1 / 40

At which of the following phases of a software development life cycle are security and access controls normally designed?

2 / 40

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own ban account?

3 / 40

Detection capabilities of Host-based ID systems are limited by the incompleteness of which of the following?

4 / 40

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

5 / 40

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

6 / 40

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

7 / 40

Which of the following BEST describes the responsibilities of a data owner?

8 / 40

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

9 / 40

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

10 / 40

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

11 / 40

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

12 / 40

Which of the following is the FIRST step in the incident response process?

13 / 40

A continuous information security monitoring program can BEST reduce risk through which of the following?

14 / 40

In a financial institution, who has the responsibility for assigning the classification to a piece of information?

15 / 40

Which of the following is considered best practice for preventing e-mail spoofing?

16 / 40

The overall goal of a penetration test is to determine a system’s

17 / 40

Which of the following statements is TRUE for point-to-point microwave transmissions?

18 / 40

Following the completion of a network security assessment, which of the following can BEST be demonstrated?

19 / 40

A disadvantage of an application filtering firewall is that it can lead to

20 / 40

Which of the following is the FIRST step of a penetration test plan?

21 / 40

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

22 / 40

Which of the following is an effective method for avoiding magnetic media data remanence?

23 / 40

Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?

24 / 40

Which of the following is an appropriate source for test data?

25 / 40

What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?

26 / 40

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

27 / 40

Contingency plan exercises are intended to do which of the following?

28 / 40

The BEST method of demonstrating a company’s security level to potential customers is

29 / 40

An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?

30 / 40

Which of the following is a security limitation of File Transfer Protocol (FTP)?

31 / 40

The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide

32 / 40

A practice that permits the owner of a data object to grant other users access to that object would usually provide

33 / 40

What is an effective practice when returning electronic storage media to third parties for repair?

34 / 40

According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

35 / 40

When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?

36 / 40

Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?

37 / 40

A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?

38 / 40

What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?

39 / 40

What is the PRIMARY reason for ethics awareness and related policy implementation?

40 / 40

An organization’s data policy MUST include a data retention period which is based on

Leave a Reply

Your email address will not be published. Required fields are marked *