ERASED TEST, YOU MAY BE INTERESTED ON Configuration Internal Security Systems Progressive
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
Configuration Internal Security Systems Progressive Description: individual development to configure an internal security system Author: jnasmon Other tests from this author Creation Date: 10/12/2024 Category: Others Number of questions: 211 |
Share the Test:
New Comment
No comments about this test.
Content:
|
Limiting the processor, memory, and Input/Output (I/O) capabilities of mobile code is known as: Sandboxing Compartmentalization Code restriction On-demand compile. Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)? Encrypt and hash all PII to avoid disclosure and tampering Store PII for no more than a year Avoid storing PII in a Cloud Service Provider Adherence to collection limitation laws and regulations. Which of the following is the PRIMARY objective of implementing Kerberos in an enterprise environment? Encrypt data between servers Provide single sign-on and mutual authentication Encrypt data stored on local devices Authenticate devices within a network . Which of the following BEST ensures that outsourced cloud service providers comply with an organization’s information security policies? Conduct regular security audits Review the provider’s service level agreements (SLAs) Implement cloud-based firewalls Perform regular penetration testing . What is the PRIMARY purpose of maintaining a test environment separate from the production environment? Improve the performance of production systems Prevent accidental deployment of untested changes Allow development teams to test new tools Comply with regulatory requirements . Which of the following is a PRIMARY benefit of automated patch management tools? Simplified compliance reporting Reduced vulnerability to exploits Elimination of manual intervention Real-time reporting on patch status. Which of the following methods BEST protects against session hijacking? Encrypting all session traffic Validating user input fields Implementing session timeout mechanisms Using token-based authentication. Which of the following cryptographic techniques is BEST suited to establish a secure channel over an untrusted network? Symmetric encryption Hashing Diffie-Hellman key exchange Digital certificates. Which of the following is the PRIMARY objective of implementing a policy for data classification? Determine backup frequency Facilitate access control decisions Establish data retention periods Prioritize system recovery order. Which of the following roles is MOST involved in identifying critical business functions during Business Continuity Planning (BCP)? Chief Information Security Officer (CISO) Business Impact Analysis (BIA) team Chief Operations Officer (COO) Disaster Recovery (DR) team . Which of the following is the GREATEST security risk associated with faxing sensitive information? The recipient may leave the document unattended The fax machine may be in an unsecured area Faxes are transmitted in plaintext Unauthorized access to the fax machine log. When all of the security requirements in a security strategy are combined, they MUST: Be acknowledged by all employees Provide for total elimination of risk Provide for adequate overall risk mitigation Be accepted by departmental management. Which of the following is the BEST reason for the use of security metrics? They ensure that the organization meets its security objectives They quantify the effectiveness of security processes They speed up the process of quantitative risk assessment They provide an appropriate framework for Information Technology (IT) governance. A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation? The inherent risk is greater than the residual risk. The Annualized Loss Expectancy (ALE) approaches zero. The expected loss from the risk exceeds mitigation costs. The infrastructure budget can easily cover the upgrade costs. What is the PRIMARY reason for ethics awareness and related policy implementation? It affects the workflow of an organization. It affects the reputation of an organization. It affects the retention rate of employees. It affects the morale of the employees. Which of the following is the FINAL step when implementing an information security awareness program? Measure the effectiveness. Collect feedback from staff. Identify areas not covered for future programs. Ensure that the target audiences have received training. Which of the following MOST influences the design of the organization’s electronic monitoring policies? Workplace privacy laws Level of organizational trust Results of background checks Business ethical considerations. An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern? Availability Confidentiality Integrity Ownership. All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that: Determine the risk of a business interruption occurring Determine the technological dependence of the business processes Identify the operational impacts of a business interruption Identify the financial impacts of a business interruption. What does an organization FIRST review to assure compliance with privacy requirements? Best practices. Business objectives. Legal and regulatory mandates. Employees’ compliance to policies and standards. When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets? Employ strong access controls. Provide links to security policies. Confirm that confidentiality agreements are signed. Log all activities associated with sensitive systems. The function of an organization’s security committee is to: Provide security program oversight. Enforce security policies and procedures. Ensure compliance with regulations and laws. Provide security advice to organizational data owners. . Which of the following is the BEST example of weak management commitment to the protection of security assets and resources? Poor governance over security processes and procedures. Immature security controls and procedures. Variances against regulatory requirements. Unanticipated increases in security incidents and threats. Which of the following has the GREATEST impact on an