March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ISC CISSP Certified Information Systems Security Professional (CISSP) Exam Practice Test

Demo: 150 questions
Total 1487 questions

Certified Information Systems Security Professional (CISSP) Questions and Answers

Question 1

A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

Options:

A.

Trusted third-party certification

B.

Lightweight Directory Access Protocol (LDAP)

C.

Security Assertion Markup language (SAML)

D.

Cross-certification

Question 2

Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Options:

A.

Derived credential

B.

Temporary security credential

C.

Mobile device credentialing service

D.

Digest authentication

Question 3

What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?

Options:

A.

Audit logs

B.

Role-Based Access Control (RBAC)

C.

Two-factor authentication

D.

Application of least privilege

Question 4

Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?

Options:

A.

Limit access to predefined queries

B.

Segregate the database into a small number of partitions each with a separate security level

C.

Implement Role Based Access Control (RBAC)

D.

Reduce the number of people who have access to the system for statistical purposes

Question 5

Which of the following are effective countermeasures against passive network-layer attacks?

Options:

A.

Federated security and authenticated access controls

B.

Trusted software development and run time integrity controls

C.

Encryption and security enabled applications

D.

Enclave boundary protection and computing environment defense

Question 6

Backup information that is critical to the organization is identified through a

Options:

A.

Vulnerability Assessment (VA).

B.

Business Continuity Plan (BCP).

C.

Business Impact Analysis (BIA).

D.

data recovery analysis.

Question 7

A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

Options:

A.

Ignore the request and do not perform the change.

B.

Perform the change as requested, and rely on the next audit to detect and report the situation.

C.

Perform the change, but create a change ticket regardless to ensure there is complete traceability.

D.

Inform the audit committee or internal audit directly using the corporate whistleblower process.

Question 8

Which of the following is MOST important when deploying digital certificates?

Options:

A.

Validate compliance with X.509 digital certificate standards

B.

Establish a certificate life cycle management framework

C.

Use a third-party Certificate Authority (CA)

D.

Use no less than 256-bit strength encryption when creating a certificate

Question 9

Which of the following restricts the ability of an individual to carry out all the steps of a particular process?

Options:

A.

Job rotation

B.

Separation of duties

C.

Least privilege

D.

Mandatory vacations

Question 10

What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)?

Options:

A.

Management support

B.

Consideration of organizational need

C.

Technology used for delivery

D.

Target audience

Question 11

From a cryptographic perspective, the service of non-repudiation includes which of the following features?

Options:

A.

Validity of digital certificates

B.

Validity of the authorization rules

C.

Proof of authenticity of the message

D.

Proof of integrity of the message

Question 12

Which of the following BEST represents the concept of least privilege?

Options:

A.

Access to an object is denied unless access is specifically allowed.

B.

Access to an object is only available to the owner.

C.

Access to an object is allowed unless it is protected by the information security policy.

D.

Access to an object is only allowed to authenticated users via an Access Control List (ACL).

Question 13

When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?

Options:

A.

Accept the risk on behalf of the organization.

B.

Report findings to the business to determine security gaps.

C.

Quantify the risk to the business for product selection.

D.

Approve the application that best meets security requirements.

Question 14

In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of

Options:

A.

systems integration.

B.

risk management.

C.

quality assurance.

D.

change management.

Question 15

What balance MUST be considered when web application developers determine how informative application error messages should be constructed?

Options:

A.

Risk versus benefit

B.

Availability versus auditability

C.

Confidentiality versus integrity

D.

Performance versus user satisfaction

Question 16

In which of the following programs is it MOST important to include the collection of security process data?

Options:

A.

Quarterly access reviews

B.

Security continuous monitoring

C.

Business continuity testing

D.

Annual security training

Question 17

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

Options:

A.

Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken

B.

Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability

C.

Management teams will understand the testing objectives and reputational risk to the organization

D.

Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels

Question 18

Which of the following could cause a Denial of Service (DoS) against an authentication system?

Options:

A.

Encryption of audit logs

B.

No archiving of audit logs

C.

Hashing of audit logs

D.

Remote access audit logs

Question 19

Which of the following is of GREATEST assistance to auditors when reviewing system configurations?

Options:

A.

Change management processes

B.

