EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?

Question2: While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

Question3: Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

Question4: What is the PRIMARY difference between security policies and security procedures?

Question5: Which of the following statements is TRUE for point-to-point microwave transmissions?

Question6: Which one of the following is a fundamental objective in handling an incident?

Question7: Which of the below strategies would MOST comprehensively address the risk of malicious insiders leaking sensitive information?

Question8: Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?

Question9: What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?

Question10: An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

Question11: Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?

Question12: Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

Question13: An organization plan on purchasing a custom software product developed by a small vendor to support its business model. Which unique consideration should be made part of the contractual agreement potential long-term risks associated with creating this dependency?

Question14: Which security access policy contains fixed security attributes that are used by the system to determine a user's access to a file or object?

Question15: At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled?

Question16: Which of the following is a characteristic of an internal audit?

Question17: Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage?

Question18: What is the BEST way to establish identity over the internet?

Question19: Which of the following BEST describes Recovery Time Objective (RTO)?

Question20: A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?

Question21: Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?

Question22: Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

Question23: A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

Question24: A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results.
What should be implemented to BEST

Question25: An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Question26: Which of the following is mobile device remote fingerprinting?

Question27: Which of the following would an attacker be able to accomplish through the use of Remote Access Tools (RAT)?

Question28: Which of the following is the MOST crucial for a successful audit plan?

Question29: In Business Continuity Planning (BCP), what is the importance of documenting business processes?

Question30: The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?

Question31: Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?

Question32: Which of the following methods can be used to achieve confidentiality and integrity for data in transit?

Question33: Which of the following is ensured when hashing files during chain of custody handling?

Question34: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The effectiveness of the security program can PRIMARILY be measured through

Question35: Which of the following is a recommended alternative to an integrated email encryption system?

Question36: Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic mediA.

Question37: Why must all users be positively identified prior to using multi-user computers?

Question38: Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

Question39: Which of the following is considered a secure coding practice?

Question40: Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?

Question41: Who is accountable for the information within an Information System (IS)?

Question42: Which of the following is the GREATEST security risk associated with the user of identity as a service (IDaaS) when an organization its own software?

Question43: The adoption of an enterprise-wide business continuilty program requires Which of the folllowing?

Question44: Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?

Question45: An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third-party information technology (IT) systems. During the due diligence process, the third party provides previous audit report on its IT system.
Which of the following MUST be considered by the organization in order for the audit reports to be acceptable?

Question46: Which of the following is an essential step before performing Structured Query Language (SQL) penetration tests on a production system?

Question47: When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Question48: Which of the following can BEST prevent security flaws occurring in outsourced software development?

Question49: Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?

Question50: Which of the following methods provides the MOST protection for user credentials?

Question51: An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?

Question52: Which of the following BEST describes the purpose of performing security certification?

Question53: Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?

Question54: What is the MOST critical factor to achieve the goals of a security program?

Question55: Which of the following is a responsibility of a data steward?

Question56: The goal of a Business Impact Analysis (BIA) is to determine which of the following?

Question57: What is the MOST efficient way to secure a production program and its data?

Question58: When using Security Assertion markup language (SAML), it is assumed that the principal subject

Question59: Which of the following is the BEST approach for a forensic examiner to obtain the greatest amount of relevant information form malicious software?

Question60: Why do certificate Authorities (CA) add value to the security of electronic commerce transactions?

Question61: Which of the following is the MOST important security goal when performing application interface testing?

Question62: Which layer handle packet fragmentation and reassembly in the Open system interconnection (OSI) Reference model?

Question63: Why are mobile devices something difficult to investigate in a forensic examinition?

Question64: Changes to a Trusted Computing Base (TCB) system that could impact the security posture of that system and trigger a recertification activity are documented in the

Question65: Which of the following initiates the system recovery phase of a disaster recovery plan?

Question66: What is the PRIMARY role of a scrum master in agile development?

Question67: The BEST method to mitigate the risk of a dictionary attack on a system is to

Question68: Which Web Services Security (WS-Security) specification negotiates how security tokens will be issued, renewed and validated? Click on the correct specification in the image below.

Question69: An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Question70: Which of the following will have the MOST influence on the definition and creation of data classification and data ownership policies?

Question71: Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Question72: When implementing a data classification program, why is it important to avoid too much granularity?

Question73: When adopting software as a service (Saas), which security responsibility will remain with remain with the adopting organization?

Question74: What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

Question75: What physical characteristic does a retinal scan biometric device measure?

Question76: A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and communications are established.
What MUST be considered or evaluated before performing the next step?

