Question1: The BEST method to mitigate the risk of a dictionary attack on a system is to
Question2: An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?
Question3: By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?
Question4: An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.
As part of the authentication process, which of the following must the end user provide?
Question5: Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?
Question6: What does an organization FIRST review to assure compliance with privacy requirements?
Question7: DRAG DROP
A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Match the functional testing techniques on the left with the correct input parameters on the right.

Question8: Which of the following is an attacker MOST likely to target to gain privileged access to a system?
Question9: When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?
Question10: Are companies legally required to report all data breaches?
Question11: Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?
Question12: Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?
Question13: Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?
Question14: Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?
Question15: DRAG DROP
Order the below steps to create an effective vulnerability management process.

Question16: While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?
Question17: When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?
Question18: Which of the following is the MAIN reason that system re-certification and re-accreditation
are needed?
Question19: Which of the following statements is TRUE for point-to-point microwave transmissions?
Question20: What should happen when an emergency change to a system must be performed?
Question21: Which of the following methods can be used to achieve confidentiality and integrity for data in transit?
Question22: Which of the following is the BEST mitigation from phishing attacks?
Question23: The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it
Question24: Which of the following describes the BEST configuration management practice?
Question25: Which of the following would be the FIRST step to take when implementing a patch management program?
Question26: When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?
Question27: During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this?
Question28: A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of
Question29: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
What MUST the access control logs contain in addition to the identifier?
Question30: Which of the following explains why record destruction requirements are included in a data retention policy?
Question31: Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?
Question32: What is the MOST effective countermeasure to a malicious code attack against a mobile system?
Question33: Which of the following is the PRIMARY security concern associated with the implementation of smart cards?
Question34: Following the completion of a network security assessment, which of the following can BEST be demonstrated?
Question35: Which security action should be taken FIRST when computer personnel are terminated from their jobs?
Question36: Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?
Question37: Which of the following defines the key exchange for Internet Protocol Security (IPSec)?
Question38: While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following is the correct procedure for handling such equipment?
Question39: Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?
Question40: Which of the following is ensured when hashing files during chain of custody handling?
Question41: Which of the following is the BEST method to assess the effectiveness of an organization's vulnerability management program?
Question42: Which of the following does the Encapsulating Security Payload (ESP) provide?
Question43: A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?
Question44: Which of the following is an appropriate source for test data?
Question45: Multi-threaded applications are more at risk than single-threaded applications to
Question46: What is the MOST efficient way to secure a production program and its data?
Question47: The Hardware Abstraction Layer (HAL) is implemented in the
Question48: The process of mutual authentication involves a computer system authenticating a user and authenticating the
Question49: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The effectiveness of the security program can PRIMARILY be measured through
Question50: Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?
Question51: Which of the following controls is the FIRST step in protecting privacy in an information system?
Question52: DRAG DROP
Place the following information classification steps in sequential order.

Question53: The PRIMARY security concern for handheld devices is the
Question54: When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
Question55: Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?
Question56: What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?
Question57: Which of the following methods provides the MOST protection for user credentials?
Question58: Which of the following is considered best practice for preventing e-mail spoofing?
Question59: Which of the following is the MOST crucial for a successful audit plan?
Question60: Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?
Question61: Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?
Question62: Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?
Question63: Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?
Question64: HOTSPOT
Which Web Services Security (WS-Security) specification handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below.

Question65: What is the FIRST step in developing a security test and its evaluation?
Question66: When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?
Question67: In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?
Question68: What maintenance activity is responsible for defining, implementing, and testing updates to application systems?
Question69: What is an important characteristic of Role Based Access Control (RBAC)?
Question70: Which of the following is a detective access control mechanism?
Question71: A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
Question72: An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?
Question73: While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?
Question74: An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to
Question75: After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue?
Question76: Which item below is a federated identity standard?
Question77: Which methodology is recommended for penetration testing to be effective in the development phase of the life-cycle process?
Question78: An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?
Question79: Logical access control programs are MOST effective when they are
Question80: What is the MOST important reason to configure unique user IDs?
Question81: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will indicate where the IT budget is BEST allocated during this time?
Question82: What type of encryption is used to protect sensitive data in transit over a network?
Question83: What is the PRIMARY difference between security policies and security procedures?
Question84: The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide
Question85: Which of the following MOST influences the design of the organization's electronic monitoring policies?
Question86: Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?
Question87: Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?
Question88: Which of the following is a critical factor for implementing a successful data classification program?
Question89: Which of the following is a recommended alternative to an integrated email encryption system?
Question90: Which of the following is the PRIMARY issue when collecting detailed log information?
Question91: At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted
Question92: In a financial institution, who has the responsibility for assigning the classification to a piece of information?
Question93: Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
If the intrusion causes the system processes to hang, which of the following has been affected?
Question94: The BEST method of demonstrating a company's security level to potential customers is
Question95: Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy
contain?
Question96: A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.
Which of the following is the BEST location?
Question97: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Which of the following BEST describes the access control methodology used?
Question98: The 802.1x standard provides a framework for what?
Question99: A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?
Question100: Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?
Question101: The three PRIMARY requirements for a penetration test are
Question102: The amount of data that will be collected during an audit is PRIMARILY determined by the
Question103: What is the BEST method to detect the most common improper initialization problems in programming languages?
Question104: The overall goal of a penetration test is to determine a system's
Question105: An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?
Question106: Which of the following is the BEST way to verify the integrity of a software patch?
Question107: For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?
Question108: A Business Continuity Plan (BCP) is based on
Question109: Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?
Question110: Which of the following is most helpful in applying the principle of LEAST privilege?
Question111: Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?
Question112: An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?
Question113: Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?
Question114: Which one of the following transmission media is MOST effective in preventing data interception?
Question115: Which of the following is the BEST reason to review audit logs periodically?
Question116: Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
The organization should ensure that the third party's physical security controls are in place so that they
Question117: An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?
Question118: For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?
Question119: DRAG DROP
Drag the following Security Engineering terms on the left to the BEST definition on the right.

