CISSP 7 (2nd study)

Which of the following techniques evaluates the secure design principles of network or software architectures?. Risk modeling. Waterfall method. Threat modeling. Fuzzing.

Which element of software supply chain management has the GREATEST security risk to organizations?. Unsupported libraries are often used. Applications with multiple contributors are difficult to evaluate. Vulnerabilities are difficult to detect. New software development skills are hard to acquire.

Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?. Communicate with the press following the communications plan. Dispatch personnel to the disaster recovery (DR) site. Take photos of the damage. Notify all of the Board of Directors.

When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users accessing the VoIP network. Which of the following will BEST help secure the VoIP network?. 802.11g. Web application firewall (WAF). Transport Layer Security (TLS). 802.1x.

A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?. Use a salted cryptographic hash of the password. Validate passwords using a stored procedure. Allow only the application to have access to the password field in order to verify user authentication. Encrypt the entire database and embed an encryption key in the application.

Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?. Common Vulnerabilities and Exposures (CVE). Center for Internet Security (CIS). Common Vulnerability Scoring System (CVSS). Open Web Application Security Project (OWASP).

A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the application infrastructure located within one co-location data center. Which security principle is the architect currently assessing?. Disaster recovery (DR). Availability. Redundancy. Business continuity (BC).

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements. Data stewardship roles, data handling and storage standards, data lifecycle requirements. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements.

The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?. Headcount and capacity. Scope and service catalog. Skill set and training. Tools and technologies.

An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per-project basis. What type of user access administration is BEST suited to meet the organization's needs?. Decentralized. Hybrid. Centralized. Federated.

Which of the following is a secure design principle for a new product?. Restrict the use of modularization. Do not rely on previously used code. Build in appropriate levels of fault tolerance. Utilize obfuscation whenever possible.

What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?. Standardize specifications between software security products. Achieve organizational compliance with international standards. Improve vulnerability assessment capabilities. Save security costs for the organization.

What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software defined networking (SDN)?. Network syntax, abstraction of network flow, and abstraction of network protocols. Network syntax, abstraction of network commands, and abstraction of network protocols. Familiar syntax, abstraction of network topology, and definition of network protocols. Familiar syntax, abstraction of network topology, and abstraction of network protocols.

Which of the following is a unique feature of attribute-based access control (ABAC)?. A user is granted access to a system at a particular time of day. A user is granted access to a system based on username and password. A user is granted access to a system based on group affinity. A user is granted access to a system with biometric authentication.

Which of the following is the BEST approach to implement multiple servers on a virtual system?. Implement one primary function per virtual server and apply individual security configuration for each virtual server. Implement multiple functions within the same virtual server and apply individual security configurations to each function. Implement one primary function per virtual server and apply high security configuration on the host operating system. Implement multiple functions per virtual server and apply the same security configuration for each virtual server.

Which of the following is the MOST common cause of system or security failures?. Lack of physical security controls. Lack of change control. Lack of logging and monitoring. Lack of system documentation.

The Chief Information Officer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud architecture. All business-critical data will be migrated to either internal or external cloud services within the next two years. The CIO has a PRIMARY obligation to work with personnel in which role in order to ensure proper protection of data during and after the cloud migration?. Chief Security Officer (CSO). Information owner. Chief Information Security Officer (CISO). General Counsel.

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?. Execute. Read. Write. Append.

When performing an investigation with the potential for legal action, what should be the analyst's FIRST consideration?. Data decryption. Chain-of-custody. Authorization to collect. Court admissibility.

Building blocks for software-defined networks (SDN) require which of the following?. The SDN is composed entirely of client-server pairs. Random-access memory (RAM) is used in preference to virtual memory. The SDN is mostly composed of virtual machines (VM). Virtual memory is used in preference to random-access memory (RAM).

What is the MINIMUM standard for testing a disaster recovery plan (DRP)?. Quarterly or more frequently depending upon the advice of the information security manager. As often as necessary depending upon the stability of the environment and business requirements. Annually or less frequently depending upon audit department requirements. Semi-annually and in alignment with a fiscal half-year business cycle.

