An architect has observed the complexity of a new design has introduced increased risk. After review, the test team lead cannot determine how to test for some of the security controls the organization requires to be in place. Which of the following secure design principles has MOST likely been violated?

A. Complete remediation

B. Economy of mechanism

C. Psychological acceptability

D. Least privilege

As a design principle, which one of the following actors is responsible for identifying and approving data security requirement in a cloud ecosystem?

A. Cloud auditor

B. Cloud broker

C. Cloud provider

D. Cloud consumer

The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?

A. It determines the functional and operational requirements.

B. It determines the security requirements.

C. It affects other steps in the certi cation and accreditation process.

D. The system engineering process works with selected security controls.

An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?

A. Application

B. Transport

C. Session

D. Presentation

What is the MOST appropriate hierarchy of documents when implementing a security program?

A. Policy, organization principle, standard, guideline

B. Standard, policy, organization principle, guideline

C. Organization principle, policy, standard, guideline

D. Organization principle, guideline, policy, standard

A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy?

A. Facility size, intermodulation, and direct satellite service

B. Performance, geographic location, and radio signal interference

C. Existing client devices, manufacturer reputation, and electrical interference

D. Hybrid frequency band, service set identifier (SSID), and interpolation

Which of the following BEST describes the purpose of the reference monitor when de ning access control to enforce the security model?

A. Strong operational security to keep unit members safe

B. Policies to validate organization rules

C. Cyber hygiene to ensure organizations can keep systems healthy

D. Quality design principles to ensure quality by design

What is the FIRST step prior to executing a test of an organization's disaster recovery (DR) or business continuity plan (BCP)?

A. Develop clear evaluation criteria.

B. Identify key stakeholders.

C. Develop recommendations for disaster scenarios.

D. Identify potential failure points.

Which of the following documents speci es services from the client's viewpoint?

A. Business Impact analysis (BIA)

B. Service level agreement (SLA)

C. Service Level Requirement (SLR)

D. Service level report

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

A. Execute

B. Read

C. Write

D. Append

Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations?

A. Synchronous Optical Networking (SONET)

B. Multiprotocol Label Switching (MPLS)

C. Fiber Channel Over Ethernet (FCoE)

D. Session Initiation Protocol (SIP)

Which of the following is the BEST way to protect an organization's data assets?

A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.

B. Monitor and enforce adherence to security policies.

C. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).

D. Create the Demilitarized Zone (DMZ) with proxies, rewalls and hardened bastion hosts.

Which of the following is the MOST effective corrective control to minimize the effects of a physical intrusion?

A. Rapid response by guards or police to apprehend a possible intruder

B. Sounding a loud alarm to frighten away a possible intruder

C. Automatic videotaping of a possible intrusion

D. Activating bright lighting to frighten away a possible intruder

Which of the following BEST represents a defense in depth concept?

A. Network-based data loss prevention (DLP), Network Access Control (NAC), network-based Intrusion prevention system (NIPS), Port security on core switches

B. Host-based data loss prevention (DLP), Endpoint anti-malware solution, Host-based integrity checker, Laptop locks, hard disk drive (HDD) encryption

C. Endpoint security management, network intrusion detection system (NIDS), Network Access Control (NAC), Privileged Access Management (PAM), security information and event management (SIEM)

D. Web application firewall (WAF), Gateway network device tuning, Database firewall, Next-Generation Firewall (NGFW), Tier-2 demilitarized zone (DMZ) tuning

Which of the following is the MOST significant key management problem due to the number of keys created?

A. Exponential growth when using symmetric keys

B. Exponential growth when using asymmetric keys

C. Storage of the keys require increased security

D. Keys are more difficult to provision and revoke

Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?

A. Design networks with the ability to adapt, reconfigure, and fail over.

B. Test business continuity and disaster recovery (DR) plans.

C. Follow security guidelines to prevent unauthorized network access.

D. Implement network segmentation to achieve robustness.

What is the MINIMUM standard for testing a disaster recovery plan (DRP)?

A. Quarterly or more frequently depending upon the advice of the information security manager

B. As often as necessary depending upon the stability of the environment and business requirements

C. Annually or less frequently depending upon audit department requirements

D. Semi-annually and in alignment with a scal half-year business cycle

When reviewing the security logs, the password shown for an administrative login event was ' OR ' '1'='1' --. This is an example of which of the following kinds of attack?

