Quiz Summary
0 of 355 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 355 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- Current
- Review / Skip
- Answered
- Correct
- Incorrect
-
Question 1 of 355
1. Question
Which of the following best describes the relationship between COBIT and ITIL?
CorrectIncorrect -
Question 2 of 355
2. Question
What is the associated single loss expectancy value in this scenario?
CorrectIncorrect -
Question 3 of 355
3. Question
Which of the following means that a company did all it could have reasonably done to prevent a security breach?
CorrectIncorrect -
Question 4 of 355
4. Question
Health Tracking Apps, Inc. (HTA) is a U.S.-based corporation that develops and sells apps that its customers can use to track various aspects of their own health, from their daily exercise regimes to various medical test results and comparative statistics over time. These apps utilize cloud-based storage so that customers can access their data from multiple platforms, including smart mobile devices and desktop systems. Customers can also easily share the data the apps generate with their personal trainers and healthcare providers if they choose, on a subscription basis.
HTA’s products are available in several languages, including English, French, Spanish, German, and Italian. All of HTA’s software is developed by a dedicated staff within the United States, though HTA occasionally hires interns from the local university to assist with language translations for its various user interfaces.
The following entity relationship diagram illustrates HTA’s business model dependencies:HTA stores its customers’ private data in a third-party cloud. What is the primary means through which HTA can ensure that its cloud service provider maintains compliance with any regulations—including the GDPR, if necessary—that HTA is subject to?
CorrectIncorrect -
Question 5 of 355
5. Question
Joan needs to document a data classification scheme for her organization. Which criteria should she use to guide her decisions?
CorrectIncorrect -
Question 6 of 355
6. Question
When implementing data leak prevention (DLP), which is the first, most critical step?
CorrectIncorrect -
Question 7 of 355
7. Question
There are many different types of access control mechanisms that are commonly embedded into all operating systems. Which of the following is the mechanism that is missing in this graphic?
CorrectIncorrect -
Question 8 of 355
8. Question
Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. Of CPTED’s three main components, what is illustrated in the following photo?
CorrectIncorrect -
Question 9 of 355
9. Question
If implemented properly, a one-time pad is a perfect encryption scheme. Which of the following incorrectly describes a requirement for implementation?
CorrectIncorrect -
Question 10 of 355
10. Question
Jack has been told that successful attacks have been taking place and data that has been encrypted by his company’s software systems has leaked to the company’s competitors. Through Jack’s investigation he has discovered that the lack of randomness in the seeding values used by the encryption algorithms in the company’s software exposed patterns and allowed for successful reverse engineering.
Which of the following is most likely the item that is the root of the problem when it comes to the necessary randomness explained in the scenario?
CorrectIncorrect -
Question 11 of 355
11. Question
Since sending spam (unwanted messages) has increased over the years and e-mail has become a common way of sending out malicious links and malware, the industry has developed different ways to combat these issues. One approach is to use a Sender Policy Framework, which is an e-mail validation system. In the following graphic, what type of system receives the request in step 2 and replies in step 3 ?
CorrectIncorrect -
Question 12 of 355
12. Question
There are several different types of authentication technologies. Which type is being shown in the graphic that follows?
CorrectIncorrect -
Question 13 of 355
13. Question
Which of the following correctly describes the relationship between SSL and TLS?
CorrectIncorrect -
Question 14 of 355
14. Question
Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between systems on different security domains. SAML allows for the sharing of authentication information, such as how authentication took place, entity attributes, and what the entity is authorized to access. SAML is most commonly used in web-based environments that require single sign-on (SSO) capability. Which of the following has a correct definition associated with the corresponding SAML component?
CorrectIncorrect -
Question 15 of 355
15. Question
A number of attacks can be performed against smart cards. Side-channel is a class of attacks that doesn’t try to compromise a flaw or weakness. Which of the following is NOT a side-channel attack?
CorrectIncorrect -
Question 16 of 355
16. Question
In practical use, which of the following best describes a “session”?
CorrectIncorrect -
Question 17 of 355
17. Question
John and his team are conducting a penetration test of a client’s network. The team will conduct its testing armed only with knowledge it acquired from the Web. The network staff is aware that the testing will take place, but the penetration testing team will only work with publicly available data and some information from the client. What is the degree of the team’s knowledge, and what type of test is the team carrying out?
CorrectIncorrect -
Question 18 of 355
18. Question
Which of the following is not a common component of configuration management change control steps?
CorrectIncorrect -
Question 19 of 355
19. Question
______ provides for availability and scalability. It groups physically different systems and combines them logically, which helps to provide immunity to faults and improves performance.
CorrectIncorrect -
Question 20 of 355
20. Question
What type of infrastructural setup is illustrated in the graphic that follows?
CorrectIncorrect -
Question 21 of 355
21. Question
Which of the following correctly best describes an object-oriented database?
CorrectIncorrect -
Question 22 of 355
22. Question
There are several types of attacks that programmers need to be aware of. What attack does the graphic that follows illustrate?
CorrectIncorrect -
Question 23 of 355
23. Question
Which of the following best describes “change control?”
CorrectIncorrect -
Question 24 of 355
24. Question
Global organizations that transfer data across international boundaries must abide by guidelines and transborder information flow rules developed by an international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy. What organization is this?
CorrectIncorrect -
Question 25 of 355
25. Question
The NIST organization has defined best practices for creating continuity plans. Which of the following phases deals with identifying and prioritizing critical functions and systems?
CorrectIncorrect -
Question 26 of 355
26. Question
Which of the following is a U.S. copyright law that criminalizes the production and dissemination of technology, devices, or services that circumvent access control measures put into place to protect copyright material?
CorrectIncorrect -
Question 27 of 355
27. Question
Health Tracking Apps, Inc. (HTA) is a U.S.-based corporation that develops and sells apps that its customers can use to track various aspects of their own health, from their daily exercise regimes to various medical test results and comparative statistics over time. These apps utilize cloud-based storage so that customers can access their data from multiple platforms, including smart mobile devices and desktop systems. Customers can also easily share the data the apps generate with their personal trainers and healthcare providers if they choose, on a subscription basis.
HTA’s products are available in several languages, including English, French, Spanish, German, and Italian. All of HTA’s software is developed by a dedicated staff within the United States, though HTA occasionally hires interns from the local university to assist with language translations for its various user interfaces.
The following entity relationship diagram illustrates HTA’s business model dependencies:Many of HTA’s employees have either direct or indirect access to its customers’ private data. HTA has to ensure that newly hired employees are aware of all security policies and procedures that apply to them, have only the necessary access through the accounts created for them, and have signed an agreement not to disclose the data inappropriately. Which of the following terms describes this process?
CorrectIncorrect -
Question 28 of 355
28. Question
Which of the following means of data removal makes the data unrecoverable even with extraordinary effort, such as with physical forensics in a laboratory?
CorrectIncorrect -
Question 29 of 355
29. Question
Lacy’s manager has tasked her with researching an intrusion detection system for a new dispatching center. Lacy identifies the top five products and compares their ratings. Which of the following is the evaluation criteria framework most in use today for these types of purposes?
CorrectIncorrect -
Question 30 of 355
30. Question
There are several security enforcement components that are commonly built into operating systems. Which component is illustrated in the graphic that follows?
CorrectIncorrect -
Question 31 of 355
31. Question
There are five different classes of fire. Each depends upon what is on fire. Which of the following is the proper mapping for the items missing in the provided table?
CorrectIncorrect -
Question 32 of 355
32. Question
Sally is responsible for key management within her organization. Which of the following incorrectly describes a principle of secure key management?
CorrectIncorrect -
Question 33 of 355
33. Question
Jack has been told that successful attacks have been taking place and data that has been encrypted by his company’s software systems has leaked to the company’s competitors. Through Jack’s investigation he has discovered that the lack of randomness in the seeding values used by the encryption algorithms in the company’s software exposed patterns and allowed for successful reverse engineering.
Which of the following best describes the role of the values that is allowing for patterns as described in the scenario?
CorrectIncorrect -
Question 34 of 355
34. Question
Which of the following indicates to a packet where to go and how to communicate with the right service or protocol on the destination computer?
CorrectIncorrect -
Question 35 of 355
35. Question
What type of security encryption component is missing from the table that follows?
CorrectIncorrect -
Question 36 of 355
36. Question
End-to-end encryption is used by users, and link encryption is used by service providers. Which of the following correctly describes these technologies?
CorrectIncorrect -
Question 37 of 355
37. Question
Brian has been asked to work on the virtual directory of his company’s new identity management system. Which of the following best describes a virtual directory?
CorrectIncorrect -
Question 38 of 355
38. Question
Emily is listening to network traffic and capturing passwords as they are sent to the authentication server. She plans to use the passwords as part of a future attack. What type of attack is this?
CorrectIncorrect -
Question 39 of 355
39. Question
The use of “resource servers” and “authorization servers” to enable a “client” web service (such as LinkedIn) to access a “resource owner” (such as Google) for federated authorization is a hallmark of what open standard?
CorrectIncorrect -
Question 40 of 355
40. Question
Fred is a new security officer who wants to implement a control for detecting and preventing users who attempt to exceed their authority by misusing the access rights that have been assigned to them. Which of the following best fits this need?
CorrectIncorrect -
Question 41 of 355
41. Question
A change management process should include a number of procedures. Which of the following incorrectly describes a characteristic or component of a change control policy?
CorrectIncorrect -
Question 42 of 355
42. Question
Bob is a new security administrator at a financial institution. The organization has experienced some suspicious activity on one of the critical servers that contain customer data. When reviewing how the systems are administered, he uncovers some concerning issues pertaining to remote administration. Which of the following should not be put into place to reduce these concerns?
i. Commands and data should not be sent in cleartext.
ii. SSH should be used, not Telnet.
iii. Truly critical systems should be administered locally instead of remotely.
iv. Only a small number of administrators should be able to carry out remote functionality.
v. Strong authentication should be in place for any administration activities.
CorrectIncorrect -
Question 43 of 355
43. Question
There are several types of redundant technologies that can be put into place. What type of technology is shown in the graphic that follows?
CorrectIncorrect -
Question 44 of 355
44. Question
Fred has been told he needs to test a component of the new content management application under development to validate its data structure, logic, and boundary conditions. What type of testing should he carry out?
CorrectIncorrect -
Question 45 of 355
45. Question
Databases and applications commonly carry out the function that is illustrated in the graphic that follows. Which of the following best describes the concept that this graphic is showing?
CorrectIncorrect -
Question 46 of 355
46. Question
What are the three major elements crucial to the security of software development environments?
CorrectIncorrect -
Question 47 of 355
47. Question
Steve, a department manager, has been asked to join a committee that is responsible for defining an acceptable level of risk for the organization, reviewing risk assessment and audit reports, and approving significant changes to security policies and programs. What committee is he joining?
CorrectIncorrect -
Question 48 of 355
48. Question
As his company’s business continuity coordinator, Matthew is responsible for helping recruit members to the business continuity planning (BCP) committee. Which of the following does not correctly describe this effort?
CorrectIncorrect -
Question 49 of 355
49. Question
What role does the Internet Architecture Board play regarding technology and ethics?
CorrectIncorrect -
Question 50 of 355
50. Question
Health Tracking Apps, Inc. (HTA) is a U.S.-based corporation that develops and sells apps that its customers can use to track various aspects of their own health, from their daily exercise regimes to various medical test results and comparative statistics over time. These apps utilize cloud-based storage so that customers can access their data from multiple platforms, including smart mobile devices and desktop systems. Customers can also easily share the data the apps generate with their personal trainers and healthcare providers if they choose, on a subscription basis.
HTA’s products are available in several languages, including English, French, Spanish, German, and Italian. All of HTA’s software is developed by a dedicated staff within the United States, though HTA occasionally hires interns from the local university to assist with language translations for its various user interfaces.
The following entity relationship diagram illustrates HTA’s business model dependencies:HTA has an awareness program designed to educate all employees about security-relevant issues that apply to them, based on their role. IT staff members are specifically instructed that it is important to be aware of new vulnerabilities as they are discovered, not only in the OSs that are used by HTA, but also in the applications and frameworks the developers use to build their software. The awareness program also stresses the importance of rapid mitigation by IT staff. As stated in question 48, HTA’s customer data has been breached via a vulnerability in its API, a vulnerability discovered to be a result of a recently announced security flaw in the underlying Java framework that HTA uses for the development of its apps. Which of the following most likely contributed to the breach with respect to the security awareness program?
CorrectIncorrect -
Question 51 of 355
51. Question
When classifying information, its sensitivity refers to:
CorrectIncorrect -
Question 52 of 355
52. Question
Certain types of attacks have been made more potent by which of the following advances to microprocessor technology?
CorrectIncorrect -
Question 53 of 355
53. Question
A multitasking operating system can have several processes running at the same time. What are the components within the processes that are shown in the graphic that follows?
CorrectIncorrect -
Question 54 of 355
54. Question
Electrical power is being provided more through smart grids, which allow for self- healing, resistance to physical and cyberattacks, increased efficiency, and better integration of renewable energy sources. Countries want their grids to be more reliable, resilient, flexible, and efficient. Why does this type of evolution in power infrastructure concern many security professionals?
CorrectIncorrect -
Question 55 of 355
55. Question
Mandy needs to calculate how many keys must be generated for the 260 employees using the company’s PKI asymmetric algorithm. How many keys are required?
CorrectIncorrect -
Question 56 of 355
56. Question
Sometimes when studying for an industry certification exam like the CISSP, people do not fully appreciate that the concepts and technologies that they need to learn to pass the test directly relate to real-world security issues. To enforce how exam-oriented theoretical concepts directly relate to the practical world of security, choose the correct answer that best describes the Heartbleed SSL/TLS vulnerability, which is considered to be one of the most critical attack vectors in the history of the Internet.
CorrectIncorrect -
Question 57 of 355
57. Question
Several different tunneling protocols can be used in dial-up situations. Which of the following would be best to use as a VPN tunneling solution?
CorrectIncorrect -
Question 58 of 355
58. Question
What type of technology is represented in the graphic that follows?
CorrectIncorrect -
Question 59 of 355
59. Question
What do the SA values in the graphic of IPSec that follows represent?
CorrectIncorrect -
Question 60 of 355
60. Question
Which of the following accurately describes Identity as a Service (IDaaS)?
CorrectIncorrect -
Question 61 of 355
61. Question
Which of the following is the best way to reduce brute-force attacks that allow intruders to uncover users’ passwords?
CorrectIncorrect -
Question 62 of 355
62. Question
Which of the following is NOT true of OpenID Connect (OIDC)?
CorrectIncorrect -
Question 63 of 355
63. Question
What is the difference between a test and an assessment?
CorrectIncorrect -
Question 64 of 355
64. Question
Device backup and other availability solutions are chosen to balance the value of having information available against the cost of keeping that information available. Which of the following best describes fault-tolerant technologies?
CorrectIncorrect -
Question 65 of 355
65. Question
A suspected crime has been reported within your organization. Which of the following steps should the incident response team take first?
CorrectIncorrect -
Question 66 of 355
66. Question
Here is a graphic of a business continuity policy. Which component is missing from this graphic?
CorrectIncorrect -
Question 67 of 355
67. Question
Which of the following is the best description of a component-based system development method?
CorrectIncorrect -
Question 68 of 355
68. Question
There are several different types of databases. Which type does the graphic that follows illustrate?
CorrectIncorrect -
Question 69 of 355
69. Question
Which of the following are key elements of secure coding practices?
CorrectIncorrect -
Question 70 of 355
70. Question
Which of the following is not included in a risk assessment?
CorrectIncorrect -
Question 71 of 355
71. Question
A business impact analysis is considered a functional analysis. Which of the following is not carried out during a business impact analysis?
CorrectIncorrect -
Question 72 of 355
72. Question
As a CISSP candidate, you must sign a Code of Ethics. Which of the following is from the (ISC)² Code of Ethics for the CISSP?
CorrectIncorrect -
Question 73 of 355
73. Question
As head of sales, Jim is the data owner for the sales department. Which of the following is not Jim’s responsibility as data owner?
CorrectIncorrect -
Question 74 of 355
74. Question
When classifying information, its criticality refers to:
CorrectIncorrect -
Question 75 of 355
75. Question
CPUs and operating systems can work in two main types of multitasking modes. What controls access and the use of system resources in preemptive multitasking mode?
CorrectIncorrect -
Question 76 of 355
76. Question
Charlie is a new security manager at a textile company that develops its own proprietary software for internal business processes. Charlie has been told that the new application his team needs to develop must comply with the ISO/IEC 42010 standard. He has found out that many of the critical applications have been developed in the C programming language and has asked for these applications to be reviewed for a specific class of security vulnerabilities.
Which of the following best describes the standard Charlie’s team needs to comply with?
CorrectIncorrect -
Question 77 of 355
77. Question
Mike is the new CSO of a large pharmaceutical company. He has been asked to revamp the company’s physical security program and better align it with the company’s information security practices. Mike knows that the new physical security program should be made up of controls and processes that support the following categories: deterrent, delaying, detection, assessment, and response.
Mike’s team has decided to implement new perimeter fences and warning signs against trespassing around the company’s facility. Which of the categories listed in the scenario do these countermeasures map to?
CorrectIncorrect -
Question 78 of 355
78. Question
Which of the following works similarly to stream ciphers?
CorrectIncorrect -
Question 79 of 355
79. Question
What type of exploited vulnerability allows more input than the program has allocated space to store it?
CorrectIncorrect -
Question 80 of 355
80. Question
Which of the following correctly describes Bluejacking?
CorrectIncorrect -
Question 81 of 355
81. Question
What type of telecommunication technology is illustrated in the graphic that follows?
CorrectIncorrect -
Question 82 of 355
82. Question
What is the process depicted in the illustration below referred to as?
CorrectIncorrect -
Question 83 of 355
83. Question
Which of the following correctly describes a federated identity and its role within identity management processes?