Which security audit standard provides the BEST way for an organization to understand a vendor's Information Systems (IS) in relation to confidentiality, integrity, and availability?. Service Organization Control (SOC) 2. Statement on Standards for Attestation Engagements (SSAE) 18. Statement on Auditing Standards (SAS) 70. Service Organization Control (SOC) 1.

An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?. Allowed number of characters. Population of required fields. Reasonable data. Session testing.

An organization is considering partnering with a third-party supplier of cloud services. The organization will only be providing the data and the third-party supplier will be providing the security controls. Which of the following BEST describes this service offering?. Platform as a Service (PaaS). Anything as a Service (XaaS). Infrastructure as a Service (IaaS). Software as a Service (SaaS).

Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?. Mandatory Access Control (MAC) and Discretionary Access Control (DAC). Discretionary Access Control (DAC) and Access Control List (ACL). Role Based Access Control (RBAC) and Mandatory Access Control (MAC). Role Based Access Control (RBAC) and Access Control List (ACL).

Which of the following is the MOST significant key management problem due to the number of keys created?. Exponential growth when using symmetric keys. Exponential growth when using asymmetric keys. Storage of the keys require increased security. Keys are more difficult to provision and revoke.

Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC) Code of Professional Ethics, which of the following should the CISSP do?. Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent and qualified. Since they are CISSP certified, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a timely manner. Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it. Review the PCI requirements before performing the vulnerability assessment.

While performing a security review for a new product, an information security professional discovers that the organization's product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?. Customer identifiers should be a variant of the user's government-issued ID number. Customer identifiers should be a cryptographic hash of the user's government-issued ID number. Customer identifiers that do not resemble the user's government-issued ID number should be used. Customer identifiers should be a variant of the user's name, for example, "jdoe" or "john.doe.".

The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the team taken into consideration?. Biometric data cannot be changed. Biometric data cannot be changed. Biometric data must be protected from disclosure. Separate biometric data streams require increased security.

Information security practitioners are in the midst of implementing a new firewall. Which of the following failure methods would BEST prioritize security in the event of failure?. Failover. Fail-Closed. Fail-Safe. Fail-Open.

Which of the following services can be deployed via a cloud service or onpremises to integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?. Multi-factor authentication (MFA). Directory. User database. Single sign-on (SSO).

Which of the following statements is TRUE about Secure Shell (SSH)?. SSH supports port forwarding, which can be used to protect less secured protocols. SSH does not protect against man-in-the-middle (MITM) attacks. SSH is easy to deploy because it requires a Web browser only. SSH can be used with almost any application because it is concerned with maintaining a circuit.

What is considered a compensating control for not having electrical surge protectors installed?. Having dual lines to network service providers built to the site. Having a hot disaster recovery (DR) environment for the site. Having network equipment in active-active clusters at the site. Having backup diesel generators installed to the site.

Having backup diesel generators installed to the site. Identify the factors that have potential to impact business. Establish the scope and actions required. Identify existing controls in the environment. Establish the expectations of stakeholder involvement.

Which of the following is the PRIMARY goal of logical access controls?. Restrict access to an information asset. Ensure availability of an information asset. Restrict physical access to an information asset. Ensure integrity of an information asset.

Which of the following is a covert channel type?. Pipe. Memory. Storage. Monitoring.

A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is MOST likely to achieve this goal?. Weakly typed. Dynamically typed. Strongly typed. Statically typed.

Which of the following roles is responsible for ensuring that important datasets are developed, maintained, and are accessible within their defined specifications?. Data Custodian. Data Reviewer. Data User. Data Owner.

What is static analysis intended to do when analyzing an executable file?. Search the documents and files associated with the executable file. Analyze the position of the file in the file system and the executable file's libraries. Collect evidence of the executable file's usage, including dates of creation and last use. Disassemble the file to gather information about the executable file's function.

A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?. Application-Level Proxy. Intrusion detection system (IDS). Host-based Firewall. Circuit-Level Proxy.

What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?. ICS often run on UNIX operating systems. ICS often do not have availability requirements. ICS are often sensitive to unexpected traffic. ICS are often isolated and difficult to access.

The security team plans on using automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with fewest errors when running the audit?. Frequent audits. Segregation of Duties (SoD). Removal of service accounts from review. Clear provisioning policies.

