Question1: What part of an organization's strategic risk assessment MOST likely includes information on items affecting the success of the organization?
Question2: When reviewing the security logs, the password shown for an administrative login event was ' OR ' '1'='1' --. This is an example of which of the following kinds of attack?
Question3: A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
Question4: A continuous information security monitoring program can BEST reduce risk through which of the following?
Question5: Which of the following would need to be configured to ensure a device with a specific MAC address is always assigned the same IP address from DHCP?
Question6: During a Disaster Recovery (DR) simulation, it is discovered that the shared recovery site lacks adequate data restoration capabilities to support the implementation of multiple plans simultaneously. What would be impacted by this fact if left unchanged?
Question7: Which one of the following is a fundamental objective in handling an incident?
Question8: When transmitting information over public networks, the decision to encrypt it should be based on
Question9: Order the below steps to create an effective vulnerability management process.

Question10: Which of the following is the BEST way to determine the success of a patch management process?
Question11: Which of the following is used to detect steganography?
Question12: When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?
Question13: An organization wants to migrate to Session Initiation Protocol (SIP) to save on telephony expenses. Which of the following security related statements should be considered in the decision-making process?
Question14: Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host?
Question15: In software development, which of the following entities normally signs the code to protect the code integrity?
Question16: Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?
Question17: Which Web Services Security (WS-Security) specification negotiates how security tokens will be issued, renewed and validated? Click on the correct specification in the image below.

Question18: Why would a security architect specify that a default route pointing to a sinkhole be injected into internal networks?
Question19: Which of the following is the PRIMARY benefit of a formalized information classification program?
Question20: Which of the following is the MOST crucial for a successful audit plan?
Question21: A corporation does not have a formal data destruction policy. During which phase of a criminal legal proceeding will this have the MOST impact?
Question22: Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
Question23: What industry-recognized document could be used as a baseline reference that is related to data security and business operations for conducting a security assessment?
Question24: In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of
Question25: It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?
Question26: When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?
Question27: Which of the following is an advantage of' Secure Shell (SSH)?
Question28: Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network engineers have asked for assistance in identifying the root cause of the event. Which of the following is the MOST likely cause?
Question29: Which of the following MUST be in place to recognize a system attack?
Question30: The application of which of the following standards would BEST reduce the potential for data breaches?
Question31: A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?
Question32: Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?
Question33: An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?
Question34: When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?
Question35: Which of the following activities should a forensic examiner perform FIRST when determining the priority of digital evidence collection at a crime scene?
Question36: Which of the following are the three MAIN categories of security controls?
Question37: What does the result of Cost-Benefit Analysis (C8A) on new security initiatives provide?
Question38: Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?
Question39: A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack targeting its web application, unless ransom is paid. Which of the following techniques BEST addresses that threat?
Question40: Which of the following is a network intrusion detection technique?
Question41: When are security requirements the LEAST expensive to implement?
Question42: A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?
Question43: Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?
Question44: A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?
Question45: Which of the following determines how traffic should flow based on the status of the infrastructure layer?
Question46: A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used?
Question47: Which of the following is used to support the of defense in depth during development phase of a software product?
Question48: Which of the following is the BEST method to assess the effectiveness of an organization's vulnerability management program?
Question49: An organization operates a legacy Industrial Control System (ICS) to support its core business service, which carrot be replaced. Its management MUST be performed remotely through an administrative console software, which in tum depends on an old version of the Java Runtime Environment (JPE) known to be vulnerable to a number of attacks, How is this risk BEST managed?
Question50: Which of the following is needed to securely distribute symmetric cryptographic keys?
Question51: Which of the following is a remote access protocol that uses a static authentication?
Question52: Which of the following is the MOST significant key management problem due to the number of keys created?
Question53: As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?
Question54: A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to injection attacks specifically, What strategy will work BEST for the organization's situation?
Question55: Two remote offices need to be connected securely over an untrustworthy MAN. Each office needs to access network shares at the other site. Which of the following will BEST provide this functionality?
Question56: What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software defined networking (SDN)?
Question57: Which is the second phase of public key Infrastructure (pk1) key/certificate life-cycle management?
Question58: Single Sign-On (SSO) is PRIMARILY designed to address which of the following?
