The Chief Information Security Officer (CISO) is concerned about business application availability. The organization was recently subject to a ransomware attack that resulted in the unavailability of applications and services for 10 working days that required paper-based running of all main business processes. There are now aggressive plans to enhance the Recovery Time Objective (RTO) and cater for more frequent data captures. Which of the following solutions should be implemented to fully comply to the new business requirements?

Which of the following needs to be tested to achieve a Cat 6a certification for a company’s data cabling?

A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?

Upon commencement of an audit within an organization, which of the following actions is MOST important for the auditor(s) to take?

What is the MOST significant benefit of role-based access control (RBAC)?

What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline JavaScript and the execution of eval()-type functions?

Which of the following is a unique feature of attribute-based access control (ABAC)?

Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?

A colleague who recently left the organization asked a security professional for a copy of the organization’s confidential incident management policy. Which of the following is the BEST response to this request?

In systems security engineering, what does the security principle of modularity provide?

When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?

In a multi-tenant cloud environment, what approach will secure logical access to assets?

A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language (SAML). What is the PRIMARY security benefit in switching to SAML?

A corporation does not have a formal data destruction policy. During which phase of a criminal legal proceeding will this have the MOST impact?

A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon auditing the internal firewall configuration, the network administrator discovered that split-tunneling was enabled. What is the concern with this configuration?

Which of the following minimizes damage to information technology (IT) equipment stored in a data center when a false fire alarm event occurs?

Which of the following regulations dictates how data breaches are handled?

Which of the following implementations will achieve high availability in a website?

What type of investigation applies when malicious behavior is suspected between two organizations?

As a design principle, which one of the following actors is responsible for identifying and approving data security requirements in a cloud ecosystem?

Which of the following is security control volatility?

What is the term used to define where data is geographically stored in the cloud?

Which of the following is MOST important to follow when developing information security controls for an organization?

An organization is setting a security assessment scope with the goal of developing a Security Management Program (SMP). The next step is to select an approach for conducting the risk assessment. Which of the following approaches is MOST effective for the SMP?

In which of the following system life cycle processes should security requirements be developed?

Which of the following is the MOST comprehensive Business Continuity (BC) test?

The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?

Which of the following is fundamentally required to address potential security issues when initiating software development?

A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not affiliated with the organization was inquiring about the member’s work location, length of employment, and building access controls. The employee’s reporting is MOST likely the result of which of the following?

In the “Do” phase of the Plan-Do-Check-Act model, which of the following is performed?

A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design principles are implemented in the new methodology?

An organization needs a general purpose document to prove that its internal controls properly address security, availability, processing integrity, confidentiality or privacy risks. Which of the following reports is required?

An attacker is able to remain indefinitely logged into a exploiting to remain on the web service?

Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?

Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network engineers have asked for assistance in identifying the root cause of the event. Which of the following is the MOST likely cause?

What is the P R IM A R Y reason criminal law is difficult to enforce when dealing with cyber-crime?

What would be the BEST action to take in a situation where collected evidence was left unattended overnight in an unlocked vehicle?

Which of the following is the BEST way to protect against Structured Query language (SQL) injection?

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?

What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle?