ess} se DOWAM 5~PROTECTION OF INFORMATION ASSETS, == ‘DOMAIN S~PROTECTION OF INFORMATION ASSETS (27 ®) [ASA Web oppo developers smatines ws in lds cm eb pages to sve information aoa cin sion, This ecu se some eats, 0 tae Sesienvaables that enable penitence ens web ides sch mating the cones of sping ct neti web sk appt. The MOST Tkly webased tack eos practic is AL parmeter mpeg, Gruss npn coi ptt, DL Seah commana. Ata tecorrct sswer. [An Web applicaan developers sometines se hidden elds to sve information about» een Sesion rf seb hen parameters such a the angnage af the nd er, othe wndeiying “pplication Becanse de for fds do nt dsl tn the browser, develoers may fel ae puving uma ata iy the Redden fete (1 be validated later hls prac tae rouse an tack enn ftereept,modiy and sub request, which can dcr information tr perform fenton tht the web devper neve Intended. The mallows modiication of web pain parame t known sparsvter tampeco 1a. Chossate scipting involve the compose af th wb age to rst se cet onthe ‘Stacker ne ste The use oF en els no sgst on te kelod ofa rose Seng ‘ack teeabe tee fils are static cnet tht amnesty be modified to crest is pe of tock, Web applisboes ee cokes sve sesion sate infemtion oo he et machine so at ‘Muse doer ot set gamer tea page vss G_Cookle poisoning tf tothe intercon and modewion ofeson cookies to impersonate he {bor or sl lgon tees. The we of ie ls as no elation cok poi Sth commmang the hijsckng of web ervey the instltin of unatorzed code Wie {he we of hide foros may ese he ik fever compris the mst commen server expats Itvole ede of tie veer peatieg system or web sve. AS Which camo the BEST way to sue tht the data in leave not been changed ding oss? ‘A. Reasnablenn check Pay ba nth lus De Checks isthe correct answer, tation: en rensnableoes checks we ns tht pa data is win epetd ales noo ensue ney af ta taamisan Dat can changed and fil yas a estes et, 13. Pay bs are weak fon Ftp cok used detest eosin ansisin, at thyme ‘te good a ng ash c.- Hiates are cael om the ie ad are very ses to any changes nthe data ves the le The they are the Bost way tense tat data Bas ot changed Check pis ae wend detest an er ina mare ld sch sn acount umber i usualy rote a taspostion or tanserbin et {isk Review Quetns Anewers&Exlnstione Manal 12° aon a Seer tnelDOMAIN S-PROTECTION OF MFORIAATION ASSETS ® iH “The PRIMARY pepe of ai rail A. improve espns tine fous, esas ccoubbity fx poesed tanto. C.ipewe option een of he ser provide afomston suitors who wich Yo tk tans. Bis the correct anor, Fonsi ‘A. The objet of ening otwae to poide aut sno np pti elfen case "oRea oles ational processing wich my ina ace epee ne for ser. 1B, Eating aut ais psn etalsbing the accountability and responsibility of proceed feansctions by taka rasactions trough the system, ©. ing ait tals iets rage an un pi dik pce ay ese opera fice. 1. Alt ast sed 1 tack tation or vaous purposes, at ju frat Tews aut ‘os or atts sai ower, a the pimary et, Wiih fe flowing 5st ool can esagine tha ced card tanstons mee ly o have esl fm a sen eds cal ha rom te blr fe ei cad? Intron detection syste ats ining echnines Stef apa reals Pkt fiteng ots ene seton: [A An iron don stems eet in dtsingntwik ested eos but ot ete in ‘meng lent tts. ‘B. Datamining technique used detect ire or pattern ofan or dat the Instore! patter of charges pains eet eat accoust s change, then lag Cat the ‘tanscton may have ruled from a raudlet we of he ear ©. A fiemal is exelent ol fer rotting networks deat bt fete in teing aude rst 1D. Ack feng outer operates eat evel end cant ee asin Rv Gon Ara pan Ne in@s= couse oeomunosee ass Which of he lowing BEST cries the eety ofa see's pein stn? Prtting he server ace lation ‘Senna bot passed auening he ever eofguration Ipomening activ losing ‘Cee cornet anoer, Suen Jp roeing he server in scr ain ood patie, bit es no esue ht wil ‘ryt esplot loge anerabitesand conor the operating yer (08) Seng bot pst isa tod pie Bu Scent ensure ha a we wil no ty to xg gil ‘abrenbils snd compromise th 8, (C.Hardeninga system mene lo onigure ihn the most tear manner stl atest tity patch propery define aces horizon for wer and att ator dial nsecure ‘ptons and ein unused services 0 prevent nonprvicged wsers fom guting the ht © ‘ecate privileged nractins and, thus take contol ofthe ere machine jeopardizing the Integra be 0S. 1. envi loging bas wo weaknesses in thi seasio—itis a detective cml ant revenive o) dhe acer who sendy aed pled ace cn my logs rable thm “Whi ofthe following set componet i PRIMARILY set pf ene a seca measur by ‘preventing waithoried ai betwee eet semen of the eework AL Frwals B Rowers © Layer2svithss 1, Viral oa! ara networks Jaseation: ee ireal systems are the primar tl that enables an organization fo prevent unasthorind ces ete networks An ongeizaon ay coset deplay one or more ystems that funciona renal 1, Renn erp bon pret, sch see ast ae ot any ass tk, C._Bsedon Media Acces Cool sees, je 2 sicbes sept trae without dering ‘ster salon o urate efi: vial oe ares nto a ancl of soe itches thaallows he con! ic ‘eee dient por ere nuh hy tah same plea aces nctwork: Nevers, {hey do ot eects deal with atone vers unaurized ali. {IS Revlon Quoting Anewers& Explorations Mans 1 Fon ‘Stem sel‘DOMAIN S-PROTECTION OF FORMATION ASSETS @a= 3a ‘An 8 auto dsoves thatthe ei infomation officer (CO) of negation ing wes ‘roudband dem sng lta ten for mob communion (GSM) west. The msn is ein sed 6 camect the CIO’ pope crore vial uae eno beth C10 fel casio hoffe, The IS war sul ‘A. dosing hecase the ineentsecuryfntues f GSM techno ae spe, 53 recommen te CHO slop sing he app eopater ul encryption seated (ens hit ned abs conl aes ering ele oa he tetwok so mabe wieles 1. sues hte fstor ssthentication be wd me te wiles Tink prevent toro Als he correct nse. eteation: ‘AD The inherent security features of global sytem fr mobile commancations (GSM) technology ‘combined ith the seo veel private emork (VEN) ae appropiate. The confidentiality ‘ofthe communication onthe GSM radi links ensured by the wea encrpin and he wa of | VPN sige that an enryped ssn etal einen he apap an the corpo netmork. CSM is lbal standard for ello lacommentstos that canbe eed fr both ‘oie and data Currently deplyed commercial GSM tecnlogy bs multi overlapping scart festares whch prevent eavesdropping, eso jacking or uae oa ofthe {GSM ceri network, Wile other nice ecologies sch 80211 mies loa area netnork (LAN) tents have Been designed oll the wir tadjator even dae ‘security setngs GSM does not allow ay viet comet the pte une al relevant scart festares are active and enabled. B, Beatse th he information fcr (CO) i sig a VPN it ean be ame at encryption s ‘rable in alton othe eat esses ia GSM. aon, VPN wl tallow he eae of “ha for stongeon the remote device (ach he C108 ap. (6. Meiia ccs conzl (HAC) itera canbe edn wiles LAN ute 3 apy fo a GSM. eter dee 1D, Beate the GSM network ising sed ter thn wise LAN, ts wot psi conte seins fr o-fitr aes oer be wie nk However, fat auton it "ecommen wil beter pect gas rauberzed secs tan sles iettin ‘ISA Review Question, Anvors&Eglntos Manual Eton Teh ie et,[ASS Wich ofthe lowing the BEST vay enim eminence unstee nlaer PC syste [AL Eafiee meats port protecteacreen ser 13 olemen provimiy bed uta syste (Terminate erosion reed ies 1. Ads power nauagement stingy 0s mtr sens ask tothe correct ansver. usiston: ‘AoA pauword-protecta sree saver with a proper ine interval the best mensure to prevent orized aces owoatended nd-aser stems Is nportant fo easure hat wes lek {he mekstaton when he step any re the achive, which something ha coud be reinforced i sarenes lng Thee ar sudo tha wil lock machines whe ses ep ay fom i desks, ad tose would bith her; bever, tose fas ara ce exes rol, wich woul nora incl {he we of sacks a ext bare, Therefor, th use of pasword pected ree er ‘vk bes beter soon c. Temnting wer seins fen done fo reste login peo e-uentooe) or afer eta imoet of activity on aw or server season Tha ore ri rela o ving the Works. ‘nos threo ts so theca. 1p Switching ofthe mtr wos ee aon bene the mortar cl singly be sitchen [ASS —Theinplemention of wich ofthe following would MOST efetvey peer unautoind ase ta ‘ste distin count on web serve? A. Hs ntrsiondtction sofas ntl ca he ever BPs expaton al loskot policy © Pano compen ae 1, Twohcue uewiton D isthe corect anor siento: 2 Most tron detection sae wil ais in the tein of mathe yom acess but does ot prevent auch ces 1 Whileconl ouding paso expimton and lockout from ile in ates import, two-ctrofbenaton tds echoes wld mos ket reder te of sole ct Campromisod eed, asonord oly bed uetcaon may nt provide aaa ec Wh cots eating perwor complet are impart, mfr abaicaton methods ‘echniqus woul os efeately eee he ak of en of comprised ered 1b, Twesacor authnteaton requires se wea passord in combiadon wih nother [aunt fac hat isnt easly salon or gested by an ata. Types of mo faclr ‘tutbntaton include ectronic ase oka hat show neti passwords on their dipy ot bametric authentication ssn pee “isk Review Qnsdon, Anwar: & pont Maal 125 Een ae a DOMAIN 5-PROTECTIONOF INFORMATION ASSETSOMAN PROTECTION OF INFORMATION ASSETS esas AS. An xgmizaion's IT ditt bs approved te intron of wets oc ara network aes pot i | Conference oe fra ten of conto aces he interme wi lap camper The BEST onl pete pate serves os naorzel wes is tena a ‘AL eoceypon mle onthe aces pit the conference oom ptr so sept viral oa ea new (VLAN), (Cavs Snes apt eel ae cuet on th coat. ease IDs dsl and sng paswordsare set en he corpo server Bis te corect aneve. Susan: ‘AL Enabing encryption god ides to povent utr eto acces, butt is mare iporaat to isle the somltant rom the ret of he orp ewok 1B, Theinstalation ef th wireless twork vce presents risk to the corporate eres om both suthrzed and wauutorzed users. A sparse rel loeal area network the be slain ecu itensres hat bath authorized and unahorzd wes are rented rom gating newark acess database serves, while allowing aterm aces fathered we. ‘Atv spread ach ees we god praccs Bu nl scl s peering ork ‘crews acne cont or te cop seers Frosting the oganation seers tough god passwords i goed pact, bat tin sl neces ‘ojala the network eng wed by he onan Ife cent can ee the 1 he eon they could se password cracking tos aga ote operate machines ASI ThelS sor reviewing an cpaiaton’s human esses (HR) dase inplemenation The 1S sor seoyes tht te dab servers chisieed fo bighaaliiyal defal dash econ Tv ben removed and datos at os are kp and resewed ona weekly bass, What er sen shoul the IS air hk ens that th dtaes re appropri ecu! AL Database winrar resisted fom ase to HR dt, Bante lps ar enero Database sted proces nent 1D. Daas talznton parameters re ppopite. D nthe correct nove. Jasin: ‘A Data admnsrtrs woul uve acess tal tao he sever, bt his no rai et fo ween at terete, hs wold nt be cou 13 Database aut lop orally woald not conn ay nef dat; hee, encrypting te og sles se reid (Ca sord posed coon secu sensve anion suc as eocryping daa, ian be ‘rien! once sted cere: Homever hs eect an ensuing ilition uanetes a core. 1D. When a database opened many ais conigeration options are governed by ination ‘parameters. These parameters a sual governed by le iltort In the cast of Oracle Database Management Ste) which conti many stings. The tem iilintion parametrs adders many “publ” database segs, ncadng authenteston, remote sees) ‘nd ter exea sear areas To elective aut» database implementation, fhe IS aor rst etamin the database ilization parameters. es eer Gero Ane & an Maal iineis} soe DOMAIN 5-PROTECTION OF NFORMATION ASSETS, ‘A ait as oon ke by manson t oie a potently adult tact. The PRIMARY focus ofa 1S suitor wil evan te tatsactn should Be ‘unin inert wie evaluning the esction. ‘rset he ndpeadeace fe IS sun mined. Seas atthe itp ofthe endence mind ‘Sos al evn evidence fo the tasacton Ce the correct answer Jenison: ‘A Alton import Zr a 1S ware impart, his ase ts mecca the idence be reseed 1 Along tis portant fora 1S stro mini indspndensnshis cae is more ea at tbe evidence be preserved C. The Saudi has boen requested a perform an investigation Co captare evidence whieh may Teed for gl purposed thestore maintaining i lntertyof he erence shad be the feremost gosh: Impropery banded computer evidences abject beagle admissible in a court of a 1D. Whilst sho importante aes ll era eins, is more import sini the cain of ‘soy, which conte the inet of vides, Anew busines aplicin as ec designed in lag, complex xptizaion un he snes owner has eesti that he ari eons be views on aaron asi Whi oe Falowang aces onto mets weold be te BEST ntl to acieve dhs eqaremen? Mandstry Roles Dieeonay Sig sign pose ith cores newer, Savini ‘A Anaccess conte sytem basen mando aces contol woud be expensive, nd icut ‘mpl a mains luge complex erizion 1B, Reta acc cont lints cers according ta ob roles and reponse and would be ‘he best method tallow ony authorized wert vin reports ona nede-or basis, (¢.-Disetonary aces come! (DAC) i whee te owner ofthe reso ess who shoul! be secu otha enue, Nost ss coal stems van implementation of DAC. Ts anv s epee nog rhs ee, 1 Singh sig-on sen aot ora tesnology of to manage aceon syst, newos| snd apples Ths aver 8 spe enough oes question A el aes Ame pls Maal in‘DOMAWN 5-PROTECTION OF FORMATION ASSETS. asia Asis Aste — Which of he ftloing is th BEST conto reve hdlition of ae og by untae indium eanzatn? |A. Acton peremao lg Hk should be tracks ina spat Braces to dt lop shold be dsb. Cal selec prema! shold in igh to iw ode wit os 1. chaps fat ops Should be performed period Cis te corzet saver osieton: ‘A Hig tical opis of eat wal ac prevent te xii ils fom big delete 1B Forservesandapbisaton to pent corey, wate aces cao be ted (G_Gramtng aes 0 alg to only system administrators and security administrators woul eee th ety of thee es big deleted regents of ut lge sold not prevent the logs fom being dle ‘company is nylemening» Dyuamic Hot Conigartin rt Give tthe aloming condons ‘x, whch reais GREATEST concem? AL Most poe use laps. 1B Apeke ieing foal ed ©The Pads spaces sale hn te number of Cs DAccessto acta port iat ested, Die the corset Jusinton: ‘A. Dynanic Hust Configuration Protos poids comeniece an aut) tthe lp ser. 1B Theses of few canbe sect meeue a! wl not onal be of cone © Alimited mnber of IP adress canbe aresed hough ntork aes sation by Jncesng he ner oP ase sgn parila abe 1D. Given physica acces to port, anvone can conic othe inereal network Ths won allow Indvidalso connect that were nat authored be onthe corporate netmrk Which of ie flowing ian tite cnet contol tent ht x atahse anni (DBA) complies with ocala ofthe eee’ dt A cepon ports 2B Segregation itis (C_Review af aes og and activites DL. Mansgenen sperson Bis the correct sme. Justia: 'A.- catn ror ae detective cont ued indicate when ative he tase iis (DBA) wee eee with |B. Adequate regain of dates (60D) preventative central that can reset he ates of ‘ie DBA tothose that have Bee authori by the dita omer, SoD can restr whal 4 DBA ‘ano by requiring more than one person to prtat a compl task (C_Reviews fice lp eel tthe avis performed the DEA, Dy Nanugenespevison of DBA ats wa odes whichDBA as we oo and ‘ISA Review Ovens Answer & Explanations Mana 12 Eilon Stet aie ce,Asis ia Ri ergs Aone # otis Mal on some ‘OMAN 5-PROTEETION OF INFORMATION ASSETS An employees ese igloo fame aa gi ands connect itt er work PC to Crvferdigilphtos Ths PRIMARY rk thir ear inoincs stat [A te ot fame surge meta col be wl sta copa at. the ves forthe pot ne ay be nampasble ad cash be wes PC C_theemplnes ay tng iappropriatepvouphs io theo 1. the poo fame coal beech mavae Die the correct ase Stiintion: sr Albugh any storage devise cou aed totldaa te dag cused by alre could be Crepe and sere forte eer, whi the marsh 1 Altogh vce ver ay be crabs crash te wer PC the damage ese hy aware oul wend sees fr th entra. c_ltlough npn coment olden the damage cused by alvare cul be widespread ani seve fr teeters. 1b, Any serage device canbe a vei forInfcting other computers wi malmare There are Several examples where thas been dicovered tha some device ar infected i he factory Aluvng the manufacturing proses and contol should ext prohibit employers rom ennecing any erage media devi thelr ompany-sued PCS. An egtiion discovers th the cop of it Gancial ces een inetd with malware thence aye oper and od The FIST ation take wou bo A. Conte appropiate iw efrement stories begin an nvestpatin. B_Immedil ener thi no albonal dat ate compromised. €Diawomnet the PC om he ewok 1D. Uplate ames intron th pe eae hath lec visi dtc nd ened Cis the correct nave. Stent: ‘Ar Aough contacting nw enforcement ay be eed he is step would be fal data Now by ‘scomaetng the earpuierm he neek 8 Theft apt deme he compte othe nee hs ening tt abn dase ene dh tong pe frescuchagus expe iain sein empoy iks, ‘ever coment, pgs oe ao ey wel brim on the ci c.Themost important tak ito preven ether data empromise and preserve evidenee by dscommet tote network. Oerwie eidence wal be deste by pomsing the PC ‘repaint mate on he BC, larson sled serpy ies, eto connection ‘oman, rors oud ino memory sad ote infretin may blsOMAN S-PROTECTION OF WFERUATION ASSETS @e= ase ‘he 1S andtorissevewing dns fom a pie IS aud hit, Oe fd inlet he mpnzaton was sing emi corimunate sensitive ae sss The manager ints at sors his ig he onpzaton ae plete ii sg al cra sere: Wha she the after spans be Dig sinuses are motte rte oie. Dig sla ae ado otc oie ‘he suo shal ae moe information about he specific imple. ‘TheIS mor shal esmamend implementation of dtl wstering fo sie emai, Als the correct anon Josie ‘A. Digital sipnatores are destned to provide authentication and norepudation fo eal and her ransnisions bat are not adequate for conde. The inplementaion i at te address the prior yeats ding. ‘Digs do ot ener message cots, which ment tht nak who inerceps a ‘mesige can ed the mesge beau the dt ae in plan (© Altoug gating addon infomation satay a good tp before deaving»consasion on & fing, is asthe inetd solutin sel dosnt provide confide. D. Digi watering ied poet nebecal rpety igh fox domes estan © tect onde of al, ‘Weich ofthe flowing ie media woud oid he BEST sc fr a kcommenicton nwo? A. Bonar two git pein B. Baseband network ©. Disp D. Dated ines Dis he errs anew esti ‘A. The secure us of boatundconmanictons sujet to whther he metric with tee ers the tare espe sd he isk a eek epics, 1B Abaceand ewok ome hat is oly shared with may ther nr and egies encryption of ‘alc bt sil may allow some aie anayisty an tke ©. Aap ines ity secre because is ite canteton, bt tito slow tbe conse for mest orm pets toy 1D. Dedeate tines are set apart fra particular wer or ergaizaton,Recose there I sharing oflines or intermediate entry pols the rink of itrepton or ruption feeeommusicatons mesage lamer ‘18 Review Qoeton, Answers & aplanatine Mansa 12 Ein Tike aps ore,asa some _DOMAN 5-PROTECTION OF INFORMATION ASSETS = To ensure tat en organiaton is omplyng with rvcy riementy an 1 adit shoud FIRST review: AL detTinfastucure 1 orisirional pies, sada and procedures C._lpaand gusty rope ._sdbocace to anata paces, santas ant proces Cth correct anor. estieation: [A Toca with quer the IS mer mas fst now st he eget They on vey ne anicton ante Te infact eed be ingleenaon of te 1B Theol ofthe ovgizston ae sujet othe gal reguremets sd shoal be choked fe emptor afer the lel megereens a revived. (G Toeasure that he organization complying with privacy sues, an IS nudtor shoud dress legal and vulatry Ferment Birt To comply with pal and regulatory requirements ‘srpiniratons eed to adopt he appropriate ifastructre. ter understanding the lea and ‘egulatery regurementsan 1S anitor sould east rgaiztonal polices, standars and procures to determine weber they adequately res the privacy requirement bd thea Fevko the sdheence othe specie poles, standards and procedures, 1p, Chests for compe i only ne ster he Sars sed he pices, stands od proces sigaod withthe eal equtenens, |AS22 Anan eseuses company offer wiles net acces ti gusts, afer betting with gene ‘ser ID and password. The gine ID aod pusword are eqested fom the eceton dese Which he {lowing conzels BEST adress th tution? |A. Tre puswon forte wiles eter is haged on woe bis 1A Asaf pectin fel ined Between th pu wzles and company etwas C.Thepuic wiles network ie pinay seeped fom he conpacymetork _Aninrasondtecon ym s doped wit the ides network Cis te correct none Jssieabon ‘Ar Changing te pseword forth wes ewok dou ot sue ans uae acest the ‘cmpay eto, epcily Rea» pes el xin acess othe wees fcl area neo at anytime prior tote woe pssord change nev, 18 ate nepcton Freel wil see ll ack athe wiles eterno he compen ‘sewor:beve, the conziguaton ofthe eval wool ned tobe waited ad Feel ovaries, athoop nly te posse. ‘C._Keoping the irks netrork psclly spare fom Se company network the es way to scat the company ntvork trom intrasion. 1b. Anintuon deco syste wl eet reson bt wl at prevent wound individ fom, sssing tenet {SA Review Qestons, Answer: & Explanations Manel 1 Eton Ey ‘en gheeSeuAN s-PRoTEETION OF FORMATION ASSETS @s= |AS23— Wheneiewing the implemen foal ae ter, 2 1S aie sold FIRST review th A. nde B. scope test report, neon gr Do ual Ch the correct anon. Swinton [A Veriton of sees rm the node it wal fallow the review of th two ingram B. _The even ofthe accepts tes eport woul ll he verfiton of nodes Fos the ode it. C. Toproperyreviewa local area acoork plementation am 18 actor shears very the nevork arate HK or singe pints of alae, The wet list woul be evened afer he sspance et pee AS24 ANTS aulinescovers tht the configuration eng ops ones ae moe rng fr snes wes thin or I developers. Which of he folowing iste BEST sc forthe IS ator ke? A. Deemine wheter is isa poly vision and cues it BDocumest be aberaon aan exception, C. _Recommend ht al pasmoed configuaton sting be deta 1. Reconmenl hat os of developer aso te reviewed praia Ads the correct answer, Jussi ‘A. Ifthe pole documents the purpose and spproval or dierent procedares fen an 1S wxtor nly needs te document observations and fests st whether the procedures ar flloned [B._Thitcondhion woul ate considers an expon f rovedas allowed ecto sppreed pcs C. There ay be vai sons thee wings oe ire thee te ade would at ely recommend changes ef searching company plies ad rocedres. 'D. While reviewing logs my be a god compensa cnt the moe importante of tion ‘ould bet dene ples are being flowed A525 An exaniatone developing new web sel aplcion to process ores fiom tomers. Which of the fellowng sca meus shal be taken rte thi api om bake? ‘A. Base hat por and 43 ae oko the eval, Besos ile and aces permis cal servers oer hal files Bae ret-aly ses. C._Peroem web aplication scanty review Mate sara ony he Paes of eising csi ae lowed hoa firewal ‘Chath correct anon, este: [Ar Por 80 muse open fra wb pseatono wi and por 8 for Seoued yperet “Traimioe Pratl operat ._Fercasomer tds tobe ced some data mst be sve th serve No casomec odes ould ‘aceon a eaten seve C.Perfrming web application security review is «necessary llr that would uncover security ‘uleraiies that coud be expe by backers. 1 Resting IP dieses mig be appre frome pes cf wb applets tis nate best soto ees anew cute etl ot place a oder nl th Heal ls wee eae low the etme compet, aa ‘ISA Review Questions Answers & Explains Maral 1 Fain AEN tig ore-AS26 Which ote flowing ypes of penetration iss snus a el tack ris sd tof inden aning tnd reponse of te tage? AL Blndwstag 1B Tigo esting Caled sing Do Eater esting a te orroct anne usin ae Bln testing is slo loo a ack box testing, This fest atest here th entation exer is ot ‘hen any infrtion andi fel ely on pb avaliable ifeetion This es sts 3 ak ‘Sek ete or the argt xaacaton ave fe es bing ont 18, Targeted ing sn Known wt Bx tevting, Ti efes io et where th eneraton eer {sproidd wh information nde ue organ eal ee of he testing cies. Tn ome ‘Sac teeter als proved with a mea preg cout tobe wel 8 Suing Pot. {€. Double-blind esting ao known as remove esting. Tis fers atest where the penetration tester no given any atrmaton and the age rgantation iso given any Imarningboth parts rend” the st This the best snare for testing espns ‘api eeaue the arge wil react a the attck mere rea. 1p. Enema esting refer fos tet wre a ctrl pertain esterases acs othe ets ‘eto pret foots he ret eto (pa fom ts ner) [ASI Ancrtiinon hus reiesed ht a IS stor provide a recommendation tenance he secur and ‘ea of ts Veiner Interet Frscl (VoIP) stem and ta ae, Which of te flowing wold tet ioe? |A. YelPinfaseacte ns tobe sgrepted ang vil al aes ewer 1B Buffers nado nodal ath VP eo C, Enae iat end--end encryption nbd inte VP sym, ', nau tht negeny bal pve lal oral prs of th VIPs Ate the correct anener Jovian 1 Seaopating the Vak-ovr Internet Protocol (Vo) tale us vireo area netmorks (VLAN) would best protest the VoIP nstractre fom metork-bsed attacks, poten ‘avesdroplng tnd etwork ries (veh would bp to ensare uptime) 1, Thea felt bf VP end metind oa cl qual. uy met (C._Encypin used when Vl lw he nee (the eal LAN) fo emsport bce the ‘Sout tht he pil scary of the bad as wel se tere ich and VLAN faery deg 1b, Thecesion of te neve andthe proper implementation of VLANs ar moe eal han esing hal Svcs ae preted hy emery owe ‘isa Revi Gots Atenas & Explains Mana 12° Eon a esta DOMAW S-PROTEETION OF INFORMATION ASSETS ‘Stone‘DOMAIN S-PROTECTION OF INFORMATION ASSETS merece = ase using oie of isin detection lop, nS audio ntces ali coming rome Ite wich yeas ergat from te isenal Paes ofthe company payel srver Which fhe along ‘sou acs Would MOST ily cue nye al? AL Adenisotservic stack 1B Sposting Catering B, ‘Amante mle tack Bis he correct