Question120: Which type of control recognizes that a transaction amount is excessive in accordance with
corporate policy?
Question121: Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?
Question122: Which of the following PRIMARILY contributes to security incidents in web-based applications?
Question123: HOTSPOT
Which Web Services Security (WS-Security) specification negotiates how security tokens will be issued, renewed and validated? Click on the correct specification in the image below.

Question124: Which of the following is required to determine classification and ownership?
Question125: If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?
Question126: Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?
Question127: Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?
Question128: Which of the following is the FIRST step of a penetration test plan?
Question129: Disaster Recovery Plan (DRP) training material should be
Question130: Which of the following is the MAIN goal of a data retention policy?
Question131: Which one of the following is a common risk with network configuration management?
Question132: What is the PRIMARY reason for ethics awareness and related policy implementation?
Question133: Which of the following questions can be answered using user and group entitlement reporting?
Question134: The MAIN reason an organization conducts a security authorization process is to
Question135: HOTSPOT
Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments? Click on the correct specification in the image below.

Question136: An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule?
Question137: DRAG DROP
Given the various means to protect physical and logical assets, match the access management area to the technology.

Question138: Which of the following does Temporal Key Integrity Protocol (TKIP) support?
Question139: From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?
Question140: Changes to a Trusted Computing Base (TCB) system that could impact the security posture of that system and trigger a recertification activity are documented in the
Question141: Why is a system's criticality classification important in large organizations?
Question142: Which of the following MUST be part of a contract to support electronic discovery of data
stored in a cloud environment?
Question143: Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?
Question144: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four files?
Question145: A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?
Question146: Which one of the following considerations has the LEAST impact when considering transmission security?
Question147: HOTSPOT
Identify the component that MOST likely lacks digital accountability related to information access.
Click on the correct device in the image below.

Question148: Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized
individual accessed a system which hosts a database containing financial information.
If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?
Question149: Which of the following is the MOST beneficial to review when performing an IT audit?
Question150: What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?
Question151: A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?
Question152: Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?
Question153: DRAG DROP
In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?

