Exams 5

Exam 5 Questions.

Enter email to receive results:

134

General Security Principles

134

Security and Risk Management

Security Assessment and Testing

Security Operations

Identity and Access Management (IAM)

Communication and Network Security

Asset Security

Security Architecture and Engineering

Software Development Security

Page 1 of 9

General Security Principles

1. Which of the following is a weakness of Wired Equivalent Privacy (WEP)?{

Built-in provision to rotate keys

Protection against message replay

Length of Initialization Vector (IV)

Detection of message tampering

2. Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?{

Applying Access Control Lists (ACL) to the data

Appending non-watermarked data to watermarked data

Truncating parts of the data

Storing the data in a database

3. Which of the following alarm systems is recommended to detect intrusions through windows in a high-noise, occupied environment?{

Photoelectric sensor

Shock sensor

Motion sensor

Acoustic sensor

4. Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals?{

Information security department

Senior management

All users

Audit committee

5. Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?{

Synchronized session tokens

Use strong ciphers

Whitelist input values

Parameterized database queries

6. Which of the BEST internationally recognized standard for evaluating security products and systems?{

Common Criteria (CC)

Health Insurance Portability and Accountability Act (HIPAA)

Payment Card Industry Data Security Standards (PCI-DSS)

Sarbanes-Oxley (SOX)

7. An organization has discovered that users are visiting unauthorized websites using anonymous proxies. Which of the following is the BEST way to prevent future occurrences?{

Analyze Internet Protocol (IP) traffic for proxy requests

Remove the anonymity from the proxy

Disable the proxy server on the firewall

Block the Internet Protocol (IP) address of known anonymous proxies

8. Which of the following is the MOST common method of memory protection?{

Virtual Local Area Network (VLAN) tagging

Compartmentalization

Segmentation

Error correction

9. Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?{

Code review

Buffer division

Memory review

Message division

10. Who is responsible for the protection of information when it is shared with or provided to other organizations?{

Information owner

Security officer

Systems owner

Authorizing Official (AO)

11. Which of the following techniques is known to be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections?{

Fuzzing

Manual code review

Automated dynamic analysis

Automated static analysis

12. What does a Synchronous (SYN) flood attack do?{

Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state

Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections

Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections

Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests

13. Which of the following is a responsibility of the information owner?{

Ensure that users and personnel complete the required security training to access the Information System (IS)

Defining proper access to the Information System (IS), including privileges or access rights

Managing identification, implementation, and assessment of common security controls

Ensuring the Information System (IS) is operated according to agreed upon security requirements

14. Which of the following is a responsibility of the information owner?{

Ensuring the Information System (IS) is operated according to agreed-upon security requirements

Defining proper access to the Information System (IS), including privileges or access rights

Ensure that users and personnel complete the required security training to access the Information System (IS)

Managing identification, implementation, and assessment of common security controls

15. Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?{

Establish a risk management strategy

Undergo a security assessment as part of the authorization process

Establish policies and procedures on system and services acquisition

Harden the hosting server and perform vulnerability scans

16. What is the PRIMARY goal of fault tolerance?{

Containment to prevent propagation

Single point of repair

Elimination of single point of failure

Isolation using a sandbox

17. Attack trees are MOST useful for which of the following?{

Enumerating threats

Determining system security scopes

Generating attack libraries

Evaluating Denial of Service (DoS) attacks

18. What is the PRIMARY goal of fault tolerance?{

Isolation using a sandbox

Single point of repair

Containment to prevent propagation

Elimination of single point of failure

19. Attack trees are MOST useful for which of the following?{

Determining system security scopes

Enumerating threats

Generating attack libraries

Evaluating Denial of Service (DoS) attacks

20. Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?{

Data quality, provenance, and scaling

Distributed, agile, and bench testing

Code quality, security, and origin

Architecture, hardware, and firmware

21. Which of the following is the MOST challenging issue in apprehending cyber criminals?{

There is often no physical evidence involved

They often use sophisticated methods to commit a crime

It is often hard to collect and maintain the integrity of digital evidence

The crime is often committed from a different jurisdiction

22. A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections?{

Encrypt removable USB devices containing data at rest

Develop a written organizational policy prohibiting unauthorized USB devices

Train users on the dangers of transferring data in USB devices

Implement centralized technical control of USB port connections

23. When developing a business case for updating a security program, the security program owner MUST do which of the following?{

