In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below. Which of the following would be a reasonable annual loss expectation?

A. 3,500

B. 140,000

C. 14,000

D. 350,000

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

A. Execute

B. Read

C. Write

D. Append

Which of the following is a key responsibility for a data steward assigned to manage an enterprise data lake?

A. Ensure proper business definition, value, and usage of data collected and stored within the enterprise data lake.

B. Ensure adequate security controls applied to the enterprise data lake.

C. Ensure proper and identi able data owners for each data element stored within an enterprise data lake.

D. Ensure that any data passing within remit is being used in accordance with the rules and regulations of the business.

If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol (VoIP), which of the following becomes even MORE essential to the assurance of the network?

A. Boundary routing

B. Classless Inter-Domain Routing (CIDR)

C. Internet Protocol (IP) routing lookups

D. Deterministic routing

Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation (GDPR)?

A. For the establishment, exercise, or defense of legal claims

B. The personal data has been lawfully processed and collected

C. For the reasons of private interest

D. The personal data remains necessary to the purpose for which it was collected

A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the following is the
BEST solution to implement?

A. An intrusion prevention system (IPS)

B. Network Access Control (NAC)

C. Active Directory (AD) authentication

D. A firewall

What is the PRIMARY reason for criminal law being difficult to enforce when dealing with cybercrime?

A. Jurisdiction is hard to define.

B. Law enforcement agencies are understaffed.

C. Extradition treaties are rarely enforced.

D. Numerous language barriers exist.

What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?

A. Control risk

B. Demand risk

C. Supply risk

D. Process risk

Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security officer (CISO) to perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC)
Code of Professional Ethics, which of the following should the CISSP do?

A. Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent and quali ed

B. Since they are CISSP certi ed, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a timely manner

C. Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it

D. Review the PCI requirements before performing the vulnerability assessment

When reviewing the security logs, the password shown for an administrative login event was ' OR ' '1'='1' --. This is an example of which of the following kinds of attack?

A. Structured Query Language (SQL) Injection

B. Brute Force Attack

C. Rainbow Table Attack

D. Cross-Site Scripting (XSS)

Which of the following attacks, if successful, could give an intruder complete control of a software-defined networking (SDN) architecture?

A. A brute force password attack on the Secure Shell (SSH) port of the controller

B. Sending control messages to open a flow that does not pass a firewall from a compromised host within the network

C. Remote Authentication Dial-In User Service (RADIUS) token replay attack

D. Sni ng the traffic of a compromised host inside the network

A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied. The research is complete, and the security engineer has provided recommendations. Where should the patch be applied FIRST?

A. Lower environment

B. Desktop environment

C. Server environment

D. Production environment

What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline JavaScript and the execution of eval()- type functions?

A. X-XSS-Protection

B. Content-Security-Policy

C. X-Frame-Options

D. Strict-Transport-Security

Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?

A. Vendors take on the liability for COTS software vulnerabilities.

B. In-house developed software is inherently less secure.

C. COTS software is inherently less secure.

D. Exploits for COTS software are well documented and publicly available.

The Chief Information Security officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?

A. Headcount and capacity

B. Scope and service catalog

C. Skill set and training

D. Tools and technologies

What part of an organization's strategic risk assessment MOST likely includes information on items affecting the success of the organization?

A. Threat analysis

B. Vulnerability analysis

C. Key Performance Indicator (KPI)

D. Key Risk Indiaitor (KRI)

In Federated Identity Management (FIM), which of the following represents the concept of federation?

A. Collection, maintenance, and deactivation of user objects and attributes in one or more systems, directories or applications

B. Collection of information logically grouped into a single entity

C. Collection of information for common identities in a system

D. Collection of domains that have established trust among themselves

The Chief Information Security officer (CISO) is to establish a single, centralized, and relational repository to hold all information regarding the software and hardware assets. Which of the following s ions would be the BEST option?

A. Information Security Management System (ISMS)

B. configuration Management Database (CMDB)

C. Security Information and Event Management (SIEM)

D. Information Technology Asset Management (ITAM)

Which of the following is a weakness of the Data Encryption Standard (DES)?

A. Block encryption scheme

B. Use of same key for encryption and decryption

C. Publicly disclosed algorithm

D. Inadequate key length

A Simple Power Analysis (SPA) attack against a device directly observes which of the following?

A. Magnetism

B. Generation

C. Consumption

D. Static discharge

Which of the following regulations dictates how data breaches are handled?

A. Payment Card Industry Data Security Standard (PCI-DSS)

B. National Institute of Standards and Technology (NIST)

C. Sarbanes-Oxley (SOX)

D. General Data Protection Regulation (GDPR)

If a medical analyst independently provides protected health information (PHI) to an external marketing organization, which ethical principal is this a violation of?

A. Higher ethic in the worst case

B. Informed consent

C. Change of scale test

D. Privacy regulations

Which of the following BEST describes centralized identity management?

A. Service providers perform as both the credential and identity provider (IdP).

B. Service providers identify an entity by behavior analysis versus an identification factor.

C. Service providers agree to integrate identity system recognition across organizational boundaries.

D. Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers.

In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?

A. The accuracy of testing results can be greatly improved if the target(s) are properly hardened.

B. The results of the tests represent a point-in-time assessment of the target(s).

C. The defficiencies identified can be corrected immediately.

D. The target’s security posture cannot be further compromised.

What is the term used to define where data is geographically stored in the cloud?

