Professional Documents
Culture Documents
Security Sample Questions 1
Security Sample Questions 1
When assessing the audit capability of an application, which of the following activities is MOST important?
Answer: C
Q1000
A web-based application known to be susceptible to attacks is now under review by a senior developer.
The organization would like to ensure this application Is less susceptible to injection attacks specifically,
What strategy will work BEST for the organization's situation?
Answer: B
Q1001
Management has decided that a core application will be used on personal cellular phones. As an
implementation requirement, regularly scheduled analysis of the security posture needs to be conducted.
Management has also directed that continuous monitoring be implemented. Which of the following is
required to accomplish management's directive?
Answer: B
Q1002
What is the FIRST step prior to executing a test of an organisation's disaster recovery (DR) or business
continuity plan (BCP)?
Answer: D
Q1003
Which of the following security tools will ensure authorized data is sent to the application when
implementing a cloud based application?
Answer: B
Q1004
Before implementing an internet-facing router, a network administrator ensures that the equipment is
baselined/hardened according to approved configurations and settings. This action provides protection
against which of the following attacks?
A. Blind spoofing
B. Media Access Control (MAC) flooding
C. SQL injection (SQLI)
D. Ransomware
Answer: B
Q1005
A cloud service provider requires its customer organizations to enable maximum audit logging for its data
storage service and to retain the logs for the period of three months. The audit logging generates
extremely high amount of logs. What is the MOST appropriate strategy for the log retention?
A. Keep last week's logs in an online storage and the rest in a near-line storage.
B. Keep all logs in an online storage.
C. Keep all logs in an offline storage.
D. Keep last week's logs in an online storage and the rest in an offline storage.
Answer: D
Answer: C
Q1007
The disaster recovery (DR) process should always include
A. plan maintenance.
B. periodic vendor review.
C. financial data analysis.
D. periodic inventory review.
Answer: A
Q1008
Which of the following BEST describes the purpose of software forensics?
A. To perform cyclic redundancy check (CRC) verification and detect changed applications
B. To review program code to determine the existence of backdoors
C. To analyze possible malicious intent of malware
D. To determine the author and behavior of the code
Answer: D
Q1009
The security architect has been assigned the responsibility of ensuring integrity of the organization's
electronic records. Which of the following methods provides the strongest level of integrity?
A. Time stamping
B. Encryption
C. Hashing
Questions and Answers 309/451
D. Digital signature
Answer: D
Q1010
An application is used for funds transfer between an organization and a third-party. During a security
audit, an issue with the business continuity/disaster recovery policy and procedures for this application.
Which of the following reports should the audit file with the organization?
Answer: C
Q1011
An organization purchased a commercial off-the-shelf (COTS) software several years ago. The
information technology (IT) Director has decided to migrate the application into the cloud, but is
concerned about the application security of the software in the organization's dedicated environment with
a cloud service provider. What is the BEST way to prevent and correct the software's security weal
Answer: A
Q1012
Which reporting type requires a service organization to describe its system and define its control
objectives and controls that are relevant to users internal control over financial reporting?
Answer: B
A. Virtualization
B. Antivirus
C. Process isolation
D. Host-based intrusion prevention system (HIPS)
Answer: A
Q1014
Which of the following is the GREATEST risk of relying only on Capability Maturity Models (CMM) for
software to guide process improvement and assess capabilities of acquired software?
Answer: B
Q1015
Which of the following should exist in order to perform a security audit?
Answer: D
Q1016
Questions and Answers 311/451
Which of the following encryption technologies has the ability to function as a stream cipher?
Answer: A
Q1017
An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take
advantage of a victim's existing browser session with a web application is an example of which of the
following types of attack?
Answer: B
Q1018
Which of the following is the BEST method to identify security controls that should be implemented for a
web-based application while in development?
Answer: A
Q1019
A security professional has reviewed a recent site assessment and has noted that a server room on the
second floor of a building has Heating, Ventilation, and Air Conditioning (HVAC) intakes on the ground
level that have ultraviolet light filters installed, Aero-K Fire suppression in the server room, and pre-action
fire suppression on floors above the server room. Which of the following changes can the security
professional recommend to reduce risk associated with these conditions?
Questions and Answers 312/451
A. Remove the ultraviolet light filters on the HVAC intake and replace the fire suppression system on the
upper floors with a dry system
B. Add additional ultraviolet light filters to the HVAC intake supply and return ducts and change server
room fire suppression to FM-200
C. Apply additional physical security around the HVAC intakes and update upper floor fire suppression to
FM-200.
D. Elevate the HVAC intake by constructing a plenum or external shaft over it and convert the server
room fire suppression to a pre-action system
Answer: C
Q1020
An organization is setting a security assessment scope with the goal of developing a Security
Management Program (SMP). The next step is to select an approach for conducting the risk assessment.
Which of the following approaches is MOST effective for the SMP?
Answer: A
Q1021
Which combination of cryptographic algorithms are compliant with Federal Information Processing
Standard (FIPS) Publication 140-2 for non-legacy systems?
Answer: C
Answer: C
Q1023
Which of the following is the MOST effective measure for dealing with rootkit attacks?
Answer: D
Q1024
While classifying credit card data related to Payment Card Industry Data Security Standards (PCI-DSS),
which of the following is a PRIMARY security requirement?
Answer: C
Q1025
Write Once, Read Many (WORM) data storage devices are designed to BEST support which of the
following core security concepts?
Questions and Answers 314/451
A. lntegrity
B. Scalability
C. Availability
D. Confidentiality
Answer: A
Q1026
What is the MOST important factor in establishing an effective Information Security Awareness Program?
A. Obtain management buy-in.
B. Conduct an annual security awareness event.
C. Mandate security training.
D. Hang information security posters on the walls,
Answer: C
Q1027
Which of the following events prompts a review of the disaster recovery plan (DRP)?
Answer: D
Q1028
An organization plans to acquire @ commercial off-the-shelf (COTS) system to replace their aging home-
built reporting system. When should the organization's security team FIRST get involved in this
acquisition's life cycle?
A. When the system is being designed, purchased, programmed, developed, or otherwise constructed
B. When the system is verified and validated
C. When the system is deployed into production
D. When the need for a system is expressed and the purpose of the system Is documented
Answer: D
A. The IT administrator had failed to grant the developer privileged access to the servers.
B. The project files were inadvertently deleted.
C. The new developer's computer had not been added to an access control list (ACL).
D. The new developer's user account was not associated with the right roles needed for the projects.
Answer: A
Q1030
Which of the following measures serves as the BEST means for protecting data on computers,
smartphones, and external storage devices when traveling to high-risk countries?
A. Review applicable destination country laws, forensically clean devices prior to travel, and only
download sensitive data over a virtual private network (VPN) upon arriving at the destination.
B. Keep laptops, external storage devices, and smartphones in the hotel room when not in use.
C. Leverage a Secure Socket Layer (SSL) connection over a virtual private network (VPN) to download
sensitive data upon arriving at the destination.
D. Use multi-factor authentication (MFA) to gain access to data stored on laptops or external storage
devices and biometric fingerprint access control isms to unlock smartphones.
Answer: D
Q1031
Which of the following implementations will achieve high availability in a website?
A. Multiple Domain Name System (DNS) entries resolving to the same web server and large amounts of
bandwidth
B. Disk mirroring of the web server with redundant disk drives in a hardened data center
C. Disk striping of the web server hard drives and large amounts of bandwidth
D. Multiple geographically dispersed web servers that are configured for failover
Answer: D
A. Follow-On
B. Planning
C. Contracting
D. Monitoring and Acceptance
Answer: D
Q1033
Security Software Development Life Cycle (SDLC) expects application code to be written In a consistent
manner to allow ease of auditing and which of the following?
A. Protecting
B. Executing
C. Copying
D. Enhancing
Answer: A
Q1034
In the common criteria, which of the following is a formal document that expresses an implementation-
independent set of security requirements?
Answer: C
Q1035
Which of the following is considered the FIRST step when designing an internal security control
assessment?
Q1036
The Chief Executive Officer (CEO) wants to implement an internal audit of the company's information
security posture. The CEO wants to avoid any bias in the audit process; therefore, has assigned the
Sales Director to conduct the audit. After significant interaction over a period of weeks the audit concludes
that the company's policies and procedures are sufficient, robust and well established. The CEO then
moves on to engage an external penetration testing company in order to showcase the organization's
robust information security stance. This exercise reveals significant failings in several critical security
controls and shows that the incident response processes remain undocumented. What is the MOST likely
reason for this disparity in the results of the audit and the external penetration test?
A. The external penetration testing company used custom zero-day attacks that could not have been
predicted.
B. The information technology (IT) and governance teams have failed to disclose relevant information to
the internal audit team leading to an incomplete assessment being formulated.
C. The scope of the penetration test exercise and the internal audit were significantly different.
D. The audit team lacked the technical experience and training to make insightful and objective
assessments of the data provided to them.
Answer: C
Q1037
A small office is running WiFi 4 APs, and neighboring offices do not want to increase the throughput to
associated devices. Which of the following is the MOST cost-efficient way for the office to increase
network performance?
Answer: C
Q1038
An engineer notices some late collisions on a half-duplex link. The engineer verifies that the devices
Questions and Answers 318/451
on both ends of the connection are configured for half duplex. Which of the following is the MOST likely
cause of this issue?
Answer: A
Q1039
Which of the following VPN configurations should be used to separate Internet and corporate traffic?
A. Split-tunnel
B. Remote desktop gateway
C. Site-to-site
D. Out-of-band management
Answer: A
Q1040
A technician wants to install a WAP in the center of a room that provides service in a radius surrounding a
radio. Which of the following antenna types should the AP utilize?
A. Omni
B. Directional
C. Yagi
D. Parabolic
Answer: A
Q1041
To comply with industry requirements, a security assessment on the cloud server should identify which
protocols and weaknesses are being exposed to attackers on the Internet. Which of the following tools is
the MOST appropriate to complete the assessment? A Use tcpdump and parse the output file in a
protocol analyzer.
Answer: D
A. A bridge
B. A Layer 2 switch
C. A router
D. A repeater
Answer: C
Q1043
Which of the following would need to be configured to ensure a device with a specific MAC address is
always assigned the same IP address from DHCP?
A. Scope options
B. Reservation
C. Dynamic assignment
D. Exclusion
E. Static assignment
Answer: B
Q1044
Wireless users are reporting intermittent Internet connectivity. Connectivity is restored when the users
disconnect and reconnect, utilizing the web authentication process each time. The network administrator
can see the devices connected to the APs at all times. Which of the following steps will MOST likely
determine the cause of the issue?
Answer: A
Q1045
A fiber link connecting two campus networks is broken. Which of the following tools should an engineer
use to detect the exact break point of the fiber link? Questions and Answers 320/451
A. OTDR
B. Tone generator
C. Fusion splicer
D. Cable tester
E. PoE injector
Answer: A
Q1046
Two remote offices need to be connected securely over an untrustworthy MAN. Each office needs to
access network shares at the other site. Which of the following will BEST provide this functionality?
A. Client-to-site VPN
B. Third-party VPN service
C. Site-to-site VPN
D. Split-tunnel VPN
Answer: C
Q1047
An IT technician suspects a break in one of the uplinks that provides connectivity to the core switch.
Which of the following command-line tools should the technician use to determine where the incident is
occurring?
A. nslookup
B. show config
C. netstat
D. show interface
E. show counters
Answer: D
Q1048
Which of the following needs to be tested to achieve a Cat 6a certification for a company's data cabling?
A. RJ11
B. LC ports
C. Patch panel
Questions and Answers 321/451
D. F-type connector
Answer: C
Q1049
A technician is troubleshooting a client's report about poor wireless performance. Using a client monitor,
the technician notes the following information:
Which of the following is MOST likely the cause of the issue?
A. Channel overlap
B. Poor signal
C. Incorrect power settings
D. Wrong antenna type
Answer: A
Q1050
Which of the following types of devices can provide content filtering and threat protection, and manage
multiple IPSec site-to-site connections?
A. Layer 3 switch
B. VPN headend
C. Next-generation firewall
D. Proxy server
E. Intrusion prevention
Answer: C
Q1051
A network administrator is designing a new datacenter in a different region that will need to communicate
to the old datacenter with a secure connection. Which of the following access methods would provide the
BEST security for this new datacenter? Questions and Answers 322/451
Answer: D
Q1052
Which of the following types of datacenter architectures will MOST likely be used in a large SDN and can
be extended beyond the datacenter?
