Q1. Refer.to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?
A. Human resources policy
B. Acceptable use policy
C. Code of ethics
D. Access control policy
Answer: B
Q2. Which of the following is most helpful in applying the principle of LEAST privilege?
A. Establishing a sandboxing environment
B. Setting up a Virtual Private Network (VPN) tunnel
C. Monitoring and reviewing privileged sessions
D. Introducing a job rotation program
Answer: A
Q3. An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid.reason a customer transaction is kept beyond the retention schedule?
A. Pending legal hold
B. Long term data mining needs
C. Customer makes request to retain
D. Useful for future business initiatives
Answer: A
Q4. When transmitting information over public networks, the decision to encrypt it should be based on
A. the estimated monetary value of the information.
B. whether there are transient nodes relaying the transmission.
C. the level of confidentiality of the information.
D. the volume of the information.
Answer: C
Q5. Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?
A. Smurf
B. Rootkit exploit
C. Denial of Service (DoS)
D. Cross site scripting (XSS)
Answer: D
Q6. Discretionary Access Control (DAC) is based on which of the following?
A. Information source and destination
B. Identification of subjects and objects
C. Security labels and privileges
D. Standards and guidelines
Answer: B
Q7. When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?
A. Temporal Key Integrity Protocol (TKIP)
B. Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK)
C. Wi-Fi Protected Access 2 (WPA2) Enterprise
D. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Answer: C
Q8. The World Trade Organization's (WTO) agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) requires authors of computer software to be given the
A. right to refuse or permit commercial rentals.
B. right to disguise the software's geographic origin.
C. ability to tailor security parameters based on location.
D. ability to confirm license authenticity of.their works.
Answer: A
Q9. DRAG DROP
Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).
Answer:
Q10. A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?
A. Trojan horse
B. Denial of Service (DoS)
C. Spoofing
D. Man-in-the-Middle (MITM)
Answer: A
Q11. Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage?
A. Lightweight Directory Access Control (LDAP)
B. Security Assertion Markup Language (SAML)
C. Hypertext Transfer Protocol (HTTP)
D. Kerberos
Answer: A
Q12. Single Sign-On (SSO) is PRIMARILY designed to address which of the following?
A. Confidentiality and Integrity
B. Availability and Accountability
C. Integrity and Availability
D. Accountability and Assurance
Answer: D
Q13. What is the MOST effective method of testing custom application code?
A. Negative testing
B. White box testing
C. Penetration testing
D. Black box testing
Answer: B
Q14. Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?
A. Make changes following principle and design guidelines.
B. Stop the application until the vulnerability is fixed.
C. Report the vulnerability to product owner.
D. Monitor the application and review code.
Answer: C
Q15. Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?
A. Trusted Platform Module (TPM)
B. Preboot eXecution Environment (PXE)
C. Key Distribution Center (KDC)
D. Simple Key-Management for Internet Protocol (SKIP)
Answer: A