CISSP 6 (1ST STUDY)

Physical assets defined in an organization's business impact analysis (BIA) could include which of the following?. Personal belongings of organizational staff members. Disaster recovery (DR) line-item revenues. Cloud-based applications. Supplies kept off-site a remote facility.

When assessing the audit capability of an application, which of the following activities is MOST important?. Identify procedures to investigate suspicious activity. Determine if audit records contain sufficient information. Verify if sufficient storage is allocated for audit records. Review security plan for actions to be taken in the event of audit failure.

An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions for many users with similar job responsibilities. Which type of authorization mechanism would be the BEST choice for the organization to implement?. Role-based access control (RBAC). Discretionary access control (DAC). Content-dependent Access Control. Rule-based Access Control.

What is the PRIMARY reason for criminal law being difficult to enforce when dealing with cybercrime?. Jurisdiction is hard to define. Law enforcement agencies are understaffed. Extradition treaties are rarely enforced. Numerous language barriers exist.

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?. Extensible Authentication Protocol (EAP). Internet Protocol Security (IPsec). Secure Sockets Layer (SSL). Secure Shell (SSH).

Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?. Reference monitor. Trusted Computing Base (TCB). Time separation. Security kernel.

What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?. Performance testing. Risk assessment. Security audit. Risk management.

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this IAM action?. Clothing retailer acts as User Self Service, confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services. Clothing retailer acts as Service Provider, confirms identity of user using industry standards, then sends credentials to partner businesses that act as an identity provider (IdP) and allows access to resources. Clothing retailer acts as Access Control Provider, confirms access of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to resources.

Assume that a computer was powered off when an information security professional arrived at a crime scene. Which of the following actions should be performed after the crime scene is isolated?. Turn the computer on and collect volatile data. Turn the computer on and collect network information. Leave the computer off and prepare the computer for transportation to the labratory. Remove the hard drive, prepare it for transportation, and leave the hardware ta the scene.

Which of the following statements BEST describes least privilege principle in a cloud environment?. A single cloud administrator is configured to access core functions. Internet traffic is inspected for all incoming and outgoing packets. Routing configurations are regularly updated with the latest routes. Network segments remain private if unneeded to access the internet.

An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?. Compression. Caching. Replication. Deduplication.

Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations?. Synchronous Optical Networking (SONET). Multiprotocol Label Switching (MPLS). Fiber Channel Over Ethernet (FCoE). Session Initiation Protocol (SIP).

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?. File Integrity Checker. Security information and event management (SIEM) system. Audit Logs. Intrusion detection system (IDS).

Which of the following is included in change management?. Technical review by business owner. User Acceptance Testing (UAT) before implementation. Cost-benefit analysis (CBA) after implementation. Business continuity testing.

A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?. Pinning. Single-pass wipe. Multi-pass wipes. Degaussing.

When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?. SOC 1 Type 1. SOC 2 Type 1. SOC 2 Type 2. SOC 3.

Which application type is considered high risk and provides a common way for malware and viruses to enter a network?. Instant messaging or chat applications. Peer-to-Peer (P2P) file sharing applications. E-mail applications. End-to-end applications.

An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference architecture would mobile devices be tracked?. 0. 1. 2. 3.

Which of the following is the BEST way to protect an organization's data assets?. Encrypt data in transit and at rest using up-to-date cryptographic algorithms. Monitor and enforce adherence to security policies. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD). Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.

Within a large organization, what business unit is BEST positioned to initiate provisioning and deprovisioning of user accounts?. Training department. Internal audit. Human resources. Information technology (IT).

Which of the following is the PRIMARY purpose of installing a mantrap within a facility?. Control traffic. Control air flow. Prevent piggybacking. Prevent rapid movement.

In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?. In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement. Ensure the business continuity policy, controls, processes, and procedures have been implemented. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.