A. iSCSI
B. FCoE
C. Three-tiered network
D. Spine and leaf
E Top-of-rack switching
Answer: B
Q1053
At the destination host, which of the following OSI model layers will discard a segment with a bad
checksum in the UDP header?
A. Network
B. Data link
C. Transport
D. Session
Answer: C
Q1054
A network administrator is configuring a database server and would like to ensure the database engine is
listening on a certain port. Which of the following commands should the administrator use to accomplish
this goal?
A. nslookup
B. netstat -a
C. ipeonfig /a
D. arp -a
Questions and Answers 323/451
Answer: B
Q1055
Which of the following routing protocols is used to exchange route information between public
autonomous systems?
A. OSPF
B. BGP
C. EIGRP
D. RIP
Answer: B
Q1056
Where can the Open Web Application Security Project (OWASP) list of associated vulnerabilities be
found?
Answer: A
Q1057
What is the BEST approach to anonymizing personally identifiable information (PII) in a test environment?
A. Randomizing data
B. Swapping data
C. Encrypting data
D. Encoding data
Answer: C
Q1058
A customer continues to experience attacks on their email, web, and File Transfer Protocol (FTP) servers.
These attacks are impacting their business operations. Which of the following is the BEST Questions and
Answers 324/451
recommendation to make?
Answer: C
Q1059
Which security feature fully encrypts code and data as it passes to the servers and only decrypts below
the hypervisor layer?
Answer: D
Q1060
Which of the following techniques evaluates the secure Bet principles of network or software
architectures?
A. Threat modeling
B. Risk modeling
C. Waterfall method
D. Fuzzing
Answer: A
Q1061
Which of the following is security control volatility?
Answer: D
A. Chain-of-custody
B. Authorization to collect
C. Court admissibility
D. Data decryption
Answer: A
Q1063
Which of the following does the security design process ensure within the System Development Life
Cycle (SDLC)?
A. Proper security controls, security goals, and fault mitigation are properly conducted.
B. Proper security controls, security objectives, and security goals are properly initiated.
C. Security goals, proper security controls, and validation are properly initiated.
D. Security objectives, security goals, and system test are properly conducted.
Answer: B
Q1064
An organization needs a general purpose document to prove that its internal controls properly address
security, availability, processing integrity, confidentiality or privacy risks. Which of the following reports is
required?
Answer: C
Q1065
What is the BEST design for securing physical perimeter protection? Questions and Answers 326/451
Answer: B
Q1066
Two computers, each with a single connection on the same physical 10 gigabit Ethernet network
segment, need to communicate with each other. The first machine has a single Internet Protocol (IP)
Classless Inter-Domain Routing (CIDR) address of 192.168.1.3/30 and the second machine has an
IP/CIDR address 192.168.1.6/30. Which of the following is correct?
A. Since each computer is on a different layer 3 network, traffic between the computers must be
processed by a network bridge in order to communicate.
B. Since each computer is on the same layer 3 network, traffic between the computers may be processed
by a network bridge in order to communicate.
C. Since each computer is on the same layer 3 network, traffic between the computers may be processed
by a network router in order to communicate.
D. Since each computer is on a different layer 3 network, traffic between the computers must be
processed by a network router in order to communicate.
Answer: B
Q1067
The security team is notified that a device on the network is infected with malware. Which of the following
is MOST effective in enabling the device to be quickly located and remediated?
A. Data loss protection (DLP)
B. Intrusion detection
C. Vulnerability scanner
D. Information Technology Asset Management (ITAM)
Answer: D
Q1068
A corporation does not have a formal data destruction policy. During which phase of a criminal legal
proceeding will this have the MOST impact?
A. Arraignment
Questions and Answers 327/451
B. Trial
C. Sentencing
D. Discovery
Answer: D
Q1069
Which of the following is the MOST common use of the Online Certificate Status Protocol (OCSP)?
Answer: D
Q1070
Why would a system be structured to isolate different classes of information from one another and
segregate them by user jurisdiction?
Answer: C
Q1071
A security professional needs to find a secure and efficient method of encrypting data on an endpoint.
Which solution includes a root key?
A. Bitlocker
B. Trusted Platform Module (TPM)
C. Virtual storage array network (VSAN)
D. Hardware security module (HSM)
Answer: D
Q1072
Questions and Answers 328/451
What method could be used to prevent passive attacks against secure voice communications between an
organization and its vendor?
A. Encryption in transit
B. Configure a virtual private network (VPN)
C. Configure a dedicated connection
D. Encryption at rest
Answer: A
Q1073
What is the MOST effective response to a hacker who has already gained access to a network and will
attempt to pivot to other resources?
Answer: D
Q1074
A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the
information technology (IT) department. While corporate policy dictates that only the CIO can make
decisions on the level of data protection required, technical implementation decisions are done by the
head of the IT department. Which of the following BEST describes the security role filled by the head of
the IT department?
A. System analyst
B. System security officer
C. System processor
D. System custodian
Answer: D
Q1075
Which of the following is a term used to describe maintaining ongoing awareness of information security,
vulnerabilities, and threats to support organizational risk management decisions? Questions and Answers
329/451
Answer: D
Q1076
Which of the following is a secure design principle for a new product?
Answer: A
Q1077
An application developer receives a report back from the security team showing their automated tools
were able to successfully enter unexpected data into the organization's customer service portal, causing
the site to crash. This is an example of which type of testing?
A. Non-functional
B. Positive
C. Performance
D. Negative
Answer: D
Q1078
An organization has determined that its previous waterfall approach to software development is not
keeping pace with business demands. To adapt to the rapid changes required for product delivery, the
organization has decided to move towards an Agile software development and release cycle. In order to
ensure the success of the Agile methodology, who is MOST critical in creating acceptance tests or
acceptance criteria for each release?
A. Project managers
B. Software developers
C. Independent testers
D. Business customers
Questions and Answers 330/451
Answer: D
Q1079
A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting
their medical records from a web portal?
A. Use limitation
B. Individual participation
C. Purpose specification
D. Collection limitation
Answer: D
Q1080
When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is
preventing unauthorized users accessing the VoIP network. Which of the following will BEST help secure
the VoIP network?
Answer: A
Q1081
What is the PRIMARY objective of the post-incident phase of the incident response process in the
security operations center (SOC)?
Answer: A
Q1082
Questions and Answers 331/451
An international organization has decided to use a Software as a Service (SaaS) solution to support its
business operations. Which of the following compliance standards should the organization use to assess
the international code security and data privacy of the solution?
Answer: B
Q1083
Which of the following actions should be undertaken prior to deciding on a physical baseline Protection
Profile (PP)?
Answer: A
Q1084
A criminal organization is planning an attack on a government network. Which of the following scenarios
presents the HIGHEST risk to the organization?
Answer: B
Q1085
A Certified Information Systems Security Professional (CISSP) with identity and access management
(IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to4 perform a vulnerability
assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never
performed this before. According to the (ISC)? Code of Professional Ethics, which of the following should
the CISSP do?
Questions and Answers 332/451
A. Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete
it
B. Review the PCI requirements before performing the vulnerability assessment
C. Inform the CISO that they are unable to perform the task because they should render only those
services for which they are fully competent and qualified
D. Since they are CISSP certified, they have enough knowledge to assist with the request, but will need
assistance in order to complete it in a timely manner
Answer: C
Q1086
A large organization's human resources and security teams are planning on implementing technology to
eliminate manual user access reviews and improve compliance. Which of the following options is MOST
likely to resolve the issues associated with user access?
Answer: B
Q1087
A healthcare insurance organization chose a vendor to develop a software application. Upon review of the
draft contract, the information security professional notices that software security is not addressed. What
is the BEST approach to address the issue?
A. Update the service level agreement (SLA) to provide the organization the right to audit the vendor.
B. Update the service level agreement (SLA) to require the vendor to provide security capabilities.
C. Update the contract so that the vendor is obligated to provide security capabilities.
D. Update the contract to require the vendor to perform security code reviews.
Answer: C
Q1088
Which of the following is MOST important to follow when developing information security controls for an
organization?
A. Exercise due diligence with regard to all risk management information to tailor appropriate controls.
Questions and Answers 333/451
B. Perform a risk assessment and choose a standard that addresses existing gaps.
C. Use industry standard best practices for security controls in the organization.
D. Review all local and international standards and choose the most stringent based on location.
Answer: C
Q1089
Which of the following is the MAIN difference between a network-based firewall and a host-based
firewall?
Answer: B
Q1090
Which of the following system components enforces access controls on an object?
A. Security perimeter
B. Access control matrix
C. Trusted domain
D. Reference monitor
Answer: B
Q1091
Building blocks for software-defined networks (SDN) require which of the following?
Answer: C
Answer: C
Q1093
A company is planning to implement a private cloud infrastructure. Which of the following
recommendations will support the move to a cloud infrastructure?
A. Implement a virtual local area network (VLAN) for each department and create a separate subnet for
each VLAN.
B. Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be
integrated with the control and data planes.
C. Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from
the physical switches.
D. implement software-defined networking (SDN) to provide the ability to apply high-level policies to
shape and reorder network traffic based on users, devices and applications.
Answer: D
Q1094
While performing a security review for a new product, an information security professional discovers that
the organization's product development team is proposing to collect government-issued identification (ID)
numbers from customers to use as unique customer identifiers. Which of the following recommendations
should be made to the product development team?
Answer: C
Questions and Answers 335/451
Q1095
Which of the following is performed to determine a measure of success of a security awareness training
program designed to prevent social engineering attacks?
Answer: B
Q1096
What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high-
performance data reads and writes?
A. RAID-0
B. RAID-1
C. RAID-5
D. RAID-6
Answer: A
Q1097
A retail company is looking to start a development project that will utilize open source components in its
code for the first time. The development team has already acquired several `open source components
and utilized them in proof of concept (POC) code. The team recognizes that the legal and operational
risks are outweighed by the benefits of open-source software use. What MUST the organization do next?
A. Mandate that all open-source components be approved by the Information Security Manager (ISM).
B. Scan all open-source components for security vulnerabilities.
C. Establish an open-source compliance policy.
D. Require commercial support for all open-source components.
Answer: C
Q1098
Upon commencement of an audit within an organization, which of the following actions is MOST
Questions and Answers 336/451
Answer: C
Q1099
An organization is planning a penetration test that simulates the malicious actions of a former network
administrator. What kind of penetration test is needed?
A. Functional test
B. Unit test
C. Grey box
D. White box
Answer: C
Q1100
An organization has discovered that organizational data is posted by employees to data storage
accessible to the general public. What is the PRIMARY step an organization must take to ensure data is
properly protected from public release?
Answer: C
Q1101
What is the PRIMARY reason that a bit-level copy is more desirable than a file-level copy when
replicating a hard drive's contents for an e-discovery investigation?
Answer: A
Q1102
While reviewing the financial reporting risks of a third-party application, which of the following Service
Organization Control (SOC) reports will be the MOST useful?
A. ISIsOC 1
B. SOC 2
C. SOC 3
D. SOC for cybersecurity
Answer: A
Q1103
A large manufacturing organization arranges to buy an industrial machine system to produce a new line of
products. The system includes software provided to the vendor by a thirdparty organization. The financial
risk to the manufacturing organization starting production is high. What step should the manufacturing
organization take to minimize its financial risk in the new venture prior to the purchase?
Answer: B
Q1104
Which of the following types of hosts should be operating in the demilitarized zone (DMZ)?
A. Hosts intended to provide limited access to public resources
B. Database servers that can provide useful information to the public
C. Hosts that store unimportant data such as demographical information
D. File servers containing organizational data
Answer: A
A. Documentation of functions
B. Isolated functions and data
C. Secure distribution of programs and data
D. Minimal access to perform a function
Answer: A
Q1106
Which of the following is MOST appropriate to collect evidence of a zero-day attack?
A. Firewall
B. Honeypot
C. Antispam
D. Antivirus
Answer: A
Q1107
Which of the following is required to verify the authenticity of a digitally signed document?
Answer: A
Q1108
Which of the following is the BEST method to gather evidence from a computer's hard drive?
A. Disk duplication
B. Disk replacement
C. Forensic signature
D. Forensic imaging
Questions and Answers 339/451
Answer: D
Q1109
Who should perform the design review to uncover security design flaws as part of the Software
Development Life Cycle (SDLC)?
Answer: B
Q1110
During a penetration test, what are the three PRIMARY objectives of the planning phase?
A. Determine testing goals, identify rules of engagement, and conduct an initial discovery scan.
B. Finalize management approval, determine testing goals, and gather port and service information.
C. Identify rules of engagement, finalize management approval, and determine testing goals.
D. Identify rules of engagement, document management approval, and collect system and application
information.
Answer: D
Q1111
What term is commonly used to describe hardware and software assets that are stored in a configuration
management database (CMDB)?
A. Configuration element
B. Asset register
C. Ledger item
D. Configuration item
Answer: D
Q1112
Which of the following Disaster recovery (DR) testing processes is LEAST likely to disrupt normal
business operations?
Questions and Answers 340/451
A. Parallel
B. Simulation
C. Table-top
D. Cut-over
Answer: C
Q1113
The Open Web Application Security Project's (OWASP) Software Assurance Maturity Model (SAMM)
allows organizations to implement a flexible software security strategy to measure organizational impact
based on what risk management aspect?
A. Risk tolerance
B. Risk exception
C. Risk treatment
D. Risk response
Answer: D
Q1114
The security architect is designing and implementing an internal certification authority to generate digital
certificates for all employees. Which of the following is the BEST solution to securely store the private
keys?
A. Physically secured storage device
B. Encrypted flash drive
C. Public key infrastructure (PKI)
D. Trusted Platform Module (TPM)
Answer: C
Q1115
Which of the following is a common risk with fiber optical communications, and what is the associated
mitigation measure?
A. Data emanation, deploying Category (CAT) 6 and higher cable wherever feasible
B. Light leakage, deploying shielded cable wherever feasible
C. Cable damage, deploying ring architecture wherever feasible
D. Electronic eavesdropping, deploying end-to-end encryption wherever feasible Questions and Answers
341/451
Answer: B
Q1116
During an internal audit of an organizational Information Security Management System (ISMS),
nonconformities are identified. In which of the following management stages are nonconformities
reviewed, assessed and/or corrected by the organization?
A. Planning
B. Operation
C. Assessment
D. Improvement
Answer: B
Q1117
What is the BEST reason to include supply chain risks in a corporate risk register?
A. Risk registers help fund corporate supply chain risk management (SCRM) systems.
B. Risk registers classify and categorize risk and allow risks to be compared to corporate risk appetite.
C. Risk registers can be used to illustrate residual risk across the company.
D. Risk registers allow for the transfer of risk to third parties.
Answer: B
Q1118
An employee's home address should be categorized according to which of the following references?
Answer: B
Q1119
Why is authentication by ownership stronger than authentication by knowledge? Questions and Answers
342/451
A. It is easier to change.
B. It can be kept on the user's person.
C. It is more difficult to duplicate.
D. It is simpler to control.
Answer: B
Q1120
A network security engineer needs to ensure that a security solution analyzes traffic for protocol
manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic
must be inspected and users prevented from browsing inappropriate websites. Which of the following
solutions should be implemented to enable administrators the capability to analyze traffic, blacklist
external sites, and log user traffic for later analysis?
Answer: B
Q1121
Which of the following is the BEST way to protect an organization's data assets?
Answer: B
Q1122
Which of the following would qualify as an exception to the "right to be forgotten" of the General Data
Protection Regulation's (GDPR)?
Answer: C
Q1123
Which of the following is the name of an individual or group that is impacted by a change?
A. Change agent
B. Stakeholder
C. Sponsor
D. End User
Answer: B
Q1124
What is the MINIMUM standard for testing a disaster recovery plan (DRP)?
Answer: D
Q1125
What is the MOST significant benefit of role-based access control (RBAC)?
Answer: A
Q1126
A software development company found odd behavior in some recently developed software, creating a
need for a more thorough code review. What is the MOST effective argument for a more thorough code
review?
Answer: D
Q1127
A new site's gateway isn't able to form a tunnel to the existing site-to-site Internet Protocol Security
(IPsec) virtual private network (VPN) device at headquarters. Devices at the new site have no problem
accessing resources on the Internet. When testing connectivity between the remote site's gateway, it was
observed that the external Internet Protocol (IP) address of the gateway was set to 192.168.1.1. and was
configured to send outbound traffic to the Internet Service Provider (ISP) gateway at4 192.168.1.2. Which
of the following would be the BEST way to resolve the issue and get the remote site connected?
A. Enable IPSec tunnel mode on the VPN devices at the new site and the corporate headquarters.
B. Enable Layer 2 Tunneling Protocol (L2TP) on the VPN devices at the new site and the corporate
headquarters.
C. Enable Point-to-Point Tunneling Protocol (PPTP) on the VPN devices at the new site and the corporate
headquarters.
D. Enable Network Address Translation (NAT) - Traversal on the VPN devices at the new site and the
corporate headquarters.
Answer: A
Q1128
Which of the following examples is BEST to minimize the attack surface for a customer's private
information?
A. Obfuscation
B. Collection limitation
C. Authentication
D. Data masking
Answer: A
Q1129
What are the essential elements of a Risk Assessment Report (RAR)?
Answer: D
Q1130
What is the PRIMARY benefit of incident reporting and computer crime investigations?
Answer: D
Q1131
Which of the following determines how traffic should flow based on the status of the infrastructure layer?
A. Traffic plane
B. Application plane
C. Data plane
D. Control plane
Answer: A
Q1132
In a multi-tenant cloud environment, what approach will secure logical access to assets?
A. Hybrid cloud
B. Transparency/Auditability of administrative access
C. Controlled configuration management (CM)
D. Virtual private cloud (VPC)
Answer: D
Q1133
Questions and Answers 346/451
A company hired an external vendor to perform a penetration test ofa new payroll system. The company's
internal test team had already performed an in-depth application and security test of the system and
determined that it met security requirements. However, the external vendor uncovered significant security
weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems.
What is the MOST likely cause of the security issues?
Q1134
Which of the following is the MOST effective method of detecting vulnerabilities in web-based applications
early in the secure Software Development Life Cycle (SDLC)?
Answer: C
Q1135
A malicious user gains access to unprotected directories on a web server. Which of the following is MOST
likely the cause for this information disclosure?
A. Security misconfiguration
B. Cross-site request forgery (CSRF)
C. Structured Query Language injection (SQLi)
D. Broken authentication management
Answer: A
Q1136
Which of the following security objectives for industrial control systems (ICS) can be adapted to securing
any Internet of Things (IoT) system?
Questions and Answers 347/451
Answer: D
Q1137
Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will
remain protected by using which protocol?
Answer: A
Q1138
A software development company has a short timeline in which to deliver a software product. The
software development team decides to use open-source software libraries to reduce the development
time. What concept should software developers consider when using open-source software libraries?
A. Open source libraries contain known vulnerabilities, and adversaries regularly exploit those
vulnerabilities in the wild.
B. Open source libraries can be used by everyone, and there is a common understanding that the
vulnerabilities in these libraries will not be exploited.
C. Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an
adversary to exploit.
D. Open source libraries contain unknown vulnerabilities, so they should not be used.
Answer: A
Q1139
According to the (ISC)? ethics canon "act honorably, honestly, justly, responsibly, and legally," which order
should be used when resolving conflicts?
Answer: A
Q1140
When conducting a remote access session using Internet Protocol Security (IPSec), which Open Systems
Interconnection (OSI) model layer does this connection use?
A. Transport
B. Network
C. Data link
D. Presentation
Answer: B
Q1141
Which of the following types of web-based attack is happening when an attacker is able to send a well-
crafted, malicious request to an authenticated user without the user realizing it?
Answer: B
Q1142
When reviewing the security logs, the password shown for an administrative login event was ' OR ' '1'='1'
--. This is an example of which of the following kinds of attack?
Answer: B
Q1143
Questions and Answers 349/451
An organization's internal audit team performed a security audit on the company's system and reported
that the manufacturing application is rarely updated along with other issues categorized as minor. Six
months later, an external audit team reviewed the same system with the same scope, but identified
severe weaknesses in the manufacturing application's security controls. What is MOST likely to be the
root cause of the internal audit team's failure in detecting these security issues?
Answer: A
Q1144
Which audit type is MOST appropriate for evaluating the effectiveness of a security program?
A. Threat
B. Assessment
C. Analysis
D. Validation
Answer: B
Q1145
The development team has been tasked with collecting data from biometric devices. The application will
support a variety of collection data streams. During the testing phase, the team utilizes data from an old
production database in a secure testing environment. What principle has the team taken into
consideration?
Answer: A
Q1146
An attacker has intruded into the source code management system and is able to download but not
modify the code. Which of the following aspects of the code theft has the HIGHEST security impact?
Questions and Answers 350/451
A. The attacker could publicly share confidential comments found in the stolen code.
B. Competitors might be able to steal the organization's ideas by looking at the stolen code.
C. A competitor could run their own copy of the organization's website using the stolen code.
D. Administrative credentials or keys hard-coded within the stolen code could be used to access sensitive
data.
Answer: A
Q1147
Which of the following statements BEST describes least privilege principle in a cloud environment?
Answer: B
Q1148
Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-
18) confidentiality category?
A. Data processing
B. Storage encryption
C. File hashing
D. Data retention policy
Answer: C
Q1149
The initial security categorization should be done early in the system life cycle and should be reviewed
periodically. Why is it important for this to be done correctly?
Answer: B
Answer: D
Q1151
An organization wants to migrate to Session Initiation Protocol (SIP) to save on telephony expenses.
Which of the following security related statements should be considered in the decision-making process?
A. Cloud telephony is less secure and more expensive than digital telephony services.
B. SIP services are more secure when used with multi-layer security proxies.
C. H.323 media gateways must be used to ensure end-to-end security tunnels.
D. Given the behavior of SIP traffic, additional security controls would be required.
Answer: C
Q1152
An organization's retail website provides its only source of revenue, so the disaster recovery plan (DRP)
must document an estimated time for each step in the plan. Which of the following steps in the DRP will
list the GREATEST duration of time for the service to be fully operational?
Answer: B
Q1153
Why is it important that senior management clearly communicates the formal Maximum Tolerable
Questions and Answers 352/451
A. To provide each manager with precise direction on selecting an appropriate recovery alternative
B. To demonstrate to the regulatory bodies that the company takes business continuity seriously
C. To demonstrate to the board of directors that senior management is committed to continuity recovery
efforts
D. To provide a formal declaration from senior management as required by internal audit to demonstrate
sound business practices
Answer: D
Q1154
Which of the following activities should a forensic examiner perform FIRST when determining the priority
of digital evidence collection at a crime scene?
Answer: C
Q1155
When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?
A. The actual origin and tools used for the test can be hidden.
B. Information may be found on related breaches and hacking.
C. Vulnerabilities can be tested without impact on the tested environment.
D. Information may be found on hidden vendor patches.
Answer: D
Q1156
Which of the following is the top barrier for companies to adopt cloud technology?
A. Migration period
B. Data integrity
C. Cost
D. Security
Questions and Answers 353/451
Answer: D
Q1157
In which of the following scenarios is locking server cabinets and limiting access to keys preferable to
locking the server room to prevent unauthorized access?
Q1158
Which of the following criteria ensures information is protected relative to its importance to the
organization?
Answer: D
Q1159
What is the FIRST step for an organization to take before allowing personnel to access social media from
a corporate device or user account?
Answer: A
Q1160
Which of the following is an indicator that a company's new user security awareness training module
Questions and Answers 354/451
Answer: B
Q1161
An access control list (ACL) on a router is a feature MOST similar to which type of firewall?
Answer: B
Q1162
Which of the following is the BEST way to protect privileged accounts?
Q1163
Which of the following is the FIRST step for defining Service Level Requirements (SLR)?
Answer: D
A. SDN Application
B. SDN Data path
C. SDN Controller
D. SDN Northbound Interfaces
Answer: D
Q1165
When MUST an organization's information security strategic plan be reviewed?
Answer: D
Q1166
A large human resources organization wants to integrate their identity management with a trusted partner
organization. The human resources organization wants to maintain the creation and management of the
identities and may want to share with other partners in the future. Which of the following options BEST
serves their needs?
A. Federated identity
B. Cloud Active Directory (AD)
C. Security Assertion Markup Language (SAML)
D. Single sign-on (SSO)
Answer: A
Q1167
Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a
digitally signed document?
Q1168
The quality assurance (QA) department is short-staffed and is unable to test all modules before the
anticipated release date of an application. What security control is MOST likely to be violated?
