\) enable the development of High Availability (Ha) systems.\ b) facilitate the creation of Trusted Computing Base (TCB) systems.\ **c) prevent the creation of vulnerable applications.**\ d) encourage the development of open-source applications. 101. Building blocks for software-defined networks (SDN) require which of the following? a\) The SDN is mostly composed of virtual machines (VM).\ b) The SDN is composed entirely of client-server pairs.\ c) Virtual memory is used in preference to random-access memory (RAM).\ **d) Random-access memory (RAM) is used in preference to virtual memory.** 102. Which of the following system components enforces access controls on an object? a\) Security perimeter\ b) Access control matrix\ c) Trusted domain\ **d) Reference monitor** 103. A Simple Power Analysis (SPa) attack against a device directly observes which of the following? a\) Static discharge\ **b) Consumption**\ c) Generation\ d) Magnetism 104. Which of the following methods can be used to achieve confidentiality and integrity for data in transit? a\) Multiprotocol Label Switching (MPLS)\ **b) Internet Protocol Security (IPSec)**\ c) Federated identity management\ d) Multi-factor authentication 105. Secure Sockets Layer (SSL) encryption protects a\) data at rest.\ b) the source IP address.\ **c) data transmitted.**\ d) data availability. 106. What physical characteristic does a retinal scan biometric device measure? a\) The amount of light reflected by the retina\ b) The size, curvature, and shape of the retina\ **c) The pattern of blood vessels at the back of the eye**\ d) The pattern of light receptors at the back of the eye 107. What does secure authentication with logging provide? a\) Data integrity\ **b) Access accountability**\ c) Encryption logging format\ d) Segregation of duties 108. Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges? a\) Access based on rules\ **b) Access based on user\'s role**\ c) Access determined by the system\ d) Access based on data sensitivity 109. Discretionary Access Control (DAC) restricts access according to a\) data classification labelling.\ b) page views within an application.\ **c) authorizations granted to the user.**\ d) management accreditation. 110. Data leakage of sensitive information is MOST often concealed by which of the following? **a) Secure Sockets Layer (SSL)**\ b) Secure Hash Algorithm (SHa)\ c) Wired Equivalent Privacy (WEP)\ d) Secure Post Office Protocol (POP) 111. Which of the following is a reason to use manual patch installation instead of automated patch management? a\) The cost required to install patches will be reduced.\ b) The time during which systems will remain vulnerable to an exploit will be decreased.\ **c) The likelihood of system or application incompatibilities will be decreased.**\ d) The ability to cover large geographic areas is increased. 112. Which of the following is the MOST important element of change management documentation? a\) List of components involved\ b) Number of changes being made\ **c) Business case justification**\ d) A stakeholder communication 113. The PRIMARY outcome of a certification process is that it provides documented a\) system weaknesses for remediation.\ b) standards for security assessment, testing, and process evaluation.\ c) interconnected systems and their implemented security controls.\ **d) security analyses needed to make a risk-based decision.** 114. Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen? a\) Set up a BIOS and operating system password\ b) Encrypt the virtual drive where confidential files can be stored\ c) Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network\ **d) Encrypt the entire disk and delete contents after a set number of failed access attempts** 115. Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage? **a) Requirements Analysis**\ b) Development and Deployment\ c) Production Operations\ d) Utilization Support 116. What component of a web application that stores the session state in a cookie can be bypassed by an attacker? a\) An initialization check\ b) An identification check\ **c) An authentication check**\ d) An authorization check 117. Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network? a\) Use of a unified messaging.\ **b) Use of separation for the voice network.**\ c) Use of Network Access Control (NAC) on switches.\ d) Use of Request for Comments (RFC) 1918 addressing. 118. Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data? a\) Immediately document the finding and report to senior management.\ **b) Use system privileges to alter the permissions to secure the server**\ c) Continue the testing to its completion and then inform IT management\ d) Terminate the penetration test and pass the finding to the server management team 119. The three PRIMARY requirements for a penetration test are **a) A defined goal, limited time period, and approval of management**\ b) A general objective, unlimited time, and approval of the network administrator\ c) An objective statement, disclosed methodology, and fixed cost\ d) A stated objective, liability waiver, and disclosed methodology 120. Who must approve modifications to an organization\'s production infrastructure configuration? a\) Technical management\ **b) Change control board**\ c) System operations\ d) System users 121. Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device? **a) Trusted Platform Module (TPM)**\ b) Preboot eXecution Environment (PXE)\ c) Key Distribution Centre (KDC)\ d) Simple Key-Management for Internet Protocol (SKIP) 122. When implementing controls in a heterogeneous end-point network for an organization, it is critical that a\) hosts are able to establish network communications.\ b) users can make modifications to their security software configurations.\ **c) common software security components be implemented across all hosts.**\ d) firewalls running on each host are fully customizable by the user. 123. A vulnerability test on an Information System (IS) is conducted to a\) exploit security weaknesses in the IS.\ b) measure system performance on systems with weak security controls.\ **c) evaluate the effectiveness of security controls.**\ d) prepare for Disaster Recovery (DR) planning. 124. Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack? a\) Smurf\ b) Rootkit exploit\ c) Denial of Service (DoS)\ **d) Cross site scripting (XSS)** 125. The Hardware Abstraction Layer (HAL) is implemented in the **a) system software.**\ b) system hardware.\ c) application software.\ d) network hardware. 126. What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system? **a) Physical access to the electronic hardware**\ b) Regularly scheduled maintenance process\ c) Availability of the network connection\ d) Processing delays 127. Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents? **a) Ineffective data classification**\ b) Lack of data access controls\ c) Ineffective identity management controls\ d) Lack of Data Loss Prevention (DLP) tools 128. A security professional has been asked to evaluate the options for the location of a new data centre within a multifloor building. Concerns for the data centre include emanations and physical access controls. Which of the following is the BEST location? a\) On the top floor\ b) In the basement\ **c) In the core of the building**\ d) In an exterior room with windows 129. HOTSPOT In the network design below, where is the MOST secure Local Area Network (LAN) segment to deploy a Wireless Access Point (WAP) that provides contractors access to the Internet and authorized enterprise services? A diagram of firewalls and servers Description automatically generated **Answer: LAN 4** 130. After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue? a\) Implement strong passwords authentication for VPN\ b) Integrate the VPN with centralized credential stores\ c) Implement an Internet Protocol Security (IPSec) client\ **d) Use two-factor authentication mechanisms** 131. Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined? **a) International Organization for Standardization (ISO) 27000 family**\ b) Information Technology Infrastructure Library (ITIL)\ c) Payment Card Industry Data Security Standard (PCIDSS)\ d) ISO/IEC 20000 132. Which of the following describes the concept of a Single Sign -On (SSO) system? a\) Users are authenticated to one system at a time.\ b) Users are identified to multiple systems with several credentials.\ **c) Users are authenticated to multiple systems with one login.**\ d) Only one user is using the system at a time. 133. Retaining system logs for six months or longer can be valuable for what activities? a\) Disaster recovery and business continuity\ **b) Forensics and incident response**\ c) Identity and authorization management\ d) Physical and logical access control 134. What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest? a\) Identify regulatory requirements\ **b) Conduct a risk assessment**\ c) Determine business drivers\ d) Review the security baseline configuration 135. During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take? a\) Immediately call the police\ b) Work with the client to resolve the issue internally\ c) Advise the person performing the illegal activity to cease and desist\ **d) Work with the client to report the activity to the appropriate authority** 136. Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks? a\) Timing\ **b) Cold boot**\ c) Side channel\ d) Acoustic cryptanalysis 137. Identify the component that MOST likely lacks digital accountability related to information access. Click on the correct device in the image below. ![A computer server and storage system Description automatically generated with medium confidence](media/image2.png) Answer is **Backup Media** An important principle of defence in depth is that achieving information security requires a balanced focus on which PRIMARY elements? a\) Development, testing, and deployment\ **b) Prevention, detection, and remediation**\ c) People, technology, and operations\ d) Certification, accreditation, and monitoring 138. Intellectual property rights are PRIMARY concerned with which of the following? **a) Owner's ability to realize financial gain**\ b) Owner's ability to maintain copyright\ c) Right of the owner to enjoy their creation\ d) Right of the owner to control delivery method 139. When implementing a data classification program, why is it important to avoid too much granularity? **a) The process will require too many resources**\ b) It will be difficult to apply to both hardware and software\ c) It will be difficult to assign ownership to the data\ d) The process will be perceived as having value 140. Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them? a\) Write a Service Level Agreement (SLa) for the two companies.\ **b) Set up a Virtual Private Network (VPN) between the two companies.**\ c) Configure a firewall at the perimeter of each of the two companies.\ d) Establish a File Transfer Protocol (FTP) connection between the two companies. 141. Which of the following is the BEST way to verify the integrity of a software patch? **a) Cryptographic checksums**\ b) Version numbering\ c) Automatic updates\ d) Vendor assurance 142. Which of the following is considered best practice for preventing e-mail spoofing? a\) Spam filtering\ **b) Cryptographic signature**\ c) Uniform Resource Locator (URL) filtering\ d) Reverse Domain Name Service (DNS) lookup 143. Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what? a\) Interface with the Public Key Infrastructure (PKI)\ b) Improve the quality of security software\ c) Prevent Denial of Service (DoS) attacks\ **d) Establish a secure initial state** 144. By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the a\) confidentiality of the traffic is protected.\ **b) opportunity to sniff network traffic exists.**\ c) opportunity for device identity spoofing is eliminated.\ d) storage devices are protected against availability attacks. 145. What is an effective practice when returning electronic storage media to third parties for repair? a\) Ensuring the media is not labelled in any way that indicates the organization\'s name.\ b) Disassembling the media and removing parts that may contain sensitive data)\ c) Physically breaking parts of the media that may contain sensitive data)\ **d) Establishing a contract with the third party regarding the secure handling of the media)** 146. The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct a\) log auditing.\ **b) code reviews.**\ c) impact assessments.\ d) static analysis. 147. An external attacker has compromised an organization\'s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker\'s ability to gain further information? a\) Implement packet filtering on the network firewalls\ b) Require strong authentication for administrators\ c) Install Host Based Intrusion Detection Systems (HIDS)\ **d) Implement logical network segmentation at the switches** 148. According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit? a\) In-house security administrators\ b) In-house Network Team\ c) Disaster Recovery (DR)Tea m\ **d) External consultants** 149. When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial? a\) Testing phase\ b) Development phase\ **c) Requirements definition phase**\ d) Operations and maintenance phase 150. A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six-digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of a\) asynchronous token.\ b) Single Sign-On (SSO) token.\ c) single factor authentication token.\ **d) synchronous token.** 151. Which of the following is the MOST beneficial to review when performing an IT audit? a\) Audit policy\ b) Security log\ c) Security policies\ **d) Configuration settings** 152. Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications? a\) Application monitoring procedures\ **b) Configuration control procedures**\ c) Security audit procedures\ d) Software patching procedures 153. Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)? **a) Maintaining an inventory of authorized Access Points (AP) and connecting devices**\ b) Setting the radio frequency to the minimum range required\ c) Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator\ d) Verifying that all default passwords have been changed 154. From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system? a\) Configure secondary servers to use the primary server as a zone forwarder.\ b) Block all Transmission Control Protocol (TCP) connections.\ c) Disable all recursive queries on the name servers.\ **d) Limit zone transfers to authorized devices.** 155. Which of the following is the BEST reason to review audit logs periodically? a\) Verify they are operating properly\ b) Monitor employee productivity\ **c) Identify anomalies in use patterns**\ d) Meet compliance regulations 156. Which of the following is the MAIN reason that system re-certification and re-accreditation are\ needed? a\) To assist data owners in making future sensitivity and criticality determinations\ b) To assure the software development team that all security issues have been addressed\ **c) To verify that security protection remains acceptable to the organizational security policy**\ d) To help the security team accept or reject new systems for implementation and production 157. When building a data centre, site location and construction factors that increase the level of vulnerability to physical threats include a\) hardened building construction with consideration of seismic factors.\ b) adequate distance from and lack of access to adjacent buildings.\ c) curved roads approaching the data centre.\ **d) proximity to high crime areas of the city.