Question77: Which of the following would be the FIRST step to take when implementing a patch management program?

Question78: Physical assets defined in an organization's Business Impact Analysis (BIA) could include which of the following?

Question79: The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.
Which elements are required?

Question80: Which of the following is the BEST reason for the use of security metrics?

Question81: In a financial institution, who has the responsibility for assigning the classification to a piece of information?

Question82: Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?

Question83: In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs?

Question84: The core component of Role Based Access control (RBAC) must be constructed of defined data elements, Which elements are requried?

Question85: Which of the following is the MOST

Question86: A large corporation is looking for a solution to automate access based on where the request is coming from, who the user is, what device they are connecting with, and what and time of day they are attempting this access. What type of solution would suit their needs?

Question87: A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack targeting its web application, unless ransom is paid. Which of the following techniques BEST addresses that threat?

Question88: Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?

Question89: Which of the following is the best practice for testing a Business Continuity Plan (BCP)?

Question90: An organization that has achieved a Capability Maturity model Integration (CMMI) level of 4 has done which of the following?

Question91: Which of the following is the BEST statement for a professional to include as port of businees continuity (BC) procedure?

Question92: What are the steps of a risk assessment?

Question93: Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?

Question94: A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

Question95: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Following best practice, where should the permitted access for each department and job classification combination be specified?

Question96: With what frequency should monitoring of a control occur when implementing information security continuous monitoring (ISCM) solutions?

Question97: Which of the following is a common characteristic of privacy?

Question98: Which of the following should be included a hardware retention policy?

Question99: A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?

Question100: An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?

Question101: A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

Question102: Which of the following is the GREATEST security risk associated with the use of identity as a service (IDaaS) when an organization is developing its own software?

Question103: The use of private and public encryption keys is fundamental in the implementation of which of the following?

Question104: The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

Question105: Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?

Question106: Additional padding may be added to toe Encapsulating Security Protocol (ESP) b trailer to provide which of the following?

Question107: Which of the following is an initial consideration when developing an information security management system?

Question108: Which of the following command line tools can be used in the reconnaissance phase of a network vulnerability assessment?

Question109: Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength.
Drag the authentication type on the correct positions on the right according to strength from weakest to strongest.

Question110: In a data classification scheme, the data is owned by the

Question111: Match the functional roles in an external audit to their responsibilities.
Drag each role on the left to its corresponding responsibility on the right.
Select and Place:

Question112: Which of the following is the MOST important activity an organization performs to ensure that securiy is part of the overall organization culture?

Question113: When transmitting information over public networks, the decision to encrypt it should be based on

Question114: Why are mobile devices sometimes difficult to investigate in a forensic examination?

Question115: Which of the following are effective countermeasures against passive network-layer attacks?

Question116: What is the PRIMARY advantage of using automated application security testing tools?

Question117: Which of the following MOST influences the design of the organization's electronic monitoring policies?

Question118: Drag the following Security Engineering terms on the left to the BEST definition on the right.

Question119: Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?

Question120: Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?

Question121: What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?

Question122: Which of the following can be used to calculate the loss event probability?

Question123: In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

Question124: Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

Question125: Software Code signing is used as a method of verifying what security concept?

Question126: Which of the following will help identify the source internet protocol (IP) address of malware being exected on a computer?

Question127: Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host?

Question128: Data leakage of sensitive information is MOST often concealed by which of the following?

Question129: Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?

Question130: Which of the following is the BEST countermeasure to brute force login attacks?

Question131: Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?

Question132: The type of authorized interactions a subject can have with an object is

Question133: The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

Question134: Which of the following is the MOST difficult to enforce when using cloud computing?

Question135: A security practitioner has been tasked with establishing organizational asset handling procedures.
What should be considered that would have the GRFATEST impact to the development of these procedures?

Question136: When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

Question137: Which of the following represents the GREATEST risk to data confidentiality?

Question138: What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?

Question139: Copyright provides protection for which of the following?

Question140: Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?

Question141: If a content management system (CMC) is implemented, which one of the following would occur?

Question142: Which of the following MUST an organization do to effectively communicate is security strategy to all affected parties?

Question143: A vulnerability in which of the following components would be MOST difficult to detect?

Question144: Which of the following is the MOST important action regarding authentication?

Question145: Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Question146: What should be used immediately after a Business Continuity Plan (BCP) has been invoked?

Question147: While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following is the correct procedure for handling such equipment?

Question148: Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?

Question149: A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need?

Question150: Which is the MOST critical aspect of computer-generated evidence?

