CISSP Past Paper PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document contains practice questions for a CISSP exam. The questions cover various aspects of information security, including business continuity, business impact analysis, and risk management. The questions are in a multiple-choice format, and the answers are possibly available in another corresponding file.
Full Transcript
QUESTION 1 All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that A. determine the risk of a business interruption occurring B. determine the technological dependence of the business processes C. Identify the operationa...
QUESTION 1 All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that A. determine the risk of a business interruption occurring B. determine the technological dependence of the business processes C. Identify the operational impacts of a business interruption D. Identify the financial impacts of a business interruption QUESTION 2 Which of the following actions will reduce risk to a laptop before traveling to a high risk area? A. Examine the device for physical tampering B. Implement more stringent baseline configurations C. Purge or re-image the hard disk drive D. Change access codes QUESTION 3 What is the MOST important consideration from a data security perspective when an organization plans to relocate? A. Ensure the fire prevention and detection systems are su icient to protect personnel B. Review the architectural plans to determine how many emergency exits are present C. Conduct a gap analysis of a new facilities against existing security requirements D. Revise the Disaster Recovery and Business Continuity (DR/BC) plan QUESTION 4 Intellectual property rights are PRIMARY concerned with which of the following? A. Owner’s ability to realize financial gain B. Owner’s ability to maintain copyright C. Right of the owner to enjoy their creation D. Right of the owner to control delivery method QUESTION 5 A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk? A. 25% B. 50% C. 75% D. 100% QUESTION 6 What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source? A. Smurfing B. Man-in-the-Middle (MITM) attack C. Session redirect D. Spoofing QUESTION 7 Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities? A. Security governance B. Risk management C. Security portfolio management D. Risk assessment QUESTION 8 Which of the following would MINIMIZE the ability of an attacker to exploit a bu er overflow? A. Memory review B. Code review C. Message division D. Bu er division QUESTION 9 Which of the following is MOST important when assigning ownership of an asset to a department? A. The department should report to the business owner B. Ownership of the asset should be periodically reviewed C. Individual accountability should be ensured D. All members should be trained on their responsibilities QUESTION 10 Which of the following BEST describes the responsibilities of a data owner? A. Ensuring quality and validation through periodic audits for ongoing data integrity B. Maintaining fundamental data availability, including data storage and archiving C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security D. Determining the impact the information has on the mission of the organization QUESTION 11 An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) sta has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests. Which contract is BEST in o loading the task from the IT sta ? A. Platform as a Service (PaaS) B. Identity as a Service (IDaaS) C. Desktop as a Service (DaaS) D. Software as a Service (SaaS) QUESTION 12 When implementing a data classification program, why is it important to avoid too much granularity? A. The process will require too many resources B. It will be di icult to apply to both hardware and software C. It will be di icult to assign ownership to the data D. The process will be perceived as having value QUESTION 13 In a data classification scheme, the data is owned by the A. system security managers B. business managers C. Information Technology (IT) managers D. end users QUESTION 14 Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance? A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements B. Data stewardship roles, data handling and storage standards, data lifecycle requirements C. Compliance o ice roles and responsibilities, classified material handling standards, storage system lifecycle requirements D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements QUESTION 15 When network management is outsourced to third parties, which of the following is the MOST e ective method of protecting critical data assets? A. Log all activities associated with sensitive systems B. Provide links to security policies C. Confirm that confidentially agreements are signed D. Employ strong access controls QUESTION 16 Which of the following is the MOST appropriate action when reusing media that contains sensitive data? A. Erase B. Sanitize C. Encrypt D. Degauss QUESTION 17 An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST e ective in mitigating this vulnerability? A. Di le-Hellman (DH) algorithm B. Elliptic Curve Cryptography (ECC) algorithm C. Digital Signature algorithm (DSA) D. Rivest-Shamir-Adleman (RSA) algorithm QUESTION 18 Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center? A. Inert gas fire suppression system B. Halon gas fire suppression system C. Dry-pipe sprinklers D. Wet-pipe sprinklers QUESTION 19 Unused space in a disk cluster is important in media analysis because it may contain which of the following? A. Residual data that has not been overwritten B. Hidden viruses and Trojan horses C. Information about the File Allocation table (FAT) D. Information about patches and upgrades to the system QUESTION 20 Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive? A. Triple Data Encryption Standard (3DES) B. Advanced Encryption Standard (AES) C. Message Digest 5 (MD5) D. Secure Hash Algorithm 2(SHA-2) QUESTION 21 Which of the following is the MOST e ective method to mitigate Cross-Site Scripting (XSS) attacks? A. Use Software as a Service (SaaS) B. Whitelist input validation C. Require client certificates D. Validate data output QUESTION 22 Which technique can be used to make an encryption scheme more resistant to a known plaintext attack? A. Hashing the data before encryption B. Hashing the data after encryption C. Compressing the data after encryption D. Compressing the data before encryption QUESTION 23 Who in the organization is accountable for classification of data information assets? A. Data owner B. Data architect C. Chief Information Security O icer (CISO) D. Chief Information O icer (CIO) QUESTION 24 The use of private and public encryption keys is fundamental in the implementation of which of the following? A. Di ie-Hellman algorithm B. Secure Sockets Layer (SSL) C. Advanced Encryption Standard (AES) D. Message Digest 5 (MD5) QUESTION 25 Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege? A. identity provisioning B. access recovery C. multi-factor authentication (MFA) D. user access review QUESTION 26 A minimal implementation of endpoint security includes which of the following? A. Trusted platforms B. Host-based firewalls C. Token-based authentication D. Wireless Access Points (AP) QUESTION 27 Why is planning in Disaster Recovery (DR) an interactive process? A. It details o -site storage plans B. It identifies omissions in the plan C. It defines the objectives of the plan D. It forms part of the awareness process QUESTION 28 Mandatory Access Controls (MAC) are based on: A. security classification and security clearance B. data segmentation and data classification C. data labels and user access permissions D. user roles and data encryption QUESTION 29 Which security access policy contains fixed security attributes that are used by the system to determine a user’s access to a file or object? A. Mandatory Access Control (MAC) B. Access Control List (ACL) C. Discretionary Access Control (DAC) D. Authorized user control QUESTION 30 Which of the following is a common characteristic of privacy? A. Provision for maintaining an audit trail of access to the private data B. Notice to the subject of the existence of a database containing relevant credit card data C. Process for the subject to inspect and correct