Question1: Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device which has been stolen?
Question2: Which of the following is the MOST significant key management problem due to the number of keys created?
Question3: For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?
Question4: Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when traveling to high-risk countries?
Question5: Which of the following is a security weakness in the evaluation of common criteria (CC) products?
Question6: Which of the following is the BEST method to reduce the effectiveness of phishing attacks?
Question7: Which of the following BEST obtains an objective audit of security controls?
Question8: The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide
Question9: Which of the following actions should be performed when implementing a change to a database schema in a production system?
Question10: When developing an organization's information security budget, it is important that the
Question11: Which of the following phases involves researching a target's configuration from public sources when performing a penetration test?
Question12: Which of the following are all elements of a disaster recovery plan (DRP)?
Question13: What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?
Question14: A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of
Question15: An organization implements Network Access Control (NAC) ay Institute of Electrical and Electronics Engineers (IEEE) 802.1x and discovers the printers do not support the IEEE 802.1x standard. Which of the following is the BEST resolution?
Question16: Who is responsible for the protection of information when it is shared with or provided to other organizations?
Question17: Which of the following addresses requirements of security assessments during software acquisition?
Question18: A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3c?
Question19: Which is the second phase of public key Infrastructure (pk1) key/certificate life-cycle management?
Question20: The security organization is looking for a solution that could help them determine with a strong level of confidence that attackers have breached their network. Which solution is MOST effective at discovering a successful network breach?
Question21: Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/internet Protocol (TCP/IP) traffic?
Question22: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The effectiveness of the security program can PRIMARILY be measured through
Question23: Which of the following statements is TRUE of black box testing?
Question24: When telephones in a city are connected by a single exchange, the caller can only connect with the switchboard operator. The operator then manually connects the call.
This is an example of which type of network topology?
Question25: Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?
Question26: A network administrator is configuring a database server and would like to ensure the database engine is listening on a certain port. Which of the following commands should the administrator use to accomplish this goal?
Question27: Which of the following is a PRIMARY challenge when running a penetration test?
Question28: Which item below is a federated identity standard?
Question29: In which of the following scenarios is locking server cabinets and limiting access to keys preferable to locking the server room to prevent unauthorized access?
Question30: Which one of the following considerations has the LEAST impact when considering transmission security?
Question31: The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would
Question32: Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?
Question33: Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?
Question34: Which of the following is the MAIN goal of a data retention policy?
Question35: Which of the following are important criteria when designing procedures and acceptance criteria for acquired software?
Question36: Which of the following is considered a secure coding practice?
Question37: A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.
Which of the following is the BEST location?
Question38: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will indicate where the IT budget is BEST allocated during this time?
Question39: Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?
Question40: Which of the following is the name of an individual or group that is impacted by a change?
Question41: Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment?
Question42: Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process?
Question43: The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct
Question44: Which of the following MUST be considered when developing business rules for a data loss prevention (DLP) solution?
Question45: Which of the following is an effective method for avoiding magnetic media data remanence?
Question46: Which of the following is a canon of the (ISC)2 Code of Ethics?
Question47: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives?
Question48: How long should the records on a project be retained?
Question49: What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?
Question50: In which process MUST security be considered during the acquisition of new software?
Question51: International bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of the following?
Question52: Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver?
Question53: Computer forensics require which of the following are MAIN steps?
Question54: Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?
Question55: In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?
Question56: Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0 to integrate a third-party identity provider for a service?
Question57: Which of the following needs to be tested to achieve a Cat 6a certification for a company's data cabling?
Question58: An Internet media company produces and broadcasts highly popular television shows. The company is suffering a huge revenue loss due to piracy. What technique should be used to track the distribution of content?
Question59: Who in the organization is accountable for classification of data information assets?
Question60: A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied.
The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?
Question61: What is considered the BEST explanation when determining whether to provide remote network access to a third-party security service?
Question62: What is the MAIN objective of risk analysis in Disaster Recovery (DR) planning?
Question63: Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Question64: An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?
Question65: From a security perspective, which of the following assumptions MUST be made about input to an application?
Question66: Which security action should be taken FIRST when computer personnel are terminated from their jobs?
Question67: When determining data and information asset handling, regardless of the specific toolset being used, which of the following is one of the common components of big data?
Question68: Which of the following is part of a Trusted Platform Module (TPM)?
Question69: Which of the following is the MOST effective method of detecting vulnerabilities in web-based applications early in the secure Software Development Life Cycle (SDLC)?
Question70: What is the PRIMARY purpose for an organization to conduct a security audit?
Question71: During a recent assessment an organization has discovered that the wireless signal can be detected outside the campus area. What logical control should be implemented in order to BFST protect One confidentiality of information traveling One wireless transmission media?
Question72: Which of the following is a MAJOR concern when there is a need to preserve or retain information for future retrieval?
Question73: Which of the following roles is responsible for ensuring that important datasets are developed, maintained, and are accessible within their defined specifications?
Question74: What documentation is produced FIRST when performing an effective physical loss control process?
Question75: Which of the following is a remote access protocol that uses a static authentication?
Question76: A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?
Question77: A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled.
Why did the network architect likely design the VoIP system with gratuitous ARP disabled?
Question78: The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for which of the following operations?
Question79: How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?
Question80: When determining who can accept the risk associated with a vulnerability, which of the following is the MOST important?
Question81: A Business Continuity Plan (BCP) is based on
Question82: copyright provides protection for which of the following?