answer usta AA denikofservieaackis designed tint th ae ofa resource an i chute by ‘high mabe of eqs that regu epee rom the rsoure (sal we Ste), The get Spends so many esouces sponding othe tack eget tei requester ert ‘have stacks ae mos commonly lato act of cpanel coe tn) a may nove atc fom multiple computer a once Spoofing form of impersontin whee ove compute ti a take on the ent of snot ‘omputer. When an attack originates fram the external network but ues at iatrel wetnork ‘nize, the ater sos Uke) eying hype real an other network secur ‘tel by impersonating (or spoutng) the parol servers nteral network adres By Impersonating the payroll server, te attacker may be able acces sesh ineral eources (C.Porseuing i esonisanc hiqu thas designed to aber inferrti bor a get ‘wfie amore ative anak, Port semnng might eased to determine he infer es the tl sever bt would ns normaly rae lp eat ated etal lie om an inter lever divs. 1D. Armamin de mile stacks form of see evecoping where th ache iret ‘ompteaedcoeveaton escent pars a thn allows he ements conn by "eying teapot data abt part, whlesmtaneonly octaing me dt sing Through he tackers condi. This ype of stack woud ot eter as an acing Hom he pyro sees, bet ine might be designed to jek an muthoized common between 3 vrtason and th yl sever. ‘IA Review Gostons,AnowersEEplnaos Meal 72> Eon Hen A ere,@s= OMAN S-PROTECTION OF AFORMATION ASSETS ase [An IS aur freviewing an xpi infomation secu poi, which ois enti of {data plceon uve srl bus (USB) dives. The policy lio egies tat» pci nerpton ew te wed Whch ofthe felling slits weld vide gente asrance ta ta placed (on USH desis rote om autor disse? [AL Data Eoryption Saint BR Nessigediges 5 .Adwaocd Encryption Stn D._ Secure Sell ‘Cathe coz answer Sian: ‘A Dua Enron Standard (DES) suscep to rate force tacks an ss been broken pubs, thereon dos no pode aan at da encrysed sing DES wil eros fom ‘ued ior 1 Message digest 5 (MD) ian alot sed generate neva Bas of a (ned ent a) etd ely ata tg MDS dees ct ney dts ut pus asthe @ Phere proces that cmt he revered. As sit MDS cul tbe wed ese too ‘river! seal bus (USE) de ‘©. Advanced Encryption Standard (AES) proves the strongest encryptono al of he holes {cd and wold provide the preset asvorance that date ae protected, Recovering data encrypted ith AES fs consered computationally fofeasible and yo AES the best choie for neryping sive data 1. Sheu bl St is iol at ied Wosbee coy command sel sean ‘Sal for ea lg, Ang SS ence is aera ag ese, Hen eN (Bast ting aso USE dives Aa rl, SSH se pres hs eto _Dasing an Sant fa lbs raat the 1S aur coves tha he nance Voice over Tate Pool ove the litera the sole means of voce competi among alloices Whish of be fetowing presets the MOST sfc isk forthe rganzati's VOIP instrstite? Nerwoi esuprent ue Disb dena of verve stack Premera ead ol od) Sos ngnecrng tack poe Bis the coret answer. Jestifeation: hens of Visor nent Preto des ot inode any ge isk wit resect toegspment fag and eddy can be ud ade network Tae 1B Adistabuteddeniabatserice(DDeS) attack mould potently sap he organization's {hilt ocommunicate song offices and have the highest Impact. nx radon wee hetno'k, «DDS tack mond only affect the data netyork, nt vie communzations (¢. _Tal'd ocurs when sms compromises the hone sae md makes uehrized ong ise lle, Whe fl may cat the basins money the mae severe ik woul eth lrupin of servi. 1b. Sovlengiceing, which oles going eesv nfrmatos ouch sn ata, a be curs ve an ido ele i es oe a 7 on aDOMAINS-PROTEETION OF NFORHATION ASSETS sm ASSI_—Whichoftte fobuing is the MOST eave conta! orig sono unauorted nts iia sm ongaization? |A.Ronting oth Internet fibro cantly pony sree ‘RL Rong inbound leet lic tough eee poy ever C.Inpleeig sew with spp ces ais Deploying see oftware ie a oc nppepis one usiteations A Acones-fering proxy server wlellectvly moni aser aces to Internet tes and Boek ‘ces to mauthrined we te. When cies web browsar mais areqes to an lr Sit, thse equest ae outbound fom he corp etek A reves pry Serer wl all secie rte comet fo copa ey ot coal employee Web aes +€. fea exits to Wack unatored hoon od outbound serwk ts, Some ews can be ‘ed Bock rallow acest cern sts, th er reveal sent are many pes of Fels nd sno the Deano 1D. Winlecent softer oles doers to Hock inaoroprte cue, esting nd mining sional satvate on lage aur of Csi es elce an eoning heer fm Single, xan’ proxy sre, AS32—Anintmal adit fictions revewing ante develope common ate ince gf a we application. Te 1 aor Sizes ht he ep as neve an tested by he ait eon Simeon, Which ofthe following pes isk iof GREATEST concen? A. System uobiy BL Eepomeonalaue C.Unmtrsed acess De System inegnty at caret anoer, osieton: [AD Wile untested cormon gto intfices (Cs can sete ener web apliton tobe coronisd th int Hl oma he sytem anne her es, Untesed CG scp do ot iabeee ead malar egosues C,Untested CGtsean have security melee ha alow unauthorized acess opiate systems ecse Cs are types excaled on pally ashe Interne server 1. While une COrs xn cass he eraser web appt be compromie this st ily to Snicanly amputees ‘ISA Review Question, Anorrs & Explanations Manal 1 Eon TSA Aasst so" ‘onan PROTECTION OF MFORMATION ASSETS |AnIS anions ondutng osinglemontion evi of neers tok, Whisk of the flowing Snags woud be of MOST coer A. Wieles mobile devices not as pss ‘BL _Defas psshads re ot changed when istaling newark doves Antoun! web pox dvs wt est 1. Allcommuniaron ink do nat as ene. is the cores newer ocean ee nb devices hate ot pasword woul be esi woud tbe significa sussecued network devices. 'B, Themntsglcant rk his ase wold bef the factory deat passwords arent changed merited network equipment. Ths coal allow anyone to change the configurations of etworkeqlpmen (¢,Theuns ftw proxy isa go racic bt may not be oud depending on enterpis. Encryption isa god ena or dt scuny bt ot appropri owe forall xamunicaion inks et om und complet An dtr reseing satay omen ora ew cut busedacoming serie provi Wich of {flown courses te MOST supra wh ep te peyote cg dat? [A Dats retention hac and scenery BB Rotor desmusion fermion C_Newoe nd ison deecton DL Aptch management oes esieaton: [A Dat tenon, backyp an reaver re ingot cons; homes, do ot urate dts piney 18, When reviewing third-party presen, the most portant consideration wih regard tthe Ditay of te daa te elatseconeralng the returr or scare dstection a nfermaton a {he end ofthe conte. (Cewek and son dtsson ae spl wher scaring he a, but on tsi, they no urate data pracy sored ti pary provi. 1. patch sanageret poses ep sexe serves and may poi nar lsu of ts ower itdos eat th pay ofthe at. eke aig More # onto Maal iin =DOWAD5~PROTECTION OF FORMATION ASSETS: seen ‘ASS. Wiic ofthe following isthe MOST efetive cot when emi emp ses to eso? ‘eo acess conesponds to the serie eel greene ‘ser accursed wth expan dats dae ted on series vie Administ aces pod fr a ited pond User IDs re decd when he woe competed epee Bis he correct none Suit AU The sevice ee ascement may ae proviso or piding cs bi isis ot cout would mee dfine he need oases, B. The mast elective cont sto ensure thatthe granting of porary aces bated on services {0 be provided and that there an expiration date antomaed ibe) sociated with ach ‘niga TD, The we ofan identity management system enforces temporary acces fr users, at these tn ensuring proper aceuntng ote (Venda may ree admis cor fort nto ped dating he tine of see Howeve it ‘simon oes thatthe eel faces ranted we scot a lest pee lt acess “using ths ped it montored| Deleting ts se IDs ater the woe i completed is necessary, bat if ot automated he deliion ‘ul be veooked. Theses sould only be rated tthe evel f woe eid ‘AS36 Dung opel ces conta oie, an IS mitorobeve tha wer acon shed, The (GREATEST sk esting fm the natin see ‘A. amnutoied wer may use he 1D to gain aces er cies manger tie onsang (C,_purerd ar enly puso, . wer econ my not bests Dis the correct answer, eit 'A\- The lity uation ses to ws shard ID ime ly than ofan indivi IP bt he mse of another pase’ ID lays ke. ‘sig sre IDs sold nt pose an nese isk det wrk fot sed fr manging ccs, ‘Shad use IDs ot cesar hae easly gues usw ‘The use ofa user MD by more tan one india prec knowing mh fc sed that ID to acces stm; therefor, tr impose feb anyone acerntble En ‘ISA Revlon Queens, Answer & Explanations Nana 12 aio TSAO tie eee ASST. AnTS nator sessing bameric tem usd fo pot phys es toad eter coming ‘Palate tn Which ofthe flowing observations the GREATEST concer tothe ut |A. Anissetiv sos oe omer eamner othe aces cool ste sper ver ‘eal prt neon, Biome aesnee re otal a esti aes. CDs tasted beeen te bemetc emoes and tc acess cna stn do ot we ely nc nme 1D. Bate ste dk anes wast conducted thee ys 9, ‘Chath cornet answer. Sstiiation: A Gena, viral pit etc store proriétasecure melo dat remote dsison anton be permed. This a cone 'B. Biometnc wana au est exe nected esto preven tampering bt veo sels i {naeceate mitigating cote, The poses conser ck o «secre encrypted tunel ete the sumer ah aces contd system, C._ Data transted etme the bometriecanaers an the aces contol sytem hoa se 3 curly eneryped tunel o protec the coniently ofthe biometric dats, 1D. The biome isk sais sos be epee pray, but an aay pefraud threye agp is ot ecenaly wane foc concer ASS When aig a role bued ass onto stan, the 1S autor ntl at sre IT sent employees Inve stem alia loge on some server hic lows them to myo ete asscon Togs Which wold ete BEST resonant he 18 ator Snel! make? A. Ene that hse enloers ae ae supervise 1B Eto that backs of he ensichon os ar eine .Inplenet cool nde the cares. 