Question154: Which one of the following is a threat related to the use of web-based client side input validation?
Question155: Which of the following describes the concept of a Single Sign-On (SSO) system?
Question156: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will be the PRIMARY security concern as staff is released from the organization?
Question157: Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?
Question158: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?
Question159: Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique?
Question160: How can lessons learned from business continuity training and actual recovery incidents
BEST be used?
Question161: The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using
Question162: Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?
Question163: Which of the following violates identity and access management best practices?
Question164: Which of the following is the PRIMARY benefit of a formalized information classification program?
Question165: What principle requires that changes to the plaintext affect many parts of the ciphertext?
Question166: Discretionary Access Control (DAC) is based on which of the following?
Question167: When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include
Question168: Which of the following BEST describes the purpose of performing security certification?
Question169: What is the process called when impact values are assigned to the security objectives for information types?
Question170: Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?
Question171: Without proper signal protection, embedded systems may be prone to which type of attack?
Question172: The World Trade Organization's (WTO) agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) requires authors of computer software to be given the
Question173: What is the GREATEST challenge to identifying data leaks?
Question174: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
When determining appropriate resource allocation, which of the following is MOST important to monitor?
Question175: A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is
Question176: Which of the following has the GREATEST impact on an organization's security posture?
Question177: Why MUST a Kerberos server be well protected from unauthorized access?
Question178: Software Code signing is used as a method of verifying what security concept?
Question179: Copyright provides protection for which of the following?
Question180: According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?
Question181: Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?
Question182: An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?
Question183: A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?
Question184: An organization's data policy MUST include a data retention period which is based on
Question185: Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?
Question186: How does an organization verify that an information system's current hardware and software match the standard system configuration?
Question187: Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage?
Question188: Data remanence refers to which of the following?
Question189: The birthday attack is MOST effective against which one of the following cipher technologies?
Question190: What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?
Question191: A vulnerability test on an Information System (IS) is conducted to
Question192: Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?
Question193: Which of the following BEST avoids data remanence disclosure for cloud hosted resources?
Question194: Secure Sockets Layer (SSL) encryption protects
Question195: Which of the following is a security limitation of File Transfer Protocol (FTP)?
Question196: Which of the following actions should be performed when implementing a change to a database schema in a production system?
Question197: Which of the following is the BEST solution to provide redundancy for telecommunications links?
Question198: Which of the following MUST be done when promoting a security awareness program to senior management?
Question199: What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?
Question200: Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?
Question201: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will MOST likely allow the organization to keep risk at an acceptable level?
Question202: In a data classification scheme, the data is owned by the
Question203: Which of the following is a potential risk when a program runs in privileged mode?
Question204: Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?
Question205: In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
Question206: Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?
Question207: A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?
Question208: The key benefits of a signed and encrypted e-mail include
Question209: Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?
Question210: Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?
Question211: Contingency plan exercises are intended to do which of the following?
Question212: An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
Question213: Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?
Question214: When implementing controls in a heterogeneous end-point network for an organization, it is critical that
Question215: What is the MOST critical factor to achieve the goals of a security program?
Question216: Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?
Question217: When transmitting information over public networks, the decision to encrypt it should be based on
Question218: An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?
Question219: Which one of the following describes granularity?
Question220: Internet Protocol (IP) source address spoofing is used to defeat
Question221: During a fingerprint verification process, which of the following is used to verify identity and authentication?
Question222: An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?
Question223: How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?
Question224: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Following best practice, where should the permitted access for each department and job classification combination be specified?
Question225: With data labeling, which of the following MUST be the key decision maker?
Question226: A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?
Question227: What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?
Question228: Which of the following BEST describes a Protection Profile (PP)?
Question229: The type of authorized interactions a subject can have with an object is
Question230: Which of the following is the PRIMARY benefit of implementing data-in-use controls?
Question231: To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?
Question232: What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?
Question233: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Which of the following is considered the MOST important priority for the information security officer?
Question234: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The security program can be considered effective when
Question235: DRAG DROP
Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic media.

Question236: Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information?
Question237: The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct
Question238: Which of the following is the BEST countermeasure to brute force login attacks?
Question239: Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
In the plan, what is the BEST approach to mitigate future internal client-based attacks?
Question240: Which of the following is an essential element of a privileged identity lifecycle management?
Question241: A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?
Question242: What is the PRIMARY advantage of using automated application security testing tools?
Question243: Which of the following BEST describes Recovery Time Objective (RTO)?
Question244: Which one of the following is a fundamental objective in handling an incident?
Question245: Which of the following assures that rules are followed in an identity management architecture?
Question246: Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?
Question247: What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service?
Question248: A practice that permits the owner of a data object to grant other users access to that object would usually provide
Question249: Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?
Question250: HOTSPOT
In the network design below, where is the MOST secure Local Area Network (LAN) segment to deploy a Wireless Access Point (WAP) that provides contractors access to the Internet and authorized enterprise services?

Question251: Which of the following are required components for implementing software configuration management systems?
Question252: When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?
Question253: When planning a penetration test, the tester will be MOST interested in which information?
Question254: In a basic SYN flood attack, what is the attacker attempting to achieve?
Question255: To protect auditable information, which of the following MUST be configured to only allow read access?
Question256: A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?
Question257: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

In a Bell-LaPadula system, which user cannot write to File 3?
Question258: Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?
Question259: Which of the following is the MOST important element of change management documentation?
Question260: Discretionary Access Control (DAC) restricts access according to
Question261: Retaining system logs for six months or longer can be valuable for what activities?
Question262: Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?
Question263: Which of the following is generally indicative of a replay attack when dealing with biometric
authentication?
Question264: What does secure authentication with logging provide?
Question265: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?
Question266: DRAG DROP
Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).

