EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Question2: Which function does 802.1X provide?

Question3: Which mechanism provides the BEST protection against buffer overflow attacks in memory?

Question4: Who is accountable for the information within an Information System (IS)?

Question5: Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Question6: The security architect has been assigned the responsibility of ensuring integrity of the organization's electronic records. Which of the following methods provides the strongest level of integrity?

Question7: What is the PRIMARY purpose of peer code reviews?

Question8: If a security requirement for a given system states that unauthorized users must be unable to access the system, which of the following I would be MOST effective?

Question9: Vulnerability scanners may allow for the administrator to assign which of the following in order to assist in prioritizing remediation activities?

Question10: Which of the following BEST represents a defense in depth concept?

Question11: Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?

Question12: A large organization uses biometrics to allow access to its facilities. It adjusts the biometric value for incorrectly granting or denying access so that the two numbers are the same.
What is this value called?

Question13: Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation?

Question14: Security categorization of a new system takes place during which phase of the Systems Development Life Cycle (SDLC)?

Question15: What PRIMARY role does a honey pot play in overall security?

Question16: Which testing method requires very limited or no information about the network infrastructure?

Question17: The security organization is looking for a solution that could help them determine with a strong level of confidence that attackers have breached their network. Which solution is MOST effective at discovering a successful network breach?

Question18: What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password?

Question19: Reciprocal backup site agreements are considered to be

Question20: Which of the following techniques is MOST useful when dealing with Advanced persistent Threat (APT) intrusions on live virtualized environments?

Question21: An IT technician suspects a break in one of the uplinks that provides connectivity to the core switch. Which of the following command-line tools should the technician use to determine where the incident is occurring?

Question22: Which of the following is the MOST secure protocol for zremote command access to the firewall?

Question23: Which of the following is the MOST effective method of detecting vulnerabilities in web-based applications early in the secure Software Development Life Cycle (SDLC)?

Question24: An application developer is developing a web application that will store and process personal information of European Union (EU) residents. Which of the following security principles explicitly specified in General Data Protection Regulation (GDPR), should the developer apply to safeguard the personal information in the application?

Question25: Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?

Question26: A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?

Question27: Which of the following addresses requirements of security assessments during software acquisition?

Question28: A web developer is completing a new web application security checklist before releasing the application to production. the task of disabling unecessary services is on the checklist. Which web application threat is being mitigated by this action?

Question29: Which of the following practices provides the development of security and identification of threats in designing software?

Question30: A criminal organization is planning an attack on a government network. Which of the following is the MOST severe attack to the network availability?

Question31: Which of the following examples is BEST to minimize the attack surface for a customer's private information?

Question32: Which of the following is needed to securely distribute symmetric cryptographic keys?

Question33: When determining data and information asset handling, regardless of the specific toolset being used, which of the following is one of the common components of big data?

Question34: Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?

Question35: A security team member was selected as a member of a Change Control Board (CCB) for an organization. Which of the following is one of their responsibilities?

Question36: Which of the following is the MOST important activity an organization performs to ensure that security is part of the overall organization culture?

Question37: How can a security engineer maintain network separation from a secure environment while allowing remote users to work in the secure environment?

Question38: Which of the following is part of a Trusted Platform Module (TPM)?

Question39: The PRIMARY purpose of accreditation is to:

Question40: At the destination host, which of the following OSI model layers will discard a segment with a bad checksum in the UDP header?

Question41: Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?

Question42: How can an attacker exploit overflow to execute arbitrary code?

Question43: When designing a data protection program, which of the following is considered FIRST?

Question44: Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?

Question45: Which of the following media is LEAST problematic with data remanence?

Question46: The design of a secured physical facility starts with identifying which of the following of risk factors?

Question47: While reviewing a web application-to-application connection, a security professional finds the use of Representational State Transfer (REST) application programming interfaces (API) and identifies it as secure. Which one of the following connection Uniform Resource Locators (URL) applies to this scenario?

Question48: What is the GREATEST challenge of an agent based patch management solution?

Question49: The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity?

Question50: An Internet media company produces and broadcasts highly popular television shows. The company is suffering a huge revenue loss due to piracy. What technique should be used to track the distribution of content?

Question51: A company wants to outsource its document scanning operations to a vendor. Which of the following is the MOST important to assure company security compliance when selecting a vendor?

Question52: A vehicle of a private courier company that transports backup data for offsite storage was robbed while in transport backup data for offsite was robbed while in transit. The incident management team is now responsible to estimate the robbery, which of the following would help the incident management team to MOST effectively analyze the business impact of the robbery?

Question53: Which of the following is a risk matrix?

Question54: Which of the following is the PRIMARY purpose of routinely testing storage media?

Question55: What part of an organization's strategic risk assessment MOST likely includes information on items affecting the success of the organization?

Question56: Which one of the following considerations has the LEAST impact when considering transmission security?

Question57: Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

Question58: Drag and Drop Question
Match the level of evaluation to the correct common criteria (CC) assurance level.
Drag each level of evaluation on the left to is corresponding CC assurance level on the right

Question59: Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?

Question60: Which of the following is an important design feature for the outer door o f a mantrap?

Question61: Which of the following is a characteristic of convert security testing?

Question62: How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)?

Question63: Which of the following provides for the STRONGEST protection of data confidentiality in a Wi-Fi environment?

Question64: During which of the following processes is least privilege implemented for a user account?

Question65: The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

Question66: Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?

Question67: An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?

Question68: In a DevOps environment, which of the following actions is MOST necessary to have confidence in the quality of the changes being made?

Question69: Which of the fallowing is the FIRST step in a patch management lifecycle?

Question70: Which of the following is the BEST method to perform an end-to-end testing on production for both operational and security requirements?

Question71: What security technique in the Software Development Life Cycle (SDLC) should be leveraged to BEST ensure secure development throughout a project?

Question72: A company is preparing to migrate part of its applications to a public Cloud Service Provider (CSP). In which way can the company ensure that corporate policies for access deprovisioning will continue to be enforced after the migration?

Question73: Which of the following MUST be done before a digital forensics investigator may acquire digital evidence?

Question74: Which of the following is an advantage of Star Network Topology?

Question75: An organization is implementing a bring your own device (BYOD) policy. What would be BEST for mitigating the risk of users managing their own devices and potentially bringing in malware?

Question76: What is the BEST approach to annual safety training?

Question77: A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?

Question78: Information security metrics provide the GREATEST to management when based upon the security manager's knowledge of which of the following?

Question79: In a client server application, why would there be paddling in database query responses with random data or require a MINIMUM number of data elements in the query set?

Question80: How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?

Question81: When investigating a possible cybercrime, which of the following is the PRIMARY reason that digital evidence is difficult to recover?

Question82: Which of the following types of datacenter architectures will MOST likely be used in a large SDN and can be extended beyond the datacenter?

Question83: An organization provides its employees with laptops they can use to work remotely, and uses Software as a Service (SaaS) for corporate email and enterprise file sharing. Which of the following protection mechanisms is MOST effective as a Data Loss Prevention (DLP) control?

Question84: Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?

Question85: If traveling abroad and a customs official demands to examine a personal computer, which of the following should be assumed?

Question86: An engineer notices some late collisions on a half-duplex link. The engineer verifies that the devices on both ends of the connection are configured for half duplex. Which of the following is the MOST likely cause of this issue?

Question87: Which of the following is a responsibility of a data steward?

Question88: Which of the following is the BEST approach to implement multiple servers on a virtual system?

Question89: Write Once, Read Many (WORM) data storage devices are designed to BEST support which of the following core security concepts?

Question90: Which of the following offers the BEST security functionality for transmitting authentication tokens?

Question91: Dumpster diving is a technique used in which stage of penetration testing methodology?

Question92: Which of the following techniques is known to be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections?

Question93: Which of the following is the PRIMARY purpose of installing a mantrap within a facility?

Question94: What does a Synchronous (SYN) flood attack do?

Question95: Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?

Question96: Which of the following encryption technologies has the ability to function as a stream cipher?

Question97: Which of the following mechanisms are PRIMARILY used to safeguard and provide countermeasures for an organizational Information System (IS) to protect the confidentiality, integrity, and availability of its data?