In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?. Organizational Security Policy. Security Target (ST). Protection Profile (PP). Target of Evaluation (TOE).

Which of the following is an example of a vulnerability of full-disk encryption (FDE)?. Data on the device cannot be restored from backup. Data on the device cannot be backed up. Data in transit has been compromised when the user has authenticated to the device. Data at rest has been compromised when the user has authenticated to the device.

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?. Implement network access control lists (ACL). Implement an intrusion prevention system (IPS). Implement a web application firewall (WAF). Implement egress filtering at the organization's network boundary.

A large organization's human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?. Implement a Privileged Access Management (PAM) system. Implement a role-based access control (RBAC) system. Implement identity and access management (IAM) platform. Implement a single sign-on (SSO) platform.

A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to exchange authentication and authorization data between security domains. However, an attacker was able to spoof a registered account on the network and query the SAML provider. What is the MOST common attack leveraged against this flaw?. Attacker leverages SAML assertion to register an account on the security domain. Attacker forges requests to authenticate as a different user. Attacker exchanges authentication and authorization data between security domains. Attacker conducts denial-of-service (DoS) against the security domain by authenticating as the same user repeatedly.

An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow?. Perform incremental assessments. Engage a third-party auditing firm. Review security architecture. Conduct penetration testing.

What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline JavaScript and the execution of eval()-type functions?. X-XSS-Protection. Content-Security-Policy. X-Frame-Options. Strict-Transport-Security.

A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy?. Facility size, intermodulation, and direct satellite service. Performance, geographic location, and radio signal interference. Existing client devices, manufacturer reputation, and electrical interference. Hybrid frequency band, service set identifier (SSID), and interpolation.

A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?. Open source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild. Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited. Open source libraries contain unknown vulnerabilities, so they should not be used. Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.

A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied. The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?. Lower environment. Desktop environment. Server environment. Production environment.

What BEST describes the confidentiality, integrity, availability triad?. A vulnerability assessment to see how well the organization's data is protected. The three-step approach to determine the risk level of an organization. The implementation of security systems to protect the organization's data. A tool used to assist in understanding how to protect the organization's data.

Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?. To provide each manager with precise direction on selecting an appropriate recovery alternative. To demonstrate to the board of directors that senior management is committed to continuity recovery efforts. To provide a formal declaration from senior management as required by internal audit to demonstrate sound business practices. To demonstrate to the regulatory bodies that the company takes business continuity seriously.

A Simple Power Analysis (SPA) attack against a device directly observes which of the following?. Magnetism. Generation. Generation. Static discharge.

Which of the following MUST the administrator of a security information and event management (SIEM) system ensure?. All sources are synchronized with a common time reference. All sources are reporting in the exact same Extensible Markup Language (XML) format. Data sources do not contain information infringing upon privacy regulations. Each source uses the same Internet Protocol (IP) address for reporting.

An organization wants to share data securely with their partners via the Internet. Which standard port is typically used to meet this requirement?. Setup a server on User Datagram Protocol (UDP) port 69. Setup a server on Transmission Control Protocol (TCP) port 21. Setup a server on Transmission Control Protocol (TCP) port 22. Setup a server on Transmission Control Protocol (TCP) port 80.

When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?. Estimated Maximum Loss (EML) + Recovery Time Objective (RTO). Business impact analysis (BIA) + Recovery Point Objective (RPO). Annual Loss Expectancy (ALE) + Work Recovery Time (WRT). Recovery Time Objective (RTO) + Work Recovery Time (WRT).

In systems security engineering, what does the security principle of modularity provide?. Minimal access to perform a function. Documentation of functions. Isolated functions and data. Secure distribution of programs and data.

Which of the following is the strongest physical access control?. Biometrics, a password, and personal identification number (PIN). Individual password for each user. Biometrics and badge reader. Biometrics, a password, and badge reader.

An access control list (ACL) on a router is a feature MOST similar to which type of firewall?. Stateful firewall. Packet filtering firewall. Application gateway firewall. Heuristic firewall.

While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?. Detective and recovery controls. Corrective and recovery controls. Preventative and corrective controls. Recovery and proactive controls.

A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?. SOC 1. SOC 2 Type 1. SOC 2 Type 2. SOC 3.

Which of the following is TRUE for an organization that is using a third-party federated identity service?. The organization specifies alone how to authenticate other organization's users. The organization defines internal standard for overall user identification. The organization establishes a trust relationship with the other organizations. The organization enforces the rules to other organization's user provisioning.

Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization?. Maintaining the inventory through a combination of asset owner interviews, open-source system management, and open-source management tools. Maintaining the inventory through a combination of desktop configuration, administration management, and procurement management tools. Maintaining the inventory through a combination of on premise storage configuration, cloud management, and partner management tools. Maintaining the inventory through a combination of system configuration, network management, and license management tools.

Which of the following outsourcing agreement provisions has the HIGHEST priority from a security operations perspective?. Conditions to prevent the use of subcontractors. Terms for contract renegotiation in case of disaster. Root cause analysis for application performance issue. Escalation process for problem resolution during incidents.

Which of the following is the MOST comprehensive Business Continuity (BC) test?. Full interruption. Full simulation. Full table top. Full functional drill.

A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the following is the BEST solution to implement?. An intrusion prevention system (IPS). Network Access Control (NAC). Active Directory (AD) authentication. A firewall.

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?. Assessment. Planning. Improvement. Operation.

When developing an external facing web-based system, which of the following would be the MAIN focus of the security assessment prior to implementation and production?. Ensuring Secure Sockets Layer (SSL) certificates are signed by a certificate authority. Ensuring Secure Sockets Layer (SSL) certificates are internally signed. Assessing the Uniform Resource Locator (URL). Ensuring that input validation is enforced.

A financial services organization has employed a security consultant to review processes used by employees across various teams. The consultant interviewed a member of the application development practice and found gaps in their threat model. Which of the following correctly represents a trigger for when a threat model should be revised?. After operating system (OS) patches are applied. A new developer is hired into the team. After a modification to the firewall rule policy. A new data repository is added.

The Chief Information Security Officer (CISO) of an organization has requested that a Service Organization Control (SOC) report be created to outline the security and availability of a particular system over a 12-month period. Which type of SOC report should be utilized?. SOC 1 Type 1. SOC 1 Type 2. SOC 2 Type 2. SOC 3 Type 1.

An organization recently upgraded to a Voice over Internet Protocol (VoIP) phone system. Management is concerned with unauthorized phone usage. The security consultant is responsible for putting together a plan to secure these phones. Administrators have assigned unique personal identification number (PIN) codes for each person in the organization. What is the BEST solution?. Have the administrator enforce a policy to change the PIN regularly. Implement call detail records (CDR) reports to track usage. Have the administrator change the PIN regularly. Implement call detail records (CDR) reports to track usage. Use phone locking software to enforce usage and PIN policies. Inform the user to change the pin regularly. Implement call detail records (CDR) reports to track usage.

Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?. Sender non-repudiation. Multi-factor authentication (MFA). Payload encryption. Sender confidentiality.

An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding a related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective of the system. Which trust service principle would be MOST applicable in th is situation?. Confidentiality. Processing Integrity. Security. Availability.

In which process MUST security be considered during the acquisition of new software?. Request for proposal (RFP). Implementation. Vendor selection. Contract negotiation.

Which of the following is the MAIN difference between a network-based firewall and a host-based firewall?. A network-based firewall is stateful, while a host-based firewall is stateless. A network-based firewall blocks network intrusions, while a host-based firewall blocks malware. A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device. A network-based firewall verifies network traffic, while a host-based firewall verifies processes and applications.

Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when traveling to high- risk countries?. Review applicable destination country laws, forensically clean devices prior to travel, and only download sensitive data over a virtual private network (VPN) upon arriving at the destination. Leverage a Secure Socket Layer (SSL) connection over a virtual private network (VPN) to download sensitive data upon arriving at the destination. Keep laptops, external storage devices, and smartphones in the hotel room when not in use. Use multi-factor authentication (MFA) to gain access to data stored on laptops or external storage devices and biometric fingerprint access control mechanisms to unlock smartphones.

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?. Confirm that confidentiality agreements are signed. Employ strong access controls. Log all activities associated with sensitive systems. Provide links to security policies.

