EMT Practice Test

1. Question Content...


Question List

Question1: A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.
Which of the following is the BEST location?

Question2: The PRIMARY security concern for handheld devices is the

Question3: Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain.
Which of the following is LEAST associated with the attack surface?

Question4: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will indicate where the IT budget is BEST allocated during this time?

Question5: Which of the following techniques is MOST useful when dealing with Advanced persistent Threat (APT) intrusions on live virtualized environments?

Question6: Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

Question7: Which of the following is a PRIMARY advantage of using a third-party identity service?

Question8: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The security program can be considered effective when

Question9: An organization operates a legacy Industrial Control System (ICS) to support its core business service, which carrot be replaced. Its management MUST be performed remotely through an administrative console software, which in tum depends on an old version of the Java Runtime Environment (JPE) known to be vulnerable to a number of attacks, How is this risk BEST managed?

Question10: When conducting a security assessment of access controls, which activity is part of the data analysis phase?

Question11: In a financial institution, who has the responsibility for assigning the classification to a piece of information?

Question12: An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.
As part of the authentication process, which of the following must the end user provide?

Question13: When selecting a disk encryption technology, which of the following MUST also be assured to be encrypted?

Question14: A practice that permits the owner of a data object to grant other users access to that object would usually provide

Question15: Without proper signal protection, embedded systems may be prone to which type of attack?

Question16: What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)?

Question17: Which of the following is the BEST way to verify the integrity of a software patch?

Question18: In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?

Question19: What is the PRIMARY goal of fault tolerance?

Question20: Which of the following is the MOST difficult to enforce when using cloud computing?

Question21: What balance MUST be considered when web application developers determine how informative application error messages should be constructed?

Question22: What MUST each information owner do when a system contains data from multiple information owners?

Question23: Which one of the following describes granularity?

Question24: Which of the following is a common measure within a Local Area Network (LAN) to provide en additional level of security through segmentation?

Question25: Limiting the processor, memory, and Input/output (I/O) capabilities of mobile code is known as

Question26: Which of the following is MOST important when assigning ownership of an asset to a department?

Question27: An organization's security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is being used?

Question28: The MAIN task of promoting security for Personal Computers (PC) is

Question29: Which of the following is a common feature of an Identity as a Service (IDaaS) solution?

Question30: Which of the following is mobile device remote fingerprinting?

Question31: A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?

Question32: A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

Question33: The three PRIMARY requirements for a penetration test are

Question34: Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

Question35: Internet Protocol (IP) source address spoofing is used to defeat

Question36: Which of the following secures web transactions at the Transport Layer?

Question37: Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?

Question38: A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of which of the following?

Question39: Which of the following is the weakest form of protection for an application that handles Personally Identifiable Information (PII)?

Question40: Which of the following command line tools can be used in the reconnaissance phase of a network vulnerability assessment?

Question41: By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?

Question42: Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?

Question43: An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies.
What code of ethics canon is being observed?

Question44: Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique?

Question45: Which one of the following is a fundamental objective in handling an incident?

Question46: Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments? Click on the correct specification in the image below.

Question47: Which would result in the GREATEST import following a breach to a cloud environment?

Question48: Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?

Question49: What are the roles within a scrum methodoligy?

Question50: What is the BEST location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access?

Question51: The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?

Question52: Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Question53: Discretionary Access Control (DAC) is based on which of the following?

Question54: Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

Question55: Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

Question56: To protect auditable information, which of the following MUST be configured to only allow read access?

Question57: Who is responsible for the protection of information when it is shared with or provided to other organizations?

Question58: Which of the following techniques BEST prevents buffer overflows?

Question59: What is the MOST significant benefit of an application upgrade that replaces randomly generated session keys with certificate based encryption for communications with backend servers?

Question60: An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the FIRST action to be taken?

Question61: An organization's data policy MUST include a data retention period which is based on

Question62: Which of the following is the PRIMARY benefit of a formalized information classification program?

Question63: Which of the following analyses is performed to protect information assets?

Question64: Which of the following is a recommended alternative to an integrated email encryption system?

Question65: A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack targeting its web application, unless ransom is paid. Which of the following techniques BEST addresses that threat?

