Exam 8

Exam 8 Questions.

Enter email to receive results:

Communication and Network Security

134

General Security Principles

134

Identity and Access Management (IAM)

Asset Security

Software Development Security

Security Operations

Security Assessment and Testing

Security and Risk Management

Security Architecture and Engineering

Page 1 of 9

Communication and Network Security

1. What is a security concern when considering implementing software-defined networking (SDN)?{

It is cloud-based.

It increases the attack footprint.

It uses open source protocols.

It has a decentralized architecture.

2. Individual access to a network is BEST determined based on: {

Risk matrix

Value of the data

Data classification

Business need

3. The security organization is looking for a solution that could help them determine with a strong level of confidence that attackers have breached their network. Which solution is MOST effective at discovering a successful network breach?{

Deploying a honeypot

Installing an intrusion detection system (IDS)

Installing an intrusion prevention system (IPS)

Developing a sandbox

4. Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider’s customers?{

Security

Availability

Privacy

Access

5. Internet Protocol Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), and Secure Sockets Layer (SSL) all use which of the following to prevent replay attacks?{

Single integrity protection

Randomly generated nonces

Large key encryption

Embedded sequence numbers

6. What technique used for spoofing the origin of an email can successfully conceal the sender's Internet Protocol (IP) address?{

Virtual Private Network (VPN)

Onion routing

Change In-Reply-To data

Web crawling

7. What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?{

Isolate and contain the intrusion

Apply patches to the Operating Systems (OS)

Document and verify the intrusion

Notify system and application owners

8. The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a destructive virus. After obtaining a sample set of this virus’ variants and reverse engineering them to understand how they work, a commonality was found. All variants are coded to write to a specific memory location. What security feature enabled by default mitigates this threat?{

Virtualization

Trusted Platform Module (TPM)

Process isolation

Address Space Layout Randomization (ASLR)

9. An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?{

Port security

Application firewall

Two-factor authentication (2FA)

Strong passwords

10. A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to access the service. An attacker was able to spoof a registered account on the network and query the SAML provider. What is the MOST common attack leveraged against this flaw?{

Attacker conducts denial-of-service (DoS) against the security domain by authenticating as the same user repeatedly

Attacker forges requests to authenticate as a different user

Attacker exchanges authentication and authorization data between security domains

Attacker leverages SAML assertion to register an account on the security domain

11. An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?{

Presentation

Application

Transport

Session

12. Which is the RECOMMENDED configuration mode for sensors in an intrusion prevention system (IPS) if prevention capabilities will be used?{

Span

Inline

Active

Passive

13. Which of the following is the BEST defense against password guessing?{

Require a combination of letters, numbers, and special characters in the password

Limit external connections to the network

Force the password to be changed after an invalid password has been entered

Disable the account after a limited number of unsuccessful attempts

14. Which protocol does Secure Shell (SSH) version 2 support?{

Authentication, compression, confidentiality, and integrity

Availability, accountability, compression, and integrity

Authentication, availability, confidentiality, and integrity

Accountability, compression, confidentiality, and integrity

15. What security principle addresses the issue of "Security by Obscurity"?{

Segregation of duties (SoD)

Least privilege

Role-Based Access Control (RBAC)

Open design

16. Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?{

An attack that forges a false Structure Query Language (SQL) command across systems

An attack that makes an illegal request across security zones and forges itself into the security database

An attack which forces an end user to execute unwanted actions on a web application in which they are currently authenticated

An attack that injects a script into a web page to execute a privileged command

17. Company A is evaluating new software to replace an in-house developed application. What step should Company A take after receiving a response from Company B with their flagship product that meets security and functional requirements but runs on an unfamiliar OS?{

Perform functionality testing

Conduct a security review of the OS

Enter into contract negotiations

Move ahead with the acquisition process

18. Using the ciphertext and resultant clear text message to derive the non-alphabetic cipher key is an example of which method of cryptanalytic attack?{

Known-plaintext attack

Probable-plaintext attack

Ciphertext-only attack

Frequency analysis

19. If a wide area network (WAN) supports converged applications like Voice over Internet Protocol (VoIP), what becomes essential to ensure network reliability and security?{

Classless Inter-Domain Routing (CIDR)

Boundary routing

Deterministic routing

Internet Protocol (IP) routing lookups

20. An organization wants to enable users to authenticate across multiple security domains using Federated Identity Management (FIM). Which of the following is used behind the scenes in a FIM deployment?{