Question151: Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

Question152: How does identity as a service (IDaaS) provide an easy mechanism for integrating identity service into individual applications with minimal development effort?

Question153: Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?

Question154: A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Match the functional testing techniques on the left with the correct input parameters on the right.

Question155: Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?

Question156: Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?

Question157: For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies?

Question158: Which of the following mandates the amount and complexity of security controls applied to a security risk?

Question159: Who in the organization is accountable for classification of data information assets?

Question160: In the common criteria (CC) for information technology (IT) security evaluation, increasing Evaluation Assurance Levels (EAL) results in which of the following?

Question161: Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?

Question162: In the network design below, where is the MOST secure Local Area Network (LAN) segment to deploy a Wireless Access Point (WAP) that provides contractors access to the Internet and authorized enterprise services?

Question163: Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?

Question164: Which of the following is the FIRST step in the incident response process?

Question165: What steps can be taken to prepare personally identifiable information (PII) for processing by a third party?

Question166: An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?

Question167: Which of the following BEST describes a Protection Profile (PP)?

Question168: Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?

Question169: What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Question170: Which area of embedded devices are most commonly attacked?

Question171: What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

Question172: A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

Question173: Which item below is a federated identity standard?

Question174: Access to which of the following is required to validate web session management?

Question175: Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?

Question176: A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.
Which of the following is the BEST location?

Question177: A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?

Question178: Which of the following MUST be done when promoting a security awareness program to senior management?

Question179: What does the Maximum Tolerable Downtime (MTD) determine?

Question180: Which of the following is a method of attacking internet protocol (IP) v6 Layer 3 and Layer 4?

Question181: What Is the FIRST step for a digital investigator to perform when using best practices to collect digital evidence from a potential crime scene?

Question182: Which of the following BEST describes the responsibilities of data owner?

Question183: Which of the following is true of Service Organization Control (SOC) reports?

Question184: Match the access control type to the example of the control type.
Drag each access control type net to its corresponding example.

Question185: What is the GREATEST challenge of an agent-based patch management solution?

Question186: The birthday attack is MOST effective against which one of the following cipher technologies?

Question187: Additional padding may be added to the Encapsulating security protocol (ESP) trailer to provide which of the following?

Question188: Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?

Question189: Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security?

Question190: What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

Question191: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
When determining appropriate resource allocation, which of the following is MOST important to monitor?

Question192: Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?

Question193: By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?

Question194: Single Sign-On (SSO) is PRIMARILY designed to address which of the following?

Question195: An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?

Question196: Place the following information classification steps in sequential order.

Question197: A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

Question198: Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Question199: What is a warn site when conducting Business continuity planning (BCP)

Question200: In a basic SYN flood attack, what is the attacker attempting to achieve?

Question201: Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
What MUST the plan include in order to reduce client-side exploitation?

Question202: During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?

Question203: During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.

Question204: The World Trade Organization's (WTO) agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) requires authors of computer software to be given the

Question205: Who must approve modifications to an organization's production infrastructure configuration?

Question206: Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

Question207: Mandatory Access Controls (MAC) are based on:

Question208: What security risk does the role-based access approach mitigate MOST effectively?

Question209: All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Question210: Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/internet Protocol (TCP/IP) traffic?

Question211: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Which of the following is true according to the star property (*property)?

Question212: Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?

Question213: Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment?

Question214: At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Question215: Which of the following does Temporal Key Integrity Protocol (TKIP) support?

Question216: In order for application developers to detect potential vulnerabilities earlier during the Software Development Life Cycle (SDLC), which of the following safeguards should be implemented FIRST as part of a comprehensive testing framework?

Question217: Which of the following PRIMARILY contributes to security incidents in web-based applications?

Question218: Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?

Question219: Which of the following is the MOST important element of change management documentation?

Question220: In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of

Question221: When implementing controls in a heterogeneous end-point network for an organization, it is critical that

Question222: What is the FIRST step required in establishing a records retention program?

Question223: In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?

Question224: Due to system constraints, a group of system administrators must share a high-level access set of credentials.
Which of the following would be

Question225: Which of the following media is least problematic with data remanence?

Question226: Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?

Question227: A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

Question228: What balance MUST be considered when web application developers determine how information application error message should be constructed?

Question229: A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually?

Question230: Which of the following is a network intrusion detection technique?

Question231: Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?

Question232: If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?

Question233: Which of the following controls is the FIRST step in protecting privacy in an information system?

Question234: The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity?

Question235: When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

Question236: Which of the following would present the highert annualized loss expectancy (ALE)?

