1 / 40

Security categorization of a new system takes place during which phase of the Systems Development Life Cycle (SDLC)?

2 / 40

Which concept might require users to use a second access token or to re-enter passwords to gain elevated access rights in the identity and access provisioning life cycle?

3 / 40

When conveying the results of a security assessment, which of the following is the PRIMARY audience?

4 / 40

What is the FIRST action a security professional needs to take while assessing an organization’s asset security in order to properly classify and protect access to data?

5 / 40

Which of the following is the FIRST thing to consider when reviewing Information Technology (IT) internal controls?

6 / 40

A security engineer is tasked with implementing a new identity solution. The client doesn’t want to install or
maintain the infrastructure. Which of the following would qualify as the BEST solution?

7 / 40

What Service Organization Controls (SOC) report can be freely distributed and used by customers to gain confidence in a service organization’s systems?

8 / 40

Which of the following benefits does Role Based Access Control (RBAC) provide for the access review process?

9 / 40

The process of “salting” a password is designed to increase the difficulty of cracking which of the following?

10 / 40

A group of organizations follows the same access standards and practices. One manages the verification and due diligence processes for the others. For a user to access a resource from one of the organizations, a check is made to see if that user has been certified. Which Federated Identity Management (FIM) process is this an example of?

11 / 40

A security team member was selected as a member of a Change Control Board (CCB) for an organization. Which of the following is one of their responsibilities?

12 / 40

A security practitioner has just been assigned to address an ongoing Denial of Service (DoS) attack against the company’s network, which includes an e-commerce web site. The strategy has to include defenses for any size of attack without rendering the company network unusable. Which of the following should be a PRIMARY concern when addressing this issue?

13 / 40

What is the MAIN reason for having a developer sign a Non-Disclosure Agreement (NDA)?

14 / 40

What is the MOST efficient way to verify the integrity of database backups?

15 / 40

When should the software Quality Assurance (QA) team feel confident that testing is complete?

16 / 40

What is the MAIN purpose for writing planned procedures in the design of Business Continuity Plans (BCP)?

17 / 40

Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?

18 / 40

An employee receives a promotion that entities them to access higher-level functions on the company’s accounting system, as well as keeping their access to the previous system that is no longer needed or applicable. What is the name of the process that tries to remove this excess privilege?

19 / 40

A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security Officer (CISO) says that the cloud provider has met all regulations requirements and even provides its own
encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation?

20 / 40

What is the best way for mutual authentication of devices belonging to the same organization?

21 / 40

Physical assets defined in an organization’s Business Impact Analysis (BIA) could include which of the following?

22 / 40

Which of the following Service Organization Control (SOC) report types should an organization request if they require a period of time report covering security and availability for a particular system?

23 / 40

Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?

24 / 40

Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates?

25 / 40

Which of the following would an internal technical security audit BEST validate?

26 / 40

Which of the following BEST describes how access to a system is granted to federated user accounts?

27 / 40

Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process?

28 / 40

A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process?

29 / 40

What principle requires that changes to the plaintext affect many parts of the ciphertext?

30 / 40

A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach?

31 / 40

An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application?

32 / 40

For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?

33 / 40

Which of the following needs to be taken into account when assessing vulnerability?

34 / 40

Which of the following is the PRIMARY mechanism used to limit the range of objects available to a given subject within different execution domains?

35 / 40

Which of the following open source software issues pose the MOST risk to an application?

36 / 40

Which of the following is the final phase of the identity and access provisioning lifecycle?

37 / 40

Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues?

38 / 40

Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?

39 / 40

A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3) to it. Which of the following is the MOST likely reason for doing so?

40 / 40

What is the MOST common component of a vulnerability management framework?

Leave a Reply

Your email address will not be published. Required fields are marked *