A. Separation of environments
B. Program management
C. Mobile code controls
D. Change management
Answer: D
Q1169
Which is the PRIMARY mechanism for providing the workforce with the information needed to protect an
agency's vital information resources?
A. Incorporating security awareness and training as part of the overall information security program
B. An information technology (IT) security policy to preserve the confidentiality, integrity, and availability of
systems
C. Implementation of access provisioning process for coordinating the creation of user accounts
D. Execution of periodic security and privacy assessments to the organization
Answer: A
Q1170
What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM)
program?
Answer: D
Answer: C
Q1172
Which of the following is the MOST effective corrective control to minimize the effects of a physical
intrusion?
Answer: C
Q1173
Which type of access control includes a system that allows only users that are type=managers and
department=sales to access employee records?
Answer: C
Q1174
Which of the following describes the BEST method of maintaining the inventory of software and hardware
within the organization?
Questions and Answers 358/451
Answer: C
Q1175
Which of the following is a correct feature of a virtual local area network (VLAN)?
Answer: A
Q1176
In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?
A. Monitor and review performance against business continuity policy and objectives, report the results to
management for review, and determine and authorize actions for remediation and improvement.
B. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action,
based on the results of management review.
C. Ensure the business continuity policy, controls, processes, and procedures have been implemented.
D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant
to improving business continuity have been established.
Answer: D
Q1177
Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?
Questions and Answers 359/451
Answer: C
Q1178
What is the correct order of execution for security architecture?
Answer: A
Q1179
Which of the following is the PRIMARY purpose of due diligence when an organization embarks on a
merger or acquisition?
Answer: A
Q1180
What should be used to determine the risks associated with using Software as a Service (SaaS) for
collaboration and email?
Answer: A
Q1182
A software developer wishes to write code that will execute safely and only as intended. Which of the
following programming language types is MOST likely to achieve this goal?
A. Statically typed
B. Weakly typed
C. Strongly typed
D. Dynamically typed
Answer: D
Q1183
A security professional has been assigned to assess a web application. The assessment report
recommends switching to Security Assertion Markup Language (SAML). What is the PRIMARY security
benefit in switching to SAML?
Answer: B
Q1184
Questions and Answers 361/451
Answer: C
Q1185
Which of the following protection is provided when using a Virtual Private Network (VPN) with
Authentication Header (AH)?
A. Payload encryption
B. Sender confidentiality
C. Sender non-repudiation
D. Multi-factor authentication (MFA)
Answer: C
Q1186
Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when
disposing of an office printer or copier?
A. The device could contain a document with PII on the platen glass
B. Organizational network configuration information could still be present within the device
C. A hard disk drive (HDD) in the device could contain PII
D. The device transfer roller could contain imprints of PII
Answer: B
Q1187
Which of the following is a key responsibility for a data steward assigned to manage an enterprise data
lake?
A. Ensure proper business definition, value, and usage of data collected and stored within the enterprise
data lake.
B. Ensure proper and identifiable data owners for each data element stored within an enterprise data
lake.
C. Ensure adequate security controls applied to the enterprise data lake.
Questions and Answers 362/451
D. Ensure that any data passing within remit is being used in accordance with the rules and regulations of
the business.
Answer: A
Q1188
Which of the following are the three MAIN categories of security controls?
Answer: A
Q1189
What part of an organization's strategic risk assessment MOST likely includes information on items
affecting the success of the organization?
Answer: A
Q1190
An organization has implemented a protection strategy to secure the network from unauthorized external
access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting
the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST
meets this objective?
A. Application firewall
B. Port security
C. Strong passwords
D. Two-factor authentication (2FA)
Answer: D
Answer: C
Q1192
During testing, where are the requirements to inform parent organizations, law enforcement, and a
computer incident response team documented?
Answer: D
Q1193
What is static analysis intended to do when analyzing an executable file?
A. Collect evidence of the executable file's usage, including dates of creation and last use.
B. Search the documents and files associated with the executable file.
C. Analyze the position of the file in the file system and the executable file's libraries.
D. Disassemble the file to gather information about the executable file's function.
Answer: D
Q1194
In addition to life, protection of which of the following elements is MOST important when planning a data
center site?
Answer: D
Q1195
In an IDEAL encryption system, who has sole access to the decryption key?
A. System owner
B. Data owner
C. Data custodian
D. System administrator
Answer: B
Q1196
Which of the following roles is responsible for ensuring that important datasets are developed,
maintained, and are accessible within their defined specifications?
A. Data Reviewer
B. Data User
C. Data Custodian
D. Data Owner
Answer: D
Q1197
What is the MOST important criterion that needs to be adhered to during the data collection process of an
active investigation?
Answer: A
Q1198
What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)? Questions and
Answers 365/451
Answer: C
Q1199
A user's credential for an application is stored in a relational database. Which control protects the
confidentiality of the credential while it is stored?
Answer: C
Q1200
What is the PRIMARY consideration when testing industrial control systems (ICS) for security
weaknesses?
Answer: B
Q1201
An organization implements Network Access Control (NAC) ay Institute of Electrical and Electronics
Engineers (IEEE) 802.1x and discovers the printers do not support the IEEE 802.1x standard. Which of
the following is the BEST resolution?
Answer: A
Q1202
What process facilitates the balance of operational and economic costs of protective measures with gains
in mission capability?
A. Risk assessment
B. Performance testing
C. Security audit
D. Risk management
Answer: D
Q1203
Which of the following BEST describes why software assurance is critical in helping prevent an increase
in business and mission risk for an organization?
A. Software that does not perform as intended may be exploitable which makes it vulnerable to attack.
B. Request for proposals (RFP) avoid purchasing software that does not meet business needs.
C. Contracting processes eliminate liability for security vulnerabilities for the purchaser.
D. Decommissioning of old software reduces long-term costs related to technical debt.
Answer: B
Q1204
In software development, which of the following entities normally signs the code to protect the code
integrity?
Answer: B
Q1205
Questions and Answers 367/451
Which security evaluation model assesses a product's Security Assurance Level (SAL) in comparison to
similar solutions?
Answer: C
Q1206
Which of the following is a risk matrix?
Answer: C
Q1207
Which evidence collecting technique would be utilized when it is believed an attacker is employing a
rootkit and a quick analysis is needed?
A. Memory collection
B. Forensic disk imaging
C. Malware analysis
D. Live response
Answer: A
Q1208
A user is allowed to access the file labeled "Financial Forecast," but only between 9:00 a.m. and 5:00
A. m., Monday through Friday. Which type of access mechanism should be used to accomplish this?
B. Minimum access control
C. Rule-based access control
D. Limited role-based access control (RBAC)
E. Access control list (ACL)
Questions and Answers 368/451
Answer: B
Q1209
An organization wants to share data securely with their partners via the Internet. Which standard port is
typically used to meet this requirement?
Answer: C
Q1210
Which part of an operating system (OS) is responsible for providing security interfaces among the
hardware, OS, and other parts of the computing system?
A. Time separation
B. Trusted Computing Base (TCB)
C. Reference monitor
D. Security kernel
Answer: D
Q1211
Recently, an unknown event has disrupted a single Layer-2 network that spans between two
geographically diverse data centers. The network engineers have asked for assistance in identifying the
root cause of the event. Which of the following is the MOST likely cause?
A. Misconfigured routing protocol
B. Smurf attack
C. Broadcast domain too large
D. Address spoofing
Answer: D
Q1212
What would be the BEST action to take in a situation where collected evidence was left unattended
Questions and Answers 369/451
Answer: D
Q1213
Which of the following contributes MOST to the effectiveness of a security officer?
Answer: A
Q1214
An organization wants a service provider to authenticate users via the users' organization domain
credentials. Which markup language should the organization's security personnel use to support the
integration?
Answer: A
Q1215
A recent security audit is reporting several unsuccessful login attempts being repeated at specific times
during the day on an Internet facing authentication server. No alerts have been generated by the security
information and event management (SIEM) system. What PRIMARY action should be taken to improve
SIEM performance?
Answer: B
Q1216
What is a security concern when considering implementing software-defined networking (SDN)?
Answer: C
Q1217
Which of the following is the MOST important rule for digital investigations?
Answer: C
Q1218
A cybersecurity engineer has been tasked to research and implement an ultra-secure communications
channel to protect the organization's most valuable intellectual property (IP). The primary directive in this
initiative is to ensure there Is no possible way the communications can be intercepted without detection.
Which of the following Is the only way to ensure this `outcome?
Answer: C
Q1219
Questions and Answers 371/451
An organization is trying to secure instant messaging (IM) communications through its network perimeter.
Which of the following is the MOST significant challenge?
Answer: B
Q1220
A company wants to store data related to users on an offsite server. What method can be deployed to
protect the privacy of the user's information while maintaining the field-level configuration of the
database?
A. {Encryption
B. Encoding
C. Tokenization
D. Hashing
Answer: A
Q1221
What is the FIRST step in developing a patch management plan?
Answer: B
Q1222
When resolving ethical conflicts, the information security professional MUST consider many factors. In
what order should these considerations be prioritized?
A. Public safety, duties to individuals, duties to the profession, and duties to principals
B. Public safety, duties to principals, duties to individuals, and duties to the profession
C. Public safety, duties to the profession, duties to principals, and duties to individuals Questions and
Answers 372/451
D. Public safety, duties to principals, duties to the profession, and duties to individuals
Answer: C
Q1223
An organization is implementing security review as part of system development. Which of the following is
the BEST technique to follow?
Answer: C
Q1224
How does Radio-Frequency Identification (RFID) assist with asset management?
Answer: B
Q1225
Which of the following services can be deployed via a cloud service or on-premises to integrate with
Identity as a Service (IDaaS) as the authoritative source of user identities?
A. Directory
B. User database
C. Multi-factor authentication (MFA)
D. Single sign-on (SSO)
Answer: A
Q1226
Which of the following security tools monitors devices and records the information in a central Questions
and Answers 373/451
Answer: A
Q1227
Secure coding can be developed by applying which one of the following?
Answer: B
Q1228
A company is moving from the V model to Agile development. How can the information security
department BEST ensure that secure design principles are implemented in the new methodology?
Answer: D
Q1229
An organization wants to define its physical perimeter. What primary device should be used to accomplish
this objective if the organization's perimeter MUST cost-efficiently deter casual trespassers?
A. Fences eight or more feet high with three strands of barbed wire
B. Fences three to four feet high with a turnstile
C. Fences accompanied by patrolling security guards
D. Fences six to seven feet high with a painted gate
Questions and Answers 374/451
Answer: A
Q1230
The acquisition of personal data being obtained by a lawful and fair means is an example of what
principle?
Answer: D
Q1231
What is the BEST control to be implemented at a login page in a web application to mitigate the ability to
enumerate users?
Answer: A
Q1232
If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol
(VoIP), which of the following becomes even MORE essential to the assurance of network?
Answer: C
Q1233
Questions and Answers 375/451
A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to on and
security However, an attacker was able to spoof a registered account on the network and query the SAML
provider.
What is the MOST common attack leverage against this flaw?
Answer: A
Q1234
A company is attempting to enhance the security of its user authentication processes. After evaluating
several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following
factors leads the company to choose an IDaaS as their solution?
Answer: B
Q1235
In which of the following system life cycle processes should security requirements be developed?
A. Risk management
B. Business analysis
C. Information management
D. System analysis
Answer: B
Q1236
Which of the following virtual network configuration options is BEST to protect virtual machines (VM)?
A. Traffic filtering
Questions and Answers 376/451
B. Data encryption
C. Data segmentation
D. Traffic throttling
Answer: D
Q1237
Which of the following is the BEST method to validate secure coding techniques against injection and
overflow attacks?
A. Scheduled team review of coding style and techniques for vulnerability patterns
B. Using automated programs to test for the latest known vulnerability patterns
C. The regular use of production code routines from similar applications already in use
D. Ensure code editing tools are updated against known vulnerability patterns
Answer: B
Q1238
A Distributed Denial of Service (DDoS) attack was carried out using malware called Mirai to create a
large-scale command and control system to launch a botnet. Which of the following devices were the
PRIMARY sources used to generate the attack traffic?
Answer: A
Q1239
An establish information technology (IT) consulting firm is considering acquiring a successful local startup.
To gain a comprehensive understanding of the startup's security posture' which type of assessment
provides the BEST information?
