1 / 40

What is the FINAL step in the waterfall method for contingency planning?

2 / 40

Which of the following is the BEST technique to facilitate secure software development?

3 / 40

The security team has been tasked with performing an interface test against a front-end external facing application and needs to verify that all input fields protect against invalid input. Which of the following BEST assists this process?

4 / 40

Which of the following will accomplish Multi-Factor Authentication (MFA)?

5 / 40

Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

6 / 40

An organization seeks to use a cloud Identity and Access Management (IAM) provider whose protocols and data formats are incompatible with existing systems. Which of the following techniques addresses the compatibility issue?

7 / 40

Physical Access Control Systems (PACS) allow authorized security personnel to manage and monitor access control for subjects through which function?

8 / 40

Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available.
Which of the following MUST Organization A do to properly classify and secure the acquired data?

9 / 40

A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used?

10 / 40

Which of the following BEST describes botnets?

11 / 40

When developing the entitlement review process, which of the following roles is responsible for determining who has a need for the information?

12 / 40

The Secure Shell (SSH) version 2 protocol supports

13 / 40

Why are packet filtering routers used in low-risk environments?

14 / 40

Which of the following is an advantage of Secure Shell (SSH)?

15 / 40

Which of the following techniques is effective to detect taps in fiber optic cables?

16 / 40

A project requires the use of an authentication mechanism where playback must be protected and plaintext secret must be used. Which of the following should be used?

17 / 40

An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the FIRST action to be taken?

18 / 40

What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle?

19 / 40

Which of the following is the PRIMARY issue when analyzing detailed log information?

20 / 40

Which of the following protocols will allow the encrypted transfer of content on the Internet?

21 / 40

Which of the following provides the GREATEST level of data security for a Virtual Private Network (VPN) connection?

22 / 40

Why would a security architect specify that a default route pointing to a sinkhole be injected into internal networks?

23 / 40

A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?

24 / 40

Which of the following provides the MOST secure method for Network Access Control (NAC)?

25 / 40

Which of the following will an organization’s network vulnerability testing process BEST enhance?

26 / 40

Why should Open Web Application Security Project (OWASP) Application Security Verification Standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application?

27 / 40

Which of the following is a canon of the (ISC)2 Code of Ethics?

28 / 40

Which of the following is a security weakness in the evaluation of Common Criteria (CC) products?

29 / 40

Which of the following access control models is MOST restrictive?

30 / 40

In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option is an example of RBAC?

31 / 40

What does the result of Cost-Benefit Analysis (CBA) on new security initiatives provide?

32 / 40

Which one of the following documentation should be included in a Disaster Recovery (DR) package?

33 / 40

Digital non-repudiation requires which of the following?

34 / 40

How should the retention period for an organization’s social media content be defined?

35 / 40

Which of the following is a MAJOR concern when there is a need to preserve or retain information for future retrieval?

36 / 40

The application owner of a system that handles confidential data leaves an organization. It is anticipated that a replacement will be hired in approximately six months. During that time, which of the following should the organization do?

37 / 40

Which of the following is the MOST effective countermeasure against data remanence?

38 / 40

Which one of the following can be used to detect an anomaly in a system by keeping track of the state of files that do not normally change?

39 / 40

When defining a set of security controls to mitigate a risk, which of the following actions MUST occur?

40 / 40

How does security in a distributed file system using mutual authentication differ from file security in a multi- user host?

Leave a Reply

Your email address will not be published. Required fields are marked *