Q1. A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step?
A. Identify and select recovery strategies.
B. Present the findings to management for funding.
C. Select members for the organization's recovery teams.
D. Prepare a plan to test the organization's ability to recover its operations.
Answer: A
Q2. DRAG DROP
Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic media.
Answer:
Q3. Which of the following questions can be answered using user and group entitlement reporting?
A. When a particular file was last accessed by a user
B. Change control activities for a particular group of users
C. The number of failed login attempts for a particular user
D. Where does a particular user have access within the network
Answer: D
Q4. Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?
A. Timing
B. Cold boot
C. Side channel
D. Acoustic cryptanalysis
Answer: B
Q5. In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?
A. A full-scale simulation of an emergency and the subsequent response functions
B. A specific test by response teams of individual emergency response functions
C. A functional evacuation of personnel
D. An activation of the backup site
Answer: B
Q6. What security risk does the role-based access approach mitigate MOST effectively?
A. Excessive access rights to systems and data
B. Segregation of duties conflicts within business applications
C. Lack of system administrator activity monitoring
D. Inappropriate access requests
Answer: A
Q7. Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?
A. Data at rest encryption
B. Configuration Management
C. Integrity checking software
D. Cyclic redundancy check (CRC)
Answer: D
Q8. A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?
A. Onward transfer
B. Collection Limitation
C. Collector Accountability
D. Individual Participation
Answer: B
Q9. Without proper signal protection, embedded systems may be prone to which type of attack?
A. Brute force
B. Tampering
C. Information disclosure
D. Denial of Service (DoS)
Answer: C
Q10. Which of the following is the BEST mitigation from phishing attacks?
A. Network activity monitoring
B. Security awareness training
C. Corporate policy and procedures
D. Strong file and directory permissions
Answer: B
Q11. Which of the following is an attacker MOST likely to target to gain privileged access to a system?
A. Programs that write to system resources
B. Programs that write to user directories
C. Log files containing sensitive information
D. Log files containing system calls
Answer: A
Q12. What is a common challenge when implementing Security Assertion Markup Language
(SAML) for identity integration between on-premise environment and an external identity provider service?
A. Some users are not provisioned into the service.
B. SAML tokens are provided by the on-premise identity provider.
C. Single users cannot be revoked from the service.
D. SAML tokens contain user information.
Answer: A
Q13. Which of the following BEST.avoids data remanence disclosure for cloud hosted
resources?
A. Strong encryption and deletion of.the keys after data is deleted.
B. Strong encryption and deletion of.the virtual.host after data is deleted.
C. Software based encryption with two factor authentication.
D. Hardware based encryption on dedicated physical servers.
Answer: A
Q14. Which of the following BEST describes the purpose of performing security certification?
A. To identify system threats, vulnerabilities, and acceptable level of risk
B. To formalize the confirmation of compliance to security policies and standards
C. To formalize the confirmation of completed risk mitigation and risk analysis
D. To verify that system architecture and interconnections with other systems are effectively implemented
Answer: B
Q15. Which of the following elements.MUST a compliant EU-US Safe Harbor Privacy Policy contain?
A. An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed.
B. An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject.
C. An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to.
D. An explanation of all the technologies employed by the collecting organization in gathering information on the data subject.
Answer: B