Question83: A security professional has reviewed a recent site assessment and has noted that a server room on the second floor of a building has Heating, Ventilation, and Air Conditioning (HVAC) intakes on the ground level that have ultraviolet light filters installed, Aero-K Fire suppression in the server room, and pre-action fire suppression on floors above the server room. Which of the following changes can the security professional recommend to reduce risk associated with these conditions?
Question84: Additional padding may be added to the Encapsulating security protocol (ESP) trailer to provide which of the following?
Question85: Which of the following practices provides the development team with a definition of security and identification of threats in designing software?
Question86: In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?
Question87: When configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network, which of the following authentication types is the MOST secure?
Question88: A new Chief Information Officer (CIO) created a group to write a data retention policy based on applicable laws. Which of the following is the PRIMARY motivation for the policy?
Question89: An organization has determined that its previous waterfall approach to software development is not keeping pace with business demands. To adapt to the rapid changes required for product delivery, the organization has decided to move towards an Agile software development and release cycle. In order to ensure the success of the Agile methodology, who is MOST critical in creating acceptance tests or acceptance criteria for each release?
Question90: An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?
Question91: Which of the fallowing statements is MOST accurate regarding information assets?
Question92: Which of the following is the MOST critical success factor in the security patch management process?
Question93: As a security manger which of the following is the MOST effective practice for providing value to an organization?
Question94: When a flaw in Industrial control (ICS) software is discovered, what is the GREATEST impediment to deploying a patch?
Question95: What does secure authentication with logging provide?
Question96: A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?
Question97: Which of the following is a recommended alternative to an integrated email encryption system?
Question98: Which of the following is the BEST defense against password guessing?
Question99: When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?
Question100: Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)?
Question101: During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.

Question102: A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?
Question103: Which of the following BEST describes the responsibilities of a data owner?
Question104: An organization recently upgraded to a Voice over Internet Protocol (VoIP) phone system. Management is concerned with unauthorized phone usage. Security consultant is responsible for putting together a plan to secure these phones. Administrators have assigned unique personal identification number codes for each person in the organization. What is the BEST solution?
Question105: Which of the following are effective countermeasures against passive network-layer attacks?
Question106: A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in place. Which is the MOST suitable approach that the administrator should take?
Question107: All hosts on the network are sending logs via syslog-ng to the log collector. The log collector is behind its own firewall, The security professional wants to make sure not to put extra load on the firewall due to the amount of traffic that is passing through it. Which of the following types of filtering would MOST likely be used?
Question108: What do you think is the best way to secure a camera?
Question109: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Which of the following is considered the MOST important priority for the information security officer?
Question110: What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?
Question111: What is the BEST way to establish identity over the internet?
Question112: Which of the following is the MOST effective method of mitigating data theft from an active user workstation?
Question113: Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?
Question114: When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?
Question115: According to the (ISC)? ethics canon "act honorably, honestly, justly, responsibly, and legally," which order should be used when resolving conflicts?
Question116: Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?
Question117: An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?
Question118: If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?
Question119: When reviewing the security logs, the password shown for an administrative login event was ' OR ' '1'='1' --.
This is an example of which of the following kinds of attack?
Question120: Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?
Question121: Which of the following services can be deployed via a cloud service or on-premises to integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?
Question122: Match the functional roles in an external audit to their responsibilities.
Drag each role on the left to its corresponding responsibility on the right.
Select and Place:

Question123: When defining a set of security controls to mitigate a risk, which of the following actions MUST occur?
Question124: Which of the following are mandatory canons for the (ISC)* Code of Ethics?
Question125: Which of the following uses the destination IP address to forward packets?
Question126: What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?
Question127: Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?
Question128: Which of the following is the FIRST step in the incident response process?
Question129: Which of the following attacks is dependent upon the compromise of a secondary target in order to reach the primary target?
Question130: Which of the following media is least problematic with data remanence?
Question131: A vehicle of a private courier company that transports backup data for offsite storage was robbed while in transport backup data for offsite was robbed while in transit. The incident management team is now responsible to estimate the robbery, which of the following would help the incident management team to MOST effectively analyze the business impact of the robbery?
Question132: Which of the following is the MOST difficult to enforce when using cloud computing?
Question133: Digital certificates used in Transport Layer Security (TLS) support which of the following?
Question134: What does the term "100-year floodplain" mean to emergency preparedness officials?
Question135: Which of the following is an open standard for exchanging authentication and authorization data between parties?
Question136: A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language (SAML). What is the PRIMARY security benefit in switching to SAML?
Question137: What should an auditor do when conducting a periodic audit on media retention?
Question138: Which of the following is the BEST Identity-as-a-Service (IDaaS) solution for validating users?
Question139: Which of the following BEST describes centralized identity management?
Question140: Which of the following open source software issues pose the MOST risk to an application?
Question141: Which security service is served by the process of encryption plaintext with the sender's private key and decrypting cipher text with the sender's public key?
Question142: Which of the following BEST describes the purpose of performing security certification?
Question143: Which of the following is an important design feature for the outer door o f a mantrap?
Question144: The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?
Question145: Which change management role is responsible for the overall success of the project and supporting the change throughout the organization?
Question146: Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?
Question147: Management has decided that a core application will be used on personal cellular phones. As an implementation requirement, regularly scheduled analysis of the security posture needs to be conducted.