Which of the following regulations dictates how data breaches are handled?. Payment Card Industry Data Security Standard (PCI-DSS). National Institute of Standards and Technology (NIST). Sarbanes-Oxley (SOX). General Data Protection Regulation (GDPR).

In software development, developers should use which type of queries to prevent a Structured Query Language (SQL) injection?. Parameterised. Controlled. Dynamic. Static.

Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee records?. Role-based access control (RBAC). Attribute-based access control (ABAC). Discretionary access control (DAC). Mandatory access control (MAC).

Which of the following examples is BEST to minimize the attack surface for a customer's private information?. Data masking. Authentication. Obfuscation. Collection limitation.

Which evidence collecting technique would be utilized when it is believed an attacker is employing a rootkit and a quick analysis is needed?. Forensic disk imaging. Live response. Memory collection. Malware analysis.

An application is used for funds transfers between an organization and a thirdparty. During a security audit, an auditor has found an issue with the business continuity disaster recovery policy and procedures for this application. Which of the following reports should the auditor file with the organization?. Statement on Auditing Standards (SAS) 70-1. Statement on Auditing Standards (SAS) 70. Service Organization Control (SOC) 1. Service Organization Control (SOC) 2.

When determining data and information asset handling, regardless of the specific toolset being used, which of the following is one of the common components of big data?. Distributed storage locations. Centralized processing location. Distributed data collection. Consolidated data collection.

A Chief Information Security Officer (CISO) of a firm which decided to migrate to cloud has been tasked with ensuring an optimal level of security. Which of the following would be the FIRST consideration?. Analyze the firm's applications and data repositories to determine the relevant control requirements. Request a security risk assessment of the cloud vendor be completed by an independent third-party. Define the cloud migration roadmap and set out which applications and data repositories should be moved into the cloud. Ensure that the contract between the cloud vendor and the firm clearly defines responsibilities for operating security controls.

Which of the following BEST describes the purpose of Border Gateway Protocol (BGP)?. Provide Routing Information Protocol (RIP) version 2 advertisements to neighboring layer 3 devices. Maintain a list of network paths between internet routers. Provide firewall services to cloud-enabled applications. Maintain a list of efficient network paths between autonomous systems.

What is the BEST design for securing physical perimeter protection?. Closed-circuit television (CCTV). Business continuity planning (BCP). Barriers, fences, gates, and walls. Crime Prevention through Environmental Design (CPTED).

The security organization is looking for a solution that could help them determine with a strong level of confidence that attackers have breached their network. Which solution is MOST effective at discovering a successful network breach?. Developing a sandbox. Installing an intrusion detection system (IDS). Deploying a honeypot. Installing an intrusion prevention system (IPS).

Which of the following is a benefit of implementing data-in-use controls?. If the data is lost, it must be decrypted to be opened. When the data is being viewed, it can only be printed by authorized users. When the data is being viewed, it can be accessed using secure protocols. If the data is lost, it may not be accessible to unauthorized users.

When configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network, which of the following authentication types is the MOST secure?. EAP-Protected Extensible Authentication Protocol (PEAP). EAP-Transport Layer Security (TLS). EAP-Tunneled Transport Layer Security (TLS). EAP-Flexible Authentication via Secure Tunneling.

Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?. Monitor mail servers for sensitive data being exfiltrated. Educate end-users on methods of attacks on sensitive data. Establish report parameters for sensitive data. Store sensitive data only when necessary.

An organization with divisions in the United States (US) and the United Kingdom (UK) processes data comprised of personal information belonging to subjects living in the European Union (EU) and in the US. Which data MUST be handled according to the privacy protections of General Data Protection Regulation (GDPR)?. Only the UK citizens' data. Only the EU residents' data. Only data processed in the UK. Only the EU citizens' data.

What are the first two components of logical access control?. Authentication and availability. Authentication and identification. Identification and confidentiality. Confidentiality and authentication.

Which of the following is the MOST effective measure for dealing with rootkit attacks?. Restoring the system from the last backup. Finding and replacing the altered binaries with legitimate ones. Turning off unauthorized services and rebooting the system. Reinstalling the system from trusted sources.

Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy?. Storage. Training. Legal. Business.

A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not affiliated with the organization was inquiring about the member's work location, length of employment, and building access controls. The employee's reporting is MOST likely the result of which of the following?. Security engineering. Security awareness. Phishing. Risk avoidance.

The disaster recovery (DR) process should always include: periodic inventory review. financial data analysis. plan maintenance. periodic vendor review.

An organization has determined that its previous waterfall approach to software development is not keeping pace with business demands. To adapt to the rapid changes required for product delivery, the organization has decided to move towards an Agile software development and release cycle. In order to ensure the success of the Agile methodology, who is the MOST critical in creating acceptance criteria for each release?. Business customers. Software developers. Independent testers. Project managers.

What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?. Publish an acceptable usage policy. Publish a social media guidelines document. Deliver security awareness training. Document a procedure for accessing social media sites.

A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon auditing the internal configuration, the network administrator discovered that split-tunneling was enabled. What is the concern with this configuration?. The network intrusion detection system (NIDS) will fail to inspect Secure Sockets Layer (SSL) traffic. Remote sessions will not require multi-layer authentication. Remote clients are permitted to exchange traffic with the public and private network. Multiple Internet Protocol Security (IPSec) tunnels may be exploitable in specific circumstances.

In an IDEAL encryption system, who has sole access to the decryption key?. Data custodian. System owner. System administrator. Data owner.

Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?. Cutover. Parallel. Walkthrough. Tabletop.

Which of the following methods provides the MOST protection for user credentials?. Forms-based authentication. Self-registration. Basic authentication. Digest authentication.

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?. Functional test. Unit test. Grey box. White box.

How does Radio-Frequency Identification (RFID) assist with asset management?. It uses biometric information for system identification. It uses two-factor authentication (2FA) for system identification. It transmits unique serial numbers wirelessly. It transmits unique Media Access Control (MAC) addresses wirelessly.

Which of the following is the FIRST step an organization's professional performs when defining a cyber-security program based upon industry standards?. Review the past security assessments. Define the organization's objectives regarding security and risk mitigation. Map the organization's current security practices to industry standards. Select from a choice of security best practices.

What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?. Maintaining the chain of custody. Capturing an image of the system. Outlining all actions taken during the investigation. Complying with the organization's security policy.

Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other. The first machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address of 192.168.1.3/30 and the second machine has an IP/CIDR address 192.168.1.6/30. Which of the following is correct?. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network bridge in order to communicate. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network router in order to communicate. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network bridge in order to communicate. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network router in order to communicate.

Security Software Development Life Cycle (SDLC) expects application code to be written in a consistent manner to allow ease of auditing and which of the following?. Protecting. Copying. Enhancing. Executing.

Which of the following is a risk matrix?. A tool for determining risk management decisions for an activity or system. A database of risks associated with a specific information system. A two-dimensional picture of risk for organizations, products, projects, or other items of interest. A table of risk management factors for management to consider.

What part of an organization's strategic risk assessment MOST likely includes information on items affecting the success of the organization?. Threat analysis. Vulnerability analysis. Key Performance Indicator (KPI). Key Risk Indiaitor (KRI).

A company needs to provide employee access to travel services, which are hosted by a third-party service provider. Employee experience is important, and when users are already authenticated, access to the travel portal is seamless. Which of the following methods is used to share information and grant user access to the travel portal?. Single sign-on (SSO) access. Security Assertion Markup Language (SAML) access. Open Authorization (OAuth) access. Federated access.

The Chief Executive Officer (CEO) wants to implement an internal audit of the company's information security posture. The CEO wants to avoid any bias in the audit process; therefore, has assigned the Sales Director to conduct the audit. After significant interaction over a period of weeks the audit concludes that the company's policies and procedures are sufficient, robust and well established. The CEO then moves on to engage an external penetration testing company in order to showcase the organization's robust information security stance. This exercise reveals significant failings in several critical security controls and shows that the incident response processes remain undocumented. What is the MOST likely reason for this disparity in the results of the audit and the external penetration test?. The audit team lacked the technical experience and training to make insightful and objective assessments of the data provided to them. The scope of the penetration test exercise and the internal audit were significantly. The external penetration testing company used custom zero-day attacks that could not have been predicted. The information technology (IT) and governance teams have failed to disclose relevant information to the internal audit team leading to an incomplete assessment being formulated.

An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?. Application. Transport. Session. Presentation.

A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?. System security officer. System processor. System custodian. System analyst.

Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?. Conduct a site survey. Choose a suitable location. Check the technical design. Check the technical design.

Management has decided that a core application will be used on personal cellular phones. As an implementation requirement, regularly scheduled analysis of the security posture needs to be conducted. Management has also directed that continuous monitoring be implemented. Which of the following is required to accomplish management's directive?. Routine reports generated by the user's cellular phone provider that detail security events. Strict integration of application management, configuration management (CM), and phone management. Management application installed on user phones that tracks all application events and cellular traffic. Enterprise-level security information and event management (SIEM) dashboard that provides full visibility of cellular phone activity.

A systems engineer is designing a wide area network (WAN) environment for a new organization. The WAN will connect sites holding information at various levels of sensitivity, from publicly available to highly confidential. The organization requires a high degree of interconnectedness to support existing business processes. What is the BEST design approach to securing this environment?. Use reverse proxies to create a secondary "shadow" environment for critical systems. Place firewalls around critical devices, isolating them from the rest of the environment. Layer multiple detective and preventative technologies at the environment perimeter. Align risk across all interconnected elements to ensure critical threats are detected and handled.

Which of the following techniques is MOST useful when dealing with advanced persistent threat (APT) intrusions on live virtualized environments?. Memory forensics. Logfile analysis. Reverse engineering. Antivirus operations.

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user realizing it?. Process injection. Cross-Site request forgery (CSRF). Cross-Site Scripting (XSS). Broken Authentication And Session Management.

A scan report returned multiple vulnerabilities affecting several production servers that are mission critical. Attempts to apply the patches in the development environment have caused the servers to crash. What is the BEST course of action?. Mitigate the risks with compensating controls. Upgrade the software affected by the vulnerability. Remove the affected software from the servers. Inform management of possible risks.

A security professional has reviewed a recent site assessment and has noted that a server room on the second floor of a building has Heating, Ventilation, and Air Conditioning (HVAC) intakes on the ground level that have ultraviolet light fi lters installed, Aero-K Fire suppression in the server room, and pre-action fire suppression on floors above the server room. Which of the following changes can the security professional recommend to reduce risk associated with these conditions?. Remove the ultraviolet light filters on the HVAC intake and replace the fire suppression system on the upper floors with a dry system. Elevate the HVAC intake by constructing a plenum or external shaft over it and convert the server room fire suppression to a pre-action system. Add additional ultraviolet light fi lters to the HVAC intake supply and return ducts and change server room fire suppression to FM-200. Apply additional physical security around the HVAC intakes and update upper floor fire suppression to FM-200.

Which of the following is the MOST common use of the Online Certificate Status Protocol (OCSP)?. To verify the validity of an X.509 digital certificate. To obtain the expiration date of an X.509 digital certificate. To obtain the revocation status of an X.509 digital certificate. To obtain the author name of an X.509 digital certificate.

A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language (SAML). What is the PRIMARY security benefit in switching to SAML?. It enables single sign-on (SSO) for web applications. It uses Transport Layer Security (TLS) to address confidentiality. It limits unnecessary data entry on web forms. The users' password is not passed during authentication.

An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization's dedicated environment with a cloud service provider. What is the BEST way to prevent and correct the software's security weaknesses?. Follow the software end-of-life schedule. Implement a dedicated COTS sandbox environment. Transfer the risk to the cloud service provider. Examine the software updating and patching process.

What type of database attack would allow a customer service employee to determine quarterly sales results before they are publicly announced?. Inference. Aggregation. Polyinstantiation. Data mining.

In a multi-tenant cloud environment, what approach will secure logical access to assets?. Controlled configuration management (CM). Transparency/Auditability of administrative access. Virtual private cloud (VPC). Hybrid cloud.

An information technology (IT) employee who travels frequently to various countries remotely connects to an organization's resources to troubleshoot problems. Which of the following solutions BEST serves as a secure control mechanism to meet the organization's requirements?. Install a third-party screen sharing solution that provides remote connection from a public website. Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access. Implement a Dynamic Domain Name Services (DONS) account to initiate a virtual private network (VPN) using the DONS record. Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.