Question66: After following the processes defined within the change management plan, a super user has upgraded a device within an Information system.
What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Question67: An organization has discovered that users are visiting unauthorized websites using anonymous proxies.
Which of the following is the BEST way to prevent future occurrences?

Question68: Which of the following attributes could be used to describe a protection mechanism of an open design methodology?

Question69: What is the MOST efficient way to secure a production program and its data?

Question70: An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?

Question71: Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?

Question72: It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?

Question73: Which of the following is the BEST solution to provide redundancy for telecommunications links?

Question74: Which of the following models uses unique groups contained in unique conflict classes?

Question75: Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?

Question76: The MAIN reason an organization conducts a security authorization process is to

Question77: Which of the following will help identify the source internet protocol (IP) address of malware being exected on a computer?

Question78: Which of the following is a MAJOR concern when there is a need to preserve or retain information for future retrieval?

Question79: A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?

Question80: Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host?

Question81: Which of the following is a critical factor for implementing a successful data classification program?

Question82: Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary?

Question83: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Which of the following is true according to the star property (*property)?

Question84: Which of the following four iterative steps are conducted on third-party vendors in an on-going basis?

Question85: An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?

Question86: Which of the following BEST provides for non-repudiation od user account actions?

Question87: A large corporation is locking for a solution to automate access based on where on request is coming from, who the user is, what device they are connecting with, and what time of day they are attempting this access.
What type of solution would suit their needs?

Question88: Of the following, which BEST provides non-repudiation with regards to access to a server room?

Question89: Which of the following initiates the systems recovery phase of a disaster recovery plan?

Question90: Which of the following MUST be considered when developing business rules for a data loss prevention (DLP) solution?

Question91: Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

Question92: Which of the following is the PRIMARY benefit of implementing data-in-use controls?

Question93: The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health information (PHI) data leak?

Question94: A criminal organization is planning an attack on a government network. Which of the following is the MOST severe attack to the network availability?

Question95: While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?

Question96: Which of the following MOST applies to session initiation protocal (SIP) security?

Question97: Which of the following is a remote access protocol that uses a static authentication?

Question98: Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

Question99: Unused space in a disk cluster is important in media analysis because it may contain which of the following?

Question100: Which one of the following data integrity models assumes a lattice of integrity levels?

Question101: Functional security testing is MOST critical during which phase of the system development life cycle (SDLC)?

Question102: Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Question103: An organization's information security strategic plan MUST be reviewed

Question104: When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

Question105: An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Question106: Which of the following BEST describes the responsibilities of a data owner?

Question107: What is the MAIN goal of information security awareness and training?

Question108: Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?

Question109: Which inherent password weakness does a One Time Password (OTP) generator overcome?

Question110: A security practitioner has been tasked with establishing organizational asset handling procedures. What should be considered that would have the GRFATEST impact to the development of these procedures?

Question111: Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?

Question112: When would an organization review a Business Continuity Management (BCM) system?

Question113: Which of the following statements is TRUE for point-to-point microwave transmissions?

Question114: When conducting a security assessment of access controls , Which activity is port of the data analysis phase?

Question115: The adoption of an enterprise-wide Business Continuity (BC) program requires which of the following?

Question116: At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted

Question117: Which of the following management processes allots ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Question118: When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?

Question119: Which of the following is the MOST secure protocol for remote command access to the firewall?

Question120: A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?

Question121: Reciprocal backup site agreements are considered to be

Question122: Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

Question123: Which of the following is the MOST important reason for timely installation of software patches?

Question124: The Hardware Abstraction Layer (HAL) is implemented in the

Question125: A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system?

Question126: Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?

Question127: What capability would typically be included in a commercially available software package designed for access control?

Question128: The 802.1x standard provides a framework for what?

Question129: What does the term "100-year floodplain" mean to emergency preparedness officials?

Question130: Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?

Question131: When transmitting information over public networks, the decision to encrypt it should be based on

Question132: Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks.
Which of the following is a correct list of password attacks?

Question133: What is the PRIMARY purpose for an organization to conduct a security audit?

Question134: Copyright provides protection for which of the following?

Question135: Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?

