Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. By.carefully.aligning.the.pins.in.the.lock, which of the following defines the opening of a mechanical lock without the proper key?
A. Lock pinging
B. Lock picking
C. Lock bumping
D. Lock bricking
Answer: B
Q2. How does an organization verify that.an.information system's.current hardware and software match the standard system configuration?
A. By reviewing the configuration after the system goes into production
B. By running vulnerability scanning tools on all devices in the environment
C. By comparing the actual configuration of the system against the baseline
D. By verifying all the approved security patches are implemented
Answer: C
Q3. In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?
A. A full-scale simulation of an emergency and the subsequent response functions
B. A specific test by response teams of individual emergency response functions
C. A functional evacuation of personnel
D. An activation of the backup site
Answer: B
Q4. A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate?
A. Encryption routines
B. Random number generator
C. Obfuscated code
D. Botnet command and control
Answer: C
Q5. When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
A. Create a user profile.
B. Create a user access matrix.
C. Develop an Access Control List (ACL).
D. Develop a Role Based Access Control (RBAC) list.
Answer: B
Q6. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
A. After the system preliminary design has been developed and.the data security categorization has been performed
B. After the business functional analysis and the data security categorization have been performed
C. After the vulnerability analysis has been performed and before the system detailed design begins
D. After the system preliminary design has been developed and before.the.data security categorization begins
Answer: B
Q7. An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?
A. Clients can authenticate themselves to the servers.
B. Mutual authentication is available between the clients and servers.
C. Servers are able to issue digital certificates to the client.
D. Servers can authenticate themselves to the client.
Answer: D
Q8. Which of the following is a security feature of Global Systems for Mobile Communications (GSM)?
A. It uses a Subscriber Identity Module (SIM) for authentication.
B. It uses encrypting techniques for all communications.
C. The radio spectrum is divided with multiple frequency carriers.
D. The signal is difficult to read as it provides end-to-end encryption.
Answer: A
Q9. Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?
A. Data at rest encryption
B. Configuration Management
C. Integrity checking software
D. Cyclic redundancy check (CRC)
Answer: D
Q10. How can lessons learned from business continuity training and actual recovery incidents BEST be used?
A. As a means for improvement
B. As alternative options for awareness and training
C. As indicators of a need for policy
D. As business function gap indicators
Answer: A
Q11. Software Code signing is used as a method of verifying what security concept?.
A. Integrity
B. Confidentiality.
C. Availability.
D. Access Control
Answer: A
Q12. Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?
A. Automatically create exceptions for specific actions or files
B. Determine which files are unsafe to access and blacklist them
C. Automatically whitelist actions or files known to the system
D. Build a baseline of normal or safe system events for review
Answer: D
Q13. An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?
A. The service provider's policies are consistent with ISO/IEC27001 and there is evidence that the service provider is following those policies.
B. The service provider will segregate the data within its systems and ensure that each region's policies are met.
C. The service provider will impose controls and protections that meet or exceed the current systems controls and produce audit logs as verification.
D. The service provider's policies can meet the requirements imposed by the new environment even if they differ from the organization's current policies.
Answer: D
Q14. The use of proximity card to gain access to a building is an example of what type of security control?
A. Legal
B. Logical
C. Physical
D. Procedural
Answer: C
Q15. Which of the following is the MAIN goal of a data retention policy?
A. Ensure.that data is destroyed properly.
B. Ensure that data recovery can be done on the data.
C. Ensure the integrity and availability of data for a predetermined amount of time.
D. Ensure.the integrity and confidentiality of data for a predetermined amount of time.
Answer: C