1D. Wine anscins ose to Write Once aud Rend May des is e correct answer. use nton 1A TT secuiy employees cana be speed teal see us the sipevise Were © ‘oir etch eyarke eee ona works, whch sob ot esi pin. 1 Renining bch fhe anscton lng oes no event the Fes naz iestion aie ac. cc. Thee ies hemes the main evince tat so vauharzeé ange was made, whichis 2 safest destin to, rts the lo es fom modi euirespevesve eels Such ely wrt gs 1. Allowing secrity employee acces traction lop fen unavoidable becase having ‘gstem aiintrater piles is eqird fo them odo ther ob. The bes cone in his hg, avid unauthorized modiitins of transaction lg, isto writ the transaction lps 0 ‘WORD drive mecia in real ne, es important note hat sipybaeKag up the ramaction Togs o tapes nt adeqate Beane dats oul be edie prior (piel sgh) the daly ‘bck job eceutan ‘3 Revlon GuotnsAnewers& Explanation Manel 12° Eton Es sso DOMAIN S-PROTECTION OF INFORMATION ASSETS, gmt‘DOMAN 5-PROTECTION OF NFORMATION ASSETS se ‘using an Salto hank, the 1 user ascites propery manages af member scent th porting system, The 1S air snd detrane whet te epi era AL padi reve of wer ati fs. 1B Serfeain of ser abortion tt eld le (C.-review of da corals aces acti ls, 1. pte eviow of banging dat es. Ate the cores newer, osieton: [A Gena operating system acs cota fasion clade gn erat vets Reviewing thse lps may identify ser performing ati at should at ae ben permed. Veet of wer thon a he idea thane pean ee cess ont enon and aot applcabe wan oping sem, Revi fd ommniatin aces neti lgs ia network coml festa, '.Peticreview of hanging data es sree achange coal proces ARIS audio perfrnsing sm sit of he nowy natal Voice nant Patol ye wa inspecting the wig cleats on each aro bung. What woul be he GREATEST cose? ‘he cal res ntmak (LAN) ices ao cooected o iterple one spyis Nerwk cabling i sorganzed and nt pope labeled The cleo sing the sane ete wel for LAN comestons ‘The wiry elo lo coms pow ines nd bese patel pore A eth correct nae, Instat ‘A> Woke Inert Protacl (VIP) telephone tens we standard network ching and ical each {epone pet pore oer he meter eb gover nr Fer) rum the wing clone whee the ‘teork ri inal he laren eter eth dnt ae bac pom the pons ‘ise perf there va wy nterupon ad potentiate ae oma merge als, |B. Whieinpopercbing can reste eb sue, the more eats ints ase Would be the lk of poet poten (C._Amalvntage of WP tapos ystems hte thes ae types deen network ‘othe adard PC ever commons. Therefor his wold ot bea omer. ,Aslngasth poner antcloseqapten ue Sept is wouldnt hea sige ie ey ‘ISA Review Ontos, Anowers&Explnats Manoa 2 Eon Tach ip eve@s= OMAN S-PROTECTION OF MFORMATIN ASSETS ASAI Woon evewing noraizaton’s lop aces secur to item ystems wich of he lng ‘ruil bof GREATEST crecem oan auto? AL Pasvonds ae sar BL Unenyptd puswordsaze wel . Redonda open Ts 2 1D. Thingy ers poses aniserr acces is the correct anaver osiatin: ‘AT soon shuld nt be share but hisses import thn ening tat the pasword ies 18, Whe ealatiog the technical aspets of oles sevurin, unencrypted pasword repre ‘he greatest ra becanae fos Be asemed that remote acess would be vera antrested network where pasword cou be severed. ‘Checking fr the onan gon ID esa ut es important han essing tate passwords re nar ts 1p. Thee may te buses eects ach sth me fens tht ees hem four ster ects, is ay ot be ence. [A542 Duta an1S risk sessment of eh cae rpanioton earn rotted eat carnation (Gian S sir ierews IS nage Which ofthe fling Heng fo tbe interviews wold ‘of MOST since io he 1S suis? A. Thecrgtition does ot nr ofits ongoing eal messages Saif hve ope [PHI in bj ie of ema messages tobe exe. An iatvidualy compute sren ster fton is ble. 1B Sever configuration eer he bert change he pasword arma, Bie the correct aner Jucienon ‘Ar espinal ugg eis exensive a i ot common sins pate. 1B Ther il aay be hummerrr rik at taf member forget type certain meds nthe abet {elt The organo hold ve atomated encrypting se per ung eal fr empapes ‘erkng with potted ah car norman (PH te preet sense nero. ‘c._Dintling the rec ser fan tess the ink hat ses data canbe exposed to tes tnploees: however te nk seta pa expring he dato urate duals onside tteornindon 1. Wile changing th evar ani concer, the kis os gen exposng he ata 1 riz vidal oui be eget “ISA Review Quota Anca & Exlatlans Manual 72 aon = ‘ch amon homeoNAN S-PROTEENON OF MFORMATION ASSETS e i q ASB Which ote following he repost of nfemation ae ose? ‘A. tla finn sec witin aplnaies BAssgamer otal levels to dat (CIplementos of secre rues tt nd ogra ‘Provision af piel and gil acum for te Bis the erect answer usta ‘AP Inplemenionoinfrtion sur wihin a plication the esponsbity of e ta casos based ca he quiets ey the ats owner. 'B,Itisthe epost o owners to defn the eels (and ses) kel oflaormaton ast (C._Implemenition of acess ues i spas of dat cuss sed o he gue st by shedats owner 1. Prise of physical nog cant ford isthe esponstiy of h sxuny aniston, ASA AnIS autor evening «weve og dsr tht an employee ra lated commands onthe PC by loving he a scheduler lunch esr aplictons, This ean example what pe of tack? A. Ace onlin 3. Apriviepe eeiston CAtutferovetin DL Anlnpesonation is he orroctanoner, Justia [A Arnce conition exit inate ining of wo eens pan tin ht cams oe ent fo happea ster han expected The nso pon rot an example of aa coon expo 1B. Aprvtege exalt rate of aac whete higher-level system authority obtsined by varios methods. This example the ak schedaler tric rune with administrator permissions, and security aw allows programs launched by the sehedlerto ram atthe same Dermision eve (C.Buiter oveows ule pplicatons of acts Hat ae advantage ofa eet in te 8 pplication a em ues mama By veeaing the memoy sarge mechanism the ssem wil erm sc wnerpected we The sear pve ao anal of bullet neon el 1, Impeseoatin atacks naive an enor ate ection fs riled er The cea ens netaneample of ts xl. ‘ISA Review vests Ans & planar Manual 12 Eaton Te pre@s= Mh PROTECTION OF HFORAT ASSETS ass ‘AnIS ators reviewing a organization ensue tht evidence eat toa dn beach cases preserve ‘Which ofthe ellowing coer woud of MOST concer ote 5 autor? A Endusee ar ot nae oii eporting procedures 3 Lagserer ae atom epee mh (Case are not prone consise DL. Thee chin of easy pote, Dithe correct answer ution 1d ser shuld be ade ana of nies poring posers, Dut this iso ely fet dat ‘egy eed the reach. Te 1S tr woud Re more conse the razon’ policy cst nd evi fo proper evidence handing, 1 Ting og serves sped ca a separ enock night ea god ies cose ering te inet ofp server tar imporm However iis more eco ena: th then of extady patieyinplace Wile ont having valid Backups would be a cacen, the me nortan corcem wo be ask of hin of sty ali Daa breach eidnce is act eal eeved fo: backs 1. Onan should havea psy in place hat tres empoees flow eran procedres wen fleng even Ua nay be nd in sco ofla. Chin festa noes deamentation of Tn dial evidence aequred pce hand stored and protected and who handled the ‘idence ad hy. thre poy in lacey Gat employees wl ease that the chan ‘ofc dara uy data breach vestigation ‘Ac IS ans evioig asst ono for a manaitring rganzton. Dag se eve th 1S foe dceves ht dats owners ae the ail change acess eons fr alow-sk appa, The [BEST couse of ation forthe 1 aur esomen tht mandatory aes contol be inpementel ‘spr die dingo appr management {ep othe a cues determine whether tt an exception ot epr this ecane soon access omar in late pore isthe coeet ans. estieaton: “A Recommending mandsory acs onto isnt cont bras itis mre apport fords owners te