1 / 40

Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?

2 / 40

Which of the following is a risk matrix?

3 / 40

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP)
based attacks?

4 / 40

To comply with industry requirements, a security assessment on the cloud server should identify which protocols and weaknesses are being exposed to attackers on the Internet.
Which of the following tools is the MOST appropriate to complete the assessment?

5 / 40

What should be used to determine the risks associated with using Software as a Service (SaaS) for collaboration and email?

6 / 40

How should the retention period for an organization’s social media content be defined?

7 / 40

At which phase of the software assurance life cycle should risks associated with software acquisition strategies be identified?

8 / 40

In an IDEAL encryption system, who has sole access to the decryption key?

9 / 40

The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the team taken into consideration?

10 / 40

Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?

11 / 40

Which of the following protects personally identifiable information (PII) used by financial services organizations?

12 / 40

An organization with divisions in the United States (US) and the United Kingdom (UK) processes data comprised of personal information belonging to subjects living in the European Union (EU) and in the US. Which data MUST be handled according to the privacy protections of General Data Protection Regulation (GDPR)?

13 / 40

Which of the following is the MOST secure protocol for zremote command access to the firewall?

14 / 40

An organization wants to migrate to Session Initiation Protocol (SIP) to save on telephony expenses. Which of the following security related statements should be considered in the decision-making process?

15 / 40

Which of the following is the MOST effective corrective control to minimize the effects of a physical intrusion?

16 / 40

Which of the following BEST describes centralized identity management?

17 / 40

In order to provide dual assurance in a digital signature system, the design MUST include which of the following?

18 / 40

In which of the following scenarios is locking server cabinets and limiting access to keys preferable to locking the server room to prevent unauthorized access?

19 / 40

An organization wants to share data securely with their partners via the Internet. Which standard port is typically used to meet this requirement?

20 / 40

A company wants to implement two-factor authentication (2FA) to protect their computers from unauthorized users. Which solution provides the MOST secure means of authentication and meets the criteria they have set?

21 / 40

Which of the following types of devices can provide content filtering and threat protection, and manage multiple IPSec site-to-site connections?

22 / 40

Which of the following statements BEST describes least privilege principle in a cloud environment?

23 / 40

Which of the following is the MOST important first step in preparing for a security audit?

24 / 40

The adoption of an enterprise-wide Business Continuity (BC) program requires which of the following?

25 / 40

Which of the following encryption technologies has the ability to function as a stream cipher?

26 / 40

Which of the following BEST ensures the integrity of transactions to intended recipients?

27 / 40

Which of the following is the BEST option to reduce the network attack surface of a system?

28 / 40

What is the MOST common security risk of a mobile device?

29 / 40

Which of the following is the MOST important consideration in selecting a security testing method based on different Radio-Frequency Identification (RFID) vulnerability types?

30 / 40

A manager identified two conflicting sensitive user functions that were assigned to a single user account that had the potential to result in financial and regulatory risk to the company. The manager MOST likely discovered this during which of the following?

31 / 40

Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) confidentiality category?

32 / 40

To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control?

33 / 40

A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user’s laptop. Which security mechanism addresses this requirement?

34 / 40

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this TAM action?

35 / 40

Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when traveling to high-risk countries?

36 / 40

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

37 / 40

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?

38 / 40

Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?

39 / 40

Which of the following is the PRIMARY goal of logical access controls?

40 / 40

What documentation is produced FIRST when performing an effective physical loss control process?

Leave a Reply

Your email address will not be published. Required fields are marked *