What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a security assessment?. Service Organization Control (SOC) 1 Type 2. Service Organization Control (SOC) 1 Type 1. Service Organization Control (SOC) 2 Type 2. Service Organization Control (SOC) 2 Type 1.

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?. Organization loses control of their network devices. Network is flooded with communication traffic by the attacker. Network management communications is disrupted. Attacker accesses sensitive information regarding the network topology.

Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users' internal control over financial reporting?. Statement on Auditing Standards (SAS) 70. Service Organization Control 1 (SOC1). Service Organization Control 2 (SOC2). Service Organization Control 3 (SOC3).

Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?. Scheduled team review of coding style and techniques for vulnerability patterns. The regular use of production code routines from similar applications already in use. Using automated programs to test for the latest known vulnerability patterns. Ensure code editing tools are updated against known vulnerability patterns.

When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should the considerations be prioritized?. Public safety, duties to individuals, duties to the profession, and duties to principals. Public safety, duties to principals, duties to the profession, and duties to individuals. Public safety, duties to principals, duties to individuals, and duties to the profession. Public safety, duties to the profession, duties to principals, and duties to individuals.

Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving customer service?. Kanban. Lean Six Sigma. Information Technology Service Management (ITSM). Information Technology Infrastructure Library (ITIL).

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?. In-house team lacks resources to support an on-premise solution. Third-party solutions are inherently more secure. Third-party solutions are known for transferring the risk to the vendor. In-house development provides more control.

An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user's browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?. SQL injection (SQLi). Extensible Markup Language (XML) external entities. Cross-Site Scripting (XSS). Cross-Site Request Forgery (CSRF).

An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim's existing browser session with a web application is an example of which of the following types of attack?. Clickjacking. Cross-site request forgery (CSRF). Cross-Site Scripting (XSS). Injection.

Which of the following encryption technologies has the ability to function as a stream cipher?. Cipher Block Chaining (CBC) with error propagation. Electronic Code Book (ECB). Cipher Feedback (CFB). Feistel cipher.

In a disaster recovery (DR) test, which of the following would be a trait of crisis management?. Process. Anticipate. Strategic. Wide focus.

Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?. Strong operational security to keep unit members safe. Policies to validate organization rules. Cyber hygiene to ensure organizations can keep systems healthy. Quality design principles to ensure quality by design.

Which of the following is security control volatility?. A reference to the impact of the security control. A reference to the likelihood of change in the security control. A reference to how unpredictable the security control is. A reference to the stability of the security control.

When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?. Planning. Risk assessment. Due diligence. Requirements.

What is the term used to define where data is geographically stored in the cloud?. Data privacy rights. Data sovereignty. Data sovereignty. Data subject rights.

Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?. Proper security controls, security objectives, and security goals are properly initiated. Security objectives, security goals, and system test are properly conducted. Proper security controls, security goals, and fault mitigation are properly conducted. Security goals, proper security controls, and validation are properly initiated.

Which of the following is MOST important to follow when developing information security controls for an organization?. Use industry standard best practices for security controls in the organization. Exercise due diligence with regard to all risk management information to tailor appropriate controls. Review all local and international standards and choose the most stringent based on location. Perform a risk assessment and choose a standard that addresses existing gaps.

When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?. The RPO is the minimum amount of data that needs to be recovered. The RPO is the amount of time it takes to recover an acceptable percentage of data lost. The RPO is a goal to recover a targeted percentage of data lost. The RPO is the maximum amount of time for which loss of data is acceptable.

Which of the following attacks, if successful, could give an intruder complete control of a software-defined networking (SDN) architecture?. A brute force password attack on the Secure Shell (SSH) port of the controller. Sending control messages to open a flow that does not pass a firewall from a compromised host within the network. Remote Authentication Dial-In User Service (RADIUS) token replay attack. Sniffing the traffic of a compromised host inside the network.

