Which of the following documents speci es services from the client's viewpoint?

A. Business Impact analysis (BIA)

B. Service level agreement (SLA)

C. Service Level Requirement (SLR)

D. Service level report

An organization has approved deployment of a virtual environment for the development servers and has established controls for restricting access to resources. In order to implement best security practices for the virtual environment, the security team MUST also implement which of the following steps?

A. Implement a dedicated management network for the hypervisor.

B. Deploy Terminal Access Controller Access Control System Plus (TACACS+) for authentication.

C. Implement complex passwords using Privileged Access Management (PAM).

D. Capture network traffic for the network interface.

Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?

A. Monitor mail servers for sensitive data being ex ltrated.

B. Educate end-users on methods of attacks on sensitive data.

C. Establish report parameters for sensitive data.

D. Store sensitive data only when necessary.

What documentation is produced FIRST when performing an effective physical loss control process?

A. Deterrent controls list

B. Security standards list

C. Asset valuation list

D. Inventory list

What security technique in the Software Development Life Cycle (SDLC) should be leveraged to BEST ensure secure development throughout a project?

A. Dynamic application security testing (DAST)

B. Waterfall

C. Simple Object Access Protocol

D. Static application security testing (SAST)

Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

A. The SPI inspects traffic on a packet-by-packet basis.

B. The SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets.

C. The SPI is capable of dropping packets based on a pre-defined rule set.

D. The SPI inspects the traffic in the context of a session.

Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?

A. Communicate with the press following the communications plan

B. Dispatch personnel to the disaster recovery (DR) site

C. Take photos of the damage

D. Notify all of the Board of Directors

What is the PRIMARY reason for criminal law being difficult to enforce when dealing with cybercrime?

A. Jurisdiction is hard to define.

B. Law enforcement agencies are understaffed.

C. Extradition treaties are rarely enforced.

D. Numerous language barriers exist.

Which process compares its results against a standard to determine whether the results meet the standard?

A. Penetration test

B. Security audit

C. Security assessment

D. Functional review

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security officer
(CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?

A. Port security

B. Two-factor authentication (2FA)

C. Strong passwords

D. Application firewall

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?

A. Implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices and applications.

B. Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.

C. Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.

D. Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.

An organization has implemented a password complexity and an account lockout policy enforcing five incorrect logins tries within ten minutes. Network users have reported significantly increased account lockouts. Which of the following security principles is this company affecting?

A. confidentiality

B. Integrity

C. Availability

D. Authentication

Which application type is considered high risk and provides a common way for malware and viruses to enter a network?

A. Instant messaging or chat applications

B. Peer-to-Peer (P2P) file sharing applications

C. E-mail applications

D. End-to-end applications

Who is the BEST person to review developed application code to ensure it has been tested and verified?

A. A developer who knows what is expected of the application, but not the same one who developed it.

B. A member of quality assurance (QA) should review the developer’s code.

C. A developer who understands the application requirements document, and who also developed the code.

D. The manager should review the developer’s application code.

Which of the following services can be deployed via a cloud service or on-premises to integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?

A. Multi-factor authentication (MFA)

B. Directory

C. User database

D. Single sign-on (SSO)

Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?

A. Design networks with the ability to adapt, reconfigure, and fail over.

B. Test business continuity and disaster recovery (DR) plans.

C. Follow security guidelines to prevent unauthorized network access.

D. Implement network segmentation to achieve robustness.

A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against common vulnerabilities and attacks. What is the MOST efficient option used to prevent buffer over flow attacks?

A. Access control mechanisms

B. Process isolation

C. Address Space Layout Randomization (ASLR)

D. Processor states

Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users' internal control over financial reporting?

A. Statement on Auditing Standards (SAS) 70

B. Service Organization Control 1 (SOC1)

C. Service Organization Control 2 (SOC2)

D. Service Organization Control 3 (SOC3)

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this IAM action?

A. Clothing retailer acts as User Self Service, confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services.

B. Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to services.

C. Clothing retailer acts as Service Provider, confirms identity of user using industry standards, then sends credentials to partner businesses that act as an identity provider (IdP) and allows access to resources.