User administration procedures

C.

Operating System (OS) baselines

D.

System backup documentation

Question 20

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

Options:

A.

Host VM monitor audit logs

B.

Guest OS access controls

C.

Host VM access controls

D.

Guest OS audit logs

Question 21

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Options:

A.

Personal Identity Verification (PIV)

B.

Cardholder Unique Identifier (CHUID) authentication

C.

Physical Access Control System (PACS) repeated attempt detection

D.

Asymmetric Card Authentication Key (CAK) challenge-response

Question 22

In a data classification scheme, the data is owned by the

Options:

A.

system security managers

B.

business managers

C.

Information Technology (IT) managers

D.

end users

Question 23

Which of the following is an initial consideration when developing an information security management system?

Options:

A.

Identify the contractual security obligations that apply to the organizations

B.

Understand the value of the information assets

C.

Identify the level of residual risk that is tolerable to management

D.

Identify relevant legislative and regulatory compliance requirements

Question 24

Which of the following is MOST important when assigning ownership of an asset to a department?

Options:

A.

The department should report to the business owner

B.

Ownership of the asset should be periodically reviewed

C.

Individual accountability should be ensured

D.

All members should be trained on their responsibilities

Question 25

Which of the following BEST describes the responsibilities of a data owner?

Options:

A.

Ensuring quality and validation through periodic audits for ongoing data integrity

B.

Maintaining fundamental data availability, including data storage and archiving

C.

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

D.

Determining the impact the information has on the mission of the organization

Question 26

Which one of the following affects the classification of data?

Options:

A.

Assigned security label

B.

Multilevel Security (MLS) architecture

C.

Minimum query size

D.

Passage of time

Question 27

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.

Which contract is BEST in offloading the task from the IT staff?

Options:

A.

Platform as a Service (PaaS)

B.

Identity as a Service (IDaaS)

C.

Desktop as a Service (DaaS)

D.

Software as a Service (SaaS)

Question 28

When implementing a data classification program, why is it important to avoid too much granularity?

Options:

A.

The process will require too many resources

B.

It will be difficult to apply to both hardware and software

C.

It will be difficult to assign ownership to the data

D.

The process will be perceived as having value

Question 29

Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?

Options:

A.

Check arguments in function calls

B.

Test for the security patch level of the environment

C.

Include logging functions

D.

Digitally sign each application module

Question 30

Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Options:

A.

Purchase software from a limited list of retailers

B.

Verify the hash key or certificate key of all updates

C.

Do not permit programs, patches, or updates from the Internet

D.

Test all new software in a segregated environment

Question 31

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Options:

A.

Development, testing, and deployment

B.

Prevention, detection, and remediation

C.

People, technology, and operations

D.

Certification, accreditation, and monitoring

Question 32

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

Options:

A.

Application

B.

Storage

C.

Power

D.

Network

Question 33

Intellectual property rights are PRIMARY concerned with which of the following?

Options:

A.

Owner’s ability to realize financial gain

B.

Owner’s ability to maintain copyright

C.

Right of the owner to enjoy their creation

D.

Right of the owner to control delivery method

Question 34

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Options:

A.

determine the risk of a business interruption occurring

B.

determine the technological dependence of the business processes

C.

Identify the operational impacts of a business interruption

D.

Identify the financial impacts of a business interruption

Question 35

Which of the following represents the GREATEST risk to data confidentiality?

Options:

A.

Network redundancies are not implemented

B.

Security awareness training is not completed

C.

Backup tapes are generated unencrypted

D.

Users have administrative privileges

Question 36

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

Options:

A.

Ensure the fire prevention and detection systems are sufficient to protect personnel

B.

Review the architectural plans to determine how many emergency exits are present

C.

Conduct a gap analysis of a new facilities against existing security requirements

D.

Revise the Disaster Recovery and Business Continuity (DR/BC) plan

Question 37

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Options:

A.

Install mantraps at the building entrances

B.

Enclose the personnel entry area with polycarbonate plastic

C.

Supply a duress alarm for personnel exposed to the public

D.

Hire a guard to protect the public area

Question 38

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Options:

A.

Only when assets are clearly defined

B.

Only when standards are defined

C.

Only when controls are put in place

D.