Which of the following is the BEST option to reduce the network attack surface of a system?. Disabling unnecessary ports and services. Ensuring that there are no group accounts on the system. Uninstalling default software on the system. Removing unnecessary system user accounts.

The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?. Physically secured storage device. Trusted Platform Module (TPM). Encrypted flash drive. Public key infrastructure (PKI).

The existence of physical barriers, card and personal identification number (PIN) access systems, cameras, alarms, and security guards BEST describes this security approach?. Access control. Security information and event management (SIEM). Defense-in-depth. Security perimeter.

A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?. Pinning. Single-pass wipe. Degaussing. Multi-pass wipes.

A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?. Purpose specification. Collection limitation. Use limitation. Individual participation.

A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request?. Access the policy on a company-issued device and let the former colleague view the screen. E-mail the policy to the colleague as they were already part of the organization and familiar with it. Do not acknowledge receiving the request from the former colleague and ignore them. Submit the request using company official channels to ensure the policy is okay to distribute.

Which of the following BEST describes when an organization should conduct a black box security audit on a new software protect?. When the organization wishes to check for non-functional compliance. When the organization wants to enumerate known security vulnerabilities across their infrastructure. When the organization is confident the final source code is complete. When the organization has experienced a security incident.

In software development, which of the following entities normally signs the code to protect the code integrity?. The organization developing the code. The quality control group. The developer. The data owner.

Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?. Field-level tokenization. Web application vulnerability scanners. Runtime application self-protection (RASP). Security Assertion Markup Language (SAML).

A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against common vulnerabilities and attacks. What is the MOST efficient option used to prevent buffer overflow attacks?. Access control mechanisms. Process isolation. Address Space Layout Randomization (ASLR). Processor states.

In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?. Implement bi-annual reviews. Create policies for system access. Implement and review risk-based alerts. Increase logging levels.

A corporation does not have a formal data destruction policy. During which phase of a criminal legal proceeding will this have the MOST impact?. Sentencing. Trial. Discovery. Arraignment.

What is considered the BEST explanation when determining whether to provide remote network access to a third-party security service?. Contract negotiation. Supplier request. Business need. Vendor demonstration.

The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?. Collection Limitation Principle. Openness Principle. Purpose Specification Principle. Data Quality Principle.

Which of the following is the MOST appropriate control for asset data labeling procedures?. Categorizing the types of media being used. Logging data media to provide a physical inventory control. Reviewing off-site storage access controls. Reviewing audit trails of logging records.

What is the BEST approach to anonymizing personally identifiable information (PII) in a test environment?. Swapping data. Randomizing data. Encoding data. Encrypting data.

Which of the following departments initiates the request, approval, and provisioning business process?. Operations. Security. Human resources (HR). Information technology (IT).

An organization is setting a security assessment scope with the goal of developing a Security Management Program (SMP). The next step is to select an approach for conducting the risk assessment. Which of the following approaches is MOST effective for the SMP?. Security controls driven assessment that focuses on controls management. Business processes based risk assessment with a focus on business goals. Asset driven risk assessment with a focus on the assets. Data driven risk assessment with a focus on data.

Which technique helps system designers consider potential security concerns of their systems and applications?. Threat modeling. Manual inspections and reviews. Source code review. Penetration testing.

A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place?. Network segmentation. Blacklisting application. Whitelisting application. Hardened configuration.

Which of the following BEST describes centralized identity management?. Service providers perform as both the credential and identity provider (IdP). Service providers identify an entity by behavior analysis versus an identification factor. Service providers agree to integrate identity system recognition across organizational boundaries. Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers.

What is the MOST significant benefit of role-based access control (RBAC)?. Reduces inappropriate access. Management of least privilege. Most granular form of access control. Reduction in authorization administration overhead.

What is the MOST common security risk of a mobile device?. Data spoofing. Malware infection. Insecure communications link. Data leakage.

What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high-performance data reads and writes?. RAID-0. RAID-1. RAID-5. RAID-6.

