Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
october 2022 800+
| Question | Answer |
|---|---|
| All of the following items should be included in a Business Impact Analysis (BIA) questionnaires that Determine the risk of a business interruption occurring Determine the technological dependence of the business processes | Determine the technological dependence of the business processes |
| Which of the following actions will reduce risk to a laptop before traveling to a high risk area? Examine the device for physical tampering Implement more stringent baseline configurations Purge or re-image the hard disk drive Change access codes | Chase access codes |
| Which of the following represents the GREATEST risk to data confidentiality? Network redundancies are not implemented Security awareness is not completed Backup tapes are generated unencrypted Users have administrative privileges | Backup tapes are generated uncrypted |
| What is the MOST important consideration from a data security perspective when an organization plans to relocate? Conduct a gap analysis of a new facilities against existing security requirements | Conduct a gap analysis of a new facilities against existing security requirements |
| A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with? Application Power | Power |
| When assessing an organizations' security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined? Only when Assets are clearly defined | Only when Assets are clearly defined |
| Which of the following types of technologies would be the MOST cost-effective method to provide control for protecting personnel in public areas? Install mantraps at the building entrances Hire a guard to protect the public area | Hire a guard to protect the public area |
| An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements? Development, testing, and deployment Prevention, detection, and remediation People, technology, and operations | People, technology, and operations |
| Intellectual property rights are PRIMARY concerned with which of the following? Owner's ability to realize financial gain Owner's ability to maintain copyright Right of the owner to enjoy their creation Right of the owner to control delivery method | Right of the owner to control delivery method |
| Which of the following is MOST important when assigning ownership of an asset to a department? The department should report to the business owner Ownership of the asset should be periodically reviewed Individual accountability should be ensured | Ownership of the assets should be periodically reviewed |
| Which of the following affects the classification of data? Assigned security label Multilevel Security (MLS) architecture Minimum query size Passage of time | Passage of time |
| Which of the following BEST describes the responsibilities of a data owner? Ensuring quality and validation through periodic audits for ongoing data integrity Ensuring accessibility to appropriate users, maintaining appropriate levels of data security | Ensuring accessibility to appropriate users, maintaining appropriate levels of data security |
| An organization has doubled in size due to rapid market share increase. The size of the IT staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. Identity as a Service (IDaas) | Identity as a Service (IDaas) |
| When implementing a data classification program, why is it important to avoid too much granularity? The process will require too many resources It will be difficult to apply to both hardware and software | The process will require too many resources |
| In a data classification scheme, the data is owned by the System security managers Business managers Information Technology (IT) managers end users | Business managers |
| Which of the following is an initial consideration when developing an information security management system? Identify the contractual security obligations that apply to the organizations Understand the value of the information assets | Understand the value of the information assets |
| Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards? Personal Identity Verification (PIV) Physical Access Control System (PACS) repeated attempt detection | Physical Access Control System (PACS) repeated attempt detection |
| Which security service is served by the process of encryption plaintext with the sender's private key and decrypting cipher text with the sender's public key? Confidentiality Integrity Identification Availability | Confidentiality |
| Which of the following mobile code security models relies only on trust? Code Signing Class Authentication Sandboxing Type Safety | Code Signing |
| Which technique can be used to make an encryption scheme more resistant to a known plaintext attack? Hashing the data before encryption Hashing the data after encryption Compressing the data after encryption Compressing the data before encryption | Hashing the data before encryption |
| What is the second phase of Public Key Infrastructure (PKI) key/certificate life cycle management? Implementation Phase Initialization Phase Cancellation Phase Issued Phase | Issued Phase |
| Which component of the security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities automate vulnerability assessments? Common Vulnerability Scoring System (CVSS) | Common Vulnerability Scoring System (CVSS) |
| Who in the organization is accountable for classification of data information assets? Data Owner Data architect Chief Information Security Officer (CISO) Chief Information Officer (CIO) | Data Owner |
| The use of private and public encryption keys is fundamental in the implementation of which of the following? Diffie-Hellman algorithm Secure Sockets Layer (SSL) Advanced Encryption Standard (AES) Message Digest 5 (MD5) | Secure Sockets Layer (SSL) |
| What is the purpose of an Internet Protocol (IP) spoofing attack? To intercept network traffic without authorization To convince a system that it is communicating with a known entity | To convince a system that it is communicating with a known entity |
| At what level of the Open System Interconnection (OSI) model is data at rest on a storage Area Network (SAN) located? Link layer Physical layer Session layer Application layer | Physical layer |
| In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node? Transport layer Application layer Network layer Session layer | Transport layer |
| Which of the following is used by the Point-to-Point (PPP) to determine packet formats? Layer 2 Tunneling Protocol (L2TP) Link Control Protocol (LCP) Packet Transfer Protocol (PTP) Challenge Handshake Authentication Protocol (CHAP) | Link Control Protocol (LCP) |
| Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model? Packet filtering Port services filtering Content filtering Application access control | Packet filtering |
| An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security.. Implement logical network segmentation at the switches | Implement logical network segmentation at the switches |
| An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control? Add a new rule to the application layer firewall | Add a new rule to the application layer firewall |
| Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress? Intrusion Prevention Systems (IPS) Intrusion Detection Systems (IDS) Stateful firewalls Network behavior Analysis (NBA) tools | Network behavior Analysis (NBA) tools |
| Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol? WEP uses a small range Initialization Vector (IV) WEP uses Message Digest 5 (MD5) WEP does not use any Initialization Vector (IV) | WEP uses a small range Initialization Vector (IV) |
| A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization? Security Assertion Markup Language | Security Assertion Markup language (SAML) |
| Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices? Derived credential Temporary security credential | Derived credential |
| Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary? Implement Role Based Access Control (RBAC) | Implement Role Based Access Control (RBAC) |
| What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance? Audit logs Role-Based Access Control (RBAC) Two-factor authentication Application of least privilege | Role-Based Access Control (RBAC) |
| Which of the following is of GREATEST assistance to auditors when reviewing system configurations? Change management processes User administration procedures Operating System (OS) baselines System backup documentation | Change management processes |
| In which of the following programs is it MOST important to include the collection of security process data? Quarterly access reviews Security continuous monitoring Business continuity testing Annual security training | Security continuous monitoring |
| A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files? | Host VM monitor audit logs |
| Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure? Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels | Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels |
| Which of the following could cause a Denial of Service (Dos) against an authentication system? Encryption of audit logs No archiving of audit logs Hashing of audit logs Remote access audit logs | Remote access audit logs |
| An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause? Inadequate cost modeling Insufficient Service Level Agreement (SLA) | Insufficient Service Level Agreement (SLA) |
| Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations? Walkthrough Simulation Parallel White box | Parallel |
| What is the PRIMARY reason for implementing change management? Certify and approve releases to the environment Provide version rollbacks for system changes Ensure accountability for changes to the environment | Certify and approve release to the environment |
| Which of the following is a PRIMARY advantage of using a third-party identity service? Consolidation of multiple providers Directory synchronization Web based logon Automated account management | Automated account management |
| With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions? At a rate concurrent with the volatility of the security control | At a rate concurrent with the volatility of security control |
| What should be the FIRST action to protect the chain of evidence when a desktop computer is involved? Take the computer to a forensic lab Make a copy of the hard drive Start documenting Turn off the computer | Start documenting |
| What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application? Disable all unnecessary services Ensure chain of custody Prepare another backup of the system Isolate the system from the network | Isolate the system from the network |
| A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following? Guaranteed recovery of all business functions Minimization of the need decision making during a crisis Protection from loss of organization resources | Protection from loss of organization resources (people are resources) |
| When is a Business Continuity Plan (BCP) considered to be valid? When it has been validated by the Business Continuity (BC) manager When it has been validated by the board of directors When it has been validated by realistic exercises | When it has been validated by realistic exercises |
| Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following? Hardware and software compatibility issues Budget constraints and requirements Cost/benefit analysis and business objectives | Cost/benefit analysis and business objectives |
| Which of the following is the FIRST step in the incident response process? Determine the cause of the incident Disconnect the system involved from the network Isolate and contain the system involved Investigate all symptoms to confirm the incident | Investigate all symptoms to confirm the incident |
| A continuous information security monitoring program can BEST reduce risk through which of the following Collecting security events and correlating them to identify anomalies Encompassing people, process, and technology | Encompassing people, process, and technology |
| What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours? Warm site Hot site Mirror site Cold site | Warm Site |
| A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. Least Privilege | Least Privilege |
| Which of the following is the PRIMARY risk with using open source software in a commercial software construction? License agreements requiring release of modified code Expiration of the license agreement | License agreements requiring release of modified code |
| When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined? After the system preliminary design has been developed and before the data security categorization begins | After the system preliminary design has been developed and before the data security categorization begins |
| Which of the following is the BEST method to prevent malware from being introduced into a production environment? Test all new software in a segregated environment Purchase software from a limited list of retailers | Test all new software in a segregated environment |
| The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)? System acquisition and development System initiation | System acquisition and development |
| What is the BEST approach to addressing security issues in legacy web applications? Debug the security issues Conduct a security assessment Protect the legacy application with a web application firewall | Protect the legacy application with a web application firewall |
| Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs? Check arguments in function calls Test for the security patch level of the environment | Test for the security patch level of the environment |
| Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element? Column level database encryption Volume encryption Data tokenization | Data tokenization |
| Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain? An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject | An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject |
| What is the MOST effective countermeasure to a malicious code attack against a mobile system? Sandbox Change control Memory management Public-Key Infrastructure (PKI) | Sandbox |
| Which of the following is the BEST mitigation from phishing attacks? Network activity monitoring Security awareness training Corporate policy and procedures | Security awareness training |
| Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming? Anti-tampering | Anti-tampering |
Created by:
zstudycards
Popular Computers sets