hvederetnmary acon contls (DAC) in alo isk aplcuon. These of DAC may ot ean excep wail cafrne, sould notte pried anise (C_Wiilean Sauter uy cast wih ita owners eng wer his sce lowed arma, {he autor bald mat ly onthe suds to determine wate tis a ete 1D._DACallons data owners ta modify atc, leh sa normal procedure ands x characteristic otDAC, “isk Rover Gvestons, Aware & Explanations Mana! 12° Eon ‘iien meganeDOMAIN PROTECTION OF NFORMATION ASSETS @s= ASAT lesrmgetc nisin om a emia erst ari case hey ‘A. could damage resem storage mia 3. candisupeprocesce fins C._Guld ne aver lh effets on pou, D Ganbe decid and gaye Ds te creer anne Stent: AC” Wea srong ment field can cnse ceri sorage mai, normaly minal ae dexiened to at se emsions thts, hs no noraly ener 'Eletomugnt miso should nt ane dp of en proce unis. (Mos eetromapatic sions are lee and do a pose spi bat ik 1. Emisons can be detected by sophisticated equipment ed daplaye, thos ing wetharzed persons ccs to data, TEMPEST eater fering tthe ivesgton sd stady af ‘impromising eanatos of unintentional ntelgenes bearing signa tat, intercepted and ‘naz, may reveal hl content ASB Secs adinrationpocoires ei rekon se A. oss cont ales Beary lp ile gene ops. Do wer pete Bi the corres anew. Justia: "A. Secuny ministration proces mie wee scent ase col tes to mana and vps the pens cconlng to authored business eqienee, BL Security adnan procedures require readonly acest seus op es to ensure that once generate, the logs are wot ode. Laps provide eden nd rack epilons Aeanections and seen (C._Logaingapins ore wit acceso allow th dant ope way he tanston and er actives ue mostra cape Bere, proces and ep , The sscantyadmista ifn reponse for wes os angi We, roils and seins Ths requires he adminis hae eth ool ects. Evy ‘ISA Review Groton, Answers &Exanatons Maal 12> Eon@s= rouse muons ASAP Wilh te el of eon offs, ann ase to dati the espns of A. dis omen. 8 progamnes Caton aa D tomsane A the correct ase sian [A Data evnesar response forthe acs loan we of dt Wien autoriation for wes op ines to cputerizedinfrmaton should be roi ye dat ners Sear administration ‘nite owner? approvals up acess rls pig whi wes or group of wersare brie o acct dats or lea th ft of autre acs eg, Yeo wpa). 18 Progen wil devel he sce coatl sofware hat wl ene the was a wes can acess he dapat read, delet) the programmers dont hve emesis deterinng who pt aces 1 at ‘C._Sstns anil wrk withthe mmr and pores odin aces cox according tthe sales ety th coe 1 Thelianins enforce he ces coma procedures they fave be given bur do ot determin who setsacess. ASH The FIRST sind casfeaton A. estab omerstip perform nda ams, Cain soe les Di eres de disomy. Ais the eorrectansner, “seat: 1A Data claseaton is ecessry to define aces rules based on x neo and oe hnom | basis Theda anmer i respensibl for defining he acess als therefore, establishing ‘ownership he rst sep ata ase. ‘8 Asia nays reed deters the apeeprte vl ofrotestion of a, scene fhe dtaclasfaton (c._Accss bs ar st up dependent cn the dita csifition. Lape fra data tony x ppd rom the sul f the dt clasifinton proces ‘TEA von Qustan,Anewers & xplanatins Manuel 12 aon 361 ‘sch attenDONAIN S-PROTEETION OF NFORATION ASSETS @s= -AS-S1_—_Durng review oa bieatie ste peat, a 1 autor hull FIRST ee the spe of A. caine 8 ication, © wsifiton |S The wersobiomere device mas frst be eral Ith deve 1B Thedevie cats psi or behavior nape of he bam, nies te uigu ee nd tesa lpn o cone them ito 2 sting of mbes toed as tempat to he we is the sung oss C.user apn oases wil be venified agate red seal va, 1D. Thebes soe sets perl infomation, ihe storage mabe eee |ASS2 A bhi conld tin pussmonts wit the wef compe te ce prog thngh he thio A. sca enginsing Bates. Cokie Di. Tojn hares As hc correc ane. Jostieaton: ‘A Seca engineering based on te daenc of piste inermaton trough datas Interview, ngs, ee in whieh a ser may be nied reardg thee or someone e's peso dats 1. Ase is compte too to moni tei ia ete. (C.Bhk doo compete: programs le by hekes te expo vubebltes, .Tojn hoses are compte provams tht tnd splat re pga hs, hefty the pop sot ethos nw aso in ni AES The selaliy ofan apiaion syste’ aut eal may be quent if A. wer De ace econ in he it ei Be scuny amino ha realy ight he ui Cte and ene tame te ceded when 2 een oom 1D. erecan ama st to ene when comeing em eros Die he cores nee. Sito ‘A A suit a at record th ei the pean or roses imaved inthe ganda to tbl cout. B, Resting he admins ex-nlyaces wil ott hau ie fom ation, (Cate apdtime sump shold be ered he os esl th resort acelin of ‘eens online systems D, Anal al isnot ffecive fhe eta can be mended En ‘1S Rel Questions, Anse &Explradbne Maral 1 Faltion "Sn a[ASS Wale conting an ud, an1S audio detest th presence is, What shold eth 1S auditor's NEXT sept [AL Observe she esonse mechan. 1B, Clearthe vin om the etock Caf appre penn eas Ena dln of he is Ci the correct nse. Josiain Observing he respons scan shouldbe ope fer inning appropriate pesca! This il pale oS auditor examine the acl Souabity and efenenss of he response syste. 1B, ThelS uteri oir storied nr capa s most eases of aor tke is fom he awa ‘C._Thetivet hing an 1S auditor should do afer Stecting the virus sto les he rgaization ts presence then walt or thi response. 1p. nano shouldnt ake change tothe sytem being anied; ensuing the dlton fhe vis ‘emma respon ASSS The mplonottion of acess ental FIRST regu: A. selasificaon ofS resoures 1B helaeling ofS sources {thereon ef acces oar ist Dian venoy ofS resoces isthe corset anew. Iastifeation: the Fis se in impleneting acess coool ie am etry of 1 resources, which the bass foelasicston, 1, _Latlng eect canot be done wth first dterniing te resources’ sasiitions (C.Theases contol it woud be Sane witht 2 mesingflcasiestion of sours, 'D. Theft step in implanting aces contol an inventory oI resarces, which she Basis for establishing ommeshp ad dasieation. |ASS6 Which ofthe following i an example fhe fee in-phase? ‘Ac Using two firenls to comecuely check the incoming wetork afc Using fel a wel lope sss cou onthe hosts to cout insoingaetwok alc (C. Lack sil sigs on he use of compat: ener bln Using ireals pall chick eet pes fico ai is the correct answe, Jsetcaon: se Cieot tw Feels wouldnt ereset am fftv dens n-eth ety Decne the sme tek cold cms oh dots Ry ings let reds he bai of bath rout avin he sume rues eine. 1, Defense in-depth means sng dierent security mechanisms that back each ter up, When intwork tea ae he reall nintensonly, the kepeal acess contol frm second Kine stdeense c._ Hvns no pia slgnson he ouside of eompuer cent engi singe eeusty esse [enon as sect by obs. 1, Uangtvo fal pall cack ere types of zag ai vies ney bats oy singe scary eae and ote en fe hn bg geval chk al tai {iA Revi Gusta, Anewers & Explanations Maal 12> Eon so DOMAIN S-PROTECTION OF INFORMATION ASSETS ‘seamen‘DOMAIN 5~PROTECTION OF INFORMATION ASSETS =< asst Asse ‘Which of flowing woul be the BEST asses contal proce? ‘A. Theda ome foal mibrnacces sagan imple te wera abs BB Autienzd staf impeneas be werautbernsion bles ante dts ones apes em (C.The da ovo anda 1S manoger nce snd wpe the wer eahoreatn les DL The towne enews te ue short ite. ai Justin: ‘A. “The data anne hols the prvege nd responsibilty for formally exabshng the aes gs An I administrator should then implemert or update wat suthorzaton table at the deci ofthe owner 1B Thc ner ses theres end contin for aces, ts esto abtain approval efor inpleseting betas "he iowa may cons withthe S manage to st out ces cota res, at te esponsbily for ppopi acess rere wi he data ove The IT Serene Smad et up te acese steal erat ke dretn of he ono 1D. Theda owns wald nt ually manaae wp tthe athriin bes ‘Which fhe flloving would MOST eect ede social eying nine? AL Secu awareness ing 2B. Inresed phys! seery meses CE monn poly DL inrasindetestion sytem AW the correct answer, uation: |AD Seca empncering xpis human ate and weakness sain information and acess ‘rvleges By Increasing employee awareness f security att, pole rece the ‘numberof stecesfl socal enginering incident. B. _Inmost cases soil eninenas ident dont equi the pial pienso the inte, “Therefore imrese physical eur measures woul a vet he det, Anema imnitorng sti infrms test lem nthe egaiaion rue nteing it de ot rote the wes rm pte cary nls a aes, Iran destin sates ar edt detotimeulr sora afc patoms ‘ISA Review Ques Answer Explanations Maral 7 Eon TSA tiger tee@s= onan PROTECTION OF FERMATION ASSETS Asse |Aninfrmation sc oly sting at “he spay of passes ns be masked oe upped” ‘Misses wtih ofthe flowing tack mets A. Papybuciog B Dumpster ine Shoal suing D.Inpersnaton (Cee cost sve, Seino: se pinttakig eis to unuoriza pros flo, cer lyially or vial, tori [enor escted wes, Making he gla of pstrds Wouldnt prevent someone rn falgntng opted perso. 1 Ths ply only ees "ie day of senor” =o dupe ving looking though a8 “peor fo vale norton ¢,Wapasorordndiplyed on a monitor, any person or camera nearby con lok over the ‘Shoulder fhe we ean the passe 'D._Inpercetin fees to someme cng teh rove nan ate retee desired information “Toes compliance with scanty aliyreuing Hat passwort be a combiatin of ters and ‘ner nS ste sold consent AL tecompaty oti te camp 1B pasword ae peo changed {© tnawomatl psrrrd magento be wt secant anes ting delve Cts the correct nse. “isin: the ply appa dos tei cng, Canin the oy would noes cen, 2B Having a sguremen fo penal lange passwors is ood pace aa shouldbe nthe passmd pis (c Theaseofan automated password managenat toa preventive control measure, The Sottnare mould preven epton (ema) and mould enforce tact rls, thos msking Ie pssnerdsrobst Ht wold alte provide a method for ensring frequent changes anf wold preven the same ser from easing hive ld pasword for a gate pri of ine 1b. Sesuity aves ining would nt nfl compliance. — ‘isk Review oars Answer Explanations Mani 12 Eden ‘Sch peta.DOMAIN S-PROTECTION OF FORMATION ASSETS: = asst ase ‘he 8 air eviewing pil ighs mampemen apis shoul expt find an eens se for ‘wich fhe towing tcnolgie? ‘AL Digitized ina Be Hashing Panne D.Sepingrcy Dis the correct atone Sstiieatan ‘A. Digitz signs are the caso ite eth ae git sai) and ot ated ‘0 Ggil is management. 5, Hasiog creates a mesage hah rigs, wich is sed tensa the nest of temp; tis ‘sly conic pat of ening (©. Paring isthe proces fring up centanous sumo chasers for ancl proses is dey sap inthe dein of progremminglapuger xin ite eing Stganngraphy a tchnque for concealing the existence of mesageso information thin another message, An neesighy important steganapaphia che dal ‘atermarking, which hes data with dat (eg by encoding ight information ea petare or ‘se le withoat altering the petre or muss prceabl estate quale). ‘hematin security poy hat sates "ech nv at have hse ge read every cote oo adeses which te ilowing aac tho? A. Pigytucking 1 Shower stig © Dumpster dig D._Inpersimation As the correct toner Sustain ‘A. Plagbacking refers to unauthorized person following authorized person ther physlly ‘oc virtual into restricted aren. Tipe dese tne polite behavior problem of bla oor pen for astranger. Iver employee mut have tht ade read at every conta oor nv unauthorized person could er the seniie aed Shoulder sting flokig over he shoulder fs ern view sent iafomation ona see de) wold net be reset byte implementation of th poy. © amps: ving, looking gh an crgsiatin rash fe vale nation could be done side the copay’ phys pimeter, theives pay woul ot ade i atk od 1. _Inpascention refs toa sail eprer acing a enplyes fying fo tee Jered nformton Some fens of sci engineig tacks coud an tmpensamton ack nd egybackng, bt his infomnaon sear poy dos no aes the tmpewonaton stack 2 evi esto, Awe patina EinCs DOMAIN S-PROTECTION OF INFORMATION ASSETS. [ASE Which ft filling presents an inher! sk with 0 distin ieafiae preven const A. Peaybaskng BR Vinses © Dating DL Cau application shatdoen (Che the core ane stein: ‘A Petybacking i teat of flowing an aor prion trough secre doar and canbe evened byte we of Sade doe, Lope aybcking iam tempt pin sees rough econ ws bs the rights (eg slectonilly aching oa autbiand ecomntin hk ‘pos cept unssin) Th could be revel by enc the esse 18 Nines ar mlciou program code sedi anther excuale code ht um el eplate {seed fam some computer a saing of amputee dik, rane af lpi oet {election les det conta wi on etd machi Arvin stwar can be used 9 test te cmp asin tes, ging dts befor they are entered iat the computer Its one of tiemst common abuses beans i requtes limited ocneal knowedge and oeurs before Cemputer eur can protect fe data There ae only compensating contra or data dling, 1, Thetatowa of en pplication an be ined hough minal or miecomputes come rely (olin) inde ln) th competer Only nds knows he ihe {ign ID and password an nn te stow proces, wc i effeive ifthe ae proper sees coo ASG The MOST ingot direc betnen sing sc enc that ashing A rien 1B caput she sae length 5th ria message. (C. etacrned wih een and een. ithe sae te Sadieg and esi ead Nis he creet ane “ition: 1A Hashing works one way—by apg hashing algeriti oa message a message ashiges ‘terete Ifthe ane hashing arti applied t he message digest, wil notes ‘he orignal message: Av such, bahing irreversible, while encryption i reversible. Th 8 the tase diferene betmeen hashing and encryption Hashing erent ied ent up hat uly miler than the cri ssp, ad enero rene ouput at aly he sie length the egal mesg Hashing used verify the inert ofthe mesg and oes et ess eu. The same hashing let swt athe ing nd rosin ent genet and ver he mesg busiest. 1 Encryption may diferent ks ra verse process tthe sting and resvng eso crypt ‘ad dzone “TEA Review Gvsions Aneworsl Explanations Manl Fallon ——SSSCSCS~*~*~«S ‘Sc panneOMAN 5-PROTECTION OF MFORMATION ASSETS Qa Ase ‘Which of te towing rptogcphy oon would inreave overheiot The sneyptonis metic rate tansy ‘Tong asymmetric encryption hey ind “The ah crypt er tha the ese, A seoetay aed poe> “seat ‘A. Anasymmetic algorithm requis moe processing ine has symtoms 'B. Computer procesing tne I incresed for longer astmmericenrypton ke and the nerease ‘nay e proportionate. Fr example one benchmark shoved the! dealing the neh oa RSA ey from 51 bits o 102 bits eansed the decrypt tine to ncteate near sf, (©. Ali usa shee ban th ergs mess tle, asl eas eed ithe bs ecrypied air ha the mesg 1D. Use of ett, aa ymmetns ception Key gently smal and sed forthe purpose of erypting wer dt ‘The MOST inporunt soe i plnning ak bx penta esti |A.- the documenntion of te plano eng procedure, 2B. aretisi etalutoaf the eovirnmen tcc odtemis cope (Cooley the manages ofthe ict osaiatn 1D. sebsling snd deco th ted lenge st, is the correct nomen, usiteation: ‘A. Apencttion tt snl be cael planed exes lhe mos import factor it pe aproas Instat box penton tt, the envionment i mt kaw tthe eng opin ‘Clack ox penetration esting assumes ne prin knowles of the infest w be teste ‘Tester smut a tak rom someone Who i fair with teste I portant sve management knowledge ofthe proceeding 0 tha the ets eatid y the moore. systems. he epi ofthe ations abe determined qui. 1, test mst be seed oa 1 minimize hes of sng rial pesto wove thsi tf wrking with he agenc of the eration ‘SA eer reso Aw & tons el i,ase eA es ns Ameen & pote Nal on a OMAR S~PROTECTION OF FORMATION ASSETS “Anoreizato tows forth se of nivel esl bas rivet nse cpa data bstwen ess ‘Which fe flloviog ithe GREATEST rk cited with thew of ese dvs? lesa not backed up ‘Tato the devices sect he devo persoal purposes Ieodiion of mare no evan same Josie ‘A Whe ue ais tet ofan unencrypted die grater ise ‘BL ecanse univer serial ts (UB) eves tena ob small they are sescpble to the ots “Tals repre te greats risk the organization. C._Upe of OSH des or esa arose atin of company pic, Lweve, is sot the yes sk 1D. Good genera I conto wil include the sang of USB dives for malware once heya ised ‘i compte The nk of svar in ab obese but eines os reo the nk of Sess ora ‘eo pefoming comput foes mentation in eardo the eins rd, an 1 autor shold Ue MOST cence it A nals Balin. presen. D. Ebel Ci he comect ans. Jaca: prAna imporat tt the rina concen eat eden in ens instiatin ‘BL Graton tpt but nt he primary concen ree evden ene seston {C._ Pyevevaton an dactmentaton evidence far reve by In enforcement and adil ‘theres ref prmary concer when investigating Faire t proprypreseve the evidence Could opardie the adesilty af the evidence egal proceedings. 