Which of the following is the BEST way to determine the success of a patch management process?. Change management. Configuration management (CM). Analysis and impact assessment. Auditing and assessment.

An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take to ensure data is properly protected from public release?. Implement a user reporting policy. Implement a data encryption policy. Implement a user training policy. Implement a data classification policy.

A security engineer is required to integrate security into a software project that is implemented by small groups that quickly, continuously, and independently develop, test, and deploy code to the cloud. The engineer will MOST likely integrate with which software development process?. Devops Integrated Product Team (IPT). Structured Waterfall Programming Development. Service-oriented architecture (SOA). Spiral Methodology.

Which of the following is the BEST method to identify security controls that should be implemented for a web-based application while in development?. Agile software development. Secure software development. Application threat modeling. Penetration testing.

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/ IP) model?. Data Link and Physical Layers. Session and Network Layers. Transport Layer. Application, Presentation, and Session Layers.

An organization's retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan. Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?. Update the Network Address Translation (NAT) table. Update Domain Name System (DNS) server addresses with domain registar. Update the Border Gateway Protocol (BGP) autonomous system number. Update the web server network adapter configuration.

In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?. Disallow untested code in the execution space of the SCADA device. Disable all command line interfaces. Disable Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port 138 and 139 on the SCADA device. Prohibit the use of unsecure scripting languages.

Which of the following secure transport protocols is often used to secure Voice over Internet Protocol (VoIP) communications on a network from end to end?. Secure File Transfer Protocol (SFTP). Secure Real-time Transport Protocol (SRTP). Generic Routing Encapsulation (GRE). Internet Protocol Security (IPSec).

A healthcare insurance organization chose a vendor to develop a software application. Upon review of the draft contract, the information security professional notices that software security is not addressed. What is the BEST approach to address the issue?. Update the contract to require the vendor to perform security code reviews. Update the service level agreement (SLA) to provide the organization the right to audit the vendor. Update the contract so that the vendor is obligated to provide security capabilities. Update the service level agreement (SLA) to require the vendor to provide security capabilities.

Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud-based application?. Host-based intrusion prevention system (HIPS). Access control list (ACL). Data loss prevention (DLP). File integrity monitoring (FIM).

A client server infrastructure that provides user-to-server authentication describes which one of the following?. Secure Sockets Layer (SSL). User-based authorization. Kerberos. X.509.

A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user's laptop. Which security mechanism addresses this requirement?. Trusted Platform Module (TPM). Certificate revocation list (CRL) policy. Key exchange. Hardware encryption.

Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?. Information Security Continuous Monitoring (ISCM). Risk Management Framework (RMF). Information Sharing & Analysis Centers (ISAC). Information Security Management System (ISMS).

Which of the following types of firewall only examines the "handshaking" between packets before forwarding traffic?. Proxy firewalls. Circuit-level firewalls. Network Address Translation (NAT) firewalls. Host-based firewalls.

What is a use for mandatory access control (MAC)?. Allows for mandatory user identity and passwords based on sensitivity. Allows for mandatory system administrator access control over objects. Allows for labeling of sensitive user accounts for access control. Allows for object security based on sensitivity represented by a label.

An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization's business goals?. Share only what the organization decides is best. Stop sharing data with the other users. Default the user to not share any information. Inform the user of the sharing feature changes after implemented.

Which of the following system components enforces access controls on an object?. Security perimeter. Access control matrix. Trusted domain. Reference monitor.

In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?. The accuracy of testing results can be greatly improved if the target(s) are properly hardened. The results of the tests represent a point-in-time assessment of the target(s). The deficiencies identified can be corrected immediately. The target's security posture cannot be further compromised.

What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?. Identifies which security patches still need to be installed on the system. Reduces the risk of polymorphic viruses from encrypting their payload. Stops memory resident viruses from propagating their payload. Helps prevent certain exploits that store code in buffers.

What is the overall goal of software security testing?. Identifying the key security features of the software. Ensuring all software functions perform as specified. Reducing vulnerabilities within a software system. Making software development more agile.