personal data on-site D. Database requirements for integration of privacy data QUESTION 31 At a MINIMUM, audits of permissions to individual or group accounts should be scheduled A. annually B. to correspond with sta promotions C. to correspond with terminations D. continually QUESTION 32 In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs? A. Modifying source code without approval B. Promoting programs to production without approval C. Developers checking out source code without approval D. Developers using Rapid Application Development (RAD) methodologies without approval QUESTION 33 Which of the following combinations would MOST negatively a ect availability? A. Denial of Service (DoS) attacks and outdated hardware B. Unauthorized transactions and outdated hardware C. Fire and accidental changes to data D. Unauthorized transactions and denial of service attacks QUESTION 34 Which of the following is a responsibility of a data steward? A. Ensure alignment of the data governance e ort to the organization. B. Conduct data governance interviews with the organization. C. Document data governance requirements. D. Ensure that data decisions and impacts are communicated to the organization. QUESTION 35 Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach? A. End-to-end data encryption for data in transit B. Continuous monitoring of potential vulnerabilities C. A strong breach notification process D. Limited collection of individuals’ confidential data QUESTION 36 What is the MAIN goal of information security awareness and training? A. To inform users of the latest malware threats B. To inform users of information assurance responsibilities C. To comply with the organization information security policy D. To prepare students for certification QUESTION 37 Proven application security principles include which of the following? A. Minimizing attack surface area B. Hardening the network perimeter C. Accepting infrastructure security controls D. Developing independent modules QUESTION 38 From a security perspective, which of the following assumptions MUST be made about input to an application? A. It is tested B. It is logged C. It is verified D. It is untrusted QUESTION 39 What is the PRIMARY goal of fault tolerance? A. Elimination of single point of failure B. Isolation using a sandbox C. Single point of repair D. Containment to prevent propagation QUESTION 40 Which of the BEST internationally recognized standard for evaluating security products and systems? A. Payment Card Industry Data Security Standards (PCI-DSS) B. Common Criteria (CC) C. Health Insurance Portability and Accountability Act (HIPAA) D. Sarbanes-Oxley (SOX) QUESTION 41 Which one of the following data integrity models assumes a lattice of integrity levels? A. Take-Grant B. Biba C. Harrison-Ruzzo D. Bell-LaPadula QUESTION 42 Even though a particular digital watermark is di icult to detect, which of the following represents a way it might still be inadvertently removed? A. Truncating parts of the data B. Applying Access Control Lists (ACL) to the data C. Appending non-watermarked data to watermarked data D. Storing the data in a database QUESTION 43 What is the purpose of an Internet Protocol (IP) spoofing attack? A. To send excessive amounts of data to a process, making it unpredictable B. To intercept network tra ic without authorization C. To disguise the destination address from a target’s IP filtering devices D. To convince a system that it is communicating with a known entity QUESTION 44 At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located? A. Link layer B. Physical layer C. Session layer D. Application layer QUESTION 45 In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node? A. Transport layer B. Application layer C. Network layer D. Session layer QUESTION 46 Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats? A. Layer 2 Tunneling Protocol (L2TP) B. Link Control Protocol (LCP) C. Challenge Handshake Authentication Protocol (CHAP) D. Packet Transfer Protocol (PTP) QUESTION 47 Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model? A. Packet filtering B. Port services filtering C. Content filtering D. Application access control QUESTION 48 An external attacker has compromised an organization’s network security perimeter and installed a sni er onto an inside computer. Which of the following is the MOST e ective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information? A. Implement packet filtering on the network firewalls B. Install Host Based Intrusion Detection Systems (HIDS) C. Require strong authentication for administrators D. Implement logical network segmentation at the switches QUESTION 49 An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control? A. Add a new rule to the application layer firewall B. Block access to the service C. Install an Intrusion Detection System (IDS) D. Patch the application source code QUESTION 50 Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)? A. Minimize malicious attacks from third parties B. Manage resource privileges C. Share digital identities in hybrid cloud D. Define a standard protocol QUESTION 51 An organization has discovered that users are visiting unauthorized websites using anonymous proxies. Which of the following is the BEST way to prevent future occurrences? A. Remove the anonymity from the proxy B. Analyze Internet Protocol (IP) tra ic for proxy requests C. Disable the proxy server on the firewall D. Block the Internet Protocol (IP) address of known anonymous proxies QUESTION 52 A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled. Why did the network architect likely design the VoIP system with gratuitous ARP disabled? A. Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1. B. Gratuitous ARP requires the use of insecure layer 3 protocols. C. Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone. D. Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack. QUESTION 53 Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP). Which of the following represents a valid measure to help protect the network against unauthorized access? A. Implement path management B. Implement port based security through 802.1x C. Implement DHCP to assign IP address to server systems D. Implement change management QUESTION 54 Transport Layer Security (TLS) provides which of the following capabilities for a remote access server? A. Transport layer handshake compression B. Application layer negotiation C. Peer identity authentication D. Digital certificate revocation QUESTION 55 What does a Synchronous (SYN) flood attack do? A. Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state B. Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections C. Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests D. Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections QUESTION 56 A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols? A. Point-to-Point Protocol (PPP) and Internet Control Message Protocol (ICMP) B. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) C. Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) D. Transport Layer Security (TLS) and Secure Sockets Layer (SSL) QUESTION 57 In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network? A. The second of two routers can periodically check in to make sure that the first router is operational. B. The second of two routers can better absorb a Denial of Service (DoS) attack knowing the first router is present. C. The first of two routers fails and is reinstalled, while the second handles the tra ic flawlessly. D. The first of two routers can better handle specific tra ic, while the second handles the rest of the tra ic seamlessly. QUESTION 58 The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data A. through a firewall at the Session layer B. through a firewall at the Transport layer C. in the Point-to-Point Protocol (PPP) D. in the Payload Compression Protocol (PCP) QUESTION 59 What protocol is often used between gateway hosts on the Internet? A. Exterior Gateway Protocol (EGP) B. Border Gateway Protocol (BGP) C. Open Shortest Path First (OSPF) D. Internet Control Message Protocol (ICMP) QUESTION 60 From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system? A. Disable all recursive queries on the name servers B. Limit zone transfers to authorized