1b. Disses port bat at of pein conser to 2S ator ina fei ivesigstion ‘Acer suberty (CA)can dg the roses of A. ewedion ad suspension of sbsrber crit. B_genenton and dstuibatin ofthe CA publ ky {C,- Esubhng inl Bemeen the regione ety adits poli hey D. anand dstrbuzg sabserber ects, the covet answer. ostiensien J Rewonten al uspensio ofthe meer etic are ations ofthe subse cette ie ‘elemageme, wc the core athens) (CA) mus peroms, 18 Genenton sn distabon fhe CA poli ley pf the CA Fey he yee maazemen Proves and a chert be dept. c_Evtatihing ink btmeen the requesig entity and its pale is fction of feghtrton authority This may tay ot Be perforate by 2 Ca; hereore, hs anction an Dedlegated 1. Fess a itonof the sbsrber cette are fntion ofthe eer ete ie cjelemanagement, wich the CA mas peo,‘DOMAIN 5-PROTEETION OF INFORMATION ASSETS ast ‘Whi the allowing retin a dei serio atk? ‘A. Be fre atack Bo Phgofgah Leap tack D. Nea skate tale Bisthe correct neve. sition: ‘AV Abr fre stack stylet tack tht cust ll pole ay combina gaat sseryion keys ops. ‘The wseaf Ping witha packet sue higher ena of serie. ©. ‘Alespog stack, the cof eneting rough oe ormare hasta preside a tes, makes USF wer {an pasmed information snd iy romeo bt o compromise anther Hos 12 Anepneselnowledget ra enenston eget cps on peel wes a Sv operating ten tnt dos mo handle esyadvonas aera pope vig te Sse sa ‘epee ste ding such nema 3 SKB and o fragmentation Mag on wil cause a ‘Which of he lowing ia avatage of epic curve excytion oer RSA ery? AL Computation ged 1B) Alvi to upon gl lgnaues Simple hey tation D._Nesage integrity consol, ‘A Thema avantaeot lip ery eneryptin ECO over RSA encryption ee ompattion speed. Ths dein art to the use of mach sae ey nthe ECC gorithm than in RSA. 1B, Both encryption metho spot Spa signa (CB enrypion met ar und fr pli ey corte a abn Both ECC aod RSA ofr mesg meg coal Which ofthe flowing wold beth BEST over contd Soran ere basins oking fr ented inert of data? A. Stere Socks Liner Btu detection sem Pak infarct Vira pte met Ate the conrect anaes Josie: ‘A. Secu Sockets Layer (SSL) sme for many ecommerce applications to setup assure channel for communications proving conidentalitythrvagh » combination of public na syametrie ‘ry enerypion an nti through hash mee authentication ode. 1B Amiarasn dt ssn lpenrod or oesing tai oe he rst. C.Pablieky nase wed conjuction WSS oor esarngcommcstion ich 8 sommes ea 1, ‘Avira pte nto (UPN) 2 gents ten rs communion nl ht ts provide onfienli, itgntyaodwtenction lay) VPN cam operat at dill vl he ‘Ope ystems Ttreeneestin sta and ma ot alas een conjnstin Wh ection. SS. cin becalled ape of VPN, ‘ISA Review Gunso, Anewers& Explanations Maral 12 aon ELON tie eveAST) Which of te following reverve contol BEST begs secu a ne plicaon? A. Passo msting . B Devdoper rane CC. Uneofenceypin De Value testing Bethe err answer, etiam: 1x Paoowrd masking ie necesary peers but i the best way o sere a listo, 1B. Ofte given choies, eaclng developers writ secure code is the est may o scare eb application. ¢.Eoyton iltest ts bt i tsi t seu a appition base thes Davin ean oad compen appiacon sd, Ensuring at aplations sig in eee ‘toy he bes yay scue a split THs oeompihed by eosuing that eens re ‘egutely edt on scour coding races 'D.Valoerbliy tating ap to em th seventy of web appiaioes; neve, he best preventive tonto slope sti beau blag ere apicaos fo ests meee, |AST4 Which ofthe foliowig avis ware implementation states woul be he MOST efeciv in snuscaneced cuporate newer AL Serena anti sfteae BB Entepise sel ais sofware (C.Workstatin based eos software DB. Patmsertsed ats sofa Bis he correct answer, satiation: ‘An Aneflstve antivir ton mist bea combination of sere net nd pret eset ‘saming nd pececon 1B, Animportant meas of nating the spread of viruses sto deploy an enterprise anivires Solin that wll monitor and ana rac a many pons This provides layered dese {mode has more ily tect maiare regards ow it coment the ozanization— versal serial bs (USE or partabesorage, network am infected download of lcs web application. ¢.Ghiyehcng fr vin om workstations woul ot adept becuse maar a ct may serwonk devices or server el Because mor er a oiaton trophy ere mets ony eesking fon ‘malate princes mot enough o poet he ssc. {A Review Gnstona Anon: & Exonoton Maal 1 Eton 7" Pal oMAMNS- PROTECTION OF NFORMATION ASSETS ‘ich athe‘OWA S-PROTECTION OF IMFORUATION ASSETS Asis BE" Which ofthe flowing would be of MOST coocem to sn 18 wor eewing itl vate nema inplemenaon? Copter one net tata oat nk enterprise’ neal stk aie bck ste inenplyes homes, ste eer amet fies Cis the correct answer. Sutin ‘A. Onan esters’ neal network the sould be sur poles cnt lace fo eet saan ouside rack a ses antral niche asa Saas plato Comput tthe ack ie we sujet tothe copa set poly a tees, tet igh se computs © Oneri ofa vita priate network implementations the cane fami high computers note enterprise's network: All machine ht ate led ene viel network hele subject othe une scary pal. ome computes areas bet oh prt cri ies nd therefore ae highrisk compat Once compte is hack an Sued” an ‘ork hat tu tht compete ask nplenentato ae aheree on orporte eur ley ise when al computers on the rework eon he ener’ camps, Conte on te ou tare tthe eter’ ema ore, peraps ei ie 1 and secy employees wh have diecast ow, ae ta computes in be wat oie or bck ste, but evil le riky ta hme competes ‘Th PRIMARY reso or asing igi sgntares ist ease A sofia Batty Calis D. comets Bie the correct anaes. usin ‘A Adiga site docs in sel, adres mesg conidia, 'B. Dipl sgeatures provide ingrity case the dil enarare oa inet meson (i, ‘mal, document) changes every tea sng ofthe doanent change, hus Sie came cannot beater A dtl sizatre provides fr message tg) nensepuiaion and proto orgn. Cty ot eld to dsl sips in grcr coca nt eed to din signatures. A dig sige guaranty, weir cant ene cris fined as ‘ISA Review Quetons Answer & Explains Mana 1 lion ‘Sic ng ereSe asm ast ‘A Revi Gvotons; Arowers&Explnatons Manel 12 Eon ‘Sen mete if ‘DOMAN S-PROTEETION OF INFORMATION ASSETS ‘Which ofthe following ia cane of pus yes ami? AL Tac amipse Bh Masuendng C._ Destseriee Daa potas Als the correct answer, Jesieaton ee Cotersecurty thscatsvancraiie are iid inte pasve and ave atch. A pasive ‘Mick's one ha nates or expres network tafe at das natn any way modi, insert drake the tafe, Examples of pave atacksInade network ana cvesdropping trac analyse Because masquerading aes thdata by mudiying the rg, an ave tack, Because adeno serie ack Bode he etc wi fico seals malfrmed packs oer fie eaork an acne ack ‘estore poting ater theese, it isan ative tack poe [An IS autora evening soca iidet management proces ote cmpany, Wie fe falowing cee nthe MOST unpre comet? A. Chin of usd of electronic eviense 1B _ Sytem breach soticaon proces Cyclon procedures eral pecs 1. Provede to emer lo a Abs hecorec answer. ean Ath preservation of evidence the estmportant onsderatonin egard to seat niet nent If data and evidence are not collected prope, alle alarmation ena be os {in peu ot be ansible in cour of law shoud the company decide to parse tigation. 1h. Shtc beac otfation aa imporant aspect an in many eb ny even Be eu By ws {aregultsns however, the sccm) mtb each andthe eon proces ‘agi ot py ‘c._Ensltion procedre extemal agencies mh asthe cl plc or expres desing in fsoerne ue import. However bot proper cin of custody pends, ital idee may ‘eto and would ore admin cout ofr hold th company sd ope isan 1b. Wie ang proces ia place o reer estas import iste mie that evidence ‘aru core fllowap and inestisin.DOMAIN S-PROTECTION OF MFORMATION ASSETS @s= AST Ansccany mere ora emetic stein AL system spose ine Regist ime guile sie DL faboscxpunce te Dis the ret anor stieatin [Av Atiponant cosine in be inplesstuon of biometis is th tne eid proses we Wihesyster i to sloth wl put prey a eal neato. Howe, hs ot 18 Therion tne ie amcaue of th eff than o ela trina, Titan seouncy mast, Theft tas biome norton vrs depening 0 the fof imei lion sels Ths ot an ssuny tena, 1D, Three main acuracy measures are used fora biometric sletion fabereecon rate (FRR), roserrr rate (CPR) and fageacceptance eae (FAR)-FRR Is a measre of how fen valid ‘neal are rejected FAR ira menare of bow often fv indus ae accepted, CER is ‘mena of wen he aber eecon rte oa the fabeacepane Fae ‘ASM nS aioe evaluating lege ces cones should FIRST, A docu he ons api tthe potenti aces pts ote sya 1B tetas oe the ates pats to deerme hey ae Bn Gert th cst enorme in elation owt oie and pac chasm uedersanding fh cut io iafomaton rosin Dis the crrct anne. Sonsention [A Damen sd eauton the Sco pn assign, fey ad sfleciveness ofthe contol ad is tsed on the ik tthe syste th cess he Son 13, The i tp isto est te aces pts —tn deere ithe coals a tong (CW nly ar sk determine and he cons documented at te Saar cn esate she cay envonnent i ase aegeny though review of the wien poise, bersion of ‘patie nd compara of theo spre secant und acs 1. Wen evaluating pial access contra an IS audio should fst aan am understanding th security rk facing information proesing by reviewing relent documentation, by Inquire and conducting ask sessment, The ncesery 0 ht he IS eo ca nee fhe controlar adeuste es rik Ey 1 ev uss, es tis ual Ein