A. Data privacy rights

B. Data sovereignty

C. Data warehouse

D. Data subject rights

Which function does 802.1X provide?

A. Network intrusion detection system (NIDS)

B. Wireless access point (WAP)

C. Wi-Fi Protected Access (WPA)

D. Network Access Control (NAC)

An organization suspects it is receiving spoofed e-mails from a foreign-hosted web e-mail service. Where can the MOST relevant be found to begin the process of identifying the perpetrator?

A. E-mail logs from foreign-hosted web server

B. Message header of received e-mails

C. traffic logs from the corporate firewall

D. Log files of the corporate Simple Mail Transfer Protocol (SMTP) server

A Chief Information Security officer (CISO) is considering various proposals for evaluating security weaknesses and vulnerabilities at the source code level. Which of the following items BEST equips the CISO to make smart decisions for the organization?

A. The Common Weakness Risk Analysis Framework (CWRAF)

B. The Common Vulnerabilities and Exposures (CVE)

C. The Common Weakness Enumeration (CWE)

D. The Open Web Application Security Project (OWASP) Top Ten

Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations?

A. Synchronous Optical Networking (SONET)

B. Multiprotocol Label Switching (MPLS)

C. Fiber Channel Over Ethernet (FCoE)

D. Session Initiation Protocol (SIP)

Which of the following is included in change management?

A. Technical review by business owner

B. User Acceptance Testing (UAT) before implementation

C. Cost-benefit analysis (CBA) after implementation

D. Business continuity testing

A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?

A. Remove all non-essential client-side web services from the network.

B. Harden the client image before deployment.

C. Screen for harmful exploits of client-side services before implementation.

D. Block all client-side web exploits at the perimeter.

Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?

A. Sender non-repudiation

B. Multi-factor authentication (MFA)

C. Payload encryption

D. Sender confidentiality

A malicious user gains access to unprotected directories on a web server. Which of the following is MOST likely the cause for this information disclosure?

A. Broken authentication management

B. Security misconfiguration

C. Cross-site request forgery (CSRF)

D. Structured Query Language injection (SQLi)

For a victim of a security breach to prevail in a negligence claim, what MUST the victim establish?

A. Concern

B. Breach of contract

C. Proximate cause

D. Hardship

At which layer of the Open Systems Interconnection (OSI) model does a circuit-level firewall operate?

A. Session layer

B. Network layer

C. Application layer

D. Transport layer

An established information technology (IT) consulting rm is considering acquiring a successful local startup. To gain a comprehensive understanding of the startup's security posture, which type of assessment provides the BEST information?

A. A security audit

B. A tabletop exercise

C. A penetration test

D. A security threat model

A Chief Information officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role lled by the head of the IT department?

A. System security officer

B. System processor

C. System custodian

D. System analyst

In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?

A. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review.

B. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement.

C. Ensure the business continuity policy, controls, processes, and procedures have been implemented.

D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.

What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high-performance data reads and writes?

A. RAID-0

B. RAID-1

C. RAID-5

D. RAID-6

A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?

A. Administrative privileges on the hypervisor

B. Administrative privileges on the application folders

C. Administrative privileges on the web server

D. Administrative privileges on the OS

Which of the following MUST the administrator of a security information and event management (SIEM) system ensure?

A. All sources are synchronized with a common time reference.

B. All sources are reporting in the exact same Extensible Markup Language (XML) format.

C. Data sources do not contain information infringing upon privacy regulations.

D. Each source uses the same Internet Protocol (IP) address for reporting.

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?

A. Functional test

B. Unit test

C. Grey box

D. White box

What is the MOST appropriate hierarchy of documents when implementing a security program?

A. Policy, organization principle, standard, guideline

B. Standard, policy, organization principle, guideline

C. Organization principle, policy, standard, guideline

D. Organization principle, guideline, policy, standard

Which of the following is the BEST approach to implement multiple servers on a virtual system?

A. Implement one primary function per virtual server and apply individual security configuration for each virtual server.

B. Implement multiple functions within the same virtual server and apply individual security configurations to each function.

C. Implement one primary function per virtual server and apply high security configuration on the host operating system.

D. Implement multiple functions per virtual server and apply the same security configuration for each virtual server.

What is a security concern when considering implementing software-defined networking (SDN)?

A. It has a decentralized architecture.

B. It increases the attack footprint.

C. It uses open source protocols.

D. It is cloud based.

In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?

A. Implement bi-annual reviews.

B. Create policies for system access.

C. Implement and review risk-based alerts.

D. Increase logging levels.

What is the MAIN purpose of conducting a business impact analysis (BIA)?

A. To determine the cost for restoration of damaged information system

B. To determine the controls required to return to business critical operations

C. To determine the critical resources required to recover from an incident within a speci ed time period

D. To determine the effect of mission-critical information system failures on core business processes

Which element of software supply chain management has the GREATEST security risk to organizations?

A. Unsupported libraries are often used.

B. Applications with multiple contributors are difficult to evaluate.

C. Vulnerabilities are difficult to detect.

D. New software development skills are hard to acquire.

A user is allowed to access the file labeled "Financial Forecast," but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of access mechanism should be used to accomplish this?

A. Minimum access control

B. Limited role-based access control (RBAC)

C. Access control list (ACL)

D. Rule-based access control

When conducting a remote access session using Internet Protocol Security (IPSec), which Open Systems Interconnection (OSI) model layer does this connection use?

A. Presentation

B. Transport

C. Network

D. Data link