NEW QUESTION 1

At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted

• A. monthly.
• B. quarterly.
• C. annually.
• D. bi-annually.

Answer: C

NEW QUESTION 2

The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

• A. log auditing.
• B. code reviews.
• C. impact assessments.
• D. static analysis.

Answer: B

NEW QUESTION 3

At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled?

• A. Transport Layer
• B. Data-Link Layer
• C. Network Layer
• D. Application Layer

Answer: C

NEW QUESTION 4

Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?

• A. Use of a unified messaging.
• B. Use of separation for the voice network.
• C. Use of Network Access Control (NAC) on switches.
• D. Use of Request for Comments (RFC) 1918 addressing.

Answer: B

NEW QUESTION 5

When planning a penetration test, the tester will be MOST interested in which information?

• A. Places to install back doors
• B. The main network access points
• C. Job application handouts and tours
• D. Exploits that can attack weaknesses

Answer: B

NEW QUESTION 6

A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?

• A. The network administrators have no knowledge of ICS
• B. The ICS is now accessible from the office network
• C. The ICS does not support the office password policy
• D. RS422 is more reliable than Ethernet

Answer: B

NEW QUESTION 7

The application of which of the following standards would BEST reduce the potential for data breaches?

• A. ISO 9000
• B. ISO 20121
• C. ISO 26000
• D. ISO 27001

Answer: D

NEW QUESTION 8

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

• A. Interface with the Public Key Infrastructure (PKI)
• B. Improve the quality of security software
• C. Prevent Denial of Service (DoS) attacks
• D. Establish a secure initial state

Answer: D

NEW QUESTION 9

In a financial institution, who has the responsibility for assigning the classification to a piece of information?

• A. Chief Financial Officer (CFO)
• B. Chief Information Security Officer (CISO)
• C. Originator or nominated owner of the information
• D. Department head responsible for ensuring the protection of the information

Answer: C

NEW QUESTION 10

A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

• A. Assess vulnerability risk and program effectiveness.
• B. Assess vulnerability risk and business impact.
• C. Disconnect all systems with critical vulnerabilities.
• D. Disconnect systems with the most number of vulnerabilities.

Answer: B

NEW QUESTION 11

What type of encryption is used to protect sensitive data in transit over a network?

• A. Payload encryption and transport encryption
• B. Authentication Headers (AH)
• C. Keyed-Hashing for Message Authentication
• D. Point-to-Point Encryption (P2PE)

Answer: A

NEW QUESTION 12

Copyright provides protection for which of the following?

• A. Ideas expressed in literary works
• B. A particular expression of an idea
• C. New and non-obvious inventions
• D. Discoveries of natural phenomena

Answer: B

NEW QUESTION 13

The goal of a Business Continuity Plan (BCP) training and awareness program is to

• A. enhance the skills required to create, maintain, and execute the plan.
• B. provide for a high level of recovery in case of disaster.
• C. describe the recovery organization to new employees.
• D. provide each recovery team with checklists and procedures.

Answer: A

NEW QUESTION 14

What is a common challenge when implementing Security Assertion Markup Language (SAML) for identity integration between on-premise environment and an external identity provider service?

• A. Some users are not provisioned into the service.
• B. SAML tokens are provided by the on-premise identity provider.
• C. Single users cannot be revoked from the service.
• D. SAML tokens contain user information.

Answer: A

NEW QUESTION 15

What maintenance activity is responsible for defining, implementing, and testing updates to application systems?

• A. Program change control
• B. Regression testing
• C. Export exception control
• D. User acceptance testing

Answer: A

NEW QUESTION 16

What are the steps of a risk assessment?

• A. identification, analysis, evaluation
• B. analysis, evaluation, mitigation
• C. classification, identification, risk management
• D. identification, evaluation, mitigation

Answer: A

Explanation:
Section: Security Assessment and Testing

NEW QUESTION 17

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

• A. To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
• B. To validate backup sites’ effectiveness
• C. To find out what does not work and fix it
• D. To create a high level DRP awareness among Information Technology (IT) staff

Answer: B

NEW QUESTION 18

When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?

• A. Create a user profile.
• B. Create a user access matrix.
• C. Develop an Access Control List (ACL).
• D. Develop a Role Based Access Control (RBAC) list.

Answer: B

NEW QUESTION 19

A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually?

• A. Asset Management, Business Environment, Governance and Risk Assessment
• B. Access Control, Awareness and Training, Data Security and Maintenance
• C. Anomalies and Events, Security Continuous Monitoring and Detection Processes
• D. Recovery Planning, Improvements and Communications

Answer: A

NEW QUESTION 20

A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?

• A. Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software.
• B. Use Secure Sockets Layer (SSL) VPN technology.
• C. Use Secure Shell (SSH) with public/private keys.
• D. Require students to purchase home router capable of VPN.

Answer: B

NEW QUESTION 21

How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted?

• A. Use an impact-based approach.
• B. Use a risk-based approach.
• C. Use a criticality-based approach.
• D. Use a threat-based approach.

Answer: B

NEW QUESTION 22

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

• A. Known-plaintext attack
• B. Denial of Service (DoS)
• C. Cookie manipulation
• D. Structured Query Language (SQL) injection

Answer: D

Explanation:
Section: Security Assessment and Testing

NEW QUESTION 23

The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?

• A. Service Level Agreement (SLA)
• B. Business Continuity Plan (BCP)
• C. Business Impact Analysis (BIA)
• D. Crisis management plan

Answer: B

NEW QUESTION 24

The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data

• A. through a firewall at the Session layer
• B. through a firewall at the Transport layer
• C. in the Point-to-Point Protocol (PPP)
• D. in the Payload Compression Protocol (PCP)

Answer: C

NEW QUESTION 25

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.
In which phase of the assessment was this error MOST likely made?

• A. Enumeration
• B. Reporting
• C. Detection
• D. Discovery

Answer: A

Explanation:
Section: Security Assessment and Testing

NEW QUESTION 26

From a security perspective, which of the following assumptions MUST be made about input to an
application?

• A. It is tested
• B. It is logged
• C. It is verified
• D. It is untrusted

Answer: D

NEW QUESTION 27

Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?

• A. Data compression
• B. Data classification
• C. Data warehousing
• D. Data validation

Answer: D

NEW QUESTION 28

A continuous information security monitoring program can BEST reduce risk through which of the following?

• A. Collecting security events and correlating them to identify anomalies
• B. Facilitating system-wide visibility into the activities of critical user accounts
• C. Encompassing people, process, and technology
• D. Logging both scheduled and unscheduled system changes

Answer: B

NEW QUESTION 29
......