Q1. Regarding asset security and appropriate retention,.which of the following INITIAL.top three areas are.important.to focus on?
A. Security control baselines, access controls, employee awareness and training
B. Human resources, asset management, production management
C. Supply chain lead time, inventory control, encryption
D. Polygraphs, crime statistics, forensics
Answer: A
Q2. Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?
A. Timing
B. Cold boot
C. Side channel
D. Acoustic cryptanalysis
Answer: B
Q3. Which of the following is an effective method for avoiding magnetic media data
remanence?
A. Degaussing
B. Encryption
C. Data Loss Prevention (DLP)
D. Authentication
Answer: A
Q4. Which of the following PRIMARILY contributes to security incidents in web-based applications?
A. Systems administration and operating systems
B. System incompatibility and patch management
C. Third-party applications and change controls
D. Improper stress testing and application interfaces
Answer: C
Q5. What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?
A. Signature
B. Inference
C. Induction
D. Heuristic
Answer: D
Q6. Which of the following.is.required to determine classification and ownership?
A. System and data resources are properly identified
B. Access violations are logged and audited
C. Data file references are identified and linked
D. System security controls are fully integrated
Answer: A
Q7. Discretionary Access Control (DAC) restricts access according to
A. data classification labeling.
B. page views within an application.
C. authorizations granted to the user.
D. management accreditation.
Answer: C
Q8. Multi-threaded applications are more at risk than single-threaded applications to
A. race conditions.
B. virus infection.
C. packet sniffing.
D. database injection.
Answer: A
Q9. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
A. After the system preliminary design has been developed and.the data security categorization has been performed
B. After the business functional analysis and the data security categorization have been performed
C. After the vulnerability analysis has been performed and before the system detailed design begins
D. After the system preliminary design has been developed and before.the.data security categorization begins
Answer: B
Q10. Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?
A. Data Custodian
B. Data Owner
C. Data Creator
D. Data User
Answer: B
Q11. HOTSPOT
Which Web Services Security (WS-Security) specification.negotiates.how security tokens will be issued, renewed and validated? Click on the correct specification in the image below.
Answer:
Q12. Which of the following is the MOST important element of change management documentation?
A. List of components involved
B. Number of changes being made
C. Business case justification
D. A stakeholder communication
Answer: C
Q13. Which of the following analyses is performed to protect information assets?
A. Business impact analysis
B. Feasibility analysis
C. Cost benefit analysis
D. Data analysis
Answer: A
Q14. Internet Protocol (IP) source address spoofing is used to defeat
A. address-based authentication.
B. Address Resolution Protocol (ARP).
C. Reverse Address Resolution Protocol (RARP).
D. Transmission Control Protocol (TCP) hijacking.
Answer: A
Q15. A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is
A. the scalability of token enrollment.
B. increased accountability of end users.
C. it protects against unauthorized access.
D. it simplifies user access administration.
Answer: C