** 158. During an investigation of database theft from an organization\'s web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again? a\) Encrypt communications between the servers\ b) Encrypt the web server traffic\ **c) Implement server-side filtering**\ d) Filter outgoing traffic at the perimeter firewall 159. Which of the following is a critical factor for implementing a successful data classification program? **a) Executive sponsorship**\ b) Information security sponsorship\ c) End-user acceptance\ d) Internal audit acceptance 160. According to best practice, which of the following is required when implementing third party software in a production environment? **a) Scan the application for vulnerabilities**\ b) Contract the vendor for patching\ c) Negotiate end user application training\ d) Escrow a copy of the software 161. What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password? a\) Brute force attack\ b) Frequency analysis\ **c) Social engineering**\ d) Dictionary attack 162. Which of the following is the MOST difficult to enforce when using cloud computing? a\) Data access\ b) Data backup\ c) Data recovery\ **d) Data disposal** 163. Which of the following assures that rules are followed in an identity management architecture? a\) Policy database\ b) Digital signature\ c) Policy decision point\ **d) Policy enforcement point** 164. Which of the following methods provides the MOST protection for user credentials? a\) Forms-based authentication\ **b) Digest authentication**\ c) Basic authentication\ d) Self-registration 165. Which of the following MOST influences the design of the organization\'s electronic monitoring policies? **a) Workplace privacy laws**\ b) Level of organizational trust\ c) Results of background checks\ d) Business ethical considerations 166. Which of the following is a detective access control mechanism? **a) Log review**\ b) Least privilege\ c) Password complexity\ d) Non-disclosure agreement 167. An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern? a\) Availability\ b) Confidentiality\ **c) Integrity**\ d) Ownership 168. An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule? **a) Pending legal hold**\ b) Long term data mining needs\ c) Customer makes request to retain\ d) Useful for future business initiatives 169. Which of the following is the MAIN goal of a data retention policy? a\) Ensure that data is destroyed properly.\ b) Ensure that data recovery can be done on the data)\ **c) Ensure the integrity and availability of data for a predetermined amount of time.**\ d) Ensure the integrity and confidentiality of data for a predetermined amount of time. 170. In a financial institution, who has the responsibility for assigning the classification to a piece of information? a\) Chief Financial Officer (CFO)\ b) Chief Information Security Officer (CISO)\ **c) Originator or nominated owner of the information**\ d) Department head responsible for ensuring the protection of the information 171. What technique BEST describes antivirus software that detects viruses by watching anomalous behaviour? a\) Signature\ b) Inference\ c) Induction\ **d) Heuristic** 172. Contingency plan exercises are intended to do which of the following? **a) Train personnel in roles and responsibilities**\ b) Validate service level agreements\ c) Train maintenance personnel\ d) Validate operation metrics 173. Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures? **a) Role Based Access Control (RBAC)**\ b) Biometric access control\ c) Federated Identity Management (IdM)\ d) Application hardening 174. What is the MOST important reason to configure unique user IDs? **a) Supporting accountability**\ b) Reducing authentication errors\ c) Preventing password compromise\ d) Supporting Single Sign On (SSO) 175. Which of the following is the PRIMARY benefit of a formalized information classification program? a\) It drives audit processes.\ **b) It supports risk assessment.**\ c) It reduces asset vulnerabilities.\ d) It minimizes system logging requirements. 176. The amount of data that will be collected during an audit is PRIMARILY determined by the. **a) audit scope.**\ b) auditor\'s experience level.\ c) availability of the data)\ d) integrity of the data) 177. For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing? a\) Hash functions\ **b) Data segregation**\ c) File system permissions\ d) Non-repudiation controls 178. Which of the following findings would MOST likely indicate a high risk in a vulnerability assessment report? a\) Transmission control protocol (TCP) port 443 open\ b) Non-standard system naming convention used\ c) Unlicensed software installed\ **d) End of life system detected** 179. Which would result in the GREATEST impact following a breach to a cloud environment? a\) The hypervisor host Is poorly seared\ b) The same Logical Unit Number (LLN) is used for all VMs\ **c) Insufficient network segregation**\ d) Insufficient hardening of Virtual Machines (VM) 180. Which of the following in the BEST way to reduce the impact of an externally sourced flood attack? a\) Stock the source address at the firewall.\ b) Have this service provide block the source address.\ c) Block all inbound traffic until the flood ends.\ **d) Have the source service provider block the address** 181. A corporate security policy specifies that all devices on the network must have updated operating system patches and anti-malware software. Which technology should be used to enforce this policy? a\) Network Address Translation (NAT)\ b) Stateful Inspection\ c) Packet filtering\ **d) Network Access Control (NAC)** 182. While performing a security review for a new product, an information security professional discovers that the organization\'s product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team? a\) Customer identifiers should be a variant of the user's government-issued ID number.\ **b) Customer identifiers that do not resemble the user's government-issued ID number should be used.**\ c) Customer identifiers should be a cryptographic hash of the user\'s government-issued ID number.\ d) Customer identifiers should be a variant of the user's name, for example, "jdoe" or "john.doe." 183. An organization outgrew its internal data centre and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection? **a) Facility provides an acceptable level of risk**\ b) Facility provides disaster recovery (DR) services\ c) Facility provides the most cost-effective solution\ d) Facility has physical access protection measures 184. Which of the following is the MAIN difference between a network-based firewall and a host-based firewall? a\) A network-based firewall is stateful, while a host-based firewall is stateless.\ **b) A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device.**\ c) A network-based firewall verifies network traffic, while a host-based firewall verifies processes and applications.\ d) A network-based firewall blocks network intrusions, while a host-based firewall blocks malware. 185. A healthcare insurance organization chose a vendor to develop a software application. Upon review of the draft contract, the information security professional notices that software security is not addressed. What is the BEST approach to address the issue? a\) Update the service level agreement (SLa) to provide the organization the right to audit the vendor.\ b) Update the service level agreement (SLa) to require the vendor to provide security capabilities.\ **c) Update the contract so that the vendor is obligated to provide security capabilities.**\ d) Update the contract to require the vendor to perform security code reviews. 186. A Certified Information Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC)? Code of Professional Ethics, which of the following should the CISSP do? a\) Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it\ b) Review the PCI requirements before performing the vulnerability assessment\ **c) Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent and qualified**\ d) Since they are CISSP certified, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a timely manner 187. A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization? a\) Network is flooded with communication traffic by the attacker.\ **b) Organization loses control of their network devices.**\ c) Network management communications is disrupted.\ d) Attacker accesses sensitive information regarding the network topology. 188. Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)? a\) Check the technical design.\ **b) Conduct a site survey.**\ c) Categorize assets.\ d) Choose a suitable location. 189. A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal? a\) Use limitation\ **b) Individual participation**\ c) Purpose specification\ d) Collection limitation 190. Which of the following is a secure design principle for a new product? **a) Build in appropriate levels of fault tolerance.**\ b) Utilize obfuscation whenever possible.\ c) Do not rely on previously used code.\ d) Restrict the use of modularization. 191. What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources? a\) Reset all passwords.\ b) Shut down the network.\ c) Warn users of a breach.\ **d) Segment the network.** 192. A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key? **a) Bitlocker**\ b) Trust ed Platform Module (TPM)\ c) Virtual storage array network (VSAN)\ d) Hardware security module (HSM) 193. A customer continues to experience attacks on their email, web, and File Transfer Protocol (FTP) servers. These attacks are impacting their business operations. Which of the following is the BEST recommendation to make? a\) Configure an intrusion detection system (IDS).\ **b) Create a demilitarized zone (DMZ).**\ c) Deploy a bastion host.\ d) Setup a network firewall. 194. Which of the following routing protocols is used to exchange route information between public autonomous systems? a\) OSPF\ **b) BGP**\ c) EIGRP\ d) RIP 195. A network administrator is configuring a database server and would like to ensure the database engine is listening on a certain port. Which of the following commands should the administrator use to accomplish this goal? a\) nslookup\ **b) netstat -a**\ c) ipconfig /a\ d) arp -a 196. Which of the following types of datacentre architectures will MOST likely be used in a large SDN and can be extended beyond the datacentre? a\) iSCSI\ b) FCoE\ c) Three-tiered network\ **d) Spine and leaf**\ e) Top-of-rack switching 197. A network administrator is designing a new datacentre in a different region that will need to communicate to the old datacentre with a secure connection. Which of the following access methods would provide the BEST security for this new datacentre? a\) Virtual network computing\ b) Secure Socket Shell\ c) in-band connection\ **d) Site-to-site VPN** 198. Which of the following types of devices can provide content filtering and threat protection, and manage multiple IPSec site-to-site connections? a\) Layer 3 switch\ b) VPN headend\ **c) Next-generation firewall**\ d) Proxy server\ e) Intrusion prevention 199. A technician is troubleshooting a client\'s report about poor wireless performance. Using a client monitor, the technician notes the following information: Which of the following is MOST likely the cause of the issue? A white rectangular object with black text Description automatically generated **a) Channel overlap**\ b) Poor signal\ c) Incorrect power settings\ d) Wrong antenna type 200. Which of the following needs to be tested to achieve a Cat 6a certification for a company\'s data cabling? a\) RJ11\ b) LC ports\ **c) Patch panel**\ d) F-type connector 201. Two remote offices need to be connected securely over an untrustworthy MAN. Each office needs to access network shares at the other site. Which of the following will BEST provide this functionality? a\) Client-to-site VPN\ b) Third-party VPN service\ **c) Site-to-site VPN**\ d) Split-tunnel VPN 202. A fiber link connecting two campus networks is broken. Which of the following tools should an engineer use to detect the exact break point of the fiber link? **a) OTDR**\ b) Tone generator\ c) Fusion splicer\ d) Cable tester\ e) PoE injector 203. Which of the following would need to be configured to ensure a device with a specific MAC address is always assigned the same IP address from DHCP? a\) Scope options\ **b) Reservation**\ c) Dynamic assignment\ d) Exclusion\ e) Static assignment 204. Commercial off-the-shelf (COTS) software presents which of the following additional security concerns? a\) Vendors take on the liability for COTS software vulnerabilities.\ b) In-house developed software is inherently less secure.\ **c) Exploits for COTS software are well documented and publicly available.**\ d) COTS software is inherently less secure. 205. Which of the following is a correct feature of a virtual local area network (VLAN)? a\) A VLAN segregates network traffic therefore information security is enhanced significantly.\ **b) Layer 3 routing is required to allow traffic from one VLAN to another.**\ c) VLAN has certain security features such as where the devices are physically connected.\ d) There is no broadcast allowed within a single VLAN due to network segregation. 206. Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee records? a\) Discretionary access control (DAC)\ b) Mandatory access control (MAC)\ c) Role-based access control (RBAC)\ **d) Attribute-based access control (ABAC)** 207. Which of the following is the BEST way to protect privileged accounts? a\) Quarterly user access rights audits\ b) Role-based access control (RBAC)\ c) Written supervisory approval\ **d) Multi-factor authentication (MFa)** 208. What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account? a\) Publish a social media guidelines document.\ **b) Publish an acceptable usage policy.**\ c) Document a procedure for accessing social media sites.\ d) Deliver security awareness training. 209. In which of the following scenarios is locking server cabinets and limiting access to keys preferable to locking the server room to prevent unauthorized access? a\) Server cabinets are located in an unshared workspace.\ b) Server cabinets are located in an isolated server farm.\ c) Server hardware is located in a remote area)\ **d) Server cabinets share workspace with multiple projects.** 210. Which of the following is the top barrier for companies to adopt cloud technology? a\) Migration period\ b) Data integrity\ c) Cost\ **d) Security** 211. An organization\'s retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan. Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational? a\) Update the Network Address Translation (NAT) table.\ **b) Update Domain Name System (DNS) server addresses with domain registrar.**\ c) Update the Border Gateway Protocol (BGP) autonomous system number.\ d) Update the web server network adapter configuration. 212. Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol? a\) Secure Shell (SSH)\ b) Internet Protocol Security (IPsec)\ c) Secure Sockets Layer (SSL)\ **d) Extensible Authentication Protocol (EAP**) 213. What is the PRIMARY benefit of incident reporting and computer crime investigations? a\) Providing evidence to law enforcement\ **b) Repairing the damage and preventing future occurrences**\ c) Appointing a computer emergency response team\ d) Complying with security policy 214. What is the MINIMUM standard for testing a disaster recovery plan (DRP)? a\) Semi-annually and in alignment with a fiscal half-year business cycle\ b) Annually or less frequently depending upon audit department requirements\ c) Quarterly or more frequently depending upon the advice of the information security manager\ **d) As often as necessary depending upon the stability of the environment and business requirements** 215. A network security engineer needs to ensure that a security solution Analyses traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to Analyse traffic, blacklist external sites, and log user traffic for later analysis? a\) Intrusion detection system (IDS)\ b) Circuit-Level Proxy\ **c) Application-Level Proxy**\ d) Host-based Firewall 216. Which of the following is MOST appropriate to collect evidence of a zero-day attack? a\) Firewall\ **b) Honeypot**\ c) Antispam\ d) Antivirus 217. Which of the following types of hosts should be operating in the demilitarized zone (DMZ)? **a) Hosts intended to provide limited access to public resources**\ b) Database servers that can provide useful information to the public\ c) Hosts that store unimportant data such as demographical information\ d) File servers containing organizational data 218. What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high performance data reads and writes? **a) RAID-0**\ b) RAID-1\ c) RAID-5\ d) RAID-6 219. What is the BEST way to restrict access to a file system on computing systems? a\) Allow a user group to restrict access.\ b) Use a third-party tool to restrict access.\ **c) Use least privilege at each level to restrict access.**\ d) Restrict access to all users. 220. Which Redundant Array c/ Independent Disks (RAID) Level does the following diagram represent? ![A diagram of a diagram of a server Description automatically generated](media/image4.png) a\) RAID 0\ b) RAID 1\ c) RAID 5\ **d) RAID 10** 221. Which testing method requires very limited or no information about the network infrastructure? a\) White box\ b) Static\ **c) Black box**\ d) Stress 222. Which of the following is a MAJOR concern when there is a need to preserve or retain information for future retrieval? a\) Laws and regulations may change in the interim, making it unnecessary to retain the information.\ b) The expense of retaining the information could become untenable for the organization.\ c) The organization may lose track of the information and not dispose of it securely.\ **d) The technology needed to retrieve the information may not be available in the future.** 223. Which of the following types of data would be MOST difficult to detect by a forensic examiner? a\) Slack space data\ **b) Steganographic data**\ c) File system deleted data\ d) Data stored with a different file type extension 224. Following a penetration test, what should an organization do FIRST? a\) Review all security policies and procedures.\ b) Ensure staff is trained in security.\ c) Determine if you need to conduct a full security assessment.\ **d) Evaluate the problems identified in the test result.** 225. Which of the following models uses unique groups contained in unique conflict classes? **a) Chinese Wall**\ b) Bell-LaPadula\ c) Clark-Wilson\ d) Biba 226. When developing the entitlement review process, which of the following roles is responsible for determining who has a need for the information? a\) Data Custodian\ **b) Data Owner**\ c) Database Administrator\ d) Information Technology (IT) Director 227. What should an auditor do when conducting a periodic audit on media retention? **a) Check electronic storage media to ensure records are not retained past their destruction date.**\ b) Ensure authorized personnel are in possession of paper copies containing Personally Identifiable Information\ c) Check that hard disks containing backup data that are still within a retention cycle are being destroyed\ d) Ensure that data shared with outside organizations is no longer on a retention schedule. 228. Which of the following factors is á PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy? a\) Testing and Evaluation (TE) personnel changes\ **b) Changes to core missions or business processes**\ c) Increased Cross-Site Request Forgery (CSRF) attacks\ d) Changes in Service Organization Control (SOC) 2 reporting requirements 229. Digital non-repudiation requires which of the following? **a) A trusted third-party**\ b) Appropriate corporate policies\ c) Symmetric encryption\ d) Multifunction access cards 230. Data remanence is the biggest threat in which of the following scenarios? a\) A physical disk drive has been overwritten and reused within a datacentre\ b) A physical disk drive has been degaussed, verified, and released to a third party for destruction\ c) A flash drive has been overwritten, verified, and reused within a datacentre.\ **d) A flash drive has been overwritten and released to a third party for destruction.** 231. Which of the following is the MOST secure password technique? a\) Passphrase\ **b) One-time password**\ c) Cognitive password\ d) dphertext 232. Which of the following is a Key Performance Indicator (KPI) for a security training and awareness program? a\) The number of security audits performed\ **b) The number of attendees at security training events**\ c) The number of security training materials created\ d) The number of security controls implemented 233. When are security requirements the LEAST expensive to implement? a\) When identified by external consultants\ b) During the application rollout phase\ c) During each phase of the project cycle\ **d) When built into application design** 234. What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle? a\) Man-in-the-Middle (MITM)\ **b) Denial of Service (DoS)**\ c) Domain Name Server (DNS) poisoning\ d) Buffer overflow 235. What is the HIGHEST priority in agile development? a\) Selecting appropriate coding language\ b) Managing costs of product delivery\ **c) Early and continuous delivery of software**\ d) Maximizing the amount of code delivered 236. Which of the following is included in the Global System for Mobile Communications (GSM) security framework? a\) Public-Key Infrastructure (PKI)\ **b) Symmetric key cryptography**\ c) Digital signatures\ d) Biometric authentication 237. Which of the following is the reason that transposition ciphers are easily recognizable? a\) Key\ b) Block\ c) Stream\ **d) Character** 238. How is it possible to extract private keys securely stored on a cryptographic smartcard? a\) Bluebugging\ **b) Focused ion-beam**\ c) Bluejacking\ d) Power analysis 239. Which of the following is an important requirement when designing a secure remote access system? a\) Configure a Demilitarized Zone (DMZ) to ensure that user and service traffic is separated.\ b) Provide privileged access rights to computer files and systems.\ **c) Ensure that logging and audit controls are included.**\ d) Reduce administrative overhead through password self-service. 240. Which of the following is the BEST way to mitigate circumvention of access controls? a\) Multi-layer access controls working in isolation\ b) Multi-vendor approach to technology implementation\ c) Multi-layer firewall architecture with Internet Protocol (IP) filtering enabled\ **d) Multi-layer access controls with diversification of technologies** 241. Which one of the following can be used to detect an anomaly in a system by keeping track of the state of files that do not normally change? a\) System logs\ b) Anti-spyware\ **c) Integrity checker**\ d) Firewall logs 242. Which of the following is the MOST effective preventative method to identify security flaws in software? a\) Monitor performance in production environments.\ **b) Perform a structured code review.**\ c) Perform application penetration testing.\ d) Use automated security vulnerability testing tods. 243. Which of the following BEST describes botnets? a\) Computer systems on the Internet that are set up to trap people who attempt to penetrate other computer system\ b) Set of related programs that protects the resources of a private network from other networks\ c) Small network inserted in a neutral zone between an organization\'s private network and the outside public network\ **d) Groups of computers that are used to launch destructive attacks** 244. An organization seeks to use a cloud Identity and Access Management (IAM) provider whose protocols and data formats are incompatible with existing systems. Which of the following techniques addresses the compatibility issue? a\) Require the cloud 1AM provider to use declarative security instead of programmatic authentication checks.\ b) Integrate a Web-Application Firewall (WAF) In reverie-proxy mode in front of the service provider.\ c) Apply Transport Layer Security (TLS) to the cloud-based authentication checks.\ **d) Install an on-premise Authentication Gateway Service (AGS) In front of the service provider.** 245. Which of the following BEST describes the objectives of the Business Impact Analysis (BIa)? a\) Identifying the events and environmental factors that can adversely affect an organization\ **b) Identifying what is important and critical based on disruptions that can affect the organization.**\ c) Establishing the need for a Business Continuity Plan (BCP) based on threats that can affect an organization\ d) Preparing a program to create an organizational awareness for executing the Business Continuity Plan (BCP) 246. The application owner of a system that handles confidential data leaves an organization. It is anticipated that a replacement will be hired in approximately six months. During that time, which of the following should the organization do? a\) Grant temporary access to the former application owner\'s account\ **b) Assign a temporary application owner to the system.**\ c) Restrict access to the system until a replacement application owner is hired.\ d) Prevent changes to the confidential data until a replacement application owner is hired. 247. Which of the following is used to ensure that data mining activities Will NOT reveal sensitive data? a\) Implement two-factor authentication on the underlying infrastructure.\ b) Encrypt data at the field level and tightly control encryption keys.\ **c) Preprocess the databases to see if inn...... can be disclosed from the learned patterns.**\ d) Implement the principle of least privilege on data elements so a reduced number of users can access the database. 248. Why are packet filtering routers used in low-risk environments? a\) They are high-resolution source discrimination and identification tools.\ b) They are fast and flexible and protect against Internet Protocol (IP) spoofing.\ **c) They are fast, flexible, and transparent.**\ d) They enforce strong user authentication and audit tog generation. 249. Which of the following protocols will allow the encrypted transfer of content on the Internet? a\) Server Message Block (SMB)\ **b) Secure copy**\ c) Hypertext Transfer Protocol (HTTP)\ d) Remote copy 250. What requirement MUST be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation? **a) The auditor must be independent and report directly to the management.**\ b) The auditor must utilize automated tools to back their findings.\ c) The auditor must work closely with both the information Technology (IT) and security sections of an organization.\ d) The auditor must perform manual reviews of systems and processes. 251. In order to support the least privilege security principle when a resource is transferring within the organization from a production support system administration role to a developer role, what changes should be made to the resource's access to the production operating system (OS) directory structure? a\) From Read Only privileges to No Access Privileges\ b) From Author privileges to Administrator privileges\ **c) From Administrator privileges to No Access privileges**\ d) From No Access Privileges to Author privileges 252. What is the FINAL step in the waterfall method for contingency planning? **a) Maintenance**\ b) Testing\ c) Implementation\ d) Training 253. Which of the following is a security weakness in the evaluation of common criteria (CC) products? **a) The manufacturer can state what configuration of the product is to be evaluated.**\ b) The product can be evaluated by labs m other countries.\ c) The Target of Evaluation\'s (TOE) testing environment is identical to the operating environment\ d) The evaluations are expensive and time-consuming to perform. 254. What is the second phase of public key infrastructure (PKI) key/certificate life-cycle management? a\) Implementation Phase\ b) Cancellation Phase\ c) Initialization Phase\ **d) Issued Phase** 255. Which of the following BEST describes the standard used to exchange authorization information between different identity management systems? **a) Security Assertion Markup Language (SAML)**\ b) Service Oriented Architecture (SOa)\ c) Extensible Markup Language (XML)\ d) Wireless Authentication Protocol (WAP) 256. The security team has been tasked with performing an interface test against a frontend external facing application and needs to verify that all input fields protect against invalid input. Which of the following BEST assists this process? **a) Application fuzzing**\ b) Instruction set simulation\ c) Regression testing\ d) Sanity testing 257. Which of the following is the FIRST step during digital identity provisioning? a\) Authorizing the entity for resource access\ b) Synchronizing directories\ c) Issuing an initial random password\ **d) Creating the entity record with the correct attributes** 258. Physical Access Control Systems (PACS) allow authorized security personnel to manage and monitor access control for subjects through which function? **a) Remote access administration**\ b) Personal Identity Veri fication (PIV)\ c) Access Control List (ACL)\ d) Privileged Identity Management (PIM) 259. In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC? **a) Allowing users access to files based on their group membership**\ b) Allowing users access to files based on username\ c) Allowing users access to files based on the users location at time of access\ d) Allowing users access to files based on the file type 260. During a Disaster Recovery (DR) simulation, it is discovered that the shared recovery site lacks adequate data restoration capabilities to support the implementation of multiple plans simultaneously. What would be impacted by this fact if left unchanged? a\) Recovery Point Objective (RPO)\ **b) Recovery Time Objective (RTO)**\ c) Business Impact Analysis (BIa)\ d) Return on Investment (ROI) 261. What is the MAIN objective of risk analysis in Disaster Recovery (DR) planning? a\) Establish Maximum Tolerable Downtime (MTD) Information Systems (IS).\ b) Define the variable cost for extended downtime scenarios.\ **c) Identify potential threats to business availability.**\ d) Establish personnel requirements for various downtime scenarios. 262. The adoption of an enterprise-wide Business Continuity (BC) program requires which of the following? **a) Good communication throughout the organization**\ b) A completed Business Impact Analysis (BIa)\ c) Formation of Disaster Recovery (DR) project team\ d) Well-documented information asset classification 263. A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of which of the following? a\) Transferred risk\ **b) Inherent risk**\ c) Residual risk\ d) Avoided risk 264. Which of the following is the BEST way to protect against Structured Query language (SQL) injection? a\) Enforce boundary checking.\ b) Ratfrictum of SELECT command.\ c) Restrict HyperText Markup Language (HTML) source code\ **d) Use stored procedures.** 265. When defining a set of security controls to mitigate a risk, which of the following actions MUST occur? a\) Each control\'s effectiveness must be evaluated individually.\ b) Each control must completely mitigate the risk.\ **c) The control set must adequately mitigate the risk.**\ d) The control set must evenly divided the risk. 266. A company-wide penetration test result shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability? a\) Enforce the chmod of files to 755.