Q1. Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures? 

A. Role Based Access Control (RBAC) 

B. Biometric access control 

C. Federated Identity Management (IdM) 

D. Application hardening 

View Answer

Q2. Which of the following is the MOST important element of change management documentation? 

A. List of components involved 

B. Number of changes being made 

C. Business case justification 

D. A stakeholder communication 

View Answer

Q3. What technique BEST describes antivirus software that detects viruses by watching anomalous behavior? 

A. Signature 

B. Inference 

C. Induction 

D. Heuristic 

View Answer

Q4. A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data? 

A. Public Key Infrastructure (PKI) and digital signatures 

B. Trusted server certificates and passphrases 

C. User ID and password 

D. Asymmetric encryption and User ID 

View Answer

Q5. Which of the following could elicit a.Denial of.Service (DoS).attack against a credential management system? 

A. Delayed revocation or destruction of credentials 

B. Modification of Certificate Revocation List 

C. Unauthorized renewal or re-issuance 

D. Token use after decommissioning 

View Answer

Q6. During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take? 

A. Immediately call the police 

B. Work with the client to resolve the issue internally 

C. Advise.the.person performing the illegal activity to cease and desist 

D. Work with the client to report the activity to the appropriate authority 

View Answer

Q7. Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review? 

A. It has normalized severity ratings. 

B. It has many worksheets and practices to implement. 

C. It aims to calculate the risk of published vulnerabilities. 

D. It requires a robust risk management framework to be put in place. 

View Answer

Q8. What does an organization FIRST review to assure compliance with privacy requirements? 

A. Best practices 

B. Business objectives 

C. Legal and regulatory mandates 

D. Employee's compliance to policies and standards 

View Answer

Q9. The birthday attack is MOST effective against which one of the following cipher technologies? 

A. Chaining block encryption 

B. Asymmetric cryptography 

C. Cryptographic hash 

D. Streaming cryptography 

View Answer

Q10. During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again? 

A. Encrypt communications between the servers 

B. Encrypt the web server traffic 

C. Implement server-side filtering 

D. Filter outgoing traffic at the perimeter firewall 

View Answer