D. Clothing retailer acts as Access Control Provider, confirms access of user using industry standards, then sends credentials to partner businesses that act as a Service Provider and allows access to resources.

An information technology (IT) employee who travels frequently to various countries remotely connects to an organization's resources to troubleshoot problems.
Which of the following solutions BEST serves as a secure control mechanism to meet the organization's requirements?

A. Install a third-party screen sharing solution that provides remote connection from a public website.

B. Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.

C. Implement a Dynamic Domain Name Services (DONS) account to initiate a virtual private network (VPN) using the DONS record.

D. Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.

The Chief Executive officer (CEO) wants to implement an internal audit of the company's information security posture. The CEO wants to avoid any bias in the audit process; therefore, has assigned the Sales Director to conduct the audit. After significant interaction over a period of weeks the audit concludes that the company's policies and procedures are su cient, robust and well established. The CEO then moves on to engage an external penetration testing company in order to showcase the organization's robust information security stance. This exercise reveals significant failings in several critical security controls and shows that the incident response processes remain undocumented. What is the MOST likely reason for this disparity in the results of the audit and the external penetration test?

A. The audit team lacked the technical experience and training to make insightful and objective assessments of the data provided to them.

B. The scope of the penetration test exercise and the internal audit were significantly different.

C. The external penetration testing company used custom zero-day attacks that could not have been predicted.

D. The information technology (IT) and governance teams have failed to disclose relevant information to the internal audit team leading to an incomplete assessment being formulated.

Which of the following BEST describes an example of evading intrusion detection system (IDS) signature detection?

A. Packet fragmentation

B. SQL injection (SQLi)

C. Cross-Site Scripting (XSS)

D. Encoding

While performing a security review for a new product, an information security professional discovers that the organization's product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?

A. Customer identifiers should be a variant of the user’s government-issued ID number.

B. Customer identifiers should be a cryptographic hash of the user’s government-issued ID number.

C. Customer identifiers that do not resemble the user’s government-issued ID number should be used.

D. Customer identifiers should be a variant of the user’s name, for example, “jdoe” or “john.doe.”

A security architect is implementing an authentication system for a distributed network of servers. This network will be accessed by users on workstations that cannot trust the identity of the user. Which solution should the security architect use to have the users trust one another?

A. One-way authentication

B. Kerberos

C. Mutual authentication

D. Single session software tokens

International bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of the following?

A. International traffic in Arms Regulations (ITAR)

B. Palermo convention

C. Wassenaar arrangement

D. General Data Protection Regulation (GDPR)

Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

A. Proper security controls, security objectives, and security goals are properly initiated.

B. Security objectives, security goals, and system test are properly conducted.

C. Proper security controls, security goals, and fault mitigation are properly conducted.

D. Security goals, proper security controls, and validation are properly initiated.

A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is MOST likely to achieve this goal?

A. Weakly typed

B. Dynamically typed

C. Strongly typed

D. Statically typed

Where can the Open Web Application Security Project (OWASP) list of associated vulnerabilities be found?

A. OWASP Mobile Project

B. OWASP Software Assurance Maturity Model (SAMM) Project

C. OWASP Guide Project

D. OWASP Top 10 Project

An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per-project basis. What type of user access administration is BEST suited to meet the organization's needs?

A. Decentralized

B. Hybrid

C. Centralized

D. Federated

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?

A. Information may be found on hidden vendor patches.

B. The actual origin and tools used for the test can be hidden.

C. Information may be found on related breaches and hacking.

D. Vulnerabilities can be tested without impact on the tested environment.

Which of the following is a MAJOR consideration in implementing a Voice over Internet Protocol (VoIP) network?

A. Use of Request for Comments (RFC) 1918 addressing.

B. Use of Network Access Control (NAC) on switches.

C. Use of separation for the voice network.

D. Use of a unified messaging.

Which evidence collecting technique would be utilized when it is believed an attacker is employing a rootkit and a quick analysis is needed?

A. Forensic disk imaging

B. Live response

C. Memory collection

D. Malware analysis

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

A. confirm that confidentiality agreements are signed

B. Employ strong access controls

C. Log all activities associated with sensitive systems

D. Provide links to security policies

What security principle addresses the issue of "Security by Obscurity"?

