CISSP.pdf

IT Certification Exams Provider! Weofferfreeupdateserviceforoneyear! hƩps://www.certqueen.com The safer , easier way to help you pass any IT exams. Exam : CISSP Title : Certified Information Systems Security Professional Version : V16.02 1 / 299 The safer , easier way to help you pass any IT exams. 1.Intellectual property rights are PRIMARY concerned with which of the following? A. Owner’s ability to realize financial gain B. Owner’s ability to maintain copyright C. Right of the owner to enjoy their creation D. Right of the owner to control delivery method Answer: C 2.Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas? A. Install mantraps at the building entrances B. Enclose the personnel entry area with polycarbonate plastic C. Supply a duress alarm for personnel exposed to the public D. Hire a guard to protect the public area Answer: D 3.Which of the following actions will reduce risk to a laptop before traveling to a high risk area? A. Examine the device for physical tampering B. Implement more stringent baseline configurations C. Purge or re-image the hard disk drive D. Change access codes Answer: D 4.All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that A. determine the risk of a business interruption occurring B. determine the technological dependence of the business processes C. Identify the operational impacts of a business interruption D. Identify the financial impacts of a business interruption Answer: B 5.What is the MOST important consideration from a data security perspective when an organization plans to relocate? A. Ensure the fire prevention and detection systems are sufficient to protect personnel B. Review the architectural plans to determine how many emergency exits are present C. Conduct a gap analysis of a new facilities against existing security requirements D. Revise the Disaster Recovery and Business Continuity (DR/BC) plan Answer: C 6.Which of the following represents the GREATEST risk to data confidentiality? A. Network redundancies are not implemented B. Security awareness training is not completed C. Backup tapes are generated unencrypted D. Users have administrative privileges Answer: C 2 / 299 The safer , easier way to help you pass any IT exams. 7.When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined? A. Only when assets are clearly defined B. Only when standards are defined C. Only when controls are put in place D. Only procedures are defined Answer: A 8.A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with? A. Application B. Storage C. Power D. Network Answer: C 9.An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements? A. Development, testing, and deployment B. Prevention, detection, and remediation C. People, technology, and operations D. Certification, accreditation, and monitoring Answer: C 10.In a data classification scheme, the data is owned by the A. system security managers B. business managers C. Information Technology (IT) managers D. end users Answer: B 11.Which of the following is an initial consideration when developing an information security management system? A. Identify the contractual security obligations that apply to the organizations B. Understand the value of the information assets C. Identify the level of residual risk that is tolerable to management D. Identify relevant legislative and regulatory compliance requirements Answer: D 12.Which of the following BEST describes the responsibilities of a data owner? A. Ensuring quality and validation through periodic audits for ongoing data integrity 3 / 299 The safer , easier way to help you pass any IT exams. B. Maintaining fundamental data availability, including data storage and archiving C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security D. Determining the impact the information has on the mission of the organization Answer: D 13.Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards? A. Personal Identity Verification (PIV) B. Cardholder Unique Identifier (CHUID) authentication C. Physical Access Control System (PACS) repeated attempt detection D. Asymmetric Card Authentication Key (CAK) challenge-response Answer: A 14.An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests. Which contract is BEST in offloading the task from the IT staff? A. Platform as a Service (PaaS) B. Identity as a Service (IDaaS) C. Desktop as a Service (DaaS) D. Software as a Service (SaaS) Answer: B 15.When implementing a data classification program, why is it important to avoid too much granularity? A. The process will require too many resources B. It will be difficult to apply to both hardware and software C. It will be difficult to assign ownership to the data D. The process will be perceived as having value Answer: C 16.Which one of the following affects the classification of data? A. Assigned security label B. Multilevel Security (MLS) architecture C. Minimum query size D. Passage of time Answer: D 17.Which of the following is MOST important when assigning ownership of an asset to a department? A. The department should report to the business owner B. Ownership of the asset should be periodically reviewed C. Individual accountability should be ensured D. All members should be trained on their responsibilities Answer: D 4 / 299 The safer , easier way to help you pass any IT exams. 18.Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments? A. Common Vulnerabilities and Exposures (CVE) B. Common Vulnerability Scoring System (CVSS) C. Asset Reporting Format (ARF) D. Open Vulnerability and Assessment Language (OVAL) Answer: B 19.What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management? A. Implementation Phase B. Initialization Phase C. Cancellation Phase D. Issued Phase Answer: D 20.Who in the organization is accountable for classification of data information assets? A. Data owner B. Data architect C. Chief Information Security Officer (CISO) D. Chief Information Officer (CIO) Answer: A 21.The use of private and public encryption keys is fundamental in the implementation of which of the following? A. Diffie-Hellman algorithm B. Secure Sockets Layer (SSL) C. Advanced Encryption Standard (AES) D. Message Digest 5 (MD5) Answer: B 22.Which technique can be used to make an encryption scheme more resistant to a known plaintext attack? A. Hashing the data before encryption B. Hashing the data after encryption C. Compressing the data after encryption D. Compressing the data before encryption Answer: D 23.Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key? A. Confidentiality B. Integrity C. Identification 5 / 299 The safer , easier way to help you pass any IT exams. D. Availability Answer: A 24.Which of the following mobile code security models relies only on trust? A. Code signing B. Class authentication C. Sandboxing D. Type safety Answer: A 25.Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress? A. Intrusion Prevention Systems (IPS) B. Intrusion Detection Systems (IDS) C. Stateful firewalls D. Network Behavior Analysis (NBA) tools Answer: D 26.An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control? A. Add a new rule to the application layer firewall B. Block access to the service C. Install an Intrusion Detection System (IDS) D. Patch the application source code Answer: A 27.An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information? A. Implement packet filtering on the network firewalls B. Install Host Based Intrusion Detection Systems (HIDS) C. Require strong authentication for administrators D. Implement logical network segmentation at the switches Answer: D 28.Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats? A. Layer 2 Tunneling Protocol (L2TP) B. Link Control Protocol (LCP) C. Challenge Handshake Authentication Protocol (CHAP) D. Packet Transfer Protocol (PTP) Answer: B 6 / 299 The safer , easier way to help you pass any IT exams. 29.Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model? A. Packet filtering B. Port services filtering C. Content filtering D. Application access control Answer: A 30.Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol? A. WEP uses a small range Initialization Vector (IV) B. WEP uses Message Digest 5 (MD5) C. WEP uses Diffie-Hellman D. WEP does not use any Initialization Vector (IV) Answer: A 31.What is the purpose of an Internet Protocol (IP) spoofing attack? A. To send excessive amounts of data to a process, making it unpredictable B. To intercept network traffic without authorization C. To disguise the destination address from a target’s IP filtering devices D. To convince a system that it is communicating with a known entity Answer: D 32.At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located? A. Link layer B. Physical layer C. Session layer D. Application layer Answer: D 33.In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node? A. Transport layer B. Application layer C. Network layer D. Session layer Answer: A 34.Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices? A. Derived credential B. Temporary security credential C. Mobile device credentialing service 7 / 299 The safer , easier way to help you pass any IT exams. D. Digest authentication Answer: A 35.What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance? A. Audit logs B. Role-Based Access Control (RBAC) C. Two-factor authentication D. Application of least privilege Answer: B 36.A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization? A. Trusted third-party certification B. Lightweight Directory Access Protocol (LDAP) C. Security Assertion Markup language (SAML) D. Cross-certification Answer: C 37.Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary? A. Limit access to predefined queries B. Segregate the database into a small number of partitions each with a separate security level C. Implement Role Based Access Control (RBAC) D. Reduce the number of people who have access to the system for statistical purposes Answer: C 38.Which of the following is of GREATEST assistance to auditors when reviewing system configurations? A. Change management processes B. User administration procedures C. Operating System (OS) baselines D. System backup documentation Answer: A 39.Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure? A. Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken B. Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability C. Management teams will understand the testing objectives and reputational risk to the organization D. Technical and management teams will better understand the testing objectives, results of each test 8 / 299 The safer , easier way to help you pass any IT exams. phase, and potential impact levels Answer: D 40.In which of the following programs is it MOST important to include the collection of security process data? A. Quarterly access reviews B. Security continuous monitoring C. Business continuity testing D. Annual security training Answer: B 41.Which of the following could cause a Denial of Service (DoS) against an authentication system? A. Encryption of audit logs B. No archiving of audit logs C. Hashing of audit logs D. Remote access audit logs Answer: D 42.A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files? A. Host VM monitor audit logs B. Guest OS access controls C. Host VM access controls D. Guest OS audit logs Answer: A 43.With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions? A. Continuously without exception for all security controls B. Before and after each change of the control C. At a rate concurrent with the volatility of the security control D. Only during system implementation and decommissioning Answer: B 44.What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application? A. Disable all unnecessary services B. Ensure chain of custody C. Prepare another backup of the system D. Isolate the system from the network Answer: D 45.A continuous information security monitoring program can BEST reduce risk through which of the 9 / 299 The safer , easier way to help you pass any IT exams. following? A. Collecting security events and correlating them to identify anomalies B. Facilitating system-wide visibility into the activities of critical user accounts C. Encompassing people, process, and technology D. Logging both scheduled and unscheduled system changes Answer: B 46.What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours? A. Warm site B. Hot site C. Mirror site D. Cold site Answer: A 47.An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause? A. Absence of a Business Intelligence (BI) solution B. Inadequate cost modeling C. Improper deployment of the Service-Oriented Architecture (SOA) D. Insufficient Service Level Agreement (SLA) Answer: D 48.Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following? A. Hardware and software compatibility issues B. Applications’ critically and downtime tolerance C. Budget constraints and requirements D. Cost/benefit analysis and business objectives Answer: D 49.When is a Business Continuity Plan (BCP) considered to be valid? A. When it has been validated by the Business Continuity (BC) manager B. When it has been validated by the board of directors C. When it has been validated by all threat scenarios D. When it has been validated by realistic exercises Answer: D 50.Which of the following is the FIRST step in the incident response process? A. Determine the cause of the incident B. Disconnect the system involved from the network C. Isolate and contain the system involved D. Investigate all symptoms to confirm the incident 10 / 299 The safer , easier way to help you pass any IT exams. Answer: D 51.Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations? A. Walkthrough B. Simulation C. Parallel D. White box Answer: C 52.A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following? A. Guaranteed recovery of all business functions B. Minimization of the need decision making during a crisis C. Insurance against litigation following a disaster D. Protection from loss of organization resources Answer: D 53.Which of the following is a PRIMARY advantage of using a third-party identity service? A. Consolidation of multiple providers B. Directory synchronization C. Web based logon D. Automated account management Answer: D 54.What is the PRIMARY reason for implementing change management? A. Certify and approve releases to the environment B. Provide version rollbacks for system changes C. Ensure that all applications are approved D. Ensure accountability for changes to the environment Answer: D 55.What should be the FIRST action to protect the chain of evidence when a desktop computer is involved? A. Take the computer to a forensic lab B. Make a copy of the hard drive C. Start documenting D. Turn off the computer Answer: C 56.The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)? A. System acquisition and development B. System operations and maintenance C. System initiation 11 / 299 The safer , easier way to help you pass any IT exams. D. System implementation Answer: A Explanation: Reference https://online.concordiA.edu/computer-science/system-development-life-cycle-phases/ 57.When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined? A. After the system preliminary design has been developed and the data security categorization has been performed B. After the vulnerability analysis has been performed and before the system detailed design begins C. After the system preliminary design has been developed and before the data security categorization begins D. After the business functional analysis and the data security categorization have been performed Answer: D 58.What is the BEST approach to addressing security issues in legacy web applications? A. Debug the security issues B. Migrate to newer, supported applications where possible C. Conduct a security assessment D. Protect the legacy application with a web application firewall Answer: D 59.Which of the following is the PRIMARY risk with using open source software in a commercial software construction? A. Lack of software documentation B. License agreements requiring release of modified code C. Expiration of the license agreement D. Costs associated with support of the software Answer: D 60.A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended? A. Least privilege B. Privilege escalation C. Defense in depth D. Privilege bracketing Answer: A 61.Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs? A. Check arguments in function calls B. Test for the security patch level of the environment C. Include logging functions 12 / 299 The safer , easier way to help you pass any IT exams. D. Digitally sign each application module Answer: B 62.Which of the following is the BEST method to prevent malware from being introduced into a production environment? A. Purchase software from a limited list of retailers B. Verify the hash key or certificate key of all updates C. Do not permit programs, patches, or updates from the Internet D. Test all new software in a segregated environment Answer: D 63.Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review? A. It has normalized severity ratings. B. It has many worksheets and practices to implement. C. It aims to calculate the risk of published vulnerabilities. D. It requires a robust risk management framework to be put in place. Answer: C 64.An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to A. encrypt the contents of the repository and document any exceptions to that requirement. B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected. C. keep individuals with access to high security areas from saving those documents into lower security areas. D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA). Answer: A 65.An advantage of link encryption in a communications network is that it A. makes key management and distribution easier. B. protects data from start to finish through the entire network. C. improves the efficiency of the transmission. D. encrypts all information, including headers and routing information. Answer: D 66.A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project? A. The organization's current security policies concerning privacy issues B. Privacy-related regulations enforced by governing bodies applicable to the organization C. Privacy best practices published by recognized security standards organizations D. Organizational procedures designed to protect privacy information 13 / 299 The safer , easier way to help you pass any IT exams. Answer: B 67.An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information? A. Implement packet filtering on the network firewalls B. Require strong authentication for administrators C. Install Host Based Intrusion Detection Systems (HIDS) D. Implement logical network segmentation at the switches Answer: D 68.Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session? A. Challenge Handshake Authentication Protocol (CHAP) B. Point-to-Point Protocol (PPP) C. Extensible Authentication Protocol (EAP) D. Password Authentication Protocol (PAP) Answer: A 69.Which of the following is an attacker MOST likely to target to gain privileged access to a system? A. Programs that write to system resources B. Programs that write to user directories C. Log files containing sensitive information D. Log files containing system calls Answer: A 70.Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain? A. An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed. B. An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject. C. An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to. D. An explanation of all the technologies employed by the collecting organization in gathering information on the data subject. Answer: B 71.Which of the following actions should be performed when implementing a change to a database schema in a production system? A. Test in development, determine dates, notify users, and implement in production B. Apply change to production, run in parallel, finalize change in production, and develop a back-out strategy C. Perform user acceptance testing in production, have users sign off, and finalize change 14 / 299 The safer , easier way to help you pass any IT exams. D. Change in development, perform user acceptance testing, develop a back-out strategy, and implement change Answer: D 72.What is the ultimate objective of information classification? A. To assign responsibility for mitigating the risk to vulnerable systems B. To ensure that information assets receive an appropriate level of protection C. To recognize that the value of any item of information may change over time D. To recognize the optimal number of classification categories and the benefits to be gained from their use Answer: B 73.Which of the following BEST represents the principle of open design? A. Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system. B. Algorithms must be protected to ensure the security and interoperability of the designed system. C. A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities. D. The security of a mechanism should not depend on the secrecy of its design or implementation. Answer: D 74.At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted A. monthly. B. quarterly. C. annually. D. bi-annually. Answer: C 75.A vulnerability test on an Information System (IS) is conducted to A. exploit security weaknesses in the IS. B. measure system performance on systems with weak security controls. C. evaluate the effectiveness of security controls. D. prepare for Disaster Recovery (DR) planning. Answer: C 76.The BEST method of demonstrating a company's security level to potential customers is A. a report from an external auditor. B. responding to a customer's security questionnaire. C. a formal report from an internal auditor. D. a site visit by a customer's security team. Answer: A 77.Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment? 15 / 299 The safer , easier way to help you pass any IT exams. A. Integration with organizational directory services for authentication B. Tokenization of data C. Accommodation of hybrid deployment models D. Identification of data location Answer: D 78.Which of the following can BEST prevent security flaws occurring in outsourced software development? A. Contractual requirements for code quality B. Licensing, code ownership and intellectual property rights C. Certification of the quality and accuracy of the work done D. Delivery dates, change management control and budgetary control Answer: C 79.Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device? A. Trusted Platform Module (TPM) B. Preboot eXecution Environment (PXE) C. Key Distribution Center (KDC) D. Simple Key-Management for Internet Protocol (SKIP) Answer: A 80.A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate? A. Encryption routines B. Random number generator C. Obfuscated code D. Botnet command and control Answer: C 81.By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the A. confidentiality of the traffic is protected. B. opportunity to sniff network traffic exists. C. opportunity for device identity spoofing is eliminated. D. storage devices are protected against availability attacks. Answer: B 82.Why must all users be positively identified prior to using multi-user computers? A. To provide access to system privileges B. To provide access to the operating system C. To ensure that unauthorized persons cannot access the computers D. To ensure that management knows what users are currently logged on Answer: C 16 / 299 The safer , easier way to help you pass any IT exams. 83.A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected? A. Trojan horse B. Denial of Service (DoS) C. Spoofing D. Man-in-the-Middle (MITM) Answer: A 84.The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using A. INSERT and DELETE. B. GRANT and REVOKE. C. PUBLIC and PRIVATE. D. ROLLBACK and TERMINATE. Answer: B 85.Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack? A. Smurf B. Rootkit exploit C. Denial of Service (DoS) D. Cross site scripting (XSS) Answer: D 86.An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring? A. A dictionary attack B. A Denial of Service (DoS) attack C. A spoofing attack D. A backdoor installation Answer: A 87.Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element? A. Transparent Database Encryption (TDE) B. Column level database encryption C. Volume encryption D. Data tokenization Answer: D 88.In a basic SYN flood attack, what is the attacker attempting to achieve? 17 / 299 The safer , easier way to help you pass any IT exams. A. Exceed the threshold limit of the connection queue for a given service B. Set the threshold to zero for a given service C. Cause the buffer to overflow, allowing root access D. Flush the register stack, allowing hijacking of the root account Answer: A 89.The birthday attack is MOST effective against which one of the following cipher technologies? A. Chaining block encryption B. Asymmetric cryptography C. Cryptographic hash D. Streaming cryptography Answer: C 90.Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures? A. Role Based Access Control (RBAC) B. Biometric access control C. Federated Identity Management (IdM) D. Application hardening Answer: A 91.A disadvantage of an application filtering firewall is that it can lead to A. a crash of the network as a result of user activities. B. performance degradation due to the rules applied. C. loss of packets on the network due to insufficient bandwidth. D. Internet Protocol (IP) spoofing by hackers. Answer: B 92.Passive Infrared Sensors (PIR) used in a non-climate controlled environment should A. reduce the detected object temperature in relation to the background temperature. B. increase the detected object temperature in relation to the background temperature. C. automatically compensate for variance in background temperature. D. detect objects of a specific temperature independent of the background temperature. Answer: C 93.Logical access control programs are MOST effective when they are A. approved by external auditors. B. combined with security token technology. C. maintained by computer security officers. D. made part of the operating system. Answer: D 94.Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches? 18 / 299 The safer , easier way to help you pass any IT exams. A. Simple Mail Transfer Protocol (SMTP) blacklist B. Reverse Domain Name System (DNS) lookup C. Hashing algorithm D. Header analysis Answer: D 95.In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan? A. Communication B. Planning C. Recovery D. Escalation Answer: A 96.What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)? A. Evaluating the efficiency of the plan B. Identifying the benchmark required for restoration C. Validating the effectiveness of the plan D. Determining the Recovery Time Objective (RTO) Answer: C 97.Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver? A. Physical B. Session C. Transport D. Data-Link Answer: C 98.The goal of software assurance in application development is to A. enable the development of High Availability (HA) systems. B. facilitate the creation of Trusted Computing Base (TCB) systems. C. prevent the creation of vulnerable applications. D. encourage the development of open source applications. Answer: C 99.The three PRIMARY requirements for a penetration test are A. A defined goal, limited time period, and approval of management B. A general objective, unlimited time, and approval of the network administrator C. An objective statement, disclosed methodology, and fixed cost D. A stated objective, liability waiver, and disclosed methodology Answer: A 100.Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network 19 / 299 The safer , easier way to help you pass any IT exams. data leakage prevention and/or monitoring? A. Cross Origin Resource Sharing (CORS) B. WebSockets C. Document Object Model (DOM) trees D. Web Interface Definition Language (IDL) Answer: B 101.Which of the following defines the key exchange for Internet Protocol Security (IPSec)? A. Secure Sockets Layer (SSL) key exchange B. Internet Key Exchange (IKE) C. Security Key Exchange (SKE) D. Internet Control Message Protocol (ICMP) Answer: B 102.What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system? A. Physical access to the electronic hardware B. Regularly scheduled maintenance process C. Availability of the network connection D. Processing delays Answer: A 103.Which of the following statements is TRUE for point-to-point microwave transmissions? A. They are not subject to interception due to encryption. B. Interception only depends on signal strength. C. They are too highly multiplexed for meaningful interception. D. They are subject to interception by an antenna within proximity. Answer: D 104.When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and A. flexible. B. confidential. C. focused. D. achievable. Answer: D 105.The overall goal of a penetration test is to determine a system's A. ability to withstand an attack. B. capacity management. C. error recovery capabilities. D. reliability under stress. Answer: A 20 / 299 The safer , easier way to help you pass any IT exams. 106.Which of the following is the FIRST step of a penetration test plan? A. Analyzing a network diagram of the target network B. Notifying the company's customers C. Obtaining the approval of the company's management D. Scheduling the penetration test during a period of least impact Answer: C 107.Copyright provides protection for which of the following? A. Ideas expressed in literary works B. A particular expression of an idea C. New and non-obvious inventions D. Discoveries of natural phenomena Answer: B 108.Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router? A. Network Address Translation (NAT) B. Application Proxy C. Routing Information Protocol (RIP) Version 2 D. Address Masking Answer: A 109.Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them? A. Write a Service Level Agreement (SLA) for the two companies. B. Set up a Virtual Private Network (VPN) between the two companies. C. Configure a firewall at the perimeter of each of the two companies. D. Establish a File Transfer Protocol (FTP) connection between the two companies. Answer: B 110.An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department? A. The service provider's policies are consistent with ISO/IEC27001 and there is evidence that the service provider is following those policies. B. The service provider will segregate the data within its systems and ensure that each region's policies are met. C. The service provider will impose controls and protections that meet or exceed the current systems controls and produce audit logs as verification. D. The service provider's policies can meet the requirements imposed by the new environment even if they differ from the organization's current policies. Answer: D 21 / 299 The safer , easier way to help you pass any IT exams. 111.What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts? A. Ensure that the Incident Response Plan is available and current. B. Determine the traffic's initial source and block the appropriate port. C. Disable or disconnect suspected target and source systems. D. Verify the threat and determine the scope of the attack. Answer: D 112.The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct A. log auditing. B. code reviews. C. impact assessments. D. static analysis. Answer: B 113.A practice that permits the owner of a data object to grant other users access to that object would usually provide A. Mandatory Access Control (MAC). B. owner-administered control. C. owner-dependent access control. D. Discretionary Access Control (DAC). Answer: D 114.Which of the following is ensured when hashing files during chain of custody handling? A. Availability B. Accountability C. Integrity D. Non-repudiation Answer: C 115.In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill? A. A full-scale simulation of an emergency and the subsequent response functions B. A specific test by response teams of individual emergency response functions C. A functional evacuation of personnel D. An activation of the backup site Answer: C 116.The type of authorized interactions a subject can have with an object is A. control. B. permission. C. procedure. D. protocol. Answer: B 22 / 299 The safer , easier way to help you pass any IT exams. 117.Which of the following is a potential risk when a program runs in privileged mode? A. It may serve to create unnecessary code complexity B. It may not enforce job separation duties C. It may create unnecessary application hardening D. It may allow malicious code to be inserted Answer: D 118.The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide A. data integrity. B. defense in depth. C. data availability. D. non-repudiation. Answer: B 119.Which of the following is an appropriate source for test data? A. Production data that is secured and maintained only in the production environment. B. Test data that has no similarities to production datA. C. Test data that is mirrored and kept up-to-date with production datA. D. Production data that has been sanitized before loading into a test environment. Answer: D 120.Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)? A. Encrypt and hash all PII to avoid disclosure and tampering. B. Store PII for no more than one year. C. Avoid storing PII in a Cloud Service Provider. D. Adherence to collection limitation laws and regulations. Answer: D 121.In a financial institution, who has the responsibility for assigning the classification to a piece of information? A. Chief Financial Officer (CFO) B. Chief Information Security Officer (CISO) C. Originator or nominated owner of the information D. Department head responsible for ensuring the protection of the information Answer: C 122.The process of mutual authentication involves a computer system authenticating a user and authenticating the A. user to the audit process. B. computer system to the user. 23 / 299 The safer , easier way to help you pass any IT exams. C. user's access to all authorized objects. D. computer system to the audit process. Answer: B 123.When implementing controls in a heterogeneous end-point network for an organization, it is critical that A. hosts are able to establish network communications. B. users can make modifications to their security software configurations. C. common software security components be implemented across all hosts. D. firewalls running on each host are fully customizable by the user. Answer: C 124.Which of the following is a security feature of Global Systems for Mobile Communications (GSM)? A. It uses a Subscriber Identity Module (SIM) for authentication. B. It uses encrypting techniques for all communications. C. The radio spectrum is divided with multiple frequency carriers. D. The signal is difficult to read as it provides end-to-end encryption. Answer: A 125.Which of the following does the Encapsulating Security Payload (ESP) provide? A. Authorization and integrity B. Availability and integrity C. Integrity and confidentiality D. Authorization and confidentiality Answer: C 126.What maintenance activity is responsible for defining, implementing, and testing updates to application systems? A. Program change control B. Regression testing C. Export exception control D. User acceptance testing Answer: A 127.Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data? A. Immediately document the finding and report to senior management. B. Use system privileges to alter the permissions to secure the server C. Continue the testing to its completion and then inform IT management D. Terminate the penetration test and pass the finding to the server management team Answer: A 128.Which one of these risk factors would be the LEAST important consideration in choosing a building 24 / 299 The safer , easier way to help you pass any IT exams. site for a new computer facility? A. Vulnerability to crime B. Adjacent buildings and businesses C. Proximity to an airline flight path D. Vulnerability to natural disasters Answer: C 129.Which of the following is the MAIN reason that system re-certification and re-accreditation are needed? A. To assist data owners in making future sensitivity and criticality determinations B. To assure the software development team that all security issues have been addressed C. To verify that security protection remains acceptable to the organizational security policy D. To help the security team accept or reject new systems for implementation and production Answer: C 130.The stringency of an Information Technology (IT) security assessment will be determined by the A. system's past security record. B. size of the system's database. C. sensitivity of the system's data. D. age of the system. Answer: C 131.Following the completion of a network security assessment, which of the following can BEST be demonstrated? A. The effectiveness of controls can be accurately measured B. A penetration test of the network will fail C. The network is compliant to industry standards D. All unpatched vulnerabilities have been identified Answer: A 132.What is the MOST effective countermeasure to a malicious code attack against a mobile system? A. Sandbox B. Change control C. Memory management D. Public-Key Infrastructure (PKI) Answer: A 133.Which of the following statements is TRUE of black box testing? A. Only the functional specifications are known to the test planner. B. Only the source code and the design documents are known to the test planner. C. Only the source code and functional specifications are known to the test planner. D. Only the design documents and the functional specifications are known to the test planner. Answer: A 25 / 299 The safer , easier way to help you pass any IT exams. 