CorrectIncorrect -
Question 84 of 355
84. Question
Phishing and pharming are similar. Which of the following correctly describes the difference between phishing and pharming?
CorrectIncorrect -
Question 85 of 355
85. Question
Which of the following attributes are added beyond traditional access control mechanisms (RBAC, MAC, and DAC) in order to implement ABAC?
CorrectIncorrect -
Question 86 of 355
86. Question
Which of the following statements is most true with regard to internal security audits versus external, second-party audits?
CorrectIncorrect -
Question 87 of 355
87. Question
Which of the following refers to the expected amount of time it will take to get a device fixed and back into production after its failure?
CorrectIncorrect -
Question 88 of 355
88. Question
Which of the following is a correct statement regarding digital forensics?
CorrectIncorrect -
Question 89 of 355
89. Question
The recovery time objective (RTO) and maximum tolerable downtime (MTD) metrics have similar roles, but their values are very different. Which of the following best describes the difference between RTO and MTD metrics?
CorrectIncorrect -
Question 90 of 355
90. Question
There are many types of viruses that hackers can use to damage systems. Which of the following is not a correct description of a polymorphic virus?
CorrectIncorrect -
Question 91 of 355
91. Question
Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Open Web Application Security Project (OWASP), and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero-day vulnerability.
Which of the following is most likely the standard Trent’s company wants to comply with?
CorrectIncorrect -
Question 92 of 355
92. Question
The integrity of data is not related to which of the following?
CorrectIncorrect -
Question 93 of 355
93. Question
Which of the following steps comes first in a business impact analysis?
CorrectIncorrect -
Question 94 of 355
94. Question
Which of the following was the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation?
CorrectIncorrect -
Question 95 of 355
95. Question
Assigning data classification levels can help with all of the following except:
CorrectIncorrect -
Question 96 of 355
96. Question
Which of the following classification levels are most commonly used in commercial industry?
CorrectIncorrect -
Question 97 of 355
97. Question
Virtual storage combines RAM and secondary storage for system memory. Which of the following is a security concern pertaining to virtual storage?
CorrectIncorrect -
Question 98 of 355
98. Question
Charlie is a new security manager at a textile company that develops its own proprietary software for internal business processes. Charlie has been told that the new application his team needs to develop must comply with the ISO/IEC 42010 standard. He has found out that many of the critical applications have been developed in the C programming language and has asked for these applications to be reviewed for a specific class of security vulnerabilities.
Which of the following is Charlie most likely concerned with in this situation?
CorrectIncorrect -
Question 99 of 355
99. Question
Mike is the new CSO of a large pharmaceutical company. He has been asked to revamp the company’s physical security program and better align it with the company’s information security practices. Mike knows that the new physical security program should be made up of controls and processes that support the following categories: deterrent, delaying, detection, assessment, and response.
Mike’s team has decided to implement stronger locks on the exterior doors of the new company’s facility. Which of the categories listed in the scenario does this countermeasure map to?
CorrectIncorrect -
Question 100 of 355
100. Question
There are two main types of symmetric ciphers: stream and block. Which of the following is not an attribute of a good stream cipher?
CorrectIncorrect -
Question 101 of 355
101. Question
There are common cloud computing service models. usually requires companies to deploy their own operating systems, applications, and software onto the provided infrastructure. is the software environment that runs on top of the infrastructure. In the model the provider commonly gives the customers network-based access to a single copy of an application.
CorrectIncorrect -
Question 102 of 355
102. Question
DNS is a popular target for attackers due to its strategic role on the Internet. What type of attack uses recursive queries to poison the cache of a DNS server?
CorrectIncorrect -
Question 103 of 355
103. Question
Which type of WAN tunneling protocol is missing from the right table in the graphic that follows?
CorrectIncorrect -
Question 104 of 355
104. Question
Which of the following is a purpose of the transport layer?
CorrectIncorrect -
Question 105 of 355
105. Question
Security countermeasures should be transparent to users and attackers. Which of the following does NOT describe transparency?
CorrectIncorrect -
Question 106 of 355
106. Question
There are several types of intrusion detection systems (IDSs). What type of IDS builds a profile of an environment’s normal activities and assigns an anomaly score to packets based on the profile?
CorrectIncorrect -
Question 107 of 355
107. Question
How is interface testing different from misuse case testing?
CorrectIncorrect -
Question 108 of 355
108. Question
Which of the following is the most critical best practice when conducting an internal security audit?
CorrectIncorrect -
Question 109 of 355
109. Question
Which of the following correctly describes direct access and sequential access storage devices?
CorrectIncorrect -
Question 110 of 355
110. Question
Which of the following dictates that all evidence be labeled with information indicating who secured and validated it?
CorrectIncorrect -
Question 111 of 355
111. Question
High availability (HA) is a combination of technologies and processes that work together to ensure that specific critical functions are always up and running at the necessary level. To provide this level of high availability, a company has to have a long list of technologies and processes that provide redundancy, fault tolerance, and failover capabilities. Which of the following best describes these characteristics?
CorrectIncorrect -
Question 112 of 355
112. Question
Which of the following best describes the role of the Java Virtual Machine in the execution of Java applets?
CorrectIncorrect -
Question 113 of 355
113. Question
Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Open Web Application Security Project (OWASP), and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero-day vulnerability.
Which of the following best describes the consortium Trent’s boss wants him to join?
CorrectIncorrect -
Question 114 of 355
114. Question
As his company’s CISO, George needs to demonstrate to the board of directors the necessity of a strong risk management program. Which of the following should George use to calculate the company’s residual risk?
CorrectIncorrect -
Question 115 of 355
115. Question
It is not unusual for business continuity plans to become out of date. Which of the following is not a reason why plans become outdated?
CorrectIncorrect -
Question 116 of 355
116. Question
Lee is a new security manager who is in charge of ensuring that his company complies with the European Union Principles on Privacy when his company is interacting with their European partners. The set of principles that deals with transmitting data considered private is encompassed within which of the following laws or regulations?
CorrectIncorrect -
Question 117 of 355
117. Question
Susan, an attorney, has been hired to fill a new position at Widgets, Inc.: chief privacy officer (CPO). What is the primary function of her new role?
CorrectIncorrect -
Question 118 of 355
118. Question
Which of the following classification levels are most commonly used in military environments?
CorrectIncorrect -
Question 119 of 355
119. Question
Which of the following is a common association of the Clark-Wilson access model?
CorrectIncorrect -
Question 120 of 355
120. Question
Tim’s development team is designing a new operating system. One of the requirements of the new product is that critical memory segments need to be categorized as nonexecutable, with the goal of reducing malicious code from being able to execute instructions in privileged mode. The team also wants to make sure that attackers will have a difficult time predicting execution target addresses.
Which of the following best describes the type of protection that needs to be provided by this product?
CorrectIncorrect -
Question 121 of 355
121. Question
Mike is the new CSO of a large pharmaceutical company. He has been asked to revamp the company’s physical security program and better align it with the company’s information security practices. Mike knows that the new physical security program should be made up of controls and processes that support the following categories: deterrent, delaying, detection, assessment, and response.
Mike’s team has decided to hire and deploy security guards to monitor activities within the company’s facility. Which of the categories listed in the scenario does this countermeasure map to?
CorrectIncorrect -
Question 122 of 355
122. Question
Which of the following best describes how a digital signature is created?
CorrectIncorrect -
Question 123 of 355
123. Question
A company has decided that it no longer wants to maintain its own servers and network environment because of increasing costs and liabilities. The company wants to move to a cloud-based solution, but needs to determine which type of solution best fits its needs. Which of the following provides a correct definition and mapping of a typical cloud-based solution?
CorrectIncorrect -
Question 124 of 355
124. Question
IP telephony networks require the same security measures as those implemented on an IP data network. Which of the following is unique to IP telephony?
CorrectIncorrect -
Question 125 of 355
125. Question
IPv6 has many new and different characteristics and functionality compared to IPv4. Which of the following is an incorrect functionality or characteristic of IPv6?
i.IPv6 allows for nonscoped addresses, which enables an administrator to restrict specific addresses for specific servers or file and print sharing, for example.
ii.IPv6 has IPSec integrated into the protocol stack, which provides application-based secure transmission and authentication.
iii.IPv6 has more flexibility and routing capabilities compared to IPv4 and allows for Quality of Service (QoS) priority values to be assigned to time-sensitive transmissions.
iv.The protocol offers autoconfiguration, which makes administration much easier
compared to IPv4, and it does not require network address translation (NAT) to extend its address space.CorrectIncorrect -
Question 126 of 355
126. Question
Which of the following statements is NOT true about the IPv4 address 192.168.10.129\25?
CorrectIncorrect -
Question 127 of 355
127. Question
What markup language allows for the sharing of application security policies to ensure that all applications are following the same security rules?
CorrectIncorrect -
Question 128 of 355
128. Question
A rule-based IDS takes a different approach than a signature-based or anomaly- based system. Which of the following is characteristic of a rule-based IDS?
