Q1. The.Hardware Abstraction Layer (HAL).is implemented in the
A. system software.
B. system hardware.
C. application software.
D. network hardware.
Answer: A
Q2. An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?
A. The service provider's policies are consistent with ISO/IEC27001 and there is evidence that the service provider is following those policies.
B. The service provider will segregate the data within its systems and ensure that each region's policies are met.
C. The service provider will impose controls and protections that meet or exceed the current systems controls and produce audit logs as verification.
D. The service provider's policies can meet the requirements imposed by the new environment even if they differ from the organization's current policies.
Answer: D
Q3. Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?
A. To assist data owners in making future sensitivity and criticality determinations
B. To assure the software development team that all security issues have been addressed
C. To verify that security protection remains acceptable to the organizational security policy
D. To help the security team accept or reject new systems for implementation and production
Answer: C
Q4. Refer.to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.
If the intrusion causes the system processes to hang, which of the following has been affected?
A. System integrity
B. System availability
C. System confidentiality
D. System auditability
Answer: B
Q5. A Business Continuity Plan (BCP) is based on
A. the policy and procedures manual.
B. an existing BCP from a similar organization.
C. a review of the business processes and procedures.
D. a standard checklist of required items and objectives.
Answer: C
Q6. A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?
A. Public Key Infrastructure (PKI) and digital signatures
B. Trusted server certificates and passphrases
C. User ID and password
D. Asymmetric encryption and User ID
Answer: A
Q7. Which item below is a federated identity standard?
A. 802.11i
B. Kerberos
C. Lightweight Directory Access Protocol (LDAP)
D. Security Assertion Markup Language (SAML)
Answer: D
Q8. Which of the following does the Encapsulating Security Payload (ESP) provide?
A. Authorization and integrity
B. Availability and integrity
C. Integrity and confidentiality
D. Authorization and confidentiality
Answer: C
Q9. What does secure authentication with logging provide?
A. Data integrity
B. Access accountability
C. Encryption logging format
D. Segregation of duties
Answer: B
Q10. DRAG DROP
Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).
Answer:
Q11. To prevent inadvertent disclosure of restricted information, which of the following would be the LEAST effective process for eliminating data prior to the media being discarded?
A. Multiple-pass overwriting
B. Degaussing
C. High-level formatting
D. Physical destruction
Answer: C
Q12. Which of the following secures web transactions at the Transport Layer?
A. Secure HyperText Transfer Protocol (S-HTTP)
B. Secure Sockets Layer (SSL)
C. Socket Security (SOCKS)
D. Secure Shell (SSH)
Answer: B
Q13. Secure Sockets Layer (SSL) encryption protects
A. data at rest.
B. the source IP address.
C. data transmitted.
D. data availability.
Answer: C
Q14. Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?
A. Two-factor authentication
B. Digital certificates and hardware tokens
C. Timed sessions and Secure Socket Layer (SSL)
D. Passwords with alpha-numeric and special characters
Answer: C
Q15. A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?
A. Assess vulnerability risk and program effectiveness.
B. Assess vulnerability risk and business impact.
C. Disconnect all systems with critical vulnerabilities.
D. Disconnect systems with the most number of vulnerabilities.
Answer: B