1 / 40

Which of the following vulnerability assessment activities BEST exemplifies the Examine method of assessment?

2 / 40

The Open Web Application Security Project's (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a flexible software security strategy to measure organizational impact based on what risk management aspect?

3 / 40

A software architect has been asked to build a platform to distribute music to thousands of users on a global scale. The architect has been reading about content delivery networks (CDN). Which of the following is a principal task to undertake?

4 / 40

An organization's retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan.
Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?

5 / 40

What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline JavaScript and the execution of eval()-type functions?

6 / 40

A financial organization that works according to agile principles has developed a new application for their external customer base to request a line of credit. A security analyst has been asked to assess the security risk of the minimum viable product (MVP). Which is the MOST important activity the analyst should assess?

7 / 40

Which of the following is the BEST way to determine the success of a patch management process?

8 / 40

Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?

9 / 40

Which of the following Disaster recovery (DR) testing processes is LEAST likely to disrupt normal business operations?

10 / 40

A federal agency has hired an auditor to perform penetration testing on a critical system as part of the mandatory, annual Federal Information Security Management Act (FISMA) security assessments. The auditor is new to this system but has extensive experience with all types of penetration testing. The auditor has decided to begin with sniffing network traffic. What type of penetration testing is the auditor conducting?

11 / 40

While classifying credit card data related to Payment Card Industry Data Security Standards (PCI-DSS), which of the following is a PRIMARY security requirement?

12 / 40

An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?

13 / 40

Security Software Development Life Cycle (SDLC) expects application code to be written In a consistent manner to allow ease of auditing and which of the following?

14 / 40

A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon auditing the internal firewall configuration, the network administrator discovered that split-tunneling was enabled. What is the concern with this configuration?

15 / 40

Which of the following describes the order in which a digital forensic process is usually conducted?

16 / 40

Which of the following addresses requirements of security assessments during software acquisition?

17 / 40

A Chief Information Security Officer (CISO) of a firm which decided to migrate to cloud has been tasked with ensuring an optimal level of security. Which of the following would be the FIRST consideration?

18 / 40

Who should formulate conclusions from a particular digital fore Ball, Submit a Toper Of Tags, and the results?

19 / 40

The disaster recovery (DR) process should always include

20 / 40

As a design principle, which one of the following actors is responsible for identifying and approving data security requirements in a cloud ecosystem?

21 / 40

What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?

22 / 40

When developing an external facing web-based system, which of the following would be the MAIN focus of the security assessment prior to implementation and production?

23 / 40

Using the cipher text and resultant clear text message to derive the non-alphabetic cipher key is an example of which method of cryptanalytic attack?

24 / 40

Which of the following is included in change management?

25 / 40

In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below.
Which of the following would be a reasonable annual loss expectation?

26 / 40

Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Which of the following is the FIRST step in developing an ISCM strategy and implementing an ISCM program?

27 / 40

Which of the following is the MOST comprehensive Business Continuity (BC) test?

28 / 40

Which of the following are the B EST characteristics of security metrics?

29 / 40

An organization plans to acquire @ commercial off-the-shelf (COTS) system to replace their aging home- built reporting system. When should the organization's security team FIRST get involved in this acquisition's life cycle?

30 / 40

Two remote offices need to be connected securely over an untrustworthy MAN. Each office needs to access network shares at the other site. Which of the following will BEST provide this functionality?

31 / 40

Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization's approved policies before being allowed on the network?

32 / 40

Which of the following is established to collect information Se eee ee ee nation readily available in part through implemented security controls?

33 / 40

A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?

34 / 40

When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?

35 / 40

An organization wants to define its physical perimeter. What primary device should be used to accomplish this objective if the organization's perimeter MUST cost-efficiently deter casual trespassers?

36 / 40

To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk of an attack?

37 / 40

Which of the following is the strongest physical access control?

38 / 40

An attacker is able to remain indefinitely logged into a exploiting to remain on the web service?

39 / 40

A security practitioner has been asked to model best practices for disaster recovery (DR) and business continuity. The practitioner has decided that a formal committee is needed to establish a business continuity policy. Which of the following BEST describes this stage of business continuity development?

40 / 40

Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network engineers have asked for assistance in identifying the root cause of the event. Which of the following is the MOST likely cause?

We will be happy to hear your thoughts

Leave a reply
Enable registration in settings - general
Compare items
  • Total (0)
Shopping cart