Interview executive management

Prepare performance test reports

Identify relevant metrics

Obtain resources for the security program

24. Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?{

Maintaining segregation of duties

Standardized configurations for logging, alerting, and security metrics

Achieving Service Level Agreements (SLA) on how quickly patches will be released when a security flaw is found

Availability of security teams at the end of design process to perform last-minute manual audits and reviews

25. Which of the following combinations would MOST negatively affect availability?{

Unauthorized transactions and denial of service attacks

Unauthorized transactions and outdated hardware

Fire and accidental changes to data

Denial of Service (DoS) attacks and outdated hardware

Page 2 of 9

Security and Risk Management

26. In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs?{

Modifying source code without approval

Promoting programs to production without approval

Developers using Rapid Application Development (RAD) methodologies without approval

Developers checking out source code without approval

27. Who would be the BEST person to approve an organization's information security policy?{

Chief Information Security Officer (CISO)

Chief Executive Officer (CEO)

Chief Information Officer (CIO)

Chief internal auditor

28. A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results. What should be implemented to BEST achieve the desired results?{

Configuration Management Database (CMDB)

Source code repository

Configuration Management Plan (CMP)

System performance monitoring application

29. A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?{

Verify all contracts before a merger occurs

Include a procurement officer in the merger team

Define additional security controls directly after the merger

Assign a compliance officer to review the merger conditions

30. A control to protect from a Denial-of-Service (DoS) attack has been determined to stop 50% of attacks and additionally reduces the impact by 50%. What is the residual risk?{

100%

50%

25%

75%

31. Which of the following is the BEST reason for writing an information security policy?{

To support information security governance

To deter attackers

To implement effective information security controls

To reduce the number of audit findings

32. What is the expected outcome of security awareness in support of a security awareness program?{

Awareness is not training. The purpose of awareness presentation is simply to focus attention on security

Awareness is not an activity or part of the training but rather a state of persistence to support the program

Awareness activities should be used to focus on security concerns and respond to those concerns accordingly

Awareness is training. The purpose of awareness presentations is to broaden attention of security

33. When determining who can accept the risk associated with a vulnerability, which of the following is the MOST important?{

Countermeasure effectiveness

Incident likelihood

Type of potential loss

Information ownership

34. Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?{

Publishing a corporate business continuity and disaster recovery plan on the corporate website

Designing business continuity and disaster recovery training programs for different audiences

Conducting business continuity and disaster recovery training for those who have a direct role in the recovery

Having emergency contacts established for the general employee population to get information

35. An organization plans on purchasing a custom software product developed by a small vendor to support its business model. Which unique consideration should be made part of the contractual agreement to mitigate potential long-term risks?{

Right to request an independent review of the software source code

A source code escrow clause

Access to the technical documentation

Due diligence form requesting statements of compliance with security requirements

36. What is the MAIN purpose of a change management policy?{

To verify that changes to the IT infrastructure are approved

To identify the changes that may be made to the IT infrastructure

To assure management that changes to the IT infrastructure are necessary

To determine the necessity for implementing modifications to the IT infrastructure

37. Which security access policy contains fixed security attributes that are used by the system to determine a user’s access to a file or object?{

Authorized user control

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Access Control List (ACL)

38. Assessing a third party’s risk by counting bugs in the code may not be the best measure of an attack surface. Which of the following is LEAST associated with the attack surface?{

Input protocols

Access rights

Error messages

Target processes

39. Assessing a third party’s risk by counting bugs in the code may not be the best measure of an attack surface. Which of the following is LEAST associated with the attack surface?{

Access rights

Input protocols

Target processes

Error messages

40. What is the FIRST step in establishing an information security program?{

Establish baseline security controls

Establish an information security policy

Identify factors affecting information security

Identify critical security infrastructure

41. What are the steps of a risk assessment?{

Identification, evaluation, mitigation

Identification, analysis, evaluation

Analysis, evaluation, mitigation

Classification, identification, risk management

42. Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?{

Data stewardship roles, data handling and storage standards, data lifecycle requirements

