Q1. When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)? 

A. Retain intellectual property rights through contractual wording. 

B. Perform overlapping code reviews by both parties. 

C. Verify that the contractors attend development planning meetings. 

D. Create a separate contractor development environment. 

View Answer

Q2. Which of the following is the MAIN reason that system re-certification and re-accreditation are needed? 

A. To assist data owners in making future sensitivity and criticality determinations 

B. To assure the software development team that all security issues have been addressed 

C. To verify that security protection remains acceptable to the organizational security policy 

D. To help the security team accept or reject new systems for implementation and production 

View Answer

Q3. The three PRIMARY requirements for a penetration test are 

A. A defined goal, limited time period, and approval of management 

B. A general objective, unlimited time, and approval of the network administrator 

C. An objective statement, disclosed methodology, and fixed cost 

D. A stated objective, liability waiver, and disclosed methodology 

View Answer

Q4. The World Trade Organization's (WTO) agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) requires authors of computer software to be given the 

A. right to refuse or permit commercial rentals. 

B. right to disguise the software's geographic origin. 

C. ability to tailor security parameters based on location. 

D. ability to confirm license authenticity of.their works. 

View Answer

Q5. Refer.to the information below to answer the question. 

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. 

What MUST the plan include in order to reduce client-side exploitation? 

A. Approved web browsers 

B. Network firewall procedures 

C. Proxy configuration 

D. Employee education 

View Answer

Q6. When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include 

A. hardened building construction with consideration of seismic factors. 

B. adequate distance from and lack of access to adjacent buildings. 

C. curved roads approaching the data center. 

D. proximity to high crime areas of the city. 

View Answer

Q7. What is a common challenge when implementing Security Assertion Markup Language 

(SAML) for identity integration between on-premise environment and an external identity provider service? 

A. Some users are not provisioned into the service. 

B. SAML tokens are provided by the on-premise identity provider. 

C. Single users cannot be revoked from the service. 

D. SAML tokens contain user information. 

View Answer

Q8. Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)? 

A. Application interface entry and endpoints 

B. The likelihood and impact of a vulnerability 

C. Countermeasures and mitigations for vulnerabilities 

D. A data flow diagram for the application and attack surface analysis 

View Answer

Q9. A security professional is asked to provide a solution that restricts a.bank.teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution? 

A. Access is based on rules. 

B. Access is determined by the system. 

C. Access is based on user's role. 

D. Access is based on data sensitivity. 

View Answer

Q10. For an organization considering two-factor authentication for secure network access, which of the following is MOST secure? 

A. Challenge response and private key 

B. Digital certificates and Single Sign-On (SSO) 

C. Tokens and passphrase 

D. Smart card and biometrics 

View Answer