CorrectIncorrect -
Question 129 of 355
129. Question
What are the key stages of account management?
CorrectIncorrect -
Question 130 of 355
130. Question
With respect to external audits, what is the difference between a second-party audit and a third-party audit?
CorrectIncorrect -
Question 131 of 355
131. Question
Various levels of RAID dictate the type of activity that will take place within the RAID system. Which level is associated with byte-level parity?
CorrectIncorrect -
Question 132 of 355
132. Question
Which of the following is not true of a forensic investigation?
CorrectIncorrect -
Question 133 of 355
133. Question
Jeff is leading the business continuity group in his company. They have completed a business impact analysis and have determined that if the company’s credit card processing functionality was unavailable for 48 hours the company would most likely experience such a large financial hit that it would have to go out of business. The team has calculated that this functionality needs to be up and running within 28 hours after experiencing a disaster for the company to stay in business. The team has also determined that the restoration steps must be able to restore data that is 60 minutes old or less.
In this scenario, which of the following is the work recovery time value?
CorrectIncorrect -
Question 134 of 355
134. Question
What type of database software integrity service guarantees that tuples are uniquely identified by primary key values?
CorrectIncorrect -
Question 135 of 355
135. Question
Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Open Web Application Security Project (OWASP), and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero-day vulnerability.
Which of the following best describes the type of vulnerability mentioned in this scenario?
CorrectIncorrect -
Question 136 of 355
136. Question
Capability Maturity Model Integration (CMMI) came from the software engineering world and is used within organizations to help lay out a pathway of how incremental improvement can take place. This model is used by organizations in self-assessment and to develop structured steps that can be followed so an organization can evolve from one level to the next and constantly improve its processes. In the CMMI model graphic shown, what is the proper sequence of the levels?
CorrectIncorrect -
Question 137 of 355
137. Question
Preplanned business continuity procedures provide organizations a number of benefits. Which of the following is not a capability enabled by business continuity planning?
CorrectIncorrect -
Question 138 of 355
138. Question
Brandy could not figure out how Sam gained unauthorized access to her system, since he has little computer experience. Which of the following is most likely the attack Sam used?
CorrectIncorrect -
Question 139 of 355
139. Question
Jared plays a role in his company’s data classification system. In this role, he must practice due care when accessing data and ensure that the data is used only in accordance with allowed policy while abiding by the rules set for the classification of the data. He does not determine, maintain, or evaluate controls, so what is Jared’s role?
CorrectIncorrect -
Question 140 of 355
140. Question
Which of the following is true regarding data retention requirements?
CorrectIncorrect -
Question 141 of 355
141. Question
Which of the following correctly describes the relationship between the reference monitor and the security kernel?
CorrectIncorrect -
Question 142 of 355
142. Question
Tim’s development team is designing a new operating system. One of the requirements of the new product is that critical memory segments need to be categorized as nonexecutable, with the goal of reducing malicious code from being able to execute instructions in privileged mode. The team also wants to make sure that attackers will have a difficult time predicting execution target addresses.
Which of the following best describes the type of technology the team should implement to increase the work effort of buffer overflow attacks?
CorrectIncorrect -
Question 143 of 355
143. Question
Greg is the security facility officer of a financial institution. His boss has told him that visitors need a secondary screening before they are allowed into sensitive areas within the building. Greg has also been told by the network administrators that after the new HVAC system was installed throughout the facility, they have noticed that power voltage to the systems in the data center sags.
Which of the following is the best control that Greg should ensure is implemented to deal with his boss’s concern?
CorrectIncorrect -
Question 144 of 355
144. Question
In cryptography, different steps and algorithms provide different types of security services. Which of the following provides only authentication, non repudiation, and integrity?
CorrectIncorrect -
Question 145 of 355
145. Question
Sally is carrying out a software analysis on her company’s proprietary application. She has found out that it is possible for an attacker to force an authorization step to take place before the authentication step is completed successfully. What type of issue would allow for this type of compromise to take place?
CorrectIncorrect -
Question 146 of 355
146. Question
Angela wants to group together computers by department to make it easier for them to share network resources. Which of the following will best allow her to group computers logically?
CorrectIncorrect -
Question 147 of 355
147. Question
Hanna is a new security manager for a computer consulting company. She has found out that the company has lost intellectual property in the past because malicious employees installed rogue devices on the network, which were used to capture sensitive traffic. Hanna needs to implement a solution that ensures only authorized devices are allowed access to the company network. Which of the following IEEE standards was developed for this type of protection?
CorrectIncorrect -
Question 148 of 355
148. Question
Which of the following statements describes a “converged” protocol?
CorrectIncorrect -
Question 149 of 355
149. Question
The importance of protecting audit logs generated by computers and network devices is highlighted by the fact that it is required by many of today’s regulations. Which of the following does NOT explain why audit logs should be protected?
CorrectIncorrect -
Question 150 of 355
150. Question
Tom works at a large retail company that recently deployed radio-frequency identification (RFID) to better manage its inventory processes. Employees use scanners to gather product-related information instead of manually looking up product data. Tom has found out that malicious customers have carried out attacks on the RFID technology to reduce the amount they pay on store items. Which of the following is the most likely reason for the existence of this type of vulnerability?
CorrectIncorrect -
Question 151 of 355
151. Question
What is a code review?
CorrectIncorrect -
Question 152 of 355
152. Question
Which of the following statements is true of audits conducted by external parties?
CorrectIncorrect -
Question 153 of 355
153. Question
RAID systems use a number of techniques to provide redundancy and performance. Which of the following activities divides and writes data over several drives?
CorrectIncorrect -
Question 154 of 355
154. Question
Stephanie has been put in charge of developing incident response and forensics procedures her company needs to carry out if an incident occurs. She needs to ensure that their procedures map to the international principles for gathering and protecting digital evidence. She also needs to ensure that if and when internal forensics teams are deployed, they have labels, tags, evidence bags, cable ties, imaging software, and other associated tools. Which of the following best describes what Stephanie needs to build for the deployment teams?
CorrectIncorrect -
Question 155 of 355
155. Question
Jeff is leading the business continuity group in his company. They have completed a business impact analysis and have determined that if the company’s credit card processing functionality was unavailable for 48 hours the company would most likely experience such a large financial hit that it would have to go out of business. The team has calculated that this functionality needs to be up and running within 28 hours after experiencing a disaster for the company to stay in business. The team has also determined that the restoration steps must be able to restore data that is 60 minutes old or less.
In this scenario, what would the 60-minute time period be referred to as?
CorrectIncorrect -
Question 156 of 355
156. Question
In computer programming, cohesion and coupling are used to describe modules of code. Which of the following is a favorable combination of cohesion and coupling?
CorrectIncorrect -
Question 157 of 355
157. Question
__________ provides a machine-readable description of the specific operations provided by a specific web service. ____________ provides a method for web services to be registered by service providers and located by service consumers.
CorrectIncorrect -
Question 158 of 355
158. Question
Risk assessment has several different methodologies. Which of the following official risk methodologies was not created for the purpose of analyzing security risks?
CorrectIncorrect -
Question 159 of 355
159. Question
Management support is critical to the success of a business continuity plan. Which of the following is the most important to be provided to management to obtain their support?
CorrectIncorrect -
Question 160 of 355
160. Question
Jane has been charged with ensuring that the privacy of clients’ personal health information is adequately protected before it is exchanged with a new European partner. What data security requirements must she adhere to?
CorrectIncorrect -
Question 161 of 355
161. Question
Michael is charged with developing a data classification program for his company. Which of the following should he do first?
CorrectIncorrect -
Question 162 of 355
162. Question
Why is the issue of data remanence sometimes problematic?
CorrectIncorrect -
Question 163 of 355
163. Question
The trusted computing base (TCB) ensures security within a system when a process in one domain must access another domain in order to retrieve sensitive information. What function does the TCB initiate to ensure that this is done in a secure manner?
CorrectIncorrect -
Question 164 of 355
164. Question
Operating systems have evolved and changed over the years. The earlier operating systems were monolithic and did not segregate critical processes from noncritical processes. As time went on, operating system vendors started to reduce the amount of programming code that ran in kernel mode. Only the absolutely necessary code ran in kernel mode, and the remaining operating system code ran in user mode. This architecture introduced performance issues, which required the operating system vendors to reduce the critical operating system functionality to microkernels and allow the remaining operating system functionality to run in client/server models within kernel mode.
Which of the following best describes the second operating system architecture described in the scenario?
CorrectIncorrect -
Question 165 of 355
165. Question
Greg is the security facility officer of a financial institution. His boss has told him that visitors need a secondary screening before they are allowed into sensitive areas within the building. Greg has also been told by the network administrators that after the new HVAC system was installed throughout the facility, they have noticed that power voltage to the systems in the data center sags.
Which of the following best describes the situation that the network administrators are experiencing?
CorrectIncorrect -
Question 166 of 355
166. Question
Advanced Encryption Standard is an algorithm used for which of the following?
CorrectIncorrect -
Question 167 of 355
167. Question
Which of the following is true about information flow models?
