Q1. Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?
A. Access based on rules
B. Access based on user's role
C. Access determined by the system
D. Access based on data sensitivity
Answer: B
Q2. Which of the following is a security limitation of File Transfer Protocol (FTP)?
A. Passive FTP is not compatible with web browsers.
B. Anonymous access is allowed.
C. FTP uses Transmission Control Protocol (TCP) ports 20 and 21.
D. Authentication is not encrypted.
Answer: D
Q3. The goal of software assurance in application development is to
A. enable the development of High Availability (HA) systems.
B. facilitate the creation of Trusted Computing Base (TCB) systems.
C. prevent the creation of vulnerable applications.
D. encourage the development of open source applications.
Answer: C
Q4. Which of the following is an attacker MOST likely to target to gain privileged access to a system?
A. Programs that write to system resources
B. Programs that write to user directories
C. Log files containing sensitive information
D. Log files containing system calls
Answer: A
Q5. Which of the following is the MOST crucial for a successful audit plan?
A. Defining the scope of the audit to be performed
B. Identifying the security controls to be implemented
C. Working with the system owner on new controls
D. Acquiring evidence of systems that are not compliant
Answer: A
Q6. What is one way to mitigate the risk of security flaws in.custom.software?
A. Include security language in the Earned Value Management (EVM) contract
B. Include security assurance clauses in the Service Level Agreement (SLA)
C. Purchase only Commercial Off-The-Shelf (COTS) products
D. Purchase only software with no open source Application Programming Interfaces (APIs)
Answer: B
Q7. The goal of a Business Continuity Plan (BCP) training and awareness program is to
A. enhance the skills required to create, maintain, and execute the plan.
B. provide for a high level of recovery in case of disaster.
C. describe the recovery organization to new employees.
D. provide each recovery team with checklists and procedures.
Answer: A
Q8. What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?
A. Man-in-the-Middle (MITM) attack
B. Smurfing
C. Session redirect
D. Spoofing
Answer: D
Q9. In a data classification scheme, the data is owned by the
A. Information Technology (IT) managers.
B. business managers.
C. end users.
D. system security managers.
Answer: B
Q10. Refer.to the information below to answer the question.
Desktop computers in an organization were sanitized.for re-use.in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.
After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?
A. Commercial products often have serious weaknesses of the magnetic force available in the degausser product.
B. Degausser products may not be properly maintained and operated.
C. The inability to turn the drive around in the chamber for the second pass due to human error.
D. Inadequate record keeping when sanitizing media.
Answer: B