Management has also directed that continuous monitoring be implemented. Which of the following is required to accomplish management's directive?
Question148: Which of the following phases in the software acquisition process does developing evaluation criteria take place?
Question149: Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?
Question150: Which of the following mandates the amount and complexity of security controls applied to a security risk?
Question151: Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Question152: The MAIN task of promoting security for Personal Computers (PC) is
Question153: A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?
Question154: Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals?
Question155: Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?
Question156: The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?
Question157: To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?
Question158: An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared.
What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization's business goals?
Question159: Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?
Question160: In which of the following programs is it MOST important to include the collection of security process data?
Question161: An organization implements a remote access server (RAS), Once users connect to the server, digital certificates are used to authenticate their identity. What type of extensible Authentication protocol (EAP) would the organization use during this authentication?
Question162: Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?
Question163: Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain.
Which of the following is LEAST associated with the attack surface?
Question164: The Chief Information Officer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud architecture. All business-critical data will be migrated to either internal or external cloud services within the next two years. The CIO has a PRIMARY obligation to work with personnel in which role in order to ensure proper protection of data during and after the cloud migration?
Question165: During a fingerprint verification process, which of the following is used to verify identity and authentication?
Question166: Which of the following is MOST critical in a contract in a contract for data disposal on a hard drive with a third party?
Question167: A Certified Information Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to4 perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC)? Code of Professional Ethics, which of the following should the CISSP do?
Question168: What part of an organization's strategic risk assessment MOST likely includes information on items affecting the success of the organization?
Question169: A client server infrastructure that provides user-to-server authentication describes which one of the following?
Question170: When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?
Question171: If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol (VoIP), which of the following becomes even MORE essential to the assurance of network?
Question172: Who should formulate conclusions from a particular digital fore Ball, Submit a Toper Of Tags, and the results?
Question173: Which is the RECOMMENDED configuration mode for sensors for an intrusion prevention system (IPS) if the prevention capabilities will be used?
Question174: Which of the following routing protocols is used to exchange route information between public autonomous systems?
Question175: A software development company found odd behavior in some recently developed software, creating a need for a more thorough code review. What is the MOST effective argument for a more thorough code review?
Question176: A small office is running WiFi 4 APs, and neighboring offices do not want to increase the throughput to associated devices. Which of the following is the MOST cost-efficient way for the office to increase network performance?
Question177: Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?
Question178: Which of the following is the MOST important reason for using a chain of custody from?
Question179: Why is data classification control important to an organization?
Question180: When transmitting information over public networks, the decision to encrypt it should be based on
Question181: Which security access policy contains fixed security attributes that are used by the system to determine a user's access to a file or object?
Question182: In systems security engineering, what does the security principle of modularity provide?
Question183: The Chief Information Security Officer (CISO) is concerned about business application availability. The organization was recently subject to a ransomware attack that resulted in the unavailability of applications and services for 10 working days that required paper-based running of all main business processes. There are now aggressive plans to enhance the Recovery Time Objective (RTO) and cater for more frequent data captures.
Which of the following solutions should be implemented to fully comply to the new business requirements?
Question184: Which of the following is a secure design principle for a new product?
Question185: What is the PRIMARY objective of an application security assessment?
Question186: Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?
Question187: The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?
Question188: What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?
Question189: The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?
Question190: An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take to ensure data is properly protected from public release?
Question191: Which of the following is the MOST common use of the Online Certificate Status Protocol (OCSP)?
Question192: Which of the following BEST describes the use of network architecture in reducing corporate risks associated with mobile devices?
Question193: Limiting the processor, memory, and Input/output (I/O) capabilities of mobile code is known as
Question194: Which of the following protects personally identifiable information (PII) used by financial services organizations?
Question195: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?
Question196: Which would result in the GREATEST import following a breach to a cloud environment?
Question197: What is the MOST effective way to protect privacy?
Question198: Before allowing a web application into the production environment, the security practitioner performs multiple types of tests to confirm that the web application performs as expected. To test the username field, the security practitioner creates a test that enters more characters into the field than is allowed. Which of the following BEST describes the type of test performed?
Question199: What is the PRIMARY reason for ethics awareness and related policy implementation?
Question200: Which of the following is the PRIMARY benefit of a formalized information classification program?
Question201: Which of the following is the BEST way to mitigate circumvention of access controls?
Question202: It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?
Question203: Which of the following vulnerability assessment activities BEST exemplifies the Examine method of assessment?
Question204: What is maintained by using write blocking devices whan forensic evidence is examined?
Question205: Which of the following is a common characteristic of privacy?
Question206: In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?
Question207: What is the BEST location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access?
Question208: Which of the following is a common term for log reviews, synthetic transactions, and code reviews?
Question209: In which identity management process is the subject's identity established?
Question210: A company wants to store data related to users on an offsite server. What method can be deployed to protect the privacy of the user's information while maintaining the field-level configuration of the database?
Question211: Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-system gracefully handle invalid input?
Question212: The PRIMARY outcome of a certification process is that it provides documented
Question213: A Chief Information Security Officer (CISO) of a firm which decided to migrate to cloud has been tasked with ensuring an optimal level of security. Which of the following would be the FIRST consideration?
Question214: Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?
Question215: Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation?
Question216: The Secure Shell (SSH) version 2 protocol supports.
Question217: What principle requires that changes to the plaintext affect many parts of the ciphertext?
