EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following BEST describes how access to a system is granted to federated user accounts?

Question2: A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

Question3: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
In addition to authentication at the start of the user session, best practice would require re-authentication

Question4: Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

Question5: Which of the following is the BEST method to assess the effectiveness of an organization's vulnerability management program?

Question6: Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?

Question7: Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Question8: Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Question9: Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

Question10: The security team has been tasked with performing an interface test against a frontend external facing application and needs to verify that all input fields protect against invalid input. Which of the following BEST assists this process?

Question11: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?

Question12: Which security modes is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data?

Question13: Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?

Question14: What is the ultimate objective of information classification?

Question15: What does secure authentication with logging provide?

Question16: An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses?

Question17: Which of the following analyses is performed to protect information assets?

Question18: Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?

Question19: Which of the following threats exists with an implementation of digital signatures?

Question20: When deploying en Intrusion Detection System (IDS) on a high-volume network, the need to distribute the load across multiple sensors would create which technical problem?

Question21: During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.

Question22: Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

Question23: A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?

Question24: At a MINIMUM, audits of permissions to individual or group accounts should be scheduled

Question25: Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
What MUST the plan include in order to reduce client-side exploitation?

Question26: Mandatory Access Controls (MAC) are based on:

Question27: Which of the following initiates the systems recovery phase of a disaster recovery plan?

Question28: Which of the following is an essential step before performing Structured Query Language (SQL) penetration tests on a production system?

Question29: What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?

Question30: A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack targeting its web application, unless ransom is paid. Which of the following techniques BEST addresses that threat?

Question31: What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

Question32: To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?

Question33: What is the best way for mutual authentication of devices belonging to the same organization?

Question34: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Which of the following is true according to the star property (*property)?

Question35: Which of the following is a remote access protocol that uses a static authentication?

Question36: Which of the following is the MOST beneficial to review when performing an IT audit?

Question37: When conducting a forensic criminal investigation on a computer had drive, what should be dene PRIOR to analysis?

Question38: Which of the following is an appropriate source for test data?

Question39: What is the difference between media marking and media labeling?

Question40: What should an auditor do when conducting a periodic audit on media retention?

Question41: Which of the following is a common measure within a Local Area Network (LAN) to provide en additional level of security through segmentation?

Question42: Which of the following is the BEST approach for a forensic examiner to obtain the greatest amount of relevant information form malicious software?

Question43: A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of which of the following?

Question44: Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation?

Question45: When can a security program be considered effective?

Question46: By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?

Question47: Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?

Question48: The adoption of an enterprise-wide business continuity program requires Which of the following?

Question49: Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?

Question50: What is the BEST approach for maintaining ethics when a security professional is unfamiliar with the culture of a country and is asked to perform a questionable task?

Question51: Why must all users be positively identified prior to using multi-user computers?

Question52: Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

Question53: Which of the following is true of Service Organization Control (SOC) reports?

Question54: Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?

Question55: What is the correct order of steps in an information security assessment?
Place the information security assessment steps on the left next to the numbered boxes on the right in the correct order.

Question56: An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Question57: What does the Maximum Tolerable Downtime (MTD) determine?

Question58: Which type of fire alarm system sensor is intended to detect fire at its earliest stage?

Question59: A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?

Question60: A disadvantage of an application filtering firewall is that it can lead to

Question61: What is an effective practice when returning electronic storage media to third parties for repair?

Question62: Drag the following Security Engineering terms on the left to the BEST definition on the right.

Question63: What is the foundation of cryptographic functions?

Question64: Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?

Question65: Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?

Question66: Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services?

Question67: What technique used for spoofing the origin of an email can successfully conceal the sender s Internet Protocol (IP) address?

Question68: Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?

Question69: A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Question70: For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?

Question71: When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

Question72: Which of the following is an important requirement when designing a secure remote access system?

Question73: Which of the following is MOST critical in a contract in a contract for data disposal on a hard drive with a third party?

Question74: The organization would like to deploy an authorization mechanism for an Information Technology (IT) infrastructure project with high employee turnover.
Which access control mechanism would be preferred?

Question75: Which of the following is the GREATEST security risk associated with the user of identity as a service (IDaaS) when an organization its own software?

Question76: Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Question77: When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Question78: What is the PRIMARY purpose of auditing, as it relates to the security review cycle?

Question79: When implementing a data classification program, why is it important to avoid too much granularity?

Question80: Which of the following System and Organization Controls (SOC) report types should an organization request if they require a period of time report covering security and availability for a particular system?