Standard Generalized Markup Language (SGML)

Transaction Authority Markup Language (XAML)

Extensible Markup Language (XML)

Security Assertion Markup Language (SAML)

21. What action should a security professional take when a mission-critical computer network attack is suspected?{

Isolate the network, install patches, and report the occurrence

Turn the router off, perform forensic analysis, apply the appropriate fix, and log incidents

Isolate the network, log an independent report, fix the problem, and redeploy the computer

Prioritize, report, and investigate the occurrence

22. Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?{

Mean time to repair (MTTR)

Availability of network services

Financial penalties in case of disruption

Quality of Service (QoS) between applications

23. To comply with industry requirements, a security assessment on the cloud server should identify which protocols and weaknesses are being exposed to attackers on the Internet. Which of the following tools is the MOST appropriate to complete the assessment?{

Run netstat in each cloud server and retrieve the running processes

Use tcpdump and parse the output file in a protocol analyzer

Use nmap and set the servers’ public IPs as the targets

Use an IP scanner and target the cloud WAN network addressing

24. A subscription service provides power, climate control, raised flooring, and telephone wiring but NOT the computer and peripheral equipment. This is BEST described as a: {

Reciprocal site

Warm site

Cold site

Hot site

Page 2 of 9

General Security Principles

25. What documentation is produced FIRST when performing an effective physical loss control process?{

Inventory list

Deterrent controls list

Asset valuation list

Security standards list

26. Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?{

Phishing attempt

Advanced persistent threat (APT) attempt

Distributed denial-of-service (DDoS) attack

Zero-day attack

27. At what phase of the product lifecycle would a security architect MOST likely assess the security of various brands of mobile devices?{

Development

Operations and maintenance

Disposal

Implementation

28. The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or hybrid capability, which of the following would be the MAIN consideration, regardless of the model?{

Skill set and training

Scope and service catalog

Tools and technologies

Headcount and capacity

29. What is the MAIN purpose of conducting a business impact analysis (BIA)?{

To determine the effect of mission-critical information system failures on core business processes

To determine the critical resources required to recover from an incident within a specified time period

To determine the controls required to return to business-critical operations

To determine the cost for restoration of damaged information systems

30. Which of the following is the top barrier for companies adopting cloud technology?{

Security

Migration period

Data integrity

Cost

31. Which is the MOST efficient option to prevent buffer overflow attacks?{

Address Space Layout Randomization (ASLR)

Access control mechanisms

Process isolation

Processor states

32. Physical assets defined in an organization’s Business Impact Analysis (BIA) could include which of the following?{

Supplies kept off-site at a remote facility

Disaster Recovery (DR) line-item revenues

Cloud-based applications

Personal belongings of organizational staff members

33. How should the retention period for an organization's social media content be defined?{

By the records retention policy of the organization

By the retention policies of each social media service

By the Chief Information Officer (CIO)

By the amount of available storage space

34. Which of the following is the MOST effective measure for dealing with rootkit attacks?{

Reinstalling the system from trusted sources

Restoring the system from the last backup

Finding and replacing the altered binaries with legitimate ones

Turning off unauthorized services and rebooting the system

35. Which is the PRIMARY benefit of off-site storage?{

Backup simplicity

Data availability

Fast recovery

Cost effectiveness

36. Which of the following will accomplish Multi-Factor Authentication (MFA)?{

Requiring users to enter a PIN and a password

Issuing a smart card and a One Time Password (OTP) token

Performing a palm and retinal scan

Issuing a smart card with a user-selected Personal Identification Number (PIN)

37. Which of the following attacks is dependent upon the compromise of a secondary target in order to reach the primary target?{

Brute force

Address Resolution Protocol (ARP) poisoning

Watering hole

Spear phishing

38. Which of the following determines the level of security of a combination lock?{

The hardness score of the metal lock material

The number of barrels associated with the internal mechanism

Amount of time it takes to brute force the combination

Complexity of combination required to open the lock

39. Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?{

Rank priorities as high, medium, or low

Communicate compliance obstacles

Report on employee activities

Report using metrics

40. Which of the following criteria ensures information is protected relative to its importance to the organization?{

Organizational stakeholders, with classification approved by the management board