Question136: Configuring a Wireless Access Point (WAP) with the same Service Set Identifier (SSID) as another WAP in order to have users unknowingly connect is referred to as which of the following?

Question137: As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to

Question138: What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?

Question139: When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?

Question140: What is the MOST critical factor to achieve the goals of a security program?

Question141: Which of the following has the GREATEST Impact on an organization's security posture?

Question142: When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified?

Question143: Who is accountable for the information within an Information System (IS)?

Question144: Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Question145: In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Question146: During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?

Question147: By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

Question148: What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

Question149: Which of the following is used to detect steganography?

Question150: Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

Question151: Which of the following is a characteristic of a challenge/response authentication process?

Question152: Which one of the following is a common risk with network configuration management?

Question153: Which of the following restricts the ability of an individual to carry out all the steps of a particular process?

Question154: Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?

Question155: Individual access to a network is BEST determined based on

Question156: Which of the following is the PRIMARY issue when collecting detailed log information?

Question157: Which of the following value comparisons MOST accurately reflects the agile development approach?

Question158: What is the BEST way to correlate large volumes of disparate data sources in a Security Operations Center (SOC) environment?

Question159: How does identity as a service (IDaaS) provide an easy mechanism for integrating identity service into individual applications with minimal development effort?

Question160: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The effectiveness of the security program can PRIMARILY be measured through

Question161: Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

Question162: What does electronic vaulting accomplish?

Question163: Which of the following MUST be done when promoting a security awareness program to senior management?

Question164: Which of the following is an advantage of on-premise Credential Management Systems?

Question165: Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?

Question166: Which of the following is the PRIMARY security concern associated with the implementation of smart cards?

Question167: A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?

Question168: Which of the following is the BEST metric to obtain when gaining support for an Identify and Access Management (IAM) solution?

Question169: Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Question170: Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized?

Question171: Which of the following BEST describes Recovery Time Objective (RTO)?

Question172: After acquiring the latest security updates, what must be done before deploying to production systems?

Question173: The goal of software assurance in application development is to

Question174: Which of the following BEST represents the concept of least privilege?

Question175: Match the access control type to the example of the control type.
Drag each access control type net to its corresponding example.

Question176: From a cryptographic perspective, the service of non-repudiation includes which of the following features?

Question177: The use of private and public encryption keys is fundamental in the implementation of which of the following?

Question178: Information security metrics provide the GREATEST value tp management when based upon the security manager's knowledge of which of the following?

Question179: How should the retention period for an organization's social media content be defined?

Question180: In Business Continuity Planning (BCP), what is the importance of documenting business processes?

Question181: Which media sanitization methods should be used for data with a high security categorization?

Question182: Which of the following is the MOST important activity an organization performs to ensure that security is part of the overall organization culture?

Question183: Which of the following will help prevent improper session handling?

Question184: Which of the following is the BEST way to mitigate circumvention of access controls?

Question185: Which one of the following would cause an immediate review and possible change to the security policies of an organization?

Question186: Which of the following MOST influences the design of the organization's electronic monitoring policies?

Question187: Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?

Question188: Which of the following is a PRIMARY challenge when running a penetration test?

Question189: Which of the following is considered a secure coding practice?

Question190: Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Question191: In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs?

Question192: What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?

Question193: Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?

Question194: An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?

Question195: Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item?

Question196: Which layer of the Open systems Interconnection (OSI) model is being targeted in the event of a Synchronization (SYN) flood attack?

Question197: Which one of the following is a threat related to the use of web-based client side input validation?

Question198: According to best practice, which of the following is required when implementing third party software in a production environment?

Question199: Which of the following access control models is MOST restrictive?

Question200: What Is the FIRST step for a digital investigator to perform when using best practices to collect digital evidence from a potential crime scene?

Question201: What does a Synchronous (SYN) flood attack do?

Question202: When can a security program be considered effective?

Question203: A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?

Question204: When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?

Question205: What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Question206: Which of the following is the MOST important security goal when performing application interface testing?

Question207: Functional security testing is MOST critical during which phese of the system development Life Cycle (SDLC)?

Question208: Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?

Question209: A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions.
These capabilities are BEST described as

Question210: Which of the following is an essential element of a privileged identity lifecycle management?