Question81: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program from being installed on the computer?

Question82: Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Question83: Which of the following is the MOST important reason for timely installation of software patches?

Question84: When using Security Assertion markup language (SAML), it is assumed that the principal subject

Question85: Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

Question86: Which of the following is the PRIMARY consideration when determining the frequency an automated control should be assessed or monitored?

Question87: Which one of the following is a common risk with network configuration management?

Question88: Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?

Question89: Secure real-time transport protocol (SRTP) provides security for which of the following?

Question90: When is a Business Continuity Plan (BCP) considered to be valid?

Question91: Data leakage of sensitive information is MOST often concealed by which of the following?

Question92: Information security metrics provide the GREATEST value tp management when based upon the security manager's knowledge of which of the following?

Question93: A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

Question94: A large corporation is locking for a solution to automate access based on where on request is coming from, who the user is, what device they are connecting with, and what time of day they are attempting this access. What type of solution would suit their needs?

Question95: Single Sign-On (SSO) is PRIMARILY designed to address which of the following?

Question96: Which of the following is the MOST crucial for a successful audit plan?

Question97: How does an organization verify that an information system's current hardware and software match the standard system configuration?

Question98: Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?

Question99: Which layer of the Open system Interconnect (OSI) model is responsible for secure data transfer between applications, flow control, and error detection and correction?

Question100: A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files?

Question101: An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?

Question102: Logical access control programs are MOST effective when they are

Question103: Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain.
Which of the following is LEAST associated with the attack surface?

Question104: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Which of the following is considered the MOST important priority for the information security officer?

Question105: Which of the following is MOST important when determining appropriate countermeasures for an identified risk?

Question106: When transmitting information over public networks, the decision to encrypt it should be based on

Question107: An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?

Question108: Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?

Question109: A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

Question110: Individual access to a network is BEST determined based on

Question111: Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)?

Question112: Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available. Which of the following MUST Organization A 0do to property classify and secure the acquired data?

Question113: Which of the following is the BEST way to protect against structured Query language (SQL) injection?

Question114: Which of the following is a method of attacking internet (IP) v6 Layer 3 and Layer 4 ?

Question115: Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Question116: Which of the following is a peor entity authentication method for Point-to-Point Protocol (PPP)?

Question117: Which of the following will accomplish Multi-Factor Authentication (MFA)?

Question118: The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

Question119: Which of the following is a PRIMARY challenge when running a penetration test?

Question120: A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system?

Question121: Which of the following is used to detect steganography?

Question122: Which is the second phase of public key Infrastructure (pk1) key/certificate life-cycle management?

Question123: An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies.
What code of ethics canon is being observed?

Question124: Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?

Question125: The process of mutual authentication involves a computer system authenticating a user and authenticating the

Question126: Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?

Question127: When planning a penetration test, the tester will be MOST interested in which information?

Question128: Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?

Question129: Which of the following is the MOST difficult to enforce when using cloud computing?

Question130: Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Question131: What is the purpose of an Internet Protocol (IP) spoofing attack?

Question132: Which of the following is the MOST effective countermeasure against Man-in-the Middle (MITM) attacks while using online banking?

Question133: During which of the following processes is least privilege implemented for a user account?

Question134: An organization's information security strategic plan MUST be reviewed

Question135: Which is the RECOMMENDED configuration mode for sensors for an intrusion prevention system (IPS) if the prevention capabilities will be used?

Question136: Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host?

Question137: A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst's next step?

Question138: Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized?

Question139: An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application?

Question140: What is one way to mitigate the risk of security flaws in custom software?

Question141: As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

Question142: Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?

Question143: Which Web Services Security (WS-Security) specification negotiates how security tokens will be issued, renewed and validated? Click on the correct specification in the image below.

Question144: What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?

Question145: Which open standard could l large corporation deploy for authorization services for single sign-on (SSO) use across multiple internal and external application?

Question146: Which one of the following affects the classification of data?

Question147: Which of the following is the FIRST step during digital identity provisioning?

Question148: Which of the following is a characteristic of convert security testing?

Question149: Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?

Question150: Why are mobile devices something difficult to investigate in a forensic examination?

Question151: From a security perspective, which of the following assumptions MUST be made about input to an application?

Question152: Discretionary Access Control (DAC) restricts access according to

Question153: When implementing controls in a heterogeneous end-point network for an organization, it is critical that

Question154: Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?

Question155: During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

Question156: What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?

Question157: What are the roles within a scrum methodoligy?

Question158: Which of the following steps is performed during the forensic data analysis phase?