System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements

Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements

System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

43. What is the MAIN goal of information security awareness and training?{

To inform users of the latest malware threats

To inform users of information assurance responsibilities

To comply with the organization information security policy

To prepare students for certification

Page 3 of 9

Security Assessment and Testing

44. At a MINIMUM, audits of permissions to individual or group accounts should be scheduled{

continually

annually

to correspond with staff promotions

to correspond with terminations

45. It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?{

Establish access for IT management

Log vulnerability summary reports to a secured server

Enable scanning during off-peak hours

Negotiate schedule with the Information Technology (IT) operation’s team

46. A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was this error MOST likely made?{

Detection

Discovery

Reporting

Enumeration

47. Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization’s systems?{

Automated system patching

Standardized patch testing equipment

Management support for patching

Standardized configurations for devices

48. As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?{

Denial of Service (DoS)

Known-plaintext attack

Structured Query Language (SQL) injection

Cookie manipulation

49. As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?{

Use a web scanner to scan for vulnerabilities within the website

Perform a code review to ensure that the database references are properly addressed

Enter only numbers in the web form and verify that the website prompts the user to enter valid input

Establish a secure connection to the web server to validate that only the approved ports are open

50. Which of the following is the MOST important security goal when performing application interface testing?{

Verify compatibility of software, hardware, and network connections

Examine error conditions related to external interfaces to prevent application details leakage

Evaluate whether systems or components pass data and control correctly to one another

Confirm that all platforms are supported and function properly

51. Which type of test would an organization perform in order to locate and target exploitable defects?{

Performance

Vulnerability

System

Penetration

52. Which of the following is a characteristic of an internal audit?{

The internal audit schedule is published to the organization well in advance

The internal auditor reports to the Information Technology (IT) department

Management is responsible for reading and acting upon the internal audit results

An internal audit is typically shorter in duration than an external audit

53. Which type of test would an organization perform in order to locate and target exploitable defects?{

System

Penetration

Vulnerability

Performance

54. Which of the following is a characteristic of an internal audit?{

Management is responsible for reading and acting upon the internal audit results

The internal auditor reports to the Information Technology (IT) department

The internal audit schedule is published to the organization well in advance

An internal audit is typically shorter in duration than an external audit

Page 4 of 9

Security Operations

55. What does electronic vaulting accomplish?{

It ensures the fault tolerance of Redundant Array of Independent Disks (RAID) systems

It protects critical files

It automates the Disaster Recovery Process (DRP)

It stripes all database records

56. An IT professional attends a cybersecurity seminar on current incident response methodologies. What code of ethics canon is being observed?{

Provide diligent and competent service to principals

Protect society, the commonwealth, and the infrastructure

Act honorably, honestly, justly, responsibly, and legally

Advance and protect the profession

57. Which of the following is a direct monetary cost of a security incident?{

Morale

Equipment

Reputation

Information

58. A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and communications are established. What MUST be considered or evaluated before performing the next step?{

Notifying law enforcement is crucial before hashing the contents of the server hard drive

Copying the contents of the hard drive to another storage device may damage the evidence

Identifying who executed the incident is more important than how the incident happened

Removing the server from the network may prevent catching the intruder

59. Why is planning in Disaster Recovery (DR) an interactive process?{

It details off-site storage plans

It identifies omissions in the plan

It defines the objectives of the plan

It forms part of the awareness process

Page 5 of 9

Identity and Access Management (IAM)

60. Which of the following is a common feature of an Identity as a Service (IDaaS) solution?{

Multi-Factor Authentication (MFA) enforcement

Role-Based Access Control (RBAC)

Privileged user authentication support

Single Sign-On (SSO) authentication support

61. A security practitioner is tasked with securing the organization’s Wireless Access Points (WAP). Which of these is the MOST effective way of restricting this environment to authorized users?{

Disable the broadcast of the Service Set Identifier (SSID) name

Enable Wi-Fi Protected Access 2 (WPA2) encryption on the wireless access point

Create Access Control Lists (ACL) based on Media Access Control (MAC) addresses

Change the name of the Service Set Identifier (SSID) to a random value not associated with the organization

62. Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?{

Segregation of duties is automatically enforced

Data confidentiality is increased

Password requirements are simplified

Risk associated with orphan accounts is reduced

63. Which of the following is the GREATEST benefit of implementing a Role-Based Access Control (RBAC) system?{

Form-based user registration process

A considerably simpler provisioning process

Integration using Lightweight Directory Access Protocol (LDAP)

Integration with the organization’s Human Resources system

64. Which of the following is the BEST metric to obtain when gaining support for an Identity and Access Management (IAM) solution?{

Employee system timeouts from implementing wrong limits

Application connection successes resulting in data leakage

Help desk costs required to support password reset requests

Administrative costs for restoring systems after connection failure

65. Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?{

Reduce the probability of identification

Maintain and expand control

Destabilize the operation of the host

Detect further compromise of the target

66. Access to which of the following is required to validate web session management?{

Live session traffic

Log timestamp

Session state variables

Test scripts

67. Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?{

Maintain and expand control

Destabilize the operation of the host

Reduce the probability of identification

Detect further compromise of the target

68. Access to which of the following is required to validate web session management?{

Test scripts

Live session traffic

Session state variables

Log timestamp

69. What is the second step in the identity and access provisioning lifecycle?{

Approval

Review

Provisioning

Revocation

70. Which of the following is the BEST Identity-as-a-Service (IDaaS) solution for validating users?{

Open Authentication (OAuth)

Security Assertion Markup Language (SAML)

Single Sign-On (SSO)

Lightweight Directory Access Protocol (LDAP)

71. Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)?{

Define a standard protocol

Manage resource privileges

Share digital identities in hybrid cloud

Minimize malicious attacks from third parties

72. The organization would like to deploy an authorization mechanism for an Information Technology (IT) infrastructure project with high employee turnover. Which access control mechanism would be preferred?{

Role-Based Access Control (RBAC)

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Attribute Based Access Control (ABAC)

73. Which access management procedure would minimize the possibility of an organization's employees retaining access to secure work areas after they change roles?{

User access modification

User access recertification

User access provisioning

User access termination

Page 6 of 9

Communication and Network Security

74. Within the company, desktop clients receive Internet Protocol (IP) addresses over Dynamic Host Configuration Protocol (DHCP). Which of the following represents a valid measure to help protect the network against unauthorized access?{

Implement port-based security through 802.1x

Implement path management

Implement DHCP to assign IP addresses to server systems

Implement change management

75. After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT affect the network security posture?{

Review the results of the most recent vulnerability scan

Conduct an Assessment and Authorization (A&A)

Conduct a gap analysis with the baseline configuration

Conduct a security impact analysis

76. Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?{

Access recovery

Multi-factor authentication (MFA)

User access review

Identity provisioning

77. A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled. Why did the network architect likely design the VoIP system with gratuitous ARP disabled?{

Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone

Gratuitous ARP requires the use of insecure layer 3 protocols

Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack

Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1

78. An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third-party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?{

Elliptic Curve Cryptography (ECC) algorithm

Rivest-Shamir-Adleman (RSA) algorithm

Digital Signature algorithm (DSA)

Diffie-Hellman (DH) algorithm

79. Which of the following is the BEST way to reduce the impact of an externally sourced flood attack?{

Have the source service provider block the address

Block all inbound traffic until the flood ends

Have the service provider block the source address

Block the source address at the firewall

80. Which of the following is the BEST way to reduce the impact of an externally sourced flood attack?{

Block all inbound traffic until the flood ends

Have the service provider block the source address

Have the source service provider block the address

Block the source address at the firewall

81. Proven application security principles include which of the following?{

Accepting infrastructure security controls

Hardening the network perimeter

Minimizing attack surface area

Developing independent modules

82. What protocol is often used between gateway hosts on the Internet?{

Internet Control Message Protocol (ICMP)

Exterior Gateway Protocol (EGP)

Border Gateway Protocol (BGP)

Open Shortest Path First (OSPF)

83. A company seizes a mobile device suspected of being used in committing fraud. What would be the BEST method used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence?{

Suspend the account with the telecommunication provider

Remove the SIM card

Turn the device off

Put the device in airplane mode

84. What is the BEST location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access?{

Outside the external firewall

At the Internet Service Provider (ISP)

