Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. What component of a web application that stores the session state in a cookie can be bypassed by an attacker?
A. An initialization check
B. An identification check
C. An authentication check
D. An authorization check
Answer: C
Q2. Disaster Recovery Plan (DRP) training material should be
A. consistent so that all audiences receive the same training.
B. stored in a fire proof safe to ensure availability when needed.
C. only delivered in paper format.
D. presented in a professional looking manner.
Answer: A
Q3. Which of the following is the BEST solution to provide redundancy for telecommunications links?
A. Provide multiple links from the same telecommunications vendor.
B. Ensure that the telecommunications links connect to the network in one location.
C. Ensure.that the telecommunications links connect to the network in multiple locations.
D. Provide multiple links from multiple telecommunications vendors.
Answer: D
Q4. What is the process called when impact values are assigned.to the.security objectives for information types?
A. Qualitative analysis
B. Quantitative analysis
C. Remediation
D. System security categorization
Answer: D
Q5. Which of the following BEST describes a Protection Profile (PP)?
A. A document that expresses an implementation independent set of security requirements for an IT product that meets specific consumer needs.
B. A document that is used to develop an IT security product from its security requirements definition.
C. A document that expresses an implementation dependent set of security requirements which contains only the security functional requirements.
D. A document that represents evaluated products where there is a one-to-one correspondence between a PP and a Security Target (ST).
Answer: A
Q6. Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?
A. Interface with the Public Key Infrastructure (PKI)
B. Improve the quality of security software
C. Prevent Denial of Service (DoS) attacks
D. Establish a secure initial state
Answer: D
Q7. Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?
A. Data Custodian
B. Executive Management
C. Chief Information Security Officer
D. Data/Information/Business Owners
Answer: B
Q8. Which of the following is the best practice for testing a Business Continuity Plan (BCP)?
A. Test.before the IT Audit
B. Test when environment changes
C. Test after installation of security patches
D. Test after implementation of system patches
Answer: B
Q9. If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?
A. User error
B. Suspected tampering
C. Accurate identification
D. Unsuccessful identification
Answer: B
Q10. Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?
A. Integration with organizational directory services for authentication
B. Tokenization of data
C. Accommodation of hybrid deployment models
D. Identification of data location
Answer: D
Q11. In a data classification scheme, the data is owned by the
A. Information Technology (IT) managers.
B. business managers.
C. end users.
D. system security managers.
Answer: B
Q12. As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to
A. overcome the problems of key assignments.
B. monitor the opening of windows and doors.
C. trigger alarms when intruders are detected.
D. lock down a facility during an emergency.
Answer: A
Q13. Multi-threaded applications are more at risk than single-threaded applications to
A. race conditions.
B. virus infection.
C. packet sniffing.
D. database injection.
Answer: A
Q14. What is the GREATEST challenge to identifying data leaks?
A. Available technical tools that enable user activity monitoring.
B. Documented asset classification policy and clear labeling of assets.
C. Senior management cooperation in investigating suspicious behavior.
D. Law enforcement participation to apprehend and interrogate suspects.
Answer: B
Q15. HOTSPOT
In the network design below, where.is.the.MOST secure.Local Area Network (LAN).segment to deploy a.Wireless.Access.Point (WAP) that provides.contractors.access to the Internet and authorized enterprise services?
Answer: