1 / 40

What MUST each information owner do when a system contains data from multiple information owners?

2 / 40

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the
end of which phase?

3 / 40

As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

4 / 40

What is the BEST location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access?

5 / 40

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.
In which phase of the assessment was this error MOST likely made?

6 / 40

An organization plan on purchasing a custom software product developed by a small vendor to support its business model.
Which unique consideration should be made part of the contractual agreement potential long-term risks associated with creating this dependency?

7 / 40

In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?

8 / 40

An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications.
Which of the following would be MOST effective in mitigating this vulnerability?

9 / 40

What does electronic vaulting accomplish?

10 / 40

Which of the following is the MOST important security goal when performing application interface testing?

11 / 40

Which of the following is a responsibility of the information owner?

12 / 40

A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack targeting its web application, unless ransom is paid. Which of the following techniques BEST addresses that threat?

13 / 40

Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

14 / 40

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

15 / 40

Which of the following is the BEST Identity-as-a-Service (IDaaS) solution for validating users?

16 / 40

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

17 / 40

An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies.
What code of ethics canon is being observed?

18 / 40

Mandatory Access Controls (MAC) are based on:

19 / 40

What is the MAIN purpose of a change management policy?

20 / 40

Which of the following is a characteristic of an internal audit?

21 / 40

What Is the GREATEST challenge of an agent-based patch management solution?

22 / 40

The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity?

23 / 40

Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?

24 / 40

As a best practice, the Security Assessment Report (SAR) should include which of the following sections?

25 / 40

In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?

26 / 40

When writing security assessment procedures, what is the MAIN purpose of the test outputs and reports?

27 / 40

The goal of a Business Impact Analysis (BIA) is to determine which of the following?

28 / 40

What is the difference between media marking and media labeling?

29 / 40

Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?

30 / 40

From a cryptographic perspective, the service of non-repudiation includes which of the following features?

31 / 40

An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

32 / 40

A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

33 / 40

An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?

34 / 40

The PRIMARY purpose of accreditation is to:

35 / 40

What is the BEST way to encrypt web application communications?

36 / 40

At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled?

37 / 40

Which of the following is the MAIN reason for using configuration management?

38 / 40

What is an advantage of Elliptic Curve Cryptography (ECC)?

39 / 40

What does the Maximum Tolerable Downtime (MTD) determine?

40 / 40

Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

Leave a Reply

Your email address will not be published. Required fields are marked *