Q1. Discretionary Access Control (DAC) is based on which of the following? 

A. Information source and destination 

B. Identification of subjects and objects 

C. Security labels and privileges 

D. Standards and guidelines 

View Answer

Q2. Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment? 

A. External 

B. Overt 

C. Internal 

D. Covert 

View Answer

Q3. During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take? 

A. Immediately call the police 

B. Work with the client to resolve the issue internally 

C. Advise.the.person performing the illegal activity to cease and desist 

D. Work with the client to report the activity to the appropriate authority 

View Answer

Q4. A Business Continuity Plan (BCP) is based on 

A. the policy and procedures manual. 

B. an existing BCP from a similar organization. 

C. a review of the business processes and procedures. 

D. a standard checklist of required items and objectives. 

View Answer

Q5. Which of the following actions should be performed when implementing a change to a database schema in a production system? 

A. Test in development, determine dates, notify users, and implement in production 

B. Apply change to production, run in parallel, finalize change in production, and develop a back-out strategy 

C. Perform user acceptance testing in production, have users sign off, and finalize change 

D. Change in development, perform user acceptance testing, develop a back-out strategy, and implement change 

View Answer

Q6. Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage? 

A. Lightweight Directory Access Control (LDAP) 

B. Security Assertion Markup Language (SAML) 

C. Hypertext Transfer Protocol (HTTP) 

D. Kerberos 

View Answer

Q7. Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it? 

A. Testing with a Botnet 

B. Testing with an EICAR file 

C. Executing a binary shellcode 

D. Run multiple antivirus programs 

View Answer

Q8. Which of the following does the Encapsulating Security Payload (ESP) provide? 

A. Authorization and integrity 

B. Availability and integrity 

C. Integrity and confidentiality 

D. Authorization and confidentiality 

View Answer

Q9. Which of the following is the MOST important consideration.when.storing and processing.Personally Identifiable Information (PII)? 

A. Encrypt and hash all PII to avoid disclosure and tampering. 

B. Store PII for no more than one year. 

C. Avoid storing PII in a Cloud Service Provider. 

D. Adherence to collection limitation laws and regulations. 

View Answer

Q10. Which of the following is the BEST countermeasure to brute force login attacks? 

A. Changing all canonical passwords 

B. Decreasing the number of concurrent user sessions 

C. Restricting initial password delivery only in person 

D. Introducing a delay after failed system access attempts 

View Answer