devices C. Configure secondary servers to use the primary server as a zone forwarder D. Block all Transmission Control Protocol (TCP) connections QUESTION 61 “Stateful” di ers from “Static” packet filtering firewalls by being aware of which of the following? A. Di erence between a new and an established connection B. Originating network location C. Di erence between a malicious and a benign packet payload D. Originating application session QUESTION 62 Access to which of the following is required to validate web session management? A. Log timestamp B. Live session tra ic C. Session state variables D. Test scripts QUESTION 63 Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)? A. Reduce the probability of identification B. Detect further compromise of the target C. Destabilize the operation of the host D. Maintain and expand control QUESTION 64 Digital certificates used in Transport Layer Security (TLS) support which of the following? A. Information input validation B. Non-repudiation controls and data encryption C. Multi-Factor Authentication (MFA) D. Server identity and data confidentially QUESTION 65 A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 di erent supplier companies. Which of the following is the BEST solution for the manufacturing organization? A. Trusted third-party certification B. Lightweight Directory Access Protocol (LDAP) C. Security Assertion Markup language (SAML) D. Cross-certification QUESTION 66 Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary? A. Limit access to predefined queries B. Segregate the database into a small number of partitions each with a separate security level C. Implement Role Based Access Control (RBAC) D. Reduce the number of people who have access to the system for statistical purposes QUESTION 67 What is the second step in the identity and access provisioning lifecycle? A. Provisioning B. Review C. Approval D. Revocation QUESTION 68 Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services? A. Mandatory Access Controls (MAC) B. Enterprise security architecture C. Enterprise security procedures D. Role Based Access Controls (RBAC) QUESTION 69 Which of the following is of GREATEST assistance to auditors when reviewing system configurations? A. Change management processes B. User administration procedures C. Operating System (OS) baselines D. System backup documentation QUESTION 70 In which of the following programs is it MOST important to include the collection of security process data? A. Quarterly access reviews B. Security continuous monitoring C. Business continuity testing D. Annual security training QUESTION 71 A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files? A. Host VM monitor audit logs B. Guest OS access controls C. Host VM access controls D. Guest OS audit logs QUESTION 72 Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure? A. Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken B. Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability C. Management teams will understand the testing objectives and reputational risk to the organization D. Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels QUESTION 73 Which of the following could cause a Denial of Service (DoS) against an authentication system? A. Encryption of audit logs B. No archiving of audit logs C. Hashing of audit logs D. Remote access audit logs QUESTION 74 When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network? A. Ping testing B. Mapping tools C. Asset register D. Topology diagrams QUESTION 75 Which of the following would BEST support e ective testing of patch compatibility when patches are applied to an organization’s systems? A. Standardized configurations for devices B. Standardized patch testing equipment C. Automated system patching D. Management support for patching QUESTION 76 An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject’s data? A. Aggregate it into one database in the US B. Process it in the US, but store the information in France C. Share it with a third party D. Anonymize it and process it in the US QUESTION 77 As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following? A. Known-plaintext attack B. Denial of Service (DoS) C. Cookie manipulation D. Structured Query Language (SQL) injection QUESTION 78 Assessing a third party’s risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain. Which of the following is LEAST associated with the attack surface? A. Input protocols B. Target processes C. Error messages D. Access rights QUESTION 79 What are the steps of a risk assessment? A. identification, analysis, evaluation B. analysis, evaluation, mitigation C. classification, identification, risk management D. identification, evaluation, mitigation QUESTION 80 After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT a ect the network security posture? A. Conduct an Assessment and Authorization (A&A) B. Conduct a security impact analysis C. Review the results of the most recent vulnerability scan D. Conduct a gap analysis with the baseline configuration QUESTION 81 A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was this error MOST likely made? A. Enumeration B. Reporting C. Detection D. Discovery QUESTION 82 Which of the following is a responsibility of the information owner? A. Ensure that users and personnel complete the required security training to access the Information System (IS) B. Defining proper access to the Information System (IS), including privileges or access rights C. Managing identification, implementation, and assessment of common security controls D. Ensuring the Information System (IS) is operated according to agreed upon security requirements QUESTION 83 An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause? A. Absence of a Business Intelligence (BI) solution B. Inadequate cost modeling C. Improper deployment of the Service-Oriented Architecture (SOA) D. Insu icient Service Level Agreement (SLA) QUESTION 84 Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations? A. Walkthrough B. Simulation C. Parallel D. White box QUESTION 85 What is the PRIMARY reason for implementing change management? A. Certify and approve releases to the environment B. Provide version rollbacks for system changes C. Ensure that all applications are approved D. Ensure accountability for changes to the environment QUESTION 86 Which of the following is a PRIMARY advantage of using a third-party identity service? A. Consolidation of multiple providers B. Directory synchronization C. Web based logon D. Automated account management QUESTION 87 With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions? A. Continuously without exception for all security controls B. Before and after each change of the control C. At a rate concurrent with the volatility of the security control D. Only during system implementation and decommissioning QUESTION 88 A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following? A. Guaranteed recovery of all business functions B. Minimization of the need decision making during a crisis C. Insurance against litigation following a disaster D. Protection from loss of organization resources QUESTION 89 When is a Business Continuity Plan (BCP) considered to be valid? A. When it has been validated by the Business Continuity (BC) manager B. When it has been validated by the board of directors C. When it has been validated by all threat scenarios D. When it has been validated by realistic exercises QUESTION 90 Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following? A. Hardware and software compatibility issues B. Applications’ critically and downtime tolerance C. Budget constraints and requirements D. Cost/benefit analysis and business objectives QUESTION 91 What would be the MOST cost e ective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours? A. Warm site B. Hot site C. Mirror site D. Cold site QUESTION 92 Who is accountable for the information within an Information System (IS)? A. Security manager B. System owner C. Data owner D. Data processor QUESTION 93 A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and communications are established. What MUST be considered or evaluated before performing the next step? A. Notifying law enforcement is crucial before hashing the contents of the server hard drive B. Identifying who executed the