Only procedures are defined

Question 39

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Options:

A.

Examine the device for physical tampering

B.

Implement more stringent baseline configurations

C.

Purge or re-image the hard disk drive

D.

Change access codes

Question 40

Recovery strategies of a Disaster Recovery planning (DRIP) MUST be aligned with which of the following?

Options:

A.

Hardware and software compatibility issues

B.

Applications’ critically and downtime tolerance

C.

Budget constraints and requirements

D.

Cost/benefit analysis and business objectives

Question 41

What is the PRIMARY reason for implementing change management?

Options:

A.

Certify and approve releases to the environment

B.

Provide version rollbacks for system changes

C.

Ensure that all applications are approved

D.

Ensure accountability for changes to the environment

Question 42

Which of the following is the FIRST step in the incident response process?

Options:

A.

Determine the cause of the incident

B.

Disconnect the system involved from the network

C.

Isolate and contain the system involved

D.

Investigate all symptoms to confirm the incident

Question 43

What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?

Options:

A.

Take the computer to a forensic lab

B.

Make a copy of the hard drive

C.

Start documenting

D.

Turn off the computer

Question 44

An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?

Options:

A.

Absence of a Business Intelligence (BI) solution

B.

Inadequate cost modeling

C.

Improper deployment of the Service-Oriented Architecture (SOA)

D.

Insufficient Service Level Agreement (SLA)

Question 45

Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Options:

A.

Walkthrough

B.

Simulation

C.

Parallel

D.

White box

Question 46

Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?

Options:

A.

Automatically create exceptions for specific actions or files

B.

Determine which files are unsafe to access and blacklist them

C.

Automatically whitelist actions or files known to the system

D.

Build a baseline of normal or safe system events for review

Question 47

Which of the following is the PRIMARY benefit of a formalized information classification program?

Options:

A.

It drives audit processes.

B.

It supports risk assessment.

C.

It reduces asset vulnerabilities.

D.

It minimizes system logging requirements.

Question 48

When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?

Options:

A.

Perform a service provider PCI-DSS assessment on a yearly basis.

B.

Validate the service provider's PCI-DSS compliance status on a regular basis.

C.

Validate that the service providers security policies are in alignment with those of the organization.

D.

Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis.

Question 49

Which of the following is the BEST countermeasure to brute force login attacks?

Options:

A.

Changing all canonical passwords

B.

Decreasing the number of concurrent user sessions

C.

Restricting initial password delivery only in person

D.

Introducing a delay after failed system access attempts

Question 50

The amount of data that will be collected during an audit is PRIMARILY determined by the.

Options:

A.

audit scope.

B.

auditor's experience level.

C.

availability of the data.

D.

integrity of the data.

Question 51

Which of the following is the MOST crucial for a successful audit plan?

Options:

A.

Defining the scope of the audit to be performed

B.

Identifying the security controls to be implemented

C.

Working with the system owner on new controls

D.

Acquiring evidence of systems that are not compliant

Question 52

Refer to the information below to answer the question.

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

In a Bell-LaPadula system, which user cannot write to File 3?

Options:

A.

User A

B.

User B

C.

User C

D.

User D

Question 53

What is the MOST important reason to configure unique user IDs?

Options:

A.

Supporting accountability

B.

Reducing authentication errors

C.

Preventing password compromise

D.

Supporting Single Sign On (SSO)

Question 54

Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks?

Options:

A.

Masquerading, salami, malware, polymorphism

B.

Brute force, dictionary, phishing, keylogger

C.

Zeus, netbus, rabbit, turtle

D.

Token, biometrics, IDS, DLP

Question 55

When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?

Options:

A.

Temporal Key Integrity Protocol (TKIP)

B.

Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK)

C.

Wi-Fi Protected Access 2 (WPA2) Enterprise

D.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Question 56

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

Which of the following will indicate where the IT budget is BEST allocated during this time?

Options:

A.

Policies

B.

Frameworks

C.

Metrics

D.

Guidelines

Question 57

An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?

Options:

A.

Availability

B.

Confidentiality

C.

Integrity

D.

Ownership

Question 58

Refer to the information below to answer the question.

A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.

Which of the following BEST describes the access control methodology used?

Options:

A.

Least privilege

B.

Lattice Based Access Control (LBAC)

C.

Role Based Access Control (RBAC)

D.

Lightweight Directory Access Control (LDAP)

Question 59

An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid reason a customer transaction is kept beyond the retention schedule?

Options:

A.

Pending legal hold

B.

Long term data mining needs

C.

Customer makes request to retain

D.

Useful for future business initiatives

Question 60

Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?

Options:

A.

Timing

B.

Cold boot

C.

Side channel

D.

Acoustic cryptanalysis

Question 61

Match the name of access control model with its associated restriction.

Drag each access control model to its appropriate restriction access on the right.

Options:

Question 62

What is the MAIN purpose of a change management policy?

Options:

A.

To assure management that changes to the Information Technology (IT) infrastructure are necessary

B.

To identify the changes that may be made to the Information Technology (IT) infrastructure

C.

To verify that changes to the Information Technology (IT) infrastructure are approved

D.

To determine the necessary for implementing modifications to the Information Technology (IT)

infrastructure

Question 63

The organization would like to deploy an authorization mechanism for an Information Technology (IT)

infrastructure project with high employee turnover.

Which access control mechanism would be preferred?

Options:

A.

Attribute Based Access Control (ABAC)

B.

Discretionary Access Control (DAC)

C.

Mandatory Access Control (MAC)

D.

Role-Based Access Control (RBAC)

Question 64

What is the MOST significant benefit of an application upgrade that replaces randomly generated session keys with certificate based encryption for communications with backend servers?

Options:

A.

Non-repudiation

B.

Efficiency

C.

Confidentially

D.

Privacy

Question 65

Which of the following is the BEST reason for writing an information security policy?

Options:

A.

To support information security governance

B.

To reduce the number of audit findings

C.

To deter attackers

D.

To implement effective information security controls

Question 66

Which of the following is the BEST metric to obtain when gaining support for an Identify and Access

Management (IAM) solution?

Options:

A.

Application connection successes resulting in data leakage

B.

Administrative costs for restoring systems after connection failure

C.

Employee system timeouts from implementing wrong limits

D.

Help desk costs required to support password reset requests

Question 67

What is the second step in the identity and access provisioning lifecycle?

Options:

A.

Provisioning

B.

Review

C.

Approval

D.

Revocation

Question 68

A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead

of RS422. The project manager wants to simplify administration and maintenance by utilizing the office

network infrastructure and staff to implement this upgrade.

Which of the following is the GREATEST impact on security for the network?

Options:

A.

The network administrators have no knowledge of ICS

B.

The ICS is now accessible from the office network

C.

The ICS does not support the office password policy

D.

RS422 is more reliable than Ethernet

Question 69

What are the steps of a risk assessment?

Options:

A.

identification, analysis, evaluation

B.

analysis, evaluation, mitigation

C.

classification, identification, risk management

D.

identification, evaluation, mitigation

Question 70

A company seizes a mobile device suspected of being used in committing fraud. What would be the BEST method used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence?

Options:

A.

Put the device in airplane mode

B.

Suspend the account with the telecommunication provider

C.

Remove the SIM card

D.

Turn the device off

Question 71

A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed

to have gratuitous Address Resolution Protocol (ARP) disabled.

Why did the network architect likely design the VoIP system with gratuitous ARP disabled?

Options:

A.

Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1.

B.

Gratuitous ARP requires the use of insecure layer 3 protocols.

C.

Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone.

D.

Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

Question 72

The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data

Options:

A.

through a firewall at the Session layer

B.

through a firewall at the Transport layer

C.

in the Point-to-Point Protocol (PPP)

D.

in the Payload Compression Protocol (PCP)

Question 73

Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

Options:

A.

Password requirements are simplified.

B.

Risk associated with orphan accounts is reduced.

C.

Segregation of duties is automatically enforced.

D.

Data confidentiality is increased.

Question 74

Which of the following is the MOST common method of memory protection?

Options:

A.

Compartmentalization

B.

Segmentation

C.

Error correction

D.

Virtual Local Area Network (VLAN) tagging

Question 75

Which of the following is a characteristic of an internal audit?

Options:

A.

An internal audit is typically shorter in duration than an external audit.

