EMT Practice Test

1. Question Content...


Question List

Question1: A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3c?

Question2: In configuration management, what baseline configuration information MUST be maintained for each computer system?

Question3: Which one of the following considerations has the LEAST impact when considering transmission security?

Question4: Which of the following is an effective method for avoiding magnetic media data remanence?

Question5: Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another

Question6: Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?

Question7: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
In addition to authentication at the start of the user session, best practice would require re-authentication

Question8: What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Question9: A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in place. Which is the MOST suitable approach that the administrator should take?

Question10: Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

Question11: Information security metrics provide the GREATEST value tp management when based upon the security manager's knowledge of which of the following?

Question12: Which of the following job functions MUST be separated to maintain data and application integrity?

Question13: Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
In the plan, what is the BEST approach to mitigate future internal client-based attacks?

Question14: Which of the following is the MOST effective preventative method to identify security flaws in software?

Question15: Which of the following is the MOST common method of memory protection?

Question16: Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?

Question17: Why are packet filtering routers used in low-risk environments?

Question18: Which of the following mandates the amount and complexity of security controls applied to a security risk?

Question19: Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?

Question20: Why do certificate Authorities (CA) add value to the security of electronic commerce transactions?

Question21: When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?

Question22: Why is planning in Disaster Recovery (DR) an interactive process?

Question23: What is the best way for mutual authentication of devices belonging to the same organization?

Question24: What is the MAIN purpose of a change management policy?

Question25: Which of the following practices provides the development team with a definition of security and identification of threats in designing software?

Question26: After following the processes defined within the change management plan, a super user has upgraded a device within an Information system.
What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Question27: What is the MOST significant benefit of an application upgrade that replaces randomly generated session keys with certificate based encryption for communications with backend servers?

Question28: Match the functional roles in an external audit to their responsibilities.
Drag each role on the left to its corresponding responsibility on the right.
Select and Place:

Question29: Following the completion of a network security assessment, which of the following can BEST be demonstrated?

Question30: A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.
In which phase of the assessment was this error MOST likely made?

Question31: Which type of test would an organization perform in order to locate and target exploitable defects?

Question32: Which of the following is an important requirement when designing a secure remote access system?

Question33: An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?

Question34: What is the expected outcome of security awareness in support of a security awareness program?

Question35: Which of the following controls is the most for a system identified as critical in terms of data and function to the organization?

Question36: What is the process called when impact values are assigned to the security objectives for information types?

Question37: Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

Question38: During a Disaster Recovery (DR) assessment, additional coverage for assurance is required. What should en assessor do?

Question39: Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).

Question40: Which of the following is a characteristic of convert security testing?

Question41: Which of the following is the GREATEST security risk associated with the user of identity as a service (IDaaS) when an organization its own software?

Question42: Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Question43: Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages?

Question44: Which of the following is a responsibility of the information owner?

Question45: Which of the following in the BEST way to reduce the impact of an externally sourced flood attack?

Question46: An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses?

Question47: Which of the following methods provides the MOST protection for user credentials?

Question48: Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

Question49: When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?

Question50: When writing security assessment procedures, what is the MAIN purpose of the test outputs and reports?

Question51: Which of the following is a direct monetary cost of a security incident?

Question52: What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle?

Question53: A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

Question54: In order for application developers to detect potential vulnerabilities earlier during the Software Development Life Cycle (SDLC), which of the following safeguards should be implemented FIRST as part of a comprehensive testing framework?

Question55: Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
What additional considerations are there if the third party is located in a different country?

Question56: With data labeling, which of the following MUST be the key decision maker?

Question57: The MAIN reason an organization conducts a security authorization process is to

Question58: Which of the following types of data would be MOST difficult to detect by a forensic examiner?

Question59: Which of the following techniques is effective to detect taps in fiber optic cables?

Question60: Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

Question61: How should the retention period for an organization's social media content be defined?

Question62: An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Question63: Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?

Question64: How can lessons learned from business continuity training and actual recovery incidents BEST be used?

Question65: Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates?

Question66: What is the PRIMARY role of a scrum master in agile development?

Question67: Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?

