1 / 40

Why are mobile devices sometimes difficult to investigate in a forensic examination?

2 / 40

What is the FIRST action a security professional needs to take while assessing an organization's asset security in order to properly classify and protect access to data?

3 / 40

Which of the following is the FIRST thing to consider when reviewing Information Technology (IT) internal controls?

4 / 40

An organization discovers that its Secure File Transfer Protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general Information Technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?

5 / 40

What Service Organization Controls (SOC) report can be freely distributed and used by customers to gain confidence in a service organization's systems?

6 / 40

Which of the following benefits does Role Based Access Control (RBAC) provide for the access review process?

7 / 40

The process of "salting" a password is designed to increase the difficulty of cracking which of the following?

8 / 40

Which step of the Risk Management Framework (RMF) identifies the initial set of baseline security controls?

9 / 40

What is the MOST efficient way to verify the integrity of database backups?

10 / 40

Which of the following is the BEST reason to apply patches manually instead of automated patch management?

11 / 40

Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?

12 / 40

Compared with hardware cryptography, software cryptography is generally

13 / 40

What is the best way for mutual authentication of devices belonging to the same organization?

14 / 40

In order for application developers to detect potential vulnerabilities earlier during the Software Development Life Cycle (SDLC), which of the following safeguards should be implemented FIRST as part of a comprehensive testing framework?

15 / 40

Which of the following Service Organization Control (SOC) report types should an organization request if they require a period of time report covering security and availability for a particular system?

16 / 40

Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?

17 / 40

Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation?

18 / 40

What access control scheme uses fine-grained rules to specify the conditions under which access to each data item or applications is granted?

19 / 40

Change management policies and procedures belong to which of the following types of controls?

20 / 40

Which of the following processes is used to align security controls with business functions?

21 / 40

Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates?

22 / 40

Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?

23 / 40

Which of the following BEST describes how access to a system is granted to federated user accounts?

24 / 40

What principle requires that changes to the plaintext affect many parts of the ciphertext?

25 / 40

A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach?

26 / 40

Which of the following techniques BEST prevents buffer overflows?

27 / 40

An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?

28 / 40

For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?

29 / 40

Which of the following needs to be taken into account when assessing vulnerability?

30 / 40

What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

31 / 40

Which of the following is the PRIMARY mechanism used to limit the range of objects available to a given subject within different execution domains?

32 / 40

Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues?

33 / 40

Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?

34 / 40

Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?

35 / 40

What determines the level of security of a combination lock?

36 / 40

What is the MOST common component of a vulnerability management framework?

37 / 40

Which of the following is the MOST important activity an organization performs to ensure that security is part of the overall organization culture?

38 / 40

What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?

39 / 40

Which of the following is true of Service Organization Control (SOC) reports?

40 / 40

As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these accounts maintained their old permissions as well. The obsolete permissions identified by the audit have been remediated and accounts have only the appropriate permissions to complete their jobs.
Which of the following is the BEST way to prevent access privilege creep?

We will be happy to hear your thoughts

Leave a reply
Enable registration in settings - general
Compare items
  • Total (0)
Shopping cart