organization’s security posture? International and country-specific compliance requirements Security violations by employees and contractors Resource constraints due to increasing costs of supporting security Audit findings related to employee access & permissions process. Intellectual property rights are PRIMARILY concerned with which of the following? Owner’s ability to realize financial gain. Owner’s ability to maintain copyright. Right of the owner to enjoy their creation. Right of the owner to control delivery method. An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements? Development, testing, and deployment. Prevention, detection, and remediation. People, technology, and operations. Certification, accreditation, and monitoring. Relationships among security technologies are BEST defined through which of the following? Security metrics Network topology Security architecture Process improvement models. Which of the following would be the MOST important goal of an information security governance program? Review of internal control mechanisms. Effective involvement in business decision-making. Total elimination of risk factors. Ensuring trust in data. Which of the following are seldom changed in response to technological changes? Standards. Procedures. Policies. Guidelines. . It is MOST important that information security architecture be aligned with which of the following? Industry best practices Information technology plans. Information security best practices. Business objectives and goals. . Which of the following is MOST likely to be discretionary? Policies. Procedures. Guidelines. Standards. When a security standard conflicts with a business objective, the situation should be resolved by: Changing the security standard. Changing the business objective. Performing a risk analysis. Authorizing a risk acceptance. . The cost of implementing a security control should not exceed the: Annualized loss expectancy. Cost of an incident. Asset value. Implementation opportunity costs. . Which of the following individuals would be in the BEST position to sponsor the creation of an information security committee group? Information security manager. Chief operating officer (COO) Internal auditor Legal counsel. Successful implementation of information security governance will FIRST require: Security awareness training. Updated security policies. A computer incident management team. A security architecture. . Which of the following is MOST important for ensuring the success of an information security program? Regular security audits and vulnerability assessments. Clearly defined roles and responsibilities. High-level management support. Comprehensive security policies and procedures. What is the GREATEST challenge to identifying data leaks? Available technical tools that enable user activity monitoring. Documented asset classification policy and clear labeling of assets. Senior management cooperation in investigating suspicious behavior. Law enforcement participation to apprehend and interrogate suspects. . What is the ultimate objective of information classification? To assign responsibility for mitigating the risk to vulnerable systems. To ensure that information assets receive an appropriate level of protection. To recognize that the value of any item of information may change over time. To recognize the optimal number of classification categories and the benefits to be gained from their use. Which of the following is the PRIMARY benefit of a formalized information classification program? It drives audit processes. It supports risk assessment. It reduces asset vulnerabilities. It minimizes system logging requirements. Which of the following documents explains the proper use of the organization’s assets? Human resources policy. Acceptable use policy. Code of ethics. Access control policy. When determining appropriate resource allocation, which of the following is MOST important to monitor? Number of system compromises. Number of audit findings. Number of staff reductions. Number of additional assets. . Why is a system's criticality classification important in large organizations? It provides for proper prioritization and scheduling of security and maintenance tasks. It reduces critical system support workload and reduces the time required to apply patches. It allows for clear systems status communications to executive management. It provides for easier determination of ownership, reducing confusion as to the status of the asset. Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on? Security control baselines, access controls, employee awareness and training. Human resources, asset management, production management. Supply chain lead time, inventory control, encryption. Polygraphs, crime statistics, forensics. Which of the following analyses is performed to protect information assets? Business impact analysis. Feasibility analysis. Cost-benefit analysis. Data analysis. . Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them? Data Custodian. Executive Management. Chief Information Security Officer. Data/Information/Business Owners. . Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an unmarked file cabinet containing sensitive documents? Ineffective data classification. Lack of data access controls. Ineffective identity management controls. Lack of Data Loss Prevention (DLP) tools. . In Mandatory Access Control (MAC), sensitivity labels attached to objects contain what information? The item's classification. The item's classification and category set. The item's category. The item's need to know. . Which of the following is the MOST appropriate action when reusing media that contains sensitive data? Erase. Sanitize. Encrypt. Degauss. Which one of the following affects the classification of data? Passage of time. Assigned security label. Multilevel Security (MLS) architecture. Minimum query size. What are the components of an object's sensitivity label? A classification set and a single compartment. A single classification and a single compartment. A classification set and user credentials. A single classification and a compartment set. Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance? System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements. Data stewardship roles, data handling and storage standards, data lifecycle requirements. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements. . The birthday attack is MOST effective against which one of the following cipher technologies? Chaining block encryption Asymmetric cryptography Cryptographic hash Streaming cryptography. Which of the following is the MOST effective attack against cryptographic hardware modules? Plaintext Brute force Power analysis Man-in-the-middle (MITM) . Limiting the processor, memory, and Input/Output (I/O) capabilities of mobile code is known as: Sandboxing Compartmentalization Code restriction On-demand compile . Which of the following BEST describes the purpose of the security functional requirements of Common Criteria? Level of assurance of the Target of Evaluation (TOE) in the intended operational environment. Selection to meet the security objectives stated in test documents. Security behavior expected of a TOE. Definition of the roles and responsibilities. What is the Biba security model concerned with? Confidentiality Reliability Availability Integrity. Which security model uses an access control triple and also requires separation of duty? DAC Lattice Clark-Wilson Bell-LaPadula. Which of the following security models does NOT concern itself with the flow of data? The information flow model The Biba model The Bell-LaPadula model The noninterference model. A code, as it pertains to cryptography: Is a generic term for encryption. Is specific to substitution ciphers. Deals with linguistic units. Is specific to transposition ciphers. . Cryptography does NOT help in: Detecting fraudulent insertion. Detecting fraudulent deletion. Detecting fraudulent modification. Detecting fraudulent disclosure. . Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other? Symmetric Key Cryptography PKI - Public Key Infrastructure Diffie-Hellman DSS - Digital Signature Standard . Which technique can be used to make an encryption scheme more resistant to a known plaintext attack? Hashing the data before encryption. Hashing the data after encryption. Compressing the data after encryption. Compressing the data before encryption. When we encrypt or decrypt data, there is a basic operation involving ones and zeros where they are compared in a process that looks something like this: Plain text: 0101 0001 Key stream: 0111 0011 Output: 0010 0010 What is this cryptographic operation called? Exclusive-OR Bit Swapping Logical-NOR Decryption. With the BLP model, access permissions are defined through: Filter rules. Security labels. Access Control matrix. Profiles. . Which access control model was proposed for enforcing access control in government and military applications? Bell-LaPadula model. Biba model. Sutherland model. Brewer-Nash model. The use of private and public encryption keys is fundamental in the implementation of which of the following? Diffie-Hellman algorithm Secure Sockets Layer (SSL) Advanced Encryption Standard (AES) Message Digest 5 (MD5). The Common Criteria construct which allows prospective consumers or developers to create standardized sets of security requirements to meet their needs is: A Protection Profile (PP). A Security Target (ST) An Evaluation Assurance Level (EAL) A Security Functionality Component Catalog (SFCC). Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level? The Bell-LaPadula model. The information flow model. The noninterference model. The Clark-Wilson model. . What is the purpose of Trusted Distribution? To ensure that messages sent from a central office to remote locations are free from tampering. To prevent the sniffing of data as it travels through an untrusted network. To ensure that the Trusted Computing Base is not tampered with during shipment or installation. To ensure that messages received at the Trusted Computing Base are not old messages being resent as part of a replay attack. . Java follows which security model? Least privilege. Sandbox. CIA. OSI. . A shared resource matrix is a technique commonly used to locate: Malicious code Security flaws Trap doors Covert channels. A minimal implementation of endpoint security includes which of the following? Trusted platforms. Host-based firewalls. Token-based authentication. Wireless Access Points (AP). . With the BLP model, security policies prevent information flowing downwards from a: Low security level High security level Medium security level Neutral security level. A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized? Confidentiality Integrity Availability Accessibility. A vulnerability in which of the following components would be MOST difficult to detect? Kernel Shared libraries Hardware System application. Which of the following mobile code security models relies only on trust? Code signing Class authentication Sandboxing Type safety. Which security mode is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data? Biba. Graham-Denning. Clark-Wilson. Bell-LaPadula. What is the foundation of cryptographic functions? Encryption. Cipher. Hash. Entropy. . Which of the following is part of a Trusted Platform Module (TPM)? A non-volatile tamper-resistant storage for storing both data and signing keys in a secure fashion. A protected Pre-Basic Input/Output System (BIOS) which specifies a method or a metric for “measuring” the state of a computing platform. A secure processor targeted at managing digital keys and accelerating digital signing. A platform-independent software interface for accessing computer functions. . What is the PRIMARY goal of fault tolerance? Elimination of single point of failure. Isolation using a sandbox. Single point of repair. Containment to prevent propagation. . Which one of the following data integrity models assumes a lattice of integrity levels? Take-Grant Biba Harrison-Ruzzo Bell-LaPadula. When using Internet Protocol Security (IPSec) in tunnel mode, the original Internet Protocol (IP) header: and data are both encrypted and data are not encrypted is encrypted, but the data is not encrypted is not encrypted, but the data is encrypted. Which of the following defines the key exchange for Internet Protocol Security (IPSec)? Secure Sockets Layer (SSL) key exchange Internet Key Exchange (IKE) Security Key Exchange (SKE) Internet Control Message Protocol (ICMP) . A large university needs to enable student access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment? Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software. Use Secure Sockets Layer (SSL) VPN technology. Use Secure Shell (SSH) with public/private keys. Require students to purchase home routers capable of VPN. . After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute-forced the password to gain access. Which of the following BEST mitigates this issue? Implement strong password authentication for VPN Integrate the VPN with centralized credential stores Implement an Internet Protocol Security (IPSec) client Use two-factor authentication mechanisms. Which of the following methods can be used to achieve confidentiality and integrity for data in transit? Multiprotocol Label Switching (MPLS) Internet Protocol Security (IPSec) Federated identity management Multi-factor authentication . Which of the following BEST protects a web application from cross-site scripting (XSS) vulnerabilities? Input validation and output encoding Network segmentation and encryption Multifactor authentication Using Secure Sockets Layer (SSL) . What is the PRIMARY purpose of a web application firewall (WAF)? To monitor application logs for anomalies. To encrypt sensitive data within web applications. To detect and block malicious traffic targeting web applications. To restrict access to the application's administrative interface. . Which of the following network devices is responsible for determining the best path for packet delivery? Switch Firewall Router Proxy server. hich of the following network attack types aims to overwhelm the target with excessive requests, rendering it inaccessible? Man-in-the-middle (MITM) attack Denial of Service (DoS) attack DNS spoofing attack SQL injection attack. Which of the following is MOST effective in preventing ARP spoofing attacks? Using static ARP entries Implementing network segmentation Enabling port mirroring Deploying a proxy server . Which of the following is MOST effective in protecting data transmitted between two hosts over an untrusted network? Data Loss Prevention (DLP) Transport Layer Security (TLS) Access Control Lists (ACLs) Network Address Translation (NAT). What is the PRIMARY function of a proxy server? To encrypt sensitive communications between endpoints. To control and filter user access to external resources. To route packets within a private network. To translate domain names into IP addresses. . Which type of firewall operates at the Application layer of the OSI model to inspect traffic content? Packet-filtering firewall Stateful inspection firewall Application firewall Circuit-level gateway. Which protocol is used to securely connect to a remote server over an untrusted network? File Transfer Protocol (FTP) Simple Network Management Protocol (SNMP) Secure Shell (SSH) Hypertext Transfer Protocol (HTTP). Which of the following BEST mitigates the risk of an unauthorized device accessing a corporate network? Using a firewall with strict inbound rules Implementing Network Access Control (NAC) Using static IP addressing Deploying intrusion detection systems (IDS). Which of the following protocols ensures secure communication by using public key cryptography for session establishment? Secure Shell (SSH) Transport Layer Security (TLS) Internet Protocol Security (IPSec) Simple Mail Transfer Protocol (SMTP) . Which of the following is a characteristic of a demilitarized zone (DMZ) in network security? It restricts all internal communications. It isolates public-facing services from the internal network. It uses only private IP addresses for external communications. It eliminates the need for firewalls. Which of the following BEST describes an IPv6 address? A 64-bit address used for network and host identification. A 128-bit address used to identify devices on a network. A 32-bit address used for identifying devices on a local network A 48-bit address used for Media Access Control (MAC). Which of the following attack types exploits a vulnerability in the Domain Name System (DNS) to redirect users to malicious websites? Denial of Service (DoS) attack DNS spoofing attack SQL injection attack ARP spoofing attack. Which type of network topology connects all devices in a single continuous loop? Star Bus Ring Mesh. Which of the following is a PRIMARY function of an intrusion detection system (IDS)? To prevent malicious traffic from entering the network To monitor network traffic for signs of suspicious activity To establish secure channels for communication To enforce access control policies. Which of the following mechanisms provides data confidentiality in a wireless network? Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Open System Authentication Media Access Control (MAC) filtering. Which of the following protocols is commonly used to transfer files between systems securely? File Transfer Protocol (FTP) Trivial File Transfer Protocol (TFTP) Secure File Transfer Protocol (SFTP) Network File System (NFS) . Which of the following is an example of a symmetric encryption algorithm? RSA Advanced Encryption Standard (AES) Elliptic Curve Cryptography (ECC) Diffie-Hellman. Which of the following BEST describes the concept of defense in depth? Using multiple firewalls to protect sensitive data Implementing overlapping layers of security controls Segmenting a network to reduce attack surfaces Limiting user access through least privilege. Which protocol is commonly used to provide centralized authentication, authorization, and accounting (AAA) services? Simple Network Management Protocol (SNMP) Lightweight Directory Access Protocol (LDAP) Remote Authentication Dial-In User Service (RADIUS) Dynamic Host Configuration Protocol (DHCP). Which of the following protocols operates at the Network layer of the OSI model? Transmission Control Protocol (TCP) Internet Protocol (IP) Hypertext