A. Structured Query Language (SQL) Injection

B. Brute Force Attack

C. Rainbow Table Attack

D. Cross-Site Scripting (XSS)

Prohibiting which of the following techniques is MOST helpful in preventing users from obtaining con dential data by using statistical queries?

A. Sequences of queries that refer repeatedly to the same population

B. Repeated queries that access multiple databases

C. Selecting all records from a table and displaying all columns

D. Running queries that access sensitive data

Why would a system be structured to isolate different classes of information from one another and segregate them by user jurisdiction?

A. The organization is required to provide different services to various third-party organizations.

B. The organization can avoid e-discovery processes in the event of litigation.

C. The organization’s infrastructure is clearly arranged and scope of responsibility is simplified.

D. The organization can vary its system policies to comply with conflicting national laws.

Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?

A. Request for proposals (RFP) avoid purchasing software that does not meet business needs.

B. Contracting processes eliminate liability for security vulnerabilities for the purchaser.

C. Decommissioning of old software reduces long-term costs related to technical debt.

D. Software that does not perform as intended may be exploitable which makes it vulnerable to attack.

A financial services organization has employed a security consultant to review processes used by employees across various teams. The consultant interviewed a member of the application development practice and found gaps in their threat model. Which of the following correctly represents a trigger for when a threat model should be revised?

A. After operating system (OS) patches are applied

B. A new developer is hired into the team.

C. After a modification to the firewall rule policy

D. A new data repository is added.

A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user's laptop. Which security mechanism addresses this requirement?

A. Trusted Platform Module (TPM)

B. certificate revocation list (CRL) policy

C. Key exchange

D. Hardware encryption

Which of the following encryption technologies has the ability to function as a stream cipher?

A. Cipher Block Chaining (CBC) with error propagation

B. Electronic Code Book (ECB)

C. Cipher Feedback (CFB)

D. Feistel cipher

The Chief Information Security officer (CISO) of a large financial institution is responsible for implementing the security controls to protect the confidentiality and integrity of the organization's Information Systems. Which of the controls below is prioritized FIRST?

A. Firewall and reverse proxy

B. Web application firewall (WAF) and HyperText Transfer Protocol Secure (HTTPS)

C. Encryption of data in transit and data at rest

D. Firewall and intrusion prevention system (IPS)

Which of the following reports provides the BEST attestation of detailed controls when evaluating an Identity as a Service (IDaaS) solution?

A. Service Organization Control (SOC) 1

B. Service Organization Control (SOC) 2

C. Service Organization Control (SOC) 3

D. Statement on Auditing Standards (SAS) 70

In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below. Which of the following would be a reasonable annual loss expectation?

A. 3,500

B. 140,000

C. 14,000

D. 350,000

A hospital's building controls system monitors and operates the environmental equipment to maintain a safe and comfortable environment. Which of the following could be used to minimize the risk of utility supply interruption?

A. Digital protection and control devices capable of minimizing the adverse impact to critical utility

B. Standardized building controls system software with high connectivity to hospital networks

C. Lock out maintenance personnel from the building controls system access that can impact critical utility supplies

D. Digital devices that can turn equipment off and continuously cycle rapidly in order to increase supplies and conceal activity on the hospital network

Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?

A. Employee evaluation of the training program

B. Internal assessment of the training program’s effectiveness

C. Multiple choice tests to participants

D. Management control of reviews

Dumpster diving is a technique used in which stage of penetration testing methodology?

A. Attack

B. Reporting

C. Planning

D. Discovery

Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?

A. Monitor mail servers for sensitive data being ex ltrated.

B. Educate end-users on methods of attacks on sensitive data.

C. Establish report parameters for sensitive data.

D. Store sensitive data only when necessary.

An organization with divisions in the United States (US) and the United Kingdom (UK) processes data comprised of personal information belonging to subjects living in the European Union (EU) and in the US. Which data MUST be handled according to the privacy protections of General Data Protection Regulation
(GDPR)?

A. Only the UK citizens’ data

B. Only the EU residents’ data

C. Only data processed in the UK

D. Only the EU citizens’ data

Which of the following techniques is MOST useful when dealing with advanced persistent threat (APT) intrusions on live virtualized environments?

