A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the following is the
BEST solution to implement?

A. An intrusion prevention system (IPS)

B. Network Access Control (NAC)

C. Active Directory (AD) authentication

D. A firewall

An organization is formulating a strategy to provide access to third-party partners. The information technology (IT) department has been tasked with providing access by utilizing cloud services. Which of the following technologies is MOST commonly employed for completing the task?

A. Identity as a Service (IDaaS)

B. Firewall as a service

C. Infrastructure as a Service (IaaS)

D. Software as a Service (SaaS)

What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?

A. Standardize specifications between software security products.

B. Achieve organizational compliance with international standards.

C. Improve vulnerability assessment capabilities.

D. Save security costs for the organization.

Which process compares its results against a standard to determine whether the results meet the standard?

A. Penetration test

B. Security audit

C. Security assessment

D. Functional review

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory
Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery.
Which of the following is the MOST challenging aspect of this investigation?

A. Group policy implementation

B. SCADA network latency

C. Physical access to the system

D. Volatility of data

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input?

A. Unit testing

B. Acceptance testing

C. Integration testing

D. Negative testing

Which change management role is responsible for the overall success of the project and supporting the change throughout the organization?

A. Change driver

B. Project manager

C. Program sponsor

D. Change implementer

An organization needs to evaluate the effectiveness of security controls implemented on a new system. Which of the following roles should the organization entrust to conduct the evaluation?

A. Authorizing O cial (AO)

B. System owner

C. Control assessor

D. Information System Security officer (ISSO)

An organization wants to ensure that employees that move to a different department within the organization do not retain access privileges from their former department. To this end, the organization has implemented role-based access control (RBAC). Which additional measure is MOST important to successfully limit excess access privileges?

A. Business role review

B. Line manager review of assigned roles

C. Segregation of duties (SoD) review

D. Access control matrix

Physical assets defined in an organization's business impact analysis (BIA) could include which of the following?

A. Personal belongings of organizational staff members

B. Disaster recovery (DR) line-item revenues

C. Cloud-based applications

D. Supplies kept off-site a remote facility

Which of the following should exist in order to perform a security audit?

A. Neutrality of the auditor

B. Industry framework to audit against

C. External (third-party) auditor

D. Internal certi ed auditor

At which layer of the Open Systems Interconnection (OSI) model does a circuit-level firewall operate?

A. Session layer

B. Network layer

C. Application layer

D. Transport layer

What BEST describes data ownership?

A. Geographic sovereignty

B. confidentiality and integrity

C. Accuracy and precision

D. Legal responsibilities

Which of the following languages supports a modular program structure and was designed for military and real-time systems?

A. C++

B. Personal Home Page (PHP)

C. Ada

D. Java

Which of the following events prompts a review of the disaster recovery plan (DRP)?

A. Change in senior management

B. Completion of the security policy review

C. Organizational merger

D. New members added to the steering committee

A project manager for a large software rm has acquired a government contract that generates large amounts of Controlled Unclassi ed Information (CUI). The organization's information security manager had received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?

A. PM

B. Information owner

C. Data Custodian

D. Mission/Business Owner

A user is allowed to access the file labeled "Financial Forecast," but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of access mechanism should be used to accomplish this?

A. Minimum access control

B. Limited role-based access control (RBAC)

C. Access control list (ACL)

D. Rule-based access control

Which of the following is an important design feature for the outer door of a mantrap?

A. Allow it to be opened by an alarmed emergency button.

B. Do not allow anyone to enter it alone.

C. Do not allow it to be observed by closed-circuit television (CCTV) cameras.

D. Allow it be opened when the inner door of the mantrap is also open.

In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?

A. Disallow untested code in the execution space of the SCADA device.

B. Disable all command line interfaces.

C. Disable Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port 138 and 139 on the SCADA device.

D. Prohibit the use of unsecure scripting languages.

In designing the architecture of an access control system, it was determined that confidentiality and controlled access to information were the primary focus. Which of the following security models is the BEST choice for the organization?

A. Biba integrity model

B. Clark-Wilson model

C. Bell-LaPadula model

D. Brewer-Nash model

If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol (VoIP), which of the following becomes even MORE essential to the assurance of the network?

A. Boundary routing

B. Classless Inter-Domain Routing (CIDR)

C. Internet Protocol (IP) routing lookups

D. Deterministic routing

When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's first consideration?

A. Detection of sophisticated attackers

B. Topology of the network used for the system

C. Risk assessment of the system

D. Resiliency of the system

During testing, where are the requirements to inform parent organizations, law enforcement, and a computer incident response team documented?

A. Security Assessment Report (SAR)

B. Security assessment plan

C. Unit test results

D. System integration plan

Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) confidentiality category?

A. File hashing

B. Storage encryption

C. Data retention policy

D. Data processing

A subscription service which provides power, climate control, raised flooring, and telephone wiring but NOT the computer and peripheral equipment is BEST described as a:

A. cold site.

B. warm site.

C. hot site.

D. reciprocal site.

An information security consultant is asked to make recommendations for a small business to protect the access to information, stored on network drives. The small business supports several government agencies that manage highly sensitive information. Which of the following recommendations is BEST to achieve this objective?

A. Develop and implement a security information and event monitoring system.

B. Develop and implement access management policies and procedures.

C. Develop and implement data center access policies and procedures.

D. Develop and implement a security operations center (SOC) for access monitoring.

A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is MOST likely to achieve this goal?

A. Weakly typed

B. Dynamically typed

C. Strongly typed

D. Statically typed

An organization is developing employee training content to increase awareness of Payment Card Industry (PCI) standards. What are the three types of awareness roles applicable to the organization?

