Exams

1. Which of the following actions will reduce risk to a laptop before traveling to a high-risk area?

2. When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

3. Intellectual property rights are PRIMARY concerned with which of the following?

4. An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

5. What is the MOST important consideration from a data security perspective when an organization plans to relocate?

6. Which one of the following affects the classification of data?

7. In a data classification scheme, the data is owned by the

8. When implementing a data classification program, why is it important to avoid too much granularity?

9. Who in the organization is accountable for classification of data information assets?

10. Why is a system's criticality classification important in large organizations?

11. Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

12. An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests. Which contract is BEST in offloading the task from the IT staff?

13. Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

14. Which of the following is an initial consideration when developing an information security management system?

15. Which of the following is MOST important when assigning ownership of an asset to a department?

16. Which of the following is MOST important when assigning ownership of an asset to a department?

17. Which of the following mobile code security models relies only on trust?

18. Which security service is served by the process of encrypting plaintext with the sender’s private key and decrypting ciphertext with the sender’s public key?

19. An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

20. At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

21. Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

22. What is the purpose of an Internet Protocol (IP) spoofing attack?

23. Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

24. In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

25. Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

26. Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

27. Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

28. Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

29. What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

30. Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

31. Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

32. In which of the following programs is it MOST important to include the collection of security process data?

33. A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

34. With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

35. An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

36. What is the PRIMARY reason for implementing change management?

37. What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?

38. What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

39. Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

40. The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

41. What is the BEST approach to addressing security issues in legacy web applications?

42. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

43. A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

44. Which of the following defines the key exchange for Internet Protocol Security (IPSec)?

45. Which of the following statements is TRUE for point-to-point microwave transmissions?

46. What is an effective practice when returning electronic storage media to third parties for repair?

47. Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?

48. Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?

49. Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

50. When implementing controls in a heterogeneous end-point network for an organization, it is critical that

51. Which of the following statements is TRUE of black box testing?

52. Which of the following BEST represents the principle of open design?

53. The PRIMARY purpose of a security awareness program is to

54. The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

55. Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?

56. Which security action should be taken FIRST when computer personnel are terminated from their jobs?

57. Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?

58. Which of the following is a security limitation of File Transfer Protocol (FTP)?

59. What security management control is MOST often broken by collusion?

60. Who must approve modifications to an organization's production infrastructure configuration?

61. Which of the following is a network intrusion detection technique?

62. Which of the following is an effective method for avoiding magnetic media data remanence?

63. What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?

64. What is the FIRST step in developing a security test and its evaluation?

65. How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?

66. While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?

67. Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

68. An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?

69. The key benefits of a signed and encrypted email include

70. In a basic SYN flood attack, what is the attacker attempting to achieve?

71. Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?

72. Which one of the following is a fundamental objective in handling an incident?

73. Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?

74. Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

75. When transmitting information over public networks, the decision to encrypt it should be based on

76. Which of the following can BEST prevent security flaws occurring in outsourced software development?

77. When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

78. Which of the following MUST be done when promoting a security awareness program to senior management?

79. Which of the following is considered best practice for preventing e-mail spoofing?

80. What principle requires that changes to the plaintext affect many parts of the ciphertext?

81. In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?

82. Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

83. The BEST method of demonstrating a company's security level to potential customers is

84. What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?

85. Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?

86. Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

87. What maintenance activity is responsible for defining, implementing, and testing updates to application systems?

88. Which of the following is the BEST mitigation from phishing attacks?

89. Which of the following is an attacker MOST likely to target to gain privileged access to a system?

90. To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?

91. Internet Protocol (IP) source address spoofing is used to defeat

92. All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

93. A company whose Information Technology (IT) services are being delivered from a Tier 4 data center is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

94. When is a Business Continuity Plan (BCP) considered to be valid?

95. Recovery strategies of a Disaster Recovery Planning (DRP) MUST be aligned with which of the following?

96. A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

97. What would be the MOST cost-effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?

98. At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted

99. Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?