incident is more important than how the incident happened C. Removing the server from the network may prevent catching the intruder D. Copying the contents of the hard drive to another storage device may damage the evidence QUESTION 94 Due to system constraints, a group of system administrators must share a high-level access set of credentials. Which of the following would be MOST appropriate to implement? A. Increased console lockout times for failed logon attempts B. Reduce the group in size C. A credential check-out process for a per-use basis D. Full logging on a ected systems QUESTION 95 Which of the following is the MOST e icient mechanism to account for all sta during a speedy non-emergency evacuation from a large security facility? A. Large mantrap where groups of individuals leaving are identified using facial recognition technology B. Radio Frequency Identification (RFID) sensors worn by each employee scanned by sensors at each exit door C. Emergency exits with push bars with coordinates at each exit checking o the individual against a predefined list D. Card-activated turnstile where individuals are validated upon exit QUESTION 96 What does electronic vaulting accomplish? A. It protects critical files. B. It ensures the fault tolerance of Redundant Array of Independent Disks (RAID) systems C. It stripes all database records D. It automates the Disaster Recovery Process (DRP) QUESTION 97 A security analyst for a large financial institution is reviewing network tra ic related to an incident. The analyst determines the tra ic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user’s desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst’s next step? A. Send the log file co-workers for peer review B. Include the full network tra ic logs in the incident report C. Follow organizational processes to alert the proper teams to address the issue. D. Ignore data as it is outside the scope of the investigation and the analyst’s role. QUESTION 98 What is the MAIN purpose of a change management policy? A. To assure management that changes to the Information Technology (IT) infrastructure are necessary B. To identify the changes that may be made to the Information Technology (IT) infrastructure C. To verify that changes to the Information Technology (IT) infrastructure are approved D. To determine the necessary for implementing modifications to the Information Technology (IT) infrastructure QUESTION 99 Which of the following is the PRIMARY risk with using open source software in a commercial software construction? A. Lack of software documentation B. License agreements requiring release of modified code C. Expiration of the license agreement D. Costs associated with support of the software QUESTION 100 The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)? A. System acquisition and development B. System operations and maintenance C. System initiation D. System implementation QUESTION 101 What is the BEST approach to addressing security issues in legacy web applications? A. Debug the security issues B. Migrate to newer, supported applications where possible C. Conduct a security assessment D. Protect the legacy application with a web application firewall QUESTION 102 Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs? A. Check arguments in function calls B. Test for the security patch level of the environment C. Include logging functions D. Digitally sign each application module QUESTION 103 An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred? A. Denial of Service (DoS) attack B. Address Resolution Protocol (ARP) spoof C. Bu er overflow D. Ping flood attack QUESTION 104 Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage? A. Transference B. Covert channel C. Bleeding D. Cross-talk QUESTION 105 What is an advantage of Elliptic Curve Cryptography (ECC)? A. Cryptographic approach that does not require a fixed-length key B. Military-strength security that does not depend upon secrecy of the algorithm C. Opportunity to use shorter keys for the same level of security D. Ability to use much longer keys for greater security QUESTION 106 Backup information that is critical to the organization is identified through a A. Vulnerability Assessment (VA). B. Business Continuity Plan (BCP). C. Business Impact Analysis (BIA). D. data recovery analysis. QUESTION 107 When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted? A. Into the options field B. Between the delivery header and payload C. Between the source and destination addresses D. Into the destination address QUESTION 108 During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory? A. Calculate the value of assets being accredited. B. Create a list to include in the Security Assessment and Authorization package. C. Identify obsolete hardware and software. D. Define the boundaries of the information system. QUESTION 109 When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security? A. Accept the risk on behalf of the organization. B. Report findings to the business to determine security gaps. C. Quantify the risk to the business for product selection. D. Approve the application that best meets security requirements. QUESTION 110 The goal of a Business Impact Analysis (BIA) is to determine which of the following? A. Cost e ectiveness of business recovery B. Cost e ectiveness of installing software security patches C. Resource priorities for recovery and Maximum Tolerable Downtime (MTD) D. Which security measures should be implemented QUESTION 111 An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern? A. Ownership B. Confidentiality C. Availability D. Integrity QUESTION 112 What does the Maximum Tolerable Downtime (MTD) determine? A. The estimated period of time a business critical database can remain down before customers are a ected. B. The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning C. The estimated period of time a business can remain interrupted beyond which it risks never recovering D. The fixed length of time in a DR process before redundant systems are engaged QUESTION 113 What is a characteristic of Secure Sockets Layer (SSL) and Transport Layer Security (TLS)? A. SSL and TLS provide a generic channel security mechanism on top of Transmission Control Protocol (TCP). B. SSL and TLS provide nonrepudiation by default. C. SSL and TLS do not provide security for most routed protocols. D. SSL and TLS provide header encapsulation over HyperText Transfer Protocol (HTTP). QUESTION 114 How does a Host Based Intrusion Detection System (HIDS) identify a potential attack? A. Examines log messages or other indications on the system. B. Monitors alarms sent to the system administrator C. Matches tra ic patterns to virus signature files D. Examines the Access Control List (ACL) QUESTION 115 Which of the following BEST represents the concept of least privilege? A. Access to an object is denied unless access is specifically allowed. B. Access to an object is only available to the owner. C. Access to an object is allowed unless it is protected by the information security policy. D. Access to an object is only allowed to authenticated users via an Access Control List (ACL). QUESTION 116 Which of the following is an advantage of on-premise Credential Management Systems? A. Lower infrastructure capital costs B. Control over system configuration C. Reduced administrative overhead D. Improved credential interoperability QUESTION 117 Which of the following approaches is the MOST e ective way to dispose of data on multiple hard drives? A. Delete every file on each drive. B. Destroy the partition table for each drive using the command line. C. Degauss each drive individually. D. Perform multiple passes on each drive using approved formatting methods. QUESTION 118 Which of the following BEST describes Recovery Time Objective (RTO)? A. Time of application resumption after disaster B. Time of application verification after disaster. C. Time of data validation after disaster. D. Time of data restoration from backup after disaster. QUESTION 119 The PRIMARY purpose of accreditation is to: A. comply with applicable laws and regulations. B. allow senior management to make an informed decision regarding whether to accept the risk of operating the system. C. protect an organization’s sensitive data. D. verify that