A. Open design

B. Role Based Access Control (RBAC)

C. Segregation of duties (SoD)

D. Least privilege

Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?

A. Request for proposals (RFP) avoid purchasing software that does not meet business needs.

B. Contracting processes eliminate liability for security vulnerabilities for the purchaser.

C. Decommissioning of old software reduces long-term costs related to technical debt.

D. Software that does not perform as intended may be exploitable which makes it vulnerable to attack.

An organization is implementing data encryption using symmetric ciphers and the Chief Information officer (CIO) is concerned about the risk of using one key to protect all sensitive data. The security practitioner has been tasked with recommending a solution to address the CIO's concerns.
Which of the following is the
BEST approach to achieving the objective by encrypting all sensitive data?

A. Use a Secure Hash Algorithm 256 (SHA-256).

B. Use Rivest-Shamir-Adleman (RSA) keys.

C. Use a hierarchy of encryption keys.

D. Use Hash Message Authentication Code (HMAC) keys.

Which audit type is MOST appropriate for evaluating the effectiveness of a security program?

A. Analysis

B. Threat

C. Assessment

D. Validation

In software development, developers should use which type of queries to prevent a Structured Query Language (SQL) injection?

A. Parameterised

B. Controlled

C. Dynamic

D. Static

An organization acquired used technological equipment. This equipment will be integrated with new and existing business processes. What is the MOST appropriate consideration to identify the equipment that requires protection?

A. Total monetary value of the acquisition

B. The age of the computing hardware

C. Stakeholder concerns of how the assets are used

D. Length and extent of support by the vendor

An application developer is developing a web application that will store and process personal information of European Union (EU) residents. Which of the following security principles explicitly speci ed in General Data Protection Regulation (GDPR), should the developer apply to safeguard the personal information in the application?

A. Authorization

B. Tokenization

C. Pseudonymization

D. Authentication

Which of the following is considered the FIRST step when designing an internal security control assessment?

A. Create a plan based on comprehensive knowledge of known breaches.

B. Create a plan based on reconnaissance of the organization’s infrastructure.

C. Create a plan based on a recognized framework of known controls.

D. Create a plan based on recent vulnerability scans of the systems in question.

What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?

A. configuration item

B. configuration element

C. Ledger item

D. Asset register

An architect has observed the complexity of a new design has introduced increased risk. After review, the test team lead cannot determine how to test for some of the security controls the organization requires to be in place. Which of the following secure design principles has MOST likely been violated?

A. Complete remediation

B. Economy of mechanism

C. Psychological acceptability

D. Least privilege

When reviewing the security logs, the password shown for an administrative login event was ' OR ' '1'='1' --. This is an example of which of the following kinds of attack?

A. Structured Query Language (SQL) Injection

B. Brute Force Attack

C. Rainbow Table Attack

D. Cross-Site Scripting (XSS)

A web developer is completing a new web application security checklist before releasing the application to production. The task of disabling unnecessary services is on the checklist. Which web application threat is being mitigated by this action?

A. Session hijacking

B. Security misconfiguration

C. Broken access control

D. Sensitive data exposure

Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?

A. Sender non-repudiation

B. Multi-factor authentication (MFA)

C. Payload encryption

D. Sender confidentiality

When performing an investigation with the potential for legal action, what should be the analyst's FIRST consideration?

A. Data decryption

B. Chain-of-custody

C. Authorization to collect

D. Court admissibility

What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?

A. Warn users of a breach.

B. Reset all passwords.

C. Segment the network.

D. Shut down the network.

A colleague who recently left the organization asked a security professional for a copy of the organization's con dential incident management policy. Which of the following is the BEST response to this request?

A. Access the policy on a company-issued device and let the former colleague view the screen.

B. E-mail the policy to the colleague as they were already part of the organization and familiar with it.

C. Do not acknowledge receiving the request from the former colleague and ignore them.

D. Submit the request using company o cial channels to ensure the policy is okay to distribute.

Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?

A. Common Vulnerabilities and Exposures (CVE)

B. Center for Internet Security (CIS)

C. Common Vulnerability Scoring System (CVSS)

D. Open Web Application Security Project (OWASP)