100. In Business Continuity Planning (BCP), what is the importance of documenting business processes?

101. Which of the following represents the GREATEST risk to data confidentiality?

102. Which of the following BEST describes the responsibilities of a data owner?

103. Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

104. A continuous information security-monitoring program can BEST reduce risk through which of the following?

105. Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

106. Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?

107. Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?

108. Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?

109. What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

110. Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

111. The use of private and public encryption keys is fundamental in the implementation of which of the following?

112. An advantage of link encryption in a communications network is that it

113. Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?

114. Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified by automated vulnerability assessments?

115. Which of the following is the FIRST step in the incident response process?

116. Which of the following is the BEST method to prevent malware from being introduced into a production environment?

117. An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

118. A disadvantage of an application filtering firewall is that it can lead to

119. Following the completion of a network security assessment, which of the following can BEST be demonstrated?

120. A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

121. Which of the following could cause a Denial of Service (DoS) against an authentication system?

122. Which of the following is a PRIMARY advantage of using a third-party identity service?

123. Which of the following is an essential element of a privileged identity lifecycle management?

124. Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?

125. Which of the following is the FIRST step of a penetration test plan?

126. Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?

127. An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?

128. Which of the following actions should be performed when implementing a change to a database schema in a production system?

129. The Hardware Abstraction Layer (HAL) is implemented in the

130. Which one of the following transmission media is MOST effective in preventing data interception?

131. In a financial institution, who has the responsibility for assigning the classification to a piece of information?

132. Which of the following is the BEST way to verify the integrity of a software patch?

133. During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?

134. Why must all users be positively identified prior to using multi-user computers?

135. Copyright provides protection for which of the following?

136. Which of the following is a potential risk when a program runs in privileged mode?

137. Why MUST a Kerberos server be well protected from unauthorized access?

138. Which of the following does Temporal Key Integrity Protocol (TKIP) support?

139. Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?

140. Contingency plan exercises are intended to do which of the following?

141. Which of the following does the Encapsulating Security Payload (ESP) provide?

142. Multi-threaded applications are more at risk than single-threaded applications to

143. What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?

144. A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

145. By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

146. An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?

147. A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?

148. The goal of software assurance in application development is to

149. Which one of the following is a threat related to the use of web-based client-side input validation?

150. Which of the following is an appropriate source for test data?

151. An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

152. Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?

153. When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and

154. The birthday attack is MOST effective against which one of the following cipher technologies?

155. The overall goal of a penetration test is to determine a system's

156. Which of the following is the best practice for testing a Business Continuity Plan (BCP)?

157. Which of the following is ensured when hashing files during chain of custody handling?

158. The FIRST step in building a firewall is to

159. An organization is selecting a service provider to assist in consolidating multiple computing sites. Which of the following MUST be verified by the Information Security Department?

160. In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

161. The three PRIMARY requirements for a penetration test are

162. A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

163. An organization is designing a large enterprise-wide document repository system with several classification levels. The BEST way to ensure document confidentiality in the repository is to

164. Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

165. Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?

166. Which one of the following considerations has the LEAST impact when considering transmission security?

167. The type of authorized interactions a subject can have with an object is

168. The stringency of an Information Technology (IT) security assessment will be determined by the

169. Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

170. An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?

171. Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

172. Which one of the following describes granularity?

173. What is the BEST method to detect the most common improper initialization problems in programming languages?

174. What component of a web application that stores the session state in a cookie an attacker can bypass?

175. What is the PRIMARY advantage of using automated application security testing tools?

176. An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule?

177. What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service?

178. A common challenge when implementing SAML for identity integration between an on-premise environment and an external identity provider service is that

179. Which of the following MOST influences the design of the organization's electronic monitoring policies?

180. With data labeling, which of the following MUST be the key decision maker?

181. A business has implemented PCI-DSS compliant handheld credit card processing on their WLAN. The network team created a private segment for processing using a firewall. What components are in the scope of PCI-DSS?

182. Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?

183. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following documents explains the proper use of the organization's assets?

184. The use of proximity card to gain access to a building is an example of what type of security control?

185. Which of the following describes the concept of a Single Sign-On (SSO) system?

186. According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

187. A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?

188. During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?

189. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?

190. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. When determining appropriate resource allocation, which of the following is MOST important to monitor?

191. When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?

192. A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

193. What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?

194. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. What is the MOST critical requirement for the third party?

195. Which of the following assures that rules are followed in an identity management architecture?

196. What is the MOST important reason to configure unique user IDs?

197. Which of the following is the MAIN goal of a data retention policy?

198. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. Which of the following is considered the MOST important priority for the information security officer?

199. The effectiveness of the security program can PRIMARILY be measured through

200. Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?

201. A thorough review of an organization’s audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

202. A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as

203. Which of the following BEST describes Recovery Time Objective (RTO)?

204. Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?

205. An organization experiencing a negative financial impact is forced to reduce budgets and the number of IT operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will MOST likely allow the organization to keep risk at an acceptable level?

206. If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the

207. Which item below is a federated identity standard?

208. Which of the following is the MOST beneficial to review when performing an IT audit?

209. Which of the following methods provides the MOST protection for user credentials?

210. What physical characteristic does a retinal scan biometric device measure?

211. Which of the following BEST mitigates a replay attack against a system using identity federation and SAML?

212. Which of the following is the BEST countermeasure to brute force login attacks?

213. What MUST the plan include to reduce client-side exploitation?

214. What is the MAIN feature that onion routing networks offer?

215. Which of the following is the MOST crucial for a successful audit plan?

216. Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program from being installed on the computer?

217. An organization's data policy MUST include a data retention period which is based on

218. What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?

219. Which of the following provides the BEST option for low maintenance and ease of deployment for remote access?

220. If the intrusion causes the system processes to hang, which of the following has been affected?

221. What is the PRIMARY reason for ethics awareness and related policy implementation?

222. Which of the following is the BEST reason to review audit logs periodically?

223. Which of the following violates identity and access management best practices?

224. Which of the following problems is not addressed by using OAuth 2.0 to integrate a third-party identity provider for a service?

225. When outsourcing a portion of IT to a third-party provider, the organization should ensure that the third party's physical security controls

226. Which of the following is the BEST solution to provide redundancy for telecommunications links?

227. Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

228. A Business Continuity Plan (BCP) is based on

229. An organization experiencing a negative financial impact is forced to reduce budgets and the number of IT operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will indicate where the IT budget is BEST allocated during this time?

230. According to best practice, which of the following is required when implementing third-party software in a production environment?

231. Which of the following is the MOST effective attack against cryptographic hardware modules?

232. For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?

233. An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?

234. Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?

235. Which of the following is the MOST difficult to enforce when using cloud computing?

236. What is the MOST effective countermeasure to a malicious code attack against a mobile system?

237. An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

238. Which of the following would be the FIRST step to take when implementing a patch management program?

239. What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?

240. When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?

241. Logical access control programs are MOST effective when they are

242. Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

243. The process of mutual authentication involves a computer system authenticating

244. The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using

245. Which of the following is a detective access control mechanism?

246. In addition to authentication at the start of the user session, best practice would require re-authentication

247. Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?

248. What is the ultimate objective of information classification?

249. The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide

250. A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step?

251. In a Bell-LaPadula system, which user cannot write to File 3?

252. The security program can be considered effective when

253. A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six-digit numeric password every 60 seconds. This is an example of

254. Which of the following is a critical factor for implementing a successful data classification program?

255. What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?

256. What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?

257. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. Which of the following is true according to the star property (*property)?

258. Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?

259. In the plan, what is the BEST approach to mitigate future internal client-based attacks?

260. What additional considerations are there if the third party is located in a different country?

261. During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

262. Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

263. A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

264. When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?

265. What is the MOST LIKELY security issue with degaussing a magnetic drive?

266. Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?

267. Where should the permitted access for each department and job classification combination be specified?

268. What is the PRIMARY concern regarding database information after unauthorized access?

269. When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?

270. Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?

