Q1. What is the FIRST step in developing a security test and its evaluation? 

A. Determine testing methods 

B. Develop testing procedures 

C. Identify all applicable security requirements 

D. Identify people, processes, and products not in compliance 

View Answer

Q2. Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures? 

A. Role Based Access Control (RBAC) 

B. Biometric access control 

C. Federated Identity Management (IdM) 

D. Application hardening 

View Answer

Q3. Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model? 

A. Data at rest encryption 

B. Configuration Management 

C. Integrity checking software 

D. Cyclic redundancy check (CRC) 

View Answer

Q4. What is an important characteristic of Role Based Access Control (RBAC)? 

A. Supports Mandatory Access Control (MAC) 

B. Simplifies the management of access rights 

C. Relies on rotation of duties 

D. Requires.two factor authentication 

View Answer

Q5. Which of the following is a method used to prevent Structured Query Language (SQL) 

injection attacks? 

A. Data compression 

B. Data classification 

C. Data warehousing 

D. Data validation 

View Answer

Q6. Which of the following controls is the FIRST step in protecting privacy in an information system? 

A. Data Redaction 

B. Data Minimization 

C. Data Encryption 

D. Data Storage 

View Answer

Q7. From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system? 

A. Configure secondary servers to use the primary server as a zone forwarder. 

B. Block all Transmission Control Protocol (TCP) connections. 

C. Disable all recursive queries on the name servers. 

D. Limit zone transfers to authorized devices. 

View Answer

Q8. The goal of software assurance in application development is to 

A. enable the development of High Availability (HA) systems. 

B. facilitate the creation of Trusted Computing Base (TCB) systems. 

C. prevent the creation of vulnerable applications. 

D. encourage the development of open source applications. 

View Answer

Q9. A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle? 

A. Onward transfer 

B. Collection Limitation 

C. Collector Accountability 

D. Individual Participation 

View Answer

Q10. Which of the following is ensured when hashing files during chain of custody handling? 

A. Availability 

B. Accountability 

C. Integrity 

D. Non-repudiation 

View Answer