\ b) Enforce the control of file directory listings.\ **c) Implement access control on the web server.**\ d) Implement Secure Sockets Layer (SSL) certificates throughout the web server. 267. Which of the following provides the MOST secure method for Network Access Control (NAC)? a\) Media Access Control (MAC) filtering\ **b) 802.IX authentication**\ c) Application layer filtering\ d) Network Address Translation (NAT) 268. What does the result of Cost-Benefit Analysis (C8a) on new security initiatives provide? **a) Quantifiable justification**\ b) Baseline improvement\ c) Risk evaluation\ d) Formalized acceptance 269. Which of the following is considered the PRIMARY security issue associated with encrypted e-mail messages? **a) Key distribution**\ b) Storing attachments in centralized repositories\ c) Scanning for viruses and other malware\ d) Greater costs associated for backups and restores 270. Which media sanitization methods should be used for data with a high security categorization? a\) Clear or destroy\ b) Clear or purge\ c) Destroy or delete\ **d) Purge or destroy** 271. Which of the following is the MOST secure protocol for remote command access to the firewall? **a) Secure Shell (SSH)**\ b) Trivial File Transfer Protocol (TFTP)\ c) Hyper Text Transfer Protocol Secure (HTTPS)\ d) Simple Network Management Protocol (SNMP) v1 272. How should the retention period for an organization\'s social media content be defined? a\) Wireless Access Points (AP)\ b) Token-based authentication\ c) Host-based firewalls\ **d) Trusted platforms** 273. How should the retention period for an organization\'s social media content be defined? a\) By the retention policies of each social media service\ **b) By the records retention policy of the organization**\ c) By the Chief Information Officer (CIO)\ d) By the amount of available storage space 274. In Identity Management (IdM), when is the verification stage performed? **a) As part of system sign-on**\ b) Before creation of the identity\ c) After revocation of the identity\ d) During authorization of the identity 275. What is the PRIMARY purpose of auditing, as it relates to the security review cycle? **a) To ensure the organization\'s controls and pokies are working as intended**\ b) To ensure the organization can still be publicly traded\ c) To ensure the organization\'s executive team won\'t be sued\ d) To ensure the organization meets contractual requirements 276. Which of the following access control models is MOST restrictive? a\) Discretionary Access Control (DAC)\ **b) Mandatory Access Control (MAC)**\ c) Role Based Access Control (RBAC)\ d) Rule based access control 277. Which of the following is a canon of the (ISC)2 Code of Ethics? a\) Integrity first, association before serf, and excellence in all we do\ b) Perform all professional activities and duties in accordance with all applicable laws and the highest ethical standards.\ **c) Provide diligent and competent service to principals.**\ d) Cooperate with others in the interchange of knowledge and ideas for mutual security. 278. Which of the following will an organization\'s network vulnerability testing process BEST enhance? a\) Firewall log review processes\ b) Asset management procedures\ **c) Server hardening processes**\ d) Code review procedures 279. Which of the following is the MOST effective countermeasure against data remanence? **a) Destruction**\ b) Clearing\ c) Purging\ d) Encryption 280. A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration test. What is the BEST course of action? a\) Review data localization requirements and regulations.\ b) Review corporate security policies and procedures,\ c) With notice to the Configuring a Wireless Access Point (WAP) with the same Service Set Identifier external test.\ **d) With notice to the organization, perform an external penetration test first, then an internal test.** 281. The Rivest-Shamir-Adleman (RSa) algorithm is BEST suited for which of the following operations? a\) Bulk data encryption and decryption\ b) One-way secure hashing for user and message authentication\ **c) Secure key exchange for symmetric cryptography**\ d) Creating digital checksums for message integrity 282. Configuring a Wireless Access Point (WAP) with the same Service Set Identifier (SSID) as another WAP in order to have users unknowingly connect is referred to as which of the following? a\) Jamming\ **b) Man-in-the-Middle (MITM)**\ c) War driving\ d) Internet Protocol (IP) spoofing 283. Which of the following actions should be taken by a security professional when a mission critical computer network attack is suspected? a\) Isolate the network, log an independent report, fix the problem, and redeploy the computer.\ b) Isolate the network, install patches, and report the occurrence.\ **c) Prioritize, report, and investigate the occurrence.**\ d) Turn the rooter off, perform forensic analysis, apply the appropriate fin, and log incidents. 284. In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin? a\) Development/Acquisition\ **b) Initiation**\ c) Implementation/ Assessment\ d) Disposal 285. Of the following, which BEST provides non- repudiation with regards to access to a server room? a\) Fob and Personal Identification Number (PIN)\ b) Locked and secured cages\ **c) Biometric readers**\ d) Proximity readers 286. The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate future occurrences? **a) Encrypt disks on personal laptops.**\ b) Issue cable locks for use on personal laptops.\ c) Create policies addressing critical information on personal laptops.\ d) Monitor personal laptops for critical information. 287. Which of the following is a standard Access Control List (ACL) element that enables a router to filter Internet traffic? a\) Media Access Control (MAC) address\ **b) Internet Protocol (IP) address**\ c) Security roles\ d) Device needs 288. Which of the following will accomplish Multi-Factor Authentication (MFa)? a\) Issuing a smart card with a user-selected Personal Identification Number (PIN)\ b) Requiring users to enter a Personal Identification Number (PIN) and a password\ c) Performing a palm and retinal scan\ **d) Issuing a smart card and a One Time Password (OTP) token** 289. Which of the following is the PRIMARY issue when analysing detailed log information? a\) Logs may be unavailable when required\ **b) Timely review of the data is potentially difficult**\ c) Most systems and applications do not support logging\ d) Logs do not provide sufficient details of system and individual activities 290. How does security in a distributed file system using mutual authentication differ from file security in a multi-user host? a\) Access control can rely on the Operating System (OS), but eavesdropping is\ **b) Access control cannot rely on the Operating System (OS), and eavesdropping**\ c) Access control can rely on the Operating System (OS), and eavesdropping is\ d) Access control cannot rely on the Operating System (OS), and eavesdropping 291. Which of the following explains why classifying data is an important step in performing a Risk assessment? a\) To provide a framework for developing good security metrics\ b) To justify the selection of costly security controls\ c) To classify the security controls sensitivity that helps scope the risk assessment\ **d) To help determine the appropriate level of data security controls** 292. How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished? a\) It uses clear text and firewall rules.\ b) It relies on Virtual Private Networks (VPN).\ **c) It uses clear text and shared secret keys.