271. Which of the following are required components for implementing software configuration management systems?

272. A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s IT department discovers that a peer-to-peer program has been installed on the computer using the employee's access. Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?

273. Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage?

274. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?

275. An organization experiencing a negative financial impact is forced to reduce budgets and the number of IT operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of the following will be the PRIMARY security concern as staff is released from the organization?

276. Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?

277. Which of the following is required to determine classification and ownership?

278. From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?

279. What is the MOST critical factor to achieve the goals of a security program?

280. Desktop computers in an organization were sanitized for re-use in an equivalent security environment. Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?

281. The amount of data that will be collected during an audit is PRIMARILY determined by the

282. During an investigation of database theft from an organization's website, it was determined that the SQL injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?

283. Without proper signal protection, embedded systems may be prone to which type of attack?

284. An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?

285. In a Multilevel Security (MLS) system with increasing sensitivity labels (restricted, confidential, secret, top secret), and following the Bell-LaPadula model, which user has the MOST restrictions when writing data?

286. What security risk does the role-based access approach mitigate MOST effectively?

287. What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?

288. Which type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?

289. The implementation of which feature in an identity management system reduces costs and administration overhead while improving audit and accountability?

290. Which of the following explains why record destruction requirements are included in a data retention policy?

291. When writing security assessment procedures, what is the MAIN purpose of the test outputs and reports?

292. The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?

293. Network-based logging has which advantage over host-based logging when reviewing malicious activity on a victim machine?

294. Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?

295. From a cryptographic perspective, the service of non-repudiation includes which of the following features?

296. The application of which of the following standards would BEST reduce the potential for data breaches?

297. What is the MOST effective method of testing custom application code?

298. The PRIMARY purpose of accreditation is to

299. Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?

300. Reciprocal backup site agreements are considered to be

301. A vulnerability in which of the following components would be MOST difficult to detect?

302. What does an organization FIRST review to assure compliance with privacy requirements?

303. Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?

304. Which of the following is the PRIMARY security concern associated with the implementation of smart cards?

305. How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?

306. The MAIN reason an organization conducts a security authorization process is to

307. Which of the following is the MOST effective method of mitigating data theft from an active user workstation?

308. Which of the following information MUST be provided for user account provisioning?

309. To protect auditable information, which of the following MUST be configured to only allow read access?

310. Which of the following countermeasures is the MOST effective in defending against a social engineering attack?

311. Data remanence refers to which of the following?

312. Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

313. Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?

314. An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such a requirement?

315. Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?

316. What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?

317. Which one of the following operates at the session, transport, or network layer of the Open Systems Interconnection (OSI) model?

318. An organization’s information security strategic plan MUST be reviewed

319. The BEST method to mitigate the risk of a dictionary attack on a system is to

320. Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?

321. Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?

322. Which of the following describes the BEST configuration management practice?

323. Which of the following primarily contributes to security incidents in web-based applications?

324. While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered-off devices. What is the correct procedure for handling such equipment?

325. Which of the following is the best method to assess the effectiveness of an organization's vulnerability management program?

326. Which of the following questions can be answered using user and group entitlement reporting?

327. The goal of a Business Continuity Plan (BCP) training and awareness program is to

328. How can lessons learned from business continuity training and actual recovery incidents BEST be used?

329. The World Trade Organization's (WTO) agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) requires authors of computer software to be given the

330. An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?

331. Which of the following restricts the ability of an individual to carry out all the steps of a particular process?

332. When planning a penetration test, the tester will be MOST interested in which information?

333. Which of the following BEST describes a rogue Access Point (AP)?

334. Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

335. Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

336. Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform

337. A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?

338. Which of the following secures web transactions at the Transport Layer?

339. What balance MUST be considered when web application developers determine how informative application error messages should be constructed?

340. During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?

341. What is a characteristic of Secure Socket Layer (SSL) and Transport Layer Security (TLS)?

342. After acquiring the latest security updates, what must be done before deploying to production systems?

343. Which of the following roles has the obligation to ensure that a third-party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

344. If compromised, which of the following would lead to the exploitation of multiple virtual machines?