Transfer Protocol (HTTP) Address Resolution Protocol (ARP). What is the purpose of a honeypot in a network security environment? To prevent unauthorized access to sensitive systems To detect and analyze potential attackers' activities To encrypt sensitive data stored on servers To block malicious traffic from entering the network . Which of the following is a PRIMARY benefit of using VLANs in a network? Increasing available IP addresses Enhancing network segmentation and security Enabling faster data transmission Allowing dynamic IP address assignment. Which of the following is a key feature of Software-Defined Networking (SDN)? Decentralized control planes Hardware-dependent networking Centralized control and programmability Static routing configurations . What does a secure password management system using digest rely on? Cryptographic encapsulation of the hashed digest Two-factor authentication into the digest database One-way transformation resulting in a hashed digest Access Control List (ACL) filtering of the digest database. Discretionary Access Control (DAC) restricts access according to: Data classification labeling. Page views within an application. Authorizations granted to the user. Management accreditation. What is an important characteristic of Role-Based Access Control (RBAC)? Supports Mandatory Access Control (MAC) Simplifies the management of access rights Relies on rotation of duties Requires two-factor authentication. Logical access control programs are MOST effective when they are: Approved by external auditors. Combined with security token technology. Maintained by computer security officers. Made part of the operating system. . A practice that permits the owner of a data object to grant other users access to that object would usually provide: Mandatory Access Control (MAC). Owner-administered control. Owner-dependent access control. Discretionary Access Control (DAC). . As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to: Overcome the problems of key assignments Monitor the opening of windows and doors Trigger alarms when intruders are detected Lock down a facility during an emergency. Which one of the following describes granularity? Maximum number of entries available in an Access Control List (ACL). Fineness to which a trusted system can authenticate users. Number of violations divided by the number of total accesses. Fineness to which an access control system can be adjusted. The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using: INSERT and DELETE. GRANT and REVOKE. PUBLIC and PRIVATE. ROLLBACK and TERMINATE. Which of the following is a detective access control mechanism? Log review Least privilege Password complexity Non-disclosure agreement. Which of the following access control techniques BEST gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure? Access control lists Discretionary access control Role-based access control Non-mandatory access control . What MUST the access control logs contain in addition to the identifier? Time of the access Security classification Denied access attempts Associated clearance . Every web-based Single Sign-On (SSO) system has the main elements EXCEPT: Identity Provider (IdP) Service Provider (SP) Resource Challenge-Response . Discretionary Access Control (DAC) is based on which of the following? Information source and destination Identification of subjects and objects Security labels and privileges Standards and guidelines. Which of the following prevents improper aggregation of privileges in Role-Based Access Control (RBAC)? Hierarchical inheritance Dynamic separation of duties The Clark-Wilson security model The Bell-LaPadula security model . The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability? Two-factor authentication Single Sign-On (SSO) User self-service A metadirectory . Which of the following assures that rules are followed in an identity management architecture? Policy database Digital signature Policy decision point Policy enforcement point . Suppose you are a domain administrator and are choosing an employee to carry out backups. Which access control method would be BEST for this scenario? Role-Based Access Control Mandatory Access Control Discretionary Access Control Rule-Based Access Control. Which of the following are additional access control objectives? Consistency and utility Reliability and utility Usefulness and utility Convenience and utility . The steps of an access control model should follow which logical flow? Authorization, identification, authentication Identification, accountability, authorization Identification, authentication, authorization Authentication, authorization, identification . Which of the following statements pertaining to access control is FALSE? Users should only access data on a need-to-know basis. If access is not explicitly denied, it should be implicitly allowed. Access rights should be granted based on the level of trust a company has on a subject. Roles can be an efficient way to assign rights to a type of user who performs certain tasks. . Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards? Personal Identity Verification (PIV) Cardholder Unique Identifier (CHUID) authentication Physical Access Control System (PACS) repeated attempt detection Asymmetric Card Authentication Key (CAK) challenge-response. Which of the following is the GREATEST benefit of implementing a Role-Based Access Control (RBAC) system? Integration using Lightweight Directory Access Protocol (LDAP) Form-based user registration process Integration with the organization's Human Resources (HR) system A considerably simpler provisioning process. Which security access policy contains fixed security attributes that are used by the system to determine a user’s access to a file or object? Mandatory Access Control (MAC) Access Control List (ACL) Discretionary Access Control (DAC) Authorized user control . Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy? Mandatory Access Control (MAC) procedures Discretionary Access Control (DAC) procedures Segregation of duties Data link encryption . Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices? Derived credential Temporary security credential Mobile device credentialing service Digest authentication. Which of the following statements is TRUE of black box testing? Only the functional specifications are known to the test planner Only the source code and the design documents are known to the test planner. Only the source code and functional specifications are known to the test planner. Only the design documents and the functional specifications are known to the test planner. What is the FIRST step in developing a security test and its evaluation? Determine testing methods Develop testing procedures Identify all applicable security requirement Identify people, processes, and products not in compliance. An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester? Limits and scope of the testing. Physical location of server room and wiring closet. Logical location of filters and concentrators. Employee directory and organizational chart. . Which methodology is recommended for penetration testing to be effective in the development phase of the life-cycle process? White-box testing Software fuzz testing Black-box testing Visual testing. Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment? External Overt Internal Covert . What is the MOST effective method of testing custom application code? Negative testing White-box testing Penetration testing Black-box testing. Which of the following testing methods examines the functionality of an application without peering into its internal structure or knowing the details of its internals? Black-box testing Parallel Test Regression Testing Pilot Testing. Which of the following is NOT a technique used to perform a penetration test? Traffic padding Scanning and probing War dialing Sniffing. Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources? They are more cost-effective. They offer a lack of corporate bias. They use highly talented ex-hackers. They ensure a more complete reporting. Which of the following statements pertaining to ethical hacking is NOT true? An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services. Testing should be done remotely to simulate external threats. Ethical hacking should not involve writing to or modifying the target systems negatively. Ethical hackers never use tools that have the potential of affecting servers or services. . You are a security consultant who is required to perform penetration testing on a client's network. During penetration testing, you are required to use a compromised system to attack other systems on the network to avoid network restrictions like firewalls. Which method would you use in this scenario? Black box method Pivoting method White box method Grey box method. Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements? Validation Verification Assessment Accuracy. A network-based vulnerability assessment is a type of test also referred to as: An active vulnerability assessment. A routing vulnerability assessment. A host-based vulnerability assessment. A passive vulnerability assessment. . Which of the following answers best describes the type of penetration testing where the analyst has full knowledge of the network on which he is going to perform his test? White-box penetration testing Black-box pen testing Penetration testing Gray-box pen testing. Which of the following testing methods examines internal structure or working of an application? White-box testing Parallel testing Regression testing Pilot testing. Which of the following would BEST describe the difference between white-box testing and black-box testing? White-box testing is performed by an independent programmer team. Black-box testing uses the bottom-up approach. White-box testing examines the program's internal logical structure. Black-box testing involves the business units. . Which of the following processes has the PRIMARY purpose of identifying outdated software versions, missing patches, and lapsed system updates? Penetration testing Vulnerability management Software Development Life Cycle (SDLC) Life cycle management . Which of the following is the MOST relevant risk indicator after a penetration test? Lists of hosts vulnerable to remote exploitation attacks Details of vulnerabilities and recommended remediation Lists of target systems on the network identified and scanned for vulnerabilities Details of successful vulnerability exploitations. Which type of test would an organization perform to locate and target exploitable defects? Penetration System Performance Vulnerability. As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following? Known-plaintext attack Denial of Service (DoS) Cookie manipulation Structured Query Language (SQL) injection. When testing the Disaster Recovery Plan (DRP), which of the following is the MOST important consideration to identify? User change requests that affect typical operations during the test Operational changes that need to be incorporated into the plan Recovery time improvements that need to be incorporated into the plan Alternative methods of recovery that may be discussed during the test. Business management should be engaged in the creation of Business Continuity and Disaster Recovery Plans (BCP/DRP) because they need to: Specify the solutions and options around which the plan will be developed. Predetermine spending for development and implementation of the plan Ensure that the technology chosen for implementation meets all requirements. Provide resources and support for the development and testing of the plan. What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)? Evaluating the efficiency of the plan Identifying the benchmark required for restoration Validating the effectiveness of the plan Determining the Recovery Time Objective (RTO). Which of the following is TRUE about Disaster Recovery Plan (DRP) testing? Operational networks are usually shut down during testing. Testing should continue even if components of the test fail. The company is fully prepared for a disaster if all tests pass. Testing should not be done until the entire disaster plan can be tested. . At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted: Monthly. Quarterly. Annually. Bi-annually. . Disaster Recovery Plan (DRP) training material should be: Consistent so that all audiences receive the same training. Stored in a fireproof safe to ensure availability when needed. Only delivered in paper format. Presented in a professional-looking manner. . In Business Continuity Planning (BCP), what is the importance of documenting business processes? Provides senior management with decision-making tools. Establishes and adopts ongoing testing and maintenance strategies. Defines who will perform which functions during a disaster or emergency. Provides an understanding of the organization’s interdependencies. Which of the following is the best practice for testing a Business Continuity Plan (BCP)? Test before the IT Audit. Test when environment changes. Test after installation of security patches. Test after implementation of system patches. . A Business Continuity Plan (BCP) is based on: The policy and procedures manual. An existing BCP from a similar organization. A review of the business processes and procedures. A standard checklist of required items and objectives. . The goal of a Business Continuity Plan (BCP) training and awareness program is to: Enhance the skills required to create, maintain, and execute the plan. Provide for a high level of recovery in case of disaster. Describe the recovery organization to new employees. Provide each recovery team with checklists and procedures. . What RAID level is shown in the following exhibit? RAID 0 RAID 5 RAID 10 RAID 1. Which one of the following is a fundamental objective in handling an incident? To restore control of the affected systems To confiscate the suspect’s computers To prosecute the attacker To perform full backups of the system. What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts? Ensure that the Incident Response Plan is available and current. Determine the traffic’s initial source and block the appropriate port. Disable or disconnect suspected target and source systems. Verify the threat and determine the scope of the attack. . You work in a police department forensics lab where you examine computers for evidence of crimes. One day you receive a laptop and are part of a two-man team responsible for examining it together. However, it is lunchtime, and after receiving the laptop, you leave it on your desk and head out to lunch. What critical step in forensic evidence have you forgotten? Chain of custody Locking the laptop in your desk Making a disk image for examination Cracking the admin password with chntpw. Retaining system logs for six months or longer can be valuable for what activities? Disaster recovery and business continuity Forensics and incident response Identity and authorization management Physical and logical access control . Which of the following PRIMARILY contributes to security incidents in web-based applications? Systems administration and operating systems System incompatibility and patch management Third-party applications and change controls Improper stress testing and application interfaces . During the investigation of a security incident, it is determined that an unauthorized individual accessed a system that hosts a database containing financial information. If the intrusion causes the system processes to hang, which of the following has been affected? System integrity System availability System confidentiality System auditability. How can lessons learned from business continuity training and actual recovery incidents BEST be used? As a means for improvement As alternative options for awareness and training As indicators of a need for policy As business function gap indicators . How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system? Take another backup of the media in question and delete all irrelevant operating system files Create a comparison database of cryptographic hashes of the files from a system with the same operating system and patch level Generate a message digest (MD) or secure hash on the drive image to detect tampering of the media being examined Discard harmless files for the operating system and known installed programs. Which of the following representatives of the incident response team takes forensic backups of the systems that are the focus of the incident? Legal representative Technical representative Lead investigator Information security representative . Which of the following backup methods is most appropriate for off-site archiving? Incremental backup method Off-site backup method Full backup method Differential backup method. Which backup type run at regular intervals would take the least time to complete? Full Backup Differential Backup Incremental Backup Disk Mirroring. What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location? Remote journaling Electronic vaulting Data clustering Database shadowing. Which of the following is NOT a common backup method? Full backup method Daily backup method Incremental backup method Differential backup method. Which backup method is used if backup time is critical and tape space is at an extreme premium? Incremental backup method Differential backup method Full backup method Tape backup method. Which of the following is the MOST important element of change management documentation? List of components involved Number of changes being made Business case justification A stakeholder communication. What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope? Configuration Management System Project Management Information System Scope Verification Integrated Change Control . Operations security seeks to PRIMARILY protect against which of the following? Object reuse Facility disaster Compromising emanations Asset threats. Which of the following is NOT an example of an operational control? Backup and recovery Auditing Contingency planning Operations procedures. Which of the following is NOT a critical security aspect of operations controls? Controls over hardware Data media used Operators using resources Environmental controls . The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase? System operations and maintenance System acquisition and development System implementation System initiation . In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of: Systems integration Change management Risk management Quality assurance. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined? After the system preliminary design has been developed and the data security categorization has been performed After the business functional analysis and the data security categorization have been performed After the vulnerability analysis has been performed and before the system detailed design begins After the system preliminary design has been developed and before the data security categorization begins. Multi-threaded applications are more at risk than single-threaded applications to: Race conditions Virus infection Packet sniffing Database injection. What technique BEST describes antivirus software that detects viruses by watching anomalous behavior? Signature Inference Induction Heuristic. According to BEST practice, which of the following is required when implementing third-party software in a production environment? Scan the application for vulnerabilities Contract the vendor for patching Negotiate end-user application training Escrow a copy of the software. In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes? Text editors, database, and Internet phone applications Email, presentation, and database applications Image libraries, presentation, and spreadsheet applications Email, media players, and instant messaging applications. What component of a web application that stores the session state in a cookie can be bypassed by an attacker? An initialization check An identification check An authentication check An authorization check. Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks? Data compression Data classification Data warehousing Data validation . A development team intends to prevent Cross-Site Scripting (XSS) attacks using an in-house developed Application Programming Interface (API). What step should be taken by the development team? Use public keys Validate incoming and outgoing data. Control network addresses that connect to an API. Implement Secure Socket Layer (SSL) on the web server. Which of the following would BEST describe the concept of least privilege in the software development process? Only authorized users should access the application code repository. Developers should only have access to the resources they need to perform their roles. System administrators should have unrestricted access to all system resources. All stakeholders should have access to development environments for collaboration. Which of the following phases of the Software Development Life Cycle (SDLC) MOST directly relates to incident detection and response? Requirements definition Testing and evaluation Operations and maintenance Design and development. Which of the following software testing methods focuses on testing the application under unexpected or invalid conditions? Regression testing Functional testing Negative testing Load testing. Which of the following best describes a buffer overflow attack? Sending more data than the buffer can handle, causing execution of malicious code Altering database queries to access unauthorized data Manipulating cookies to impersonate a user Bypassing authentication mechanisms using stolen credentials . Which of the following methods can prevent time-of-check to time-of-use (TOCTOU) vulnerabilities? Ensuring atomic operations Implementing input validation Using static analysis tools Applying database encryption. Which of the following practices would BEST help prevent software vulnerabilities related to insecure deserialization? Encrypting serialized objects Using a secure sandbox environment Implementing strict input validation Restricting the types of objects that can be deserialized. What is the primary security concern when using dynamically linked libraries (DLLs) in application development? Performance degradation DLL injection attacks Licensing restrictions Dependency conflicts. Which of the following is the PRIMARY purpose of static code analysis in software development? To assess code performance under stress To identify coding errors and vulnerabilities To validate user requirements and feedback To check for compliance with privacy laws . Which of the following testing methods simulates actual hacker techniques to find exploitable vulnerabilities in software? Static testing Penetration testing Unit testing Regression testing . Which of the following is a critical security consideration during the deployment phase of the Software Development Life Cycle (SDLC)? Encrypting sensitive data before storage Validating user requirements against the final product Ensuring all debug information is removed from the production environment Performing regular code reviews for compliance. What is the primary purpose of a secure development lifecycle (SDL)? To ensure software is delivered on time and within budget To identify and address security risks throughout the development process To reduce the cost of software development To ensure compatibility with all operating systems. Which of the following is the MOST effective way to manage vulnerabilities introduced by third-party software components? Conduct regular static analysis of third-party libraries Rely on the vendor’s patching schedule Use a software composition analysis tool to monitor dependencies Manually review all source code from third-party components. Which type of attack is mitigated by ensuring all inputs are validated and sanitized before being processed by an application? Buffer overflow Cross-Site Scripting (XSS) SQL injection All of the options. What type of software testing assesses how changes to the codebase impact existing functionalities? Unit testing Regression testing Stress testing Integration testing. Which of the following is the BEST way to prevent sensitive data exposure in software applications? Encrypt all sensitive data at rest and in transit Limit access to databases containing sensitive data Use tokens instead of actual sensitive data in transactions Implement all of the options. |
Report abuse