Question267: What is one way to mitigate the risk of security flaws in custom software?
Question268: For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data?
Question269: A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?
Question270: The FIRST step in building a firewall is to
Question271: Which of the following is a function of Security Assertion Markup Language (SAML)?
Question272: Which one of the following affects the classification of data?
Question273: Which of the following is an advantage of on-premise Credential Management Systems?
Question274: Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?
Question275: Why must all users be positively identified prior to using multi-user computers?
Question276: Which of the following is an essential step before performing Structured Query Language (SQL) penetration tests on a production system?
Question277: An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?
Question278: The stringency of an Information Technology (IT) security assessment will be determined by the
Question279: In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?
Question280: According to best practice, which of the following is required when implementing third party software in a production environment?
Question281: What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?
Question282: Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?
Question283: What is an effective practice when returning electronic storage media to third parties for repair?
Question284: A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?
Question285: Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?
Question286: Which of the following statements is TRUE of black box testing?
Question287: What component of a web application that stores the session state in a cookie can be bypassed by an attacker?
Question288: Which of the following is the MOST difficult to enforce when using cloud computing?
Question289: If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the
Question290: A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step?
Question291: When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and
Question292: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Which of the following is true according to the star property (*property)?
Question293: What physical characteristic does a retinal scan biometric device measure?
Question294: As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to
Question295: The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?
Question296: Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage?
Question297: Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0 to integrate a third-party identity provider for a service?
Question298: Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?
Question299: The PRIMARY purpose of a security awareness program is to
Question300: In Business Continuity Planning (BCP), what is the importance of documenting business processes?
Question301: The BEST example of the concept of "something that a user has" when providing an authorized user access to a computing system is
Question302: Which of the following is the best practice for testing a Business Continuity Plan (BCP)?
Question303: Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?
Question304: Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?
Question305: A disadvantage of an application filtering firewall is that it can lead to
Question306: What security risk does the role-based access approach mitigate MOST effectively?
Question307: Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique?
Question308: When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
Question309: If compromised, which of the following would lead to the exploitation of multiple virtual machines?
Question310: Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined?
Question311: What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?
Question312: An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?
Question313: In order for a security policy to be effective within an organization, it MUST include
Question314: Which of the following is an example of two-factor authentication?
Question315: An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?
Question316: After acquiring the latest security updates, what must be done before deploying to production systems?
Question317: What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?
Question318: What is the GREATEST challenge of an agent-based patch management solution?
Question319: During an audit, the auditor finds evidence of potentially illegal activity. Which of the
following is the MOST appropriate action to take?
Question320: Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?
Question321: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?
Question322: Which of the following is the MOST effective attack against cryptographic hardware modules?
Question323: Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
What additional considerations are there if the third party is located in a different country?
Question324: What security management control is MOST often broken by collusion?
Question325: During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
Question326: Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
What MUST the plan include in order to reduce client-side exploitation?
Question327: Who must approve modifications to an organization's production infrastructure configuration?
Question328: Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?
Question329: Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?
Question330: Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?
Question331: Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?
Question332: Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?
Question333: Which of the following MUST system and database administrators be aware of and apply
when configuring systems used for storing personal employee data?
Question334: A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as
Question335: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
In addition to authentication at the start of the user session, best practice would require re-authentication
Question336: What is the MAIN feature that onion routing networks offer?
Question337: What is the ultimate objective of information classification?
Question338: By allowing storage communications to run on top of Transmission Control
Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the
Question339: A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?
Question340: Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?
Question341: During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?
Question342: Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?
Question343: An advantage of link encryption in a communications network is that it
Question344: Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?
Question345: How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)?
Question346: Which of the following is an effective method for avoiding magnetic media data remanence?
Question347: Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?
Question348: Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
The third party needs to have
Question349: Which of the following is a reason to use manual patch installation instead of automated patch management?
Question350: Data leakage of sensitive information is MOST often concealed by which of the following?
Question351: Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?
Question352: DRAG DROP
During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.

Question353: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program from being installed on the computer?
Question354: The application of which of the following standards would BEST reduce the potential for data breaches?
Question355: Which of the following entities is ultimately accountable for data remanence vulnerabilities with data replicated by a cloud service provider?
Question356: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?
Question357: The goal of a Business Continuity Plan (BCP) training and awareness program is to
Question358: Which of the following can BEST prevent security flaws occurring in outsourced software development?
Question359: Which of the following analyses is performed to protect information assets?
Question360: Single Sign-On (SSO) is PRIMARILY designed to address which of the following?
Question361: The PRIMARY outcome of a certification process is that it provides documented
Question362: During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?
Question363: Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?
Question364: The use of proximity card to gain access to a building is an example of what type of security control?
Question365: Which of the following BEST describes a rogue Access Point (AP)?
Question366: Which of the following is a network intrusion detection technique?
Question367: The goal of software assurance in application development is to
Question368: Which of the following secures web transactions at the Transport Layer?
Question369: What is the MOST effective method of testing custom application code?
Question370: Passive Infrared Sensors (PIR) used in a non-climate controlled environment should
Question371: Which of the following is the MOST effective method of mitigating data theft from an active user workstation?
Question372: What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?
Question373: Which of the following BEST represents the principle of open design?