Legal requirements determined by the organization headquarters' location

Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification

The value of the data to the organization's senior management

41. Which of the following are the three MAIN categories of security controls?{

Preventative, corrective, detective

Corrective, detective, recovery

Administrative, technical, physical

Confidentiality, integrity, availability

42. Which of the following is mobile device remote fingerprinting?{

Installing an application to retrieve common characteristics of the device

Identifying a device based on common characteristics shared by all devices of a certain type

Retrieving the serial number of the mobile device

Storing information about a remote device in a cookie file

43. Which technique should be used to track the distribution of digital content and prevent piracy for an Internet media company?{

Use watermarking to hide a signature into the digital media

Log user access to servers and audit the logs every day

Hire several investigators to identify and report sources of pirated content

Install the latest data loss prevention (DLP) software at every server used to distribute content

44. Which one of the following is an advantage of an effective release control strategy from a configuration control standpoint?{

Ensures that there is no loss of functionality between releases

Enforces backward compatibility between releases

Ensures that a trace for all deliverables is maintained and auditable

Allows for future enhancements to existing features

45. A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should be an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?{

SOC 3

SOC 2 Type I

SOC 2 Type II

SOC 1

46. In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?{

The target’s security posture cannot be further compromised

The accuracy of testing results can be greatly improved if the target(s) are properly hardened

The deficiencies identified can be corrected immediately

The results of the tests represent a point-in-time assessment of the target(s)

47. When a flaw in Industrial Control System (ICS) software is discovered, what is the GREATEST impediment to deploying a patch?{

Testing a patch in an ICS may require more resources than the organization can commit

Compensating controls may impact ICS performance

Many ICS systems have software that is no longer being maintained by the vendors

Vendors are required to validate the operability of patches

Page 3 of 9

Identity and Access Management (IAM)

48. Which of the following authorization standards is built to handle Application programming Interface (API) access for federated Identity management (FIM)?{

Security Assertion Markup Language (SAML)

Terminal Access Controller Access Control System Plus (TACACS+)

Open Authentication (OAuth)

Remote Authentication Dial-In User Service (RADIUS)

49. What is the BEST way to restrict access to a file system on computing systems?{

Restrict access to all users

Use a third-party tool to restrict access

Allow a user group to restrict access

Use least privilege at each level to restrict access

50. In Federated Identity Management (FIM), what represents the concept of federation?{

Collection of information logically grouped into a single entity

Collection of domains that have established trust among themselves

Collection of information for common identities in a system

Collection, maintenance, and deactivation of user objects and attributes in one or more systems

51. A company-wide penetration test shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability?{

Implement access control on the web server

Enforce the chmod of files to 755

Implement Secure Sockets Layer (SSL) certificates throughout the web server

Enforce the control of file directory listings

52. Which of the following services can be deployed via cloud or on-premises to integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?{

Single sign-on (SSO)

Asset Security

61. Which is the MOST effective countermeasure to prevent electromagnetic emanations on unshielded data cables?{

Move cables away from exterior facing windows

Enable Power over Ethernet (PoE) to increase voltage

Encase exposed cable runs in metal conduit

Bundle exposed cables together to disguise their signals

62. A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?{

Bitlocker

Trusted Platform Module (TPM)

Virtual storage area network (VSAN)

Hardware security module (HSM)

63. A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for a period of three months. The audit logging generates extremely high amounts of logs. What is the MOST appropriate strategy for log retention?{

Keep all logs in an online storage

Keep last week's logs in an online storage and the rest in an offline storage

Keep all logs in an offline storage

Keep last week's logs in an online storage and the rest in a near-line storage

64. Which of the following provides the GREATEST level of data security for a Virtual Private Network (VPN) connection?{

Extensible Authentication Protocol (EAP)

Remote Authentication Dial-In User Service (RADIUS)

Internet Protocol Security (IPSec)

Internet Protocol Payload Compression (IPComp)

65. The core component of Role-Based Access Control (RBAC) must be constructed of defined data elements. Which elements are required?{

Users, permissions, operators, and protected objects

Roles, operations, accounts, and protected objects

Users, roles, operations, and protected objects

Roles, accounts, permissions, and protected objects

66. Which of the following is an open standard for exchanging authentication and authorization data between parties?{

Extensible Markup Language (XML)

Security Assertion Markup Language (SAML)

Hypertext Markup Language (HTML)

Wired markup language

67. In addition to life, protection of which of the following elements is MOST important when planning a data center site?{