Question211: Which of the following are core categories of malicious attack against Internet of Things (IOT) devices?

Question212: Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?

Question213: Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?

Question214: Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?

Question215: Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?

Question216: Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services?

Question217: Which of the following will accomplish Multi-Factor Authentication (MFA)?

Question218: Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?

Question219: Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?

Question220: A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration test. What is the BEST course of action?

Question221: Which of the following is a characteristic of the independent testing of a program?

Question222: What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

Question223: Which of the following is the PRIMARY issue when analyzing detailed log information?

Question224: In configuration management, what baseline configuration information MUST be maintained for each computer system?

Question225: Which layer handle packet fragmentation and reassembly in the Open system interconnection (OSI) Reference model?

Question226: Why are packet filtering routers used in low-risk environments?

Question227: Why is lexical obfuscation in software development discouraged by many organizations?

Question228: In which identity management process is the subject's identity established?

Question229: Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Question230: Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?

Question231: Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?

Question232: A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Match the functional testing techniques on the left with the correct input parameters on the right.

Question233: Additional padding may be added to the Encapsulating security protocol (ESP) trailer to provide which of the following?

Question234: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

In a Bell-LaPadula system, which user cannot write to File 3?

Question235: Who would be the BEST person to approve an organizations information security policy?

Question236: Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?

Question237: When implementing a data classification program, why is it important to avoid too much granularity?

Question238: Which of the following is ensured when hashing files during chain of custody handling?

Question239: Place the following information classification steps in sequential order.

Question240: Which of the following phases involves researching a target's configuration from public sources when performing a penetration test?

Question241: Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Question242: Which of the following MUST be in place to recognize a system attack?

Question243: Although code using a specific program language may not be susceptible to a buffer overflow attack,

Question244: The PRIMARY outcome of a certification process is that it provides documented

Question245: A Business Continuity Plan (BCP) is based on

Question246: If a content management system (CMC) is implemented, which one of the following would occur?

Question247: Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?

Question248: In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?

Question249: Which of the following in the BEST way to reduce the impact of an externally sourced flood attack?

Question250: What is the MAIN feature that onion routing networks offer?

Question251: Which is the second phase of public key Infrastructure (pk1) key/certificate life-cycle management?

Question252: Which of the following is used to support the concept of defense in depth during the development phase of a software product?

Question253: Which of the following access management procedures would minimize the possibility of an organization's employees retaining access to secure werk areas after they change roles?

Question254: An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?

Question255: Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
If the intrusion causes the system processes to hang, which of the following has been affected?

Question256: In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?

Question257: As a security manger which of the following is the MOST effective practice for providing value to an organization?

Question258: What should be used immediately after a Business Continuity Plan (BCP) has been invoked?

Question259: Which of the following is TRUE regarding equivalence class testing?

Question260: Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage?

Question261: How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?

Question262: A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need?

Question263: Which of the following is true of Service Organization Control (SOC) reports?

Question264: Assume that a computer was powered off when an information security professional arrived at a crime scene. Which of the following actions should be performed after the crime scene is isolated?

Question265: Which one of the following can be used to detect an anomaly in a system by keeping track of the state of files that do not normally change?\

Question266: What is the BEST approach for maintaining ethics when a security professional is unfamiliar with the culture of a country and is asked to perform a questionable task?

Question267: An organization is required to comply with the Payment Card Industry Data Security Standard (PCI-DSS), what is the MOST effective approach to safeguard digital and paper media that contains cardholder data?

Question268: Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

Question269: Which of the following is a characteristic of convert security testing?

Question270: Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider's customers?

Question271: Which of the following is a network intrusion detection technique?

Question272: Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation?

Question273: Disaster Recovery Plan (DRP) training material should be

Question274: Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?

Question275: An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Question276: Which of the following media is LEAST problematic with data remanence?

Question277: Which of the following is the MOST crucial for a successful audit plan?

Question278: What is one way to mitigate the risk of security flaws in custom software?

Question279: A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

Question280: Continuity of operations is BEST supported by which of the following?

Question281: Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?

Question282: Drag the following Security Engineering terms on the left to the BEST definition on the right.

