Q1. Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment? 

A. External 

B. Overt 

C. Internal 

D. Covert 

View Answer

Q2. Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks? 

A. Policy documentation review 

B. Authentication validation 

C. Periodic log reviews 

D. Interface testing 

View Answer

Q3. At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted 

A. monthly. 

B. quarterly. 

C. annually. 

D. bi-annually. 

View Answer

Q4. What is the MOST effective method of testing custom application code? 

A. Negative testing 

B. White box testing 

C. Penetration testing 

D. Black box testing 

View Answer

Q5. After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue? 

A. Implement strong passwords authentication for VPN 

B. Integrate the VPN with centralized credential stores 

C. Implement an Internet Protocol Security (IPSec) client 

D. Use two-factor authentication mechanisms 

View Answer

Q6. After acquiring the latest security updates, what must be done before deploying to production systems? 

A. Use tools to detect missing system patches 

B. Install the patches on a test system 

C. Subscribe to notifications for vulnerabilities 

D. Assess the severity of the situation 

View Answer

Q7. When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network? 

A. Topology diagrams 

B. Mapping tools 

C. Asset register 

D. Ping testing 

View Answer

Q8. A software scanner identifies a region within a binary image having high entropy. What does this MOST likely indicate? 

A. Encryption routines 

B. Random number generator 

C. Obfuscated code 

D. Botnet command and control 

View Answer

Q9. What is the PRIMARY goal for using Domain Name System.Security Extensions (DNSSEC) to sign records? 

A. Integrity 

B. Confidentiality 

C. Accountability 

D. Availability 

View Answer

Q10. Which of the following PRIMARILY contributes to security incidents in web-based applications? 

A. Systems administration and operating systems 

B. System incompatibility and patch management 

C. Third-party applications and change controls 

D. Improper stress testing and application interfaces 

View Answer