Question68: Which of the following is a security weakness in the evaluation of common criteria (CC) products?

Question69: A company-wide penetration test result shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability?

Question70: Which of the following BEST describes a Protection Profile (PP)?

Question71: Which of the following is a network intrusion detection technique?

Question72: Why might a network administrator choose distributed virtual switches instead of stand-alone switches for network segmentation?

Question73: Which of the following is a characteristic of an internal audit?

Question74: A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

Question75: When defining a set of security controls to mitigate a risk, which of the following actions MUST occur?

Question76: Which of the following is the BEST defense against password guessing?

Question77: When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified?

Question78: The use of private and public encryption keys is fundamental in the implementation of which of the following?

Question79: Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?

Question80: What is the BEST location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access?

Question81: A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance?

Question82: Retaining system logs for six months or longer can be valuable for what activities?

Question83: Which of the following is a MAJOR concern when there is a need to preserve or retain information for future retrieval?

Question84: Which of the following practices provides the development of security and identification of threats in designing software?

Question85: When conducting a security assessment of access controls, which activity is part of the data analysis phase?

Question86: Digital certificates used in Transport Layer Security (TLS) support which of the following?

Question87: Which of the following is a security limitation of File Transfer Protocol (FTP)?

Question88: Who determines the required level of independence for security control Assessors (SCA)?

Question89: Which of the following is the BEST way to mitigate circumvention of access controls?

Question90: Which of the following activities is MOST likely to be performed during a vulnerability assessment?

Question91: An organization plan on purchasing a custom software product developed by a small vendor to support its business model. Which unique consideration should be made part of the contractual agreement potential long-term risks associated with creating this dependency?

Question92: Reciprocal backup site agreements are considered to be

Question93: Which of the following is the MOST important reason for using a chain of custody from?

Question94: The amount of data that will be collected during an audit is PRIMARILY determined by the.

Question95: Which of the following represents the GREATEST risk to data confidentiality?

Question96: Which type of test suite should be run for fast feedback during application develoment?

Question97: As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these accounts maintained their old permissions as well. The obsolete permissions identified by the audit have been remediated and accounts have only the appropriate permissions to complete their jobs.
Which of the following is the BEST way to prevent access privilege creep?

Question98: Secure Sockets Layer (SSL) encryption protects

Question99: An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?

Question100: Which of the following would an internal technical security audit BEST validate?

Question101: A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?

Question102: Which of the following MOST applies to session initiation protocal (SIP) security?

Question103: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will indicate where the IT budget is BEST allocated during this time?

Question104: Which of the following is a peor entity authentication method for Point-to-Point Protocol (PPP)?

Question105: Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information?

Question106: Which of the following is the reason that transposition ciphers are easily recognizable?

Question107: While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?

Question108: With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question109: Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a

Question110: Why are mobile devices something difficult to investigate in a forensic examination?

Question111: Which of the following BEST avoids data remanence disclosure for cloud hosted resources?

Question112: Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

Question113: The core component of Role Based Access control (RBAC) must be constructed of defined data elements, Which elements are required?

Question114: A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need?

Question115: A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used?

Question116: Which of the following authorization standards is built to handle Application programming Interface (API) access for federated Identity management (FIM)?

Question117: Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

Question118: Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

Question119: A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?

Question120: Which of the following combinations would MOST negatively affect availability?

Question121: Which of the following is the MOST important reason for timely installation of software patches?

Question122: An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?

Question123: Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?

Question124: During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?

Question125: If a content management system (CMC) is implemented, which one of the following would occur?

Question126: Which of the following is MOST important when assigning ownership of an asset to a department?

Question127: Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available. Which of the following MUST Organization A 0do to property classify and secure the acquired data?

Question128: Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

Question129: Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Question130: A vehicle of a private courier company that transports backup data for offsite storage was robbed while in transport backup data for offsite was robbed while in transit. The incident management team is now responsible to estimate the robbery, which of the following would help the incident management team to MOST effectively analyze the business impact of the robbery?

Question131: When using Security Assertion markup language (SAML), it is assumed that the principal subject

Question132: Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

Question133: An organization has a short-term agreement with a public Cloud Service Provider (CSP). Which of the following BEST protects sensitive data once the agreement expires and the assets are reused?

