Q1. Refer.to the information below to answer the question. 

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. 

In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four files? 

A. User A 

B. User B 

C. User C 

D. User D 

View Answer

Q2. Which one of the following affects the classification of data? 

A. Passage of time 

B. Assigned security label 

C. Multilevel Security (MLS) architecture 

D. Minimum query size 

View Answer

Q3. Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode? 

A. Automatically create exceptions for specific actions or files 

B. Determine which files are unsafe to access and blacklist them 

C. Automatically whitelist actions or files known to the system 

D. Build a baseline of normal or safe system events for review 

View Answer

Q4. DRAG DROP 

A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Match the functional testing techniques on the left with the correct input parameters on.the right. 

View Answer

Q5. An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause? 

A. Improper deployment of the Service-Oriented Architecture.(SOA) 

B. Absence of a Business Intelligence.(BI) solution 

C. Inadequate cost modeling 

D. Insufficient Service Level Agreement.(SLA).

View Answer

Q6. Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)? 

A. Maintaining an inventory of authorized Access Points (AP) and connecting devices B. Setting the radio frequency to the minimum range required 

C. Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator 

D. Verifying that all default passwords have been changed 

View Answer

Q7. The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using 

A. INSERT and DELETE. 

B. GRANT and REVOKE. 

C. PUBLIC.and PRIVATE. 

D. ROLLBACK.and TERMINATE. 

View Answer

Q8. HOTSPOT 

Identify the component that MOST likely lacks digital accountability related to.information access. 

Click on the correct device in the image below. 

View Answer

Q9. What is the BEST method to detect the most common improper initialization problems in programming languages? 

A. Use and specify a strong character encoding. 

B. Use automated static analysis tools that target this type of weakness. 

C. Perform input validation on any numeric inputs by assuring that they are within the expected range. 

D. Use data flow analysis to minimize the number of false positives. 

View Answer

Q10. Which of the following can BEST prevent security flaws occurring in outsourced software development? 

A. Contractual requirements for code quality 

B. Licensing, code ownership and intellectual property rights 

C. Certification.of the quality and accuracy of the work done 

D. Delivery dates, change management control and budgetary control 

View Answer