Q1. Which of the following explains why record destruction requirements are included in a data retention policy? 

A. To comply with legal and business requirements 

B. To save cost for storage and backup 

C. To meet destruction.guidelines 

D. To validate data ownership 

View Answer

Q2. HOTSPOT 

In the network design below, where.is.the.MOST secure.Local Area Network (LAN).segment to deploy a.Wireless.Access.Point (WAP) that provides.contractors.access to the Internet and authorized enterprise services? 

View Answer

Q3. The BEST method of demonstrating a company's security level to potential customers is 

A. a report from an external auditor. 

B. responding to a customer's security questionnaire. 

C. a formal report from an internal auditor. 

D. a site visit by a customer's security team. 

View Answer

Q4. Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data? 

A. Secondary use of the data by business users 

B. The organization's security policies and standards 

C. The business purpose for which the data is to be used 

D. The overall protection of corporate resources and data 

View Answer

Q5. What is the MOST critical factor to achieve the goals of a security program? 

A. Capabilities of security resources 

B. Executive management support 

C. Effectiveness of security management 

D. Budget approved for security resources 

View Answer

Q6. Refer.to the information below to answer the question. 

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. 

In the plan, what is the BEST approach to mitigate future internal client-based attacks? 

A. Block all client side web exploits at the perimeter. 

B. Remove all non-essential client-side web services from the network. 

C. Screen for harmful exploits of client-side services before implementation. 

D. Harden the client image before deployment. 

View Answer

Q7. A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the.Chief.Executive Officer.(CEO).and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred? 

A. Spoofing 

B. Eavesdropping 

C. Man-in-the-middle 

D. Denial of service 

View Answer

Q8. Which of the following BEST describes a rogue Access Point (AP)? 

A. An AP that is not protected by a firewall 

B. An.AP not configured to use Wired Equivalent Privacy (WEP) with Triple Data Encryption Algorithm (3DES) 

C. An.AP connected to the wired infrastructure but not under the management of authorized network administrators 

D. An.AP infected by any kind of Trojan or Malware 

View Answer

Q9. Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique? 

A. It is useful for testing communications protocols and graphical user interfaces. 

B. It is characterized by the stateless behavior of a process implemented in a function. 

C. Test inputs are obtained from the derived boundaries of the given functional specifications. 

D. An entire partition can be covered by considering only one representative value from that partition. 

View Answer

Q10. A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step? 

A. Identify and select recovery strategies. 

B. Present the findings to management for funding. 

C. Select members for the organization's recovery teams. 

D. Prepare a plan to test the organization's ability to recover its operations. 

View Answer