In its own separate Virtual Local Area Network (VLAN)

In a dedicated Demilitarized Zone (DMZ)

85. In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?{

The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly

The second of two routers can periodically check in to make sure that the first router is operational

The first of two routers can better handle specific traffic, while the second handles the rest of the traffic seamlessly

The second of two routers can better absorb a Denial of Service (DoS) attack knowing the first router is present

86. Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/internet Protocol (TCP/IP) traffic?{

Stateful inspection firewall

Content-filtering proxy

Application-level firewall

Packet-filter firewall

87. A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?{

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

Point-to-Point Protocol (PPP) and Internet Control Message Protocol (ICMP)

Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP)

88. Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?{

Server authentication

Mutual authentication

Streaming ciphertext data

User authentication

89. In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is placed into an isolated domain. What should be done on this device to obtain proper connectivity?{

Change the Message Authentication Code (MAC) address of the network interface

Apply Operating System (OS) patches

Apply remediations according to security requirements

Connect the device to another network jack

Page 7 of 9

Asset Security

90. An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject’s data?{

Aggregate it into one database in the US

Process it in the US, but store the information in France

Anonymize it and process it in the US

Share it with a third party

91. What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?{

Destruction

Purging

Clearing

Encryption

92. Which security mode is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data?{

Biba

Graham-Denning

Clark-Wilson

Bell-LaPadula

93. Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?{

Inert gas fire suppression system

Wet-pipe sprinklers

Dry-pipe sprinklers

Halon gas fire suppression system

94. Which of the following is a common characteristic of privacy?{

Provision for maintaining an audit trail of access to the private data

Notice to the subject of the existence of a database containing relevant credit card data

Database requirements for integration of privacy data

Process for the subject to inspect and correct personal data on-site

95. Which of the following is the MOST appropriate action when reusing media that contains sensitive data?{

Erase

Sanitize

Encrypt

Degauss

96. Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?{

Security governance

Risk assessment

Security portfolio management

Risk management

97. Unused space in a disk cluster is important in media analysis because it may contain which of the following?{

Information about the File Allocation Table (FAT)

Residual data that has not been overwritten

Information about patches and upgrades to the system

Hidden viruses and Trojan horses

98. Which of the following is MOST appropriate for protecting confidentiality of data stored on a hard drive?{

Triple Data Encryption Standard (3DES)

Advanced Encryption Standard (AES)

Message Digest 5 (MD5)

Secure Hash Algorithm 2 (SHA-2)

99. The core component of Role Based Access Control (RBAC) must be constructed of defined data elements. Which elements are required?{

Users, permissions, operations, and protected objects

Users, roles, operations, and protected objects

Roles, accounts, permissions, and protected objects

Roles, operations, accounts, and protected objects

100. The core component of Role-Based Access Control (RBAC) must be constructed of defined data elements. Which elements are required?{

Users, permissions, operations, and protected objects

Roles, operations, accounts, and protected objects

Roles, accounts, permissions, and protected objects

Users, roles, operations, and protected objects

101. Which one of the following data integrity models assumes a lattice of integrity levels?{

Harrison-Ruzzo

Bell-LaPadula

Biba

Take-Grant

102. The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data{

in the Payload Compression Protocol (PCP)

through a firewall at the Session layer

in the Point-to-Point Protocol (PPP)

through a firewall at the Transport layer

103. The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data{

through a firewall at the Transport layer

through a firewall at the Session layer

in the Payload Compression Protocol (PCP)

in the Point-to-Point Protocol (PPP)

104. A responsibility of a data steward is to ensure that{

the data governance effort aligns with the organization

data governance interviews are conducted within the organization

data governance requirements are documented

data decisions and impacts are communicated to the organization

105. What MUST each information owner do when a system contains data from multiple information owners?{

Provide input to the Information System (IS) owner regarding the security requirements of the data

Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate

Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data

Move the data to an Information System (IS) that does not contain data owned by other information owners

106. When conducting a security assessment of access controls, which activity is part of the data analysis phase?{

Conduct statistical sampling of data transactions

Collect logs and reports

Present solutions to address audit exceptions

Categorize and identify evidence gathered during the audit

107. During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL): `http://www.companysite.com/products/products.asp?productid=123 or 1=1`. What type of attack does this indicate?{

Cross-Site Scripting (XSS)

Shellcode injection

Structured Query Language (SQL) injection

Directory traversal

108. A chemical plant wants to upgrade its Industrial Control System (ICS) to transmit data using Ethernet instead of RS422, and to simplify administration by using the office network. Which of the following is the GREATEST impact on security?{

The ICS does not support the office password policy

The network administrators have no knowledge of ICS

RS422 is more reliable than Ethernet

The ICS is now accessible from the office network

109. An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach, who is responsible for monetary losses?{

The application developers

The data owner

The Cloud Service Provider (CSP)

The Data Protection Authority (DPA)

110. When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?{

Provide links to security policies

Log all activities associated with sensitive systems

Employ strong access controls

Confirm that confidentiality agreements are signed

Page 8 of 9

Security Architecture and Engineering

111. Digital certificates used in Transport Layer Security (TLS) support which of the following?{

Multi-Factor Authentication (MFA)

Server identity and data confidentiality

Non-repudiation controls and data encryption

Information input validation

112. An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correctly implemented the new standard?{

Perform a compliance review

Train the technical staff

Perform a penetration test

Survey the technical staff

113. Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?{

Transport layer handshake compression

Application layer negotiation

Digital certificate revocation

Peer identity authentication

114. “Stateful” differs from “Static” packet filtering firewalls by being aware of which of the following?{

Originating application session

Difference between a malicious and a benign packet payload

Difference between a new and an established connection

Originating network location

115. A minimal implementation of endpoint security includes which of the following?{

Token-based authentication

Host-based firewalls

Trusted platforms

Wireless Access Points (AP)

116. What can happen when an Intrusion Detection System (IDS) is installed inside a firewall-protected internal network?{

The IDS can detect failed administrator logon attempts from servers

The firewall can increase the number of packets to analyze

The firewall can detect failed administrator login attempts from servers

The IDS can increase the number of packets to analyze

117. What is the foundation of cryptographic functions?{

Cipher

Hash

Entropy

Encryption

Page 9 of 9

Software Development Security

118. Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic?{

Access layer switch

Application proxy

Network boundary router

Port filter

119. What is the PRIMARY role of a scrum master in agile development?{

To project manage the software delivery

To choose the integrated development environment

To choose the primary development language

To match the software requirements to the delivery plan

120. The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity?{

Input validation

Device encryption

Digital signing

Application authentication

121. From a security perspective, which of the following assumptions MUST be made about input to an application?{

It is logged

It is tested

It is untrusted

It is verified

122. Which of the following is considered a secure coding practice?{

Use checksums to verify the integrity of libraries

Use concurrent access for shared variables and resources

Use new code for common tasks

Use dynamic execution functions to pass user-supplied data

123. A company receives an email threat informing of an imminent Distributed Denial of Service (DDoS) attack targeting its web application unless a ransom is paid. Which of the following techniques BEST addresses that threat?{

Implementing reverse web-proxies to validate each new inbound connection

Set Up Web Application Firewalls (WAFs) to filter out malicious traffic

Coordinate with and utilize capabilities within Internet Service Provider (ISP)

Deploying load balancers to distribute inbound traffic across multiple data centers

124. A company receives an email threat informing of an imminent Distributed Denial of Service (DDoS) attack targeting its web application unless a ransom is paid. Which of the following techniques BEST addresses that threat?{

Implementing reverse web-proxies to validate each new inbound connection

Coordinate with and utilize capabilities within Internet Service Provider (ISP)

Set Up Web Application Firewalls (WAFs) to filter out malicious traffic

Deploying load balancers to distribute inbound traffic across multiple data centers

125. When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified?{

Initiation

Review

Implementation

Development

General Security Principles

Security and Risk Management

Security Assessment and Testing

Security Operations

Identity and Access Management (IAM)

Communication and Network Security

Asset Security

Security Architecture and Engineering

Software Development Security

Submit a Comment Cancel reply

Latest Posts

stay connected

Quick links

Guaranteed by