**\ d) It relies on asymmetric encryption keys. 293. A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used? a\) Triple Data Encryption Standard (3DES)\ b) Advanced Encryption Standard (AES)\ **c) Digital Signature Algorithm (DSa)**\ d) Rivest-Shamir-Adieman (RSa) 294. What documentation is produced FIRST when performing an effective physical loss control process? a\) Deterrent controls list\ b) Security standards list\ c) Inventory list\ **d) Asset valuation list** 295. Who should formulate conclusions from a particular digital fore Ball, Submit a Toper Of Tags, and the results? a\) The information security professional\'s supervisor\ b) Legal counsel for the information security professional\'s employer\ **c) The information security professional who conducted the analysis**\ d) A peer reviewer of the information security professional 296. A manager identified two conflicting sensitive user functions that were assigned to a single user account that had the potential to result in financial and regulatory risk to the company. The manager MOST likely discovered this during which of the following? a\) Security control assessment.\ **b) Separation of duties analysis**\ c) Network Access Control (NAC) review\ d) Federated identity management (FIM) evaluation 297. When assessing the audit capability of an application, which of the following activities is MOST important? **a) Determine if audit records contain sufficient information.**\ b) Review security plan for actions to be taken in the event of audit failure.\ c) Verify if sufficient storage is allocated for audit records.\ d) Identify procedures to investigate suspicious activity. 298. A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to injection attacks specifically, What strategy will work BEST for the organization\'s situation? a\) Do not store sensitive unencrypted data on the back end.\ **b) Whitelist input and encode or escape output before it is processed for rendering.**\ c) Limit privileged access or hard-coding logon credentials,\ d) Store sensitive data in a buffer that retains data in operating system (OS) cache or memory. 299. Management has decided that a core application will be used on personal cellular phones. As an implementation requirement, regularly scheduled analysis of the security posture needs to be conducted. Management has also directed that continuous monitoring be implemented. Which of the following is required to accomplish management's directive? a\) Strict integration of application management, configuration management (CM), and phone management\ b) Management application installed on user phones that tracks all application events and cellular traffic\ **c) Enterprise-level security information and event management (SIEM) dashboard that provides full visibility of cellular phone activity**\ d) Routine reports generated by the user\'s cellular phone provider that detail security events 300. What is the FIRST step prior to executing a test of an organisation's disaster recovery (DR) or business continuity plan (BCP)? **a) identify key stakeholders,**\ b) Develop recommendations for disaster scenarios.\ c) Identify potential failure points.\ d) Develop clear evaluation criteria) 301. Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud-based application? a\) Host-based intrusion prevention system (HIPS)\ b) Access control list (ACL)\ c) File integrity monitoring (FIM)\ **d) Data loss prevention (DLP)** 302. Before implementing an internet-facing router, a network administrator ensures that the equipment is baselined/hardened according to approved configurations and settings. This action provides protection against which of the following attacks? **a) Blind spoofing**\ b) Media Access Control (MAC) flooding\ c) SQL injection (SQLI)\ d) Ransomware 303. A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The audit logging generates extremely high amount of logs. What is the MOST appropriate strategy for the log retention? a\) Keep last week\'s logs in an online storage and the rest in a near-line storage.\ b) Keep all logs in an online storage.\ c) Keep all logs in an offline storage.\ **d) Keep last week\'s logs in an online storage and the rest in an offline storage.** 304. Which of the following is the MOST comprehensive Business Continuity (BC) test? a\) Full functional drill\ b) Full tabletop\ c) Full simulation\ **d) Full interruption** 305. The disaster recovery (DR) process should always include **a) plan maintenance.**\ b) periodic vendor review.\ c) financial data analysis.\ d) periodic inventory review. 306. Which of the following BEST describes the purpose of software forensics? a\) To perform cyclic redundancy check (CRC) verification and detect changed applications\ b) To review program code to determine the existence of backdoors\ c) To Analyse possible malicious intent of malware\ **d) To determine the author and behaviour of the code** 307. The security architect has been assigned the responsibility of ensuring integrity of the organization\'s electronic records. Which of the following methods provides the strongest level of integrity? a\) Time stamping\ b) Encryption\ c) Hashing\ **d) Digital signature** 308. An application is used for funds transfer between an organization and a third-party. During a security audit, an issue with the business continuity/disaster recovery policy and procedures for this application. Which of the following reports should the audit file with the organization? a\) Service Organization Control (SOC) 1\ b) Statement on Auditing Standards (SAS) 70\ **c) Service Organization Control (SOC) 2**\ d) Statement on Auditing Standards (SAS) 70-1 309. An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization\'s dedicated environment with a cloud service provider. What is the BEST way to prevent and correct the software\'s security weal a\) Implement a dedicated COTS sandbox environment\ b) Follow the software end-of-life schedule\ c) Transfer the risk to the cloud service provider\ **d) Examine the software updating and patching process** 310. Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users internal control over financial reporting? a\) Statement on Auditing Standards (SAS)70\ **b) Service Organization Control 1 (SOC1)**\ c) Service Organization Control 2 (SOC2)\ d) Service Organization Control 3 (SOC3) 311. The Chief Information Security Officer (CISO) is concerned about business application availability. The organization was recently subject to a ransomware attack that resulted in the unavailability of applications and services for 10 working days that required paper-based running of all main business processes. There are now aggressive plans to enhance the Recovery Time Objective (RTO) and cater for more frequent data captures. Which of the following solutions should be implemented to fully comply to the new business requirements? **a) Virtualization**\ b) Antivirus\ c) Process isolation\ d) Host-based intrusion prevention system (HIPS) 312. Which of the following is the GREATEST risk of relying only on Capability Maturity Models (CMM) for software to guide process improvement and assess capabilities of acquired software? a\) Organizations can only reach a maturity level 3 when using CMMs\ **b) CMMs do not explicitly address safety and security**\ c) CMMs can only be used for software developed in-house\ d) CMMs are vendor specific and may be biased 313. Which of the following should exist in order to perform a security audit? a\) Industry framework to audit against\ b) External (third-party) auditor\ c) Internal certified auditor\ **d) Neutrality of the auditor** 314. Which of the following encryption technologies has the ability to function as a stream cipher? **a) Cipher Feedback (CFB)**\ b) Feistel cipher\ c) Cipher Block Chaining (CBC) with error propagation\ d) Electronic Code Book (ECB) 315. An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim\'s existing browser session with a web application is an example of which of the following

CISSP Final Question Set v2.docx PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue