EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following secure design principles would be recommended for the development of a trusted Operating System (OS)?

Question2: Although code using a specific program language may not be susceptible to a buffer overflow attack,

Question3: In the Open System Interconnection (OSI) reference model, which layer is responsible for negotiating and establishing a connection with another node?

Question4: When conducting software development, what is the BEST security practice for developers to follow when using Application Programming interfaces (AP)?

Question5: Which of the following is an example of a Time of Check/Time of Use (TOQTOU) problem?

Question6: What is the most effective form of media sanitization to ensure residual data cannot be retrieved?

Question7: What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?

Question8: Drag and Drop Question
Drag the following Security Engineering terms on the left to the BEST definition on the right.

Question9: Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

Question10: Which of the following is a best practice in a data handling policy for storage of confidential data?

Question11: Who is responsible for classifying assists in an organization?

Question12: Which of the following is the MOST important consideration in selecting a security testing method based on different Radio-Frequency Identification (RFID) vulnerability types?

Question13: Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?

Question14: An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Question15: When all of the security components in a security strategy are combined, they MUST?

Question16: Review of which of the following would be MOST preferred in measuring the effectiveness of a newly adopted security administration process?

Question17: A fiber link connecting two campus networks is broken. Which of the following tools should an engineer use to detect the exact break point of the fiber link?

Question18: Which of the following would be the BEST mitigation practice for man-in-the-middle (MITM) Voice over Internet Protocol (VoIP) attacks?

Question19: Which of the following system components enforces access controls on an object?

Question20: the MOST significant impact of compliance failure in a commercial organization is:

Question21: How many phases are contained in Internet Key Exchange (IKE)?

Question22: Which of the following in the BEST way to reduce the impect of an externlly sourced flood attack?

Question23: Which of the following is an accurate statement when an assessment results in the discovery of vulnerabilities in a critical network component?

Question24: An information security consultant has been tasked with selecting controls to discourage individuals from intentionally violating information security policies or procedures.
Which of the following would be the BEST control to use for this security requirement?

Question25: Which of the following job functions MUST be separated to maintain data and application integrity?

Question26: During a penetration test, an assessor has difficulty finding the stack into which to inject the shellcode.What is the MOST likely cause?

Question27: Which of the following protects personally identifiable information (PII) used by financial services organizations?

Question28: What secure coding practice is used, in conjunction with other controls, to prevent session hijacking?

Question29: What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

Question30: What MUST each information owner do when a system contains data from multiple information owners?

Question31: A patch for a third-party software product has been released. Which of the following should the FRST step be to support the organization's security goals?

Question32: Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

Question33: Which dynamic routing protocol is BEST suited for a dispersed campus network utilizing Internet Protocol version 6 (IPv6) addresses?

Question34: The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?

Question35: Which of the following BEST describles a protection profile (PP)?

Question36: An organization is implementing a bring your own device (BYOD) policy. What would be BEST for mitigating the risk of users managing their own devices and potentially bringing in malware?

Question37: The Chief Information Security Officer (CISO) has requested to review the Sen/ice Organization Control (SOC) 2 Type 2 report upon the new quarter.
Which of the following is the standard assessment period?

Question38: A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach?

Question39: XYZ Textiles has just acquired a smaller competitor, AcmeTex. The physical headquarters of each company is approximately 1.5 miles apart but within visual sight of one another. Each has a dedicated radio antenna used for two-way dispatch functions, what is the MOST reliable and cost-effective solution for the network engineers to connect the XYZ Textiles Local Area Network (LAN) to the newly acquired AcmeTex LAN?

Question40: A goal of the information security policy is to

Question41: Which of the following wireless security protocols presents the HIGHEST risk to an organization?

Question42: Which of the following protocols will allow the encrypted transfer of content on the Internet?

Question43: An organization plans to acquire @ commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization's security team FIRST get involved in this acquisition's life cycle?

Question44: When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

Question45: Individual access to a network is BEST determined based on

Question46: While reviewing the financial reporting risks of a third-party application, which of the following Service Organization Control (SOC) reports will be the MOST useful?

Question47: A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating system (OS) was not properly detected.
Where in the vulnerability assessment process did the error MOST likely occur?

Question48: Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Question49: An internal audit for an organization recently identified malicious actions by a user account. Upon further investigation, it was determined the offending user account was used by multiple people at multiple locations simultaneously for various services and applications. What is the BEST method to prevent this problem in the future?

Question50: During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?

Question51: A security architect is implementing an authentication system for a distributed network of servers.
This network will be accessed by users on workstations that cannot trust the identity of the user.
Which solution should the security architect use to have the users trust one another?

Question52: The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?

Question53: What is the MOST common component of a vulnerability management framework?

Question54: When a flaw in Industrial control (ICS) software is discovered, what is the GREATEST impediment to deploying a patch?

Question55: Which of the following is an advantage of' Secure Shell (SSH)?

Question56: Which of the following protocols transmits User IDs and passwords in plain text?

Question57: Which of the following BEST describes a virtual circuit where the throughput is adjusted based on feedback from monitoring the available network bandwidth?

Question58: Which of the following describes the order in which a digital forensic process is usually conducted?

Question59: An international trading organization that holds an International Organization for Standardization (ISO) 27001 certification is seeking to outsource their security monitoring to a managed security service provider (MSSP), The trading organization's security officer is tasked with drafting the requirements that need to be included in the outsourcing contract. Which of the following MUST be included in the contract?

Question60: Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

Question61: Which would result in the GREATEST import following a breach to a cloud environmet?

Question62: In order for application developers to detect potential vulnerabilities earlier during the Software Development Life Cycle (SDLC), which of the following safeguards should be implemented FIRST as part of a comprehensive testing framework?

Question63: Which of the following MOST accurately describes the Security Target (ST) in the Common Criteria framework?

Question64: What is the PRIMARY advantage of using automated application security testing tools?

Question65: employee training, risk management, and data handling procedures and policies could be characterized as which type of security measure?

Question66: For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies?

Question67: During a recent assessment an organization has discovered that the wireless signal can be detected outside the campus area. What logical control should be implemented in order to BEST protect the confidentiality of information traveling the wireless transmission media?

Question68: Which of the following has the responsibility of information technology (IT) governance?

Question69: A web developer is completing a new web application security checklist before releasing the application to production. the task of disabling unecessary services is on the checklist. Which web application threat is being mitigated by this action?

Question70: Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?

Question71: Drag and Drop Question
Match the types of e-authentication tokens to their description.
Drag each e-authentication token on the left to its corresponding description on the right.

Question72: Which of the fallowing is the FIRST step in a patch management lifecycle?

Question73: Which of the following is recommended to establish repeatable processes in a newly implemented network operations center (NOC)?

Question74: What Is a risk of using commercial off-the-shelf (COTS) products?

Question75: Prohibiting which of the following techniques is MOST helpful in preventing users from obtaining confidential data by using statistical queries?

Question76: In order to provide dual assurance in a digital signature system, the design MUST include which of the following?

Question77: Which of the following types of datacenter architectures will MOST likely be used in a large SDN and can be extended beyond the datacenter?

Question78: Which of the following provides the MOST secure method for Network Access control (NAC)?

Question79: An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?

Question80: An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding a related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective of the system. Which trust service principle would be MOST applicable in th is situation?

Question81: Which of the following is the BEST way to verify that patches are working as expected?

Question82: When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?

Question83: When implementing a data classification program, why is it important to avoid too much granularity?

Question84: What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?

Question85: From a cryptographic perspective, the service of non-repudiation includes which of the following features?

Question86: An organization implements supply chain risk management (SCRM) into all phases of the Systems Development Life Cycle (SDLC). What methodology is MOST important to ensure that SCRM requirements are met?

Question87: An information technology (IT) employee who travels frequently to various is remotely to an organization to troubleshoot. Which of the following solutions BEST serves as a secure control mechanisn to meet the organization's requirements?

Question88: Which of the following is the FIRST step in data classification

Question89: Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

Question90: What requirement MUST be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation?

Question91: A director within the organization has told an employee about a vendor that has a technology to improve security of the company. It is discovered that the director's friend is a sales person at the vendor and can provide a large discount. Which of the following would be the BEST way to proceed?

Question92: Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?

Question93: Which type of log collection is focused on detecting and responding to attacks, malware infection, and data theft?

Question94: A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?

Question95: Which of the following is strategy of grouping requirements in developing a security Test and Evaluation (ST&E)?

Question96: Which of the following is a common measure within a Local Area Network (LAN) to provide en additional level of security through segmentation?

Question97: What is the BEST way to prevent an encrypted hard drive from being fully imaged and decrypted later via brute force attack?

Question98: Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) confidentiality category?

Question99: What is the BEST defense against an unauthorized sniffer on a Local Area Network (LAN)?

Question100: Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device which has been stolen?

Question101: When developing an organization's information security budget, it is important that the

Question102: Which of the following is an initial consideration when deveoping an information security management system (ISMS)?

Question103: A large manufacturing organization arranges to buy an industrial machine system to produce a new line of products. The system includes software provided to the vendor by a thirdparty organization. The financial risk to the manufacturing organization starting production is high. What step should the manufacturing organization take to minimize its financial risk in the new venture prior to the purchase?

Question104: Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

Question105: The MAIN task of promoting security for Personal Computers (PC) is

Question106: Which algorithm supports Advanced Encryption Standard (AES)?

Question107: If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol (VoIP), which of the following becomes even MORE essential to the assurance of network?

Question108: Which of the following is the PRIMARY purpose of routinely testing storage media?

Question109: The existence of physical barriers, card and personal identification number (PIN) access systems, cameras, alarms, and security guards BEST describes this security approach?

Question110: The security team has been tasked with performing an interface test against a frontend external facing application and needs to verify that all input fields protect against invalid input. Which of the following BEST assists this process?

Question111: Which of the following is most helpful in applying the principle of Least Privilege?

Question112: Single sign-on (SSO) for federated identity management (FIM) must be implemented and managed so that authorization mechanisms protect access to privileged information using OpenID Connect (OIDC) token or Security Assertion Markup Language (SAML) assertion. What is the BEST method to use to protect them?

Question113: Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?

Question114: Which of the following VPN configurations should be used to separate Internet and corporate traffic?

Question115: What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Question116: An organization discovers a significant amount of confidential data that has no owner assigned.
Which of the following should the organization adopt to prevent this situation from recurring?

Question117: Which of the following criteria ensures information is protected relative to its importance to the organization?

Question118: When developing an external facing web-based system, which of the following would be the MAIN focus of the security assessment prior to implementation and production?

Question119: What type of investigation applies when malicious behavior is suspected between two organizations?

Question120: Organizational leadership wants to move away from compliance to data driven risk management.
Which of the following should be implemented to facilitate this change?

Question121: What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

Question122: A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?

Question123: Which of the following is required to determine classification and ownership?

Question124: Which of the following is the MOST likely cause of a compromised Evaluation Assurance Level (EAL)7 certified primary domain controller?

Question125: What is the difference between media marking and media labeling?

Question126: Which of the following is the greatest weakness with attacker based threat modeling?

Question127: Which of the following describes total evacuation time?

Question128: Which series of activities should an organization perform to achieve compliance with Information Technology (IT) government mandates, address business risks, and safeguard the organization from 0

Question129: Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?

Question130: Which (ISC)2 Code of Ethics canon requires members to tell the truth and make a stakeholders aware of actions on a timely basic?

Question131: How is remote authentication Dial-In user service (RADIUS) authentication accomplished?

Question132: What information will BEST assist security and financial analysts in determining if a security control is cost effective to mitigate a vulnerability?

Question133: Which of the following represents and ethics concern when using information security consultants?

Question134: Which of the following Disaster recovery (DR) testing processes is LEAST likely to disrupt normal business operations?

Question135: A security practitioner has just been assigned to address an ongoing Denial of Service (DoS) attack against the company's network, which includes an e-commerce web site. The strategy has to include defenses for any size of attack without rendering the company network unusable.
Which of the following should be a PRIMARY concern when addressing this issue?

Question136: Which of the following uses the destination IP address to forward packets?

Question137: Which of the following is the MOST comprehensive Business Continuity (BC) test?

Question138: If a security requirement for a given system states that unauthorized users must be unable to access the system, which of the following I would be MOST effective?

Question139: Which of the following is included in change management?

Question140: Which of the following is the BEST way to protect an organization's data assets?

Question141: What is the MOST effective way to protect privacy?

Question142: Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?

Question143: Due to system constraints, a group of system administrators must share a high-level access set of credentials.
Which of the following would be MOST appropriate to implement?

Question144: To comply with industry requirements, a security assessment on the cloud server should identify which protocols and weaknesses are being exposed to attackers on the Internet.
Which of the following tools is the MOST appropriate to complete the assessment?

Question145: Which change management role is responsible for the overall success of the project and supporting the change throughout the organization?

Question146: A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to on and security However, an attacker was able to spoof a registered account on the network and query the SAML provider.
What is the MOST common attack leverage against this flaw?

Question147: Which of the following is an advantage of on-premise Credential Management Systems?

Question148: For cellular networks, how does a rogue base station take advantage of device association in order to control the handset?

Question149: Which of the following tenets of information security is MOST commonly addressed by data classification?

Question150: In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ).
What is MAIN purpose of the DMZ?

Question151: Which of the following entities is ultimately accountable for data remanence vulnerabilities with data replicated by a Cloud Service Provider (CSP)?

Question152: Which of the following is the BEST action while reviewing recurring access violations in a root- cause analysis?

Question153: What would be the BEST action to take in a situation where collected evidence was left unattended overnight in an unlocked vehicle?

Question154: What does the result of Cost-Benefit Analysis (C8A) on new security initiatives provide?

Question155: Which of the following is an indicator that a company's new user security awareness training module has been effective?

Question156: The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?

Question157: An organization decides to evaluate the security of a system that contains Personally Identifiable Information (Pll). During the test planning phase, it is determined that a Pll spill is a risk. How could the organization BEST evaluate the system and mitigate the risk of a Pll spill?

Question158: A financial organization that works according to agile principles has developed a new application for their external customer base to request a line of credit. A security analyst has been asked to assess the security risk of the minimum viable product (MVP). Which is the MOST important activity the analyst should assess?

Question159: Mapping out all functionality and features to their associated dependencies to determine how to apply security controls is known as which of following?

Question160: Which is the MOST effective countermeasure to prevent electromagnetic emanations on unshielded data cable?

Question161: An organization needs to evaluate the effectiveness of security controls implemented on a new system. Which of the following roles should the organization entrust to conduct the evaluation?

Question162: An organization is required to comply with a new privacy regulation. What is the FIRST step the organization should take to create a privacy compliance program?

Question163: Which of the following is the MOST appropriate control for asset data labeling procedures?

Question164: In which process MUST security be considered during the acquisition of new software?

Question165: Which of the following measures is the MOST critical in order to safeguard from a malware attack on a smartphone?

Question166: Where can the Open Web Application Security Project (OWASP) list of associated vulnerabilities be found?

Question167: In which of the following phases in the change management process does the security team scan affected machines to ensure no vulnerabilities were introduced?

Question168: Which of the following should be completed FIRST when securing endpoints?

Question169: Which of the following is true of Service Organization Control (SOC) reports?

Question170: Which of the following is the PRIMARY benefit of a formalized information classification program?

Question171: During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

Question172: When is a Business Continuity Plan (BCP) considered to be valid?

Question173: Which of the following is an advantage of Secure Shell?

Question174: In which of the following scenarios is locking server cabinets and limiting access to keys preferable to locking the server room to prevent unauthorized access?

Question175: Which step of the Risk Management Framework (RMF) identifies the initial set of baseline security controls?

Question176: Drag and Drop Question
Match the name of access control model with its associated restriction.
Drag each access control model to its appropriate restriction access on the right.

Question177: Wi-Fi Protected Access 2 (WPA2) is a security protocol designed with which of the following security feature?

Question178: An organization is planning to establish a connection to a third-party location. Which of the following BEST determines the requirements for securing the connection?

Question179: A control to protect from the Denial-of-Service (DOS) attack has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

Question180: Which of the following is the LEAST secure authentication method for remote access?

Question181: Which of the following attributes could be used to describe a protection mechanism of an open design methodology?

Question182: A Chief Information Security Officer (CISO) of a firm which decided to migrate to cloud has been tasked with ensuring an optimal level of security. Which of the following would be the FIRST consideration?

Question183: Which of the following is a MUST for creating a new custom-built, cloud-native application designed to be horizontally scalable?

Question184: Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized?

Question185: Which of the following ensures old log data is not overwritten?

Question186: What High Availability (HA) option of database allow multiple clients to access multiple database servers simultaneously?

Question187: Which of the following principles is intended to produce information security professionals that are capable of vision and proactive response?

Question188: Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?

Question189: A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security Officer (CISO) says that the cloud provider has met all regulations requirements and even provides its own encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation?

Question190: Which of the following is MOST important when deploying digital certificates?

Question191: A retail company is looking to start a development project that will utilize open source components in its code for the first time. The development team has already acquired several
`open source components and utilized them in proof of concept (POC) code. The team recognizes that the legal and operational risks are outweighed by the benefits of open-source software use. What MUST the organization do next?

Question192: Which of the following is the key requirement for test results when implementing forensic procedures?

Question193: Which of the following describes the BEST configuration management practice?

Question194: What steps can be taken to prepare personally identifiable information (PII) for processing by a third party?

Question195: In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?

Question196: Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a

Question197: Which of the following is the BEST technique to facilitate secure software development?

Question198: Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?

Question199: Why is authentication by ownership stronger than authentication by knowledge?

Question200: Which of the following is the MOST significant key management problem due to the number of keys created?

Question201: The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

Question202: An organization implements a Remote Access Server (RAS). Once users correct to the server, digital certificates are used to authenticate their identity. What type of Extensible Authentication Protocol (EAP) would the organization use dring this authentication?

Question203: Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Question204: A company's sales team needs to securely access a database containing customer information from outside the company's network. Which wing technologies BEST supports that need?

Question205: Which of the following is a credible source to validate that security testing of Commercial Off-The- Shelf (COTS) software has been performed with international standards?

Question206: A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?

Question207: A software developer installs a game on their organization-provided smartphone. Upon installing the game, the software developer is prompted to allow the game access to call logs, Short Message Service (SMS) messaging, and Global Positioning System (GPS) location data.
What has the game MOST likely introduced to the smartphone?

Question208: Which security service is served by the process of encryption plaintext with the sender's private key and decrypting cipher text with the sender's public key?

Question209: A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's information security manager had received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?

Question210: What is the MAIN objective of risk analysis in Disaster Recovery (DR) planning?

Question211: How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?

Question212: An organization needs to implement media encryption for a large data set that consists of files shared between users in different countries.Which of the following is the BEST tool for meeting this requirement?

Question213: In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper connectivity?

Question214: Which of the following are effective countermeasures against passive network-layer attacks?

Question215: Which of the following is the MOST important activity an organization performs to ensure that security is part of the overall organization culture?

Question216: An organization is awarded a software engineering institute (SEI) capability maturity model integration (CMMI) level 5. What is the main characteristic of this level?

Question217: Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Question218: Which of the following encryption types is used in Hash Message Authentication Code (HMAC) for key distribution?

Question219: Which function does 802.1X provide?

Question220: In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

Question221: Which of the following purging methods will allow the full data set to be recovered?

Question222: Utilizing a public wireless Local Area network (WLAN) to connect to a private network should be done only in which of the following situations?

Question223: An organization wants to ensure that employees that move to a different department within the organization do not retain access privileges from their former department. To this end, the organization has implemented role-based access control (RBAC). Which additional measure is MOST important to successfully limit excess access privileges?

Question224: When collecting a raw dump of physical memory, when should the security professional calculate and compare the hashes of the original and the duplicate?

Question225: Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain.
Which of the following is LEAST associated with the attack surface?

Question226: What is the PRIMARY responsibility of a data owner?

Question227: Which of the following provides for the STRONGEST protection of data confidentiality in a Wi-Fi environment?

Question228: Which of the following problems is not addressed by using Open Authorization Version 2 (OAuth2) to integrate a third-party Identity Provider (IdP) for a service?

Question229: Which of the following attacks describes the intent behind the pivoting method used by attackers or penetration testers?

Question230: Which of the following types of report would an organization covering internal control over financial reporting (ICFR) controls request?

Question231: Which of the following is an essential requirement of a fault tolerant system?

Question232: An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?

Question233: When configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network, which of the following authentication types is the MOST secure?

Question234: What is an advantage of using a third-party Identity Provider (IdP) for authentication?

Question235: In Federated Identity Management (FIM), which of the following represents the concept of federation?

Question236: Which is the PRIMARY mechanism for providing the workforce with the information needed to protect an agency's vital information resources?

Question237: An information security professional is reviewing user access controls on a customer-facing application. The application must have multi-factor authentication (MFA) in place. The application currently requires a username and password to login. Which of the following options would BEST implement MFA?

Question238: To ensure proper governance of information throughout the lifecycle, which of the following should be assigned FIRST?

Question239: A vulnerability test on an Information System (IS) is conducted to

Question240: Which one of the following requires the system to manage access controls?

Question241: Using Remote Authentication Dial User Service (RADIUS) return attributes to assign a Virtual Local Area Network (VLAN) based on a RADIUS client is an example of which of the following types of access control model?

Question242: Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?

Question243: Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?

Question244: Which one of the following can be used to detect an anomaly in a system by keeping track of the state of files that do not normally change?\

Question245: An Information Technology [IT) manager has learned that vendor support for a Commercial Off- The-Shelf (COTS) application where the perpetual license is owned will be terminated in six months as the application is retired and replaced with a recently acquired competing product.
Which of the following is the BEST option for the IT manager in response to learning this?

Question246: Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when traveling to high-risk countries?

Question247: Which of the following is the MOST likely attack on a hijacked internet router with applied improper security controls?

Question248: Why Is It important to have a comprehensive inventory of Information Technology (IT) assets when conducting a risk analysis as part of Disaster Recovery (DR)planning?

Question249: Two remote offices need to be connected securely over an untrustworthy MAN. Each office needs to access network shares at the other site. Which of the following will BEST provide this functionality?

Question250: A company wants to buy a Commercial ff-The-Shelf (CTS) application that has known vulnerabilities. The Chief Information Security officer (CIS) instead Wants the application designed in-house. Why would the CIS's solution be better for the company?

Question251: Risk based internal audit (RBIA) of an organization must be based upon which of the following?

Question252: A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?

Question253: Which of the following is FIRST defined in a company's data retention policy?

Question254: Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?

Question255: Which of the following can cause a web application to malfunction or expose sensitive data by manipulating JavaScript?

Question256: Which of the following should ALWAYS be included in audit records?

Question257: Which of the following is required to verify the authenticity of a digitally signed document?

Question258: A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user's laptop. Which security mechanism addresses this requirement?

Question259: What is the benefit of using Network Admission Control (NAC)?

Question260: What is the Best approach for maintaining ethics when a security professional is unfamiliar with the culture of a country and is asked to perform a questionable task?

Question261: In which of the following programs is it MOST important to include the collection of security process data?

Question262: Which access control method allows an entity to make certain claims about itself and have organizational compliance verified?

Question263: Digital non-repudiation requires which of the following?

Question264: Which inherent password weakness does a One Time Password (OTP) generator overcome?

Question265: What is the MOST important factor in establishing an effective Information Security Awareness Program?

Question266: An organization discovers that its Secure File Transfer Protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general Information Technology (IT) controls, superficially pertaining t software change control and security patch management, but rot in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?

Question267: Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?

Question268: Digital certificates used in Transport Layer Security (TLS) support which of the following?

Question269: Which of the following events prompts a review of the disaster recovery plan (DRP)?

Question270: Which of the following are key activities when conducting a security assessment?

Question271: As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

Question272: For the detection of internet of things (loT) devices, a project team has implemented x 509 certificate-based authentication.
Which of the following type of certificates would be best suited given the projected objectives?

Question273: Which of the following media sanitization techniques is MOST likely to be effective for an organization using public cloud services?

Question274: Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

Question275: Why should Open Wab Application Secuirty Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any wab application?

Question276: Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?

Question277: Which concept might require users to use a second access token or to re-enter passwords to gain elevated access rights in the identity and access provisioning life cycle?

Question278: Which of the following is critical if an empolyee is dismissed due to violation of an organization's acceptable use policy (Aup) ?

Question279: Which of the following is the PRIMARY issue when analyzing detailed log information?

Question280: During a routine audit of network logs, the security administrator discovers remote access logins from a known user during nonbusiness hours. What is the BEST action for the security administrator to take?

Question281: The ability to send malicious code, generally in the form of a client side script, to a different end user is categorized as which type of vulnerability?

Question282: Drag and Drop Question
Match the level of evaluation to the correct common criteria (CC) assurance level.
Drag each level of evaluation on the left to is corresponding CC assurance level on the right

Question283: A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy?

Question284: Security issues with shared push-button combination lock devices can BEST be overcome by which of the following?

Question285: Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

Question286: A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files?

Question287: A developer begins employment with an information technology (IT) organization. On the first day, the developer works through the list of assigned projects and finds that some files within those projects aren't accessible, Other developers working on the same project have no trouble locating and working on the. What is the MOST likely for the discrepancy in access?

Question288: Which of the following is a unique feature of attribute-based access control (ABAC)?

Question289: A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites.
Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?

Question290: Why are mobile devices something difficult to investigate in a forensic examinition?

Question291: What is the purpose of code signing?

Question292: Which of the following is a second optional use of Network Access Control (NAC) technology?

Question293: When investigating a possible cybercrime, which of the following is the PRIMARY reason that digital evidence is difficult to recover?

Question294: What is the expected outcome of security awareness in support of a security awareness program?

Question295: In a data classification scheme, the data is owned by the

Question296: An engineer notices some late collisions on a half-duplex link. The engineer verifies that the devices on both ends of the connection are configured for half duplex. Which of the following is the MOST likely cause of this issue?

Question297: Which is the MOST important consideration for a policy safeguarding an argentations physical assets?

Question298: An organization has received an initial draft of a security assessment report from a third-party vendor. The report recommended specific remediation actions for the security controls that did not produce a satisfactory result. What action should the assessor take if a system owner decides to implement a recommendation prior to the finalized report?

Question299: What is the MAIN purpose of a bastion host?

Question300: Which of the following is of GREATEST value to an organization in which information security controls are perceived as complex and negatively impacting productivity

Question301: Before implementing an internet-facing router, a network administrator ensures that the equipment is baselined/hardened according to approved configurations and settings. This action provides protection against which of the following attacks?

Question302: Functional security testing is MOST critical during which phase of the system development life cycle (SDLC)?

Question303: Which of the following is the BEST identity-as-a-service (IDaaS) solution for validating users?

Question304: Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

Question305: Malicious attack on a vital trucking company A security practitioner is tasked with setting up a database server for an organization's vendors. Due to physical space constraints, the server will reside in the same physical location as the organization's server that stores the organization's sensitive and critical data. Which of the following controls should security practitioner implement to Best prevent both physical and logical access attacks?

Question306: Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?

Question307: What is the PRIMARY purpose of the identification phase of the incident response process?

Question308: A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied. The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?

Question309: A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?

Question310: Physical Access Control Systems (PACS) allow authorized security personnel to manage and monitor access control for subjects through which function?

Question311: In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs?

Question312: Which of the following system security measures is required for the protection of code repositories?

Question313: What approach in embedded systems communication allows both the sender and receiver to validate in mutual identities?

Question314: Which role is primarily responsible for reviewing an analyzed Information Security Continuous Monitoring (ISCM)report and determining whether to conduct risk mitigation activities to transfer, reject, or accept risk?

Question315: Which of the following models uses unique groups contained in unique conflict classes?

Question316: While classifying credit card data related to Payment Card Industry Data Security Standards (PCI-DSS), which of the following is a PRIMARY security requirement?

Question317: Which of the following is the PRIMARY benefit of applying a digital signature to an outbound e- mail message?

Question318: A new Chief Information Officer (CIO) created a group to write a data retention policy based on applicable laws. Which of the following is the PRIMARY motivation for the policy?

Question319: Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

Question320: If a content management system (CMC) is implemented, which one of the following would occur?

Question321: Which of the following is the BEST way to protect against Structured Query language (SQL) injection?

Question322: Where does Multiprotocol Label Switching (MPLS) fit in the pen Systems Interconnection(SI)?'

Question323: How is it possible to extract private keys securely stored on a cryptographic smartcard?

Question324: Which of the following is MOST effective in quickly detecting malicious activity and reacting according to the inherent risk presented by potential rogue elements?

Question325: Which of the following is an important requirement when designing a secure remote access system?

Question326: A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the following is the BEST solution to implement?

Question327: An advantage of link encryption in a communications network is that it

Question328: Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?

Question329: Information Security continuous Monitoring (ISCM) is a critical piece of which of the following framework

Question330: In configuration management, what baseline configuration information MUST be maintained for each computer system?

Question331: Write Once, Read Many (WORM) data storage devices are designed to BEST support which of the following core security concepts?

Question332: Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when disposing of an office printer or copier?

Question333: Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy?

Question334: Why is Plan of Action and Milestones (PA&M) created when generating a security audit report?

Question335: Which of the following can a system administrator do to improve the accuracy of a vulnerability scan?

Question336: An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Question337: Which of the following is the MOST secure protocol for zremote command access to the firewall?

Question338: Which of the following is a valid routable Transmission Control Protocol/Internet Protocol (TCP/IP) v4 address on the Internet?

Question339: Which application type is considered high risk and provides a common way for malware and viruses to enter a network?

Question340: When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?

Question341: A company-wide penetration test result shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability?

Question342: What capability would typically be included in a commercially available software package designed for access control?

Question343: What are the steps of a risk assessment?

Question344: A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?

Question345: Which of the following types of physical security testing does an organization perform in order to focus on a specific area of interest or to save time?

Question346: Which one of the following documentation should be included in a Disaster Recovery (DR) package?

Question347: What is the BE ST method to ensure the integrity of physical lock and key systems?

Question348: Which of the following is an essential element of a cloud service?

Question349: Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?

Question350: An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow?

Question351: Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

Question352: A security engineer is tasked with implementing a new identity solution. The client doesn't want to install or maintain the infrastructure. Which of the following would qualify as the BEST solution?

Question353: A subscription service which provides power, climate control, raised flooring, and telephone wiring but NOT the computer and peripheral equipment is BEST described as a:

Question354: In regard to multimedia files, which Digital Rights Management (DRM) technique is the MOST effective at tracing the source of a violation?

Question355: Why would a system be structured to isolate different classes of information from one another and segregate them by user jurisdiction?

Question356: Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

Question357: For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?

Question358: A large corporation is looking for a solution to automate access based on where the request is coming from, who the user is, what device they are connecting with, and what and time of day they are attempting this access. What type of solution would suit their needs?

Question359: Which of the following techniques evaluates the secure design principles of network OF software architectures?

Question360: The Chief Information Security Officer (CISO) of a large financial institution is responsible for implementing the security controls to protect the confidentiality and integrity of the organization's Information Systems. Which of the controls below is prioritized FIRST?

Question361: For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following?

Question362: Which of the following is the PRIMARY consideration when determining the frequency an automated control should be assessed or monitored?

Question363: Which of the following is a security weakness in the evaluation of common criteria (CC) products?

Question364: What is the BEST method to use for assessing the security impact of acquired software?

Question365: Within a large organization, what business unit is BEST positioned to initiate provisioning and deprovisioning of user accounts?

Question366: Which of the following is the MOST effective measure to prevent buffer overflow attacks?

Question367: An organization suspects it is receiving spoofed e-mails from a foreign-hosted web e-mail service.
Where can the MOST relevant be found to begin the process of identifying the perpetrator?

Question368: To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control?

Question369: Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Question370: Information pruning reflects which of the following security principles?

Question371: Which of the following BEST represents a defense in depth concept?

Question372: Which of the following is the PRIMARY benefit of implementing an Information Security Management System (ISMS)?

Question373: A manager identified two conflicting sensitive user functions that were assigned to a single user account that had the potential to result in financial and regulatory risk to the company. The manager MOST likely discovered this during which of the following?

Question374: Dumpster diving is a technique used in which stage of penetration testing methodology?

Question375: Which of the following is a direct monetary cost of a security incident?

Question376: Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Question377: Concerning appropriate data retention policies, which of the following is the MAIN risk factor for the availability of archived information?

Question378: What are the roles within a scrum methodoligy?

Question379: During a Disaster Recovery (DR) assessment, additional coverage for assurance is required.
What should en assessor do?

Question380: Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Question381: What is the FIRST step in risk management?

Question382: Which of the following security tools monitors devices and records the information in a central database for further analysis?

Question383: An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application?

Question384: Information security practitioners are in the midst of implementing a new firewall. Which of the following failure methods would BEST prioritize security in the event of failure?

Question385: Email credentials were stolen when a user clicked on a link provided in an email and was prompted to download an android package kit (APK) file that automatically installed on the user's phone. What is the best way to mitigate this type of attack?

Question386: Which of the following is an example of a vulnerability of full-disk encryption (FDE)?

Question387: Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic?

Question388: Which of the (ISC) Code of Ethics canons is MOST reflected when preserving the value of systems, applications, and entrusted information while avoiding conflicts of interest?

Question389: A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in ?

Question390: When assessing the audit capability of an application, which of the following activities is MOST important?

Question391: Exploitation of knowledge regarding the response time for a specific query is an example of which of the following attacks?

Question392: Which of the following MUST be done before a digital forensics investigator may acquire digital evidence?

Question393: Which of the following is a best implementation practice related to information and communication technology Supply Chain Risk Management (SCRM)?

Question394: What type of sprinkler system employs smoke or heat detection mechanisms to reduce the risk of accidental, non-fire release of water over the electronic equipment?

Question395: In Session Layer of the Open System Interconnect (OSI) model, which of the following modes allows only one host to send information to its peer?

Question396: Which of the following is the MOST important rule for digital investigations?

Question397: A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS).
Which of the following factors leads the company to choose an IDaaS as their solution?

Question398: Which of the following would be the FJB^T step to take when implementing a patch management program?

Question399: How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)?

Question400: The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.
Which elements are required?

Question401: Which process presents the greatest security concern while assessing the security of commercial off-the-shell (COTS) software prior to procurement?

Question402: The Security Content Automation Protocol (SCAP) framework uses which measurement for the severity of vulnerabilities?

Question403: Organization A is adding a large collection of confidential data records that it received when it acquired Organization B to its data store. Many of the users and staff from Organization B are no longer available. Which of the following MUST Organization A 0do to property classify and secure the acquired data?

Question404: What is the BEST approach to addressing security issues in legacy web applications?

Question405: An Internet media company produces and broadcasts highly popular television shows. The company is suffering a huge revenue loss due to piracy. What technique should be used to track the distribution of content?

Question406: Which of the following statements is true regarding value boundary analysis as a functional software testing technique

Question407: An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?

Question408: Which of the following methods provides the MOST protection for user credentials?

Question409: Which of the following is critical if an employee is dismissed due to violation of an organization's Acceptable Use Policy (ALP)?

Question410: Which of the following is the reason that transposition ciphers are easily recognizable?

Question411: Which mechanism provides the BEST protection against buffer overflow attacks in memory?

Question412: Following project initiation, which of the following items represent the linear progression of Disaster Recovery (DR) phases?

Question413: An application developer is developing a web application that will store and process personal information of European Union (EU) residents. Which of the following security principles explicitly specified in General Data Protection Regulation (GDPR), should the developer apply to safeguard the personal information in the application?

Question414: Drag and Drop Question
Match the functional roles in an external audit to their responsibilities. Drag each role on the left to its corresponding responsibility on the right.

Question415: From a security perspective, which of the following are the MOST important resources of any computing system?

Question416: Which of the following value comparisons MOST accurately reflects the agile development approach?

Question417: An application is used for funds transfer between an organization and a third-party. During a security audit, an issue with the business continuity/disaster recovery policy and procedures for this application. Which of the following reports should the audit file with the organization?

Question418: In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?

Question419: An organization has implemented a new backup process which protects confidential data by encrypting the information stored on backup tapes. Which of the following is a MAJOR data confidentiality concern after the implementation of this new backup process?

Question420: Which of the following BEST describes botnets?

Question421: Which of the following threats exists with an implementation of digital signatures?

Question422: Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee records?

Question423: Which one of the following is an advantage of an effective release control strategy from a configuration control standpoint?

Question424: The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment.
What principle has the team taken into consideration?

Question425: Which of the following mandates the amount and complexity of security controls applied to a security risk?

Question426: Which of the following vulnerabilities can be BEST detected using automated analysis?

Question427: When MUST an organization's information security strategic plan be reviewed?

Question428: A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3) to it.
Which of the following is the MOST likely reason for doing so?

Question429: Which of the following addresses requirements of security assessment during software acquisition?

Question430: Which of the following attacks can be leveraged only against a telephone?

Question431: Which of the following components of the Content Distribution Network (CDN) architecture is responsible for updates to ensure the freshness of content?

Question432: A new internal auditor is tasked with auditing the supply chain. The system owner stated that the last internal auditor was terminated because the auditor discovered too many deficient controls.
The auditor reports this conversation to their manager. Which of the following audit integrity principles BEST applies to this situation?

Question433: What Service Organization Controls (SOC) report can be freely distributed and used by customers to gain confidence in a service organization's systems?

Question434: Which of the following authorization standards is built to handle Application programming Interface (API) access for federated Identity management (FIM)?

Question435: A recent information security risk assessment identified weak system access controls on mobile devices as a high me In order to address this risk and ensure only authorized staff access company information, which of the following should the organization implement?

Question436: In systems security engineering, what does the security principle of modularity provide?

Question437: Why is lexical obfuscation in software development discouraged by many organizations?

Question438: Which of the following is a strong security protection provided by Trusted Platform Module (TPM)?

Question439: Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

Question440: Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?

Question441: Digital certificates used transport Layer security (TLS) support which of the following?

Question442: What is the MOST efficient way to verify the integrity of database backups?

Question443: An organization publishes and periodically updates its employee policies in a file on their intranet.
Which of the following is a PRIMARY security concern?

Question444: What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?

Question445: Which type of test suite should be run for fast feedback during application develoment?

Question446: A large organization's human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?

Question447: An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?

Question448: An attacker has intruded into the source code management system and is able to download but not modify the code. Which of the following aspects of the code theft has the HIGHEST security impact?

Question449: Which of the following is the FIRST control step in provisioning user rights and privileges?

Question450: Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?

Question451: When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?

Question452: Which of the following documents specifies services from the client's viewpoint?

Question453: Which of the following is the BEST approach to implement multiple servers on a virtual system?

Question454: Which of the following is the weakest form of protection for an application that handles Personally Identifiable Information (PII)?

Question455: What is the MOST appropriate hierarchy of documents when implementing a security program?

Question456: Wireless users are reporting intermittent Internet connectivity. Connectivity is restored when the users disconnect and reconnect, utilizing the web authentication process each time. The network administrator can see the devices connected to the APs at all times. Which of the following steps will MOST likely determine the cause of the issue?

Question457: When reviewing the security logs, the password shown for an administrative login event was ' OR
' '1'='1' --. This is an example of which of the following kinds of attack?

Question458: What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?

Question459: Which of the following open source software issues pose the MOST risk to an application?

Question460: A Chief Information Security Officer (CISO) is considering various proposals for evaluating security weaknesses and vulnerabilities at the source code level. Which of the following items BEST equips the CISO to make smart decisions for the organization?

Question461: When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified?

Question462: A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The audit logging generates extremely high amount of logs. What is the MOST appropriate strategy for the log retention?

Question463: Which stage in the identity management (IdM) lifecycle constitutes the GREATEST risk for an enterprise if performed incorrectly?

Question464: The security team plans on using automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with fewest errors when running the audit?

Question465: Why might a network administrator choose distributed virtual switches instead of stand-alone switches for network segmentation?

Question466: Which of the following presents the PRIMARY concern to an organiztion when setting up a federated single sign-on (SSO) solution with another

Question467: Which of the following activities is MOST likely to be performed during a vulnerability assessment?

Question468: What is the MAIN reason to ensure the appropriate retention periods are enforced for data stored on electronic media?

Question469: What is the MAIN purpose of a security assessment plan?

Question470: At which stage of the System Development Life Cycle (SDLC)are audits MOST likely to be conducted?

Question471: A network administrator is configuring a database server and would like to ensure the database engine is listening on a certain port. Which of the following commands should the administrator use to accomplish this goal?

Question472: Which of the following is a responsibility of a data steward?

Question473: An effective information security strategy is PRIMARILY based upon which of the following?

Question474: Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?

Question475: When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs?

Question476: When accepting new software purchases, which of the following is the BEST option the acquisition team can use to ensure the new software meets security requirements?

Question477: Which of the following is the last-mile reliability of plain old Telephone service (PTS)?

Question478: Why is the principle of least privilege important?

Question479: Which of the following languages supports a modular program structure and was designed for military and real-time systems?

Question480: In order to provide dual assurance in a digital signature system, the design MUST include which of the following?

Question481: Which of the following is a source to consider when assessing mobile device applications for data leakage?

Question482: What is the FIRST step required in establishing a records retention program?

Question483: Which of the following media is LEAST problematic with data remanence?

Question484: Which of the following types of data would be MOST difficult to detect by a forensic examiner?

Question485: Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this TAM action?

Question486: Which of the following is a PIRIMARY security weakness in the design of Domain Name System (DNS) service?

Question487: When developing an information security policy, why is it BEST to include a process for requesting exceptions?

Question488: Which of the following mechanisms are PRIMARILY used to safeguard and provide countermeasures for an organizational Information System (IS) to protect the confidentiality, integrity, and availability of its data?

Question489: What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)?

Question490: An information security professional is performing an internal audit of their organization where it is known that there is a lock formalized procedure. Which of the following auditing methods would be best for auditing the informal procedures while assisting Information Technology (IT) operations with documenting the procedures?

Question491: Which of the following is a recommended method to control removal of computer equipment from a data center by a staff member?

Question492: Which of the following is considered the PRIMARY security issue associated with encrypted e- mail messages?

Question493: Which of the following metrics are considered when evaluating firewall performance?

Question494: One of Canada's leading pharmaceutical firms recently hired a Chief Data Officer (CDO) to oversee its data privacy program. The CDO has discovered the firm's marketing department has been collecting information from individuals without their knowledge and consent via the company website. Which of the following privacy regulations should concern the CDO regarding this practice?

Question495: What is a common reason for implementing fine-grained segmentation to an existing network environment?

Question496: Which of the following benefits does Role Based Access Control (RBAC) provide for the access review process?

Question497: Which of the following controls would be the BEST recommendation to address Structured Query Language (SQL) injection, Cross Site Scripting (XSS), and directory traversal attacks?

Question498: Which of the following is a MAJOR consideration in implementing a Voice over Internet Protocol (VoIP) network?

Question499: Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?

Question500: Identity and Access Management (IAM) tools support the use of Security Assertion Markup Language (SAML). Which of the following statements is true of SAML?

Question501: Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?

Question502: When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users accessing the VoIP network. Which of the following will BEST help secure the VoIP network?

Question503: Which of the following is the MOST likely reason a Human Resource (HR)department conducts a second screening for an employee?

Question504: An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Question505: As a security manger which of the following is the MOST effective practice for providing value to an organization?

Question506: An information security consultant is asked to make recommendations for a small business to protect the access to information, stored on network drives. The small business supports several government agencies that manage highly sensitive information. Which of the following recommendations is BEST to achieve this objective?

Question507: Which of the following reports issued by third party provider is MOST likely to include lest results that address Cross-Site Scripting (XSS) vulnerabilities?

Question508: Personally Identifiable Information (PIT) is becoming an extremely valuable asset to both organizations and hackers. Which of the following controls will BEST protect Pll from being leaked or intercepted?

Question509: After a breach incident, investigators narrowed the attack to a specific network administrator's credentials. However, there was no evidence to determine how the hackers obtained the credentials. Much of the following actions could have BEST avoided the above breach per the investigation described above?

Question510: Which of the following is the FIRST thing to consider when reviewing Information Technology (IT) internal controls?

Question511: When participating in a forensic investigation, who should be responsible to quantify the risk?

Question512: Which of the following is the MOST effective method of mitigating data theft from an active user workstation?

Question513: Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?

Question514: An organization is establishing a privacy program to ensure that personally identifiable information (PII) is properly protected. What is the FIRST action the organization should take to establish the program?

Question515: An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?

Question516: Which of the following is primarily responsible for deciding the classification of data in an organization?

Question517: Which of the following is a peer entity authentication method for Point-to-point Protocol (PPP)?

Question518: Which of the following phrases involves researching a targets configuration from public sources when performing a penetration test?

Question519: Who is the BEST person to review developed application code to ensure it has been tested and verified?

Question520: Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?

Question521: Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

Question522: Which of the following would present the highert annualized loss expectancy (ALE)?

Question523: Which of the following is the MOST challenging issue in apprehending cyber criminals?

Question524: Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?

Question525: Vulnerability scanners may allow for administrator to assign which of the following in order to assist in prioritizing remediation activities

Question526: The four basic principles of Kerberos are?

Question527: A project requires the use of an authentication mechanism where playback must be used Which of the following should be used?

Question528: How is supply chain risk determined?

Question529: It is better to use Elliptic Curve Cryptography (ECC) instead of the Rivest-Shamir-Adleman (RSA) algorithm in wireless applications because?

Question530: Which area of embedded devices are most commonly attacked?

Question531: What is the PRIMARY objective for conducting an internal security audit?

Question532: Which of the following is a characteristic of convert security testing?

Question533: Which of the following encryption technologies is based on the complexity of using discrete logarithms in a finite field?

Question534: Which of the following is the BEST reason for writing an information security policy?

Question535: If virus infection is suspected, which of the following is the FIRST step for the user to take?

Question536: What is the MOST effective way to determine a mission critical asset in an organization?

Question537: Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?

Question538: Which of the following technologies would provide the BEST alternative to anti-malware software?

Question539: Which of the following attacks is dependent upon the compromise of a secondary target in order to reach the primary target?

Question540: Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?

Question541: An information security analyst observed a device on the organization's network downloading a known application which removes limitations imposed by a mobile operating system using software and hardware exploits. Which of the following is this functionality called?

Question542: What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?

Question543: Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?

Question544: Which of the following resources is the BEST reference for web application scanning results?

Question545: During a Disaster Recovery (DR) simulation, it is discovered that the shared recovery site lacks adequate data restoration capabilities to support the implementation o( multiple plans simultaneously. What would be impacted by this fact if left unchanged?

Question546: How can a security engineer maintain network separation from a secure environment while allowing remote users to work in the secure environment?

Question547: Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

Question548: Who should formulate conclusions from a particular digital fore Ball, Submit a Toper Of Tags, and the results?

Question549: A distributed Denial of Service (DDoS) attack was carried out using malware called Mirai to create a large-scale command and control system to launch a botnet. Which of the following devices were the PRIMARY sources used to generate the attack traffic?

Question550: Which of the following phases in the software acquisition process does developing evaluation criteria take place?

Question551: Which of the following techniques is known to be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections?

Question552: Which of the following should be included in a good defense-in-depth strategy provided by object- oriented programming for software deployment?

Question553: Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?

Question554: Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization's approved policies before being allowed on the network?

Question555: A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?

Question556: Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other. The first machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address of 192.168.1.3/30 and the second machine has an IP/CIDR address 192.168.1.6/30. Which of the following is correct?

Question557: A group of organizations follows the same access standards and practices. One manages the verification and due diligence processes for the others. For a user to access a resource from one of the organizations, a check is made to see if that user has been certified. Which Federated Identity Management (FIM) process is this an example of?

Question558: In Identity Management (IdM), when is the verification stage performed?

Question559: Which of the following is the PRIMARY security interest of third-party, cloud computing Service Level Agreements (SU\)?

Question560: What documentation is produced FIRST when performing an effective physical loss control process?

Question561: Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

Question562: Which of the following is an important design feature for the outer door o f a mantrap?

Question563: A cybersecurity engineer has been tasked to research and implement an ultra-secure communications channel to protect the organization's most valuable intellectual property (IP). The primary directive in this initiative is to ensure there Is no possible way the communications can be intercepted without detection. Which of the following Is the only way to ensure this `outcome?

Question564: Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Question565: When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?

Question566: Which of the following is the MOST common cause of system or security failures?

Question567: Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

Question568: Which of the following advantages does Secure Sockets Layer Virtual Private Network (SSLVPN) have over Internet Protocol Security (IPSec) Virtual Private Network (VPN) in terms of network security?

Question569: Which of the following is the BEST security practice for data stored in removable media and mobile devices

Question570: Which of the following is the MAIN difference between a network-based firewall and a host-based firewall?

Question571: Which of the following is a possible advantage of manual vulnerability analysis when used in combination with' automated tools?

Question572: During examination of internet history records, the following string occurs within a Unique Resource Locator (URL):
https://companysite.com/search arp?search=
What type of vulnerability is the attacker trying to find

Question573: Which of the following is the MOST important goal of information asset valuation?

Question574: A security analyst for a large financial institution is reviewing network traffic related to an incident.
The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst's next step?

Question575: Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Question576: From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?

Question577: What is the BEST way to establish identity over the internet?

Question578: How is the session key used to encrypt a Secure Multipurpose Internet Mall Extension (S/MIME) message made available to the recipient?

Question579: Which of the following is the FIRST step in the incident response process?

Question580: What is the GREATEST challenge of an agent based patch management solution?

Question581: Which of the following is the BEST method for authenticating a Virtual Private Network (VPN) connection?

Question582: A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?

Question583: Which of the following are core categories of malicious attack against Internet of Things (IOT) devices?

Question584: A company needs to provide employee access to travel services, which are hosted by a third- party service provider, Employee experience is important, and when users are already authenticated, access to the travel portal is seamless. Which of the following methods is used to share information and grant user access to the travel portal?

Question585: Which of the following is the PRIMARY reason Android devices are considered a higher security risk than iPhone (IOS) devices?

Question586: An employee receives a promotion that entities them to access higher-level functions on the company's accounting system, as well as keeping their access to the previous system that is no longer needed or applicable. What is the name of the process that tries to remove this excess privilege?

Question587: Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?

Question588: A Distributed Denial of Service (DDoS) attack was carried out using malware called Mirai to create a large-scale command and control system to launch a botnet. Which of the following devices were the PRIMARY sources used to generate the attack traffic?

Question589: An organization is planning to have an it audit of its as a Service (SaaS) application to demonstrate to external parties that the security controls around availability are designed. The audit report must also cover a certain period of time to show the operational effectiveness of the controls. Which Service Organization Control (SOC) report would BEST fit their needs?

Question590: The Chief Information Security Officer (CISO) of an organization has requested that a Service Organization Control (SOC) report be created to outline the security and availability of a particular system over a 12-month period. Which type of SOC report should be utilized?

Question591: Which technique helps system designers consider potential security concerns of their systems and applications?

Question592: An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization's business goals?

Question593: Which of the following is a common characteristic of privacy?

Question594: An attacker has recreated a process on a local machine. This is an example of which of the following types of attack?

Question595: Additional padding may be added to toe Encapsulating Security Protocol (ESP) b trailer to provide which of the following?

Question596: What does the Maximum Tolerable Downtime (MTD) determine?

Question597: A company hired an external vendor to perform a penetration test of a new payroll system. The company's internal test team had already performed an in-depth application and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?

Question598: An organization's internal audit team performed a security audit on the company's system and reported that the manufacturing application is rarely updated along with other issues categorized as minor. Six months later, an external audit team reviewed the same system with the same scope, but identified severe weaknesses in the manufacturing application's security controls.
What is MOST likely to be the root cause of the internal audit team's failure in detecting these security issues?

Question599: What is the MOST common security risk of a mobile device?

Question600: Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)?

Question601: The MAIN purpose of placing a tamper seal on a computer system's case is to:

Question602: The design of a security system to prevent potential conflicts of interests should be based on which of the following security models?

Question603: Which of the following is a common feature of an Identity as a Service (IDaaS) solution?

Question604: A minimal implementation of endpoint security includes which of the following?

Question605: What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?

Question606: When a system changes significantly, who is PRIMARILY responsible for assessing the security impact?

Question607: What is the PRIMARY reason that a bit-level copy is more desirable than a file-level copy when replicating a hard drive's contents for an e-discovery investigation?

Question608: Which of the following is the MOST important first step in preparing for a security audit?

Question609: During testing, where are the requirements to inform parent organizations, law enforcement, and a computer incident response team documented?

Question610: The adoption of an enterprise-wide business continuilty program requires Which of the folllowing?

Question611: A digitally-signed e-mail was delivered over a wireless network protected with Wired Equivalent Privacy (WEP) protocol. Which of the following principles is at risk?

Question612: A breach investigation found a website was exploited through an open source component. What is the FIRST step in the process that could have prevented this breach?

Question613: When conduting a security assessment of access controls , Which activity is port of the data analysis phase?

Question614: In an IDEAL encryption system, who has sole access to the decryption key?

Question615: Which of the following is part of a Trusted Platform Module (TPM)?

Question616: Which of the following MUST the administrator of a security information and event management (SIEM) system ensure?

Question617: An organization wants to enable uses to authenticate across multiple security domains. To accomplish this they have decided to use Federated Identity Management (FIM). Which of the following is used behind the scenes in a FIM deployment?

Question618: Which of the following options is the best to provide remote access to a timesheet entry system on the company's intranet?

Question619: According to the (ISC)? ethics canon "act honorably, honestly, justly, responsibly, and legally," which order should be used when resolving conflicts?

Question620: As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these accounts maintained their old permissions as well. The obsolete permissions identified by the audit have been remediated and accounts have only the appropriate permissions to complete their jobs.
Which of the following is the BEST way to prevent access privilege creep?

Question621: What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

Question622: An organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general information technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?

Question623: When developing an organization's security policy, which of the following is MOST important to establish the strength of the policy?

Question624: Before allowing a web application into the production environment, the security practitioner performs multiple types of tests to confirm that the web application performs as expected. To test the username field, the security practitioner creates a test that enters more characters into the field than is allowed. Which of the following BEST describes the type of test performed?

Question625: Which of the following significantly influences the level of access control and monitoring that is implemented on a specific office or work area?

Question626: Mandatory Access Controls (MAC) are based on:

Question627: Point-to-Point Protocol (PPP) was designed to specifically address what issue?

Question628: Backup information that is critical to the organization is identified through a

Question629: When transmitting data over Unshielded Twisted Pair (UTP)cable, which of the following should be the MAIN concern to betaken in consideration?

Question630: An organization is formulating a strategy to provide access to third-party partners. The information technology (IT) department has been tasked with providing access by utilizing cloud services. Which of the following technologies is MOST commonly employed for completing the task?

Question631: Which of the following is MOST important to follow when developing information security controls for an organization?

Question632: Which of the following is the BEST evidence of an organization's regulatory compliance?

Question633: Which of the following terms is used to describe original, unaltered evidence?

Question634: Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Question635: Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

Question636: Physical assets defined in an organization's Business Impact Analysis (BIA) could include which of the following?

Question637: Which of the following processes is BEST used to determine the extent to which modifications to an information system affect the security posture of the system?