Resources and reputation

Data and hardware

Property and operations

Profits and assets

68. An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?{

Facility has physical access protection measures

Facility provides disaster recovery (DR) services

Facility provides an acceptable level of risk

Facility provides the most cost-effective solution

69. Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?{

Data at rest protection

Role-Based Access Control (RBAC)

Transport Layer Security (TLS)

One-way encryption

70. For the purpose of classification, which of the following is used to divide trust domains and trust boundaries?{

Integrity

Identity Management (IdM)

Confidentiality management

Network architecture

71. What high availability (HA) option for databases allows multiple clients to access multiple database servers simultaneously?{

Non-Structured Query Language (NoSQL) database

Replicated database

Relational database

Shadow database

72. What is the most effective form of media sanitization to ensure residual data cannot be retrieved?{

Purging

Clearing

Disposal

Destroying

73. Which security evaluation model assesses a product's Security Assurance Level (SAL) in comparison to similar solutions?{

Common criteria (CC)

Control Objectives for Information and Related Technology (COBIT)

International Organization for Standardization (ISO) 27001

Payment Card Industry Data Security Standard (PCI-DSS)

74. Which of the following should be included in a good defense-in-depth strategy provided by object-oriented programming for software deployment?{

Polyinstantiation

Encapsulation

Inheritance

Polymorphism

75. Which of the following is the MOST challenging aspect of investigating malware that targets Supervisory Control and Data Acquisition (SCADA) systems?{

Group policy implementation

Volatility of data

SCADA network latency

Physical access to the system

76. Which fire suppression system minimizes damage to IT equipment stored in a data center during a false fire alarm event?{

A dry system is installed

A pre-action system is installed

An open system is installed

A wet system is installed

77. A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?{

Single-pass wipe

Pinning

Multi-pass wipes

Degaussing

78. An analysis finds unusual activity coming from a computer that was thrown away several months prior, which of the following steps ensures the proper removal of the system?{

Procure

Deactivation

Decommission

Deploy

79. Which of the following is the BEST way to protect an organization's data assets?{

Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD)

Monitor and enforce adherence to security policies

Encrypt data in transit and at rest using up-to-date cryptographic algorithms

Create the Demilitarized Zone (DMZ) with proxies, firewalls, and hardened bastion hosts

80. Which of the following job functions MUST be separated to maintain data and application integrity?{

Scheduling and computer operations

Production control and data control functions

Systems development and systems maintenance

Applications development and systems analysis

81. From an asset security perspective, what is the BEST countermeasure to prevent data theft due to data remanence when sensitive data storage media is no longer needed?{

Delete the sensitive data from the media

Encrypt data before it is stored on the media

Return the media to the system owner

Physically destroy the retired media

Page 5 of 9

Software Development Security

82. Which of the following is the BEST method to identify security controls that should be implemented for a web-based application while in development?{

Agile software development

Application threat modeling

Penetration testing

Secure software development

83. An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim's existing browser session with a web application is an example of which of the following types of attack?{

Clickjacking

Injection

Cross-Site Request Forgery (CSRF)

Cross-Site Scripting (XSS)

84. Which of the following is the MOST effective method of detecting vulnerabilities in web-based applications early in the secure Software Development Life Cycle (SDLC)?{

Web application vulnerability scanning

Code review

Penetration testing

Application fuzzing

85. Which of the following practices provides the development team with a definition of security and identification of threats in designing software?{

Threat modeling

Penetration testing

Stakeholder review

Requirements review

86. Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?{

Cloud directory

Directory synchronization

Lightweight Directory Access Protocol (LDAP)

Assurance framework

87. What is the BEST way to prevent improper session handling in a web application?{

Ensure that all UIWebView calls do not execute without proper input validation

Ensure JavaScript and plugin support is disabled

Ensure that certificates are valid and fail closed

Ensure that tokens are sufficiently long, complex, and pseudo-random

88. While performing a security review for a new product, an information security professional discovers that the organization’s product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?{

Customer identifiers that do not resemble the user’s government-issued ID number should be used

Customer identifiers should be a cryptographic hash of the user's government-issued ID number

Customer identifiers should be a variant of the user’s government-issued ID number

Customer identifiers should be a variant of the user’s name, for example, “jdoe” or “john.doe”

Page 6 of 9

Security Operations

89. Which of the following BEST describes the purpose of software forensics?{

To review program code to determine the existence of backdoors

To analyze possible malicious intent of malware

To perform cyclic redundancy check (CRC) verification and detect changed applications

