Exam 4

1. When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?

2. What is an advantage of Elliptic Curve Cryptography (ECC)?

3. Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?

4. Although code using a specific programming language may not be susceptible to a buffer overflow attack, what other component could still be vulnerable?

5. Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined?

6. Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?

7. What is the GREATEST challenge to identifying data leaks?

8. A database administrator is asked by management to perform changes without recording them. What is the BEST course of action?

9. Which of the following is the PRIMARY benefit of implementing data-in-use controls?

10. In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of

11. Software code signing is used as a method of verifying what security concept?

12. Which of the following is the MAIN reason for using configuration management?

13. Which methodology is recommended for penetration testing to be effective in the development phase of the lifecycle process?

14. What should happen when an emergency change to a system must be performed?

15. During the risk assessment phase of the project, the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. What is the best approach for the CISO?

16. Which of the following BEST represents the concept of least privilege?

17. During the risk assessment phase of a project, a CISO discovered that a college within the University is collecting Protected Health Information (PHI) via an in-house application. What is the best approach for the CISO?

18. Which of the following is the MOST important goal of information asset valuation?

19. Which set of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?

20. A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

21. In configuration management, what baseline configuration information MUST be maintained for each computer system?

22. While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

23. Are companies legally required to report all data breaches?

24. An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

25. What is the MOST efficient way to secure a production program and its data?

26. Which of the following is MOST important when deploying digital certificates?

27. Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation?

28. The PRIMARY security concern for handheld devices is the

29. When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?

30. In order for a security policy to be effective within an organization, it MUST include

31. Single Sign-On (SSO) is PRIMARILY designed to address which of the following?

32. What does the Maximum Tolerable Downtime (MTD) determine?

33. Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments?

34. Which of the following methods can be used to achieve confidentiality and integrity for data in transit?

35. Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?

36. After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through an SSL VPN gateway. The perpetrator guessed a username and brute-forced the password to gain access. Which of the following BEST mitigates this issue?

37. Which of the following controls is the FIRST step in protecting privacy in an information system?

38. What is the first step in protecting privacy in an information system?

39. What is the difference between media marking and media labeling?

40. Which of the following entities is ultimately accountable for data remanence vulnerabilities with data replicated by a cloud service provider?

41. Which of the following are effective countermeasures against passive network-layer attacks?

42. What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)?

43. An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). What is the BEST action to take?

44. Which of the following is an essential step before performing Structured Query Language (SQL) penetration tests on a production system?

45. How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)?

46. Determining outage costs caused by a disaster can BEST be measured by the

47. What is one way to mitigate the risk of security flaws in custom software?

48. Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization's network?

49. Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item?

50. What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

51. An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?

52. Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?

53. Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?

54. Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?

55. Which of the following BEST describes the purpose of performing security certification?

56. For network-based evidence, which of the following contains traffic details of all network sessions to detect anomalies?

57. In order to assure authenticity, which of the following are required?

58. Which of the following command line tools can be used in the reconnaissance phase of a network vulnerability assessment?

59. A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

60. Which of the following BEST describes a Protection Profile (PP)?

61. How does an organization verify that an information system's current hardware and software match the standard system configuration?

62. A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Which type of testing is the engineer primarily performing?

63. When assessing an application’s potential security risks, what is the PRIMARY purpose of threat modeling?

64. Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?

65. Which of the following is an advantage of on-premise Credential Management Systems?

66. As a best practice, the Security Assessment Report (SAR) should include which of the following sections?

67. Which of the following security engineering practices involves determining the structure and behavior of a system to meet its security requirements?

68. Which of the following BEST avoids data remanence disclosure for cloud-hosted resources?

69. Which one of the following is a common risk with network configuration management?

70. Which activity BEST identifies operational problems, security misconfigurations, and malicious attacks?

71. Which of the following practices BEST enhances cloud data privacy for customers?

72. If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?

73. Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?

74. In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?

75. Changes to a Trusted Computing Base (TCB) system that could impact the security posture of that system and trigger a recertification activity are documented in the

76. A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?

77. Disaster Recovery Plan (DRP) training material should be

78. A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance?

79. Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?

80. The application of a security patch to a product previously validated at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

81. In which identity management process is the subject’s identity established?

82. Which Web Services Security (WS-Security) specification negotiates how security tokens will be issued, renewed, and validated?

83. Which of the following would BEST describe the role directly responsible for data within an organization?

84. Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an unmarked file cabinet containing sensitive documents?

85. Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

86. What is the PRIMARY difference between security policies and security procedures?

87. A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?

88. Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

89. Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?

90. Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

91. What is the BEST way to encrypt web application communications?

92. A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?

93. Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

94. Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?

95. Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

96. What is the BEST way to encrypt web application communications?

97. Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

98. In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs?

99. At a MINIMUM, audits of permissions to individual or group accounts should be scheduled

100. What does electronic vaulting accomplish?

101. Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?

102. Who would be the BEST person to approve an organization's information security policy?

103. Which of the following is a common feature of an Identity as a Service (IDaaS) solution?

104. A security practitioner is tasked with securing the organization’s Wireless Access Points (WAP). Which of these is the MOST effective way of restricting this environment to authorized users?

105. A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results. What should be implemented to BEST achieve the desired results?

106. Within the company, desktop clients receive Internet Protocol (IP) addresses over Dynamic Host Configuration Protocol (DHCP). Which of the following represents a valid measure to help protect the network against unauthorized access?

107. After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT affect the network security posture?

108. Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

109. An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject’s data?

110. Which of the following is a direct monetary cost of a security incident?

111. Which of the following alarm systems is recommended to detect intrusions through windows in a high-noise, occupied environment?

112. What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?

113. Which of the following is generally indicative of a replay attack when dealing with biometric authentication?

114. As part of the authentication process in OAuth 2.0, which of the following must the end user provide?

115. A security architect references a Mandatory Access Control (MAC) model for implementation. Which property is prioritized?

116. Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment?

117. During a fingerprint verification process, which of the following is used to verify identity and authentication?

118. What is the most suitable approach that the administrator should take when a user requests read-only access to files that are not considered sensitive in a Discretionary Access Control (DAC) system?

119. Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?

120. Which of the following is a remote access protocol that uses a static authentication?

121. Discretionary Access Control (DAC) restricts access according to

122. For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?

123. Secure Sockets Layer (SSL) encryption protects

124. Which of the following is a recommended alternative to an integrated email encryption system?

125. An IT professional attends a cybersecurity seminar on current incident response methodologies. What code of ethics canon is being observed?