CorrectIncorrect -
Question 168 of 355
168. Question
Which of the following incorrectly describes how routing commonly takes place on the Internet?
CorrectIncorrect -
Question 169 of 355
169. Question
________ is a set of extensions to DNS that provides to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types.
CorrectIncorrect -
Question 170 of 355
170. Question
Ethernet uses a shared medium for all stations on a LAN to communicate, and uses a carrier sense multiple access with collision detection (CSMA/CD) approach to managing communications between stations. Which of the following statements about this protocol best explains how it works?
CorrectIncorrect -
Question 171 of 355
171. Question
Of the following, what is the primary item that a capability table is based upon?
CorrectIncorrect -
Question 172 of 355
172. Question
Tanya is the security administrator for a large distributed retail company. The company’s network has many different network devices and software appliances that generate logs and audit data. Tanya and her staff have become overwhelmed with trying to review all of the log files when attempting to identify if anything suspicious is taking place within the network. Which of the following is the best solution for this company to implement?
CorrectIncorrect -
Question 173 of 355
173. Question
Which of the following statements is true with respect to security audits, vulnerability assessments, and penetration tests?
CorrectIncorrect -
Question 174 of 355
174. Question
Which of the following is an advantage of having an audit performed by an external, third party?
CorrectIncorrect -
Question 175 of 355
175. Question
What is the difference between hierarchical storage management and storage area network technologies?
CorrectIncorrect -
Question 176 of 355
176. Question
When developing a recovery and continuity program within an organization, different metrics can be used to properly measure potential damages and recovery requirements. These metrics help us quantify our risks and the benefits of controls we can put into place. Two metrics commonly used in the development of recovery programs are recovery point objective (RPO) and recovery time objective (RTO). Data restoration (RPO) requirements can be different from service restoration (RTO) requirements. Which of the following best defines these two main recovery measurements in this type of scenario?
CorrectIncorrect -
Question 177 of 355
177. Question
For evidence to be legally admissible, it must be relevant, complete, sufficient, and reliably obtained. Which characteristic refers to the evidence having a reasonable and sensible relationship to the findings?
CorrectIncorrect -
Question 178 of 355
178. Question
Which of the following statements does not correctly describe SOAP and Remote Procedure Calls?
CorrectIncorrect -
Question 179 of 355
179. Question
Sally has found out that software programmers in her company are making changes to software components and uploading them to the main software repository without following version control or documenting their changes. This is causing a lot of confusion and has caused several teams to use the older versions. Which of the following would be the best solution for this situation?
CorrectIncorrect -
Question 180 of 355
180. Question
Which of the following is not a characteristic of a company with a security governance program in place?
CorrectIncorrect -
Question 181 of 355
181. Question
Which of the following is a critical first step in disaster recovery and contingency planning?
CorrectIncorrect -
Question 182 of 355
182. Question
Sue has been tasked with implementing a number of security controls, including antivirus and antispam software, to protect the company’s e-mail system. What type of approach is her company taking to handle the risk posed by the system?
CorrectIncorrect -
Question 183 of 355
183. Question
Which of the following is NOT a factor in determining the sensitivity of data?
CorrectIncorrect -
Question 184 of 355
184. Question
For which of the following physical media is degaussing a relatively cheap and effective means of eradicating data?
CorrectIncorrect -
Question 185 of 355
185. Question
Which of the following best defines a virtual machine?
CorrectIncorrect -
Question 186 of 355
186. Question
Operating systems have evolved and changed over the years. The earlier operating systems were monolithic and did not segregate critical processes from noncritical processes. As time went on, operating system vendors started to reduce the amount of programming code that ran in kernel mode. Only the absolutely necessary code ran in kernel mode, and the remaining operating system code ran in user mode. This architecture introduced performance issues, which required the operating system vendors to reduce the critical operating system functionality to microkernels and allow the remaining operating system functionality to run in client/server models within kernel mode.
Which of the following best describes why there was a performance issue in the context of the scenario?
CorrectIncorrect -
Question 187 of 355
187. Question
Greg is the security facility officer of a financial institution. His boss has told him that visitors need a secondary screening before they are allowed into sensitive areas within the building. Greg has also been told by the network administrators that after the new HVAC system was installed throughout the facility, they have noticed that power voltage to the systems in the data center sags.
Which of the following is a control that Greg’s team could implement to address the network administrators’ issue?
CorrectIncorrect -
Question 188 of 355
188. Question
SSL is a protocol used for securing transactions that occur over untrusted networks. Which of the following best describes what takes place during a SSL connection setup process?
CorrectIncorrect -
Question 189 of 355
189. Question
Which of the following is true with respect to distributed systems?
CorrectIncorrect -
Question 190 of 355
190. Question
Both de facto and proprietary interior protocols are in use today. Which of the following is a proprietary interior protocol that chooses the best path between the source and destination?
CorrectIncorrect -
Question 191 of 355
191. Question
Which of the following best describes the difference between a virtual firewall that works in bridge mode versus one that is embedded into a hypervisor?
CorrectIncorrect -
Question 192 of 355
192. Question
Within the realm of network components, what are “endpoints” and why do they pose such difficult security challenges?
CorrectIncorrect -
Question 193 of 355
193. Question
Which markup language allows a company to send service requests and the receiving company to provision access to these services?
CorrectIncorrect -
Question 194 of 355
194. Question
The Logistics Agency of a country’s department of defense is responsible for ensuring that all necessary materials get to the proper locations to support the department’s day- to-day activities. The data that this agency maintains must be protected according to the three main security principles of security controls. For this agency’s responsibilities, which security principle has the highest priority?
CorrectIncorrect -
Question 195 of 355
195. Question
Which of the following is the most important reason to log events remotely?
CorrectIncorrect -
Question 196 of 355
196. Question
Which of the following is NOT an important practice when facilitating a third-party audit?
CorrectIncorrect -
Question 197 of 355
197. Question
There are often scenarios where the IT staff must react to emergencies and quickly apply fixes or change configurations. When dealing with such emergencies, which of the following is the best approach to making changes?
CorrectIncorrect -
Question 198 of 355
198. Question
An approach to alternate offsite facilities is to establish a reciprocal agreement. Which of the following describes the pros and cons of a reciprocal agreement?
CorrectIncorrect -
Question 199 of 355
199. Question
Alex works for a chemical distributor that assigns employees tasks that separate their duties and routinely rotates job assignments. Which of the following best describes the differences between these countermeasures?
CorrectIncorrect -
Question 200 of 355
200. Question
Which of the following is a correct description of the pros and cons associated with third-generation programming languages?
CorrectIncorrect -
Question 201 of 355
201. Question
The approach of employing an integrated product team (IPT) for software development is designed to achieve which of the following objectives?
CorrectIncorrect -
Question 202 of 355
202. Question
There are four ways of dealing with risk. In the graphic that follows, which method is missing and what is the purpose of this method?
CorrectIncorrect -
Question 203 of 355
203. Question
Which of the following is not a reason to develop and implement a disaster recovery plan?
CorrectIncorrect -
Question 204 of 355
204. Question
A number of factors should be considered when assigning values to assets. Which of the following is not used to determine the value of an asset?
CorrectIncorrect -
Question 205 of 355
205. Question
What is the chief security responsibility of a data owner?
CorrectIncorrect -
Question 206 of 355
206. Question
Which of the following approaches is the most effective way for an organization to reduce its liability regarding the protection of private data?
CorrectIncorrect -
Question 207 of 355
207. Question
Virtualization offers many benefits. Which of the following incorrectly describes virtualization?
CorrectIncorrect -
Question 208 of 355
208. Question
Operating systems have evolved and changed over the years. The earlier operating systems were monolithic and did not segregate critical processes from noncritical processes. As time went on, operating system vendors started to reduce the amount of programming code that ran in kernel mode. Only the absolutely necessary code ran in kernel mode, and the remaining operating system code ran in user mode. This architecture introduced performance issues, which required the operating system vendors to reduce the critical operating system functionality to microkernels and allow the remaining operating system functionality to run in client/server models within kernel mode.
Which of the following best describes the last architecture described in this scenario?
CorrectIncorrect -
Question 209 of 355
209. Question
There are several components involved with steganography. Which of the following refers to a file that has hidden information in it?
CorrectIncorrect -
Question 210 of 355
210. Question
The CA is responsible for revoking certificates when necessary. Which of the following correctly describes a CRL and OCSP?
CorrectIncorrect -
Question 211 of 355
211. Question
What is the difference between generating a message authentication code (MAC) and generating a hash MAC (HMAC)?
CorrectIncorrect -
Question 212 of 355
212. Question
When a system needs to send data to an end user, that data may have to travel over different networking protocols to get to the destination. The different protocol types depend upon how far geographically the data needs to travel, the types of intermediate devices involved, and how this data needs to be protected during transmission. In the following graphic, which two WAN protocols are missing, and what is the best reasoning for their functionality in the transmission scenario being illustrated?
CorrectIncorrect -
Question 213 of 355
213. Question
Which of the following does software-defined networking (SDN) technology specify?
