1 / 40

What is the MAIN goal of information security awareness and training?

2 / 40

A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results.
What should be implemented to BEST achieve the desired results?

3 / 40

From a security perspective, which of the following assumptions MUST be made about input to an application?

4 / 40

Unused space in a disk cluster is important in media analysis because it may contain which of the following?

5 / 40

Which security modes is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data?

6 / 40

Which of the following alarm systems is recommended to detect intrusions through windows in a high- noise, occupied environment?

7 / 40

What is the foundation of cryptographic functions?

8 / 40

Which of the following is the MOST important security goal when performing application interface testing?

9 / 40

Which of the following is the MOST challenging issue in apprehending cyber criminals?

10 / 40

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

11 / 40

An organization’s security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is being used?

12 / 40

The use of private and public encryption keys is fondamental in the implementation of which of the following?

13 / 40

Which of the following combinations would MOST negatively affect availability?

14 / 40

Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

15 / 40

Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?

16 / 40

Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals?

17 / 40

Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

18 / 40

Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

19 / 40

In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of

20 / 40

Which of the following is needed to securely distribute symmetric cryptographic keys?

21 / 40

Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?

22 / 40

In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?

23 / 40

How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?

24 / 40

The goal of a Business Impact Analysis (BIA) is to determine which of the following?

25 / 40

An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

26 / 40

Which of the following BEST describes a chosen plaintext attack?

27 / 40

Which of the following information MUST be provided for user account provisioning?

28 / 40

A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

29 / 40

What operations role is responsible for protecting the enterprise from corrupt or contaminated media?

30 / 40

What is the BEST way to encrypt web application communications?

31 / 40

A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually?

32 / 40

Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

33 / 40

At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled?

34 / 40

Which of the following is the MAIN reason for using configuration management?

35 / 40

Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item?

36 / 40

A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?

37 / 40

What balance MUST be considered when web application developers determine how informative application error messages should be constructed?

38 / 40

Which of the following would BEST describe the role directly responsible for data within an organization?

39 / 40

In configuration management, what baseline configuration information MUST be maintained for each computer system?

40 / 40

Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

Leave a Reply

Your email address will not be published. Required fields are marked *