Question59: A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The audit logging generates extremely high amount of logs. What is the MOST appropriate strategy for the log retention?
Question60: An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy?
Question61: Upon commencement of an audit within an organization, which of the following actions is MOST important for the auditor(s) to take?
Question62: In a dispersed network that lacks central control, which of the following is die PRIMARY course of action to mitigate exposure?
Question63: Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength.
Drag the authentication type on the correct positions on the right according to strength from weakest to strongest.

Question64: An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per-project basis. What type of user access administration is BEST suited to meet the organization's needs?
Question65: From a cryptographic perspective, the service of non-repudiation includes which of the following features?
Question66: Compared to a traditional network, which of the following is a security-related benefit that software-defined networking (SDN) provides?
Question67: Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?
Question68: Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?
Question69: How does identity as a service (IDaaS) provide an easy mechanism for integrating identity service into individual applications with minimal development effort?
Question70: Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?
Question71: What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?
Question72: When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?
Question73: What type of investigation applies when malicious behavior is suspected between two organizations?
Question74: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?
Question75: Why are mobile devices something difficult to investigate in a forensic examination?
Question76: An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?
Question77: Which of the following is an advantage of on-premise Credential Management Systems?
Question78: Which of the following is the BEST reason to review audit logs periodically?
Question79: Which of the following would be considered an incident if reported by a security information and event management (SIEM) system?
Question80: What is the foundation of cryptographic functions?
Question81: Why is a system's criticality classification important in large organizations?
Question82: After the INITIAL input o f a user identification (ID) and password, what is an authentication system that prompts the user for a different response each time the user logs on?
Question83: Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?
Question84: How does security in a distributed file system using mutual authentication differ from file security in a multi-user host?
Question85: What principle requires that changes to the plaintext affect many parts of the ciphertext?
Question86: The FIRST step in building a firewall is to
Question87: Which of the following BEST represents a defense in depth concept?
Question88: A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating System (OS) was not properly detected.
Where in the vulnerability assessment process did the erra MOST likely occur?
Question89: Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?
Question90: When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?
Question91: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four files?
Question92: Which of the following is the PRIMARY consideration when determining the frequency an automated control should be assessed or monitored?
Question93: Which of the following is a covert channel type?
Question94: Which of the following is mobile device remote fingerprinting?
Question95: What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Question96: A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy?
Question97: Which of the following are mandatory canons for the (ISC)* Code of Ethics?
Question98: In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?
Question99: The security architect has been mandated to assess the security of various brands of mobile devices. At what phase of the product lifecycle would this be MOST likely to occur?
Question100: Which of the following outsourcing agreement provisions has the HIGHEST priority from a security operations perspective?
Question101: The goal of software assurance in application development is to
Question102: The security organization is looking for a solution that could help them determine with a strong level of confidence that attackers have breached their network. Which solution is MOST effective at discovering a successful network breach?
Question103: Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?
Question104: Which of the (ISC)? Code of Ethics canons is MOST reflected when preserving the value of systems, applications, and entrusted information while avoiding conflicts of interest?
Question105: Which of the following attack types can be used to compromise the integrity of data during transmission?
Question106: Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?
Question107: An organization recently upgraded to a Voice over Internet Protocol (VoIP) phone system. Management is concerned with unauthorized phone usage. security consultant is responsible for putting together a plan to secure these phones. Administrators have assigned unique personal identification number codes for each person in the organization. What is the BEST solution?
Question108: A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?
Question109: What is the PRIMARY reason for implementing change management?
Question110: Software Code signing is used as a method of verifying what security concept?
Question111: Which of the following PRIMARILY contributes to security incidents in web-based applications?
Question112: Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?
Question113: In order for application developers to detect potential vulnerabilities earlier during the Software Development Life Cycle (SDLC), which of the following safeguards should be implemented FIRST as part of a comprehensive testing framework?
Question114: Which of the following factors is a PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?
Question115: When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's first consideration?
Question116: An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?
Question117: A vehicle of a private courier company that transports backup data for offsite storage was robbed while in transport backup data for offsite was robbed while in transit. The incident management team is now responsible to estimate the robbery, which of the following would help the incident management team to MOST effectively analyze the business impact of the robbery?
Question118: What is the MAIN goal of information security awareness and training?