Question98: An authentication system that uses challenge and response was recently implemented on an organization's network, because the organization conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was MOST likely used to achieve this?

Question99: Which of the following is a benefit of implementing data-in-use controls?

Question100: Who in the organization is accountable for classification of data information assets?

Question101: An organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general information technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?

Question102: Which of the following should be included a hardware retention policy?

Question103: Which of the following should be performed FIRST in a Business Impact Analysis (BIA)?

Question104: Which of the following technologies is the BEST measure to protect an organizational network from Structured Query Language (SQL) injection or Cross-Site Scripting (XSS) attacks?

Question105: What is the PRIMARY reason that a bit-level copy is more desirable than a file-level copy when replicating a hard drive's contents for an e-discovery investigation?

Question106: For a given Key size, which of the following statements correctly compares Rivest-Shamir- Adleman (RSA) encryption and Elliptic Curve Cryptography (ECC)?

Question107: Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?

Question108: What method could be used to prevent passive attacks against secure voice communications between an organization and its vendor?

Question109: What is considered a compensating control for not having electrical surge protectors installed?

Question110: The organization would like to deploy an authorization mechanism for an Information Technology (IT) infrastructure project with high employee turnover.
Which access control mechanism would be preferred?

Question111: An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

Question112: An information security professional is performing an internal audit of their organization where it is known that there is a lock formalized procedure. Which of the following auditing methods would be best for auditing the informal procedures while assisting Information Technology (IT) operations with documenting the procedures?

Question113: Which of the following is an ethical value?

Question114: Which of the following provides the best protection of data confidentiality in a Software as a Service (SaaS) environment?

Question115: What High Availability (HA) option of database allow multiple clients to access multiple database servers simultaneously?

Question116: A project requires the use of an authentication mechanism where playback must be used Which of the following should be used?

Question117: Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Question118: Which of the following statements BEST describes least privilege principle in a cloud environment?

Question119: Company A acquired company B in a merger. Company A immediately deployed Company B's software. A few months later, the Company B' software was exploited in a security incident.
Which of the following is the BEST solution Company A could have used to prevent this situation?

Question120: A large organization's human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?

Question121: What type of database attack would allow a customer service employee to determine quarterly sales results before they are publically announced?

Question122: Which of the following BEST describes the use of network architecture in reducing corporate risks associated with mobile devices?

Question123: An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?

Question124: A company-wide penetration test result shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability?

Question125: Which of the following is a second optional use of Network Access Control (NAC) technology?

Question126: Which of the following BEST describes a cache poisoning attack?

Question127: The Online Certificate Status Protocol (OCSP) is used to confirm which of the following when implementing digital certificates?

Question128: Which of the following is a responsibility of the information owner?

Question129: What is the HIGHEST priority in agile development?

Question130: What is a consideration when determining the potential impact an organization faces in the event of the loss of confidentiality of Personally Identifiable Information (PII)?

Question131: Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?

Question132: An organization decides to evaluate the security of a system that contains Personally Identifiable Information (Pll). During the test planning phase, it is determined that a Pll spill is a risk. How could the organization BEST evaluate the system and mitigate the risk of a Pll spill?

Question133: An established information technology (IT) consulting firm is considering acquiring a successful local startup. To gain a comprehensive understanding of the startup's security posture, which type of assessment provides the BEST information?

Question134: Which one of the ciphering techniques for mobile communications relies on an asymmetric cryptographic scheme typically used for small pieces of data such as key transport and digital signatures?

Question135: Which of the following is the MOST important first step in preparing for a security audit?

Question136: What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?

Question137: Which of the following design elements are included in Operating System (OS) secure design principles?

Question138: Using the cipher text and resultant clear text message to derive the non-alphabetic cipher key is an example of which method of cryptanalytic attack?

Question139: Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization?

Question140: Which of the following contributes MOST to the effectiveness of a security officer?

Question141: How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?

Question142: Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?

Question143: Which of the following is a best practice in a data handling policy for storage of confidential data?

Question144: When adopting software as a service (Saas), which security responsibility will remain with remain with the adopting organization?

Question145: What is the MOST common cause of Remote Desktop Protocol (RDP) compromise?

Question146: Which of the following initiates the system recovery phase of a disaster recovery plan?

Question147: A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?

Question148: Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a

Question149: Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP).
Which of the following represents a valid measure to help protect the network against unauthorized access?

Question150: What is a security concern when considering implementing software-defined networking (SDN)?

Question151: A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?

Question152: If a content management system (CMC) is implemented, which one of the following would occur?

Question153: A security professional should identify special regulatory or compliance requirements for a software development project during which of the following phases of the Systems Development Life Cycle (SDLC)?

Question154: An organization has discovered that users are visiting unauthorized websites using anonymous proxies. Which of the following is the BEST way to prevent future occurrences?

Question155: Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages?

Question156: An organization would like to secure a trusted and untrusted network. One of the requirements is to provide access to the trusted network from a few of the hosts from the untrusted network.
Which of the following is the BEST device or system that should be deployed to enable this capability?

Question157: Which of the following are the three MAIN categories of security controls?

Question158: What Service Organization Controls (SOC) report can be freely distributed and used by customers to gain confidence in a service organization's systems?

Question159: Which of the following is the MOST important action regarding authentication?

Question160: Which of the following BEST ensures the integrity of transactions to intended recipients?

Question161: What is the BEST control to be implemented at a login page in a web application to mitigate the ability to enumerate users?

Question162: In software development, developers should use which type of queries to prevent a Structured Query Language (SQL) injection?

Question163: Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?

Question164: The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?

Question165: What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?

Question166: Which of the following Disaster recovery (DR) testing processes is LEAST likely to disrupt normal business operations?

Question167: An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses?

Question168: For cellular networks, how does a rogue base station take advantage of device association in order to control the handset?

Question169: Utilizing a public wireless Local Area network (WLAN) to connect to a private network should be done only in which of the following situations?

Question170: Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?

Question171: What determines the level of security of a combination lock?

Question172: What approach in embedded systems communication allows both the sender and receiver to validate in mutual identities?

Question173: While dealing with the consequences of a security incident, which of the following security control are MOST appropriate

Question174: A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C.
The program is not working as expected.
What is the MOST probable security feature of Java preventing the program from operating as intended?

Question175: Which of the following is the BEST way to mitigate circumvention of access controls?

Question176: What is the FIRST step in risk management?

Question177: A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?

Question178: Who is responsible for the protection of information when it is shared with or provided to other organizations?

Question179: Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?

Question180: Which of the following is TRUE about Disaster Recovery Plain (ORP) testing?

Question181: A user is allowed to access the file labeled "Financial Forecast," but only between 9:00 a.m. and
5:00 A.M., Monday through Friday. Which type of access mechanism should be used to accomplish this?

Question182: Which of the following is considered the FIRST step when designing an internal security control assessment?

Question183: Which role is primarily responsible for reviewing an analyzed Information Security Continuous Monitoring (ISCM)report and determining whether to conduct risk mitigation activities to transfer, reject, or accept risk?

Question184: Which of the following is required to verify the authenticity of a digitally signed document?

Question185: A company wants to buy a Commercial ff-The-Shelf (CTS) application that has known vulnerabilities. The Chief Information Security officer (CIS) instead Wants the application designed in-house. Why would the CIS's solution be better for the company?

Question186: A facility will experience a major power failure once in 20 years. A major power failure would cost
$1,250,000. The cost of recovery plan is $2,000 per month, and the cost of capital is $25,000.
What are the Annualized Loss Expectancy (ALE) and baseline costs, respectively? 1250000=

Question187: Which of the following is a remote access protocol that uses a static authentication?

Question188: What is the BEST way to correlate large volumes of disparate data sources in a Security Operations Center (SOC) environment?

Question189: A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used?

Question190: Which of the following statements applies to Structured Query Language (SQL) injection vulnerabilities?

Question191: What technique used for spoofing the origin of an email can successfully conceal the sender s Internet Protocol (IP) address?

Question192: Which of the following VPN configurations should be used to separate Internet and corporate traffic?

Question193: What is the MOST effective way to ensure that a cloud service provider does not access a customer's data stored within its infrastructure?

Question194: Functional security testing is MOST critical during which phase of the system development life cycle (SDLC)?

Question195: Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?

Question196: What is the MOST common component of a vulnerability management framework?

Question197: For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data?

Question198: The use of private and public encryption keys is fundamental in the implementation of which of the following?

Question199: What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?

Question200: Which type of log collection is focused on detecting and responding to attacks, malware infection, and data theft?

Question201: An organization discovers a significant amount of confidential data that has no owner assigned.
Which of the following should the organization adopt to prevent this situation from recurring?

Question202: Digital certificates used in Transport Layer Security (TLS) support which of the following?

Question203: Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?

Question204: What is the MAIN benefit of change management in an application development project?

Question205: Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?

Question206: What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?

Question207: Which of the following security testing strategies is BEST suited for companies with low to moderate security maturity?

Question208: Limiting the processor, memory, and Input/output (I/O) capabilities of mobile code is known as

Question209: Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?

Question210: How is the session key used to encrypt a Secure Multipurpose Internet Mall Extension (S/MIME) message made available to the recipient?

Question211: Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

Question212: Determining outage costs caused by a disaster can BEST be measured by the

Question213: Which of the following is the BEST definition of Cross-Site Request Forgery (CSRF)?

Question214: An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding a related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective of the system. Which trust service principle would be MOST applicable in th is situation?

Question215: The security team has determined they lack the ability to monitor and enforce policies on organizationally owned mobile devices. Which of the following is the BEST thing for the security team to do to secure these devices?

Question216: What information will BEST assist security and financial analysts in determining if a security control is cost effective to mitigate a vulnerability?

Question217: Identity and Access Management (IAM) tools support the use of Security Assertion Markup Language (SAML). Which of the following statements is true of SAML?

Question218: A Distributed Denial of Service (DDoS) attack was carried out using malware called Mirai to create a large-scale command and control system to launch a botnet. Which of the following devices were the PRIMARY sources used to generate the attack traffic?

Question219: What type of investigation applies when malicious behavior is suspected between two organizations?

Question220: Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?

Question221: Which of the following is the BEST method to gather evidence from a computer's hard drive?

Question222: Which of the following problems is not addressed by using Open Authorization Version 2 (OAuth2) to integrate a third-party Identity Provider (IdP) for a service?

Question223: Which of the following is the PRIMARY security interest of third-party, cloud computing Service Level Agreements (SU\)?

Question224: Which process presents the greatest security concern while assessing the security of commercial off-the-shell (COTS) software prior to procurement?

Question225: The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?

Question226: Which of the following provides the BEST method to verify that security baseline configurations are maintained?

Question227: What are the MAIN Information Assurance (IA) goals of Virtual Private Network (VPN) solutions?

Question228: Which of the following methods is MOST effective in mitigating Cross-Site Scripting (XSS) vulnerabilities within HyperText Markup Language (HTML) websites?

Question229: What can happen when an Intrusion Detection System (IDS) is installed inside a firewall- protected internal network?

Question230: Which of the following is a best practice in a data handling policy for storage of confidential data?

Question231: During a Disaster Recovery (DR) simulation, it is discovered that the shared recovery site lacks adequate data restoration capabilities to support the implementation of multiple plans simultaneously. What would be impacted by this fact if left unchanged?

Question232: In the cybersecurity risk management of acquisition and procurement, which of the following are overlays?

Question233: At which stage of the System Development Life Cycle (SDLC)are audits MOST likely to be conducted?

Question234: Which of the following is a key responsibility for a data steward assigned to manage an enterprise data lake?

Question235: Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?

Question236: When collecting a raw dump of physical memory, when should the security professional calculate and compare the hashes of the original and the duplicate?

Question237: When developing an information security policy, why is it BEST to include a process for requesting exceptions?

Question238: What steps can be taken to prepare personally identifiable information (PII) for processing by a third party?

Question239: Which of the following is an example of a Time of Check/Time of Use (TOQTOU) problem?

Question240: Which of the following would BEST describe the role directly responsible for data within an organization?

Question241: Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

Question242: A recent security audit is reporting several unsuccessful login attempts being repeated at specific times during the day on an Internet facing authentication server. No alerts have been generated by the security information and event management (SIEM) system. What PRIMARY action should be taken to improve SIEM performance?

Question243: When can a security program be considered effective?

Question244: A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not affiliated with the organization was inquiring about the member's work location, length of employment, and building access controls. The employee's reporting is MOST likely the result of which of the following?

Question245: Which of the following is a strategy of grouping requirements in developing a security test and Evolution (ST&E)?

Question246: What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software defined networking (SDN)?

Question247: In fault-tolerant systems, what do rollback capabilities permit?

Question248: In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?

Question249: Which of the following is an environmental security control that prevents loss of business resources?

Question250: What BEST describes the confidentiality, integrity, availability triad?

Question251: When should the software Quality Assurance (QA) team feel confident that testing is complete?

Question252: Which one of the following affects the classification of data?

Question253: Which of the following is the BEST metric to obtain when gaining support for an Identify and Access Management (IAM) solution?

Question254: How should the retention period for an organization's social media content be defined?

Question255: A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.
In which phase of the assessment was this error MOST likely made?

Question256: During the change management process, which of the following is used to identify and record new risks?

Question257: Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?

Question258: The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?

Question259: Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?

Question260: A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?

Question261: Which would result in the GREATEST import following a breach to a cloud environmet?

Question262: While reviewing the financial reporting risks of a third-party application, which of the following Service Organization Control (SOC) reports will be the MOST useful?

Question263: What is the PRIMARY objective of an application security assessment?

Question264: Which of the following is the PRIMARY benefit of implementing an Information Security Management System (ISMS)?

Question265: Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?

Question266: In designing the architecture of an access control system, it was determined that confidentiality and controlled access to information were the primary focus. Which of the following security models is the BEST choice for the organization?

Question267: Which of the following will allow the host system to check quickly and easily that an executable received from an untrusted party is safe to run?

Question268: Single sign-on (SSO) for federated identity management (FIM) must be implemented and managed so that authorization mechanisms protect access to privileged information using OpenID Connect (OIDC) token or Security Assertion Markup Language (SAML) assertion. What is the BEST method to use to protect them?

Question269: Which is the MOST critical aspect of computer-generated evidence?

Question270: In which of the following system life cycle processes should security requirements be developed?

Question271: In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?

Question272: A company wants to implement two-factor authentication (2FA) to protect their computers from unauthorized users. Which solution provides the MOST secure means of authentication and meets the criteria they have set?

Question273: Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?

Question274: Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host?

Question275: Which of the following activities will be MOST significant in identifying risks during the requirements gathering phase in a Software Development Life Cycle (SDLC)?

Question276: An organization discovers that its Secure File Transfer Protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general Information Technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.
Which of the following is the MOST probable attack vector used in the security breach?

Question277: An employee's home address should be categorized according to which of the following references?

Question278: Who is accountable for the information with an Information System (IS)?

Question279: An organization is the victim of a major data breach just one month after passing an external cyber security audit. Which of the following is the likely reason for this situation?

Question280: An organization is formulating a strategy to provide access to third-party partners. The information technology (IT) department has been tasked with providing access by utilizing cloud services. Which of the following technologies is MOST commonly employed for completing the task?

Question281: When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

Question282: When implementing a data classification program, why is it important to avoid too much granularity?

Question283: A security engineer is tasked with implementing a new identity solution. The client doesn't want to install or maintain the infrastructure. Which of the following would qualify as the BEST solution?

Question284: Which of the following is true of Service Organization Control (SOC) reports?

Question285: A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of which of the following?

Question286: Which of the following aspects in an asset table is the MOST important for users handling related to information and asset ownership?

Question287: In which of the following cloud services is the service provider responsible for the vast majority of the security controls?

Question288: Information Security continuous Monitoring (ISCM) is a critical piece of which of the following framework

Question289: A system administrator is tasked with assigning unique identifiers to individual computers.
Which of the following would be a weakness in using Media Access Control (MAC) addresses in this situation?

Question290: A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?

Question291: What is the MOST appropriate hierarchy of documents when implementing a security program?

Question292: Which of the following is the MOST important consideration in selecting a security testing method based on different Radio-Frequency Identification (RFID) vulnerability types?

Question293: Which one of the following describes granularity?

Question294: Which of the following is the MOST effective preventative method to identify security flaws in software?

Question295: A security audit identifies a vulnerability in a current release that was corrected in a previous release of the affected application. Which of the following Software Development Life Cycle (SDLC) processes should be improved to prevent this from occurring in the future?

Question296: Access to which of the following is required to validate web session management?

Question297: What is the most effective form of media sanitization to ensure residual data cannot be retrieved?

Question298: What technology can be used to implement Single sign-On (SSO) and entitlement authorizations for users of cloud-based services?

Question299: During a disruptive event, which security continuity objectives will maintain an organization's information security to a predetermined level?

Question300: Lack of which of the following options could cause a negative effect on an organization's reputation, revenue, and result in legal action, if the organization fails to perform due diligence?

Question301: An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?

Question302: Why is data classification control important to an organization?

Question303: Which of the following security tools monitors devices and records the information in a central database for further analysis?

Question304: A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?

Question305: Which of the following fire suppression solutions is MOST hazardous to personnel?

Question306: A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating system (OS) was not properly detected.
Where in the vulnerability assessment process did the error MOST likely occur?

Question307: Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users internal control over financial reporting?

Question308: An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?

Question309: Drag and Drop Question
Given a file containing ordered number, i.e. "123456789," match each of the following redundant Array of independent Disks (RAID) levels to the corresponding visual representation visual representation. Note: P() = parity.
Drag each level to the appropriate place on the diagram.

Question310: Which one of the following BEST augments the Lightweight Directory Access Protocol (LDAP) in providing security of transmitted data between client and LDAP server?

Question311: Which of the following practices provides the development team with a definition of security and identification of threats in designing software?

Question312: Which of the following is the BEST way to protect privileged accounts?

Question313: An organization decides to create a team to define its new change management processes.
Which group is the MOST important for successful implementation?

Question314: An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Question315: An attacker is able to remain indefinitely logged into a exploiting to remain on the web service?

Question316: Which of the following value comparisons MOST accurately reflects the agile development approach?

Question317: Which of the following vulnerabilities can be BEST detected using automated analysis?

Question318: An organization deploys a Single Sign-On (SSO) solution for its systems, but this implementation does significantly lower the number of calls to the help desk regarding account lockouts. Which

Question319: Which of the following phases involves researching a target's configuration from public sources when performing a penetration test?

Question320: Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

Question321: Which inherent password weakness does a One Time Password (OTP) generator overcome?

Question322: An Information System Security Officer (ISSO) employed by a large corporation, while also freelancing in a similar role for a competitor, violates what canon of the (ISC)2 Code of Professional Ethics?

Question323: What is the PRIMARY benefit of incident reporting and computer crime investigations?

Question324: An information technology (IT) employee who travels frequently to various is remotely to an organization to troubleshoot. Which of the following solutions BEST serves as a secure control mechanisn to meet the organization's requirements?

Question325: What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

Question326: Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?

Question327: The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?

Question328: Which open standard could l large corporation deploy for authorization services for single sign-on (SSO) use across multiple internal and external application?

Question329: Which of the following BEST represents the concept of least privilege?

Question330: Which of the following makes smartphones particularly vulnerable to phishing attacks?

Question331: All hosts on the network are sending logs via syslog-ng to the log collector. The log collector is behind its own firewall, The security professional wants to make sure not to put extra load on the firewall due to the amount of traffic that is passing through it. Which of the following types of filtering would MOST likely be used?

Question332: Which Internet Protocol Security (IPSec) mechanism, when added to an Internet Protocol (IP) datagram, provides both confidentiality and integrity?

Question333: Which of the following password tokens will generate a new. unique password on-demand at authentication time without requiring the use of an embedded lock?

Question334: What is the PRIMARY advantage of using automated application security testing tools?

Question335: Which of the following takes place earliest in the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS)?

Question336: An organization plans to acquire @ commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization's security team FIRST get involved in this acquisition's life cycle?

Question337: A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?

Question338: Which of the following is the MOST effective countermeasure against data remanence?

Question339: In a multi-tenant cloud environment, what approach will secure logical access to assets?

Question340: Which of the following is the MOST effective practice in managing user accounts when an employee is terminated?

Question341: In The Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?

Question342: Which of the following is responsible for establishing an enterprise-wide Business continuity (BC) testing policy?

Question343: A control to protect from the Denial-of-Service (DOS) attack has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

Question344: Which of the following is a MAJOR concern when there is a need to preserve or retain information for future retrieval?

Question345: An organization wants to implement a security service that allows users to seamlessly move between organizational services. The organization wants to ensure that the solution does not create an enormous amount of over head for the Information Technology (IT) administrators while also protecting the organization from securely breaches. What type of solution should the organization implement?

Question346: What is the PRIMARY role of a scrum master in agile development?

Question347: Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee records?

Question348: What is the PRIMARY objective of the post-incident phase of the incident response process in the security operations center (SOC)?

Question349: Which of the following is the FIRST step an organization's security professional performs when defining a cyber-security program based upon industry standards?

Question350: Which of the following is a weakness of the Data Encryption Standard (DES)?

Question351: A hacker can use a lockout capability to start which of the following attacks?

Question352: What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?

Question353: Which of the following types of hosts should be operating in the demilitarized zone (DMZ)?

Question354: When managing supply chain risks for contingent business interruption and exposures due to cyberattacks, which of the following types of insurance should companies purchase?

Question355: Which of the following describes total evacuation time?

Question356: Which of the following tests MUST a Security Control Assessor (SCA)perform after completing all security risk analysis and interviews?

Question357: Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?

Question358: Which of the following is an essential requirement of a fault tolerant system?

Question359: Of the following, which BEST provides non-repudiation with regards to access to a server room?

Question360: Which of the following is MOST important when determining appropriate countermeasures for an identified risk?

Question361: A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections?

Question362: Which of the following questions will be addressed through the use of a Privacy Impact Assessment (PIA)?

Question363: Which of the following authorization standards is built to handle Application programming Interface (API) access for federated Identity management (FIM)?

Question364: Why are mobile devices sometimes difficult to investigate in a forensic examination?

Question365: Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when disposing of an office printer or copier?

Question366: The adoption of an enterprise-wide business continuilty program requires Which of the folllowing?

Question367: When partnering with a third-party, it is the responsibility of a security professional to ensure which of the following?

Question368: Why are mobile devices something difficult to investigate in a forensic examinition?

Question369: A security architect is responsible for the protection of a new home banking system. Which of the following solutions can BEST improve the confidentiality and integrity of this external system?

Question370: Which of the following is the MOST secure password technique?

Question371: A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's information security manager had received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?

Question372: Which of the following is the PRIMARY reason Android devices are considered a higher security risk than iPhone (IOS) devices?

Question373: Which of the following is key when assessing weaknesses in authenticator recovery

Question374: Why should Open Wab Application Secuirty Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any wab application?

Question375: Which of the following would present the highert annualized loss expectancy (ALE)?

Question376: A security practitioner is tasked with securing the organization's Wireless Access Points (WAP).
Which of these is the MOST effective way of restricting this environment to authorized users?

Question377: Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?

Question378: What is the MOST important factor in establishing an effective Information Security Awareness Program?

Question379: Which of the following is used to support the concept of defense in depth during the development phase of a software product?

Question380: After following the processes defined within the change management plan, a super user has upgraded a device within an Information system.
What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Question381: Which of the following BEST describes centralized identity management?

Question382: Which of the following techniques BEST protects against unauthorized audit log modification?

Question383: An application is used for funds transfers between an organization and a third party. During a security audit, an auditor has found an issue with the Business Continuity/Disaster Recovery (BC/DR) policy and procedures for this application. Which of the following reports should the auditor file with the organization?

Question384: What is the BEST method to use for assessing the security impact of acquired software?

Question385: A data owner determines the appropriate job-based access for an employee to perform their duties. Which type of access control is this?

Question386: Which of the fallowing statements is MOST accurate regarding information assets?

Question387: What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?

Question388: Which is the MOST important consideration for a policy safeguarding an argentations physical assets?

Question389: In an IDEAL encryption system, who has sole access to the decryption key?

Question390: Which of the following s the MAIN security benefit of having continuous monitoring of a vendor?

Question391: What would be the BEST action to take in a situation where collected evidence was left unattended overnight in an unlocked vehicle?

Question392: When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

Question393: An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?

Question394: At what stage of the Software Development Life Cycle (SDLC) does software vulnerability remediation MOST likely cost the least to implement?

Question395: When participating in a forensic investigation, who should be responsible to quantify the risk?

Question396: Security personnel should be trained by emergency management personnel in what to do before and during a disaster, as well as their role in recovery efforts. Personnel should take required training for emergency response procedures and protocols. Which part of physical security design does this fall under?

Question397: An Internet software application requires authentication before a user is permitted to utilize the resource. Which testing scenario BEST validates the functionality of the application?

Question398: Which of the following is most helpful in applying the principle of Least Privilege?

Question399: Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?

Question400: A director within the organization has told an employee about a vendor that has a technology to improve security of the company. It is discovered that the director's friend is a sales person at the vendor and can provide a large discount. Which of the following would be the BEST way to proceed?

Question401: A retail company is looking to start a development project that will utilize open source components in its code for the first time. The development team has already acquired several
`open source components and utilized them in proof of concept (POC) code. The team recognizes that the legal and operational risks are outweighed by the benefits of open-source software use. What MUST the organization do next?

Question402: Which of the following is a Key Performance Indicator (KPI) for a security training and awareness program?

Question403: Exploitation of knowledge regarding the response time for a specific query is an example of which of the following attacks?

Question404: Which of the following BEST describes the responsibilities of a data owner?

Question405: A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The audit logging generates extremely high amount of logs. What is the MOST appropriate strategy for the log retention?

Question406: Which of the following would be MOST useful to reduce risk in the event that an end user clicks on a link in a phishing email from their laptop?

Question407: The application of which of the following standards would BEST reduce the potential for data breaches?

Question408: Which of the following services can be deployed via a cloud service or on-premises to integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?

Question409: If virus infection is suspected, which of the following is the FIRST step for the user to take?

Question410: Which of the following is the MOST important consideration when implementing log management for security auditing?

Question411: During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

Question412: A vulnerability test on an Information System (IS) is conducted to

Question413: Which of the following is the FIRST step in data classification

Question414: What requirement MUST be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation?

Question415: For the detection of internet of things (loT) devices, a project team has implemented x 509 certificate-based authentication.
Which of the following type of certificates would be best suited given the projected objectives?

Question416: The disaster recovery (DR) process should always include

Question417: What principle requires that changes to the plaintext affect many parts of the ciphertext?

Question418: Which of the following access control models is MOST restrictive?

Question419: What is the motivation for use of the Online Certificate Status Protocol (OCSP)?

Question420: What Is a risk of using commercial off-the-shelf (COTS) products?

Question421: Which of the following actions should be performed immediately after the execution phase of a security assessment?

Question422: Which security service is served by the process of encryption plaintext with the sender's private key and decrypting cipher text with the sender's public key?

Question423: Which of the following processes is used to align security controls with business functions?

Question424: Which of the following is the LEAST secure authentication method for remote access?

Question425: Backup information that is critical to the organization is identified through a

Question426: A company needs to provide employee access to travel services, which are hosted by a third- party service provider, Employee experience is important, and when users are already authenticated, access to the travel portal is seamless. Which of the following methods is used to share information and grant user access to the travel portal?

Question427: Why Is It important to have a comprehensive inventory of Information Technology (IT) assets when conducting a risk analysis as part of Disaster Recovery (DR)planning?

Question428: During examination of internet history records, the following string occurs within a Unique Resource Locator (URL):
https://companysite.com/search arp?search=
What type of vulnerability is the attacker trying to find

Question429: Which of the following alarm systems is recommended to detect intrusions through windows in a high- noise, occupied environment?

Question430: An internal audit for an organization recently identified malicious actions by a user account. Upon further investigation, it was determined the offending user account was used by multiple people at multiple locations simultaneously for various services and applications. What is the BEST method to prevent this problem in the future?

Question431: Which of the following is the MOST critical task for a forensic examiner?

Question432: Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?

Question433: What are the roles within a scrum methodology?

Question434: What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?

Question435: Which of the following has the responsibility of information technology (IT) governance?

Question436: A large law firm would like to enable employees to participate in a bring your own device (BYOD) program. Only devices with up-to-date antivirus and operating system (OS) patches will be allowed on the network. Which solution will BEST enforce the security requirements?

Question437: Which access control method allows an entity to make certain claims about itself and have organizational compliance verified?

Question438: Which of the following terms is used to describe original, unaltered evidence?

Question439: When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users accessing the VoIP network. Which of the following will BEST help secure the VoIP network?

Question440: An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy?

Question441: What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?

Question442: Which of the following is the BEST way to protect an organization's data assets?

Question443: An organization is attempting to strengthen the configuration of its enterprise resource planning (ERP) software in order to enforce sufficient segregation of duties (SoD). Which of the following approaches would BEST improve SoD effectiveness?

Question444: Which of the following is the BEST reason for the use of security metrics?

Question445: What is the MOST important goal of conducting security assessments?

Question446: Which of the following BEST describes the purpose of software forensics?

Question447: Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?

Question448: When conducting software development, what is the BEST security practice for developers to follow when using Application Programming interfaces (AP)?

Question449: When can Authorizing Officials (AO) authorize a system to operate?

Question450: An advantage of link encryption in a communications network is that it

Question451: Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized?

Question452: Which of the following attributes could be used to describe a protection mechanism of an open design methodology?

Question453: In a data classification scheme, the data is owned by the

Question454: An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization's dedicated environment with a cloud service provider.
What is the BEST way to prevent and correct the software's security weal?

Question455: The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?

Question456: Which of the following is generally indicative of a replay attack when dealing with biometric authentication?

Question457: What is the PRIMARY reason for criminal law being difficult to enforce when dealing with cybercrime?

Question458: Which of the following is a process in the access provisioning lifecycle that will MOST likely identify access aggregation issues?

Question459: A large international organization that collects information from its consumers has contracted with a Software as a Service (SaaS) cloud provider to process this data. The SaaS cloud provider uses additional data processing to demonstrate other capabilities it wishes to offer to the data owner. This vendor believes additional data processing activity is allowed since they are not disclosing to other organizations. Which of the following BEST supports this rationale?

Question460: In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?

Question461: A large corporation is looking for a solution to automate access based on where the request is coming from, who the user is, what device they are connecting with, and what and time of day they are attempting this access. What type of solution would suit their needs?

Question462: A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?

Question463: An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?

Question464: Upon commencement of an audit within an organization, which of the following actions is MOST important for the auditor(s) to take?

Question465: Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?

Question466: What is the BEST way to encrypt web application communications?

Question467: An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?

Question468: Which of the following has the HIGHEST priority when designing an Organizational Security policy (OSP)?

Question469: The ability to send malicious code, generally in the form of a client side script, to a different end user is categorized as which type of vulnerability?

Question470: Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

Question471: Which of the following addresses requirements of security assessment during software acquisition?

Question472: An organization wants to define its physical perimeter. What primary device should be used to accomplish this objective if the organization's perimeter MUST cost-efficiently deter casual trespassers?

Question473: Which of the following is MOST important to understand after performing a Disaster Recovery and Business Continuity (DR/BC) plan table top exercise?

Question474: Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment?

Question475: A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?

Question476: Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

Question477: Which of the following is the MOST likely reason a Human Resource (HR)department conducts a second screening for an employee?

Question478: What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?

Question479: Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Question480: Secure coding can be developed by applying which one of the following?

Question481: Which of the following countermeasures is the MOST effective in defending against a social engineering attack?

Question482: In a disaster recovery (DR) test, which of the following would be a trait of crisis management?

Question483: In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

Question484: A security architect is implementing an authentication system for a distributed network of servers.
This network will be accessed by users on workstations that cannot trust the identity of the user.
Which solution should the security architect use to have the users trust one another?

Question485: Which of the following actions MUST be performed when using secure multipurpose internet mail Extension (S/MIME) before sending an encrypted message to a recipient?

Question486: What is the FIRST step an organization should take if it is suspected that customer personal data has been compromised?

Question487: Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access.
This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging.
The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?

Question488: A vendor released a security patch for a dangerous vulnerability affecting thousands of computers in an organization. Which of the following actions will the security practitioner do FIRST to mitigate the security risk?

Question489: The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health information (PHI) data leak?

Question490: An auditor carrying out a compliance audit requests password that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?

Question491: A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language (SAML). What is the PRIMARY security benefit in switching to SAML?

Question492: Drag and Drop Question
Match the following generic software testing methods with their major focus and objective.
Drag each testing method next to its corresponding set of testing objectives.

Question493: Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

Question494: Which of the following presents the PRIMARY concern to an organiztion when setting up a federated single sign-on (SSO) solution with another

Question495: Which of the following is the PRIMARY purpose of due diligence when an organization embarks on a merger or acquisition?

Question496: When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?

Question497: Which of the below strategies would MOST comprehensively address the risk of malicious insiders leaking sensitive information?

Question498: Which of the following is the key requirement for test results when implementing forensic procedures?

Question499: An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions for many users with similar job responsibilities.
Which type of authorization mechanism would be the BEST choice for the organization to implement?

Question500: In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?

Question501: What should be used to determine the risks associated with using Software as a Service (SaaS) for collaboration and email?

Question502: How does security in a distributed file system using mutual authentication differ from file security in a multi-user host?

Question503: Under which of the following circumstances should Cryptographic Erase (CE) be considered for use?

Question504: An organization's internal audit team performed a security audit on the company's system and reported that the manufacturing application is rarely updated along with other issues categorized as minor. Six months later, an external audit team reviewed the same system with the same scope, but identified severe weaknesses in the manufacturing application's security controls.
What is MOST likely to be the root cause of the internal audit team's failure in detecting these security issues?

Question505: A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Question506: Which of the following is FIRST defined in a company's data retention policy?

Question507: Attack trees are MOST useful for which of the following?

Question508: Prohibiting which of the following techniques is MOST helpful in preventing users from obtaining confidential data by using statistical queries?

Question509: Which element of software supply chain management has the GREATEST security risk to organizations?

Question510: A security analyst has been asked to participate in a threat modeling exercise regarding a new piece of software the organization is about to deploy. After gathering together the developers and architects for a meeting, what is the FIRST action that should take place?

Question511: Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?

Question512: Which of the following entails identification of data end links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

Question513: When conducting a third-party risk assessment of a new supplier, which of the following reports should be reviewed to confirm the operating effectiveness of the security, availability, confidentiality, and privacy trust principles?

Question514: A financial services organization has employed a security consultant to review processes used by employees across various teams. The consultant interviewed a member of the application development practice and found gaps in their threat model. Which of the following correctly represents a trigger for when a threat model should be revised?

Question515: Which of the following is the PRIMARY objective of performing scans with an active discovery tool?

Question516: An organization implements a Remote Access Server (RAS). Once users correct to the server, digital certificates are used to authenticate their identity. What type of Extensible Authentication Protocol (EAP) would the organization use dring this authentication?

Question517: When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?

Question518: Which of the following is a characteristic of a challenge/response authentication process?

Question519: When considering a VPN solution, what possible disadvantage comes with the use of encryption?

Question520: Which of the following describes the order in which a digital forensic process is usually conducted?

Question521: What are the roles within a scrum methodoligy?

Question522: A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration test. What is the BEST course of action?

Question523: Which of the following BEST describes a virtual circuit where the throughput is adjusted based on feedback from monitoring the available network bandwidth?

Question524: What is the BEST approach to anonymizing personally identifiable information (PII) in a test environment?

Question525: Which of the following is the MOST challenging issue in apprehending cyber criminals?

Question526: A security operations center (SOC) discovers a recently deployed router beaconing to a malicious website. Replacing the router fixes the issue. What is the MOST likely cause of the router's behavior?

Question527: An organization would like to use Security Assertion Markup Language (SAML) to provide authentication for its application. Which of the following does SAML call the two parties?

Question528: Which of the following techniques BEST prevents buffer overflows?

Question529: Security Software Development Life Cycle (SDLC) expects application code to be written In a consistent manner to allow ease of auditing and which of the following?

Question530: Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

Question531: In which stage of a Software Development Life Cycle (SDLC) is the attack surface initially defined?

Question532: Which is the FIRST type of Business Continuity (BC) test that involves mobilizing personnel to other sites?

Question533: Drag and Drop Question
Match the types of e-authentication tokens to their description.
Drag each e-authentication token on the left to its corresponding description on the right.

Question534: Which of the following MUST be done before a digital forensics investigator may acquire digital evidence?

Question535: During a routine audit of network logs, the security administrator discovers remote access logins from a known user during nonbusiness hours. What is the BEST action for the security administrator to take?

Question536: An organization that has achieved a Capability Maturity model Integration (CMMI) level of 4 has done which of the following?

Question537: A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of
15 minutes. The current design has all of the application infrastructure located within one co- location data center. Which security principle is the architect currently assessing?

Question538: When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?

Question539: What industry-recognized document could be used as a baseline reference that is related to data security and business operations for conducting a security assessment?

Question540: Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?

Question541: Which of the following is the BEST way to protect against structured Query language (SQL) injection?

Question542: In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below.
Which of the following would be a reasonable annual loss expectation?

Question543: Which of the following represents the GREATEST risk to data confidentiality?

Question544: For a victim of a security breach to prevail in a negligence claim, what MUST the victim establish?

Question545: A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?

Question546: An organization has detected that the contents of a static table in a database connected to a web server has been changed. The web application does not employ input sanitation. Which of the following types of vulnerability was exploited in the application?

Question547: To comply with industry requirements, a security assessment on the cloud server should identify which protocols and weaknesses are being exposed to attackers on the Internet. Which of the following tools is the MOST appropriate to complete the assessment?

Question548: In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Question549: Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?

Question550: A network administrator receives complaints from users that the network appears to be running slow around 5 PM every day. Upon that a backup process starts around the same time. Which of the following is the BEST technique to alleviate the user performance issue?

Question551: Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

Question552: Which of the following is fundamentally required to address potential security issues when initiating software development?

Question553: A vulnerability in which of the following components would be MOST difficult to detect?

Question554: Why might a network administrator choose distributed virtual switches instead of stand-alone switches for network segmentation?

Question555: An external consultant has violated an organization's Acceptable Use Policy (AUP), which of the following is the PRIMARY disciplinary action towards the consultant?

Question556: A developer begins employment with an information technology (IT) organization. On the first day, the developer works through the list of assigned projects and finds that some files within those projects aren't accessible, Other developers working on the same project have no trouble locating and working on the. What is the MOST likely for the discrepancy in access?

Question557: Which of the following Is the PRIMARY role of a security architect?

Question558: What protocol is often used between gateway hosts on the Internet' To control the scope of a Business Continuity Management (BCM) system, a security practitioner should identify which of the following?

Question559: A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS).
Which of the following factors leads the company to choose an IDaaS as their solution?

Question560: Which action is most effective for controlling risk and minimizing maintenance costs in the software supply chain?

Question561: In a dispersed network that lacks central control, which of the following is die PRIMARY course of action to mitigate exposure?

Question562: The design of a security system to prevent potential conflicts of interests should be based on which of the following security models?

Question563: Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

Question564: When securing Hypertext Markup Language (HTML) text data, which is the purpose of the escape function?

Question565: What BEST describes data ownership?

Question566: A corporation does not have a formal data destruction policy. During which phase of a criminal legal proceeding will this have the MOST impact?

Question567: A recent information security risk assessment identified weak system access controls on mobile devices as a high me In order to address this risk and ensure only authorized staff access company information, which of the following should the organization implement?

Question568: Which of the following is the BEST statement for a professional to include as port of businees continuity (BC) procedure?

Question569: Which of the following is a recommended method to control removal of computer equipment from a data center by a staff member?

Question570: In which of the following scenarios is locking server cabinets and limiting access to keys preferable to locking the server room to prevent unauthorized access?

Question571: When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Question572: Who is essential for developing effective test scenarios for disaster recovery (DR) test plans?

Question573: Which of the following is the MOST important information in an audit report intended for management?

Question574: What security tenet is BEST ensured when deployment controls protect application code from being changed in an unauthorized and/or undocumented manner?

Question575: XYZ Textiles has just acquired a smaller competitor, AcmeTex. The physical headquarters of each company is approximately 1.5 miles apart but within visual sight of one another. Each has a dedicated radio antenna used for two-way dispatch functions, what is the MOST reliable and cost-effective solution for the network engineers to connect the XYZ Textiles Local Area Network (LAN) to the newly acquired AcmeTex LAN?

Question576: A company seizes a mobile device suspected of being used in committing fraud.
What would be the BEST method used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence?

Question577: Which of the following is a source to consider when assessing mobile device applications for data leakage?

Question578: When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should these considerations be prioritized?

Question579: How is remote authentication Dial-In user service (RADIUS) authentication accomplished?

Question580: A large customer of a cloud Service Provider (CSP) has servers that are hosting multiple autonomous applications that don't interact. Which of the following solutions is BEST suited to reduce their complexly and improve security?

Question581: Wi-Fi Protected Access 2 (WPA2) is a security protocol designed with which of the following security feature?

Question582: employee training, risk management, and data handling procedures and policies could be characterized as which type of security measure?

Question583: Which of the following is MOST critical in a contract in a contract for data disposal on a hard drive with a third party?

Question584: It is better to use Elliptic Curve Cryptography (ECC) instead of the Rivest-Shamir-Adleman (RSA) algorithm in wireless applications because?

Question585: As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

Question586: Which of the following is a technique used by database management systems to provide redundancy their transactions?

Question587: In the Open System Interconnection (OSI) reference model, which layer is responsible for negotiating and establishing a connection with another node?

Question588: What is a common mistake in records retention?

Question589: An access control list (ACL) on a router is a feature MOST similar to which type of firewall?

Question590: A technician wants to install a WAP in the center of a room that provides service in a radius surrounding a radio. Which of the following antenna types should the AP utilize?

Question591: The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it

Question592: Which of the following contributes to secure source code handling?

Question593: Why would a system be structured to isolate different classes of information from one another and segregate them by user jurisdiction?

Question594: Which of the following is considered the PRIMARY security issue associated with encrypted e- mail messages?

Question595: When MUST an organization's information security strategic plan be reviewed?

Question596: Who is responsible for classifying assists in an organization?

Question597: What is static analysis intended to do when analyzing an executable file?

Question598: Which of the following roles typically works with the Information Security officer (ISO) to ensure information protection, availability, and destruction requirements are met?

Question599: Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

Question600: When are security metrics MOST effective?

Question601: Which of the following types of physical security testing does an organization perform in order to focus on a specific area of interest or to save time?

Question602: In regard to multimedia files, which Digital Rights Management (DRM) technique is the MOST effective at tracing the source of a violation?

Question603: When using Security Assertion markup language (SAML), it is assumed that the principal subject

Question604: Which of the following is the MAIN benefit of off-site storage?

Question605: Which of the following are key activities when conducting a security assessment?

Question606: Which of the following measures is the MOST critical in order to safeguard from a malware attack on a smartphone?

Question607: What is a use for mandatory access control (MAC)?

Question608: While performing a security review for a new product, an information security professional discovers that the organization's product development team is proposing to collect government- issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?

Question609: Which Redundant Array c/ Independent Disks (RAID) Level does the following diagram represent?

Question610: A malicious user gains access to unprotected directories on a web server. Which of the following is MOST likely the cause for this information disclosure?

Question611: Which of the following is a credible source to validate that security testing of Commercial Off-The- Shelf (COTS) software has been performed with international standards?

Question612: Which of the following is an initial consideration when developing an information security management system?

Question613: Which of the following global privacy legislation principles ensures that data handling policies and the name of the data controller are easily accessible to the public?

Question614: Following project initiation, which of the following items represent the linear progression of Disaster Recovery (DR) phases?

Question615: What is the second step in the identity and access provisioning lifecycle?

Question616: When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?

Question617: Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?

Question618: A security consultant is asked to make recommendations for a small business to help protect the logical security of their information assets. Which of the following recommendations helps to achieve this objective?

Question619: Passive Infrared Sensors (PIR) used in a non-climate controlled environment should

Question620: Which step of the Risk Management Framework (RMF) identifies the initial set of baseline security controls?

Question621: What is a key component of the Common Criteria (CC) evaluation standard?

Question622: Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?

Question623: How does identity as a service (IDaaS) provide an easy mechanism for integrating identity service into individual applications with minimal development effort?

Question624: Which is the PRIMARY mechanism for providing the workforce with the information needed to protect an agency's vital information resources?

Question625: An organization is planning to establish a connection to a third-party location. Which of the following BEST determines the requirements for securing the connection?

Question626: Why are packet filtering routers used in low-risk environments?

Question627: The security team has been tasked with performing an interface test against a frontend external facing application and needs to verify that all input fields protect against invalid input. Which of the following BEST assists this process?

Question628: Unused space in a disk cluster is important in media analysis because it may contain which of the following?

Question629: Which of the following terms is used for online service providers operating within a federation?

Question630: The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.
Which elements are required?

Question631: Which of the following describes the BEST configuration management practice?

Question632: Company A is evaluating new software to replace an in-house developed application. During the acquisition process. Company A specified the security retirement, as well as the functional requirements. Company B responded to the acquisition request with their flagship product that runs on an Operating System (OS) that Company A has never used nor evaluated. The flagship product meets all security -and functional requirements as defined by Company A.
Based upon Company B's response, what step should Company A take?

Question633: Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy?

Question634: Which attack defines a piece of code that is inserted into software to trigger a malicious function?

Question635: A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied. The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?

Question636: What are facets of trustworthy software in supply chain operations?

Question637: Which following data backup methods provides fast recovery time, medium expense and may meet a Maximum Tolerable Downtime (MTD)?

Question638: An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?

Question639: For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies?

Question640: Which of the following would be the MOST severe impact to acquiring software without a well- documented software assurance policy?

Question641: What is the MOST efficient way to verify the integrity of database backups?

Question642: Which of the following is critical if an empolyee is dismissed due to violation of an organization's acceptable use policy (Aup) ?

Question643: A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled. Why did the network architect likely design the VoIP system with gratuitous ARP disabled?

Question644: A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the following is the BEST solution to implement?

Question645: What is the MAXIMUM number of host addresses available in a Class B IPv4 network?

Question646: Computer forensics requires which of the following MAIN steps?

Question647: The typical output of the National Institute of Standards and Technology (MIST) Security and Privacy control assessment process is a final report with organizational annotations. Which of the following is next in the post-assessment process?

Question648: Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

Question649: When transmitting information over public networks, the decision to encrypt it should be based on

Question650: Which of the following is the BEST reason for writing an information security policy?

Question651: An organization's security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is being used?

Question652: Which of the following is a correct feature of a virtual local area network (VLAN)?

Question653: An application developer receives a report back from the security team showing their automated tools were able to successfully enter unexpected data into the organization's customer service portal, causing the site to crash. This is an example of which type of testing?

Question654: An organization has received an initial draft of a security assessment report from a third-party vendor. The report recommended specific remediation actions for the security controls that did not produce a satisfactory result. What action should the assessor take if a system owner decides to implement a recommendation prior to the finalized report?

Question655: Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Question656: Which organizational department is ultimately responsible for information governance related to e-mail and other e-records?

Question657: When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?

Question658: Which of the following documents specifies services from the client's viewpoint?

Question659: What is the PRIMARY purpose for an organization to conduct a security audit?

Question660: What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?

Question661: An organization has experienced multiple distributed denial-of-service (DDoS) attacks in recent months that have impact of their public-facing web and e-commerce sites that were previously all on-premises. After an analysis of the problems, the network engineers have recommended that the organization implement additional name service providers and redundant network paths.
What is another recommendation that helps ensure the future availability of their web and e- commerce sites?

Question662: To ensure compliance with the General Data Protection Regulation (GDPR), who in the organization should the help desk manager confer with before selecting a Software as a Service (SaaS) solution?

Question663: Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?

Question664: Which of the following encryption technologies is based on the complexity of using discrete logarithms in a finite field?

Question665: What is a warn site when conducting Business continuity planning (BCP)

Question666: Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?

Question667: Which of the following best practices mitigates the risk of an employee committing a fraud?

Question668: A financial company has decided to move its main business application to the Cloud. The legal department objects, arguing that the move of the platform should comply with several regulatory obligations such as the General Data Protection (GDPR) and ensure data confidentiality. The Chief Information Security Officer (CISO) says that the cloud provider has met all regulations requirements and even provides its own encryption solution with internally-managed encryption keys to address data confidentiality. Did the CISO address all the legal requirements in this situation?

Question669: Which part of an Operating System (OS) is responsible for providing security interfaces among the hardwire, and other parts of the computing system?

Question670: When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's first consideration?

Question671: Additional padding may be added to toe Encapsulating Security Protocol (ESP) b trailer to provide which of the following?

Question672: Which role determines the impact the information has on the mission of the organization?

Question673: A retail company suffered a ransomware attack that compromised its internal network, including workstations and servers. The malicious code was initially downloaded from a compromised website by a single person after opening a phishing e-mail. It then moved to neighbor network peers using different techniques including portscans, privileged credentials reuse, and operational system flaws exploitation. Which of the following tasks may prevent future attacks of this nature?

Question674: Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

Question675: Why is it important for a security officer to report directly to C-level management on analyzed data?

Question676: Organizational leadership wants to move away from compliance to data driven risk management.
Which of the following should be implemented to facilitate this change?

Question677: The Chief Information Officer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud architecture. All business-critical data will be migrated to either internal or external cloud services within the next two years. The CIO has a PRIMARY obligation to work with personnel in which role in order to ensure proper protection of data during and after the cloud migration?

Question678: Which of the following criteria ensures information is protected relative to its importance to the organization?

Question679: A large manufacturing organization arranges to buy an industrial machine system to produce a new line of products. The system includes software provided to the vendor by a thirdparty organization. The financial risk to the manufacturing organization starting production is high. What step should the manufacturing organization take to minimize its financial risk in the new venture prior to the purchase?

Question680: Which of the following is a safeguard that could be used to validate a service provider and the authenticity of their service?

Question681: At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Question682: A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a `specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?

Question683: In order to provide dual assurance in a digital signature system, the design MUST include which of the following?

Question684: The occurrence of a stack overflow can provide an opportunity for an attacker to

Question685: Which of the following is the MOST common cause of system or security failures?

Question686: A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

Question687: A software architect has been asked to build a platform to distribute music to thousands of users on a global scale. The architect has been reading about content delivery networks (CDN). Which of the following is a principal task to undertake?

Question688: Which of the following provides the GREATEST level of data security for a Virtual Private Network (VPN) connection?

Question689: Which of the following routing protocols is used to exchange route information between public autonomous systems?

Question690: Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving customer service?

Question691: Which one of the following is an advantage of an effective release control strategy from a configuration control standpoint?

Question692: Which of the following is the BEST action while reviewing recurring access violations in a root- cause analysis?

Question693: Which of the following is the FINAL step when implementing an information security awareness program?

Question694: A continuous information security monitoring program can BEST reduce risk through which of the following?

Question695: When dealing with compliance with the Payment card Industry Data Security standard (PCI- DSS), an organization that shares card holder information with a service provider MUST do which of?

Question696: Which of the following is the greatest weakness with attacker based threat modeling?

Question697: Which of the following is the strongest physical access control?

Question698: An organization is considering partnering with a third-party supplier of cloud services. The organization will only be providing the data and the third-party supplier will be providing the security controls. Which of the following BEST describes this service offering?

Question699: What is often referred to as front door access?

Question700: Which of the following authorization standards is built to handle Application Programming Interface (API) access for Federated Identity Management (FIM)?

Question701: Which of the following will an organization's network vulnerability testing process BEST enhance?

Question702: Which of the following is TRUE for an organization that is using a third-party federated identity service?

Question703: Which of the following is the BEST approach to mitigate all long-term security risks related to legacy software that was acquired by a company?

Question704: An organization's retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan. Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?

Question705: Which of the following command line tools can be used in the reconnaissance phase of a network vulnerability assessment?

Question706: What is the PRIMARY reason for implementing change management?

Question707: A new site's gateway isn't able to farm a tunnel to the existing site-to-site Internet Protocol Security (IPSEC) Virtual Private Network (VPN) device at headquarters. Devices at the new site have no problem accessing resources on the Internet. When testing connectivity between the remote site's gateway, it was observed that the external Internet Protocol (IP) address of the gateway was set to 192.168.1.1 and was configured to send outbound traffic to the Internet Service Provider (ISP) gateway at 192.168.1.2. Which of the following would be the BEST way to resolve the issue and get the remote site connected?

Question708: Which of the following was the first version of the Network file system (NFS)that enabled client/server file sharing through a firewall?

Question709: Which of the following is a standard Access Control List (ACL) element that enables a router to filter Internet traffic?

Question710: Why would an administrator use a Trusted platform Module (TPM) to secure both the key and software on a system?

Question711: Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network engineers have asked for assistance in identifying the root cause of the event. Which of the following is the MOST likely cause?

Question712: What is the FIRST action a security professional needs to take while assessing an organization's asset security in order to properly classify and protect access to data?

Question713: Which protocol provides confidentiality, integrity and authentication to media streams?

Question714: An organization implements Network Access Control (NAC) ay Institute of Electrical and Electronics Engineers (IEEE) 802.1x and discovers the printers do not support the IEEE 802.1x standard. Which of the following is the BEST resolution?

Question715: Which of the following activities is MOST likely to be performed during a vulnerability assessment?

Question716: What is the BEST way that a closed-circuit television (CCTV) system can be an effective tool for preventing crime?

Question717: A firm within the defense industry has been directed to comply with contractual requirements for encryption of a government client's Controlled Unclassified Information (CUI). What encryption strategy represents how to protect data at rest in the MOST efficient and cost-effective manner?

Question718: A manager bought a home version of an antivirus product and installed it on their organization's laptop. Which of the following would be the PRIMARY reason the security officer wants to have this removed, and replaced by the organization's enterprise antivirus product?

Question719: A network administrator is configuring a database server and would like to ensure the database engine is listening on a certain port. Which of the following commands should the administrator use to accomplish this goal?

Question720: Which of the following is the MOST effective measure to prevent buffer overflow attacks?

Question721: Which of the following is the FIRST step during digital identity provisioning?

Question722: A developer creates an application to be distributed worldwide. An organization distributes the application separately from the digital signature formed by a cryptographic hash of the code.
What requirement is the organization trying to meet?

Question723: The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data

Question724: Which of the following methods provides the MOST protection for user credentials?

Question725: Which of the following attacks can be leveraged only against a telephone?

Question726: Mobile devices are MOST susceptible to which of the following security risks?

Question727: What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

Question728: Which of the following is the BEST defense against password guessing?

Question729: In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?

Question730: Which of the following is the FIRST step in the incident response process?

Question731: The MAIN purpose of placing a tamper seal on a computer system's case is to:

Question732: What type of access control determines the authorization to resource based on pre-defined job titles within an organization?

Question733: Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?

Question734: An information security analyst observed a device on the organization's network downloading a known application which removes limitations imposed by a mobile operating system using software and hardware exploits. Which of the following is this functionality called?

Question735: Which of the following is the MAIN benefit of a comprehensive risk management program?

Question736: Under which of the following circumstances should cryptographic erase be considered for use?

Question737: When writing security assessment procedures, what is the MAIN purpose of the test outputs and reports?