Q1. What is the BEST method to detect the most common improper initialization problems in programming languages? 

A. Use and specify a strong character encoding. 

B. Use automated static analysis tools that target this type of weakness. 

C. Perform input validation on any numeric inputs by assuring that they are within the expected range. 

D. Use data flow analysis to minimize the number of false positives. 

View Answer

Q2. Discretionary Access Control (DAC) restricts access according to 

A. data classification labeling. 

B. page views within an application. 

C. authorizations granted to the user. 

D. management accreditation. 

View Answer

Q3. What component of a web application that stores the session state in a cookie can be bypassed by an attacker? 

A. An initialization check 

B. An identification check 

C. An authentication check 

D. An authorization check 

View Answer

Q4. Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0.to integrate a third-party identity provider for a service? 

A. Resource Servers are required to use passwords to authenticate end users. 

B. Revocation of access of some users of the third party instead of all the users from the third party. 

C. Compromise of the third party means compromise of all the users in the service. 

D. Guest users need to authenticate with the third party identity provider. 

View Answer

Q5. Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits? 

A. Determining the probability that the system functions safely during any time period 

B. Quantifying the system's available services 

C. Identifying the number of security flaws within the system 

D. Measuring the system's integrity in the presence of failure 

View Answer

Q6. Which of the following is an effective method for avoiding magnetic media data 

remanence? 

A. Degaussing 

B. Encryption 

C. Data Loss Prevention (DLP) 

D. Authentication 

View Answer

Q7. Which of the following is a network intrusion detection technique? 

A. Statistical anomaly 

B. Perimeter intrusion 

C. Port scanning 

D. Network spoofing 

View Answer

Q8. Which one of the following is a fundamental objective in handling an incident? 

A. To restore control of the affected systems 

B. To confiscate the suspect's computers 

C. To prosecute the attacker 

D. To perform full backups of the system 

View Answer

Q9. HOTSPOT 

Identify the component that MOST likely lacks digital accountability related to.information access. 

Click on the correct device in the image below. 

View Answer

Q10. Refer.to the information below to answer the question. 

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. 

Which of the following documents explains the proper use of the organization's assets? 

A. Human resources policy 

B. Acceptable use policy 

C. Code of ethics 

D. Access control policy 

View Answer