A. A security audit
B. A penetration test
C. A tabletop exercise
D. A security threat model
Answer: A
Answer: C
Q1241
A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to
the vendor when it is no longer needed. The vendor pays more money for functioning drives than
equipment that is no longer operational. Which method of data sanitization would provide the most secure
means of preventing unauthorized data loss, while also receiving the most money from the vendor?
A. Pinning
B. Single-pass wipe
C. Degaussing
D. Multi-pass wipes
Answer: C
Q1242
In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used
to reduce device exposure to malware?
Answer: B
Q1243
Questions and Answers 378/451
What is considered a compensating control for not having electrical surge protectors installed?
Answer: D
Q1244
What is considered the BEST when determining whether to provide remote network access to a third-
party security service?
A. Contract negotiation
B. Vendor demonstration
C. Supplier request
D. Business need
Answer: D
Q1245
When network management is outsourced to third parties, which of the following is the MOST effective
method of protecting critical data assets?
Answer: C
Q1246
What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol
(ICMP) based attacks?
Answer: B
Q1247
A system developer has a requirement for an application to check for a secure digital signature before the
application is accessed on a user's laptop. Which security mechanism addresses this requirement?
A. Hardware encryption
B. Certificate revocation list (CRL) policy
C. Trusted Platform Module (TPM)
D. Key exchange
Answer: B
Q1248
The security organization is looking for a solution that could help them determine with a strong level of
confidence that attackers have breached their network. Which solution is MOST effective at discovering a
successful network breach?
A. Deploying a honeypot
B. Developing a sandbox
C. Installing an intrusion prevention system (IPS)
D. Installing an intrusion detection system (IDS)
Answer: A
Q1249
A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15
minutes. The current design has all of the application infrastructure located within one co-location data
center. Which security principle is the architect currently assessing?
A. Availability
B. Disaster recovery (DR)
C. Redundancy
D. Business continuity (BC)
Answer: D
Questions and Answers 380/451
Q1250
Which of the following outsourcing agreement provisions has the HIGHEST priority from a security
operations perspective?
Answer: D
Q1251
When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's
first consideration?
Answer: B
Q1252
A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the
following are the MOST important factors to consider while making a decision on which wireless spectrum
to deploy?
Answer: D
Q1253
A subscription service which provides power, climate control, raised flooring, and telephone wiring but
NOT the computer and peripheral equipment is BEST described as a:
A. warm site.
Questions and Answers 381/451
B. reciprocal site.
C. sicold site.
D. hot site.
Answer: C
Q1254
Which of the following is the PRIMARY goal of logical access controls?
Q1255
The ability to send malicious code, generally in the form of a client side script, to a different end user is
categorized as which type of vulnerability?
A. Session hijacking
B. Cross-site request forgery (CSRF)
C. Cross-Site Scripting (XSS)
D. Command injection
Answer: C
Q1256
The security architect has been mandated to assess the security of various brands of mobile devices. At
what phase of the product lifecycle would this be MOST likely to occur?
A. Disposal
B. Implementation
C. Development
D. Operations and maintenance
Answer: C
Q1257
Questions and Answers 382/451
A hacker can use a lockout capability to start which of the following attacks?
Answer: A
Q1258
An Internet media company produces and broadcasts highly popular television shows. The company is
suffering a huge revenue loss due to piracy. What technique should be used to track the distribution of
content?
A. Install the latest data loss prevention (DLP) software at every server used to distribute content.
B. Log user access to servers. Every day those log records are going to be audited by a team of
specialized investigators.
C. Hire several investigators to identify sources of pirated content and report people sharing the content.
D. Use watermarking to hide a signature into the digital media such that it can be used to find who is
using the company's content.
Answer: D
Q1259
Using the cipher text and resultant clear text message to derive the non-alphabetic cipher key is an
example of which method of cryptanalytic attack?
A. Frequency analysis
B. Ciphertext-only attack
C. Probable-plaintext attack
D. Known-plaintext attack
Answer: D
Q1260
All hosts on the network are sending logs via syslog-ng to the log collector. The log collector is behind its
own firewall, The security professional wants to make sure not to put extra load on the firewall due to the
amount of traffic that is passing through it. Which of the following types of filtering would Questions and
Answers 383/451
Answer: C
Q1261
An organization has been collecting a large amount of redundant and unusable data and filling up the
storage area network (SAN). Management has requested the identification of a solution that will address
ongoing storage problems. Which is the BEST technical solution?
A. Deduplication
B. Compression
C. Replication
D. Caching
Answer: B
Q1262
A security practitioner has been asked to model best practices for disaster recovery (DR) and business
continuity. The practitioner has decided that a formal committee is needed to establish a business
continuity policy. Which of the following BEST describes this stage of business continuity development?
Answer: D
Q1263
What is the MOST appropriate hierarchy of documents when implementing a security program?
Answer: C
Q1264
Which of the following is the MOST common cause of system or security failures?
Answer: D
Q1265
Which access control method is based on users issuing access requests on system resources, features
assigned to those resources, the operational or situational context, and a set of policies specified in terms
of those features and context?
Answer: B
Q1266
Information security practitioners are in the midst of implementing a new firewall. Which of the following
failure methods would BEST prioritize security in the event of failure?
A. Fail-Closed
B. Fail-Open
C. Fail-Safe
D. Failover
Answer: A
Q1267
Questions and Answers 385/451
Which of the following is a PRIMARY security weakness in the design of Domain Name System (DNS)?
Answer: A
Q1268
Which of the following BEST describes the purpose of the reference monitor when defining access control
to enforce the security model?
Answer: B
Q1269
A project manager for a large software firm has acquired a government contract that generates large
amounts of Controlled Unclassified Information (CUI). The organization's information security manager
has received a request to transfer project-related CUI between systems of differing security
classifications. What role provides
the authoritative guidance for this transfer?
A. Information owner
B. PM
C. Data Custodian
D. Mission/Business Owner
Answer: C
Q1270
Which of the following protects personally identifiable information (PII) used by financial services
organizations?
A. National Institute of Standards and Technology (NIST) SP 800-53 Questions and Answers 386/451
B. Gramm-Leach-Bliley Act (GLBA)
C. Payment Card Industry Data Security Standard (PCI-DSS)
D. Health Insurance Portability and Accountability Act (HIPAA)
Answer: B
Q1271
Which of the following is a common term for log reviews, synthetic transactions, and code reviews?
Answer: B
Q1272
At what stage of the Software Development Life Cycle (SDLC) does software vulnerability remediation
MOST likely cost the least to implement?
A. Development
B. Testing
C. Deployme
D. Design
Answer: D
Q1273
Clothing retailer employees are provisioned with user accounts that provide access to resources at
partner businesses. All partner businesses use common identity and access management (IAM) protocols
and differing technologies. Under the Extended Identity principle, what is the process flow between
partner businesses to allow this TAM action?
A. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then
sends credentials to partner businesses that act as a Service Provider and allows access to services.
B. Clothing retailer acts as User Self Service, confirms identity of user using industry standards, then
sends credentials to partner businesses that act as a Service Provider and allows access to services.
C. Clothing retailer acts as Service Provider, confirms identity of user using industry standards, then
Questions and Answers 387/451
sends credentials to partner businesses that act as an identity provider (IdP) and allows access to
resources.
D. Clothing retailer acts as Access Control Provider, confirms access of user using industry standards,
then sends credentials to partner businesses that act as a Service Provider and allows access to
resources.
Answer: A
Q1274
Using Address Space Layout Randomization (ASLR) reduces the potential for which of the following
attacks?
Answer: D
Q1275
Which of the following ensures old log data is not overwritten?
Answer: D
Q1276
What is the benefit of using Network Admission Control (NAC)?
A. Operating system (OS) versions can be validated prior to allowing network access.
B. NAC supports validation of the endpoint's security posture prior to allowing the session to go into an
authorized state.
C. NAC can require the use of certificates, passwords, or a combination of both before allowing network
admission.
D. NAC only supports Windows operating systems (OS).
Answer: C
Answer: D
Q1278
Which of the following is the BEST approach to implement multiple servers on a virtual system?
A. Implement multiple functions per virtual server and apply the same security configuration for each
virtual server.
B. Implement one primary function per virtual server and apply high security configuration on the host
operating system.
C. Implement one primary function per virtual server and apply individual security configuration for each
virtual server.
D. Implement multiple functions within the same virtual server and apply individual security configurations
to each function.
Answer: C
Q1279
Which of the following is the MOST important consideration in selecting a security testing method based
on different Radio-Frequency Identification (RFID) vulnerability types?
Answer: C
Answer: D
Q1281
When testing password strength, which of the following is the BEST method for brute forcing passwords?
Answer: C
Q1282
What is a use for mandatory access control (MAC)?
Q1283
Which of the following MUST be done before a digital forensics investigator may acquire digital evidence?
Answer: C
Q1284
A security engineer is required to integrate security into a software project that is implemented by small
groups test quickly, continuously, and independently develop, test, and deploy code to the cloud. The
engineer will MOST likely integrate with which software development process'
Answer: C
Q1285
An authentication system that uses challenge and response was recently implemented on an
organization's network, because the organization conducted an annual penetration test showing that
testers were able to move laterally using authenticated credentials. Which attack method was MOST
likely used to achieve this?
Answer: B
Q1286
Which of the following is an example of a vulnerability of full-disk encryption (FDE)?
A. Data at rest has been compromised when the user has authenticated to the device.
B. Data on the device cannot be restored from backup.
C. Data in transit has been compromised when the user has authenticated to the device.
D. Data on the device cannot be backed up.
Answer: A
Answer: C
Q1288
Which one of the following BEST protects vendor accounts that are used for emergency maintenance?
Answer: B
Q1289
Which part of an operating system (OS) is responsible for providing security interfaces among the
hardware, OS, and other parts of the computing system?
Answer: C
Q1290
The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert
regarding ICS-focused malware specifically propagating through Windows-based business networks.
Technicians at a local water utility note that their dams, canals, and locks controlled by an Questions and
Answers 392/451
internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital
forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is
the
MOST challenging aspect of this investigation?
Answer: C
Q1291
To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock
down the system and minimize the risk of an attack?
Answer: D
Q1292
A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon
auditing the internal firewall configuration, the network administrator discovered that split-tunneling was
enabled. What is the concern with this configuration?
Answer: C
Q1293
A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its
security program. This report should an abbreviated report that can be freely distributed. Which type of
report BEST meets this requirement?
Questions and Answers 393/451
A. SOC 1
B. SOC 2 Type I
C. SOC 2 Type II
D. SOC 3
Answer: D
Q1294
What action should be taken by a business line that is unwilling to accept the residual risk in a system
after implementing compensating controls?
Answer: B
Q1295
Which of the following BEST represents a defense in depth concept?
A. Network-based data loss prevention (DLP), Network Access Control (NAC), network-based Intrusion
prevention system (NIPS), Port security on core switches
B. Host-based data loss prevention (DLP), Endpoint anti-malware solution, Host-based integrity checker,
Laptop locks, hard disk drive (HDD) encryption
C. Endpoint security management, network intrusion detection system (NIDS), Network Access Control
(NAC), Privileged Access Management (PAM), security information and event management (SIEM)
D. Web application firewall (WAF), Gateway network device tuning, Database firewall, Next- Generation
Firewall (NGFW), Tier-2 demilitarized zone (DMZ) tuning
Answer: C
Q1296
Which of the following statements BEST distinguishes a stateful packet inspection firewall from a
stateless packet filter firewall?
A. The SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
packets.
B. The SPI inspects the traffic in the context of a session.
Questions and Answers 394/451
C. The SPI is capable of dropping packets based on a pre-defined rule set.
D. The SPI inspects traffic on a packet-by-packet basis.
Answer: B
Q1297
A client server infrastructure that provides user-to-server authentication describes which one of the
following?
Answer: B
Q1298
An organization has developed a way for customers to share information from their wearable devices with
each other. Unfortunately, the users were not informed as to what information collected would be shared.
What technical controls should be put in place to remedy the privacy issue while still trying to accomplish
the organization's business goals?
Answer: D
Q1299
In which process MUST security be considered during the acquisition of new software?
A. Contract negotiation
B. Request for proposal (RFP)
C. Implementation
D. Vendor selection
Answer: B
A. Processing Integrity
B. Availability
C. Confidentiality
D. Security
Answer: B
Q1301
A company needs to provide shared access of sensitive data on a cloud storage to external business
partners. Which of the following identity models is the BEST to blind identity providers (IdP) and relying
parties (RP) so that subscriber lists of other parties are not disclosed?