B.

The internal audit schedule is published to the organization well in advance.

C.

The internal auditor reports to the Information Technology (IT) department

D.

Management is responsible for reading and acting upon the internal audit results

Question 76

Which of the following is the FIRST step of a penetration test plan?

Options:

A.

Analyzing a network diagram of the target network

B.

Notifying the company's customers

C.

Obtaining the approval of the company's management

D.

Scheduling the penetration test during a period of least impact

Question 77

An organization is selecting a service provider to assist in the consolidation of multiple computing sites including development, implementation and ongoing support of various computer systems. Which of the following MUST be verified by the Information Security Department?

Options:

A.

The service provider's policies are consistent with ISO/IEC27001 and there is evidence that the service provider is following those policies.

B.

The service provider will segregate the data within its systems and ensure that each region's policies are met.

C.

The service provider will impose controls and protections that meet or exceed the current systems controls and produce audit logs as verification.

D.

The service provider's policies can meet the requirements imposed by the new environment even if they differ from the organization's current policies.

Question 78

What is the MOST effective countermeasure to a malicious code attack against a mobile system?

Options:

A.

Sandbox

B.

Change control

C.

Memory management

D.

Public-Key Infrastructure (PKI)

Question 79

Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

Options:

A.

Transparent Database Encryption (TDE)

B.

Column level database encryption

C.

Volume encryption

D.

Data tokenization

Question 80

Which one of the following considerations has the LEAST impact when considering transmission security?

Options:

A.

Network availability

B.

Data integrity

C.

Network bandwidth

D.

Node locations

Question 81

Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

Options:

A.

Encrypt and hash all PII to avoid disclosure and tampering.

B.

Store PII for no more than one year.

C.

Avoid storing PII in a Cloud Service Provider.

D.

Adherence to collection limitation laws and regulations.

Question 82

Which of the following can BEST prevent security flaws occurring in outsourced software development?

Options:

A.

Contractual requirements for code quality

B.

Licensing, code ownership and intellectual property rights

C.

Certification of the quality and accuracy of the work done

D.

Delivery dates, change management control and budgetary control

Question 83

Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?

Options:

A.

Operational networks are usually shut down during testing.

B.

Testing should continue even if components of the test fail.

C.

The company is fully prepared for a disaster if all tests pass.

D.

Testing should not be done until the entire disaster plan can be tested.

Question 84

What security management control is MOST often broken by collusion?

Options:

A.

Job rotation

B.

Separation of duties

C.

Least privilege model

D.

Increased monitoring

Question 85

The type of authorized interactions a subject can have with an object is

Options:

A.

control.

B.

permission.

C.

procedure.

D.

protocol.

Question 86

Which of the following does the Encapsulating Security Payload (ESP) provide?

Options:

A.

Authorization and integrity

B.

Availability and integrity

C.

Integrity and confidentiality

D.

Authorization and confidentiality

Question 87

Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

Options:

A.

False Acceptance Rate (FAR)

B.

False Rejection Rate (FRR)

C.

Crossover Error Rate (CER)

D.

Rejection Error Rate

Question 88

A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

Options:

A.

The organization's current security policies concerning privacy issues

B.

Privacy-related regulations enforced by governing bodies applicable to the organization

C.

Privacy best practices published by recognized security standards organizations

D.

Organizational procedures designed to protect privacy information

Question 89

The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using

Options:

A.

INSERT and DELETE.

B.

GRANT and REVOKE.

C.

PUBLIC and PRIVATE.

D.

ROLLBACK and TERMINATE.

Question 90

The birthday attack is MOST effective against which one of the following cipher technologies?

Options:

A.

Chaining block encryption

B.

Asymmetric cryptography

C.

Cryptographic hash

D.

Streaming cryptography

Question 91

Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?

Options:

A.

Privacy Act of 1974

B.

Clinger-Cohan Act of 1996

C.

Sarbanes-Oxley (SOX) Act of 2002

D.

International Organization for Standardization (ISO) 27001

Question 92

Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages?

Options:

A.

Redundant hardware, disk spanning, and patching

B.

Load balancing, power reserves, and disk spanning

C.

Backups, clustering, and power reserves

D.

