1 / 40
At which of the following phases of a software development life cycle are security and access controls normally designed?
Bi daha dene!
Iste bu bebek!
2 / 40
What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own ban account?
3 / 40
Detection capabilities of Host-based ID systems are limited by the incompleteness of which of the following?
4 / 40
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?
5 / 40
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
6 / 40
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
7 / 40
Which of the following BEST describes the responsibilities of a data owner?
8 / 40
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
9 / 40
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
10 / 40
What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?
11 / 40
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
12 / 40
Which of the following is the FIRST step in the incident response process?
13 / 40
A continuous information security monitoring program can BEST reduce risk through which of the following?
14 / 40
In a financial institution, who has the responsibility for assigning the classification to a piece of information?
15 / 40
Which of the following is considered best practice for preventing e-mail spoofing?
16 / 40
The overall goal of a penetration test is to determine a system’s
17 / 40
Which of the following statements is TRUE for point-to-point microwave transmissions?
18 / 40
Following the completion of a network security assessment, which of the following can BEST be demonstrated?
19 / 40
A disadvantage of an application filtering firewall is that it can lead to
20 / 40
Which of the following is the FIRST step of a penetration test plan?
21 / 40
Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?
22 / 40
Which of the following is an effective method for avoiding magnetic media data remanence?
23 / 40
Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?
24 / 40
Which of the following is an appropriate source for test data?
25 / 40
What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?
26 / 40
Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?
27 / 40
Contingency plan exercises are intended to do which of the following?
28 / 40
The BEST method of demonstrating a company’s security level to potential customers is
29 / 40
An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?
30 / 40
Which of the following is a security limitation of File Transfer Protocol (FTP)?
31 / 40
The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide
32 / 40
A practice that permits the owner of a data object to grant other users access to that object would usually provide
33 / 40
What is an effective practice when returning electronic storage media to third parties for repair?
34 / 40
According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?
35 / 40
When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?
36 / 40
Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?
37 / 40
A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?
38 / 40
What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?
39 / 40
What is the PRIMARY reason for ethics awareness and related policy implementation?
40 / 40
An organization’s data policy MUST include a data retention period which is based on
Your score is
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.