Q1. Why must all users be positively identified.prior.to using multi-user computers? 

A. To provide access to system privileges 

B. To provide access to the operating system 

C. To ensure that unauthorized persons cannot access the computers 

D. To ensure that management knows what users are currently logged on 

View Answer

Q2. Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment? 

A. Integration with organizational directory services for authentication 

B. Tokenization of data 

C. Accommodation of hybrid deployment models 

D. Identification of data location 

View Answer

Q3. Which of the following is the MAIN reason that system re-certification and re-accreditation are needed? 

A. To assist data owners in making future sensitivity and criticality determinations 

B. To assure the software development team that all security issues have been addressed 

C. To verify that security protection remains acceptable to the organizational security policy 

D. To help the security team accept or reject new systems for implementation and production 

View Answer

Q4. An advantage of link encryption in a communications network is that it 

A. makes key management and distribution easier. 

B. protects data from start to finish through the entire network. 

C. improves the efficiency of the transmission. 

D. encrypts all information, including headers and routing information. 

View Answer

Q5. For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data? 

A. Information Systems Security Officer 

B. Data Owner 

C. System Security Architect 

D. Security Requirements Analyst 

View Answer

Q6. Which of the following does Temporal Key Integrity Protocol (TKIP) support? 

A. Multicast and broadcast messages 

B. Coordination of IEEE 802.11 protocols 

C. Wired Equivalent Privacy (WEP) systems 

D. Synchronization of.multiple devices 

View Answer

Q7. What does an organization FIRST review to assure compliance with privacy requirements? 

A. Best practices 

B. Business objectives 

C. Legal and regulatory mandates 

D. Employee's compliance to policies and standards 

View Answer

Q8. Which of the following BEST describes the purpose of performing security certification? 

A. To identify system threats, vulnerabilities, and acceptable level of risk 

B. To formalize the confirmation of compliance to security policies and standards 

C. To formalize the confirmation of completed risk mitigation and risk analysis 

D. To verify that system architecture and interconnections with other systems are effectively implemented 

View Answer

Q9. Which of the following is the BEST reason to review audit logs periodically? 

A. Verify they are operating properly 

B. Monitor employee productivity 

C. Identify anomalies in use patterns 

D. Meet compliance regulations 

View Answer

Q10. Logical access control programs are MOST effective when they are 

A. approved by external auditors. 

B. combined with security token technology. 

C. maintained by computer security officers. 

D. made part of the operating system. 

View Answer