Q1. Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks? 

A. Masquerading, salami, malware, polymorphism 

B. Brute force, dictionary, phishing, keylogger 

C. Zeus, netbus, rabbit, turtle 

D. Token, biometrics, IDS, DLP 

View Answer

Q2. According to best practice, which of the following is required when implementing third party software in a production environment? 

A. Scan the application for vulnerabilities 

B. Contract the vendor for patching 

C. Negotiate end user application training 

D. Escrow a copy of the software 

View Answer

Q3. Which of the following would be the FIRST step to take when implementing a patch management program? 

A. Perform automatic deployment of patches. 

B. Monitor for vulnerabilities and threats. 

C. Prioritize vulnerability remediation. 

D. Create a system inventory. 

View Answer

Q4. In a financial institution, who has the responsibility for assigning the classification to a piece of information? 

A. Chief Financial Officer (CFO) 

B. Chief Information Security Officer (CISO) 

C. Originator or nominated owner of the information 

D. Department head responsible for ensuring the protection of the information 

View Answer

Q5. Which of the following assures that rules are followed in an identity management architecture? 

A. Policy database 

B. Digital signature 

C. Policy decision point 

D. Policy enforcement point 

View Answer

Q6. A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation? 

A. The inherent risk is greater than the residual risk. 

B. The Annualized Loss Expectancy (ALE) approaches zero. 

C. The expected loss from the risk exceeds mitigation costs. 

D. The infrastructure budget can easily cover the upgrade costs. 

View Answer

Q7. In a basic SYN flood attack, what is the attacker attempting to achieve? 

A. Exceed the threshold limit of the connection queue for a given service 

B. Set the threshold to zero for a given service 

C. Cause the buffer to overflow, allowing root access 

D. Flush the register stack, allowing hijacking of the root account 

View Answer

Q8. Are companies legally required to report all data breaches? 

A. No, different jurisdictions have different rules. 

B. No, not if the data is encrypted. 

C. No, companies' codes of ethics don't require it. 

D. No, only if the breach had a material impact. 

View Answer

Q9. What is the MAIN feature that onion routing networks offer? 

A. Non-repudiation 

B. Traceability 

C. Anonymity 

D. Resilience 

View Answer

Q10. What physical characteristic does a retinal scan biometric device measure? 

A. The amount of light reflected by the retina 

B. The size, curvature, and shape of the retina 

C. The pattern of blood vessels at the back of the eye 

D. The pattern of light receptors at the back of the eye 

View Answer