Question119: In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?

Question120: What is the BEST way to correlate large volumes of disparate data sources in a Security Operations Center (SOC) environment?
Question121: Which of the following is the MOST common use of the Online Certificate Status Protocol (OCSP)?
Question122: Which of the following would an internal technical security audit BEST validate?
Question123: Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
What additional considerations are there if the third party is located in a different country?
Question124: Secure Sockets Layer (SSL) encryption protects
Question125: Which of the following is the MOST important consideration that must be taken into account when deploying an enterprise patching solution that includes mobile devices?
Question126: Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization?
Question127: Discretionary Access Control (DAC) is based on which of the following?
Question128: A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's information security manager has received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?
Question129: Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?
Question130: What is the FIRST step prior to executing a test of an organisation's disaster recovery (DR) or business continuity plan (BCP)?
Question131: In systems security engineering, what does the security principle of modularity provide?
Question132: An organization has implemented a password complexity and an account lockout policy enforcing five incorrect logins tries within ten minutes. Network users have reported significantly increased account lockouts. Which of the following security principles is this company affecting?
Question133: An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?
Question134: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The effectiveness of the security program can PRIMARILY be measured through
Question135: An organization wants to share data securely with their partners via the Internet. Which standard port is typically used to meet this requirement?
Question136: An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses?
Question137: In which identity management process is the subject's identity established?
Question138: Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Question139: What is the MOST effective method of testing custom application code?
Question140: In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?
Question141: Which of the following is the PRIMARY benefit of implementing data-in-use controls?
Question142: Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?
Question143: If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the
Question144: Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?
Question145: What is an advantage of Elliptic Curve Cryptography (ECC)?
Question146: Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation?
Question147: A hospital's building controls system monitors and operates the environmental equipment to maintain a safe and comfortable environment. Which of the following could be used to minimize the risk of utility supply interruption?
Question148: Which programming methodology allows a programmer to use pre-determined blocks of code end consequently reducing development time and programming costs?
Question149: An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?
Question150: What is the PRIMARY objective of business continuity planning?
Question151: The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?
Question152: A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of which of the following?
Question153: When conducting a third-party risk assessment of a new supplier, which of the following reports should be reviewed to confirm the operating effectiveness of the security, availability, confidentiality, and privacy trust principles?
Question154: Which of the following BEST describes the purpose of performing security certification?
Question155: The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.
Which elements are required?
Question156: What high Availability (HA) option of database allows multiple clients to access multiple database servers simultaneously?
Question157: Which of the following is the key requirement for test results when implementing forensic procedures?
Question158: Which of the following questions can be answered using user and group entitlement reporting?
Question159: What is the second phase of public key infrastructure (PKI) key/certificate life-cycle management?
Question160: Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?
Question161: Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?
Question162: Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?
Question163: Which of the following threats exists with an implementation of digital signatures?
Question164: Which of the following is a common measure within a Local Area Network (LAN) to provide en additional level of security through segmentation?
Question165: Changes to a Trusted Computing Base (TCB) system that could impact the security posture of that system and trigger a recertification activity are documented in the
Question166: When conducting a security assessment of access controls , Which activity is port of the data analysis phase?
Question167: If a content management system (CSM) is implemented, which one of the following would occur?
Question168: Which of the following BEST describes the use of network architecture in reducing corporate risks associated with mobile devices?
Question169: Functional security testing is MOST critical during which phase of the system development life cycle (SDLC)?
Question170: What is the PRIMARY benefit of incident reporting and computer crime investigations?
Question171: The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide
Question172: Which of the following is a characteristic of an internal audit?
Question173: Drag the following Security Engineering terms on the left to the BEST definition on the right.

Question174: A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?
Question175: Which of the following actions should be taken by a security professional when a mission critical computer network attack is suspected?
Question176: According to the Capability Maturity Model Integration (CMMI), which of the following levels is identified by a managed process that is tailored from the organization's set of standard processes according to the organization's tailoring guidelines?
Question177: "Stateful" differs from "Static" packet filtering firewalls by being aware of which of the following?
Question178: Why is lexical obfuscation in software development discouraged by many organizations?
Question179: Which layer handle packet fragmentation and reassembly in the Open system interconnection (OSI) Reference model?
Question180: A network administrator is configuring a database server and would like to ensure the database engine is listening on a certain port. Which of the following commands should the administrator use to accomplish this goal?
Question181: In Business Continuity Planning (BCP), what is the importance of documenting business processes?
Question182: The World Trade Organization's (WTO) agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) requires authors of computer software to be given the
Question183: Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information?
Question184: When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should these considerations be prioritized?
Question185: Which of the following criteria ensures information is protected relative to its importance to the organization?
Question186: The process of mutual authentication involves a computer system authenticating a user and authenticating the
Question187: An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies.
What code of ethics canon is being observed?
Question188: What is the P R IM A R Y reason criminal law is difficult to enforce when dealing with cyber-crime?
Question189: Which of the following is MOST important to follow when developing information security controls for an organization?
Question190: Which of the following is the BEST method to prevent malware from being introduced into a production environment?
Question191: Which of the following terms BEST describes a system which allows a user to log in and access multiple related servers and applications?
Question192: Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?
Question193: An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?
Question194: To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk of an attack?
Question195: Which of the following is a correct feature of a virtual local area network (VLAN)?
Question196: A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in ?
Question197: The amount of data that will be collected during an audit is PRIMARILY determined by the.
Question198: Which of the following is a function of Security Assertion Markup Language (SAML)?
Question199: Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
Question200: Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?
Question201: What documentation is produced FIRST when performing an effective physical loss control process?
Question202: What is the PRIMARY purpose for an organization to conduct a security audit?
Question203: Which of the following are all elements of a disaster recovery plan (DRP)?
Question204: A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?
Question205: When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?
Question206: Which of the following methods provides the MOST protection for user credentials?
Question207: An organization wants to define its physical perimeter. What primary device should be used to accomplish this objective if the organization's perimeter MUST cost-efficiently deter casual trespassers?
Question208: Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?
Question209: When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs?
Question210: The PRIMARY outcome of a certification process is that it provides documented
Question211: Which of the following is the MOST efficient mechanism to account for all staff during a speedy non-emergency evacuation from a large security facility?
Question212: The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?
Question213: Which of the following is a common risk with fiber optical communications, and what is the associated mitigation measure?
Question214: Which area of embedded devices are most commonly attacked?
Question215: What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?
Question216: What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?
Question217: Which of the following actions should be performed when implementing a change to a database schema in a production system?
Question218: Discretionary Access Control (DAC) restricts access according to
Question219: What operations role is responsible for protecting the enterprise from corrupt or contaminated media?
Question220: A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?
Question221: Which one of the following is a threat related to the use of web-based client side input validation?
Question222: Which of the following is a common feature of an Identity as a Service (IDaaS) solution?
Question223: Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
The third party needs to have
Question224: Which of the following is the MOST critical success factor in the security patch management process?
Question225: A manager identified two conflicting sensitive user functions that were assigned to a single user account that had the potential to result in financial and regulatory risk to the company. The manager MOST likely discovered this during which of the following?
Question226: When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?
Question227: Which of the below strategies would MOST comprehensively address the risk of malicious insiders leaking sensitive information?
Question228: In order to assure authenticity, which of the following are required?
Question229: Which security feature fully encrypts code and data as it passes to the servers and only decrypts below the hypervisor layer?
Question230: A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst's next step?
Question231: Which of the following is the BEST way to verify the integrity of a software patch?
Question232: Which of the following is a common characteristic of privacy?
Question233: Which of the following is the MOST important first step in preparing for a security audit?
Question234: Which of the following is ensured when hashing files during chain of custody handling?
Question235: What are the roles within a scrum methodoligy?
Question236: Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?
Question237: What is the ultimate objective of information classification?
Question238: An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?
Question239: Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?
Question240: Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?
Question241: What is considered a compensating control for not having electrical surge protectors installed?
Question242: A recent information security risk assessment identified weak system access controls on mobile devices as a high me In order to address this risk and ensure only authorized staff access company information, which of the following should the organization implement?
Question243: During a fingerprint verification process, which of the following is used to verify identity and authentication?
Question244: An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.
As part of the authentication process, which of the following must the end user provide?
Question245: Which of the following is the BEST reason for the use of security metrics?
Question246: Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?
Question247: Data remanence refers to which of the following?
Question248: Internet protocol security (IPSec), point-to-point tunneling protocol (PPTP), and secure sockets Layer (SSL) all use Which of the following to prevent replay attacks?
Question249: If compromised, which of the following would lead to the exploitation of multiple virtual machines?
Question250: Which of the following is the BEST technique to facilitate secure software development?
Question251: Match the name of access control model with its associated restriction.
Drag each access control model to its appropriate restriction access on the right.

Question252: Using the cipher text and resultant clear text message to derive the non-alphabetic cipher key is an example of which method of cryptanalytic attack?
Question253: Which of the following is the MOST beneficial to review when performing an IT audit?
Question254: An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?
Question255: Which of the following statements BEST describes least privilege principle in a cloud environment?
Question256: copyright provides protection for which of the following?
Question257: What a patch management program?
Question258: Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?
Question259: Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Following best practice, where should the permitted access for each department and job classification combination be specified?
Question260: Which of the following is the MOST important action regarding authentication?
Question261: A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?
Question262: Before allowing a web application into the production environment, the security practitioner performs multiple types of tests to confirm that the web application performs as expected. To test the username field, the security practitioner creates a test that enters more characters into the field than is allowed. Which of the following BEST describes the type of test performed?
Question263: When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?
Question264: Which layer of the Open system Interconnect (OSI) model is responsible for secure data transfer between applications, flow control, and error detection and correction?
Question265: A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?
Question266: Which of the following is a method of attacking internet (IP) v6 Layer 3 and Layer 4 ?
Question267: Which of the following is an essential element of a privileged identity lifecycle management?
Question268: Intellectual property rights are PRIMARY concerned with which of the following?
Question269: How is it possible to extract private keys securely stored on a cryptographic smartcard?
Question270: Which of the following would be the BEST mitigation practice for man-in-the-middle (MITM) Voice over Internet Protocol (VoIP) attacks?
Question271: Which of the following minimizes damage to information technology (IT) equipment stored in a data center when a false fire alarm event occurs?
Question272: Which of the following is an attacker MOST likely to target to gain privileged access to a system?
Question273: Physical assets defined in an organization's Business Impact Analysis (BIA) could include which of the following?
Question274: Secure coding can be developed by applying which one of the following?
Question275: A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?
Question276: An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?
Question277: An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods.
Which of the following is the BEST data protection method?
Question278: Which of the following is the BEST countermeasure to brute force login attacks?
Question279: Which of the following MUST be considered when developing business rules for a data loss prevention (DLP) solution?
Question280: Which of the following is part of a Trusted Platform Module (TPM)?
Question281: A security professional has reviewed a recent site assessment and has noted that a server room on the second floor of a building has Heating, Ventilation, and Air Conditioning (HVAC) intakes on the ground level that have ultraviolet light filters installed, Aero-K Fire suppression in the server room, and pre-action fire suppression on floors above the server room. Which of the following changes can the security professional recommend to reduce risk associated with these conditions?
Question282: The Chief Information Security Officer (CISO) is concerned about business application availability. The organization was recently subject to a ransomware attack that resulted in the unavailability of applications and services for 10 working days that required paper-based running of all main business processes. There are now aggressive plans to enhance the Recovery Time Objective (RTO) and cater for more frequent data captures. Which of the following solutions should be implemented to fully comply to the new business requirements?
Question283: An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?
Question284: Spyware is BEST described as
Question285: Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when disposing of an office printer or copier?
Question286: An organization has requested storage area network (SAN) disks for a new project. What Redundant Array of Independent Disks (RAID) level provides the BEST redundancy and fault tolerance?
Question287: Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?
Question288: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?
Question289: Which of the following will accomplish Multi-Factor Authentication (MFA)?
Question290: Which of the following is a characteristic of a challenge/response authentication process?
Question291: A technician is troubleshooting a client's report about poor wireless performance. Using a client monitor, the technician notes the following information:

Which of the following is MOST likely the cause of the issue?
Question292: Attack trees are MOST useful for which of the following?
Question293: Which of the following are core categories of malicious attack against Internet of Things (IOT) devices?
Question294: Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?
Question295: Which security access policy contains fixed security attributes that are used by the system to determine a user's access to a file or object?
Question296: A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?
Question297: Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?
Question298: Which of the following will have the MOST influence on the definition and creation of data classification and data ownership policies?
Question299: Which is the MOST critical aspect of computer-generated evidence?
Question300: Which of the following is the BEST method to identify security controls that should be implemented for a web-based application while in development?
Question301: Which of the following entails identification of data end links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
Question302: In a disaster recovery (DR) test, which of the following would be a trait of crisis management?
Question303: Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another
Question304: During a recent assessment an organization has discovered that the wireless signal can be detected outside the campus area. What logical control should be implemented in order to BFST protect One confidentiality of information traveling One wireless transmission media?
Question305: Which of the following media is least problematic with data remanence?
Question306: Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?
Question307: Which one of the following BEST protects vendor accounts that are used for emergency maintenance?
Question308: Which of the following is the MOST significant benefit to implementing a third-party federated identity architecture?
Question309: Which of the following has the responsibility of information technology (IT) governance?
Question310: An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?
Question311: What is the MAIN purpose of conducting a business impact analysis (BIA)?
Question312: Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?
Question313: A practice that permits the owner of a data object to grant other users access to that object would usually provide
Question314: Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?
Question315: A security practitioner has been tasked with establishing organizational asset handling procedures. What should be considered that would have the GRFATEST impact to the development of these procedures?
Question316: While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?
Question317: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Which of the following is true according to the star property (*property)?
Question318: A web developer is completing a new web application security checklist before releasing the application to production. the task of disabling unecessary services is on the checklist. Which web application threat is being mitigated by this action?
Question319: Which one of the following can be used to detect an anomaly in a system by keeping track of the state of files that do not normally change?\
Question320: Which of the following BEST describes botnets?
Question321: A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?
Question322: An organization has a short-term agreement with a public Cloud Service Provider (CSP). Which of the following BEST protects sensitive data once the agreement expires and the assets are reused?
Question323: An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?
Question324: What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline JavaScript and the execution of eval()-type functions?
Question325: Which of the following explains why record destruction requirements are included in a data retention policy?
Question326: What is the BEST approach for maintaining ethics when a security professional is unfamiliar with the culture of a country and is asked to perform a questionable task?
Question327: An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred?
Question328: A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied.
The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?
Question329: Which of the following MOST applies to session initiation protocal (SIP) security?
Question330: Secure real-time transport protocol (SRTP) provides security for which of the following?
Question331: A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the application infrastructure located within one co-location data center. Which security principle is the architect currently assessing?
Question332: The adoption of an enterprise-wide Business Continuity (BC) program requires which of the following?
Question333: What is the difference between media marking and media labeling?
Question334: When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
Question335: An organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general information technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?
Question336: Which of the following BEST obtains an objective audit of security controls?
Question337: What is the BEST design for securing physical perimeter protection?
Question338: A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?
Question339: Which of the following is the BEST method to reduce the effectiveness of phishing attacks?
Question340: Which Web Services Security (WS-Security) specification handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below.

Question341: What is the purpose of an Internet Protocol (IP) spoofing attack?
Question342: Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic?
Question343: What is the BEST method to detect the most common improper initialization problems in programming languages?
Question344: In an environment where there is not full administrative control over all network connected endpoints, such as a university where non-corporate devices are used, what is the BEST way to restrict access to the network?
Question345: An engineer notices some late collisions on a half-duplex link. The engineer verifies that the devices on both ends of the connection are configured for half duplex. Which of the following is the MOST likely cause of this issue?
Question346: Logical access control programs are MOST effective when they are
Question347: Proven application security principles include which of the following?
Question348: A software development company found odd behavior in some recently developed software, creating a need for a more thorough code review. What is the MOST effective argument for a more thorough code review?
Question349: What is the PRIMARY reason for ethics awareness and related policy implementation?
Question350: Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?
Question351: Which attack defines a piece of code that is inserted into software to trigger a malicious function?
Question352: A technician wants to install a WAP in the center of a room that provides service in a radius surrounding a radio. Which of the following antenna types should the AP utilize?
Question353: Which security modes is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data?
Question354: Which of the following is a common term for log reviews, synthetic transactions, and code reviews?
Question355: In which of the following programs is it MOST important to include the collection of security process data?