Question134: In order for a security policy to be effective within an organization, it MUST include

Question135: Which of the following is the FIRST step of a penetration test plan?

Question136: What is the PRIMARY advantage of using automated application security testing tools?

Question137: When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

Question138: Which of the following is the MOST important security goal when performing application interface testing?

Question139: Physical Access Control Systems (PACS) allow authorized security personnel to manage and monitor access control for subjects through which function?

Question140: What protocol is often used between gateway hosts on the Internet' To control the scope of a Business Continuity Management (BCM) system, a security practitioner should identify which of the following?

Question141: Attack trees are MOST useful for which of the following?

Question142: Which of the following management processes allots ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Question143: What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

Question144: Contingency plan exercises are intended to do which of the following?

Question145: What is the second phase of public key infrastructure (PKI) key/certificate life-cycle management?

Question146: Why is a system's criticality classification important in large organizations?

Question147: The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

Question148: Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?

Question149: Which layer handle packet fragmentation and reassembly in the Open system interconnection (OSI) Reference model?

Question150: What is one way to mitigate the risk of security flaws in custom software?

Question151: For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?

Question152: After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue?

Question153: When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?

Question154: In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?

Question155: Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)?

Question156: Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?

Question157: An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Question158: If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the

Question159: Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/internet Protocol (TCP/IP) traffic?

Question160: Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Question161: Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?

Question162: An analysis finds unusual activity coming from a computer that was thrown away several months prior, which of the following steps ensure the proper removal of the system?

Question163: Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?

Question164: Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

Question165: Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Question166: Which methodology is recommended for penetration testing to be effective in the development phase of the life-cycle process?

Question167: Which of the following is part of a Trusted Platform Module (TPM)?

Question168: A criminal organization is planning an attack on a government network. Which of the following is the MOST severe attack to the network availability?

Question169: As a best practice, the Security Assessment Report (SAR) should include which of the following sections?

Question170: Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP).
Which of the following represents a valid measure to help protect the network against unauthorized access?

Question171: A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Match the functional testing techniques on the left with the correct input parameters on the right.

Question172: An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

Question173: Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?

Question174: Which of the following does the Encapsulating Security Payload (ESP) provide?

Question175: When deploying en Intrusion Detection System (IDS) on a high-volume network, the need to distribute the load across multiple sensors would create which technical problem?

Question176: Which of the following is a function of Security Assertion Markup Language (SAML)?

Question177: Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?

Question178: Which of the following is MOST important when deploying digital certificates?

Question179: At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled?

Question180: Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?

Question181: Which of the following would BEST describe the role directly responsible for data within an organization?

Question182: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will MOST likely allow the organization to keep risk at an acceptable level?

Question183: What is the BEST way to correlate large volumes of disparate data sources in a Security Operations Center (SOC) environment?

Question184: Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

Question185: Which of the following is the MOST important goal of information asset valuation?

Question186: When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

Question187: Although code using a specific program language may not be susceptible to a buffer overflow attack,

Question188: What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)?

Question189: Which of the following is a characteristic of a challenge/response authentication process?

Question190: What is the MAIN goal of information security awareness and training?

Question191: When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?

Question192: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Which of the following is true according to the star property (*property)?

Question193: An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred?

Question194: Which of the following is the PRIMARY security concern associated with the implementation of smart cards?

Question195: What type of access control determines the authorization to resource based on pre-defined job titles within an organization?

Question196: When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

Question197: An organization has discovered that users are visiting unauthorized websites using anonymous proxies.
Which of the following is the BEST way to prevent future occurrences?

Question198: In a financial institution, who has the responsibility for assigning the classification to a piece of information?

Question199: Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security?

Question200: Place the following information classification steps in sequential order.

Question201: Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

Question202: What are the steps of a risk assessment?

Question203: During a Disaster Recovery (DR) simulation, it is discovered that the shared recovery site lacks adequate data restoration capabilities to support the implementation of multiple plans simultaneously. What would be impacted by this fact if left unchanged?

