Q1. An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?
A. Limits and scope of the testing.
B. Physical location of server room and wiring closet.
C. Logical location of filters and concentrators.
D. Employee directory and organizational chart.
Answer: A
Q2. HOTSPOT
Which.Web Services Security (WS-Security) specification.handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below.
Answer:
Q3. Which of the following has the GREATEST impact on an organization's security posture?
A. International and country-specific compliance requirements
B. Security.violations by employees and contractors
C. Resource constraints due to increasing costs of supporting security
D. Audit findings related to employee access and permissions process
Answer: A
Q4. Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?
A. Concept, Development, Production, Utilization, Support, Retirement
B. Stakeholder Requirements Definition, Architectural Design, Implementation, Verification, Operation
C. Acquisition, Measurement, Configuration Management, Production, Operation, Support
D. Concept, Requirements, Design, Implementation, Production, Maintenance, Support, Disposal
Answer: B
Q5. Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?
A. Maintaining an inventory of authorized Access Points (AP) and connecting devices B. Setting the radio frequency to the minimum range required
C. Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator
D. Verifying that all default passwords have been changed
Answer: A
Q6. When constructing.an.Information Protection.Policy.(IPP), it is important that the stated rules are necessary, adequate, and
A. flexible.
B. confidential.
C. focused.
D. achievable.
Answer: D
Q7. Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?
A. Hot site
B. Cold site
C. Warm site
D. Mobile site
Answer: B
Q8. What is the PRIMARY advantage of using automated application security testing tools?
A. The application can be protected in the production environment.
B. Large amounts of code can be tested using fewer resources.
C. The application will fail less when tested using these tools.
D. Detailed testing of code functions can be performed.
Answer: B
Q9. After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue?
A. Implement strong passwords authentication for VPN
B. Integrate the VPN with centralized credential stores
C. Implement an Internet Protocol Security (IPSec) client
D. Use two-factor authentication mechanisms
Answer: D
Q10. Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0.to integrate a third-party identity provider for a service?
A. Resource Servers are required to use passwords to authenticate end users.
B. Revocation of access of some users of the third party instead of all the users from the third party.
C. Compromise of the third party means compromise of all the users in the service.
D. Guest users need to authenticate with the third party identity provider.
Answer: C
Q11. Which of the following is the MOST important consideration.when.storing and processing.Personally Identifiable Information (PII)?
A. Encrypt and hash all PII to avoid disclosure and tampering.
B. Store PII for no more than one year.
C. Avoid storing PII in a Cloud Service Provider.
D. Adherence to collection limitation laws and regulations.
Answer: D
Q12. In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
A. Application Layer
B. Physical Layer
C. Data-Link Layer
D. Network Layer
Answer: B
Q13. HOTSPOT
Which Web Services Security (WS-Security) specification.negotiates.how security tokens will be issued, renewed and validated? Click on the correct specification in the image below.
Answer:
Q14. A vulnerability test on an Information System (IS) is conducted to
A. exploit security weaknesses in the IS.
B. measure system performance on systems with weak security controls.
C. evaluate the effectiveness of security controls.
D. prepare for Disaster Recovery (DR) planning.
Answer: C
Q15. What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?
A. Experience in the industry
B. Definition of security profiles
C. Human resource planning efforts
D. Procedures in systems development
Answer: D