Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Refer.to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Following best practice, where should the permitted access for each department and job classification combination be specified?
A. Security procedures
B. Security standards
C. Human resource policy
D. Human resource standards
Answer: B
Q2. Which of the following can BEST prevent security flaws occurring in outsourced software development?
A. Contractual requirements for code quality
B. Licensing, code ownership and intellectual property rights
C. Certification.of the quality and accuracy of the work done
D. Delivery dates, change management control and budgetary control
Answer: C
Q3. A Business Continuity Plan (BCP) is based on
A. the policy and procedures manual.
B. an existing BCP from a similar organization.
C. a review of the business processes and procedures.
D. a standard checklist of required items and objectives.
Answer: C
Q4. An advantage of link encryption in a communications network is that it
A. makes key management and distribution easier.
B. protects data from start to finish through the entire network.
C. improves the efficiency of the transmission.
D. encrypts all information, including headers and routing information.
Answer: D
Q5. The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide
A. data integrity.
B. defense in depth.
C. data availability.
D. non-repudiation.
Answer: B
Q6. What security risk does the role-based access approach mitigate MOST effectively?
A. Excessive access rights to systems and data
B. Segregation of duties conflicts within business applications
C. Lack of system administrator activity monitoring
D. Inappropriate access requests
Answer: A
Q7. An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?
A. Clients can authenticate themselves to the servers.
B. Mutual authentication is available between the clients and servers.
C. Servers are able to issue digital certificates to the client.
D. Servers can authenticate themselves to the client.
Answer: D
Q8. The PRIMARY outcome of a certification process is that it provides documented
A. system weaknesses for remediation.
B. standards for security assessment, testing, and process evaluation.
C. interconnected systems and their implemented security controls.
D. security analyses needed to make a risk-based decision.
Answer: D
Q9. Software Code signing is used as a method of verifying what security concept?.
A. Integrity
B. Confidentiality.
C. Availability.
D. Access Control
Answer: A
Q10. In a data classification scheme, the data is owned by the
A. Information Technology (IT) managers.
B. business managers.
C. end users.
D. system security managers.
Answer: B
Q11. Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?
A. Network Address Translation (NAT)
B. Application Proxy
C. Routing Information Protocol (RIP) Version 2
D. Address Masking
Answer: A
Q12. Which of the following is the MAIN goal of a data retention policy?
A. Ensure.that data is destroyed properly.
B. Ensure that data recovery can be done on the data.
C. Ensure the integrity and availability of data for a predetermined amount of time.
D. Ensure.the integrity and confidentiality of data for a predetermined amount of time.
Answer: C
Q13. In order for a security policy to be effective within an organization, it MUST include
A. strong statements that clearly define the problem.
B. a list of all standards that apply to the policy.
C. owner information and date of last revision.
D. disciplinary measures for non compliance.
Answer: D
Q14. At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted
A. monthly.
B. quarterly.
C. annually.
D. bi-annually.
Answer: C
Q15. A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?
A. The organization's current security policies concerning privacy issues
B. Privacy-related regulations enforced by governing bodies applicable to the organization
C. Privacy best practices published by recognized security standards organizations
D. Organizational procedures designed to protect privacy information
Answer: B