A. Federation authorities
B. Proxied federation
C. Static registration
D. Dynamic registration
Answer: D
Q1302
Which algorithm gets its security from the difficulty of calculating discrete logarithms in a finite field and is
used to distribute keys, but cannot be used to encrypt or decrypt messages?
A. Diffie-Hellman
B. Digital Signature Algorithm (DSA)
C. Rivest-Shamir-Adleman (RSA)
D. Kerberos
Answer: C
Q1303
Which Wide Area Network (WAN) technology requires the first router in the path to determine the
Questions and Answers 396/451
full path the packet will travel, removing the need for other routers in the path to make independent
determinations?
Answer: A
Q1304
An organization recently suffered from a web-application attack that resulted in stolen user session cookie
information. The attacker was able to obtain the information when a user's browser executed a script
upon visiting a compromised website. What type of attack MOST likely occurred?
Answer: A
Q1305
An organization recently upgraded to a Voice over Internet Protocol (VoIP) phone system. Management is
concerned with unauthorized phone usage. security consultant is responsible for putting together a plan
to secure these phones. Administrators have assigned unique personal identification number codes for
each person in the organization. What is the BEST solution?
Answer: C
Q1306
Questions and Answers 397/451
Which of the following regulations dictates how data breaches are handled?
A. Sarbanes-Oxley (SOX)
B. National Institute of Standards and Technology (NIST)
C. Payment Card Industry Data Security Standard (PCI-DSS)
D. General Data Protection Regulation (GDPR)
Answer: D
Q1307
Which of the following is fundamentally required to address potential security issues when initiating
software development?
Answer: C
Q1308
Which of the following is the BEST method a security practitioner can use to ensure that systems and
sub-systems gracefully handle invalid input?
A. Unit testing
B. Integration testing
C. Negative testing
D. Acceptance testing
Answer: B
Q1309
An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer
Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model
requires inspection?
A. Presentation
B. Transport
C. Session
Questions and Answers 398/451
D. Application
Answer: A
Q1310
An organization has requested storage area network (SAN) disks for a new project. What Redundant
Array of Independent Disks (RAID) level provides the BEST redundancy and fault tolerance?
A. RAID level 1
B. RAID level 3
C. RAID level 4
D. RAID level 5
Answer: D
Q1311
An organization has implemented a password complexity and an account lockout policy enforcing five
incorrect logins tries within ten minutes. Network users have reported significantly increased account
lockouts. Which of the following security principles is this company affecting?
A. Availability
B. Integrity
C. Confidentiality
D. Authentication
Answer: A
Q1312
In the last 15 years a company has experienced three electrical failures. The cost associated with each
failure is listed below.
Which of the following would be a reasonable annual loss expectation?
A. 140,000
B. 3,500
Questions and Answers 399/451
C. 350,000
D. 14,000
Answer: B
Q1313
Which of the following addresses requirements of security assessments during software acquisition?
Answer: A
Q1314
Which of the following BEST obtains an objective audit of security controls?
A. The security audit is measured against a known standard.
B. The security audit is performed by a certified internal auditor.
C. The security audit is performed by an independent third-party.
D. The security audit produces reporting metrics for senior leadership.
Answer: A
Q1315
Which of the following is established to collect information Se eee ee ee nation readily available in part
through implemented security controls?
Answer: D
Q1316
In order to provide dual assurance in a digital signature system, the design MUST include which of
Questions and Answers 400/451
the following?
Answer: B
Q1317
Which of the following attacks, if successful, could give an intruder complete control of a software- defined
networking (SDN) architecture?
Answer: B
Q1318
What type of investigation applies when malicious behavior is suspected between two organizations?
A. Regulatory
B. Criminal
C. Civil
D. Operational
Answer: A
Q1319
The Chief Information Security Officer (CISO) of a small organization is making a case for building a
security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid
capability, which of the following would be the MAIN consideration, regardless of the model?
Answer: C
Q1320
What are the three key benefits that application developers should derive from the northbound application
programming interface (API) of software defined networking (SDN)?
Answer: C
Q1321
What security principle addresses the issue of "Security by Obscurity"?
A. Open design
B. Segregation of duties (SoD)
C. Role Based Access Control (RBAC)
D. Least privilege
Answer: D
Q1322
In Federated Identity Management (FIM), which of the following represents the concept of federation?
Answer: D
A. Design
B. Test
C. Development
D. Deployment
Answer: C
Q1324
Which of the following vulnerability assessment activities BEST exemplifies the Examine method of
assessment?
A. Ensuring that system audit logs capture all relevant data fields required by the security controls
baseline
B. Performing Port Scans of selected network hosts to enumerate active services
C. Asking the Information System Security Officer (ISSO) to describe the organization's patch
management processes
D. Logging into a web server using the default administrator account and a default password
Answer: D
Q1325
Which of the following is the MOST appropriate control for asset data labeling procedures?
Answer: C
Q1326
What BEST describes the confidentiality, integrity, availability triad?
A. A tool used to assist in understanding how to protect the organization's data Questions and Answers
403/451
B. The three-step approach to determine the risk level of an organization
C. The implementation of security systems to protect the organization's data
D. A vulnerability assessment to see how well the organization's data is protected
Answer: C
Q1327
When developing an external facing web-based system, which of the following would be the MAIN focus
of the security assessment prior to implementation and production?
Answer: B
Q1328
What type of risk is related to the sequences of value-adding and managerial activities undertaken in an
organization?
A. Demand risk
B. Process risk
C. Control risk
D. Supply risk
Answer: B
Q1329
In an environment where there is not full administrative control over all network connected endpoints,
such as a university where non-corporate devices are used, what is the BEST way to restrict access to
the network?
A. Use switch port security to limit devices connected to a particular switch port.
B. Use of virtual local area networks (VLAN) to segregate users.
C. Use a client-based Network Access Control (NAC) solution.
D. Use a clientless Network Access Control (NAC) solution
Answer: A
Answer: A
Q1331
Which of the following is the BEST way to determine the success of a patch management process?
Answer: A
Q1332
A company needs to provide employee access to travel services, which are hosted by a third-party
service provider, Employee experience is important, and when users are already authenticated, access to
the travel portal is seamless. Which of the following methods is used to share information and grant user
access to the travel portal?
Answer: D
Q1333
Why is data classification control important to an organization? Questions and Answers 405/451
Answer: A
Q1334
Which of the following is the strongest physical access control?
Answer: D
Q1335
While dealing with the consequences of a security incident, which of the following security controls are
MOST appropriate?
Answer: C
Q1336
A Chief Information Security Officer (CISO) of a firm which decided to migrate to cloud has been tasked
with ensuring an optimal level of security. Which of the following would be the FIRST consideration?
A. Define the cloud migration roadmap and set out which applications and data repositories should be
moved into the cloud.
B. Ensure that the contract between the cloud vendor and the firm clearly defines responsibilities for
operating security controls.
C. Analyze the firm's applications and data repositories to determine the relevant control requirements.
D. Request a security risk assessment of the cloud vendor be completed by an independent third-
Questions and Answers 406/451
party.
Answer: A
Q1337
Which technique helps system designers consider potential security concerns of their systems and
applications?
A. Penetration testing
B. Threat modeling
C. Manual inspections and reviews
D. Source code review
Answer: B
Q1338
What is the MOST important goal of conducting security assessments?
Answer: B
Q1339
A hospital's building controls system monitors and operates the environmental equipment to maintain a
safe and comfortable environment. Which of the following could be used to minimize the risk of utility
supply interruption?
A. Digital devices that can turn equipment off and continuously cycle rapidly in order to increase supplies
and conceal activity on the hospital network
B. Standardized building controls system software with high connectivity to hospital networks
C. Lock out maintenance personnel from the building controls system access that can impact critical utility
supplies
D. Digital protection and control devices capable of minimizing the adverse impact to critical utility
Answer: D
A. Fencing around the facility with closed-circuit television (CCTV) cameras at all entry points
B. Ground sensors installed and reporting to a security event management (SEM) system
C. Steel casing around the facility ingress points
D. regular sweeps of the perimeter, including manual inspection of the cable ingress points
Answer: D
Q1341
What is the BEST method to use for assessing the security impact of acquired software?
Answer: B
Q1342
Which of the following is the MOST effective way to ensure the endpoint devices used by remote users
are compliant with an organization's approved policies before being allowed on the network?
Answer: B
Q1343
Which of the following factors should be considered characteristics of Attribute Based Access Control
(ABAC) in terms of the attributes used?
Answer: D
Q1344
A security architect is developing an information system for a client. One of the requirements is to deliver
a platform that mitigates against common vulnerabilities and attacks, What is the MOST efficient option
used to prevent buffer overflow attacks?
A. Process isolation
B. Address Space Layout Randomization (ASLR)
C. Processor states
D. Access control mechanisms
Answer: B
Q1345
A security engineer is assigned to work with the patch and vulnerability management group. The
deployment of a new patch has been approved and needs to be applied. The research is complete, and
the security engineer has provided recommendations. Where should the patch be applied FIRST?
A. Server environment
B. Desktop environment
C. Lower environment
D. Production environment
Answer: C
Q1346
When telephones in a city are connected by a single exchange, the caller can only connect with the
switchboard operator. The operator then manually connects the call.
This is an example of which type of network topology?
A. Star
B. Tree
C. Point-to-Point Protocol (PPP)
D. Bus
Answer: A
A. Operations
B. Human resources (HR)
C. Information technology (IT)
D. Security
Answer: A
Q1348
Which of the following should be done at a disaster site before any item is removed, repaired, or
replaced?
Answer: A
Q1349
Which organizational department is ultimately responsible for information governance related to e- mail
and other e-records?
A. Audit
B. Compliance
C. Legal
D. Security
Answer: C
Q1350
What is the FIRST step in risk management?
Answer: C
Q1351
Which element of software supply chain management has the GREATEST security risk to organizations?
Answer: B
Q1352
A colleague who recently left the organization asked a security professional for a copy of the
organization's confidential incident management policy. Which of the following is the BEST response to
this request?
A. Email the policy to the colleague as they were already part of the organization and familiar with it.
B. Do not acknowledge receiving the request from the former colleague and ignore them.
C. Access the policy on a company-issued device and let the former colleague view the screen.
D. Submit the request using company official channels to ensure the policy is okay to distribute.
Answer: B
Q1353
Within a large organization, what business unit is BEST positioned to initiate provisioning and
deprovisioning of user accounts?
A. Training department
B. Internal audit
C. Human resources
D. Information technology (IT)
Answer: C
Answer: D
Q1355
Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?
Answer: D
Q1356
Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile
device which has been stolen?
Answer: A
Q1357
An organization is implementing data encryption using symmetric ciphers and the Chief Information
Officer (CIO) is concerned about the risk of using one key to protect all sensitive data, The security
practitioner has been tasked with recommending a solution to address the CIO's concerns, Which of
Questions and Answers 412/451
the following is the BEST approach to achieving the objective by encrypting all sensitive data?
Answer: D
Q1358
International bodies established a regulatory scheme that defines how weapons are exchanged between
the signatories. It also addresses cyber weapons, including malicious software, Command and Control
(C2) software, and internet surveillance software. This is a description of which of the following?
Answer: C
Q1359
In software development, developers should use which type of queries to prevent a Structured Query
Language (SQL) injection?
A. Parameterised
B. Dynamic
C. Static
D. Controlled
Answer: A
Q1360
Which of the following BEST describes when an organization should conduct a black box security audit
on a new software product?
Answer: B
Q1361
The Chief Information Officer (CIO) has decided that as part of business modernization efforts the
organization will move towards a cloud architecture. All business-critical data will be migrated to either
internal or external cloud services within the next two years. The CIO has a PRIMARY obligation to work
with personnel in which role in
order to ensure proper protection of data during and after the cloud migration?
A. Information owner
B. General Counsel
C. Chief Information Security Officer (CISO)
D. Chief Security Officer (CSO)
Answer: A
Q1362
When reviewing vendor certifications for handling and processing of company data, which of the following
is the BEST Service Organization Controls (SOC) certification for the vendor to possess?
A. SOC 1 Type 1
B. SOC 2 Type 1
C. SOC 2 Type 2
D. SOC 3
Answer: C
Q1363
Which of the following is a covert channel type?
A. Storage
B. Pipe
C. Memory
D. Monitoring
Answer: A
A. Change driver
B. Change implementer
C. Program sponsor
D. Project manager
Answer: D
Q1365
Which of the following is a unique feature of attribute-based access control (ABAC)?
Answer: C
Q1366
When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-
level audit phases?
A. Requirements
B. Risk assessment
C. Due diligence
D. Planning
Answer: B
Q1367
Which of the following BEST describes the purpose of Border Gateway Protocol (BGP)?
Answer: B
Q1368
Which of the following is the PRIMARY purpose of installing a mantrap within a facility?
A. Control traffic
B. Prevent rapid movement
C. Prevent plggybacking
D. Control air flow
Answer: C
Q1369
A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution
by deploying the application with which of the following controls in ?
A. Whitelisting application
B. Network segmentation
C. Hardened configuration
D. Blacklisting application
Answer: A
Q1370
Which of the following would an information security professional use to recognize changes to content,
particularly unauthorized changes?
Answer: A
Q1371
Questions and Answers 416/451
An organization with divisions in the United States (US) and the United Kingdom (UK) processes data
comprised of personal information belonging to subjects living in the European Union (EU) and in the US.
Which data MUST be handled according to the privacy protections of General Data Protection Regulation
(GDPR)?
Answer: A
Q1372
Which of the following has the responsibility of information technology (IT) governance?
Answer: A
Q1373
Dumpster diving is a technique used in which stage of penetration testing methodology?
A. Attack
B. Discovery
C. Reporting
D. Planning
Answer: B
Q1374
What is the MOST common cause of Remote Desktop Protocol (RDP) compromise?
A. Port scan
B. Brute force attack
C. Remote exploit
D. Social engineering
Questions and Answers 417/451
Answer: B
Q1375
An organization is looking to include mobile devices in its asset management system for better tracking.
In which system tier of the reference architecture would mobile devices be tracked?
A. 0
B. 1
C. 2
D. 3
Answer: A
Q1376
Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement
(SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?
Answer: B
Q1377
A company developed a web application which is sold as a Software as a Service (SaaS) solution to the
customer. The application is hosted by a web server running on a `specific operating system (OS) on a
virtual machine (VM). During the transition phase of the service, it is determined that the support team will
need access to the application logs. Which of the following privileges would be the MOST suitable?
Answer: D
Q1378
Questions and Answers 418/451
A systems engineer is designing a wide area network (WAN) environment for a new organization. The
WAN will connect sites holding information at various levels of sensitivity, from publicly available to highly
confidential. The organization requires a high degree of interconnectedness to support existing business
processes. What is the
BEST design approach to securing this environment?
A. Place firewalls around critical devices, isolating them from the rest of the environment.
B. Layer multiple detective and preventative technologies at the environment perimeter.
C. Use reverse proxies to create a secondary "shadow" environment for critical systems.
D. Align risk across all interconnected elements to ensure critical threats are detected and handled.
Answer: B
Q1379
Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with
human vulnerability?
A. Disaster
B. Catastrophe
C. Crisis
D. Accident
Answer: B
Q1380
Which of the following goals represents a modern shift in risk management according to National Institute
of Standards and Technology (NIST)?
A. Focus on operating environments that are changing, evolving, and full of emerging threats.
B. Secure information technology (IT) systems that store, process, or transmit organizational information.
C. Enable management to make well-informed risk-based decisions justifying security expenditure.
D. Provide an improved mission accomplishment approach.
Answer: C
Q1381
A web developer is completing a new web application security checklist before releasing the application to
production. the task of disabling unecessary services is on the checklist. Which web Questions and
Answers 419/451
A. Security misconfiguration
B. Sensitive data exposure
C. Broken access control
D. Session hijacking
Answer: B
Q1382
Which of the following is a limitation of the Bell-LaPadula model?
A. Segregation of duties (SoD) is difficult to implement as the "no read-up" rule limits the ability of an
object to access information with a higher classification.
B. Mandatory access control (MAC) is enforced at all levels making discretionary access control (DAC)
impossible to implement.
C. It contains no provision or policy for changing data access control and works well only with access
systems that are static in nature.
D. It prioritizes integrity over confidentiality which can lead to inadvertent information disclosure.
Answer: A
Q1383
Which of the following is the BEST option to reduce the network attack surface of a system?
Answer: C
Q1384
Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record
generation?
Answer: B
Q1385
A financial organization that works according to agile principles has developed a new application for their
external customer base to request a line of credit. A security analyst has been asked to assess the
security risk of the minimum viable product (MVP). Which is the MOST important activity the analyst
should assess?
Answer: A
Q1386
When configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP)
network, which of the following authentication types is the MOST secure?
Answer: C
Q1387
An organization would like to ensure that all new users have a predefined departmental access template
applied upon creation. The organization would also like additional access for users to be granted on a
per-project basis. What type of user access administration is BEST suited to meet the organization's
needs?
A. Hybrid
B. Federated
C. Decentralized
D. Centralized
Answer: A
A. Perform physical separation of program information and encrypt only information deemed critical by the
defense client
B. Perform logical separation of program information, using virtualized storage solutions with built-in
encryption at the virtualization layer
C. Perform logical separation of program information, using virtualized storage solutions with encryption
management in the back-end disk systems
D. Implement data at rest encryption across the entire storage area network (SAN)
Answer: C
Q1389
A software developer installs a game on their organization-provided smartphone. Upon installing the
game, the software developer is prompted to allow the game access to call logs, Short Message Service
(SMS) messaging, and Global Positioning System (GPS) location dat
Answer: B
Q1390
A developer is creating an application that requires secure logging of all user activity. What is the BEST
permission the developer should assign to the log file to ensure requirements are met?
A. Read
B. Execute
C. Write
D. Append
Answer: C
Q1391
Questions and Answers 422/451
What industry-recognized document could be used as a baseline reference that is related to data security
and business operations for conducting a security assessment?
Answer: D
Q1392
A scan report returned multiple vulnerabilities affecting several production servers that are mission critical.
Attempts to apply the patches in the development environment have caused the servers to crash. What is
the BEST course of action?
Answer: C
Q1393
Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of
sensitive data?
Answer: A
Q1394
Which application type is considered high risk and provides a common way for malware and viruses to
enter a network?
Answer: A
Q1395
In a disaster recovery (DR) test, which of the following would be a trait of crisis management?
A. Wide focus
B. Strategic
C. Anticipate
D. Process
Answer: D
Q1396
The existence of physical barriers, card and personal identification number (PIN) access systems,
cameras, alarms, and security guards BEST describes this security approach?
Answer: B
Q1397
A software architect has been asked to build a platform to distribute music to thousands of users on a
global scale. The architect has been reading about content delivery networks (CDN). Which of the
following is a principal task to undertake?
Answer: B
A. Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and
identifiers.
B. Service providers agree to integrate identity system recognition across organizational boundaries.
C. Service providers identify an entity by behavior analysis versus an identification factor.
D. Service providers perform as both the credential and identity provider (IdP).
Answer: B
Q1399
A database server for a financial application is scheduled for production deployment. Which of the
following controls will BEST prevent tampering?
Answer: B
Q1400
What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?
Answer: D
Q1401
What is the benefit of an operating system (OS) feature that is designed to prevent an application from
executing code from a non-executable memory region?
Answer: C
Q1402
What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline
JavaScript and the execution of eval()-type functions?
A. Strict-Transport-Security
B. X-XSS-Protection
C. X-Frame-Options
D. Content-Security-Policy
Answer: D
Q1403
Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?
Answer: A
Q1404
In a quarterly system access review, an active privileged account was discovered that did not exist in the
prior review on the production system. The account was created one hour after the previous access
review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access
reviews?
Answer: D
A. The RPO is the maximum amount of time for which loss of data is acceptable.
B. The RPO is the minimum amount of data that needs to be recovered.
C. The RPO is a goal to recover a targeted percentage of data lost.
D. The RPO is the amount of time it takes to recover an acceptable percentage of data lost.
Answer: B
Q1406
The security operations center (SOC) has received credible intelligence that a threat actor is planning to
attack with multiple variants of a destructive virus. After obtaining a sample set of this virus' variants and
reverse engineering them to understand how they work, a commonality was found. All variants are coded
to write to a specific memory location. It is determined this virus is of no threat to the organization
because they had the focresight to enable what feature on all endpoints?
A. Process isolation
B. Trusted Platform Module (TPM)
C. Address Space Layout Randomization (ASLR)
D. Virtualization
Answer: C
Q1407
An information technology (IT) employee who travels frequently to various ies remotely to an organization'
the following solutions BEST serves as a secure control mechanism to meet the organization's
requirements?
to troubleshoot p Which of the following solutions BEST serves as a secure control mechanisn to meet
the organization's requirements?
A. Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where
the employee connects from.
B. Install a third-party screen sharing solution that provides remote connection from a public website.
C. Implement a Dynamic Domain Name Services (DDNS) account to initiate a virtual private network
(VPN) using the DDNS record.
D. Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA)
access.
Questions and Answers 427/451
Answer: D
Q1408
What is the term used to define where data is geographically stored in the cloud?
A. Data warehouse
B. Data privacy rights
C. Data subject rights
D. Data sovereignty
Answer: D
Q1409
Assuming an individual has taken all of the steps to keep their internet connection private, which of the
following is the BEST to browse the web privately?
A. Prevent information about browsing activities from being stored in the cloud.
B. Store browsing activities in the cloud.
C. Prevent information about browsing activities farm being stored on the personal device.
D. Store information about browsing activities on the personal device.
Answer: A
Q1410
Which of the following types of firewall only examines the "handshaking" between packets before
forwarding traffic?
A. Proxy firewalls
B. Host-based firewalls
C. Circuit-level firewalls
D. Network Address Translation (NAT) firewalls
Answer: C
Q1411
The security team plans on using automated account reconciliation in the corporate user access review
process. Which of the following must be implemented for the BEST results with fewest errors when
running the audit?
Questions and Answers 428/451
Answer: C
Q1412
Which of the following is included in change management?
Answer: A
Q1413
Which of the following technologies can be used to monitor and dynamically respond to potential threats
on web applications?
Answer: C
Q1414
Before allowing a web application into the production environment, the security practitioner performs
multiple types of tests to confirm that the web application performs as expected. To test the username
field, the security practitioner creates a test that enters more characters into the field than is allowed.
Which of the following BEST describes the type of test performed?
Answer: A
Q1415
When developing an organization's information security budget, it is important that the
Answer: A
Q1416
A digitally-signed e-mail was delivered over a wireless network protected with Wired Equivalent Privacy
(WEP) protocol. Which of the following principles is at risk?
A. Availability
B. Non-Repudiation
C. Confidentiality
D. Integrity
Answer: B
Q1417
When determining data and information asset handling, regardless of the specific toolset being used,
which of the following is one of the common components of big data?
Answer: C
Q1418
In a DevOps environment, which of the following actions is MOST necessary to have confidence in the
quality of the changes being made?
Questions and Answers 430/451
Answer: B
Q1419
Which of the following is TRUE for an organization that is using a third-party federated identity service?
Answer: C
Q1420
Computer forensics requires which of the following MAIN steps?
A. Announce the incident to responsible sections, analyze the data, assimilate the data for correlation
B. Take action to contain the damage, announce the incident to responsible sections, analyze the data
C. Acquire the data without altering, authenticate the recovered data, analyze the data
D. Access the data before destruction, assimilate the data for correlation, take action to contain the
damage
Answer: B
Q1421
Which of the following is the MAIN benefit of off-site storage?
A. Cost effectiveness
B. Backup simplicity
C. Fast recovery
D. Data availability
Questions and Answers 431/451
Answer: A
Q1422
Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?
A. Cutover
B. Walkthrough
C. Tabletop
D. Parallel
Answer: C
Q1423
If an employee transfers from one role to another, which of the following actions should this trigger within
the identity and access management (IAM) lifecycle?
Answer: B
Q1424
What is the PRIMARY objective of business continuity planning?
Answer: B
Q1425
What Is a risk of using commercial off-the-shelf (COTS) products?
Answer: A
Q1426
Which of the following is the FIRST step an organization's security professional performs when defining a
cyber-security program based upon industry standards?
A. Map the organization's current security practices to industry standards and frameworks.
B. Define the organization's objectives regarding security and risk mitigation.
C. Select from a choice of security best practices.
D. Review the past security assessments.
Answer: A
Q1427
What are the PRIMARY responsibilities of security operations for handling and reporting violations and
incidents?