Question159: Without proper signal protection, embedded systems may be prone to which type of attack?

Question160: Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength.
Drag the authentication type on the correct positions on the right according to strength from weakest to strongest.

Question161: When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Question162: Given the various means to protect physical and logical assets, match the access management area to the technology.

Question163: Which of the following encryption types is used in Hash Message Authentication Code (HMAC) for key distribution?

Question164: Which of the following activities is MOST likely to be performed during a vulnerability assessment?

Question165: Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?

Question166: What is the FIRST step required in establishing a records retention program?

Question167: In order for a security policy to be effective within an organization, it MUST include

Question168: Drag the following Security Engineering terms on the left to the BEST definition on the right.

Question169: A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of

Question170: Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?

Question171: Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?

Question172: During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?

Question173: A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is

Question174: Company A is evaluating new software to replace an in-house developed application. During the acquisition process. Company A specified the security retirement, as well as the functional requirements. Company B responded to the acquisition request with their flagship product that runs on an Operating System (OS) that Company A has never used nor evaluated. The flagship product meets all security -and functional requirements as defined by Company A.
Based upon Company B's response, what step should Company A take?

Question175: Although code using a specific program language may not be susceptible to a buffer overflow attack,

Question176: What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?

Question177: The PRIMARY purpose of a security awareness program is to

Question178: Which of the following methods provides the MOST protection for user credentials?

Question179: An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Question180: Which of the following would an internal technical security audit BEST validate?

Question181: Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Question182: During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems?

Question183: With data labeling, which of the following MUST be the key decision maker?

Question184: A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?

Question185: Are companies legally required to report all data breaches?

Question186: Which of the following is the MOST effective practice in managing user accounts when an employee is terminated?

Question187: The overall goal of a penetration test is to determine a system's

Question188: Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?

Question189: What component of a web application that stores the session state in a cookie can be bypassed by an attacker?

Question190: Which layer handle packet fragmentation and reassembly in the Open system interconnection (OSI) Reference model?

Question191: If compromised, which of the following would lead to the exploitation of multiple virtual machines?

Question192: Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?

Question193: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will indicate where the IT budget is BEST allocated during this time?

Question194: Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

Question195: Which of the following is the PRIMARY security concern associated with the implementation of smart cards?

Question196: In a basic SYN flood attack, what is the attacker attempting to achieve?

Question197: How can lessons learned from business continuity training and actual recovery incidents BEST be used?

Question198: The BEST method to mitigate the risk of a dictionary attack on a system is to

Question199: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?

Question200: Limiting the processor, memory, and Input/output (I/O) capabilities of mobile code is known as

Question201: During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL):
http://www.companysite.com/products/products.asp?productid=123 or 1=1
What type of attack does this indicate?

Question202: Changes to a Trusted Computing Base (TCB) system that could impact the security posture of that system and trigger a recertification activity are documented in the

Question203: What access control scheme uses fine-grained rules to specify the conditions under which access to each data item or applications is granted?

Question204: A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?

Question205: An organization implements a Remote Access Server (RAS). Once users correct to the server, digital certificates are used to authenticate their identity. What type of Extensible Authentication Protocol (EAP) would the organization use dring this authentication?

Question206: Data remanence is the biggest threat in which of the following scenarios?

Question207: What operations role is responsible for protecting the enterprise from corrupt or contaminated media?

Question208: When designing on Occupent Emergency plan (OEP) for United states (US) Federal government facilities, what factor must be considered?

Question209: Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?

Question210: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will be the PRIMARY security concern as staff is released from the organization?

Question211: An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.
As part of the authentication process, which of the following must the end user provide?

Question212: Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?

Question213: Which of the following is the PRIMARY issue when analyzing detailed log information?

Question214: Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?

Question215: Which of the following is a responsibility of a data steward?

Question216: Functional security testing is MOST critical during which phase of the system development life cycle (SDLC)?

Question217: Which of the following is the MOST significant benefit to implementing a third-party federated identity architecture?

Question218: Which of the following is the MOST common method of memory protection?

Question219: Copyright provides protection for which of the following?

Question220: A security practitioner is tasked with securing the organization's Wireless Access Points (WAP). Which of these is the MOST effective way of restricting this environment to authorized users?

Question221: Which of the following controls is the most for a system identified as critical in terms of data and function to the organization?

Question222: Which of the following MUST be in place to recognize a system attack?

Question223: An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?

Question224: Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates?

Question225: Which of the following techniques is effective to detect taps in fiber optic cables?

Question226: During a recent assessment an organization has discovered that the wireless signal can be detected outside the campus area. What logical control should be implemented in order to BFST protect One confidentiality of information traveling One wireless transmission media?

Question227: When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?

Question228: A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need?

Question229: It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?

Question230: A Simple Power Analysis (SPA) attack against a device directly observes which of the following?

Question231: A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?

Question232: Which of the following is included in the Global System for Mobile Communications (GSM) security framework?

Question233: A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

Question234: Due to system constraints, a group of system administrators must share a high-level access set of credentials.
Which of the following would be MOST appropriate to implement?

Question235: Which of the following is the weakest form of protection for an application that handles Personally Identifiable Information (PII)?

Question236: A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security Officer (CISO) says that the cloud provider has met all regulations requirements and even provides its own encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation?

Question237: Reciprocal backup site agreements are considered to be

Question238: Match the name of access control model with its associated restriction.
Drag each access control model to its appropriate restriction access on the right.

Question239: Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
In the plan, what is the BEST approach to mitigate future internal client-based attacks?

Question240: What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?

Question241: What does a Synchronous (SYN) flood attack do?

Question242: Which of the following is the BEST Identity-as-a-Service (IDaaS) solution for validating users?

Question243: Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

Question244: Which of the following is MOST important when assigning ownership of an asset to a department?

Question245: Which of the following is the BEST technique to facilitate secure software development?

Question246: An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to

Question247: What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

Question248: Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

Question249: What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?

Question250: Which of the following is the MAIN reason for using configuration management?

Question251: A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?

Question252: When conducting a security assessment of access controls, which activity is part of the data analysis phase?

Question253: When building a data classification scheme, which of the following is the PRIMARY concern?

Question254: Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
What additional considerations are there if the third party is located in a different country?

Question255: Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?

Question256: Which of the following is a security weakness in the evaluation of common criteria (CC) products?

Question257: Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages?

Question258: Which of the following is used to support the of defense in depth during development phase of a software product?

Question259: When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs?

Question260: From an asset security perspective, what is the BEST countermeasure to prevent data theft due to data remanence when a sensitive data storage media is no longer needed?

Question261: An Intrusion Detection System (IDS) is based on the general hypothesis that a security violation is associated with a pattern of system usage which can be

Question262: What is the PRIMARY goal of fault tolerance?

Question263: The 802.1x standard provides a framework for what?

Question264: Which of the following is critical if an employee is dismissed due to violation of an organization's Acceptable Use Policy (ALP)?

Question265: Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?

Question266: Which of the following is the key requirement for test results when implementing forensic procedures?

Question267: Which of the following steps should be conducted during the FIRST phase of software assurance in a generic acquisition process?

Question268: An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?

Question269: Which of the following is most helpful in applying the principle of LEAST privilege?

Question270: For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?

Question271: The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

Question272: What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle?

Question273: Which of the following is a reason to use manual patch installation instead of automated patch management?

Question274: What is the MOST efficient way to secure a production program and its data?

Question275: Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

Question276: The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using

Question277: Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

Question278: Determining outage costs caused by a disaster can BEST be measured by the

Question279: Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?

Question280: When defining a set of security controls to mitigate a risk, which of the following actions MUST occur?

Question281: Which of the following is the MOST efficient mechanism to account for all staff during a speedy non- emergency evacuation from a large security facility?

Question282: What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Question283: What does an organization FIRST review to assure compliance with privacy requirements?

Question284: An employee receives a promotion that entities them to access higher-level functions on the company's accounting system, as well as keeping their access to the previous system that is no longer needed or applicable. What is the name of the process that tries to remove this excess privilege?

Question285: Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?

Question286: An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Question287: Which of the following is the MAIN goal of a data retention policy?

Question288: What Is the FIRST step in establishing an information security program?

Question289: Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Question290: The PRIMARY security concern for handheld devices is the

Question291: Which of the following findings would MOST likely indicate a high risk in a vulnerability assessment report?

Question292: A continuous information security monitoring program can BEST reduce risk through which of the following?

Question293: What is the MOST common component of a vulnerability management framework?

Question294: When should an application invoke re-authentication in addition to initial user authentication?

Question295: Change management policies and procedures belong to which of the following types of controls?

Question296: Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

Question297: Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?

Question298: Which of the following BEST provides for non-repudiation od user account actions?

Question299: Which of the following are effective countermeasures against passive network-layer attacks?

Question300: What is the expected outcome of security awareness in support of a security awareness program?