Clustering, load balancing, and fault-tolerant options

Question 93

Which of the following objects should be removed FIRST prior to uploading code to public code repositories?

Options:

A.

Security credentials

B.

Known vulnerabilities

C.

Inefficient algorithms

D.

Coding mistakes

Question 94

Which of the following is the key requirement for test results when implementing forensic procedures?

Options:

A.

The test results must be cost-effective.

B.

The test result must be authorized.

C.

The test results must be quantifiable.

D.

The test results must be reproducible.

Question 95

If a content management system (CMC) is implemented, which one of the following would occur?

Options:

A.

Developers would no longer have access to production systems

B.

The applications placed into production would be secure

C.

Patching the systems would be completed more quickly

D.

The test and production systems would be running the same software

Question 96

In the common criteria (CC) for information technology (IT) security evaluation, increasing Evaluation Assurance Levels (EAL) results in which of the following?

Options:

A.

Increased functionality

B.

Increased interoperability

C.

Increase in resource requirement

D.

Increase in evaluated systems

Question 97

Which of the following would an internal technical security audit BEST validate?

Options:

A.

Whether managerial controls are in place

B.

Support for security programs by executive management

C.

Appropriate third-party system hardening

D.

Implementation of changes to a system

Question 98

For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following?

Options:

A.

Access Control

B.

Account Management

C.

Authentication

D.

Authorization

Question 99

Which of the following practices provides the development of security and identification of threats in designing software?

Options:

A.

Stakeholder review

B.

Requirements review

C.

Penetration testing

D.

Threat modeling

Question 100

Which of the following is an accurate statement when an assessment results in the discovery of vulnerabilities in a critical network component?

Options:

A.

The fact that every other host is sufficiently hardened does not change the fact frat the network is placed at risk of attack.

B.

There is little likelihood that the entire network is being placed at a significant risk of attack.

C.

A second assessment should immediately be performed after all vulnerabilities are corrected.

D.

There is a low possibility that any adjacently connected components have been compromised by an attacker

Question 101

Digital certificates used transport Layer security (TLS) support which of the following?

Options:

A.

Server identify and data confidentially

B.

Information input validation

C.

Multi-Factor Authentication (MFA)

D.

Non-reputation controls and data encryption

Question 102

Which of the following is MOST important when determining appropriate countermeasures for an identified risk?

Options:

A.

Interaction with existing controls

B.

Cost

C.

Organizational risk tolerance

D.

Patch availability

Question 103

Which of the following steps should be conducted during the FIRST phase of software assurance in a generic acquisition process?

Options:

A.

Establishing and consenting to the contract work schedule

B.

Issuing a Request for proposal (RFP) with a work statement

C.

Developing software requirements to be included in work statement

D.

Reviewing and accepting software deliverables

Question 104

Which of the following is critical if an empolyee is dismissed due to violation of an organization’s acceptable use policy (Aup) ?

Options:

A.

Appropriate documentation

B.

privilege suspension

C.

proxy records

D.

Internet access logs

Question 105

A large corporation is looking for a solution to automate access based on where the request is coming from, who the user is, what device they are connecting with, and what and time of day they are attempting this access. What type of solution would suit their needs?

Options:

A.

Mandatory Access Control (MAC)

B.

Network Access Control (NAC)

C.

Role Based Access Control (RBAC)

D.

Discretionary Access Control (DAC)

Question 106

What is the FINAL step in the waterfall method for contingency planning?

Options:

A.

Maintenance

B.

Testing

C.

Implementation

D.

Training

Question 107

How does Radio-Frequency Identification (RFID) assist with asset management?

Options:

A.

It uses biometric information for system identification.

B.

It uses two-factor authentication (2FA) for system identification.

C.

It transmits unique Media Access Control (MAC) addresses wirelessly.

D.

It transmits unique serial numbers wirelessly.

Question 108

What action should be taken by a business line that is unwilling to accept the residual risk in a system after implementing compensating controls?

Options:

A.

Notify the audit committee of the situation.

B.

Purchase insurance to cover the residual risk.

C.

Implement operational safeguards.

D.

Find another business line willing to accept the residual risk.

Question 109

Which of the following is a covert channel type?

Options:

A.

Storage

B.

Pipe

C.

Memory

D.