A. Monitoring and identifying system failures, documenting incidents for future analysis, and scheduling
patches for systems
B. Scheduling patches for systems, notifying the help desk, and alerting key personnel
C. Monitoring and identifying system failures, alerting key personnel, and containing events
D. Documenting incidents for future analysis, notifying end users, and containing events
Answer: D
Q1428
An internal audit for an organization recently identified malicious actions by a user account. Upon further
investigation, it was determined the offending user account was used by multiple people at multiple
locations simultaneously for various services and applications. What is the BEST method to prevent this
problem in the future?
A. Ensure the security information and event management (SIEM) is set to alert.
B. Inform users only one user should be using the account at a time.
C. Ensure each user has their own unique account,
D. Allow several users to share a generic account.
Questions and Answers 433/451
Answer: A
Q1429
Which of the following are all elements of a disaster recovery plan (DRP)?
A. Document the actual location of the ORP, developing an incident notification procedure, evaluating
costs of critical components
B. Document the actual location of the ORP, developing an incident notification procedure, establishing
recovery locations
C. Maintain proper documentation of all server logs, developing an incident notification procedure,
establishing recovery locations
D. Document the actual location of the ORP, recording minutes at all ORP planning sessions, establishing
recovery locations
Answer: C
Q1430
Which of the following BEST ensures the integrity of transactions to intended recipients?
Answer: A
Q1431
A breach investigation ...... a website was exploited through an open soured .....Is The FIRB Stan In the
Process that could have prevented this breach?
A. Application whitelisting
B. Web application firewall (WAF)
C. Vulnerability remediation
D. Software inventory
Answer: B
Q1432
Questions and Answers 434/451
Answer: B
Q1433
What type of database attack would allow a customer service employee to determine quarterly sales
results before they are publically announced?
A. Polyinstantiation
B. Inference
C. Aggregation
D. Data mining
Answer: A
Q1434
Which of the following frameworks provides vulnerability metrics and characteristics to support the
National Vulnerability Database (NVD)?
Answer: D
Q1435
Which of the following would be the BEST mitigation practice for man-in-the-middle (MITM) Voice over
Internet Protocol (VoIP) attacks?
Answer: B
Q1436
Which of the following should be included in a good defense-in-depth strategy provided by object-
oriented programming for software deployment?
A. Polyinstantiation
B. Polymorphism
C. Encapsulation
D. Inheritance
Answer: A
Q1437
Which of the following documents specifies services from the client's viewpoint?
Answer: C
Q1438
An organization is planning to have an it audit of its as a Service (SaaS) application to demonstrate to
external parties that the security controls around availability are designed. The audit report must also
cover a certain period of time to show the operational effectiveness of the controls. Which Service
Organization Control (SOC) report would BEST fit their needs?
A. SOC 1 Type 1
B. SOC 1 Type 2
C. SOC 2 Type 1
D. SOC 2 Type 2
Answer: D
Q1439
Questions and Answers 436/451
Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the
Transmission Control Protocol/Internet Protocol (TCP/IP) model?
A. Transport Layer
B. Data Link and Physical Layers
C. Application, Presentation, and Session Layers
D. Session and Network Layers
Answer: B
Q1440
An organization is considering partnering with a third-party supplier of cloud services. The organization
will only be providing the data and the third-party supplier will be providing the security controls. Which of
the following BEST describes this service offering?
Answer: D
Q1441
Which security audit standard provides the BEST way for an organization to understand a vendor's
Information Systems (IS) in relation to confidentiality, integrity, and availability?
Answer: B
Q1442
Which of the following is the MOST appropriate technique for destroying magnetic platter style hard disk
drives (HDD) containing data with a "HIGH" security categorization?
Answer: D
Q1443
employee training, risk management, and data handling procedures and policies could be characterized
as which type of security measure?
A. Non-essential
B. Management
C. Preventative
D. Administrative
Answer: D
Q1444
The Chief Information Security Officer (CISO) of an organization has requested that a Service
Organization Control (SOC) report be created to outline the security and availability of a particular system
over a 12-month period. Which type of SOC report should be utilized?
A. SOC 1 Type 1
B. SOC 2 Type 2
C. SOC 2 Type 2
D. SOC 3 Type 1
Answer: C
Q1445
A security practitioner needs to implementation solution to verify endpoint security protections and
operating system (0S) versions. Which of the following is the BEST solution to implement?
Answer: B
Q1446
Questions and Answers 438/451
A new employee formally reported suspicious behavior to the organization security team. The report
claims that someone not affiliated with the organization was inquiring about the member's work location,
length of employment, and building access controls. The employee's reporting is MOST likely the result of
which of the following?
A. Risk avoidance
B. Security engineering
C. security awareness
D. Phishing
Answer: C
Q1447
The MAIN purpose of placing a tamper seal on a computer system's case is to:
Answer: A
Q1448
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The
Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is
the BEST data protection method?
A. Encryption
B. Backups
C. Data obfuscation
D. Strong authentication
Answer: C
Q1449
Which of the following describes the order in which a digital forensic process is usually conducted?
A. Ascertain legal authority, agree upon examination strategy, conduct examination, and report results
Questions and Answers 439/451
B. Ascertain legal authority, conduct investigation, report results, and agree upon examination strategy
C. Agree upon examination strategy, ascertain legal authority, conduct examination, and report results
D. Agree upon examination strategy, ascertain legal authority, report results, and conduct examination
Answer: A
Q1450
Compared to a traditional network, which of the following is a security-related benefit that software-
defined networking (SDN) provides?
Answer: B
Q1451
Which of the following are mandatory canons for the (ISC)* Code of Ethics?
Answer: D
Q1452
Which of the following is the MOST significant key management problem due to the number of keys
created?
Answer: B
Answer: B
Q1454
Which of the following is the BEST method a security practitioner can use to ensure that systems and
sub-system gracefully handle invalid input?
A. Negative testing
B. Integration testing
C. Unit testing
D. Acceptance testing
Answer: B
Q1455
Which of the following determines how traffic should flow based on the status of the infrastructure true?
A. Application plane
B. Data plane
C. Control plane
D. Traffic plane
Answer: D
Q1456
Which of the (ISC)? Code of Ethics canons is MOST reflected when preserving the value of systems,
applications, and entrusted information while avoiding conflicts of interest? Questions and Answers
441/451
Answer: B
Q1457
he security organization is loading for a solution that could help them determine with a strong level of
confident that attackers have breached their network. Which solution is MOST effective at discovering
successful network breach?
Answer: B
Q1458
Which of the following techniques evaluates the secure design principles of network OF software
architectures?
A. Risk modeling
B. Threat modeling
C. Fuzzing
D. Waterfall method
Answer: B
Q1459
When designing a business continuity plan (BCP), what is the formula to determine the Maximum
Tolerable Downtime (MTD)?
A. Annual Loss Expectancy (ALE) + Work Recovery Time (WRT)
B. Business impact analysis (BIA) + Recovery Point Objective (RPO)
C. Recovery Time Objective (RTO) + Work Recovery Time (WRT)
D. Estimated Maximum Loss (EML) + Recovery Time Objective (RTO) Questions and Answers 442/451
Answer: C
Q1460
A company wants to implement two-factor authentication (2FA) to protect their computers from
unauthorized users. Which solution provides the MOST secure means of authentication and meets the
criteria they have set?
Answer: D
Q1461
Which of the following is the MOST important first step in preparing for a security audit?
Answer: B
Q1462
An attacker is able to remain indefinitely logged into a exploiting to remain on the web service?
A. Alert management
B. Password management
C. Session management
D. Identity management (IM)
Answer: C
Q1463
Which of the following attack types can be used to compromise the integrity of data during transmission?
Questions and Answers 443/451
A. Keylogging
B. Packet sniffing
C. Synchronization flooding
D. Session hijacking
Answer: B
Q1464
A recent information security risk assessment identified weak system access controls on mobile devices
as a high me In order to address this risk and ensure only authorized staff access company information,
which of the following should the organization implement?
Answer: B
Q1465
Which of the following addresses requirements of security assessment during software acquisition?
Answer: B
Q1466
Which of the following MUST the administrator of a security information and event management (SIEM)
system ensure?
A. All sources are reporting in the exact same Extensible Markup Language (XML) format.
B. Data sources do not contain information infringing upon privacy regulations.
C. All sources are synchronized with a common time reference.
D. Each source uses the same Internet Protocol (IP) address for reporting.
Answer: C
Answer: B
Q1468
After the INITIAL input o f a user identification (ID) and password, what is an authentication system that
prompts the user for a different response each time the user logs on?
Answer: C
Q1469
What is the P R IM A R Y reason criminal law is difficult to enforce when dealing with cyber-crime?
Answer: D
Q1470
Which of the following are the B EST characteristics of security metrics?
Answer: D
Q1471
At which phase of the software assurance life cycle should risks associated with software acquisition
strategies be identified?
A. Follow-on phase
B. Planning phase
C. Monitoring and acceptance phase
D. Contracting phase
Answer: C
Q1472
Which of the following would be considered an incident if reported by a security information and event
management (SIEM) system?
Answer: C
Q1473
a large organization uses biometrics to allow access to its facilities. It adjusts the biometric value for
incorrectly granting or denying access so that the two numbers are the same.
What is this value called?
Answer: C
Answer: B
Q1475
If traveling abroad and a customs official demands to examine a personal computer, which of the
following should be assumed?
Answer: C
Q1476
What are the first two components of logical access control?
Answer: B
Q1477
What is the MAIN purpose of a security assessment plan?
A. Provide guidance on security requirements, to ensure the identified security risks are properly
addressed based on the recommendation
B. Provide the objectives for the security and privacy control assessments and a detailed roadmap of how
to conduct such assessments.
C. Provide technical information to executives to help them understand information security Questions
and Answers 447/451
postures and secure funding.
D. Provide education to employees on security and privacy, to ensure their awareness on policies and
procedures
Answer: B
Q1478
What is the MAIN purpose of conducting a business impact analysis (BIA)?
A. To determine the critical resources required to recover from an incident within a specified time period
B. To determine the effect of mission-critical information system failures on core business processes
C. To determine the cost for restoration of damaged information system
D. To determine the controls required to return to business critical operations
Answer: B
Q1479
Which of the following is the FIRST requirement a data owner should consider before implementing a
data retention policy?
A. Training
B. Legal
C. Business
D. Storage
Answer: B
Q1480
Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of
information security, vulnerabilities, and threats to support organizational risk management decisions.
Which of the following is the FIRST step in developing an ISCM strategy and implementing an ISCM
program?
A. Define a strategy based on risk tolerance that maintains clear visibility into assets, awareness of
vulnerabilities, up-to-date threat information, and mission/business impacts.
B. Conduct a vulnerability assessment to discover current threats against the environment and
incorporate them into the program.
C. Respond to findings with technical management, and operational mitigating activities or acceptance,
transference/sharing, or avoidance/rejection.
Questions and Answers 448/451
D. Analyze the data collected and report findings, determining the appropriate response. It may be
necessary to collect additional information to clarify or supplement existing monitoring data.
Answer: A
Q1481
When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's
first consideration?
Answer: A
Q1482
Which of the following BEST describes the use of network architecture in reducing corporate risks
associated with mobile devices?
A. Maintaining a "closed applications model on all mobile devices depends on demilitarized 2one (DM2)
servers
B. Split tunneling enabled for mobile devices improves demilitarized zone (DMZ) security posture
C. Segmentation and demilitarized zone (DMZ) monitoring are implemented to secure a virtual private
network (VPN) access for mobile devices
D. Applications that manage mobile devices are located in an Internet demilitarized zone (DMZ)
Answer: C
Q1483
Which of the following is an important design feature for the outer door o f a mantrap?
Answer: C
Q1485
What is the overall goal of software security testing?
Answer: B
Q1486
Which of the fallowing statements is MOST accurate regarding information assets?
A. International Organization for Standardization (ISO) 27001 compliance specifies which information
assets must be included in asset inventory.
B. S3 Information assets include any information that is valuable to the organization,
C. Building an information assets register is a resource-intensive job.
D. Information assets inventory is not required for risk assessment.
Answer: B
Q1487
An information security professional is reviewing user access controls on a customer-facing application.
The application must have multi-factor authentication (MFA) in place. The application currently requires a
username and password to login. Which of the following options would BEST implement MFA?
Answer: C