134.Why MUST a Kerberos server be well protected from unauthorized access? A. It contains the keys of all clients. B. It always operates at root privilege. C. It contains all the tickets for services. D. It contains the Internet Protocol (IP) address of all network entities. Answer: A 135.An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered? A. As part of the SLA renewal process B. Prior to a planned security audit C. Immediately after a security breach D. At regularly scheduled meetings Answer: D 136.The FIRST step in building a firewall is to A. assign the roles and responsibilities of the firewall administrators. B. define the intended audience who will read the firewall policy. C. identify mechanisms to encourage compliance with the policy. D. perform a risk analysis to identify issues to be addressed. Answer: D 137.Which one of the following is a fundamental objective in handling an incident? A. To restore control of the affected systems B. To confiscate the suspect's computers C. To prosecute the attacker D. To perform full backups of the system Answer: A 138.Internet Protocol (IP) source address spoofing is used to defeat A. address-based authentication. B. Address Resolution Protocol (ARP). C. Reverse Address Resolution Protocol (RARP). D. Transmission Control Protocol (TCP) hijacking. Answer: A 139.When transmitting information over public networks, the decision to encrypt it should be based on A. the estimated monetary value of the information. B. whether there are transient nodes relaying the transmission. C. the level of confidentiality of the information. D. the volume of the information. Answer: C 26 / 299 The safer , easier way to help you pass any IT exams. 140.Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks? A. Data compression B. Data classification C. Data warehousing D. Data validation Answer: D 141.Which of the following is an effective method for avoiding magnetic media data remanence? A. Degaussing B. Encryption C. Data Loss Prevention (DLP) D. Authentication Answer: A 142.What is the FIRST step in developing a security test and its evaluation? A. Determine testing methods B. Develop testing procedures C. Identify all applicable security requirements D. Identify people, processes, and products not in compliance Answer: C 143.Multi-threaded applications are more at risk than single-threaded applications to A. race conditions. B. virus infection. C. packet sniffing. D. database injection. Answer: A 144.What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source? A. Man-in-the-Middle (MITM) attack B. Smurfing C. Session redirect D. Spoofing Answer: D 145.Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what? A. Interface with the Public Key Infrastructure (PKI) B. Improve the quality of security software C. Prevent Denial of Service (DoS) attacks D. Establish a secure initial state 27 / 299 The safer , easier way to help you pass any IT exams. Answer: D 146.Which of the following is considered best practice for preventing e-mail spoofing? A. Spam filtering B. Cryptographic signature C. Uniform Resource Locator (URL) filtering D. Reverse Domain Name Service (DNS) lookup Answer: B 147.The key benefits of a signed and encrypted e-mail include A. confidentiality, authentication, and authorization. B. confidentiality, non-repudiation, and authentication. C. non-repudiation, authorization, and authentication. D. non-repudiation, confidentiality, and authorization. Answer: B 148.As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to A. overcome the problems of key assignments. B. monitor the opening of windows and doors. C. trigger alarms when intruders are detected. D. lock down a facility during an emergency. Answer: A 149.An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor? A. Provide the encrypted passwords and analysis tools to the auditor for analysis. B. Analyze the encrypted passwords for the auditor and show them the results. C. Demonstrate that non-compliant passwords cannot be created in the system. D. Demonstrate that non-compliant passwords cannot be encrypted in the system. Answer: C 150.Which of the following would be the FIRST step to take when implementing a patch management program? A. Perform automatic deployment of patches. B. Monitor for vulnerabilities and threats. C. Prioritize vulnerability remediation. D. Create a system inventory. Answer: D 151.The Hardware Abstraction Layer (HAL) is implemented in the A. system software. B. system hardware. 28 / 299 The safer , easier way to help you pass any IT exams. C. application software. D. network hardware. Answer: A 152.To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded? A. Multiple-pass overwriting B. Degaussing C. High-level formatting D. Physical destruction Answer: C 153.An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced? A. Data leakage B. Unfiltered channel C. Data emanation D. Covert channel Answer: A 154.What principle requires that changes to the plaintext affect many parts of the ciphertext? A. Diffusion B. Encapsulation C. Obfuscation D. Permutation Answer: A 155.A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step? A. Identify and select recovery strategies. B. Present the findings to management for funding. C. Select members for the organization's recovery teams. D. Prepare a plan to test the organization's ability to recover its operations. Answer: A 156.Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits? A. Determining the probability that the system functions safely during any time period B. Quantifying the system's available services C. Identifying the number of security flaws within the system D. Measuring the system's integrity in the presence of failure Answer: C 29 / 299 The safer , easier way to help you pass any IT exams. 157.What is an effective practice when returning electronic storage media to third parties for repair? A. Ensuring the media is not labeled in any way that indicates the organization's name. B. Disassembling the media and removing parts that may contain sensitive datA. C. Physically breaking parts of the media that may contain sensitive datA. D. Establishing a contract with the third party regarding the secure handling of the mediA. Answer: D 158.Which of the following is the BEST mitigation from phishing attacks? A. Network activity monitoring B. Security awareness training C. Corporate policy and procedures D. Strong file and directory permissions Answer: B 159.Which of the following does Temporal Key Integrity Protocol (TKIP) support? A. Multicast and broadcast messages B. Coordination of IEEE 802.11 protocols C. Wired Equivalent Privacy (WEP) systems D. Synchronization of multiple devices Answer: C 160.Which of the following is a security limitation of File Transfer Protocol (FTP)? A. Passive FTP is not compatible with web browsers. B. Anonymous access is allowed. C. FTP uses Transmission Control Protocol (TCP) ports 20 and 21. D. Authentication is not encrypted. Answer: D 161.How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system? A. Take another backup of the media in question then delete all irrelevant operating system files. B. Create a comparison database of cryptographic hashes of the files from a system with the same operating system and patch level. C. Generate a message digest (MD) or secure hash on the drive image to detect tampering of the media being examined. D. Discard harmless files for the operating system, and known installed programs. Answer: B 162.Which of the following is a network intrusion detection technique? A. Statistical anomaly B. Perimeter intrusion C. Port scanning D. Network spoofing 30 / 299 The safer , easier way to help you pass any IT exams. Answer: C 163.During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems? A. A review of hiring policies and methods of verification of new employees B. A review of all departmental procedures C. A review of all training procedures to be undertaken D. A review of all systems by an experienced administrator Answer: D 164.When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed? A. Create a user profile. B. Create a user access matrix. C. Develop an Access Control List (ACL). D. Develop a Role Based Access Control (RBAC) list. Answer: B 165.When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include A. hardened building construction with consideration of seismic factors. B. adequate distance from and lack of access to adjacent buildings. C. curved roads approaching the data center. D. proximity to high crime areas of the city. Answer: D 166.Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming? A. Anti-tampering B. Secure card reader C. Radio Frequency (RF) scanner D. Intrusion Prevention System (IPS) Answer: A 167.Which one of the following describes granularity? A. Maximum number of entries available in an Access Control List (ACL) B. Fineness to which a trusted system can authenticate users C. Number of violations divided by the number of total accesses D. Fineness to which an access control system can be adjusted Answer: D 168.Which one of the following is a threat related to the use of web-based client side input validation? 31 / 299 The safer , easier way to help you pass any IT exams. A. Users would be able to alter the input after validation has occurred B. The web server would not be able to validate the input after transmission C. The client system could receive invalid input from the web server D. The web server would not be able to receive invalid input from the client Answer: A 169.Which one of the following transmission media is MOST effective in preventing data interception? A. Microwave B. Twisted-pair C. Fiber optic D. Coaxial cable Answer: C 170.Which of the following is TRUE about Disaster Recovery Plan (DRP) testing? A. Operational networks are usually shut down during testing. B. Testing should continue even if components of the test fail. C. The company is fully prepared for a disaster if all tests pass. D. Testing should not be done until the entire disaster plan can be tested. Answer: B 171.While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used? A. Trusted path B. Malicious logic C. Social engineering D. Passive misuse Answer: C 172.Who must approve modifications to an organization's production infrastructure configuration? A. Technical management B. Change control board C. System operations D. System users Answer: B 173.Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy? A. Detection B. Prevention C. Investigation D. Correction Answer: A 32 / 299 The safer , easier way to help you pass any IT exams. 174.Which one of the following considerations has the LEAST impact when considering transmission security? A. Network availability B. Data integrity C. Network bandwidth D. Node locations Answer: C 175.Which of the following is an essential element of a privileged identity lifecycle management? A. Regularly perform account re-validation and approval B. Account provisioning based on multi-factor authentication C. Frequently review performed activities and request justification D. Account information to be provided by supervisor or line manager Answer: A 176.Which of the following MUST be done when promoting a security awareness program to senior management? A. Show the need for security; identify the message and the audience B. Ensure that the security presentation is designed to be all-inclusive C. Notify them that their compliance is mandatory D. Explain how hackers have enhanced information security Answer: D 177.Contingency plan exercises are intended to do which of the following? A. Train personnel in roles and responsibilities B. Validate service level agreements C. Train maintenance personnel D. Validate operation metrics Answer: A 178.Which of the following is the best practice for testing a Business Continuity Plan (BCP)? A. Test before the IT Audit B. Test when environment changes C. Test after installation of security patches D. Test after implementation of system patches Answer: B 179.Why is a system's criticality classification important in large organizations? A. It provides for proper prioritization and scheduling of security and maintenance tasks. B. It reduces critical system support workload and reduces the time required to apply patches. C. It allows for clear systems status communications to executive management. D. It provides for easier determination of ownership, reducing confusion as to the status of the asset. Answer: A 33 / 299 The safer , easier way to help you pass any IT exams. 180.In Business Continuity Planning (BCP), what is the importance of documenting business processes? A. Provides senior management with decision-making tools B. Establishes and adopts ongoing testing and maintenance strategies C. Defines who will perform which functions during a disaster or emergency D. Provides an understanding of the organization's interdependencies Answer: D 181.Which security action should be taken FIRST when computer personnel are terminated from their jobs? A. Remove their computer access B. Require them to turn in their badge C. Conduct an exit interview D. Reduce their physical access level to the facility Answer: A 182.The PRIMARY purpose of a security awareness program is to A. ensure that everyone understands the organization's policies and procedures. B. communicate that access to information will be granted on a need-to-know basis. C. warn all users that access to all systems will be monitored on a daily basis. D. comply with regulations related to data and information protection. Answer: A 183.Which of the following Disaster Recovery (DR) sites is the MOST difficult to test? A. Hot site B. Cold site C. Warm site D. Mobile site Answer: B 184.What technique BEST describes antivirus software that detects viruses by watching anomalous behavior? A. Signature B. Inference C. Induction D. Heuristic Answer: D 185.Which of the following is the BEST way to verify the integrity of a software patch? A. Cryptographic checksums B. Version numbering C. Automatic updates D. Vendor assurance Answer: A 34 / 299 The safer , easier way to help you pass any IT exams. 186.What security management control is MOST often broken by collusion? A. Job rotation B. Separation of duties C. Least privilege model D. Increased monitoring Answer: B 187.Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted? A. False Acceptance Rate (FAR) B. False Rejection Rate (FRR) C. Crossover Error Rate (CER) D. Rejection Error Rate Answer: A 188.An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why? A. The behavior is ethical because the tool will be used to create a better virus scanner. B. The behavior is ethical because any experienced programmer could create such a tool. C. The behavior is not ethical because creating any kind of virus is bad. D. The behavior is not ethical because such a tool could be leaked on the Internet. Answer: A 189.What is the PRIMARY reason for ethics awareness and related policy implementation? A. It affects the workflow of an organization. B. It affects the reputation of an organization. C. It affects the retention rate of employees. D. It affects the morale of the employees. Answer: B 190.Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. Following best practice, where should the permitted access for each department and job classification combination be specified? A. Security procedures B. Security standards C. Human resource policy D. Human resource standards 35 / 299 The safer , easier way to help you pass any IT exams. Answer: B 191.A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as A. least privilege. B. rule based access controls. C. Mandatory Access Control (MAC). D. separation of duties. Answer: D 192.When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints? A. Temporal Key Integrity Protocol (TKIP) B. Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK) C. Wi-Fi Protected Access 2 (WPA2) Enterprise D. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) Answer: C 193.Refer to the information below to answer the question. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following documents explains the proper use of the organization's assets? A. Human resources policy B. Acceptable use policy C. Code of ethics D. Access control policy Answer: B 194.Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. What additional considerations are there if the third party is located in a different country? A. The organizational structure of the third party and how it may impact timelines within the organization B. The ability of the third party to respond to the organization in a timely manner and with accurate information C. The effects of transborder data flows and customer expectations regarding the storage or processing of their data D. The quantity of data that must be provided to the third party and how it is to be used Answer: C 36 / 299 The safer , easier way to help you pass any IT exams. 195.Which of the following assures that rules are followed in an identity management architecture? A. Policy database B. Digital signature C. Policy decision point D. Policy enforcement point Answer: D 196.Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0 to integrate a third-party identity provider for a service? A. Resource Servers are required to use passwords to authenticate end users. B. Revocation of access of some users of the third party instead of all the users from the third party. C. Compromise of the third party means compromise of all the users in the service. D. Guest users need to authenticate with the third party identity provider. Answer: A 197.Refer to the information below to answer the question. A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks? A. Client privilege administration is inherently weaker than server privilege administration. B. Client hardening and management is easier on clients than on servers. C. Client-based attacks are more common and easier to exploit than server and network based attacks. D. Client-based attacks have higher financial impact. Answer: C 198.Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode? A. Automatically create exceptions for specific actions or files B. Determine which files are unsafe to access and blacklist them C. Automatically whitelist actions or files known to the system D. Build a baseline of normal or safe system events for review Answer: D 199.A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue? A. A lack of baseline standards B. Improper documentation of security guidelines C. A poorly designed security policy communication program D. Host-based Intrusion Prevention System (HIPS) policies are ineffective Answer: A 37 / 299 The safer , easier way to help you pass any IT exams. 200.Refer to the information below to answer the question. Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed. After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing? A. Commercial products often have serious weaknesses of the magnetic force available in the degausser product. B. Degausser products may not be properly maintained and operated. C. The inability to turn the drive around in the chamber for the second pass due to human error. D. Inadequate record keeping when sanitizing media. Answer: B 201.What do Capability Maturity Models (CMM) serve as a benchmark for in an organization? A. Experience in the industry B. Definition of security profiles C. Human resource planning efforts D. Procedures in systems development Answer: D 202.Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)? A. Maintaining an inventory of authorized Access Points (AP) and connecting devices B. Setting the radio frequency to the minimum range required C. Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator D. Verifying that all default passwords have been changed Answer: A 203.What is the MOST important reason to configure unique user IDs? A. Supporting accountability B. Reducing authentication errors C. Preventing password compromise D. Supporting Single Sign On (SSO) Answer: A 204.An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule? A. Pending legal hold B. Long term data mining needs C. Customer makes request to retain D. Useful for future business initiatives Answer: A 38 / 299 The safer , easier way to help you pass any IT exams. 205.Which of the following methods provides the MOST protection for user credentials? A. Forms-based authentication B. Digest authentication C. Basic authentication D. Self-registration Answer: B 206.If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the A. default gateway. B. attacker's address. C. local interface being attacked. D. specified source address. Answer: D 207.An organization's data policy MUST include a data retention period which is based on A. application dismissal. B. business procedures. C. digital certificates expiration. D. regulatory compliance. Answer: D 208.Which of the following is the MOST difficult to enforce when using cloud computing? A. Data access B. Data backup C. Data recovery D. Data disposal Answer: D 209.Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks? A. Timing B. Cold boot C. Side channel D. Acoustic cryptanalysis Answer: B 210.Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. The security program can be considered effective when A. vulnerabilities are proactively identified. B. audits are regularly performed and reviewed. 39 / 299 The safer , easier way to help you pass any IT exams. C. backups are regularly performed and validated. D. risk is lowered to an acceptable level. Answer: D 211.Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. The organization should ensure that the third party's physical security controls are in place so that they A. are more rigorous than the original controls. B. are able to limit access to sensitive information. C. allow access by the organization staff at any time. D. cannot be accessed by subcontractors of the third party. Answer: B 212.Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will MOST likely allow the organization to keep risk at an acceptable level? A. Increasing the amount of audits performed by third parties B. Removing privileged accounts from operational staff C. Assigning privileged functions to appropriate staff D. Separating the security function into distinct roles Answer: C 213.An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation? A. Clients can authenticate themselves to the servers. B. Mutual authentication is available between the clients and servers. C. Servers are able to issue digital certificates to the client. D. Servers can authenticate themselves to the client. Answer: D 214.Which of the following is the MOST effective attack against cryptographic hardware modules? A. Plaintext B. Brute force C. Power analysis D. Man-in-the-middle (MITM) Answer: C 40 / 299 The safer , easier way to help you pass any IT exams. 215.Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation? A. Two-factor authentication B. Digital certificates and hardware tokens C. Timed sessions and Secure Socket Layer (SSL) D. Passwords with alpha-numeric and special characters Answer: C 216.A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS? A. The entire enterprise network infrastructure. B. The handheld devices, wireless access points and border gateway. C. The end devices, wireless access points, WLAN, switches, management console, and firewall. D. The end devices, wireless access points, WLAN, switches, management console, and Internet Answer: C 217.Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will indicate where the IT budget is BEST allocated during this time? A. Policies B. Frameworks C. Metrics D. Guidelines Answer: C 218.The use of proximity card to gain access to a building is an example of what type of security control? A. Legal B. Logical C. Physical D. Procedural Answer: C 219.Which of the following is a critical factor for implementing a successful data classification program? A. Executive sponsorship B. Information security sponsorship C. End-user acceptance D. Internal audit acceptance Answer: A 41 / 299 The safer , easier way to help you pass any IT exams. 220.Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. In a Bell-LaPadula system, which user cannot write to File 3? A. User A B. User B C. User C D. User D Answer: D 221.What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password? A. Brute force attack B. Frequency analysis C. Social engineering D. Dictionary attack Answer: C 222.Which of the following violates identity and access management best practices? A. User accounts B. System accounts C. Generic accounts D. Privileged accounts Answer: C 223.With data labeling, which of the following MUST be the key decision maker? A. Information security B. Departmental management C. Data custodian D. Data owner Answer: D 224.Which of the following is the BEST countermeasure to brute force login attacks? A. Changing all canonical passwords B. Decreasing the number of concurrent user sessions C. Restricting initial password delivery only in person 42 / 299 The safer , easier way to help you pass any IT exams. D. Introducing a delay after failed system access attempts Answer: D 225.Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks? A. Masquerading, salami, malware, polymorphism B. Brute force, dictionary, phishing, keylogger C. Zeus, netbus, rabbit, turtle D. Token, biometrics, IDS, DLP Answer: B 226.Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications? A. Application monitoring procedures B. Configuration control procedures C. Security audit procedures D. Software patching procedures Answer: B 227.Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. When determining appropriate resource allocation, which of the following is MOST important to monitor? A. Number of system compromises B. Number of audit findings C. Number of staff reductions D. Number of additional assets Answer: B 228.Which of the following is required to determine classification and ownership? A. System and data resources are properly identified B. Access violations are logged and audited C. Data file references are identified and linked D. System security controls are fully integrated Answer: A 229.Which of the following is the PRIMARY benefit of a formalized information classification program? A. It drives audit processes. B. It supports risk assessment. C. It reduces asset vulnerabilities. D. It minimizes system logging requirements. 43 / 299 The safer , easier way to help you pass any IT exams. Answer: B 230.Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. In addition to authentication at the start of the user session, best practice would require re-authentication A. periodically during a session. B. for each business process. C. at system sign-off. D. after a period of inactivity. Answer: D 231.A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation? A. The inherent risk is greater than the residual risk. B. The Annualized Loss Expectancy (ALE) approaches zero. C. The expected loss from the risk exceeds mitigation costs. D. The infrastructure budget can easily cover the upgrade costs. Answer: C 232.What is the MAIN feature that onion routing networks offer? A. Non-repudiation B. Traceability C. Anonymity D. Resilience Answer: C 233.The amount of data that will be collected during an audit is PRIMARILY determined by the. A. audit scope. B. auditor's experience level. C. availability of the data. D. integrity of the data. Answer: A 234.Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. The third party needs to have 44 / 299 The safer , easier way to help you pass any IT exams. A. processes that are identical to that of the organization doing the outsourcing. B. access to the original personnel that were on staff at the organization. C. the ability to maintain all of the applications in languages they are familiar with. D. access to the skill sets consistent with the programming languages used by the organization. Answer: D 235.Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. What MUST the access control logs contain in addition to the identifier? A. Time of the access B. Security classification C. Denied access attempts D. Associated clearance Answer: A 236.Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives? A. Severity of risk B. Complexity of strategy C. Frequency of incidents D. Ongoing awareness Answer: A 237.When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following? A. Perform a service provider PCI-DSS assessment on a yearly basis. B. Validate the service provider's PCI-DSS compliance status on a regular basis. C. Validate that the service providers security policies are in alignment with those of the organization. D. Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis. Answer: B 238.Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, 45 / 299 The safer , easier way to help you pass any IT exams. while Table B lists the security classes of four different files. In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four files? A. User A B. User B C. User C D. User D Answer: D 239.Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. Which of the following is true according to the star property (*property)? A. User D can write to File 1 B. User B can write to File 1 C. User A can write to File 1 D. User C can write to File 1 Answer: C 240.Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen? A. Set up a BIOS and operating system password B. Encrypt the virtual drive where confidential files can be stored C. Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network D. Encrypt the entire disk and delete contents after a set number of failed access attempts Answer: D 241.Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. 46 / 299 The safer , easier way to help you pass any IT exams. If the intrusion causes the system processes to hang, which of the following has been affected? A. System integrity B. System availability C. System confidentiality D. System auditability Answer: B 242.Which of the following is the BEST reason to review audit logs periodically? A. Verify they are operating properly B. Monitor employee productivity C. Identify anomalies in use patterns D. Meet compliance regulations Answer: C 243.Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised? A. Availability B. Integrity C. Accountability D. Confidentiality Answer: D 244.Which of the following is the MOST crucial for a successful audit plan? A. Defining the scope of the audit to be performed B. Identifying the security controls to be implemented C. Working with the system owner on new controls D. Acquiring evidence of systems that are not compliant Answer: A 245.During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again? A. Encrypt communications between the servers B. Encrypt the web server traffic C. Implement server-side filtering D. Filter outgoing traffic at the perimeter firewall Answer: C 246.From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system? 47 / 299 The safer , easier way to help you pass any IT exams. A. Configure secondary servers to use the primary server as a zone forwarder. B. Block all Transmission Control Protocol (TCP) connections. C. Disable all recursive queries on the name servers. D. Limit zone transfers to authorized devices. Answer: D 247.When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)? A. Retain intellectual property rights through contractual wording. B. Perform overlapping code reviews by both parties. C. Verify that the contractors attend development planning meetings. D. Create a separate contractor development environment. Answer: B 248.What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service? A. Some users are not provisioned into the service. B. SAML tokens are provided by the on-premise identity provider. C. Single users cannot be revoked from the service. D. SAML tokens contain user information. Answer: A 249.Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage? A. Requirements Analysis B. Development and Deployment C. Production Operations D. Utilization Support Answer: A 250.What physical characteristic does a retinal scan biometric device measure? A. The amount of light reflected by the retina B. The size, curvature, and shape of the retina C. The pattern of blood vessels at the back of the eye D. The pattern of light receptors at the back of the eye Answer: C 251.Which of the following is the MOST beneficial to review when performing an IT audit? A. Audit policy B. Security log C. Security policies D. Configuration settings Answer: C 252.Refer to the information below to answer the question. 48 / 299 The safer , easier way to help you pass any IT exams. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. Which of the following is considered the MOST important priority for the information security officer? A. Formal acceptance of the security strategy B. Disciplinary actions taken against unethical behavior C. Development of an awareness program for new employees D. Audit of all organization system configurations for faults Answer: A 253.Refer to the information below to answer the question. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer? A. Run software uninstall B. Re-image the computer C. Find and remove all installation files D. Delete all cookies stored in the web browser cache Answer: B 254.Which of the following is the BEST solution to provide redundancy for telecommunications links? A. Provide multiple links from the same telecommunications vendor. B. Ensure that the telecommunications links connect to the network in one location. C. Ensure that the telecommunications links connect to the network in multiple locations. D. Provide multiple links from multiple telecommunications vendors. Answer: D 255.When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial? A. Testing phase B. Development phase C. Requirements definition phase D. Operations and maintenance phase Answer: C 256.Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information? A. Unauthorized database changes 49 / 299 The safer , easier way to help you pass any IT exams. B. Integrity of security logs C. Availability of the database D. Confidentiality of the incident Answer: A 257.A Business Continuity Plan (BCP) is based on A. the policy and procedures manual. B. an existing BCP from a similar organization. C. a review of the business processes and procedures. D. a standard checklist of required items and objectives. Answer: D 258.Which item below is a federated identity standard? A. 802.11i B. Kerberos C. Lightweight Directory Access Protocol (LDAP) D. Security Assertion Markup Language (SAML) Answer: D 259.Which of the following is the MAIN goal of a data retention policy? A. Ensure that data is destroyed properly. B. Ensure that data recovery can be done on the datA. C. Ensure the integrity and availability of data for a predetermined amount of time. D. Ensure the integrity and confidentiality of data for a predetermined amount of time. Answer: C 260.For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing? A. Hash functions B. Data segregation C. File system permissions D. Non-repudiation controls Answer: B 261.Which of the following is a detective access control mechanism? A. Log review B. Least privilege C. Password complexity D. Non-disclosure agreement Answer: A 262.A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment? A. Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software. 50 / 299 The safer , easier way to help you pass any IT exams. B. Use Secure Sockets Layer (SSL) VPN technology. C. Use Secure Shell (SSH) with public/private keys. D. Require students to purchase home router capable of VPN. Answer: B 263.Which of the following MOST influences the design of the organization's electronic monitoring policies? A. Workplace privacy laws B. Level of organizational trust C. Results of background checks D. Business ethical considerations Answer: A 264.During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this? A. The procurement officer lacks technical knowledge. B. The security requirements have changed during the procurement process. C. There were no security professionals in the vendor's bidding team. D. The description of the security requirements was insufficient. Answer: D 265.What component of a web application that stores the session state in a cookie can be bypassed by an attacker? A. An initialization check B. An identification check C. An authentication check D. An authorization check Answer: C 266.What is t

Document Details

Tags

Related

Full Transcript

Upgrade to continue