Question237: When building a data classification scheme, which of the following is the PRIMARY concern?

Question238: Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary?

Question239: Which one of the following considerations has the LEAST impact when considering transmission security?

Question240: What is the purpose of an Internet Protocol (IP) spoofing attack?

Question241: A criminal organization is planning an attack on a government network. Which of the following is the MOST severe attack to the network availability?

Question242: According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

Question243: An employee of a retail company has been granted an extended leave of absence by Human Resources (HR).
This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?

Question244: Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?

Question245: Which of the following presents the PRIMARY concern to an organiztion when setting up a federated single sign-on (SSO) solution with another

Question246: A vulnerability test on an Information System (IS) is conducted to

Question247: What is the second step in the identity and access provisioning lifecycle?

Question248: Which of the following assures that rules are followed in an identity management architecture?

Question249: Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

Question250: Discretionary Access Control (DAC) restricts access according to

Question251: When is a Business Continuity Plan (BCP) considered to be valid?

Question252: Change management policies and procedures belong to which of the following types of controls?

Question253: A security consultant has been hired by a company to establish its vulnerability management program.
The consultant is now in the deployment phase. Which of the following tasks is part of this process?

Question254: Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

Question255: Which of the following is the BEST reason for writing an information security policy?

Question256: Which layer of the Open system Interconnect (OSI) model is responsible for secure data transfer between applications, flow control, and error detection and correction?

Question257: An organization wants to enable uses to authenticate across multiple security domains. To accomplish this they have decided to use Federated Identity Management (F1M). Which of the following is used behind the scenes in a FIM deployment?

Question258: Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?

Question259: Why is planning in Disaster Recovery (DR) an interactive process?

Question260: From a security perspective, which of the following assumptions MUST be made about input to an application?

Question261: Which of the following is needed to securely distribute symmetric cryptographic keys?

Question262: Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?

Question263: Which of the following entails identification of data end links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

Question264: What access control scheme uses fine-grained rules to specify the conditions under which access to each data item or applications is granted?

Question265: What is the MAIN feature that onion routing networks offer?

Question266: A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3) to it.
Which of the following is the MOST likely reason for doing so?

Question267: Why is a system's criticality classification important in large organizations?

Question268: A project requires the use of en authentication mechanism where playback must be protected and plaintext secret must be used. Which of the following should be used?

Question269: During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

Question270: Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

Question271: What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?

Question272: Which of the following explains why record destruction requirements are included in a data retention policy?

Question273: Which of the following is a characteristic of a challenge/respones authentication process?

Question274: Why should Open Wab Application Secuirty Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any wab application?

Question275: Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

Question276: Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique?

Question277: Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?

Question278: An analysis finds unusual activity coming from a computer that was thrown away several months prior, which of the following steps ensure the proper removal of the system?

Question279: An organization implements a remote access server (RAS), Once users connect to the server, digital certificates are used to authenticate their identity. What type of extensible Authentication protocol (EAP) would the organization use during this authentication?

Question280: What is the foundation of cryptographic functions?

Question281: Which of the following is the PRIMARY issue when collecting detailed log information?

Question282: When should an application invoke re-authentication in addition to initial user authentication?

Question283: In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?

Question284: Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

Question285: By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

Question286: Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined?

Question287: Which of the following is MOST important when deploying digital certificates?

Question288: What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?

Question289: Which programming methodology allows a programmer to use pre-determined blocks of code end consequently reducing development time and programming costs?

Question290: Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?

Question291: A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?

Question292: For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data?

Question293: The use of proximity card to gain access to a building is an example of what type of security control?

Question294: Which one of the following transmission media is MOST effective in preventing data interception?

Question295: Which of the following MOST applies to session initiation protocal (SIP) security?

Question296: When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?

Question297: The 802.1x standard provides a framework for what?

Question298: Which of the following is a common feature of an Identity as a Service (IDaaS) solution?

Question299: What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?

Question300: An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?

Question301: Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?

Question302: Which of the following combinations would MOST negatively affect availability?

Question303: When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?

Question304: Although code using a specific program language may not be susceptible to a buffer overflow attack,

Question305: Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?

Question306: Which of the following is the MOST effective method of mitigating data theft from an active user workstation?

Question307: Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

Question308: Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?

Question309: Which of the following initiates the systems recovery phase of a disaster recovery plan?

Question310: Which of the following is a reason to use manual patch installation instead of automated patch management?

Question311: Which Web Services Security (WS-Security) specification handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below.

Question312: Which of the following is the MOST important activity an organization performs to ensure that security is part of the overall organization culture?