What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?. Control risk. Demand risk. Supply risk. Process risk.

nternational bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of the following?. International Traffic in Arms Regulations (ITAR). Palermo convention. Wassenaar arrangement. General Data Protection Regulation (GDPR).

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer (CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?. Port security. Two-factor authentication (2FA). Strong passwords. Application firewall.

Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?. Findings definition section. Risk review section. Executive summary with full details. Key findings section.

Why is data classification control important to an organization?. To enable data discovery. To ensure security controls align with organizational risk appetite. To ensure its integrity, confidentiality and availability. To control data retention in alignment with organizational policies and regulation.

To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control?. Fencing around the facility with closed-circuit television (CCTV) cameras at all entry points. Ground sensors installed and reporting to a security event management (SEM) system. Regular sweeps of the perimeter, including manual inspection of the cable ingress points. Steel casing around the facility ingress points.

An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?. It should be expressed as general requirements. It should be expressed as technical requirements. It should be expressed in business terminology. It should be expressed in legal terminology.

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?. Mandatory Access Control (MAC). Attribute Based Access Control (ABAC). Role Based Access Control (RBAC). Discretionary Access Control (DAC).

What is a security concern when considering implementing software-defined networking (SDN)?. It has a decentralized architecture. It increases the attack footprint. It uses open source protocols. It is cloud based.

What is the BEST way to restrict access to a file system on computing systems?. Use least privilege at each level to restrict access. It increases the attack footprint. It uses open source protocols. It is cloud based.

What is the BEST way to restrict access to a file system on computing systems?. Use least privilege at each level to restrict access. Restrict access to all users. Allow a user group to restrict access. Use a third-party tool to restrict access.

Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?. Avoid lengthy audit reports. Enable generation of corrective action reports. Facilitate a root cause analysis (RCA). Lower costs throughout the System Development Life Cycle (SDLC).

What is the correct order of execution for security architecture?. Governance, strategy and program management, operations, project delivery. Governance, strategy and program management, project delivery, operations. Strategy and program management, project delivery, governance, operations. Strategy and program management, governance, project delivery, operations.

An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the following compliance standards should the organization use to assess the international code security and data privacy of the solution?. Service Organization Control (SOC) 2. Information Assurance Technical Framework (IATF). Health Insurance Portability and Accountability Act (HIPAA). Payment Card Industry (PCI).

An authentication system that uses challenge and response was recently implemented on an organization's network, because the organization conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was MOST likely used to achieve this?. Hash collision. Pass the ticket. Brute force. Cross-Site Scripting (XSS).

Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation (GDPR)?. For the establishment, exercise, or defense of legal claims. The personal data has been lawfully processed and collected. For the reasons of private interest. The personal data remains necessary to the purpose for which it was collected.

Dumpster diving is a technique used in which stage of penetration testing methodology?. Attack. Reporting. Planning. Discovery.

Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?. Employee evaluation of the training program. Internal assessment of the training program's effectiveness. Multiple choice tests to participants. Management control of reviews.

The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?. Data loss protection (DLP). Intrusion detection. Vulnerability scanner. Information Technology Asset Management (ITAM).

Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?. Distributed denial-of-service (DDoS) attack. Advanced persistent threat (APT) attempt. Zero-day attack. Phishing attempt.

As a design principle, which one of the following actors is responsible for identifying and approving data security requirement in a cloud ecosystem?. Cloud auditor. Cloud broker. Cloud provider. Cloud consumer.

Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization's approved policies before being allowed on the network?. Network Access Control (NAC). Privileged Access Management (PAM). Group Policy Object (GPO). Mobile Device Management (MDM).

Which one of the following BEST protects vendor accounts that are used for emergency maintenance?. Vendor access should be disabled until needed. Frequent monitoring of vendor access. Role-based access control (RBAC). Encryption of routing tables.