CorrectIncorrect -
Question 214 of 355
214. Question
Which of the following describes the best use of Network Access Control (NAC)?
CorrectIncorrect -
Question 215 of 355
215. Question
There are several different types of centralized access control protocols. Which of the following is illustrated in the graphic that follows?
CorrectIncorrect -
Question 216 of 355
216. Question
Claudia is the CISO for a global financial institution, overseeing the security of hundreds of millions of bank accounts. Which of the three main security principles should she consider most important when prioritizing the controls her enterprise should deploy?
CorrectIncorrect -
Question 217 of 355
217. Question
How can a backup strategy be made most effective?
CorrectIncorrect -
Question 218 of 355
218. Question
Why is “test coverage” an important consideration during an audit?
CorrectIncorrect -
Question 219 of 355
219. Question
Countries around the world are focusing on cyber warfare and how it can affect their utility and power grid infrastructures. Securing water, power, oil, gas, transportation, and manufacturing systems is an increasing priority for governments. These critical infrastructures are made up of different types of industrial control systems (ICS) that provide this type of functionality. Which of the following answers is not considered a common ICS?
CorrectIncorrect -
Question 220 of 355
220. Question
The operations team is responsible for defining which data gets backed up and how often. Which type of backup process backs up files that have been modified since the last time all data was backed up?
CorrectIncorrect -
Question 221 of 355
221. Question
Maria has been tasked with reviewing and ultimately augmenting her organization’s physical security. Of the following controls and approaches, which should be her highest priority to ensure are properly implemented?
CorrectIncorrect -
Question 222 of 355
222. Question
It can be very challenging for programmers to know what types of security should be built into the software that they create. The amount of vulnerabilities, threats, and risks involved with software development can seem endless. Which of the following describes the best first step for developers to take to identify the security controls that should be coded into a software project?
CorrectIncorrect -
Question 223 of 355
223. Question
Which are the best reasons why a code versioning system (CVS) is an important part of a development infrastructure?
i. It can ensure that code modifications are made according to corporate policies.
ii. It will document who made which changes to ensure accountability.
iii. It will reduce the cost of the development infrastructure.
iv. It can provide control over unauthorized access to proprietary code.
CorrectIncorrect -
Question 224 of 355
224. Question
The following graphic contains a commonly used risk management scorecard. Identify the proper quadrant and its description.
CorrectIncorrect -
Question 225 of 355
225. Question
With what phase of a business continuity plan does a company proceed when it is ready to move back into its original site or a new site?
CorrectIncorrect -
Question 226 of 355
226. Question
The Zachman Architecture Framework is often used to set up an enterprise security architecture. Which of the following does not correctly describe the Zachman Framework?
CorrectIncorrect -
Question 227 of 355
227. Question
Which is the most valuable technique when determining if a specific security control should be implemented?
CorrectIncorrect -
Question 228 of 355
228. Question
When protecting information assets, which of the following security controls is most effective for data in motion?
CorrectIncorrect -
Question 229 of 355
229. Question
Which security architecture model defines how to securely develop access rights between subjects and objects?
CorrectIncorrect -
Question 230 of 355
230. Question
As with logical access controls, audit logs should be produced and monitored for physical access controls. Which of the following statements is correct about auditing physical access?
CorrectIncorrect -
Question 231 of 355
231. Question
Which of the following incorrectly describes steganography?
CorrectIncorrect -
Question 232 of 355
232. Question
There are several different types of technologies within cryptography that provide confidentiality. What is represented in the graphic that follows?
CorrectIncorrect -
Question 233 of 355
233. Question
Why is it important to understand the life cycle of cryptography and your cryptographic needs?
CorrectIncorrect -
Question 234 of 355
234. Question
Which of the following does NOT describe IP telephony security?
CorrectIncorrect -
Question 235 of 355
235. Question
Determining the geographic location of a client IP address in order to route it toward the most proximal topological source of web content is an example of what technology?
CorrectIncorrect -
Question 236 of 355
236. Question
What is the greatest weakness, and hence concern, with virtualized networks?
CorrectIncorrect -
Question 237 of 355
237. Question
An access control matrix is used in many operating systems and applications to control access between subjects and objects. What is the column in this type of matrix referred to as?
CorrectIncorrect -
Question 238 of 355
238. Question
Which of the following is an example of a credential management system, also known as an identity management (IdM) system?
CorrectIncorrect -
Question 239 of 355
239. Question
What is a synthetic transaction?
CorrectIncorrect -
Question 240 of 355
240. Question
Which of the following statements is true with respect to vulnerability tests versus penetration tests?
CorrectIncorrect -
Question 241 of 355
241. Question
John is responsible for providing a weekly report to his manager outlining the week’s security incidents and mitigation steps. What steps should he take if a report has no information?
CorrectIncorrect -
Question 242 of 355
242. Question
After a disaster occurs, a damage assessment needs to take place. Which of the following steps occurs last in a damage assessment?
CorrectIncorrect -
Question 243 of 355
243. Question
Which of the following statements is true with respect to preventing and/or detecting security disasters?
CorrectIncorrect -
Question 244 of 355
244. Question
Mary is creating malicious code that will steal a user’s cookies by modifying the original client-side Java script. What type of cross-site scripting vulnerability is she exploiting?
CorrectIncorrect -
Question 245 of 355
245. Question
What is generally the safest, most secure way to acquire software?
CorrectIncorrect -
Question 246 of 355
246. Question
What are the three types of policies that are missing from the following graphic?
CorrectIncorrect -
Question 247 of 355
247. Question
What is the missing second step in the graphic that follows?
CorrectIncorrect -
Question 248 of 355
248. Question
John has been told to report to the board of directors with a vendor-neutral enterprise architecture framework that will help the company reduce fragmentation that results from the misalignment of IT and business processes. Which of the following frameworks should he suggest?
CorrectIncorrect -
Question 249 of 355
249. Question
Which of the following is the LEAST important stage in the life-cycle management of information?
CorrectIncorrect -
Question 250 of 355
250. Question
When protecting information assets, which of the following security controls is most effective for data at rest?
CorrectIncorrect -
Question 251 of 355
251. Question
Operating systems can be programmed to carry out different methods for process isolation. Which of the following refers to a method in which an interface defines how communication can take place between two processes and no process can interact with the other’s internal programming code?
CorrectIncorrect -
Question 252 of 355
252. Question
An outline for a physical security design should include program categories and the necessary countermeasures for each. What category do locks and access controls belong to?
CorrectIncorrect -
Question 253 of 355
253. Question
Which of the following correctly describes a drawback of symmetric key systems?
CorrectIncorrect -
Question 254 of 355
254. Question
There are several different types of important architectures within public key infrastructures. Which architecture does the graphic that follows represent?
CorrectIncorrect -
Question 255 of 355
255. Question
Which of the following are services that cryptosystems can provide?
CorrectIncorrect -
Question 256 of 355
256. Question
When an organization splits naming zones, the names of its hosts that are accessible only from an intranet are hidden from the Internet. Which of the following best describes why this is done?
CorrectIncorrect -
Question 257 of 355
257. Question
Which of the following protocols or set of protocols is used in Voice over IP (VoIP) for caller identification?
CorrectIncorrect -
Question 258 of 355
258. Question
Which of the following does NOT correctly describe a directory service?
CorrectIncorrect -
Question 259 of 355
259. Question
What technology within identity management is illustrated in the graphic that follows?
CorrectIncorrect -
Question 260 of 355
260. Question
Which of the following attributes is used to biometrically authenticate a user’s identity?
CorrectIncorrect -
Question 261 of 355
261. Question
Why are security metrics so important as performance and/or risk indicators?
CorrectIncorrect -
Question 262 of 355
262. Question
Which of the following types of tests involves discursive explorations of existing response procedures, based on a likely adverse scenario, designed to determine if desired outcomes will result?
CorrectIncorrect -
Question 263 of 355
263. Question
Brian, a security administrator, is responding to a virus infection. The antivirus application reports that a file has been infected with a dangerous virus and disinfecting it could damage the file. What course of action should Brian take?
CorrectIncorrect -
Question 264 of 355
264. Question
Of the following plans, which establishes senior management and a headquarters after a disaster?
CorrectIncorrect -
Question 265 of 355
265. Question
Miranda has been directed to investigate a possible violation of her organization’s acceptable use policy (AUP) by a coworker suspected of running cryptocurrency mining software on his desktop system. Which of the following is NOT a very likely scenario that could arise during her investigation?
CorrectIncorrect -
Question 266 of 355
266. Question
Of the following steps that describe the development of a botnet, which best describes the step that comes first?
CorrectIncorrect -
Question 267 of 355
267. Question
John is a network administrator and has been told by one of his network staff members that two servers on the network have recently had suspicious traffic traveling to them and then from them in a sporadic manner. The traffic has been mainly ICMP, but the patterns were unusual compared to traffic on other servers over the last 30 days. John lists the directories and subdirectories on the systems and finds nothing unusual. He inspects the running processes and again finds nothing suspicious. He sees that the systems’ NICs are not in promiscuous mode, so he is assured that sniffers have not been planted.