A. All personnel, specialized, management

B. Standard, privileged, administrator

C. Basic, intermediate, advanced

D. Technical, operational, administrative

Which element of software supply chain management has the GREATEST security risk to organizations?

A. Unsupported libraries are often used.

B. Applications with multiple contributors are difficult to evaluate.

C. Vulnerabilities are difficult to detect.

D. New software development skills are hard to acquire.

An application is used for funds transfers between an organization and a third-party. During a security audit, an auditor has found an issue with the business continuity disaster recovery policy and procedures for this application. Which of the following reports should the auditor file with the organization?

A. Statement on Auditing Standards (SAS) 70-1

B. Statement on Auditing Standards (SAS) 70

C. Service Organization Control (SOC) 1

D. Service Organization Control (SOC) 2

Employee training, risk management, and data handling procedures and policies could be characterized as which type of security measure?

A. Preventative

B. Management

C. Non-essential

D. Administrative

Which of the following should be included in a good defense-in-depth strategy provided by object-oriented programming for software development?

A. Polymorphism

B. Inheritance

C. Polyinstantiation

D. Encapsulation

Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?

A. Field-level tokenization

B. Web application vulnerability scanners

C. Runtime application self-protection (RASP)

D. Security Assertion Markup Language (SAML)

Which of the following system components enforces access controls on an object?

A. Security perimeter

B. Access control matrix

C. Trusted domain

D. Reference monitor

The security organization is looking for a solution that could help them determine with a strong level of con dence that attackers have breached their network.
Which solution is MOST effective at discovering a successful network breach?

A. Developing a sandbox

B. Installing an intrusion detection system (IDS)

C. Deploying a honeypot

D. Installing an intrusion prevention system (IPS)

Which of the following security tools monitors devices and records the information in a central database for further analysis?

A. Antivirus

B. Host-based intrusion detection system (HIDS)

C. Security orchestration automation and response

D. Endpoint detection and response (EDR)

An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?

A. It should be expressed as general requirements.

B. It should be expressed as technical requirements.

C. It should be expressed in business terminology.

D. It should be expressed in legal terminology.

When conducting a third-party risk assessment of a new supplier, which of the following reports should be reviewed to confirm the operating effectiveness of the security, availability, confidentiality, and privacy trust principles?

A. Service Organization Control (SOC) 1, Type 2

B. Service Organization Control (SOC) 2, Type 2

C. International Organization for Standardization (ISO) 27001

D. International Organization for Standardization (ISO) 27002

What is a use for mandatory access control (MAC)?

A. Allows for mandatory user identity and passwords based on sensitivity

B. Allows for mandatory system administrator access control over objects

C. Allows for labeling of sensitive user accounts for access control

D. Allows for object security based on sensitivity represented by a label

What is the benefit of using Network Admission Control (NAC)?

A. NAC only supports Windows operating systems (OS).

B. NAC supports validation of the endpoint’s security posture prior to allowing the session to go into an authorized state.

C. NAC can require the use of certificates, passwords, or a combination of both before allowing network admission.

D. Operating system (OS) versions can be validated prior to allowing network access.

Which of the following principles is intended to produce information security professionals that are capable of vision and proactive response?

A. Information security awareness

B. Information security program

C. Information security education

D. Information security certi cation

Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?

A. Store information about browsing activities on the personal device.

B. Prevent information about browsing activities from being stored on the personal device.

C. Prevent information about browsing activities from being stored in the cloud.

D. Store browsing activities in the cloud.

A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?

A. Use a salted cryptographic hash of the password.

B. Validate passwords using a stored procedure.

C. Allow only the application to have access to the password field in order to verify user authentication.

D. Encrypt the entire database and embed an encryption key in the application.

What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software defined networking (SDN)?

A. Network syntax, abstraction of network flow, and abstraction of network protocols

B. Network syntax, abstraction of network commands, and abstraction of network protocols

C. Familiar syntax, abstraction of network topology, and definition of network protocols

D. Familiar syntax, abstraction of network topology, and abstraction of network protocols A

Which of the following is the PRIMARY benefit of implementing an Information Security Management System (ISMS)?

A. Correlates system events to monitor and demonstrate system health

B. Improves customer con dence by demonstrating adherence to best practices

C. Increases employee education and awareness of security policies

D. Ensures user compliance with computing standards

Which of the following is the name of an individual or group that is impacted by a change?

A. Change agent

B. End User

C. Stakeholder

D. Sponsor

A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion Markup Language
(SAML). What is the PRIMARY security benefit in switching to SAML?

A. It enables single sign-on (SSO) for web applications.

B. It uses Transport Layer Security (TLS) to address confidentiality.

C. It limits unnecessary data entry on web forms.

D. The users’ password is not passed during authentication.

In addition to life, protection of which of the following elements is MOST important when planning a data center site?

A. Data and hardware

B. Property and operations

C. Resources and reputation

D. Pro ts and assets

Which of the following is the MOST common use of the Online certificate Status Protocol (OCSP)?

A. To verify the validity of an X.509 digital certificate

B. To obtain the expiration date of an X.509 digital certificate

C. To obtain the revocation status of an X.509 digital certificate

D. To obtain the author name of an X.509 digital certificate

A large law rm would like to enable employees to participate in a bring your own device (BYOD) program. Only devices with up-to-date antivirus and operating system (OS) patches will be allowed on the network. Which solution will BEST enforce the security requirements?

A. Endpoint Detection and Response

B. Next-Generation Firewall

C. Intrusion detection and prevention system (IDPS)

D. Network Access Control (NAC)