Question356: What MUST each information owner do when a system contains data from multiple information owners?
Question357: When using Security Assertion markup language (SAML), it is assumed that the principal subject
Question358: What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high-performance data reads and writes?
Question359: Which of the following describes the concept of a Single Sign -On (SSO) system?
Question360: While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?
Question361: Which of the following types of devices can provide content filtering and threat protection, and manage multiple IPSec site-to-site connections?
Question362: Which of the following is used to support the concept of defense in depth during the development phase of a software product?
Question363: Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?
Question364: With data labeling, which of the following MUST be the key decision maker?
Question365: Which of the following is a secure design principle for a new product?
Question366: At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted
Question367: The use of proximity card to gain access to a building is an example of what type of security control?
Question368: Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?
Question369: The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data
Question370: From an asset security perspective, what is the BEST countermeasure to prevent data theft due to data remanence when a sensitive data storage media is no longer needed?
Question371: Which of the following defines the key exchange for Internet Protocol Security (IPSec)?
Question372: Which of the following is the BEST Identity-as-a-Service (IDaaS) solution for validating users?
Question373: When performing an investigation with the potential for legal action, what should be the analyst's FIRST consideration?
Question374: What is the PRIMARY benefit of analyzing the partition layout of a hard disk volume when performing forensic analysis?
Question375: Which of the following is the MOST appropriate action when reusing media that contains sensitive data?
Question376: Which of the following is used to ensure that data mining activities Will NOT reveal sensitive data?
Question377: A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?
Question378: Which of the following encryption technologies has the ability to function as a stream cipher?
Question379: The MAIN task of promoting security for Personal Computers (PC) is
Question380: Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?
Question381: Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages?
Question382: Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Question383: What is the BEST approach to anonymizing personally identifiable information (PII) in a test environment?
Question384: When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
Question385: Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?
Question386: An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring?
Question387: An organization wants a service provider to authenticate users via the users' organization domain credentials. Which markup language should the organization's security personnel use to support the integration?
Question388: What method could be used to prevent passive attacks against secure voice communications between an organization and its vendor?
Question389: From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?
Question390: If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?
Question391: Which of the following models uses unique groups contained in unique conflict classes?
Question392: Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?
Question393: A company needs to provide shared access of sensitive data on a cloud storage to external business partners. Which of the following identity models is the BEST to blind identity providers (IdP) and relying parties (RP) so that subscriber lists of other parties are not disclosed?
Question394: What is the best way for mutual authentication of devices belonging to the same organization?
Question395: Which of the following describes the order in which a digital forensic process is usually conducted?
Question396: Which application type is considered high risk and provides a common way for malware and viruses to enter a network?
Question397: While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?
Question398: What is the GREATEST challenge of an agent-based patch management solution?
Question399: Which of the following is the MOST important activity an organization performs to ensure that securiy is part of the overall organization culture?
Question400: A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Match the functional testing techniques on the left with the correct input parameters on the right.

Question401: What is the MOST important reason to configure unique user IDs?
Question402: An organization is planning to have an it audit of its as a Service (SaaS) application to demonstrate to external parties that the security controls around availability are designed. The audit report must also cover a certain period of time to show the operational effectiveness of the controls. Which Service Organization Control (SOC) report would BEST fit their needs?
Question403: Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?
Question404: Which of the following entities is ultimately accountable for data remanence vulnerabilities with data replicated by a cloud service provider?
Question405: When configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network, which of the following authentication types is the MOST secure?
Question406: Which of the following BEST describes a Protection Profile (PP)?
Question407: A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is MOST likely to achieve this goal?
Question408: The application owner of a system that handles confidential data leaves an organization. It is anticipated that a replacement will be hired in approximately six months. During that time, which of the following should the organization do?
Question409: Who is accountable for the information within an Information System (IS)?
Question410: Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?
Question411: Which would result in the GREATEST import following a breach to a cloud environment?
Question412: After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue?
Question413: Information security metrics provide the GREATEST value tp management when based upon the security manager's knowledge of which of the following?
Question414: Which of the following is MOST important when deploying digital certificates?
Question415: An organization implements a remote access server (RAS), Once users connect to the server, digital certificates are used to authenticate their identity. What type of extensible Authentication protocol (EAP) would the organization use during this authentication?