Which of the following describes the most likely situation as described in this scenario?
CorrectIncorrect -
Question 268 of 355
268. Question
List in the proper order from the table shown the learning objectives that are missing and their proper definitions.
CorrectIncorrect -
Question 269 of 355
269. Question
Different threats need to be evaluated and ranked based upon their severity of business risk when developing a BCP. Which ranking approach is illustrated in the graphic that follows?
CorrectIncorrect -
Question 270 of 355
270. Question
The Information Technology Infrastructure Library (ITIL) consists of five sets of instructional books. Which of the following is considered the core set and focuses on the overall planning of the intended IT services?
CorrectIncorrect -
Question 271 of 355
271. Question
Which of the following are effective methods of preventing data remanence on solid-state devices (SSDs)?
i. Clearing
ii. Purging
iii. Degaussing
iv. DestructionCorrectIncorrect -
Question 272 of 355
272. Question
Which of the following is the LEAST effective security control regarding sensitive data stored on mobile devices?
CorrectIncorrect -
Question 273 of 355
273. Question
Which of the following is not a responsibility of the memory manager?
CorrectIncorrect -
Question 274 of 355
274. Question
What discipline combines the physical environment and the sociology issues that surround it to reduce crime rates and the fear of crime?
CorrectIncorrect -
Question 275 of 355
275. Question
Which of the following occurs in a PKI environment?
CorrectIncorrect -
Question 276 of 355
276. Question
There are different ways of providing integrity and authentication within cryptography. What type of technology is shown in the graphic that follows?
CorrectIncorrect -
Question 277 of 355
277. Question
Which of the following statements is true with respect to the physical security of distribution and storage facilities?
CorrectIncorrect -
Question 278 of 355
278. Question
Which of the following best describes why e-mail spoofing is easily executed?
CorrectIncorrect -
Question 279 of 355
279. Question
Encryption can happen at different layers of an operating system and network stack. Where does PPTP encryption take place?
CorrectIncorrect -
Question 280 of 355
280. Question
Hannah has been assigned the task of installing web access management (WAM) software. What is the best description for what WAM is commonly used for?
CorrectIncorrect -
Question 281 of 355
281. Question
There are different ways that specific technologies can create one-time passwords for authentication purposes. What type of technology is illustrated in the graphic that follows?
CorrectIncorrect -
Question 282 of 355
282. Question
Within biometric authentication, what is a Type II error rate?
CorrectIncorrect -
Question 283 of 355
283. Question
When providing a security report to management, which of the following is the most important component?
CorrectIncorrect -
Question 284 of 355
284. Question
Camellia has just concluded a security audit of some critical services within her environment and the state of the controls deployed to protect them. She has the results of a battery of technical tests and must now organize them into a written report to her chain of management. In analyzing these results, what must her immediate goal be?
CorrectIncorrect -
Question 285 of 355
285. Question
Guidelines should be followed to allow secure remote administration. Which of the following is not one of those guidelines?
CorrectIncorrect -
Question 286 of 355
286. Question
Gizmos and Gadgets has restored its original facility after a disaster. What should be moved in first?
CorrectIncorrect -
Question 287 of 355
287. Question
A new software development company has been launched to create mobile device apps for different customers. The company has talented software programmers employed, but has not been able to implement standardized development processes that can be improved upon over time. Which of the following would be the best approach for this company to take in order to improve its software development processes?
CorrectIncorrect -
Question 288 of 355
288. Question
Which of the following antimalware detection methods is the most recent to the industry and monitors suspicious code as it executes within the operating system?
CorrectIncorrect -
Question 289 of 355
289. Question
John is a network administrator and has been told by one of his network staff members that two servers on the network have recently had suspicious traffic traveling to them and then from them in a sporadic manner. The traffic has been mainly ICMP, but the patterns were unusual compared to traffic on other servers over the last 30 days. John lists the directories and subdirectories on the systems and finds nothing unusual. He inspects the running processes and again finds nothing suspicious. He sees that the systems’ NICs are not in promiscuous mode, so he is assured that sniffers have not been planted.
Which of the following best explains why John does not see anything suspicious on the reported systems?
CorrectIncorrect -
Question 290 of 355
290. Question
What type of risk analysis approach does the following graphic provide?
CorrectIncorrect -
Question 291 of 355
291. Question
Sean has been hired as business continuity coordinator. He has been told by management that he needs to ensure that the company is in compliance with the ISO/IEC standard that pertains to technology readiness for business continuity. He has also been instructed to find a way to transfer the risk of being unable to carry out critical business functions for a period of time because of a disaster. Which of the following is most likely the standard that Sean has been asked to comply with?
CorrectIncorrect -
Question 292 of 355
292. Question
Sarah and her security team have carried out many vulnerability tests over the years to locate the weaknesses and vulnerabilities within the systems on the network. The CISO has asked her to oversee the development of a threat model for the network. Which of the following best describes what this model is and what it would be used for?
CorrectIncorrect -
Question 293 of 355
293. Question
The requirement of erasure is the end of the media life cycle if the media contains sensitive information. Which of the following best describes purging?
CorrectIncorrect -
Question 294 of 355
294. Question
In the modern era, are paper records still a significant concern in the protection of enterprise data assets? If so, why? If not, why not?
CorrectIncorrect -
Question 295 of 355
295. Question
Frank is responsible for the security of his company’s online applications, web servers, and web-based activities. The web applications have the capability of being dynamically “locked” so that multiple users cannot edit a web page at the same time and overwrite each other’s work. An audit uncovered that although this software-locking capability was properly configured, multiple users were still able to modify the same web page at the same time. Which of the following best describes what is taking place in this situation?
CorrectIncorrect -
Question 296 of 355
296. Question
David is preparing a server room at a new branch office. What locking mechanisms should he use for the primary and secondary server room entry doors?
CorrectIncorrect -
Question 297 of 355
297. Question
Which of the following correctly describes the difference between public key cryptography and public key infrastructure?
CorrectIncorrect -
Question 298 of 355
298. Question
A widely used family of symmetric algorithms is called block ciphers. When these types of algorithms are being used, a message that needs to be encrypted is segmented into individual blocks and each block is encrypted. These algorithms work in different modes, and each mode has a specific use case. Which mode is being represented in the graphic and what is its most common use case?
CorrectIncorrect -
Question 299 of 355
299. Question
Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer?
CorrectIncorrect -
Question 300 of 355
300. Question
Which of the following is not a benefit of VoIP?
CorrectIncorrect -
Question 301 of 355
301. Question
Which of the following INCORRECTLY describes IP spoofing and session hijacking?
CorrectIncorrect -
Question 302 of 355
302. Question
There are several types of password management approaches used by identity management systems. Which of the following reduces help-desk call volume, but is also criticized for the ease with which a hacker could gain access to multiple resources if a password is compromised?
CorrectIncorrect -
Question 303 of 355
303. Question
Which of the following best describes how SAML, SOAP, and HTTP commonly work together in an environment that provides web services?
CorrectIncorrect -
Question 304 of 355
304. Question
Which of the following criteria is the most important consideration for the selection and deployment of a biometric authentication system?
CorrectIncorrect -
Question 305 of 355
305. Question
What is the difference between security training and a security awareness program, and which is most important?
CorrectIncorrect -
Question 306 of 355
306. Question
As a security analyst writing a technical report about the findings of a technical security assessment, what should your primary goal be?
CorrectIncorrect -
Question 307 of 355
307. Question
In a redundant array of inexpensive disks (RAID) system, data and parity information are striped over several different disks. What is parity information?
CorrectIncorrect -
Question 308 of 355
308. Question
Several teams should be involved in carrying out the business continuity plan. Which team is responsible for starting the recovery of the original site?
CorrectIncorrect -
Question 309 of 355
309. Question
Database software should meet the requirements of what is known as the ACID test. Why should database software carry out atomic transactions, which is one requirement of the ACID test, when OLTP is used?
CorrectIncorrect -
Question 310 of 355
310. Question
Which of the following describes object-oriented programming deferred commitment?
CorrectIncorrect -
Question 311 of 355
311. Question
Cross-site scripting (XSS) is an application security vulnerability usually found in web applications. What type of XSS vulnerability occurs when a victim is tricked into opening a URL programmed with a rogue script to steal sensitive information?
CorrectIncorrect -
Question 312 of 355
312. Question
ISO/IEC 27000 is part of a growing family of ISO/IEC information security management systems (ISMS) standards. It comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the following provides an incorrect mapping of the individual standards that make up this family of standards ?
CorrectIncorrect -
Question 313 of 355
313. Question
Which organization has been developed to deal with economic, social, and governance issues and with how sensitive data is transported over borders?
CorrectIncorrect -
Question 314 of 355
314. Question
Health Tracking Apps, Inc. (HTA) is a U.S.-based corporation that develops and sells apps that its customers can use to track various aspects of their own health, from their daily exercise regimes to various medical test results and comparative statistics over time. These apps utilize cloud-based storage so that customers can access their data from multiple platforms, including smart mobile devices and desktop systems. Customers can also easily share the data the apps generate with their personal trainers and healthcare providers if they choose, on a subscription basis.