Monitoring

Question 110

What is the PRIMARY benefit of incident reporting and computer crime investigations?

Options:

A.

Providing evidence to law enforcement

B.

Repairing the damage and preventing future occurrences

C.

Appointing a computer emergency response team

D.

Complying with security policy

Question 111

An organization plans to acquire @ commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization's security team FIRST get involved in this acquisition’s life cycle?

Options:

A.

When the system is being designed, purchased, programmed, developed, or otherwise constructed

B.

When the system is verified and validated

C.

When the system is deployed into production

D.

When the need for a system is expressed and the purpose of the system Is documented

Question 112

Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?

Options:

A.

Lower costs throughout the System Development Life Cycle (SDLC)

B.

Facilitate a root cause analysis (RCA)

C.

Enable generation of corrective action reports

D.

Avoid lengthy audit reports

Question 113

A company needs to provide employee access to travel services, which are hosted by a third-party service provider, Employee experience is important, and when users are

already authenticated, access to the travel portal is seamless. Which of the following methods is used to share information and grant user access to the travel portal?

Options:

A.

Security Assertion Markup Language (SAML) access

B.

Single sign-on (SSO) access

C.

Open Authorization (OAuth) access

D.

Federated access

Question 114

What industry-recognized document could be used as a baseline reference that is related to data security and business operations for conducting a security assessment?

Options:

A.

Service Organization Control (SOC) 1 Type 2

B.

Service Organization Control (SOC) 2 Type 1

C.

Service Organization Control (SOC) 1 Type 1

D.

Service Organization Control (SOC) 2 Type 2

Question 115

Which of the following is the MOST effective corrective control to minimize the effects of a physical intrusion?

Options:

A.

Automatic videotaping of a possible intrusion

B.

Rapid response by guards or police to apprehend a possible intruder

C.

Activating bright lighting to frighten away a possible intruder

D.

Sounding a loud alarm to frighten away a possible intruder

Question 116

The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the team taken into consideration?

Options:

A.

biometric data cannot be changed.

B.

Separate biometric data streams require increased security.

C.

The biometric devices are unknown.

D.

Biometric data must be protected from disclosure.

Question 117

Why is data classification control important to an organization?

Options:

A.

To ensure its integrity, confidentiality and availability

B.

To enable data discovery

C.

To control data retention in alignment with organizational policies and regulation

D.

To ensure security controls align with organizational risk appetite

Question 118

Which of the following is the BEST method to gather evidence from a computer's hard drive?

Options:

A.

Disk duplication

B.

Disk replacement

C.

Forensic signature

D.

Forensic imaging

Question 119

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?

Options:

A.

Secure Shell (SSH)

B.

Internet Protocol Security (IPsec)

C.

Secure Sockets Layer (SSL)

D.

Extensible Authentication Protocol (EAP)

Question 120

A company hired an external vendor to perform a penetration test ofa new payroll system. The company’s internal test team had already performed an in-depth application

and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive

personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?

Options:

A.

Failure to perform interface testing

B.

Failure to perform negative testing

C.

Inadequate performance testing

D.

Inadequate application level testing

Question 121

An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?

Options:

A.

Application Manager

B.

Database Administrator

C.

Privacy Officer

D.

Finance Manager

Question 122

Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?

Options:

A.

Data at rest encryption

B.

Configuration Management

C.

Integrity checking software

D.

Cyclic redundancy check (CRC)

Question 123

Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique?

Options:

A.

It is useful for testing communications protocols and graphical user interfaces.

B.

It is characterized by the stateless behavior of a process implemented in a function.

C.

Test inputs are obtained from the derived threshold of the given functional specifications.

D.

An entire partition can be covered by considering only one representative value from that partition.

Question 124

Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?

Options:

A.

IEEE 802.1F

B.

IEEE 802.1H

C.

IEEE 802.1Q

D.

IEEE 802.1X

Question 125

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

Options:

A.

Document the system as high risk

B.

Perform a vulnerability assessment

C.

Perform a quantitative threat assessment

D.

Notate the information and move on

Question 126

Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic media.

Options:

Question 127

Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).

Options:

Question 128

For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data?

Options:

A.

Information Systems Security Officer

B.

Data Owner

C.

System Security Architect

D.

Security Requirements Analyst

Question 129

In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?

Options:

Question 130

A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?

Options:

A.

Onward transfer

B.

Collection Limitation

C.

Collector Accountability

D.

Individual Participation

Question 131

While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?

Options:

A.

Retention

B.

Reporting

C.

Recovery

D.

Remediation

Question 132

What is the PRIMARY difference between security policies and security procedures?

Options:

A.

Policies are used to enforce violations, and procedures create penalties

B.

Policies point to guidelines, and procedures are more contractual in nature

C.

Policies are included in awareness training, and procedures give guidance

D.

Policies are generic in nature, and procedures contain operational details

Question 133

Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?

Options:

A.

External

B.

Overt

C.

Internal

D.

Covert

Question 134

Which of the following PRIMARILY contributes to security incidents in web-based applications?

Options:

A.

Systems administration and operating systems

B.

System incompatibility and patch management

C.

Third-party applications and change controls

D.

Improper stress testing and application interfaces

Question 135

The PRIMARY outcome of a certification process is that it provides documented

Options:

A.

system weaknesses for remediation.

B.

standards for security assessment, testing, and process evaluation.

C.

interconnected systems and their implemented security controls.

D.

security analyses needed to make a risk-based decision.

Question 136

Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

Options:

A.

Confidentiality

B.

Integrity

C.

Identification

D.

Availability

Question 137

Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?

Options:

A.

Hashing the data before encryption

B.

Hashing the data after encryption

C.

Compressing the data after encryption

D.

Compressing the data before encryption

Question 138

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?

Options:

A.

Implementation Phase

B.

Initialization Phase

C.

Cancellation Phase

D.

Issued Phase

Question 139

Who in the organization is accountable for classification of data information assets?

Options:

A.

Data owner

B.

Data architect

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Question 140

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?

Options:

A.

Common Vulnerabilities and Exposures (CVE)

B.

Common Vulnerability Scoring System (CVSS)

C.

Asset Reporting Format (ARF)

D.

Open Vulnerability and Assessment Language (OVAL)

Question 141

The use of private and public encryption keys is fundamental in the implementation of which of the following?

Options:

A.

Diffie-Hellman algorithm

B.

Secure Sockets Layer (SSL)

C.

Advanced Encryption Standard (AES)

D.

Message Digest 5 (MD5)

Question 142

Which of the following mobile code security models relies only on trust?

Options:

A.

Code signing

B.

Class authentication

C.

Sandboxing

D.

Type safety

Question 143

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?

Options:

A.

Implement packet filtering on the network firewalls

B.

Install Host Based Intrusion Detection Systems (HIDS)

C.

Require strong authentication for administrators

D.

Implement logical network segmentation at the switches

Question 144

Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?

Options:

A.

Intrusion Prevention Systems (IPS)

B.

Intrusion Detection Systems (IDS)

C.

Stateful firewalls

D.

Network Behavior Analysis (NBA) tools

Question 145

Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?

Options:

A.

WEP uses a small range Initialization Vector (IV)

B.

WEP uses Message Digest 5 (MD5)

C.

WEP uses Diffie-Hellman

D.

WEP does not use any Initialization Vector (IV)

Question 146

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Options:

A.

Layer 2 Tunneling Protocol (L2TP)

B.

Link Control Protocol (LCP)

C.

Challenge Handshake Authentication Protocol (CHAP)

D.

Packet Transfer Protocol (PTP)

Question 147

An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?

Options:

A.

Add a new rule to the application layer firewall

B.

Block access to the service

C.

Install an Intrusion Detection System (IDS)

D.

Patch the application source code

Question 148

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

Options:

A.

Packet filtering

B.

Port services filtering

C.

Content filtering

D.

Application access control

Question 149

What is the purpose of an Internet Protocol (IP) spoofing attack?

Options:

A.

To send excessive amounts of data to a process, making it unpredictable

B.

To intercept network traffic without authorization

C.

To disguise the destination address from a target’s IP filtering devices

D.

To convince a system that it is communicating with a known entity

Question 150

In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Options:

A.

Transport layer

B.

Application layer

C.

Network layer

D.

Session layer

Demo: 150 questions
Total 1487 questions