Question218: What type of database attack would allow a customer service employee to determine quarterly sales results before they are publically announced?
Question219: Which of the following is the MOST important consideration in selecting a security testing method based on different Radio-Frequency Identification (RFID) vulnerability types?
Question220: When conducting a security assessment of access controls , Which activity is port of the data analysis phase?
Question221: A security engineer is designing a Customer Relationship Management (CRM) application for a third-party vendor. In which phase of the System Development Life Cycle (SDLC) will it be MOST beneficial to conduct a data sensitivity assessment?
Question222: Which of the following could cause a Denial of Service (DoS) against an authentication system?
Question223: What technique used for spoofing the origin of an email can successfully conceal the sender s Internet Protocol (IP) address?
Question224: While reviewing the financial reporting risks of a third-party application, which of the following Service Organization Control (SOC) reports will be the MOST useful?
Question225: As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?
Question226: A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?
Question227: Utilizing a public wireless Local Area network (WLAN) to connect to a private network should be done only in which of the following situations?
Question228: An organization's retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan.
Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?
Question229: Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?
Question230: Which of the following are required components for implementing software configuration management systems?
Question231: An organization has requested storage area network (SAN) disks for a new project. What Redundant Array of Independent Disks (RAID) level provides the BEST redundancy and fault tolerance?
Question232: A digitally-signed e-mail was delivered over a wireless network protected with Wired Equivalent Privacy (WEP) protocol. Which of the following principles is at risk?
Question233: A company hired an external vendor to perform a penetration test ofa new payroll system. The company's internal test team had already performed an in-depth application and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?
Question234: Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?
Question235: Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Which of the following is the FIRST step in developing an ISCM strategy and implementing an ISCM program?
Question236: Who would be the BEST person to approve an organizations information security policy?
Question237: When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users accessing the VoIP network. Which of the following will BEST help secure the VoIP network?
Question238: Which of the following BEST represents the concept of least privilege?
Question239: What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?
Question240: What is the MOST effective countermeasure to a malicious code attack against a mobile system?
Question241: Are companies legally required to report all data breaches?
Question242: Which of the following is the MOST effective preventative method to identify security flaws in software?
Question243: Which of the following is true of Service Organization Control (SOC) reports?
Question244: How does identity as a service (IDaaS) provide an easy mechanism for integrating identity service into individual applications with minimal development effort?
Question245: Which of the following is a unique feature of attribute-based access control (ABAC)?
Question246: Which of the following questions can be answered using user and group entitlement reporting?
Question247: A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?
Question248: Which of the following is the BEST way to protect against Structured Query language (SQL) injection?
Question249: Which of the following is a security limitation of File Transfer Protocol (FTP)?
Question250: Which of the following is used to detect steganography?
Question251: An organization has a short-term agreement with a public Cloud Service Provider (CSP). Which of the following BEST protects sensitive data once the agreement expires and the assets are reused?
Question252: Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?
Question253: Which inherent password weakness does a One Time Password (OTP) generator overcome?
Question254: Which of the following is an important requirement when designing a secure remote access system?
Question255: The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?
Question256: Which of the following is used to ensure that data mining activities Will NOT reveal sensitive data?
Question257: The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data
Question258: A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS).
Which of the following factors leads the company to choose an IDaaS as their solution?
Question259: Which of the following examples is BEST to minimize the attack surface for a customer's private information?
Question260: Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?
Question261: Digital certificates used transport Layer security (TLS) support which of the following?
Question262: A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst's next step?
Question263: For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?
Question264: What is the MINIMUM standard for testing a disaster recovery plan (DRP)?
Question265: Additional padding may be added to toe Encapsulating Security Protocol (ESP) b trailer to provide which of the following?
Question266: Which of the following is the BEST statement for a professional to include as port of business continuity (BC) procedure?
Question267: A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?
Question268: What component of a web application that stores the session state in a cookie an attacker can bypass?
Question269: Which of the following will an organization's network vulnerability testing process BEST enhance?
Question270: Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?
Question271: Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP).
Which of the following represents a valid measure to help protect the network against unauthorized access?
Question272: Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized?
Question273: Which of the following four iterative steps are conducted on third-party vendors in an on-going basis?
Question274: The security organization is loading for a solution that could help them determine with a strong level of confident that attackers have breached their network. Which solution is MOST effective at discovering successful network breach?
Question275: Which of the following is an indicator that a company's new user security awareness training module has been effective?
Question276: The Hardware Abstraction Layer (HAL) is implemented in the
Question277: Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?
Question278: An organization is required to comply with the Payment Card Industry Data Security Standard (PCI-DSS), what is the MOST effective approach to safeguard digital and paper media that contains cardholder data?
Question279: An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?
Question280: A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The audit logging generates extremely high amount of logs. What is the MOST appropriate strategy for the log retention?
Question281: When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified?
Question282: During which of the following processes is least privilege implemented for a user account?
Question283: Which of the following is the MOST appropriate action when reusing media that contains sensitive data?
Question284: Which of the following is a characteristic of an internal audit?
Question285: In order to assure authenticity, which of the following are required?
Question286: An organization is planning to have an it audit of its as a Service (SaaS) application to demonstrate to external parties that the security controls around availability are designed. The audit report must also cover a certain period of time to show the operational effectiveness of the controls. Which Service Organization Control (SOC) report would BEST fit their needs?
Question287: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
When determining appropriate resource allocation, which of the following is MOST important to monitor?