all security controls have been implemented properly and are operating in the correct manner. QUESTION 120 Which of the following is a weakness of Wired Equivalent Privacy (WEP)? A. Length of Initialization Vector (IV) B. Protection against message replay C. Detection of message tampering D. Built-in provision to rotate keys QUESTION 121 Which of the following is the MAIN reason for using configuration management? A. To provide centralized administration B. To reduce the number of changes C. To reduce errors during upgrades D. To provide consistency in security controls QUESTION 122 Which of the following is MOST important when deploying digital certificates? A. Validate compliance with X.509 digital certificate standards B. Establish a certificate life cycle management framework C. Use a third-party Certificate Authority (CA) D. Use no less than 256-bit strength encryption when creating a certificate QUESTION 123 A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in place. Which is the MOST suitable approach that the administrator should take? A. Administrator should request data owner approval to the user access B. Administrator should request manager approval for the user access C. Administrator should directly grant the access to the non-sensitive files D. Administrator should assess the user access need and either grant or deny the access QUESTION 124 A proxy firewall operates at what layer of the Open System Interconnection (OSI) model? A. Transport B. Data link C. Network D. Application QUESTION 125 Which of the following restricts the ability of an individual to carry out all the steps of a particular process? A. Job rotation B. Separation of duties C. Least privilege D. Mandatory vacations QUESTION 126 Although code using a specific program language may not be susceptible to a bu er overflow attack, A. most calls to plug-in programs are susceptible. B. most supporting application code is susceptible. C. the graphical images used by the application could be susceptible. D. the supporting virtual machine could be susceptible. QUESTION 127 What is the BEST way to encrypt web application communications? A. Secure Hash Algorithm 1 (SHA-1) B. Secure Sockets Layer (SSL) C. Cipher Block Chaining Message Authentication Code (CBC-MAC) D. Transport Layer Security (TLS) QUESTION 128 Which of the following are e ective countermeasures against passive network-layer attacks? A. Federated security and authenticated access controls B. Trusted software development and run time integrity controls C. Encryption and security enabled applications D. Enclave boundary protection and computing environment defense QUESTION 129 What is the MOST important element when considering the e ectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)? A. Management support B. Consideration of organizational need C. Technology used for delivery D. Target audience QUESTION 130 A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action? A. Ignore the request and do not perform the change. B. Perform the change as requested, and rely on the next audit to detect and report the situation. C. Perform the change, but create a change ticket regardless to ensure there is complete traceability. D. Inform the audit committee or internal audit directly using the corporate whistleblower process. QUESTION 131 Which of the following is the MOST important goal of information asset valuation? A. Developing a consistent and uniform method of controlling access on information assets B. Developing appropriate access control policies and guidelines C. Assigning a financial value to an organization’s information assets D. Determining the appropriate level of protection QUESTION 132 Which of the following BEST describes a chosen plaintext attack? A. The cryptanalyst can generate ciphertext from arbitrary text. B. The cryptanalyst examines the communication being sent back and forth. C. The cryptanalyst can choose the key and algorithm to mount the attack. D. The cryptanalyst is presented with the ciphertext from which the original message is determined. QUESTION 133 For network based evidence, which of the following contains tra ic details of all network sessions in order to detect anomalies? A. Alert data B. User data C. Content data D. Statistical data QUESTION 134 The PRIMARY outcome of a certification process is that it provides documented A. interconnected systems and their implemented security controls. B. standards for security assessment, testing, and process evaluation. C. system weakness for remediation. D. security analyses needed to make a risk-based decision. QUESTION 135 A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized? A. Confidentiality B. Integrity C. Availability D. Accessibility Explanation: Mandatory Access Control (MAC) is system-enforced access control based on a subject’s clearance and an object’s labels. Subjects and Objects have clearances and labels, respectively, such as confidential, secret, and top secret. A subject may access an object only if the subject’s clearance is equal to or greater than the object’s label. Subjects cannot share objects with other subjects who lack the proper clearance, or “write down” objects to a lower classification level (such as from top secret to secret). MAC systems are usually focused on preserving the confidentiality of data. QUESTION 136 A vulnerability in which of the following components would be MOST di icult to detect? A. Kernel B. Shared libraries C. Hardware D. System application QUESTION 137 During which of the following processes is least privilege implemented for a user account? A. Provision B. Approve C. Request D. Review QUESTION 138 Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item? A. Property book B. Chain of custody form C. Search warrant return D. Evidence tag QUESTION 139 Which of the following is needed to securely distribute symmetric cryptographic keys? A. O icially approved Public-Key Infrastructure (PKI) Class 3 or Class 4 certificates B. O icially approved and compliant key management technology and processes C. An organizationally approved communication protection policy and key management plan D. Hardware tokens that protect the user’s private key. QUESTION 140 Reciprocal backup site agreements are considered to be A. a better alternative than the use of warm sites. B. di icult to test for complex systems. C. easy to implement for similar types of organizations. D. easy to test and implement for complex systems. QUESTION 141 In order to assure authenticity, which of the following are required? A. Confidentiality and authentication B. Confidentiality and integrity C. Authentication and non-repudiation D. Integrity and non-repudiation QUESTION 142 At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled? A. Transport Layer B. Data-Link Layer C. Network Layer D. Application Layer QUESTION 143 An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be e ective? A. Third-party vendor with access to the system B. System administrator access compromised C. Internal attacker with access to the system D. Internal user accidentally accessing data QUESTION 144 A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually? A. Asset Management, Business Environment, Governance and Risk Assessment B. Access Control, Awareness and Training, Data Security and Maintenance C. Anomalies and Events, Security Continuous Monitoring and Detection Processes D. Recovery Planning, Improvements and Communications QUESTION 145 What is the di erence between media marking and media labeling? A. Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures. B. Media labeling refers to the use of human-readable security attributes, while media marking refers to the use of security attributes in internal data structures. C. Media labeling refers to security attributes required by public policy/law, while media marking refers to security required by internal organizational policy. D. Media marking refers to security attributes required by public policy/law, while media labeling refers to security attributes required by internal organizational policy. QUESTION 146 What balance MUST be considered when web application developers determine how informative application error messages should be constructed? A. Risk versus benefit B. Availability versus auditability C. Confidentiality versus integrity D. Performance versus user satisfaction QUESTION 147 What operations role is responsible for protecting the enterprise from corrupt or contaminated media? A. Information security practitioner B. Information librarian C. Computer operator D. Network administrator QUESTION 148 In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ? A. Reduced risk to internal systems. B. Prepare the server for potential attacks. C. Mitigate the risk associated with the exposed server. D. Bypass the need for a firewall. QUESTION 149 Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine? A. Addresses and protocols of network-based logs are analyzed. B. Host-based system logging has files stored in multiple locations. C. Properly handled network-based logs may be more reliable and valid. D. Network-based systems cannot capture users logging into the console. QUESTION 150 Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device? A. Transport and Session B. Data-Link and Transport C. Network and Session D. Physical and Data-Link QUESTION 151 Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test? A. Reversal B. Gray box C. Blind D. White box QUESTION 152 Which of the following countermeasures is the MOST e ective in defending against a social engineering attack? A. Mandating security policy acceptance B. Changing individual behavior C. Evaluating security awareness training D. Filtering malicious e-mail content QUESTION 153 A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance? A. Enterprise asset management framework B. Asset baseline using commercial o the shelf software C. Asset ownership database using domain login records D. A script to report active user logins on assets QUESTION 154 In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of A. systems integration. B. risk management. C. quality assurance. D. change management. QUESTION 155 As a best practice, the Security Assessment Report (SAR) should include which of the following sections? A. Data classification policy B. Software and hardware inventory C. Remediation recommendations D. Names of participants QUESTION 156 Which of the following media sanitization techniques is MOST likely to be e ective for an organization using public cloud services? A. Low-level formatting B. Secure-grade overwrite erasure C. Cryptographic erasure D. Drive degaussing QUESTION 157 What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack? A. Radio Frequency (RF) attack B. Denial of Service (DoS) attack C. Data modification attack D. Application-layer attack QUESTION 158 Which of the following is a remote access protocol that uses a static authentication? A. Point-to-Point Tunneling Protocol (PPTP) B. Routing Information Protocol (RIP) C. Password Authentication Protocol (PAP) D. Challenge Handshake Authentication Protocol (CHAP) QUESTION 159 Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring? A. Logging and audit trail controls to enable forensic analysis B. Security incident response lessons learned procedures C. Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system D. Transactional controls focused on fraud prevention QUESTION 160 Determining outage costs caused by a disaster can BEST be measured by the A. cost of redundant systems and backups. B. cost to recover from an outage. C. overall long-term impact of the outage. D. revenue lost during the outage. QUESTION 161 Which of the following is considered a secure coding practice? A. Use concurrent access for shared variables and resources B. Use checksums to verify the integrity of libraries C. Use new code for common tasks D. Use dynamic execution functions to pass user supplied data QUESTION 162 As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed? A. Use a web scanner to scan for vulnerabilities within the website. B. Perform a code review to ensure that the database references are properly addressed. C. Establish a secure connection to the web server to validate that only the approved ports are open. D. Enter only numbers in the web form and verify that the website prompts the user to enter a valid input. QUESTION 163 Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals? A. Senior management B. Information security department C. Audit committee D. All users QUESTION 164 Which of the following alarm systems is recommended to detect intrusions through windows in a high-noise, occupied environment? A. Acoustic sensor B. Motion sensor C. Shock sensor D. Photoelectric sensor QUESTION 165 Which of the following is the MOST e ective practice in managing user accounts when an employee is terminated? A. Implement processes for automated removal of access for terminated employees. B. Delete employee network and system IDs upon termination. C. Manually remove terminated employee user-access to all systems and applications. D. Disable terminated employee network ID to remove all access. QUESTION 166 Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations? A. Having emergency contacts established for the general employee population to get information B. Conducting business continuity and disaster recovery training for those who have a direct role in the recovery C. Designing business continuity and disaster recovery training programs for di erent audiences D. Publishing a corporate business continuity and disaster recovery plan on the corporate website QUESTION 167 What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique? A. Purging B. Encryption C. Destruction D. Clearing QUESTION 168 Which one of the following considerations has the LEAST impact when considering transmission security? A. Network availability B. Node locations C. Network bandwidth D. Data integrity QUESTION 169 The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase? A. System acquisition and development B. System operations and maintenance C. System initiation D. System implementation QUESTION 170 Which of the following is the BEST reason for the use of security metrics? A. They ensure that the organization meets its security objectives. B. They provide an appropriate framework for Information Technology (IT) governance. C. They speed up the process of quantitative risk assessment. D. They quantify the e ectiveness of security processes. QUESTION 171 Which of the following are important criteria when designing procedures and acceptance criteria for acquired software? A. Code quality, security, and origin B. Architecture, hardware, and firmware C. Data quality, provenance, and scaling D. Distributed, agile, and bench testing QUESTION 172 An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses? A. The Data Protection Authority (DPA) B. The Cloud Service Provider (CSP) C. The application developers D. The data owner QUESTION 173 What capability would typically be included in a commercially available software package designed for access control? A. Password encryption B. File encryption C. Source library control D. File authentication QUESTION 174 An organization plan on purchasing a custom software product developed by a small vendor to support its business model. Which unique consideration should be made part of the contractual agreement potential long-term risks associated with creating this dependency? A. A source code escrow clause B. Right to request an independent review of the software source code C. Due diligence form requesting statements of compliance with security requirements D. Access to the technical documentation QUESTION 175 Which of the following is the MOST important security goal when performing application interface testing? A. Confirm that all platforms are supported and function properly B. Evaluate whether systems or components pass data and control correctly to one another C. Verify compatibility of software, hardware, and network connections D. Examine error conditions related to external interfaces to prevent application details leakage QUESTION 176 Which of the following is the MOST common method of memory protection? A. Compartmentalization B. Segmentation C. Error correction D. Virtual Local Area Network (VLAN) tagging QUESTION 177 Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)? A. The likelihood and impact of a vulnerability B. Application interface entry and endpoints C. Countermeasures and mitigations for vulnerabilities