HTA’s products are available in several languages, including English, French, Spanish, German, and Italian. All of HTA’s software is developed by a dedicated staff within the United States, though HTA occasionally hires interns from the local university to assist with language translations for its various user interfaces.
The following entity relationship diagram illustrates HTA’s business model dependencies:Would HTA be required to comply with the General Data Protection Regulation (GDPR)? If so, why? If not, why?
1. Maybe, because HTA’s HR records could contain protected privacy data about European citizens if any of HTA’s interns are students studying from abroad.
2. No, because the GDPR applies only to European-based companies.
3. Yes, to the extent that HTA’s stored private data includes that of any European customers.
4. No, because any private data regarding European citizens that HTA’s HR and customer records contain is stored within the United States.CorrectIncorrect -
Question 315 of 355
315. Question
Sam plans to establish mobile phone service using the personal information he has stolen from his former boss. What type of identity theft is this?
CorrectIncorrect -
Question 316 of 355
316. Question
When selecting and implementing information asset protection standards, the process of scoping refers to which of the following?
CorrectIncorrect -
Question 317 of 355
317. Question
There are several different important pieces to the Common Criteria. Which of the following best describes the first of the missing components?
CorrectIncorrect -
Question 318 of 355
318. Question
Before an effective physical security program can be rolled out, a number of steps must be taken. Which of the following steps comes first in the process of rolling out a security program?
CorrectIncorrect -
Question 319 of 355
319. Question
Which of the following best describes Key Derivation Functions (KDFs)?
CorrectIncorrect -
Question 320 of 355
320. Question
If Marge uses her private key to create a digital signature on a message she is sending to George, but she does not show or share her private key with George, what is it an example of ?
CorrectIncorrect -
Question 321 of 355
321. Question
Which of the following is not an effective counter measure against spam?
CorrectIncorrect -
Question 322 of 355
322. Question
Today, satellites are used to provide wireless connectivity between different locations. What two prerequisites are needed for two different locations to communicate via satellite links?
CorrectIncorrect -
Question 323 of 355
323. Question
A small medical institution’s IT security team has become overwhelmed with having to operate and maintain IDSs, firewalls, enterprise-wide antimalware solutions, data leak prevention technologies, and centralized log management. Which of the following best describes what type of solution this organization should implement to allow for standardized and streamlined security operations?
CorrectIncorrect -
Question 324 of 355
324. Question
In the United States, federal agencies must adhere to Federal Information Processing Standard (FIPS) 201-2 “Personal Identity Verification,” which discusses technical measures of authentication for federal employees and contractors. This standard must be followed in order to ensure which of the following?
CorrectIncorrect -
Question 325 of 355
325. Question
Jill is establishing a companywide sales program that will require different user groups with different privileges to access information on a centralized database. How should the security manager secure the database?
CorrectIncorrect -
Question 326 of 355
326. Question
Though “something you know,” in the form of passwords, is the most common authentication factor still used today, it is considered one of the weakest. This is because passwords are easy for users to share, and relatively easy for adversaries to steal or guess. Which of the following measures is the best way to counter attacks on this form of authentication?
CorrectIncorrect -
Question 327 of 355
327. Question
Which of the following describes a parallel test during disaster recovery testing?
CorrectIncorrect -
Question 328 of 355
328. Question
Why is a “Methodology” section as critical to a technical security assessment report as the findings themselves?
CorrectIncorrect -
Question 329 of 355
329. Question
Mirroring of drives is when data is written to two drives at once for redundancy purposes. What similar type of technology is shown in the graphic that follows?
CorrectIncorrect -
Question 330 of 355
330. Question
ACME, Inc., paid a software vendor to develop specialized software, and that vendor has gone out of business. ACME, Inc., does not have access to the code and therefore cannot keep it updated. What mechanism should the company have implemented to prevent this from happening?
CorrectIncorrect -
Question 331 of 355
331. Question
Lisa has learned that most databases implement concurrency controls. What is concurrency, and why must it be controlled?
CorrectIncorrect -
Question 332 of 355
332. Question
What object-oriented programming term or concept is illustrated in the graphic that follows?
CorrectIncorrect -
Question 333 of 355
333. Question
Widgets, Inc.’s software development processes are documented, and the organization is capable of producing its own standard of software processes. Which of the following Capability Maturity Model Integration levels best describes Widgets, Inc.?
CorrectIncorrect -
Question 334 of 355
334. Question
Which of the following is the criteria Sam’s company was most likely certified under?
CorrectIncorrect -
Question 335 of 355
335. Question
Widgets, Inc., wishes to protect its logo from unauthorized use. Which of the following will protect the logo and ensure that others cannot copy and use it?
CorrectIncorrect -
Question 336 of 355
336. Question
Health Tracking Apps, Inc. (HTA) is a U.S.-based corporation that develops and sells apps that its customers can use to track various aspects of their own health, from their daily exercise regimes to various medical test results and comparative statistics over time. These apps utilize cloud-based storage so that customers can access their data from multiple platforms, including smart mobile devices and desktop systems. Customers can also easily share the data the apps generate with their personal trainers and healthcare providers if they choose, on a subscription basis.
HTA’s products are available in several languages, including English, French, Spanish, German, and Italian. All of HTA’s software is developed by a dedicated staff within the United States, though HTA occasionally hires interns from the local university to assist with language translations for its various user interfaces.
The following entity relationship diagram illustrates HTA’s business model dependencies:HTA’s customer data is breached via a vulnerability in its application programming interface (API). This vulnerability is discovered to be a result of a recently announced security flaw in the underlying Java framework that HTA uses for the development of its apps. Which of the following best describes the root of this problem?
CorrectIncorrect -
Question 337 of 355
337. Question
Which of the following are common military categories of data classification?
CorrectIncorrect -
Question 338 of 355
338. Question
When selecting and implementing information asset protection standards, why is tailoring an important process?
CorrectIncorrect -
Question 339 of 355
339. Question
Different access control models provide specific types of security measures and functionality in applications and operating systems. What model is being expressed in the graphic that follows?
CorrectIncorrect -
Question 340 of 355
340. Question
A number of measures should be taken to help protect devices and the environment from electric power issues. Which of the following is best to keep voltage steady and power clean?
CorrectIncorrect -
Question 341 of 355
341. Question
An elliptic curve cryptosystem is an asymmetric algorithm. What sets it apart from other asymmetric algorithms?
CorrectIncorrect -
Question 342 of 355
342. Question
There are two main functions that Trusted Platform Modules (TPMs) carry out within systems today. Which of the following best describes these two functions?
CorrectIncorrect -
Question 343 of 355
343. Question
Robert is responsible for implementing a common architecture used when customers need to access confidential information through Internet connections. Which of the following best describes this type of architecture?
CorrectIncorrect -
Question 344 of 355
344. Question
Brad is a security manager at Thingamabobs, Inc. He is preparing a presentation for his company’s executives on the risks of using instant messaging (IM) and his reasons for wanting to prohibit its use on the company network. Which of the following should not be included in his presentation?
CorrectIncorrect -
Question 345 of 355
345. Question
Which of the following protocols blurs the lines between the OSI model layers, performing the tasks of several at once?
CorrectIncorrect -
Question 346 of 355
346. Question
Which of the following does NOT describe privacy-aware role-based access control?
CorrectIncorrect -
Question 347 of 355
347. Question
Bethany is working on a mandatory access control (MAC) system. She has been working on a file that was classified as Secret. She can no longer access this file because it has been reclassified as Top Secret. She deduces that the project she was working on has just increased in confidentiality and she now knows more about this project than her clearance and need-to-know allows. Which of the following refers to a concept that attempts to prevent this type of scenario from occurring?
CorrectIncorrect -
Question 348 of 355
348. Question
Which of the following is the correct sequence in the Kerberos authentication process with respect to passwords, Key Distribution Centers (KDCs), ticket granting servers (TGSs), ticket granting tickets (TGTs), services, and service tickets?
CorrectIncorrect -
Question 349 of 355
349. Question
Which of the following describes a structured walk-through test during disaster recovery testing?
CorrectIncorrect -
Question 350 of 355
350. Question
Which of the following types of vulnerabilities CANNOT be discovered in the course of a routine vulnerability assessment?
CorrectIncorrect -
Question 351 of 355
351. Question
There are several different types of important architectures within backup technologies. Which architecture does the graphic that follows represent?
CorrectIncorrect -
Question 352 of 355
352. Question
Which of the following incorrectly describes the concept of executive succession planning?
CorrectIncorrect -
Question 353 of 355
353. Question
Robert has been asked to increase the overall efficiency of the sales database by implementing a procedure that structures data to minimize duplication and inconsistencies. What procedure is this?
CorrectIncorrect -
Question 354 of 355
354. Question
Protection methods can be integrated into software programs. What type of protection method is illustrated in the graphic that follows?
CorrectIncorrect -
Question 355 of 355
355. Question
Which of the following best describes “change management?”
CorrectIncorrect