Which of the following BEST describes the purpose of software forensics?. To analyze possible malicious intent of malware. To perform cyclic redundancy check (CRC) verification and detect changed applications. To determine the author and behavior of the code. To review program code to determine the existence of backdoors.

A web developer is completing a new web application security checklist before releasing the application to production. The task of disabling unnecessary services is on the checklist. Which web application threat is being mitigated by this action?. Session hijacking. Security misconfiguration. Broken access control. Sensitive data exposure.

What is the BEST method to use for assessing the security impact of acquired software?. Threat modeling. Common vulnerability review. Software security compliance validation. Vendor assessment.

Which of the following ensures old log data is not overwritten?. Log retention. Implement Syslog. Increase log file size. Log preservation.

Under the General Data Protection Regulation (GDPR), what is the maximum amount of time allowed for reporting a personal data breach?. 24 hours. 48 hours. 72 hours. 96 hours.

A financial organization that works according to agile principles has developed a new application for their external customer base to request a line of credit. A security analyst has been asked to assess the security risk of the minimum viable product (MVP). Which is the MOST important activity the analyst should assess?. The software has been signed off for release by the product owner. The software had been branded according to corporate standards. The software has the correct functionality. The software has been code reviewed.

An application developer receives a report back from the security team showing their automated tools were able to successfully enter unexpected data into the organization's customer service portal, causing the site to crash. This is an example of which type of testing?. Performance. Positive. Non-functional. Negative.

Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?. Design networks with the ability to adapt, reconfigure, and fail over. Test business continuity and disaster recovery (DR) plans. Follow security guidelines to prevent unauthorized network access. Implement network segmentation to achieve robustness.

What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?. Policy creation. Information Rights Management (IRM). Data classification. Configuration management (CM).

Which change management role is responsible for the overall success of the project and supporting the change throughout the organization?. Change driver. Project manager. Program sponsor. Change implementer.

A company needs to provide shared access of sensitive data on a cloud storage to external business partners. Which of the following identity models is the BEST to blind identity providers (IdP) and relying parties (RP) so that subscriber lists of other parties are not disclosed?. Proxied federation. Dynamic registration. Federation authorities. Static registration.

A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?. Bitlocker. Trusted Platform Module (TPM). Virtual storage array network (VSAN). Hardware security module (HSM).

Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature: Digital Signature Algorithm (DSA) (>=2048 bits). Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature: Rivest-Shamir-Adleman (RSA) (1024 bits). Diffie-hellman (DH) key exchange: DH (<=1024 bits) Symmetric Key: Blowfish Digital Signature: Rivest-Shamir-Adleman (RSA) (>=2048 bits). Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) < 128 bits Digital Signature: Elliptic Curve Digital Signature Algorithm (ECDSA) (>=256 bits).

What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?. Measure the effect of the program on the organization's workforce. Make all stakeholders aware of the program's progress. Facilitate supervision of periodic training events. Comply with legal regulations and document due diligence in security practices.

In a DevOps environment, which of the following actions is MOST necessary to have confidence in the quality of the changes being made?. Prepare to take corrective actions quickly. Automate functionality testing. Review logs for any anomalies. Receive approval from the change review board.

What is the MAIN purpose of a security assessment plan?. Provide education to employees on security and privacy, to ensure their awareness on policies and procedures. Provide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments. Provide guidance on security requirements, to ensure the identified security risks are properly addressed based on the recommendation. Provide technical information to executives to help them understand information security postures and secure funding.

What documentation is produced FIRST when performing an effective physical loss control process?. Deterrent controls list. Security standards list. Asset valuation list. Inventory list.

Which organizational department is ultimately responsible for information governance related to e-mail and other e-records?. Legal. Audit. Compliance. Security.

A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The audit logging gene has extremely high amount of logs. What is the MOST appropriate strategy for the log retention?. Keep all logs in an online storage. Keep last week's logs in an online storage and the rest in an offline storage. Keep last week's logs in an online storage and the rest in a near-line storage. Keep all logs in an offline storage.

