Q1. Which of the following are required components for implementing software configuration management systems?
A. Audit control and signoff
B. User training and acceptance
C. Rollback and recovery processes
D. Regression testing and evaluation
Answer: C
Q2. A large university needs to enable student.access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment?
A. Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software.
B. Use Secure Sockets Layer (SSL) VPN technology.
C. Use Secure Shell (SSH) with public/private keys.
D. Require students to purchase home router capable of VPN.
Answer: B
Q3. Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?
A. Concept, Development, Production, Utilization, Support, Retirement
B. Stakeholder Requirements Definition, Architectural Design, Implementation, Verification, Operation
C. Acquisition, Measurement, Configuration Management, Production, Operation, Support
D. Concept, Requirements, Design, Implementation, Production, Maintenance, Support, Disposal
Answer: B
Q4. A security professional is asked to provide a solution that restricts a.bank.teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?
A. Access is based on rules.
B. Access is determined by the system.
C. Access is based on user's role.
D. Access is based on data sensitivity.
Answer: C
Q5. Which of the following is the BEST way to verify the integrity of a software patch?
A. Cryptographic checksums
B. Version numbering
C. Automatic updates
D. Vendor assurance
Answer: A
Q6. Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?
A. Set up a BIOS and operating system password
B. Encrypt the virtual drive where confidential files can be stored
C. Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network
D. Encrypt the entire disk and delete contents after a set number of failed access attempts
Answer: D
Q7. What does an organization FIRST review to assure compliance with privacy requirements?
A. Best practices
B. Business objectives
C. Legal and regulatory mandates
D. Employee's compliance to policies and standards
Answer: C
Q8. How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)?
A. Encrypts and optionally authenticates the IP header, but not the IP payload
B. Encrypts and optionally authenticates the IP payload, but not the IP header
C. Authenticates the IP payload and selected portions of the IP header
D. Encrypts and optionally authenticates the complete IP packet
Answer: B
Q9. The BEST method of demonstrating a company's security level to potential customers is
A. a report from an external auditor.
B. responding to a customer's security questionnaire.
C. a formal report from an internal auditor.
D. a site visit by a customer's security team.
Answer: A
Q10. A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network.(WLAN) topology. The.network team.partitioned the WLAN to.create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?
A. The entire enterprise network infrastructure.
B. The handheld devices, wireless access points and border gateway.
C. The end devices, wireless access points, WLAN, switches, management console, and firewall.
D. The end devices, wireless access points, WLAN, switches, management console, and Internet
Answer: C
Q11. Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?
A. Detection
B. Prevention
C. Investigation
D. Correction
Answer: A
Q12. Which security action should be taken FIRST when computer personnel are terminated from their jobs?
A. Remove their computer access
B. Require them to turn in their badge
C. Conduct an exit interview
D. Reduce their physical access level to the facility
Answer: A
Q13. The stringency of an Information Technology (IT) security assessment will be determined by the
A. system's past security record.
B. size of the system's database.
C. sensitivity of the system's data.
D. age of the system.
Answer: C
Q14. Logical access control programs are MOST effective when they are
A. approved by external auditors.
B. combined with security token technology.
C. maintained by computer security officers.
D. made part of the operating system.
Answer: D
Q15. The goal of software assurance in application development is to
A. enable the development of High Availability (HA) systems.
B. facilitate the creation of Trusted Computing Base (TCB) systems.
C. prevent the creation of vulnerable applications.
D. encourage the development of open source applications.
Answer: C