Q1. A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the.Chief.Executive Officer.(CEO).and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred? 

A. Spoofing 

B. Eavesdropping 

C. Man-in-the-middle 

D. Denial of service 

View Answer

Q2. Refer.to the information below to answer the question. 

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. 

In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes? 

A. Text editors, database, and Internet phone applications 

B. Email, presentation, and database applications 

C. Image libraries, presentation and spreadsheet applications 

D. Email, media players, and instant messaging applications 

View Answer

Q3. Refer.to the information below to answer the question. 

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. 

Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives? 

A. Severity of risk 

B. Complexity of strategy 

C. Frequency of incidents 

D. Ongoing awareness 

View Answer

Q4. The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability? 

A. Two-factor authentication 

B. Single Sign-On (SSO) 

C. User self-service 

D. A metadirectory 

View Answer

Q5. The PRIMARY purpose of a security awareness program is to 

A. ensure that everyone understands the organization's policies and procedures. 

B. communicate that access to information will be granted on a need-to-know basis. 

C. warn all users that access to all systems will be monitored on a daily basis. 

D. comply with regulations related to data and information protection. 

View Answer

Q6. Which of the following is the BEST example of weak management commitment to the protection of security assets and resources? 

A. poor governance over security processes and procedures 

B. immature security controls and procedures 

C. variances against regulatory requirements 

D. unanticipated increases in security incidents and threats 

View Answer

Q7. Which of the following secures web transactions at the Transport Layer? 

A. Secure HyperText Transfer Protocol (S-HTTP) 

B. Secure Sockets Layer (SSL) 

C. Socket Security (SOCKS) 

D. Secure Shell (SSH) 

View Answer

Q8. DRAG DROP 

Order the below steps to create an effective vulnerability management process. 

View Answer

Q9. An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to 

A. encrypt the contents of the repository and document any exceptions to that requirement. 

B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected. 

C. keep individuals with access to high security areas from saving those documents into lower security areas. 

D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA). 

View Answer

Q10. Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents? 

A. Ineffective.data classification.

B. Lack of data access.controls 

C. Ineffective identity management controls 

D. Lack of Data Loss Prevention (DLP) tools 

View Answer