To determine the author and behavior of the code

90. Which of the following would be considered an incident if reported by a security information and event management (SIEM) system?{

A firewall logs a connection between a client on the Internet and a web server using Transmission Control Protocol (TCP) on port 80

A log source has stopped sending data

An administrator is logging in on a server through a virtual private network (VPN)

A web resource has reported a 404 error

91. Which of the following is the BEST approach for a forensic examiner to obtain the greatest amount of relevant information from malicious software?{

Analyze the behavior of the program

Analyze the logs generated by the software

Examine the file properties and permissions

Review the code to identify its origin

92. Which of the following is the first step prior to executing a test of an organization’s disaster recovery (DR) or business continuity plan (BCP)?{

Identify potential failure points

Identify key stakeholders

Develop clear evaluation criteria

Develop recommendations for disaster scenarios

93. Which of the following initiates the systems recovery phase of a disaster recovery plan?{

Evacuating the disaster site

Activating the organization's hot site

Assessing the extent of damage following the disaster

Issuing a formal disaster declaration

94. An IT technician suspects a break in one of the uplinks that provides connectivity to the core switch. Which of the following command-line tools should the technician use to determine where the incident is occurring?{

show config

netstat

nslookup

show interface

Page 7 of 9

Security Assessment and Testing

95. An organization is planning to have an IT audit of its Software as a Service (SaaS) application to demonstrate to external parties that the security controls around availability are properly designed and operationally effective. Which Service Organization Control (SOC) report would BEST fit their needs?{

SOC 2 Type 1

SOC 1 Type 1

SOC 2 Type 2

SOC 1 Type 2

96. When auditing the Software Development Life Cycle (SDLC), which of the following is one of the high-level audit phases?{

Risk assessment

Planning

Due diligence

Requirements

97. Which type of penetration testing simulates an attack from an external source with little or no prior knowledge of the target system?{

Gray box testing

Red box testing

White box testing

Black box testing

98. An organization's internal audit team performed a security audit on the company's system and reported minor issues. Six months later, an external audit team identified severe weaknesses in the same system. What is MOST likely to be the root cause of the internal audit team's failure in detecting these security issues?{

Inadequate test coverage analysis

Inadequate security patch testing

Inadequate log reviews

Inadequate change control procedures

99. What is the MOST effective way to determine a mission-critical asset in an organization?{

Vulnerability analysis

Threat analysis

Business risk analysis

Business process analysis

100. When testing password strength, which of the following is the BEST method for brute forcing passwords?{

Use a comprehensive list of words to attempt to guess the password

Use social engineering methods to attempt to obtain the password

Conduct an online password attack until the account being used is locked

Conduct an offline attack on the hashed password information

101. Which of the following is a common term used to describe log reviews, synthetic transactions, and code reviews?{

Application development

DevOps Integrated Product Team (IPT) development

Spiral development functional testing

Security control testing

102. An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application?{

Reasonable data testing

Input validation testing

Allowed data bounds and limits testing

Web session testing

Page 8 of 9

Security and Risk Management

103. A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. What is the BEST response to this request?{

Do not acknowledge receiving the request from the former colleague and ignore them

Access the policy on a company-issued device and let the former colleague view the screen

Submit the request using company official channels to ensure the policy is okay to distribute

Email the policy to the colleague as they were already part of the organization and familiar with it

104. Which of the following goals represents a modern shift in risk management according to the National Institute of Standards and Technology (NIST)?{

Provide an improved mission accomplishment approach

Enable management to make well-informed risk-based decisions justifying security expenditure

Secure information technology (IT) systems that store, process, or transmit organizational information

Focus on operating environments that are changing, evolving, and full of emerging threats

105. What is considered the last line of defense in a Governance, Risk Management, and Compliance (GRC) program?{

Internal controls

Risk management

Internal audit

Board review

106. Which of the following is a risk matrix?{

A table of risk management factors for management to consider

A database of risks associated with a specific information system

A two-dimensional picture of risk for organizations, products, projects, or other items of interest

A tool for determining risk management decisions for an activity or system

107. A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls?{

Hardened configuration

Blacklisting application

Whitelisting application

Network segmentation

108. When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?{

Annual Loss Expectancy (ALE) + Work Recovery Time (WRT)

Business impact analysis (BIA) + Recovery Point Objective (RPO)

Recovery Time Objective (RTO) + Work Recovery Time (WRT)