Question416: A client server infrastructure that provides user-to-server authentication describes which one of the following?
Question417: Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?
Question418: Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?
Question419: Which of the following BEST describes the purpose of software forensics?
Question420: An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?
Question421: Which of the following techniques is known to be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections?
Question422: A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?
Question423: Which of the following initiates the system recovery phase of a disaster recovery plan?
Question424: A large organization's human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?
Question425: Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?
Question426: Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?
Question427: Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?
Question428: To comply with industry requirements, a security assessment on the cloud server should identify which protocols and weaknesses are being exposed to attackers on the Internet.
Which of the following tools is the MOST appropriate to complete the assessment?
Question429: A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?
Question430: Which of the following vulnerability assessment activities BEST exemplifies the Examine method of assessment?
Question431: The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?
Question432: Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?
Question433: What is a use for mandatory access control (MAC)?
Question434: Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?
Question435: What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?
Question436: What does secure authentication with logging provide?
Question437: A company-wide penetration test result shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability?
Question438: In order to provide dual assurance in a digital signature system, the design MUST include which of the following?
Question439: Which one of the following describes granularity?
Question440: Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?
Question441: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?
Question442: As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?
Question443: Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation's (GDPR)?
Question444: Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this TAM action?
Question445: A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?
Question446: What is static analysis intended to do when analyzing an executable file?
Question447: A security practitioner is tasked with securing the organization's Wireless Access Points (WAP). Which of these is the MOST effective way of restricting this environment to authorized users?
Question448: A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating system (OS) was not properly detected.
Where in the vulnerability assessment process did the error MOST likely occur?
Question449: What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours?
Question450: Which of the following steps should be conducted during the FIRST phase of software assurance in a generic acquisition process?
Question451: Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?
Question452: What is the PRIMARY objective of the post-incident phase of the incident response process in the security operations center (SOC)?
Question453: What is the MOST common cause of Remote Desktop Protocol (RDP) compromise?
Question454: In a DevOps environment, which of the following actions is MOST necessary to have confidence in the quality of the changes being made?
Question455: Which one of the following data integrity models assumes a lattice of integrity levels?
Question456: Which of the following is a recommended alternative to an integrated email encryption system?
Question457: A minimal implementation of endpoint security includes which of the following?
Question458: Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?
Question459: Which of the following practices provides the development of security and identification of threats in designing software?
Question460: Identify the component that MOST likely lacks digital accountability related to information access.
Click on the correct device in the image below.

Question461: What is the GREATEST challenge to identifying data leaks?
Question462: The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?
Question463: Who is responsible for the protection of information when it is shared with or provided to other organizations?
Question464: Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?
Question465: Which of the following controls is the FIRST step in protecting privacy in an information system?
Question466: The existence of physical barriers, card and personal identification number (PIN) access systems, cameras, alarms, and security guards BEST describes this security approach?
Question467: In Federated Identity Management (FIM), which of the following represents the concept of federation?
Question468: Which security service is served by the process of encryption plaintext with the sender's private key and decrypting cipher text with the sender's public key?
Question469: When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?
Question470: The BEST example of the concept of "something that a user has" when providing an authorized user access to a computing system is
Question471: Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?
Question472: Which of the following is the MAIN benefit of off-site storage?
Question473: Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?
Question474: Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?
Question475: Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following attacks?
Question476: Which of the following needs to be taken into account when assessing vulnerability?
Question477: If an employee transfers from one role to another, which of the following actions should this trigger within the identity and access management (IAM) lifecycle?
Question478: What are the steps of a risk assessment?
Question479: Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?
Question480: An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective?
Question481: As a best practice, the Security Assessment Report (SAR) should include which of the following sections?
Question482: The PRIMARY security concern for handheld devices is the
Question483: Without proper signal protection, embedded systems may be prone to which type of attack?
Question484: What is the threat modeling order using process for Attack simu-lation and threat analysis (PASTA)?
Question485: Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?
Question486: What is the MOST significant benefit of role-based access control (RBAC)?
Question487: Which of the following is considered the FIRST step when designing an internal security control assessment?
Question488: Which inherent password weakness does a One Time Password (OTP) generator overcome?
Question489: In a data classification scheme, the data is owned by the
Question490: Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations?