1 / 40

What Is a risk of using commercial off-the-shelf (COTS) products?

2 / 40

The Open Web Application Security Project’s (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a flexible software security strategy to measure organizational impact based on what risk management aspect?

3 / 40

What is the MOST significant benefit of role-based access control (RBAC)?

4 / 40

In a disaster recovery (DR) test, which of the following would be a trait of crisis management?

5 / 40

Which of the following is a correct feature of a virtual local area network (VLAN)?

6 / 40

An information technology (IT) employee who travels frequently to various ies remotely to an organization the following solutions BEST serves as a secure control mechanism to meet the organization’s requirements.
Which of the following solutions BEST serves as a secure control mechanisn to meet the organization’s requirements?

7 / 40

Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following attacks?

8 / 40

In a multi-tenant cloud environment, what approach will secure logical access to assets?

9 / 40

A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language (SAML). What is the PRIMARY security benefit in switching to SAML?

10 / 40

Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?

11 / 40

Which of the following describes the order in which a digital forensic process is usually conducted?

12 / 40

Which of the following is an indicator that a company’s new user security awareness training module has been effective?

13 / 40

A security practitioner needs to implementation solution to verify endpoint security protections and operating system (0S) versions. Which of the following is the BEST solution to implement?

14 / 40

What is the BEST control to be implemented at a login page in a web application to mitigate the ability to enumerate users?

15 / 40

Which of the following is the GREATEST risk of relying only on Capability Maturity Models (CMM) for software to guide process improvement and assess capabilities of acquired software?

16 / 40

Using the cipher text and resultant clear text message to derive the non-alphabetic cipher key is an example of which method of cryptanalytic attack?

17 / 40

When testing password strength, which of the following is the BEST method for brute forcing passwords?

18 / 40

In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below.
Which of the following would be a reasonable annual loss expectation?

19 / 40

What is the BEST way to restrict access to a file system on computing systems?

20 / 40

Which of the following is an open standard for exchanging authentication and authorization data between parties?

21 / 40

An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?

22 / 40

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?

23 / 40

Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

24 / 40

Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization’s approved policies before being allowed on the network?

25 / 40

Wireless users are reporting intermittent Internet connectivity. Connectivity is restored when the users disconnect and reconnect, utilizing the web authentication process each time.
The network administrator can see the devices connected to the APs at all times. Which of the following steps will MOST likely determine the cause of the issue?

26 / 40

he security organization is loading for a solution that could help them determine with a strong level of confident that attackers have breached their network. Which solution is MOST effective at discovering successful network breach?

27 / 40

An organization has implemented a password complexity and an account lockout policy enforcing five incorrect logins tries within ten minutes. Network users have reported significantly increased account lockouts. Which of the following security principles is this company affecting?

28 / 40

In the “Do” phase of the Plan-Do-Check-Act model, which of the following is performed?

29 / 40

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub- system gracefully handle invalid input?

30 / 40

To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk of an attack?

31 / 40

What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?

32 / 40

A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design principles are implemented in the new methodology?

33 / 40

What is the MAIN purpose of conducting a business impact analysis (BIA)?

34 / 40

What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?

35 / 40

Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network engineers have asked for assistance in identifying the root cause of the event. Which of the following is the MOST likely cause?

36 / 40

What is the P R IM A R Y reason criminal law is difficult to enforce when dealing with cyber-crime?

37 / 40

Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

38 / 40

Why is data classification control important to an organization?

39 / 40

What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high- performance data reads and writes?

40 / 40

Which of the following types of firewall only examines the “handshaking” between packets before forwarding traffic?

Leave a Reply

Your email address will not be published. Required fields are marked *