D. A data flow diagram for the application and attack surface analysis QUESTION 178 Continuity of operations is BEST supported by which of the following? A. Confidentiality, availability, and reliability B. Connectivity, reliability, and redundancy C. Connectivity, reliability, and recovery D. Confidentiality, integrity, and availability QUESTION 179 Which of the following is true of Service Organization Control (SOC) reports? A. SOC 1 Type 2 reports assess the security, confidentiality, integrity, and availability of an organization’s controls B. SOC 2 Type 2 reports include information of interest to the service organization’s management C. SOC 2 Type 2 reports assess internal controls for financial reporting D. SOC 3 Type 2 reports assess internal controls for financial reporting QUESTION 180 What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities? A. Manual inspections and reviews B. Penetration testing C. Threat modeling D. Source code review QUESTION 181 Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security? A. Peer authentication B. Payload data encryption C. Session encryption D. Hashing digest QUESTION 182 What is the MOST common component of a vulnerability management framework? A. Risk analysis B. Patch management C. Threat analysis D. Backup management QUESTION 183 A new Chief Information O icer (CIO) created a group to write a data retention policy based on applicable laws. Which of the following is the PRIMARY motivation for the policy? A. To back up data that is used on a daily basis B. To dispose of data in order to limit liability C. To reduce costs by reducing the amount of retained data D. To classify data according to what it contains QUESTION 184 What determines the level of security of a combination lock? A. Complexity of combination required to open the lock B. Amount of time it takes to brute force the combination C. The number of barrels associated with the internal mechanism D. The hardness score of the metal lock material QUESTION 185 A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3) to it. Which of the following is the MOST likely reason for doing so? A. It verifies the integrity of the file. B. It checks the file for malware. C. It ensures the entire file downloaded. D. It encrypts the entire file. QUESTION 186 Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services? A. The acquiring organization B. The service provider C. The risk executive (function) D. The IT manager QUESTION 187 Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues? A. Test B. Assessment C. Review D. Peer review QUESTION 188 Which of the following is the PRIMARY reason a sni er operating on a network is collecting packets only from its own host? A. An Intrusion Detection System (IDS) has dropped the packets. B. The network is connected using switches. C. The network is connected using hubs. D. The network’s firewall does not allow sni ing. QUESTION 189 Which of the following is the PRIMARY mechanism used to limit the range of objects available to a given subject within di erent execution domains? A. Process isolation B. Data hiding and abstraction C. Use of discrete layering and Application Programming Interfaces (API) D. Virtual Private Network (VPN) QUESTION 190 Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized? A. Information Owner (IO) B. System Administrator C. Business Continuity (BC) Manager D. Chief Information O icer (CIO) QUESTION 191 What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators? A. Isolate and contain the intrusion. B. Notify system and application owners. C. Apply patches to the Operating Systems (OS). D. Document and verify the intrusion. QUESTION 192 Which of the following needs to be taken into account when assessing vulnerability? A. Risk identification and validation B. Threat mapping C. Risk acceptance criteria D. Safeguard selection QUESTION 193 For the purpose of classification, which of the following is used to divide trust domain and trust boundaries? A. Network architecture B. Integrity C. Identity Management (IdM) D. Confidentiality management QUESTION 194 Which of the following is MOST e ective in detecting information hiding in Transmission Control Protocol/Internet Protocol (TCP/IP) tra ic? A. Packet-filter firewall B. Content-filtering web proxy C. Stateful inspection firewall D. Application-level firewall QUESTION 195 An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of? A. Reasonable data B. Population of required fields C. Allowed number of characters D. Session testing QUESTION 196 An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application? A. Reasonable data testing B. Input validation testing C. Web session testing D. Allowed data bounds and limits testing QUESTION 197 Which of the following techniques BEST prevents bu er overflows? A. Boundary and perimeter o set B. Character set encoding C. Code auditing D. Variant type and bit length Explanation: Some products installed on systems can also watch for input values that might result in bu er overflows, but the best countermeasure is proper programming. This means use bounds checking. If an input value is only sup-posed to be nine characters, then the application should only accept nine characters and no more. Some languages are more susceptible to bu er overflows than others, so programmers should understand these issues, use the right languages for the right purposes, and carry out code review to identify bu er overflow vulnerabilities. QUESTION 198 A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system? A. Intrusion Prevention System (IPS) B. Denial of Service (DoS) protection solution C. One-time Password (OTP) token D. Web Application Firewall (WAF) QUESTION 199 What principle requires that changes to the plaintext a ect many parts of the ciphertext? A. Encapsulation B. Permutation C. Di usion D. Obfuscation Explanation: Di usion, on the other hand, means that a single plaintext bit has influence over several of the ciphertext bits. Changing a plaintext value should change many ciphertext values, not just one. In fact, in a strong block cipher, if one plaintext bit is changed, it will change every ciphertext bit with the probability of 50 percent. This means that if one plaintext bit changes, then about half of the ciphertext bits will change. QUESTION 200 Which of the following BEST describes how access to a system is granted to federated user accounts? A. With the federation assurance level B. Based on defined criteria by the Relying Party (RP) C. Based on defined criteria by the Identity Provider (IdP) D. With the identity assurance level QUESTION 201 A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need? A. Cloud Virtual Machines (VM) B. Cloud application container within a Virtual Machine (VM) C. On premises Virtual Machine (VM) D. Self-hosted Virtual Machine (VM) QUESTION 202 Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation? A. The criteria for measuring risk is defined. B. User populations to be assigned to each role is determined. C. Role mining to define common access patterns is performed. D. The foundational criteria are defined. QUESTION 203 Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities? A. Definitions for each exposure type B. Vulnerability attack vectors C. Asset values for networks D. Exploit code metrics QUESTION 204 Which of the following Service Organization Control (SOC) report types should an organization request if they require a period of time report covering security and availability for a particular system? A. SOC 1 Type 1 B. SOC 1 Type 2 C. SOC 2 Type 1 D. SOC 2 Type 2 QUESTION 205 Physical assets defined in an organization’s Business Impact Analysis (BIA) could include which of the following? A. Personal belongings of organizational sta members B. Supplies kept o -site at a remote facility C. Cloud-based applications D. Disaster Recovery (DR) line-item revenues QUESTION 206 What is the best way for mutual authentication of devices belonging to the same organization? A. Token B. Certificates C. User ID and passwords D. Biometric QUESTION 207 A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security O icer (CISO) says that the cloud provider has met all regulations requirements and even provides its own encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation? A. No, because