Exam 1

1. Which of the following actions will reduce risk to a laptop before traveling to a high-risk area?

2. When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

3. Intellectual property rights are PRIMARY concerned with which of the following?

4. Which of the following represents the GREATEST risk to data confidentiality?

5. Which of the following BEST describes the responsibilities of a data owner?

6. Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

7. A continuous information security-monitoring program can BEST reduce risk through which of the following?

8. Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

9. Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?

10. Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?

11. Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?

12. An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

13. What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

14. Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

15. The use of private and public encryption keys is fundamental in the implementation of which of the following?

16. An advantage of link encryption in a communications network is that it

17. Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?

18. What is the MOST important consideration from a data security perspective when an organization plans to relocate?

19. Which one of the following affects the classification of data?

20. In a data classification scheme, the data is owned by the

21. When implementing a data classification program, why is it important to avoid too much granularity?

22. Who in the organization is accountable for classification of data information assets?

23. Why is a system's criticality classification important in large organizations?

24. Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

25. An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests. Which contract is BEST in offloading the task from the IT staff?

26. Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

27. Which of the following is an initial consideration when developing an information security management system?

28. Which of the following is MOST important when assigning ownership of an asset to a department?

29. Which of the following is MOST important when assigning ownership of an asset to a department?

30. Which of the following mobile code security models relies only on trust?

31. Which security service is served by the process of encrypting plaintext with the sender’s private key and decrypting ciphertext with the sender’s public key?

32. An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

33. At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

34. Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

35. What is the purpose of an Internet Protocol (IP) spoofing attack?

36. Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

37. In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

38. Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

39. Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

40. Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

41. Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

42. What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

43. Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

44. Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

45. In which of the following programs is it MOST important to include the collection of security process data?

46. A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

47. With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

48. An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

49. What is the PRIMARY reason for implementing change management?

50. What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

51. What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

52. Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

53. The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

54. What is the BEST approach to addressing security issues in legacy web applications?

55. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

56. A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

57. Which of the following defines the key exchange for Internet Protocol Security (IPSec)?

58. Which of the following statements is TRUE for point-to-point microwave transmissions?

59. What is an effective practice when returning electronic storage media to third parties for repair?

60. Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?

61. Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?

62. Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

63. When implementing controls in a heterogeneous end-point network for an organization, it is critical that

64. Which of the following statements is TRUE of black box testing?

65. Which of the following BEST represents the principle of open design?

66. The PRIMARY purpose of a security awareness program is to

67. The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

68. Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?

69. Which security action should be taken FIRST when computer personnel are terminated from their jobs?

70. Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?

71. Which of the following is a security limitation of File Transfer Protocol (FTP)?

72. What security management control is MOST often broken by collusion?

73. Who must approve modifications to an organization's production infrastructure configuration?

74. Which of the following is a network intrusion detection technique?

75. Which of the following is an effective method for avoiding magnetic media data remanence?

76. What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?

77. What is the FIRST step in developing a security test and its evaluation?

78. How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?

79. While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?

80. Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

81. An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?

82. The key benefits of a signed and encrypted email include

83. In a basic SYN flood attack, what is the attacker attempting to achieve?

84. Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?

85. Which one of the following is a fundamental objective in handling an incident?

86. Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?

87. Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

88. When transmitting information over public networks, the decision to encrypt it should be based on

89. Which of the following can BEST prevent security flaws occurring in outsourced software development?

90. When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

91. Which of the following MUST be done when promoting a security awareness program to senior management?

92. Which of the following is considered best practice for preventing e-mail spoofing?

93. What principle requires that changes to the plaintext affect many parts of the ciphertext?

94. In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?

95. Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

96. The BEST method of demonstrating a company's security level to potential customers is

97. What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?

98. Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?

99. Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

100. What maintenance activity is responsible for defining, implementing, and testing updates to application systems?

101. Which of the following is the BEST mitigation from phishing attacks?

102. Which of the following is an attacker MOST likely to target to gain privileged access to a system?

103. To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?

104. Internet Protocol (IP) source address spoofing is used to defeat

105. All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

106. A company whose Information Technology (IT) services are being delivered from a Tier 4 data center is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

107. When is a Business Continuity Plan (BCP) considered to be valid?

108. Recovery strategies of a Disaster Recovery Planning (DRP) MUST be aligned with which of the following?

109. A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

110. What would be the MOST cost-effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?

111. At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted

112. Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?

113. In Business Continuity Planning (BCP), what is the importance of documenting business processes?

114. Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified by automated vulnerability assessments?

115. Which of the following is the FIRST step in the incident response process?

116. Which of the following is the BEST method to prevent malware from being introduced into a production environment?

117. An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

118. A disadvantage of an application filtering firewall is that it can lead to

119. Following the completion of a network security assessment, which of the following can BEST be demonstrated?

120. A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

121. Which of the following could cause a Denial of Service (DoS) against an authentication system?

122. Which of the following is a PRIMARY advantage of using a third-party identity service?

123. Which of the following is an essential element of a privileged identity lifecycle management?

124. Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?

125. Which of the following is the FIRST step of a penetration test plan?