Question204: Which of the following is an example of two-factor authentication?

Question205: Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?

Question206: Which of the following describes the BEST configuration management practice?

Question207: As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to

Question208: A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security Officer (CISO) says that the cloud provider has met all regulations requirements and even provides its own encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation?

Question209: What is the PRIMARY purpose of auditing, as it relates to the security review cycle?

Question210: Which of the following is the MOST important consideration that must be taken into account when deploying an enterprise patching solution that includes mobile devices?

Question211: Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?

Question212: Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

Question213: Individual access to a network is BEST determined based on

Question214: A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

Question215: What is the GREATEST challenge to identifying data leaks?

Question216: How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?

Question217: Which of the following can BEST prevent security flaws occurring in outsourced software development?

Question218: Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?

Question219: Which of the following statements is TRUE for point-to-point microwave transmissions?

Question220: Which would result in the GREATEST import following a breach to a cloud environment?

Question221: Which Redundant Array c/ Independent Disks (RAID) Level does the following diagram represent?

Question222: Identify the component that MOST likely lacks digital accountability related to information access.
Click on the correct device in the image below.

Question223: Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

Question224: How does an organization verify that an information system's current hardware and software match the standard system configuration?

Question225: Which of the following is the MOST significant benefit to implementing a third-party federated identity architecture?

Question226: Who is essential for developing effective test scenarios for disaster recovery (DR) test plans?

Question227: Which of the following BEST describes the responsibilities of a data owner?

Question228: The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity?

Question229: The BEST method to mitigate the risk of a dictionary attack on a system is to

Question230: The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?

Question231: Which of the following information MUST be provided for user account provisioning?

Question232: Who in the organization is accountable for classification of data information assets?

Question233: In which identity management process is the subject's identity established?

Question234: When is a Business Continuity Plan (BCP) considered to be valid?

Question235: How long should the records on a project be retained?

Question236: A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results.
What should be implemented to BEST achieve the desired results?

Question237: Drag the following Security Engineering terms on the left to the BEST definition on the right.

Question238: What operations role is responsible for protecting the enterprise from corrupt or contaminated media?

Question239: The 802.1x standard provides a framework for what?

Question240: Which is the second phase of public key Infrastructure (pk1) key/certificate life-cycle management?

Question241: Which of the following is the BEST reason for the use of security metrics?

Question242: Backup information that is critical to the organization is identified through a

Question243: Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

Question244: While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

Question245: During a fingerprint verification process, which of the following is used to verify identity and authentication?

Question246: A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.
Which of the following is the BEST location?

Question247: Given a file containing ordered number, i.e. "123456789," match each of the following redundant Array of independent Disks (RAID) levels to the corresponding visual representation visual representation. Note: P() = parity.
Drag each level to the appropriate place on the diagram.

Question248: If a content management system (CSM) is implemented, which one of the following would occur?

Question249: Which of the following is the PRIMARY consideration when determining the frequency an automated control should be assessed or monitored?

Question250: What is the BEST method to detect the most common improper initialization problems in programming languages?

Question251: During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?

Question252: It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?

Question253: The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data

Question254: By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

Question255: What is an important characteristic of Role Based Access Control (RBAC)?

Question256: Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?

Question257: How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?

Question258: When implementing controls in a heterogeneous end-point network for an organization, it is critical that

Question259: By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?

Question260: Which of the following techniques BEST prevents buffer overflows?

Question261: Which of the following is a standard Access Control List (ACL) element that enables a router to filter Internet traffic?

Question262: An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?

Question263: The birthday attack is MOST effective against which one of the following cipher technologies?

Question264: A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system?

Question265: What are the roles within a scrum methodoligy?

Question266: Intellectual property rights are PRIMARY concerned with which of the following?

Question267: When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs?

Question268: A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration test. What is the BEST course of action?

Question269: Which of the following is the BEST reason to review audit logs periodically?

Question270: What is the second step in the identity and access provisioning lifecycle?

Question271: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
When determining appropriate resource allocation, which of the following is MOST important to monitor?

Question272: A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

Question273: A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually?

Question274: Which of the following is a recommended alternative to an integrated email encryption system?

