Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. In Business Continuity Planning (BCP), what is the importance of documenting business processes?
A. Provides senior management with decision-making tools
B. Establishes and adopts ongoing testing and maintenance strategies
C. Defines who will perform which functions during a disaster or emergency
D. Provides an understanding of the organization's interdependencies
Answer: D
Q2. The BEST example of the concept of "something that a user has" when providing an authorized user access to a computing system is
A. the user's hand geometry.
B. a credential stored in a token.
C. a passphrase.
D. the user's face.
Answer: B
Q3. HOTSPOT
Identify the component that MOST likely lacks digital accountability related to.information access.
Click on the correct device in the image below.
Answer:
Q4. Why is a system's criticality classification important in large organizations?
A. It provides for proper prioritization and scheduling of security and maintenance tasks.
B. It reduces critical system support workload and reduces the time required to apply patches.
C. It allows for clear systems status communications to executive management.
D. It provides for easier determination of ownership, reducing confusion as to the status of the asset.
Answer: A
Q5. What security management control is MOST often broken by collusion?
A. Job rotation
B. Separation of duties
C. Least privilege model
D. Increased monitoring
Answer: B
Q6. While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?
A. Trusted path
B. Malicious logic
C. Social engineering
D. Passive misuse
Answer: C
Q7. Which of the following secures web transactions at the Transport Layer?
A. Secure HyperText Transfer Protocol (S-HTTP)
B. Secure Sockets Layer (SSL)
C. Socket Security (SOCKS)
D. Secure Shell (SSH)
Answer: B
Q8. Which of the following questions can be answered using user and group entitlement reporting?
A. When a particular file was last accessed by a user
B. Change control activities for a particular group of users
C. The number of failed login attempts for a particular user
D. Where does a particular user have access within the network
Answer: D
Q9. Which of the following is a critical factor for implementing a successful data classification program?
A. Executive sponsorship
B. Information security sponsorship
C. End-user acceptance
D. Internal audit acceptance
Answer: A
Q10. Which of the following is the MOST beneficial to review when performing an IT audit?
A. Audit policy
B. Security log
C. Security policies
D. Configuration settings
Answer: C
Q11. What principle requires that changes to the plaintext affect many parts of the ciphertext?
A. Diffusion
B. Encapsulation
C. Obfuscation
D. Permutation
Answer: A
Q12. Which of the following elements.MUST a compliant EU-US Safe Harbor Privacy Policy contain?
A. An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed.
B. An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject.
C. An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to.
D. An explanation of all the technologies employed by the collecting organization in gathering information on the data subject.
Answer: B
Q13. What should happen when an emergency change to.a system.must be performed?
A. The change must be given priority at the next meeting of the change control board.
B. Testing and approvals must be performed quickly.
C. The change must be performed immediately and then submitted to the change board.
D. The change is performed and a notation is made in the system log.
Answer: B
Q14. Which of the following is the FIRST step of a penetration test plan?
A. Analyzing a network diagram of the target network
B. Notifying the company's customers
C. Obtaining the approval of the company's management
D. Scheduling the penetration test during a period of least impact
Answer: C
Q15. Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility?
A. Vulnerability to crime
B. Adjacent buildings and businesses
C. Proximity to an airline flight path
D. Vulnerability to natural disasters
Answer: C