Estimated Maximum Loss (EML) + Recovery Time Objective (RTO)

109. Which is the PRIMARY mechanism for providing the workforce with the information needed to protect an agency’s vital information resources?{

An information technology (IT) security policy

Incorporating security awareness and training as part of the overall information security program

Implementation of access provisioning processes

Execution of periodic security and privacy assessments

110. What is the FIRST step required in establishing a records retention program?{

Identify and inventory all records storage locations

Draft a records retention policy

Classify records based on sensitivity

Identify and inventory all records

111. Which of the following should be included in a hardware retention policy?{

The use of encryption technology to encrypt sensitive data prior to retention

Retention of data for only one week and outsourcing the retention to a third-party vendor

Retention of all sensitive data on media and hardware

A plan to retain data required only for business purposes and a retention schedule

112. An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the following compliance standards should the organization use to assess the international code security and data privacy of the solution?{

Service Organization Control (SOC) 2

Payment Card Industry (PCI)

Information Assurance Technical Framework (IATF)

Health Insurance Portability and Accountability Act (HIPAA)

113. An organization has implemented a password complexity and an account lockout policy enforcing five incorrect logins tries within ten minutes. Network users have reported significantly increased account lockouts. Which of the following security principles is this company affecting?{

Integrity

Availability

Confidentiality

Authentication

114. Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?{

Tabletop

Walkthrough

Cutover

Parallel

115. What type of investigation is appropriate when malicious behavior is suspected between two organizations?{

Civil

Operational

Criminal

Regulatory

116. Which of the following open-source software issues poses the MOST risk to an application?{

The software is beyond end of life and the vendor is out of business

The software has multiple Common Vulnerabilities and Exposures (CVE) and only some are remediated

The software is not used or popular in the development community

The software has multiple CVEs but the CVEs are classified as low risks

117. At which phase of the software assurance life cycle should risks associated with software acquisition strategies be identified?{

Contracting phase

Monitoring and acceptance phase

Planning phase

Follow-on phase

118. Which of the following management processes allots ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?{

Identity

Compliance

Configuration

Patch

119. Which of the following is an indicator that a company's new user security awareness training module has been effective?{

There are more secure connections to internal e-mail servers

There are more secure connections to the internal database servers

More incidents of phishing attempts are being reported

Fewer incidents of phishing attempts are being reported

120. Which of the following four iterative steps are conducted on third-party vendors in an ongoing basis?{

Frame, Assess, Remediate, Monitor

Investigate, Evaluate, Respond, Monitor

Investigate, Assess, Remediate, Monitor

Frame, Assess, Respond, Monitor

121. Which application type is considered high risk and provides a common way for malware and viruses to enter a network?{

End-to-end applications

E-mail applications

Instant messaging or chat applications

Peer-to-peer (P2P) file sharing applications

122. What is the MAIN objective of risk analysis in Disaster Recovery (DR) planning?{

Identify potential threats to business availability

Define the variable cost for extended downtime scenarios

Establish Maximum Tolerable Downtime (MTD) Information Systems (IS)

Establish personnel requirements for various downtime scenarios

Page 9 of 9

Security Architecture and Engineering

123. Which of the following attacks is MOST likely to compromise a software-defined networking (SDN) architecture?{

Sending control messages to open a flow that does not pass a firewall from a compromised host within the network

Remote Authentication Dial-In User Service (RADIUS) token replay attack

Using Session Initiation Protocol (SIP) to intercept VoIP traffic

A brute force password attack on the Secure Shell (SSH) port of the controller

124. Which security architecture strategy should be applied to secure an operating system (OS) baseline for deployment within a corporate enterprise?{

Principle of Secure Default

Principle of Least Privilege

Principle of Separation of Duty

Principle of Fail Secure

125. Which of the following statements is TRUE about Secure Shell (SSH)?{

SSH can be used with almost any application because it is concerned with maintaining a circuit

SSH supports port forwarding, which can be used to protect less secured protocols

SSH does not protect against man-in-the-middle (MITM) attacks

SSH is easy to deploy because it requires a Web browser only

Communication and Network Security

General Security Principles

Identity and Access Management (IAM)

Asset Security

Software Development Security

Security Operations

Security Assessment and Testing

Security and Risk Management

Security Architecture and Engineering

Submit a Comment Cancel reply

Latest Posts

stay connected

Quick links

Guaranteed by