Question288: An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the FIRST action to be taken?
Question289: When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
Question290: A technician wants to install a WAP in the center of a room that provides service in a radius surrounding a radio. Which of the following antenna types should the AP utilize?
Question291: A security engineer is required to integrate security into a software project that is implemented by small groups test quickly, continuously, and independently develop, test, and deploy code to the cloud. The engineer will MOST likely integrate with which software development process'
Question292: Which of the following is used to support the concept of defense in depth during the development phase of a software product?
Question293: What is the MOST important factor in establishing an effective Information Security Awareness Program?
Question294: Which of the following is the BEST technique to facilitate secure software development?
Question295: Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?
Question296: The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?
Question297: Which of the following job functions MUST be separated to maintain data and application integrity?
Question298: In a data classification scheme, the data is owned by the
Question299: Which of the following is the MOST important element of change management documentation?
Question300: Which of the following actions should be taken by a security professional when a mission critical computer network attack is suspected?
Question301: By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the
Question302: From an asset security perspective, what is the BEST countermeasure to prevent data theft due to data remanence when a sensitive data storage media is no longer needed?
Question303: Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this TAM action?
Question304: The application of which of the following standards would BEST reduce the potential for data breaches?
Question305: Which of the following is the BEST way to protect an organization's data assets?
Question306: A security practitioner is tasked with securing the organization's Wireless Access Points (WAP). Which of these is the MOST effective way of restricting this environment to authorized users?
Question307: Which of the following is the PRIMARY consideration when determining the frequency an automated control should be assessed or monitored?
Question308: Which of the following is an advantage of on premise Credential Management Systems?
Question309: Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?
Question310: While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?
Question311: Which of the following is a common feature of an Identity as a Service (IDaaS) solution?
Question312: Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?
Question313: Which of the following is the final phase of the identity and access provisioning lifecycle?
Question314: What security risk does the role-based access approach mitigate MOST effectively?
Question315: In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below.
Which of the following would be a reasonable annual loss expectation?

Question316: Which of the following describes the order in which a digital forensic process is usually conducted?
Question317: A cybersecurity engineer has been tasked to research and implement an ultra-secure communications channel to protect the organization's most valuable intellectual property (IP). The primary directive in this initiative is to ensure there Is no possible way the communications can be intercepted without detection. Which of the following Is the only way to ensure this
'outcome?
Question318: Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?
Question319: Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).

Question320: Who is essential for developing effective test scenarios for disaster recovery (DR) test plans?
Question321: What is the MOST appropriate hierarchy of documents when implementing a security program?
Question322: A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?
Question323: Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?
Question324: Which of the following methods can be used to achieve confidentiality and integrity for data in transit?
Question325: An attacker is able to remain indefinitely logged into a exploiting to remain on the web service?
Question326: Which of the following is a direct monetary cost of a security incident?
Question327: When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?
Question328: Which of the following restricts the ability of an individual to carry out all the steps of a particular process?
Question329: An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies.
What code of ethics canon is being observed?
Question330: Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
Question331: Which of the following technologies would provide the BEST alternative to anti-malware software?
Question332: The amount of data that will be collected during an audit is PRIMARILY determined by the.
Question333: The Chief Information Security Officer (CISO) of an organization has requested that a Service Organization Control (SOC) report be created to outline the security and availability of a particular system over a 12-month period. Which type of SOC report should be utilized?
Question334: An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim's existing browser session with a web application is an example of which of the following types of attack?
Question335: A disadvantage of an application filtering firewall is that it can lead to
Question336: Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a
Question337: A security practitioner has been tasked with establishing organizational asset handling procedures. What should be considered that would have the GRFATEST impact to the development of these procedures?
Question338: If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the
Question339: The MAIN purpose of placing a tamper seal on a computer system's case is to:
Question340: An Intrusion Detection System (IDS) is based on the general hypothesis that a security violation is associated with a pattern of system usage which can be
Question341: Which of the following MOST influences the design of the organization's electronic monitoring policies?
Question342: What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?
Question343: Which of the following should be included in a good defense-in-depth strategy provided by object-oriented programming for software deployment?
Question344: Which type of fire alarm system sensor is intended to detect fire at its earliest stage?
Question345: An organization has implemented a new backup process which protects confidential data by encrypting the information stored on backup tapes. Which of the following is a MAJOR data confidentiality concern after the implementation of this new backup process?
Question346: Which of the following are core categories of malicious attack against Internet of Things (IOT) devices?
Question347: What is the difference between media marking and media labeling?
Question348: Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?
Question349: Which of the following value comparisons MOST accurately reflects the agile development approach?
Question350: When assessing the audit capability of an application, which of the following activities is MOST important?
Question351: Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
The organization should ensure that the third party's physical security controls are in place so that they
Question352: With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?
Question353: Which of the following is a responsibility of the information owner?
Question354: Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?
Question355: Which of the following MUST an organization do to effectively communicate is security strategy to all affected parties?
Question356: As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to
Question357: The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?
Question358: When developing the entitlement review process, which of the following roles is responsible for determining who has a need for the information?
Question359: Which attack defines a piece of code that is inserted into software to trigger a malicious function?
Question360: Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?
Question361: In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?
Question362: Which of the following is the BEST way to determine the success of a patch management process?
Question363: Which of the following is a common measure within a Local Area Network (LAN) to provide en additional level of security through segmentation?
Question364: A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is MOST likely to achieve this goal?