the encryption solution is internal to the cloud provider. B. Yes, because the cloud provider meets all regulations requirements. C. Yes, because the cloud provider is GDPR compliant. D. No, because the cloud provider is not certified to host government data. QUESTION 208 Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved? A. Data at rest protection B. Transport Layer Security (TLS) C. Role Based Access Control (RBAC) D. One-way encryption QUESTION 209 Which of the following o ers the BEST security functionality for transmitting authentication tokens? A. JavaScript Object Notation (JSON) B. Terminal Access Controller Access Control System (TACACS) C. Security Assertion Markup Language (SAML) D. Remote Authentication Dial-In User Service (RADIUS) QUESTION 210 What is the MAIN purpose for writing planned procedures in the design of Business Continuity Plans (BCP)? A. Establish lines of responsibility. B. Minimize the risk of failure. C. Accelerate the recovery process. D. Eliminate unnecessary decision making. QUESTION 211 Which of the following is the BEST reason to apply patches manually instead of automated patch management? A. The cost required to install patches will be reduced. B. The time during which systems will remain vulnerable to an exploit will be decreased. C. The target systems reside within isolated networks. D. The ability to cover large geographic areas is increased. QUESTION 212 When should the software Quality Assurance (QA) team feel confident that testing is complete? A. When release criteria are met B. When the time allocated for testing the software is met C. When senior management approves the test results D. When the software has zero security vulnerabilities QUESTION 213 What is the MOST e icient way to verify the integrity of database backups? A. Test restores on a regular basis. B. Restore every file in the system to check its health. C. Use checksum as part of the backup operation to make sure that no corruption has occurred. D. Run DBCC CHECKDB on a regular basis to check the logical and physical integrity of the database objects. QUESTION 214 Which of the following are the FIRST two steps to securing employees from threats involving workplace violence and acts of terrorism? A. Physical barriers impeding unauthorized access and security guards at each entrance B. Physical barriers and the ability to identify people as they enter the workplace C. Security guards and metal detectors posted at each entrance D. Metal detectors and the ability to identify people as they enter the workplace QUESTION 215 Which step of the Risk Management Framework (RMF) identifies the initial set of baseline security controls? A. Selection B. Monitoring C. Implementation D. Assessment QUESTION 216 What is the MAIN reason for having a developer sign a Non-Disclosure Agreement (NDA)? A. Signing the NDA always gives consent to the developer to access tools and privileged company information to do their work. B. Signing the NDA allows the developer to use their developed coding methods. C. Signing the NDA protects confidential, technical, or Intellectual Property (IP) from disclosure to others. D. Signing the NDA is legally binding for up to one year of employment. QUESTION 217 Which of the following provides for the STRONGEST protection of data confidentiality in a Wi-Fi environment? A. Wi-Fi Protected Access (WPA) + Temporal Key Integrity Protocol (TKIP) B. Wi-Fi Protected Access 2 (WPA2) + Advanced Encryption Standard (AES) C. Wi-Fi Protected Access 2 (WPA2) + Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) D. Wired Equivalent Privacy (WEP) + Advanced Encryption Standard (AES) QUESTION 218 What is a consideration when determining the potential impact an organization faces in the event of the loss of confidentiality of Personally Identifiable Information (PII)? A. Quantity B. Availability C. Quality D. Criticality QUESTION 219 A security team member was selected as a member of a Change Control Board (CCB) for an organization. Which of the following is one of their responsibilities? A. Approving or disapproving the change B. Determining the impact of the change C. Carrying out the requested change D. Logging the change QUESTION 220 A data owner determines the appropriate job-based access for an employee to perform their duties. Which type of access control is this? A. Discretionary Access Control (DAC) B. Non-discretionary access control C. Mandatory Access Control (MAC) D. Role-based access control (RBAC) QUESTION 221 Which of the following is the MOST relevant risk indicator after a penetration test? A. Lists of hosts vulnerable to remote exploitation attacks B. Details of vulnerabilities and recommended remediation C. Lists of target systems on the network identified and scanned for vulnerabilities D. Details of successful vulnerability exploitations QUESTION 222 Which of the following is the BEST type of authentication and encryption for a Secure Shell (SSH) implementation when network tra ic traverses between a host and an infrastructure device? A. Lightweight Directory Access Protocol (LDAP) B. Public-key cryptography C. Remote Authentication Dial-In User Service (RADIUS) D. Private-key cryptography QUESTION 223 Lack of which of the following options could cause a negative e ect on an organization’s reputation, revenue, and result in legal action, if the organization fails to perform due diligence? A. Threat modeling methodologies B. Service Level Requirement (SLR) C. Service Level Agreement (SLA) D. Third-party risk management QUESTION 224 What is the BEST approach to annual safety training? A. Base safety training requirements on sta member job descriptions. B. Safety training should address any gaps in a sta member’s skill set. C. Ensure that sta members in positions with known safety risks are given proper training. D. Ensure that all sta members are provided with identical safety training. QUESTION 225 Which of the following is a credible source to validate that security testing of Commercial O -The-Shelf (COTS) software has been performed with international standards? A. Common Criteria (CC) B. Evaluation Assurance Level (EAL) C. National Information Assurance Partnership (NIAP) D. International Standards Organization (ISO) QUESTION 226 What Service Organization Controls (SOC) report can be freely distributed and used by customers to gain confidence in a service organization’s systems? A. SOC 1 Type 1 B. SOC 1 Type 2 C. SOC 2 D. SOC 3 QUESTION 227 Which of the following questions will be addressed through the use of a Privacy Impact Assessment (PIA)? A. How the information is to be maintained B. Why the information is to be collected C. What information is to be destroyed D. Where the information is to be stored QUESTION 228 An organization discovers that its Secure File Transfer Protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization’s general Information Technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas. Which of the following is the MOST probable attack vector used in the security breach? A. Bu er overflow B. Distributed Denial of Service (DDoS) C. Cross-Site Scripting (XSS) D. Weak password due to lack of complexity rules QUESTION 229 Which of the following is the FIRST thing to consider when reviewing Information Technology (IT) internal controls? A. The risk culture of the organization B. The impact of the control C. The nature of the risk D. The cost of the control QUESTION 230 Which layer of the Open System Interconnection (OSI) model is reliant on other layers and is concerned with the structure, interpretation and handling of information? A. Presentation Layer B. Session Layer C. Application Layer D. Transport Layer QUESTION 231 When conveying the results of a security assessment, which of the following is the PRIMARY audience? A. Information System Security O icer (ISSO) B. Authorizing O icial (AO) C. Information System Security Manager (ISSM) D. Security Control Assessor (SCA) QUESTION 232 What is the motivation for use of the Online Certificate Status Protocol (OCSP)? A. To return information on multiple certificates B. To control access to Certificate Revocation List (CRL) requests C. To provide timely up-to-date responses to certificate queries D. To issue X.509v3 certificates more quickly