Q1. The FIRST step in building a firewall is to 

A. assign the roles and responsibilities of the firewall administrators. 

B. define the intended audience who will read the firewall policy. 

C. identify mechanisms to encourage compliance with the policy. 

D. perform a risk analysis to identify issues to be addressed. 

View Answer

Q2. For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data? 

A. Information Systems Security Officer 

B. Data Owner 

C. System Security Architect 

D. Security Requirements Analyst 

View Answer

Q3. Multi-threaded applications are more at risk than single-threaded applications to 

A. race conditions. 

B. virus infection. 

C. packet sniffing. 

D. database injection. 

View Answer

Q4. Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service? 

A. Insecure implementation of Application Programming Interfaces (API) 

B. Improper use and storage of management keys 

C. Misconfiguration of infrastructure allowing for unauthorized access 

D. Vulnerabilities within protocols that can expose confidential data 

View Answer

Q5. Which of the following elements.MUST a compliant EU-US Safe Harbor Privacy Policy contain? 

A. An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed. 

B. An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject. 

C. An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to. 

D. An explanation of all the technologies employed by the collecting organization in gathering information on the data subject. 

View Answer

Q6. Who must approve modifications to an organization's production infrastructure configuration? 

A. Technical management 

B. Change control board 

C. System operations 

D. System users 

View Answer

Q7. When constructing.an.Information Protection.Policy.(IPP), it is important that the stated rules are necessary, adequate, and 

A. flexible. 

B. confidential. 

C. focused. 

D. achievable. 

View Answer

Q8. What is an effective practice when returning electronic storage media to third parties for repair? 

A. Ensuring the media is not labeled in any way that indicates the organization's name. 

B. Disassembling the media and removing parts that may contain sensitive data. 

C. Physically breaking parts of the media that may contain sensitive data. 

D. Establishing a contract with the third party regarding the secure handling of the media. 

View Answer

Q9. Refer.to the information below to answer the question. 

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. 

Which of the following is considered the MOST important priority for the information security officer? 

A. Formal acceptance of the security strategy 

B. Disciplinary actions taken against unethical behavior 

C. Development of an awareness program for new employees 

D. Audit of all organization system configurations for faults 

View Answer

Q10. Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique? 

A. It is useful for testing communications protocols and graphical user interfaces. 

B. It is characterized by the stateless behavior of a process implemented in a function. 

C. Test inputs are obtained from the derived boundaries of the given functional specifications. 

D. An entire partition can be covered by considering only one representative value from that partition. 

View Answer