Question283: What is the most effective form of media sanitization to ensure residual data cannot be retrieved?

Question284: Which of the following is the MOST common method of memory protection?

Question285: Logical access control programs are MOST effective when they are

Question286: Who determines the required level of independence for security control Assessors (SCA)?

Question287: A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

Question288: Attack trees are MOST useful for which of the following?

Question289: Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic media.

Question290: Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Question291: "Stateful" differs from "Static" packet filtering firewalls by being aware of which of the following?

Question292: Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?

Question293: Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another

Question294: Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

Question295: Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?

Question296: copyright provides protection for which of the following?

Question297: An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?

Question298: Individuals have been identified and determined as having a need-to-know for the information. Which of the following access control methods MUST include a consistent set of rules for controlling and limiting access?

Question299: At a MINIMUM, audits of permissions to individual or group accounts should be scheduled

Question300: Which of the following violates identity and access management best practices?

Question301: How can a security engineer maintain network separation from a secure environment while allowing remote users to work in the secure environment?

Question302: Match the functional roles in an external audit to their responsibilities.
Drag each role on the left to its corresponding responsibility on the right.
Select and Place:

Question303: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
In addition to authentication at the start of the user session, best practice would require re-authentication

Question304: An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?

Question305: Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

Question306: Match the name of access control model with its associated restriction.
Drag each access control model to its appropriate restriction access on the right.

Question307: Which of the following entails identification of data end links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

Question308: Which of the following is a method of attacking internet protocol (IP) v6 Layer 3 and Layer 4?

Question309: Which of the following is the MAIN goal of a data retention policy?

Question310: A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?

Question311: Which of the following is a reason to use manual patch installation instead of automated patch management?

Question312: During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?

Question313: What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

Question314: Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?

Question315: Determining outage costs caused by a disaster can BEST be measured by the

Question316: Which of the following is the MOST important consideration that must be taken into account when deploying an enterprise patching solution that includes mobile devices?

Question317: Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?

Question318: A Simple Power Analysis (SPA) attack against a device directly observes which of the following?

Question319: The core component of Role Based Access control (RBAC) must be constructed of defined data elements, Which elements are required?

Question320: What is the GREATEST challenge of an agent-based patch management solution?

Question321: The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.
Which elements are required?

Question322: Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?

Question323: Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?

Question324: Which of the following job functions MUST be separated to maintain data and application integrity?

Question325: Which of the following media is least problematic with data remanence?

Question326: A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security Officer (CISO) says that the cloud provider has met all regulations requirements and even provides its own encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation?

Question327: Which of the following authorization standards is built to handle Application programming Interface (API) access for federated Identity management (FIM)?

Question328: In order to assure authenticity, which of the following are required?

Question329: A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is

Question330: Proven application security principles include which of the following?

Question331: When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and

Question332: Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment?

Question333: Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?

Question334: When implementing controls in a heterogeneous end-point network for an organization, it is critical that

Question335: Which of the following is needed to securely distribute symmetric cryptographic keys?

Question336: According to the Capability Maturity Model Integration (CMMI), which of the following levels is identified by a managed process that is tailored from the organization's set of standard processes according to the organization's tailoring guidelines?

Question337: Who must approve modifications to an organization's production infrastructure configuration?

Question338: When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?

Question339: The use of proximity card to gain access to a building is an example of what type of security control?

Question340: In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?

Question341: All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Question342: Identify the component that MOST likely lacks digital accountability related to information access.
Click on the correct device in the image below.

Question343: Which area of embedded devices are most commonly attacked?

Question344: In Disaster Recovery (DR) and Business Continuity (DC) training, which BEST describes a functional drill?

Question345: Which of the following is an effective method for avoiding magnetic media data remanence?

Question346: While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

Question347: Which of the following is the MOST important action regarding authentication?

Question348: The BEST method to mitigate the risk of a dictionary attack on a system is to

Question349: Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?

Question350: Which of the following steps should be conducted during the FIRST phase of software assurance in a generic acquisition process?

Question351: Contingency plan exercises are intended to do which of the following?

Question352: For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?

Question353: Which of the following is the MOST important activity an organization performs to ensure that securiy is part of the overall organization culture?