Question365: An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place.
When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?
Question366: A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against common vulnerabilities and attacks, What is the MOST efficient option used to prevent buffer overflow attacks?
Question367: Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?
Question368: What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?
Question369: In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?

Question370: If an employee transfers from one role to another, which of the following actions should this trigger within the identity and access management (IAM) lifecycle?
Question371: Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?
Question372: Which of the following is the BEST identity-as-a-service (IDaaS) solution for validating users?
Question373: A corporate security policy specifies that all devices on the network must have updated operating system patches and anti-malware software. Which technology should be used to enforce this policy?
Question374: Which evidence collecting technique would be utilized when it is believed an attacker is employing a rootkit and a quick analysis is needed?
Question375: Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?
Question376: A corporation does not have a formal data destruction policy. During which phase of a criminal legal proceeding will this have the MOST impact?
Question377: At the destination host, which of the following OSI model layers will discard a segment with a bad checksum in the UDP header?
Question378: When should an application invoke re-authentication in addition to initial user authentication?
Question379: With data labeling, which of the following MUST be the key decision maker?
Question380: Which of the following initiates the systems recovery phase of a disaster recovery plan?
Question381: At which phase of the software assurance life cycle should risks associated with software acquisition strategies be identified?
Question382: Which of the following is an accurate statement when an assessment results in the discovery of vulnerabilities in a critical network component?
Question383: Which of the following findings would MOST likely indicate a high risk in a vulnerability assessment report?
Question384: What is the correct order of steps in an information security assessment?
Place the information security assessment steps on the left next to the numbered boxes on the right in the correct order.

Question385: Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)?
Question386: Which of the following is included in the Global System for Mobile Communications (GSM) security framework?
Question387: Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?
Question388: Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?
Question389: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four files?
Question390: Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?
Question391: What is the BEST approach to addressing security issues in legacy web applications?
Question392: What is the BEST design for securing physical perimeter protection?
Question393: Upon commencement of an audit within an organization, which of the following actions is MOST important for the auditor(s) to take?
Question394: The FIRST step in building a firewall is to
Question395: Given a file containing ordered number, i.e. "123456789," match each of the following redundant Array of independent Disks (RAID) levels to the corresponding visual representation visual representation. Note: P() = parity.
Drag each level to the appropriate place on the diagram.

Question396: An attacker has intruded into the source code management system and is able to download but not modify the code. Which of the following aspects of the code theft has the HIGHEST security impact?
Question397: A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in ?
Question398: A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon auditing the internal firewall configuration, the network administrator discovered that split-tunneling was enabled. What is the concern with this configuration?
Question399: An organization that has achieved a Capability Maturity model Integration (CMMI) level of 4 has done which of the following?
Question400: Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?
Question401: Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) confidentiality category?
Question402: What type of investigation applies when malicious behavior is suspected between two organizations?
Question403: Which of the following is the MAIN reason for using configuration management?
Question404: A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?
Question405: In a basic SYN flood attack, what is the attacker attempting to achieve?
Question406: Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?
Question407: Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?
Question408: A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance?
Question409: A company-wide penetration test result shows customers could access and read files through a web browser.
Which of the following can be used to mitigate this vulnerability?
Question410: Which of the following is fundamentally required to address potential security issues when initiating software development?
Question411: Which of the following is a PRIMARY advantage of using a third-party identity service?
Question412: Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?
Question413: A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system?
Question414: According to the Capability Maturity Model Integration (CMMI), which of the following levels is identified by a managed process that is tailored from the organization's set of standard processes according to the organization's tailoring guidelines?
Question415: What is the FIRST step in risk management?
Question416: At what stage of the Software Development Life Cycle (SDLC) does software vulnerability remediation MOST likely cost the least to implement?
Question417: Which of the following is the MAIN difference between a network-based firewall and a host-based firewall?
Question418: Which of the following initiates the system recovery phase of a disaster recovery plan?
Question419: Which of the following is required to determine classification and ownership?
Question420: Which of the following is established to collect information Se eee ee ee nation readily available in part through implemented security controls?
Question421: If virus infection is suspected, which of the following is the FIRST step for the user to take?
Question422: During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?
Question423: A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating System (OS) was not properly detected.
Where in the vulnerability assessment process did the erra MOST likely occur?
Question424: Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?
Question425: Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
If the intrusion causes the system processes to hang, which of the following has been affected?
Question426: Which of the following is the BEST approach for a forensic examiner to obtain the greatest amount of relevant information form malicious software?
Question427: Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?
Question428: A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?
Question429: Which of the following BEST describes a rogue Access Point (AP)?
Question430: Who is accountable for the information within an Information System (IS)?
Question431: a large organization uses biometrics to allow access to its facilities. It adjusts the biometric value for incorrectly granting or denying access so that the two numbers are the same.
What is this value called?
Question432: What action should be taken by a business line that is unwilling to accept the residual risk in a system after implementing compensating controls?
Question433: Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength.
Drag the authentication type on the correct positions on the right according to strength from weakest to strongest.

Question434: What is the FINAL step in the waterfall method for contingency planning?
Question435: Which of the following is the FIRST step for defining Service Level Requirements (SLR)?
Question436: Secure coding can be developed by applying which one of the following?
Question437: Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?
Question438: Which of the following techniques evaluates the secure Bet principles of network or software architectures?
Question439: What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?
Question440: Which of the following is the MOST secure password technique?
Question441: Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?