Question275: An organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general information technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?

Question276: Which one of the following affects the classification of data?

Question277: Which security action should be taken FIRST when computer personnel are terminated from their jobs?

Question278: Order the below steps to create an effective vulnerability management process.

Question279: The goal of software assurance in application development is to

Question280: An organization's data policy MUST include a data retention period which is based on

Question281: Without proper signal protection, embedded systems may be prone to which type of attack?

Question282: Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?

Question283: What is the BEST method if an investigator wishes to analyze a hard drive which may be used as evidence?

Question284: Which of the following is the BEST countermeasure to brute force login attacks?

Question285: The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Question286: In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?

Question287: Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?

Question288: Which of the following is the BEST reason for writing an information security policy?

Question289: Internet Protocol (IP) source address spoofing is used to defeat

Question290: Why should Open Web Application Security Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application?

Question291: What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

Question292: Which of the following is MOST critical in a contract in a contract for data disposal on a hard drive with a third party?

Question293: Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
The organization should ensure that the third party's physical security controls are in place so that they

Question294: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?

Question295: A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating system (OS) was not properly detected.
Where in the vulnerability assessment process did the error MOST likely occur?

Question296: Discretionary Access Control (DAC) restricts access according to

Question297: Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Question298: Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?

Question299: Which of the following is the MOST critical success factor in the security patch management process?

Question300: For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?

Question301: Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized?

Question302: Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?

Question303: Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?

Question304: What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?

Question305: Which of the following technologies would provide the BEST alternative to anti-malware software?

Question306: Configuring a Wireless Access Point (WAP) with the same Service Set Identifier (SSID) as another WAP in order to have users unknowingly connect is referred to as which of the following?

Question307: During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?

Question308: Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?

Question309: The process of mutual authentication involves a computer system authenticating a user and authenticating the

Question310: Which of the following is generally indicative of a replay attack when dealing with biometric authentication?

Question311: copyright provides protection for which of the following?

Question312: Which of the following restricts the ability of an individual to carry out all the steps of a particular process?

Question313: Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?

Question314: Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?

Question315: What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?

Question316: Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?

Question317: Which of the following can be used to calculate the loss event probability?

Question318: Due to system constraints, a group of system administrators must share a high-level access set of credentials.
Which of the following would be MOST appropriate to implement?

Question319: Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Question320: Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
What MUST the plan include in order to reduce client-side exploitation?

Question321: Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

Question322: Which of the following BEST describes the purpose of performing security certification?

Question323: What should happen when an emergency change to a system must be performed?

Question324: What access control scheme uses fine-grained rules to specify the conditions under which access to each data item or applications is granted?

Question325: Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?

Question326: An advantage of link encryption in a communications network is that it

Question327: Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

Question328: Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services?

Question329: Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?

Question330: In fault-tolerant systems, what do rollback capabilities permit?

Question331: What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?

Question332: A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating System (OS) was not properly detected.
Where in the vulnerability assessment process did the erra MOST likely occur?

Question333: What is the FIRST step required in establishing a records retention program?

Question334: What is the MOST important reason to configure unique user IDs?

Question335: When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

Question336: Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization's network. A plan will be necessary to address these concerns.
What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?

Question337: Which of the following questions can be answered using user and group entitlement reporting?

Question338: An organization operates a legacy Industrial Control System (ICS) to support its core business service, which carrot be replaced. Its management MUST be performed remotely through an administrative console software, which in tum depends on an old version of the Java Runtime Environment (JPE) known to be vulnerable to a number of attacks, How is this risk BEST managed?

Question339: The goal of a Business Continuity Plan (BCP) training and awareness program is to

Question340: Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process?

Question341: Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?

Question342: Unused space in a disk cluster is important in media analysis because it may contain which of the following?

Question343: How does identity as a service (IDaaS) provide an easy mechanism for integrating identity service into individual applications with minimal development effort?

Question344: Data remanence is the biggest threat in which of the following scenarios?

Question345: What does the result of Cost-Benefit Analysis (C8A) on new security initiatives provide?

Question346: Why MUST a Kerberos server be well protected from unauthorized access?