In Federated Identity Management (FIM), which of the following represents the concept of federation?. Collection, maintenance, and deactivation of user objects and attributes in one or more systems, directories or applications. Collection of information logically grouped into a single entity. Collection of information for common identities in a system. Collection of domains that have established trust among themselves.

Which of the following is an indicator that a company's new user security awareness training module has been effective?. There are more secure connections to internal e-mail servers. More incidents of phishing attempts are being reported. Fewer incidents of phishing attempts are being reported. There are more secure connections to the internal database servers.

An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?. IM clients can interoperate between multiple vendors. IM clients can run as executables that do not require installation. IM clients can utilize random port numbers. IM clients can run without administrator privileges.

Using the cipher text and resultant cleartext message to derive the monoalphabetic cipher key is an example of which method of cryptanalytic attack?. Known-plaintext attack. Ciphertext-only attack. Frequency analysis. Probable-plaintext attack.

When developing an organization's information security budget, it is important that the: requested funds are at an equal amount to the expected cost of breaches. expected risk can be managed appropriately with the funds allocated. requested funds are part of a shared funding pool with other areas. expected risk to the organization does not exceed the funds allocated.

A subscription service which provides power, climate control, raised flooring, and telephone wiring but NOT the computer and peripheral equipment is BEST described as a: cold site. warm site. hot site. reciprocal site.

An international trading organization that holds an International Organization for Standardization (ISO) 27001 certification is seeking to outsource their security monitoring to a managed security service provider (MSSP). The trading organization's security officer is tasked with drafting the requirements that need to be included in the outsourcing contract. Which of the following MUST be included in the contract?. A detailed overview of all equipment involved in the outsourcing contract. The right to perform security compliance tests on the MSSP's equipment. The MSSP having an executive manager responsible for information security. The right to audit the MSSP's security process.

Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?. Hashing. Message digest. Symmetric. Asymmetric.

What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?. Two-factor authentication. Reusable tokens for application level authentication. High performance encryption algorithms. Secure Sockets Layer (SSL) for all communications.

Which of the following is MOST appropriate to collect evidence of a zero-day attack?. Honeypot. Antispam. Antivirus. Firewall.

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?. Information may be found on hidden vendor patches. The actual origin and tools used for the test can be hidden. Information may be found on related breaches and hacking. Vulnerabilities can be tested without impact on the tested environment.

The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?. Change management. Separation of environments. Program management. Mobile code controls.

Which of the following criteria ensures information is protected relative to its importance to the organization?. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification. The value of the data to the organization's senior management. Organizational stakeholders, with classification approved by the management. Legal requirements determined by the organization headquarters' location.

What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?. Collect the security-related information required for metrics, assessments, and reporting. Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies. Define an ISCM strategy based on risk tolerance. Establish an ISCM technical architecture.

An organization has requested storage area network (SAN) disks for a new project. What Redundant Array of Independent Disks (RAID) level provides the BEST redundancy and fault tolerance?. RAID level 1. RAID level 3. RAID level 4. RAID level 5.

Compared to a traditional network, which of the following is a security-related benefit that software-defined networking (SDN) provides?. Centralized network provisioning. Reduced network latency when scaled. Centralized network administrative control. Reduced hardware footprint and cost.

What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?. Warn users of a breach. Reset all passwords. Segment the network. Shut down the network.

Which of the following is a common term for log reviews, synthetic transactions, and code reviews?. Application development. Spiral development functional testing. Security control testing. DevOps Integrated Product Team (IPT) development.

A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?. Data sanitization. Data validation. Service accounts removal. Logging and monitoring.

A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?. Data sanitization. Data validation. Service accounts removal. Logging and monitoring.

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the MOST challenging aspect of this investigation?. Group policy implementation. SCADA network latency. Physical access to the system. Volatility of data.