A. Memory forensics

B. Log file analysis

C. Reverse engineering

D. Antivirus operations

What documentation is produced FIRST when performing an effective physical loss control process?

A. Deterrent controls list

B. Security standards list

C. Asset valuation list

D. Inventory list

The security organization is looking for a solution that could help them determine with a strong level of con dence that attackers have breached their network.
Which solution is MOST effective at discovering a successful network breach?

A. Developing a sandbox

B. Installing an intrusion detection system (IDS)

C. Deploying a honeypot

D. Installing an intrusion prevention system (IPS)

An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the following compliance standards should the organization use to assess the international code security and data privacy of the solution?

A. Service Organization Control (SOC) 2

B. Information Assurance Technical Framework (IATF)

C. Health Insurance Portability and Accountability Act (HIPAA)

D. Payment Card Industry (PCI)

A Chief Information Security officer (CISO) is considering various proposals for evaluating security weaknesses and vulnerabilities at the source code level. Which of the following items BEST equips the CISO to make smart decisions for the organization?

A. The Common Weakness Risk Analysis Framework (CWRAF)

B. The Common Vulnerabilities and Exposures (CVE)

C. The Common Weakness Enumeration (CWE)

D. The Open Web Application Security Project (OWASP) Top Ten

When reviewing vendor certi cations for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certi cation for the vendor to possess?

A. SOC 1 Type 1

B. SOC 2 Type 1

C. SOC 2 Type 2

D. SOC 3

A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against common vulnerabilities and attacks. What is the MOST efficient option used to prevent buffer over flow attacks?

A. Access control mechanisms

B. Process isolation

C. Address Space Layout Randomization (ASLR)

D. Processor states

When telephones in a city are connected by a single exchange, the caller can only connect with the switchboard operator. The operator then manually connects the call. This is an example of which type of network topology?

A. Point-to-Point Protocol (PPP)

B. Bus

C. Star

D. Tree

The security team is noti ed that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?

A. Data loss protection (DLP)

B. Intrusion detection

C. Vulnerability scanner

D. Information Technology Asset Management (ITAM)

A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?

A. SOC 1

B. SOC 2 Type 1

C. SOC 2 Type 2

D. SOC 3

Which of the following measures is the MOST critical in order to safeguard from a malware attack on a smartphone?

A. Enable strong password.

B. Install anti-virus for mobile.

C. Enable biometric authentication.

D. Prevent jailbreaking or rooting.

The Chief Information Security officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?

A. Headcount and capacity

B. Scope and service catalog

C. Skill set and training

D. Tools and technologies

An information security consultant is asked to make recommendations for a small business to protect the access to information, stored on network drives. The small business supports several government agencies that manage highly sensitive information. Which of the following recommendations is BEST to achieve this objective?

A. Develop and implement a security information and event monitoring system.

B. Develop and implement access management policies and procedures.

C. Develop and implement data center access policies and procedures.

D. Develop and implement a security operations center (SOC) for access monitoring.

Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network engineers have asked for assistance in identifying the root cause of the event. Which of the following is the MOST likely cause?

A. Smurf attack

B. Misconfigured routing protocol

C. Broadcast domain too large

D. Address spoofing

What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high-performance data reads and writes?

A. RAID-0

B. RAID-1

C. RAID-5

D. RAID-6

The Chief Information officer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud architecture. All business-critical data will be migrated to either internal or external cloud services within the next two years. The CIO has a PRIMARY obligation to work with personnel in which role in order to ensure proper protection of data during and after the cloud migration?

A. Chief Security officer (CSO)

B. Information owner

C. Chief Information Security officer (CISO)

D. General Counsel

Which of the following languages supports a modular program structure and was designed for military and real-time systems?

A. C++

B. Personal Home Page (PHP)

C. Ada

D. Java

An organization wants to define as physical perimeter. What primary device should be used to accomplish this objective if the organization's perimeter MUST cost- efficiently deter casual trespassers?

A. Fences three to four feet high with a turnstile

B. Fences six to seven feet high with a painted gate

C. Fences accompanied by patrolling security guards

D. Fences eight or more feet high with three strands of barbed wire