Q1. An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor? 

A. Provide the encrypted passwords and analysis tools to the auditor for analysis. 

B. Analyze the encrypted passwords for the auditor and show them the results. 

C. Demonstrate that non-compliant passwords cannot be created in the system. 

D. Demonstrate that non-compliant passwords cannot be encrypted in the system. 

View Answer

Q2. Which of the following is an advantage of on-premise Credential Management Systems? 

A. Improved credential interoperability 

B. Control over system configuration 

C. Lower infrastructure capital costs 

D. Reduced administrative overhead 

View Answer

Q3. What is the MOST important reason to configure unique user IDs? 

A. Supporting accountability 

B. Reducing authentication errors 

C. Preventing password compromise 

D. Supporting Single Sign On (SSO) 

View Answer

Q4. Which of the following would be the FIRST step to take when implementing a patch management program? 

A. Perform automatic deployment of patches. 

B. Monitor for vulnerabilities and threats. 

C. Prioritize vulnerability remediation. 

D. Create a system inventory. 

View Answer

Q5. How can lessons learned from business continuity training and actual recovery incidents BEST be used? 

A. As a means for improvement 

B. As alternative options for awareness and training 

C. As indicators of a need for policy 

D. As business function gap indicators 

View Answer

Q6. If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of.Synchronize/Acknowledge (SYN/ACK) packets to the 

A. default gateway. 

B. attacker's address. 

C. local interface being attacked. 

D. specified source address. 

View Answer

Q7. The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct 

A. log auditing. 

B. code reviews. 

C. impact assessments. 

D. static analysis. 

View Answer

Q8. An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation? 

A. Clients can authenticate themselves to the servers. 

B. Mutual authentication is available between the clients and servers. 

C. Servers are able to issue digital certificates to the client. 

D. Servers can authenticate themselves to the client. 

View Answer

Q9. A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action? 

A. Assess vulnerability risk and program effectiveness. 

B. Assess vulnerability risk and business impact. 

C. Disconnect all systems with critical vulnerabilities. 

D. Disconnect systems with the most number of vulnerabilities. 

View Answer

Q10. Refer.to the information below to answer the question.

.A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. 

The organization should ensure that the third party's physical security controls are in place so that they 

A. are more rigorous.than the original controls. 

B. are able to limit access to sensitive information. 

C. allow access by the organization staff at any time. 

D. cannot be accessed by subcontractors of the third party. 

View Answer