Question638: Which of the following BEST describes the practice of utilizing a malware-infected external storage device in a public location near its target?

Question639: Which of the following is the MAIN benefit of off-site storage?

Question640: An employee's home address should be categorized according to which of the following references?

Question641: Which of the following is a peor entity authentication method for Point-to-Point Protocol (PPP)?

Question642: What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

Question643: The Chief Information Security Officer (CISO) is to establish a single, centralized, and relational repository to hold all information regarding the software and hardware assets. Which of the following s ions would be the BEST option?

Question644: An organization is the victim of a major data breach just one month after passing an external cyber security audit. Which of the following is the likely reason for this situation?

Question645: Which scenario would be an example of a risk associated with a company's supply chain?

Question646: Which of the following areas need a higher level of security than the rest of the facility?

Question647: Which of the following regulations dictates how data breaches are handled?

Question648: Which of the following is the MOST common use of the Online Certificate Status Protocol (OCSP)?

Question649: Which of the following is a benefit of implementing data-in-use controls?

Question650: A company wants to implement two-factor authentication (2FA) to protect their computers from unauthorized users. Which solution provides the MOST secure means of authentication and meets the criteria they have set?

Question651: Which of the following initiates the system recovery phase of a disaster recovery plan?

Question652: A Simple Power Analysis (SPA) attack against a device directly observes which of the following?

Question653: Which of the following is MOST important when determining appropriate countermeasures for an identified risk?

Question654: Which of the following is the FINAL step when implementing an information security awareness program?

Question655: Upon commencement of an audit within an organization, which of the following actions is MOST important for the auditor(s) to take?

Question656: Who is primarily responsible to review analyzed reports resulting through the Information Security continuous Monitoring (ISCM)?

Question657: Which of the following should exist in order to perform a security audit?

Question658: A company's core Security Operations Center (SOC) would have a badge reader to exit the SOC to

Question659: Who in the organization is accountable for classification of data information assets?

Question660: A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?

Question661: Under which circumstances can law enforcement seize physical assets of a cloud service provider (CSP)?

Question662: Which of the following would BEST describe the role directly responsible for data within an organization?

Question663: Which of the following reports provides the BEST attestation of detailed controls when evaluating an Identity as a Service (IDaaS) solution?

Question664: A large organization is conducting an internal audit of technical controls for a critical system with numerous users. The audit will look far physical evidence either by direct inspection or by requesting copies of records and screenshots. What is the MOST effective approach for the audit?

Question665: Which of the following is BEST used for large groups of geographically distributed users collaborating on large data sets?

Question666: A Certified Information Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to4 perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC)? Code of Professional Ethics, which of the following should the CISSP do?

Question667: An organization's security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is being used?

Question668: In software development, which of the following entities normally signs the code to protect the code integrity?

Question669: A security engineer is designing a Customer Relationship Management (CRM) application for a third-party vendor. In which phase of the System Development Life Cycle (SDLC) will it be MOST beneficial to conduct a data sensitivity assessment?

Question670: Which of the following addresses requirements of security assessments during software acquisition?

Question671: An organization has requested storage area network (SAN) disks for a new project. What Redundant Array of Independent Disks (RAID) level provides the BEST redundancy and fault tolerance?

Question672: Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?

Question673: When would an organization review a Business Continuity Management (BCM) system?

Question674: What protocol is often used between gateway hosts on the Internet' To control the scope of a Business Continuity Management (BCM) system, a security practitioner should identify which of the following?

Question675: Which of the following is the MOST effective way to ensure hardware and software remain updated throughout an organization?

Question676: An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy?

Question677: An organization is considering partnering with a third-party supplier of cloud services. The organization will only be providing the data and the third-party supplier will be providing the security controls. Which of the following BEST describes this service offering?

Question678: When selecting a disk encryption technology, which of the following MUST also be assured to be encrypted?

Question679: How is protection for hypervisor host and software administration functions BEST achieved?

Question680: Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues?

Question681: A security professional in an enterprise organization is evaluating a software product for acquisition. During the contracting phase of the acquisition, the security professional learned that the software product has certain security flaws and as a result does not meet the security requirements. Which of the following should the security professional do in response to the situation?

Question682: An organization has discovered that users are visiting unauthorized websites using anonymous proxies. Which of the following is the BEST way to prevent future occurrences?

Question683: A malicious user gains access to unprotected directories on a web server. Which of the following is MOST likely the cause for this information disclosure?

Question684: A security team member was selected as a member of a Change Control Board (CCB) for an organization. Which of the following is one of their responsibilities?

Question685: It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?

Question686: What should an auditor do when conducting a periodic audit on media retention?

Question687: A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections?

Question688: During a disruptive event, which security continuity objectives will maintain an organization's information security to a predetermined level?

Question689: How should the retention period for an organization's social media content be defined?

Question690: What are the roles within a scrum methodology?

Question691: An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user's browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?

Question692: Which of the following mobile code security models relies only on trust?

Question693: A company's Access Control Policy restricts internal network access to employees. Policy testing revealed that customers were able to access internal resources. Which of the following networks component was MOST likely setup improperly?

Question694: An organization plan on purchasing a custom software product developed by a small vendor to support its business model.
Which unique consideration should be made part of the contractual agreement potential long- term risks associated with creating this dependency?

Question695: Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?

Question696: An organization implements Network Access Control (NAC) ay Institute of Electrical and Electronics Engineers (IEEE) 802.1x and discovers the printers do not support the IEEE 802.1x standard. Which of the following is the BEST resolution?

Question697: In a disaster recovery (DR) test, which of the following would be a trait of crisis management?

Question698: What is the FIRST action a security professional needs to take while assessing an organization's asset security in order to properly classify and protect access to data?

Question699: Which of the following activities are part of the Build and Test phase of Change and configuration Management?

Question700: When can Authorizing Officials (AO) authorize a system to operate?

Question701: Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?

Question702: What is considered the BEST when determining whether to provide remote network access to a third-party security service?

Question703: Which of the following types of information security assessment methods is the MOST objective?

Question704: Which is the RECOMMENDED configuration mode for sensors for an intrusion prevention system (IPS) if the prevention capabilities will be used?

Question705: When partnering with a third-party, it is the responsibility of a security professional to ensure which of the following?

Question706: Which of the following BEST represents the concept of least privilege?

Question707: Continuity of operations is BEST supported by which of the following?

Question708: Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?

Question709: A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?

Question710: In which identity management process is the subject's identity established?

Question711: Why is it important for a security officer to report directly to C-level management on analyzed data?

Question712: A hospital has three data classification levels: shareable without restrictions, shareable with restrictions, and internal use only. Which of the following BEST demonstrates adhering to principles of good enterprise data classification?

Question713: With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question714: An organization is developing employee training content to increase awareness of Payment Card Industry (PCI) standards. What are the three types of awareness roles applicable to the organization?

Question715: Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

Question716: At the destination host, which of the following OSI model layers will discard a segment with a bad checksum in the UDP header?

Question717: Lack of which of the following options could cause a negative effect on an organization's reputation, revenue, and result in legal action, if the organization fails to perform due diligence?

Question718: Which of the following command line tools can be used in the reconnaissance phase of a network vulnerability assessment?

Question719: What set of documents would aid in planning, performance and review of controls of a system, while also serving as a supporting documentation for the audit report and conclusions?

Question720: During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification.
Which of the following is the MOST likely reason for this?

Question721: A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against common vulnerabilities and attacks, What is the MOST efficient option used to prevent buffer overflow attacks?

Question722: An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?

Question723: Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?

Question724: What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?

Question725: Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?

Question726: Which is the MOST critical aspect of computer-generated evidence?

Question727: Along with detection, which of the following security strategies are examples of a comprehensive and robust security framework?

Question728: A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?

Question729: How can an enterprise BEST handle spam?

Question730: Which of the following phases involves researching a target's configuration from public sources when performing a penetration test?

Question731: Which of the following is the MOST effective countermeasure against Man-in-the Middle (MITM) attacks while using online banking?

Question732: A MAJOR security flaw with Voice over Internet Protocol (VoIP) is?