Q1. Which of the following is an attacker MOST likely to target to gain privileged access to a system?
A. Programs that write to system resources
B. Programs that write to user directories
C. Log files containing sensitive information
D. Log files containing system calls
Answer: A
Q2. Which security.approach.will BEST.minimize.Personally Identifiable.Information (PII) loss from a data breach?
A. A strong breach notification process
B. Limited collection of individuals' confidential data
C. End-to-end data encryption for data in transit
D. Continuous monitoring of potential vulnerabilities
Answer: B
Q3. Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?
A. Smurf
B. Rootkit exploit
C. Denial of Service (DoS)
D. Cross site scripting (XSS)
Answer: D
Q4. An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid.reason a customer transaction is kept beyond the retention schedule?
A. Pending legal hold
B. Long term data mining needs
C. Customer makes request to retain
D. Useful for future business initiatives
Answer: A
Q5. The BEST method to mitigate the risk of a dictionary attack on a system is to
A. use a hardware token.
B. use complex passphrases.
C. implement password history.
D. encrypt the access control list (ACL).
Answer: A
Q6. What security management control is MOST often broken by collusion?
A. Job rotation
B. Separation of duties
C. Least privilege model
D. Increased monitoring
Answer: B
Q7. Refer.to the information below to answer the question.
Desktop computers in an organization were sanitized.for re-use.in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?
A. Commercial products often have serious weaknesses of the magnetic force available in the degausser product.
B. Degausser products may not be properly maintained and operated.
C. The inability to turn the drive around in the chamber for the second pass due to human error.
D. Inadequate record keeping when sanitizing media.
Answer: B
Q8. An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?
A. Application Manager
B. Database Administrator
C. Privacy Officer
D. Finance Manager
Answer: C
Q9. A vulnerability test on an Information System (IS) is conducted to
A. exploit security weaknesses in the IS.
B. measure system performance on systems with weak security controls.
C. evaluate the effectiveness of security controls.
D. prepare for Disaster Recovery (DR) planning.
Answer: C
Q10. Which of the following is a method used to prevent Structured Query Language (SQL)
injection attacks?
A. Data compression
B. Data classification
C. Data warehousing
D. Data validation
Answer: D
Q11. Which of the following is the MOST effective attack against cryptographic hardware modules?
A. Plaintext.
B. Brute force
C. Power analysis
D. Man-in-the-middle (MITM)
Answer: C
Q12. Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?
A. Secondary use of the data by business users
B. The organization's security policies and standards
C. The business purpose for which the data is to be used
D. The overall protection of corporate resources and data
Answer: B
Q13. What is an effective practice when returning electronic storage media to third parties for repair?
A. Ensuring the media is not labeled in any way that indicates the organization's name.
B. Disassembling the media and removing parts that may contain sensitive data.
C. Physically breaking parts of the media that may contain sensitive data.
D. Establishing a contract with the third party regarding the secure handling of the media.
Answer: D
Q14. The goal of a Business Continuity Plan (BCP) training and awareness program is to
A. enhance the skills required to create, maintain, and execute the plan.
B. provide for a high level of recovery in case of disaster.
C. describe the recovery organization to new employees.
D. provide each recovery team with checklists and procedures.
Answer: A
Q15. Which of the following is considered best.practice.for preventing e-mail spoofing?
A. Spam filtering
B. Cryptographic signature
C. Uniform Resource Locator (URL) filtering
D. Reverse Domain Name Service (DNS) lookup
Answer: B