Question442: What would be the BEST action to take in a situation where collected evidence was left unattended overnight in an unlocked vehicle?
Question443: Which of the following statements is TRUE for point-to-point microwave transmissions?
Question444: Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider's customers?
Question445: In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?
Question446: Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments? Click on the correct specification in the image below.

Question447: A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?
Question448: Reciprocal backup site agreements are considered to be
Question449: "Stateful" differs from "Static" packet filtering firewalls by being aware of which of the following?
Question450: Which of the following protocols will allow the encrypted transfer of content on the Internet?
Question451: How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?
Question452: Disaster Recovery Plan (DRP) training material should be
Question453: For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following?
Question454: Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?
Question455: What is the most effective form of media sanitization to ensure residual data cannot be retrieved?
Question456: In addition to life, protection of which of the following elements is MOST important when planning a data center site?
Question457: What is the overall goal of software security testing?
Question458: An employee receives a promotion that entities them to access higher-level functions on the company's accounting system, as well as keeping their access to the previous system that is no longer needed or applicable. What is the name of the process that tries to remove this excess privilege?
Question459: Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks.
Which of the following is a correct list of password attacks?
Question460: Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?
Question461: Which of the following in the BEST way to reduce the impact of an externally sourced flood attack?
Question462: In Identity Management (IdM), when is the verification stage performed?
Question463: The PRIMARY purpose of accreditation is to:
Question464: Which of the following BEST describes the responsibilities of data owner?
Question465: Which of the following would be considered an incident if reported by a security information and event management (SIEM) system?
Question466: What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?
Question467: Which of the following provides the BEST method to verify that security baseline configurations are maintained?
Question468: The disaster recovery (DR) process should always include
Question469: Which of the following MUST be in place to recognize a system attack?
Question470: A web developer is completing a new web application security checklist before releasing the application to production. the task of disabling unecessary services is on the checklist. Which web application threat is being mitigated by this action?
Question471: A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?
Question472: Which programming methodology allows a programmer to use pre-determined blocks of code end consequently reducing development time and programming costs?
Question473: Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?
Question474: Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?
Question475: Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?
Question476: Which software defined networking (SDN) architectural component is responsible for translating network requirements?
Question477: Which of the following is needed to securely distribute symmetric cryptographic keys?
Question478: Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security?
Question479: Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?
Question480: Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?
Question481: Which of the following is the best practice for testing a Business Continuity Plan (BCP)?
Question482: If a content management system (CSM) is implemented, which one of the following would occur?
Question483: Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?
Question484: What type of access control determines the authorization to resource based on pre-defined job titles within an organization?
Question485: Which of the following types of hosts should be operating in the demilitarized zone (DMZ)?
Question486: Before implementing an internet-facing router, a network administrator ensures that the equipment is baselined/hardened according to approved configurations and settings. This action provides protection against which of the following attacks?
Question487: Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?
Question488: An organization is trying to secure instant messaging (IM) communications through its network perimeter.
Which of the following is the MOST significant challenge?
Question489: When developing a business case for updating a security program, the security program owner MUST do which of the following?
Question490: Which of the following is the top barrier for companies to adopt cloud technology?
Question491: Which of the following attributes could be used to describe a protection mechanism of an open design methodology?
Question492: Which of the following techniques evaluates the secure design principles of network OF software architectures?
Question493: A subscription service which provides power, climate control, raised flooring, and telephone wiring but NOT the computer and peripheral equipment is BEST described as a:
Question494: Multi-threaded applications are more at risk than single-threaded applications to
Question495: How can an attacker exploit overflow to execute arbitrary code?
Question496: Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?
Question497: Individuals have been identified and determined as having a need-to-know for the information. Which of the following access control methods MUST include a consistent set of rules for controlling and limiting access?
Question498: Which of the following analyses is performed to protect information assets?
Question499: The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it
Question500: A customer continues to experience attacks on their email, web, and File Transfer Protocol (FTP) servers.
These attacks are impacting their business operations. Which of the following is the BEST recommendation to make?
Question501: What is the FIRST step required in establishing a records retention program?
Question502: Which of the following contributes MOST to the effectiveness of a security officer?
Question503: When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs?
Question504: A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
Question505: In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?
Question506: Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
Question507: What security management control is MOST often broken by collusion?
Question508: Which of the following is the MOST beneficial to review when performing an IT audit?
Question509: The World Trade Organization's (WTO) agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) requires authors of computer software to be given the
Question510: Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input?
Question511: Which of the following entails identification of data end links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
Question512: Which of the following is the MOST important consideration that must be taken into account when deploying an enterprise patching solution that includes mobile devices?
Question513: Which of the following BEST describes botnets?
Question514: What is the MOST important consideration from a data security perspective when an organization plans to relocate?
Question515: When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?
Question516: When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?
Question517: Which of the following virtual network configuration options is BEST to protect virtual machines (VM)?
Question518: Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?
Question519: The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using
Question520: Which of the following is an example of a vulnerability of full-disk encryption (FDE)?
Question521: What is the MAIN purpose of conducting a business impact analysis (BIA)?
Question522: A hacker can use a lockout capability to start which of the following attacks?
Question523: Which type of test suite should be run for fast feedback during application develoment?
Question524: In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?
Question525: Which of the following is the BEST approach to implement multiple servers on a virtual system?
Question526: Which of the following is the PRIMARY risk with using open source software in a commercial software construction?
Question527: What is the FIRST step prior to executing a test of an organisation's disaster recovery (DR) or business continuity plan (BCP)?
Question528: The security team has been tasked with performing an interface test against a frontend external facing application and needs to verify that all input fields protect against invalid input. Which of the following BEST assists this process?
Question529: An engineer notices some late collisions on a half-duplex link. The engineer verifies that the devices on both ends of the connection are configured for half duplex. Which of the following is the MOST likely cause of this issue?
Question530: An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to
Question531: A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the application infrastructure located within one co-location data center.
Which security principle is the architect currently assessing?
Question532: Which of the following is of GREATEST assistance to auditors when reviewing system configurations?
Question533: Information security practitioners are in the midst of implementing a new firewall. Which of the following failure methods would BEST prioritize security in the event of failure?
Question534: To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk of an attack?
Question535: Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?
Question536: During a Disaster Recovery (DR) simu-lation, it is discovered that the shared recovery site lacks adequate data restoration capabilities to support the implementation of multiple plans simultaneously. What would be impacted by this fact if left unchanged?
Question537: As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?
Question538: The existence of physical barriers, card and personal identification number (PIN) access systems, cameras, alarms, and security guards BEST describes this security approach?
Question539: The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health information (PHI) data leak?
Question540: What is the PRIMARY goal of fault tolerance?
Question541: Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates?
Question542: Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users internal control over financial reporting?
Question543: An information security professional is reviewing user access controls on a customer-facing application. The application must have multi-factor authentication (MFA) in place. The application currently requires a username and password to login. Which of the following options would BEST implement MFA?
Question544: Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?
Question545: What is a characteristic of Secure Socket Layer (SSL) and Transport Layer Security (TLS)?
Question546: What is the process of removing sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique?
Question547: Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?
Question548: Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?
Question549: Internet Protocol (IP) source address spoofing is used to defeat
Question550: Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?
Question551: Match the access control type to the example of the control type.
Drag each access control type net to its corresponding example.

Question552: Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?
Question553: In the common criteria (CC) for information technology (IT) security evaluation, increasing Evaluation Assurance Levels (EAL) results in which of the following?
Question554: Which of the following is the MAIN benefit of off-site storage?
Question555: What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?
Question556: Which of the following outsourcing agreement provisions has the HIGHEST priority from a security operations perspective?
Question557: How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?
Question558: Which of the following describes the BEST configuration management practice?
Question559: In order for a security policy to be effective within an organization, it MUST include
Question560: Which of the following is the BEST way to protect against structured Query language (SQL) injection?
Question561: A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?
Question562: Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?
Question563: Access to which of the following is required to validate web session management?
Question564: A manager identified two conflicting sensitive user functions that were assigned to a single user account that had the potential to result in financial and regulatory risk to the company. The manager MOST likely discovered this during which of the following?
Question565: Place the following information classification steps in sequential order.

Question566: What is the term used to define where data is geographically stored in the cloud?
Question567: Physical Access Control Systems (PACS) allow authorized security personnel to manage and monitor access control for subjects through which function?
Question568: Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?
Question569: A recent security audit is reporting several unsuccessful login attempts being repeated at specific times during the day on an Internet facing authentication server. No alerts have been generated by the security information and event management (SIEM) system. What PRIMARY action should be taken to improve SIEM performance?
Question570: The security team plans on using automated account reconciliation in the corporate user access review process.
Which of the following must be implemented for the BEST results with fewest errors when running the audit?
Question571: Which one of the following BEST protects vendor accounts that are used for emergency maintenance?
Question572: When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?
Question573: Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique?
Question574: Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization's approved policies before being allowed on the network?
Question575: A vulnerability test on an Information System (IS) is conducted to
Question576: An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?
Question577: Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?
Question578: An organization is implementing data encryption using symmetric ciphers and the Chief Information Officer (CIO) is concerned about the risk of using one key to protect all sensitive data, The security practitioner has been tasked with recommending a solution to address the CIO's concerns, Which of the following is the BEST approach to achieving the objective by encrypting all sensitive data?
Question579: Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?
Question580: Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Question581: What is the PRIMARY advantage of using automated application security testing tools?
Question582: When using Security Assertion markup language (SAML), it is assumed that the principal subject
Question583: Which of the following is an initial consideration when developing an information security management system?
Question584: A security practitioner needs to implementation solution to verify endpoint security protections and operating system (0S) versions. Which of the following is the BEST solution to implement?
Question585: Order the below steps to create an effective vulnerability management process.

Question586: Which of the following countermeasures is the MOST effective in defending against a social engineering attack?
Question587: Which of the following MUST the administrator of a security information and event management (SIEM) system ensure?
Question588: Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?
Question589: Which of the following is the MOST comprehensive Business Continuity (BC) test?
Question590: Which area of embedded devices are most commonly attacked?
Question591: Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?
Question592: Which of the following is a potential risk when a program runs in privileged mode?
Question593: How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished?
Question594: An organization has discovered that users are visiting unauthorized websites using anonymous proxies.
Which of the following is the BEST way to prevent future occurrences?
Question595: What determines the level of security of a combination lock?
Question596: Logical access control programs are MOST effective when they are
Question597: Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?
Question598: Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?
Question599: Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?
Question600: The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks.
Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the MOST challenging aspect of this investigation?
Question601: Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?
Question602: What should be used to determine the risks associated with using Software as a Service (SaaS) for collaboration and email?