1 / 40

A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections?

2 / 40

Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?

3 / 40

A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results.
What should be implemented to BEST achieve the desired results?

4 / 40

As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

5 / 40

From a security perspective, which of the following assumptions MUST be made about input to an application?

6 / 40

Which one of the following considerations has the LEAST impact when considering transmission security?

7 / 40

In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?

8 / 40

Who would be the BEST person to approve an organizations information security policy?

9 / 40

Which of the following alarm systems is recommended to detect intrusions through windows in a high- noise, occupied environment?

10 / 40

Proven application security principles include which of the following?

11 / 40

Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?

12 / 40

A company seizes a mobile device suspected of being used in committing fraud. What would be the BEST method used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence?

13 / 40

Why is planning in Disaster Recovery (DR) an interactive process?

14 / 40

A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?

15 / 40

What does electronic vaulting accomplish?

16 / 40

Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

17 / 40

When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

18 / 40

Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

19 / 40

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

20 / 40

Digital certificates used in Transport Layer Security (TLS) support which of the following?

21 / 40

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

22 / 40

Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?

23 / 40

Access to which of the following is required to validate web session management?

24 / 40

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

25 / 40

Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

26 / 40

A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and communications are established.
What MUST be considered or evaluated before performing the next step?

27 / 40

In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of

28 / 40

Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

29 / 40

How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?

30 / 40

Reciprocal backup site agreements are considered to be

31 / 40

When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?

32 / 40

In order to assure authenticity, which of the following are required?

33 / 40

An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

34 / 40

A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

35 / 40

What is the BEST way to encrypt web application communications?

36 / 40

Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

37 / 40

Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?

38 / 40

What balance MUST be considered when web application developers determine how informative application error messages should be constructed?

39 / 40

The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?

40 / 40

What does the Maximum Tolerable Downtime (MTD) determine?

Leave a Reply

Your email address will not be published. Required fields are marked *