What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?. Configuration item. Configuration element. Ledger item. Asset register.

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?. Implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices and applications. Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN. Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes. Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.

Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?. Mean time to repair (MTTR). Quality of Service (QoS) between applications. Financial penalties in case of disruption. Availability of network services.

A company hired an external vendor to perform a penetration test of a new payroll system. The company's internal test team had already performed an indepth application and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?. Inadequate performance testing. Inadequate application level testing. Failure to perform negative testing. Failure to perform interface testing.

An organization wants to define as physical perimeter. What primary device should be used to accomplish this objective if the organization's perimeter MUST cost- efficiently deter casual trespassers?. Fences three to four feet high with a turnstile. Fences six to seven feet high with a painted gate. Fences six to seven feet high with a painted gate. Fences eight or more feet high with three strands of barbed wire.

Which of the following vulnerabilities can be BEST detected using automated analysis?. Multi-step process attack vulnerabilities. Business logic flaw vulnerabilities. Valid cross-site request forgery (CSRF) vulnerabilities. Typical source code vulnerabilities.

A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's information security manager had received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?. PM. Information owner. Data Custodian. Mission/Business Owner.

Which of the following determines how traffic should flow based on the status of the infrastructure layer?. Control plane. Application plane. Traffic plane. Data plane.

When testing password strength, which of the following is the BEST method for brute forcing passwords?. Conduct an offline attack on the hashed password information. Use a comprehensive list of words to attempt to guess the password. Use social engineering methods to attempt to obtain the password. Conduct an online password attack until the account being used is locked.

Which of the following is the name of an individual or group that is impacted by a change?. Change agent. End User. Stakeholder. Sponsor.

The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?. Never to store personal data of EU citizens outside the EU. Data masking and encryption of personal data. Only to use encryption protocols approved by EU. Anonymization of personal data when transmitted to sources outside the EU.

What is the PRIMARY benefit of incident reporting and computer crime investigations?. Complying with security policy. Repairing the damage and preventing future occurrences. Providing evidence to law enforcement. Appointing a computer emergency response team.

Which of the following is the MOST common method of memory protection?. Error correction. Virtual local area network (VLAN) tagging. Segmentation. Compartmentalization.

What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?. Source code review. Threat modeling. Penetration testing. Manual inspections and reviews.

Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?. Store information about browsing activities on the personal device. Prevent information about browsing activities from being stored on the personal device. Prevent information about browsing activities from being stored in the cloud. Store browsing activities in the cloud.

A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?. Deployment. Development. Test. Design.

A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?. Administrative privileges on the hypervisor. Administrative privileges on the application folders. Administrative privileges on the web server. Administrative privileges on the OS.

A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?. Remove all non-essential client-side web services from the network. Harden the client image before deployment. Screen for harmful exploits of client-side services before implementation. Block all client-side web exploits at the perimeter.

What are the essential elements of a Risk Assessment Report (RAR)?. Executive summary, body of the report, and appendices. Executive summary, graph of risks, and process. Table of contents, testing criteria, and index. Table of contents, chapters, and executive summary.

The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a destructive virus. After obtaining a sample set of this virus' variants and reverse engineering them to understand how they work, a commonality was found. All variants are coded to write to a specific memory location. It is determined this virus is of no threat to the organization because they had the foresight to enable what feature on all endpoints?. Address Space Layout Randomization (ASLR). Trusted Platform Module (TPM). Virtualization. Process isolation.

The Chief Information Security Officer (CISO) is to establish a single, centralized, and relational repository to hold all information regarding the software and hardware assets. Which of the following s ions would be the BEST option?. Information Security Management System (ISMS). Configuration Management Database (CMDB). Security Information and Event Management (SIEM). Information Technology Asset Management (ITAM).

What type of investigation applies when malicious behavior is suspected between two organizations?. Regulatory. Regulatory. Civil. Criminal.