1 / 40

What is the purpose of code signing?

2 / 40

According to the Capability Maturity Model Integration (CMMI), which of the following levels is identified by a managed process that is tailored from the organization’s set of standard processes according to the organization’s tailoring guidelines?

3 / 40

In order to support the least privilege security principle when a resource is transferring within the organization from a production support system administration role to a developer role, what changes should be made to that resource’s access to the production Operating System (OS) directory structure?

4 / 40

Which of the following factors is a PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?

5 / 40

Which of the following is a PRIMARY challenge when running a penetration test?

6 / 40

The security team has been tasked with performing an interface test against a front-end external facing application and needs to verify that all input fields protect against invalid input. Which of the following BEST assists this process?

7 / 40

Which of the following phases involves researching a target’s configuration from public sources when performing a penetration test?

8 / 40

Which of the following explains why classifying data is an important step in performing a risk assessment?

9 / 40

In Identity Management (IdM), when is the verification stage performed?

10 / 40

An organization seeks to use a cloud Identity and Access Management (IAM) provider whose protocols and data formats are incompatible with existing systems. Which of the following techniques addresses the compatibility issue?

11 / 40

Which of the following is the FIRST step during digital identity provisioning?

12 / 40

Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available.
Which of the following MUST Organization A do to properly classify and secure the acquired data?

13 / 40

Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages?

14 / 40

Which of the following BEST describes botnets?

15 / 40

When developing the entitlement review process, which of the following roles is responsible for determining who has a need for the information?

16 / 40

Which of the following is the MOST secure protocol for remote command access to the firewall?

17 / 40

An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the FIRST action to be taken?

18 / 40

Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?

19 / 40

Which of the following is the PRIMARY issue when analyzing detailed log information?

20 / 40

Which of the following protocols will allow the encrypted transfer of content on the Internet?

21 / 40

Which of the following provides the GREATEST level of data security for a Virtual Private Network (VPN) connection?

22 / 40

Why would a security architect specify that a default route pointing to a sinkhole be injected into internal networks?

23 / 40

A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?

24 / 40

Which of the following will an organization’s network vulnerability testing process BEST enhance?

25 / 40

Which testing method requires very limited or no information about the network infrastructure?

26 / 40

Why should Open Web Application Security Project (OWASP) Application Security Verification Standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application?

27 / 40

Which of the following models uses unique groups contained in unique conflict classes?

28 / 40

What is the BEST approach for maintaining ethics when a security professional is unfamiliar with the culture of a country and is asked to perform a questionable task?

29 / 40

When are security requirements the LEAST expensive to implement?

30 / 40

Which of the following is the BEST way to mitigate circumvention of access controls?

31 / 40

Digital non-repudiation requires which of the following?

32 / 40

An organization has implemented a new backup process which protects confidential data by encrypting the information stored on backup tapes. Which of the following is a MAJOR data confidentiality concern after the implementation of this new backup process?

33 / 40

An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy?

34 / 40

Of the following, which BEST provides non-repudiation with regards to access to a server room?

35 / 40

Which of the following is a MAJOR concern when there is a need to preserve or retain information for future retrieval?

36 / 40

Assume that a computer was powered off when an information security professional arrived at a crime scene. Which of the following actions should be performed after the crime scene is isolated?

37 / 40

Which of the following is the MOST effective countermeasure against data remanence?

38 / 40

Which one of the following can be used to detect an anomaly in a system by keeping track of the state of files that do not normally change?

39 / 40

A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of which of the following?

40 / 40

What is the MAIN objective of risk analysis in Disaster Recovery (DR) planning?

Leave a Reply

Your email address will not be published. Required fields are marked *