Q1. Which of the following is an attacker MOST likely to target to gain privileged access to a system? 

A. Programs that write to system resources 

B. Programs that write to user directories 

C. Log files containing sensitive information 

D. Log files containing system calls 

View Answer

Q2. Refer.to the information below to answer the question. 

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. 

If the intrusion causes the system processes to hang, which of the following has been affected? 

A. System integrity 

B. System availability 

C. System confidentiality 

D. System auditability 

View Answer

Q3. Refer.to the information below to answer the question. 

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. 

Which.of.the.following.could.have.MOST.likely.prevented.the.Peer-to-Peer.(P2P).program.from.being.installed.on.the.computer? 

A. Removing employee's full access to the computer 

B. Supervising their child's use of the computer 

C. Limiting computer's access to only the employee 

D. Ensuring employee understands their business conduct guidelines 

View Answer

Q4. Which of the following is a security feature of Global Systems for Mobile Communications (GSM)? 

A. It uses a Subscriber Identity Module (SIM) for authentication. 

B. It uses encrypting techniques for all communications. 

C. The radio spectrum is divided with multiple frequency carriers. 

D. The signal is difficult to read as it provides end-to-end encryption. 

View Answer

Q5. Which of the following is the BEST example of weak management commitment to the protection of security assets and resources? 

A. poor governance over security processes and procedures 

B. immature security controls and procedures 

C. variances against regulatory requirements 

D. unanticipated increases in security incidents and threats 

View Answer

Q6. Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy? 

A. Detection 

B. Prevention 

C. Investigation 

D. Correction 

View Answer

Q7. A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue? 

A. A lack of baseline standards 

B. Improper documentation of security guidelines 

C. A poorly designed security policy communication program 

D. Host-based Intrusion Prevention System (HIPS).policies are ineffective 

View Answer

Q8. Refer.to the information below to answer the question. 

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. 

Which of the following will MOST likely allow the organization to keep risk at an acceptable level? 

A. Increasing the amount of audits performed by third parties 

B. Removing privileged accounts from operational staff 

C. Assigning privileged functions to appropriate staff 

D. Separating the security function into distinct roles 

View Answer

Q9. Which one of the following is a threat related to the use of web-based client side input validation? 

A. Users would be able to alter the input after validation has occurred 

B. The web server would not be able to validate the input after transmission 

C. The client system could receive invalid input from the web server 

D. The web server would not be able to receive invalid input from the client 

View Answer

Q10. When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial? 

A. Testing phase 

B. Development phase 

C. Requirements definition phase 

D. Operations and maintenance phase 

View Answer