- Expert Veri8ed, Online, Free.

Prepare for your CISSP exam with additional products

Study Guide
2003 PDF Pages

$19.99
Buy Now

Video Course
62 Lectures

$19.99
Buy Now

 Custom View Settings

Topic 1 - Single Topic

Question #1 Topic 1

Physical assets de8ned in an organization's business impact analysis (BIA) could include which of the following?

A. Personal belongings of organizational staff members

B. Disaster recovery (DR) line-item revenues

C. Cloud-based applications

D. Supplies kept off-site a remote facility

Correct Answer: D

Community vote distribution

D (88%) 13%
Question #2 Topic 1

When assessing the audit capability of an application, which of the following activities is MOST important?

A. Identify procedures to investigate suspicious activity.

B. Determine if audit records contain su[cient information.

C. Verify if su[cient storage is allocated for audit records.

D. Review security plan for actions to be taken in the event of audit failure.

Correct Answer: C

Community vote distribution

B (76%) C (24%)

Question #3 Topic 1

An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions
for many users with similar job responsibilities. Which type of authorization mechanism would be the BEST choice for the organization to
implement?

A. Role-based access control (RBAC)

B. Discretionary access control (DAC)

C. Content-dependent Access Control

D. Rule-based Access Control

Correct Answer: A

Community vote distribution

A (100%)

Question #4 Topic 1

What is the PRIMARY reason for criminal law being di[cult to enforce when dealing with cybercrime?

A. Jurisdiction is hard to de8ne.

B. Law enforcement agencies are understaffed.

C. Extradition treaties are rarely enforced.

D. Numerous language barriers exist.

Correct Answer: A

Community vote distribution

A (100%)
Question #5 Topic 1

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?

A. Extensible Authentication Protocol (EAP)

B. Internet Protocol Security (IPsec)

C. Secure Sockets Layer (SSL)

D. Secure Shell (SSH)

Correct Answer: A

Community vote distribution

A (100%)

Question #6 Topic 1

Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing
system?

A. Reference monitor

B. Trusted Computing Base (TCB)

C. Time separation

D. Security kernel

Correct Answer: A

Community vote distribution

D (83%) Other

Question #7 Topic 1

What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?

A. Performance testing

B. Risk assessment

C. Security audit

D. Risk management

Correct Answer: D

Community vote distribution

D (100%)
Question #8 Topic 1

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use
common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process
eow between partner businesses to allow this IAM action?

A. Clothing retailer acts as User Self Service, con8rms identity of user using industry standards, then sends credentials to partner businesses
that act as a Service Provider and allows access to services.

B. Clothing retailer acts as identity provider (IdP), con8rms identity of user using industry standards, then sends credentials to partner
businesses that act as a Service Provider and allows access to services.

C. Clothing retailer acts as Service Provider, con8rms identity of user using industry standards, then sends credentials to partner businesses
that act as an identity provider (IdP) and allows access to resources.

D. Clothing retailer acts as Access Control Provider, con8rms access of user using industry standards, then sends credentials to partner
businesses that act as a Service Provider and allows access to resources.

Correct Answer: B

Community vote distribution

B (100%)

Question #9 Topic 1

Which of the following statements BEST describes least privilege principle in a cloud environment?

A. A single cloud administrator is con8gured to access core functions.

B. Internet tra[c is inspected for all incoming and outgoing packets.

C. Routing con8gurations are regularly updated with the latest routes.

D. Network segments remain private if unneeded to access the internet.

Correct Answer: D

Community vote distribution

A (50%) D (50%)

Question #10 Topic 1

An organization has been collecting a large amount of redundant and unusable data and 8lling up the storage area network (SAN). Management
has requested the identi8cation of a solution that will address ongoing storage problems. Which is the BEST technical solution?

A. Compression

B. Caching

C. Replication

D. Deduplication

Correct Answer: A

Community vote distribution

D (70%) A (30%)
Question #11 Topic 1

Which Wide Area Network (WAN) technology requires the 8rst router in the path to determine the full path the packet will travel, removing the need
for other routers in the path to make independent determinations?

A. Synchronous Optical Networking (SONET)

B. Multiprotocol Label Switching (MPLS)

C. Fiber Channel Over Ethernet (FCoE)

D. Session Initiation Protocol (SIP)

Correct Answer: B

Community vote distribution

B (100%)

Question #12 Topic 1

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

A. File Integrity Checker

B. Security information and event management (SIEM) system

C. Audit Logs

D. Intrusion detection system (IDS)

Correct Answer: A

Community vote distribution

A (58%) B (42%)

Question #13 Topic 1

Which of the following is included in change management?

A. Technical review by business owner

B. User Acceptance Testing (UAT) before implementation

C. Cost-bene8t analysis (CBA) after implementation

D. Business continuity testing

Correct Answer: D

Community vote distribution

D (52%) B (42%) 6%
Question #14 Topic 1

A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed.
The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would
provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?

A. Pinning

B. Single-pass wipe

C. Multi-pass wipes

D. Degaussing

Correct Answer: C

Community vote distribution

C (94%) 6%

Question #15 Topic 1

When reviewing vendor certi8cations for handling and processing of company data, which of the following is the BEST Service Organization
Controls (SOC) certi8cation for the vendor to possess?

A. SOC 1 Type 1

B. SOC 2 Type 1

C. SOC 2 Type 2

D. SOC 3

Correct Answer: C

Community vote distribution

C (100%)

Question #16 Topic 1

Which application type is considered high risk and provides a common way for malware and viruses to enter a network?

A. Instant messaging or chat applications

B. Peer-to-Peer (P2P) 8le sharing applications

C. E-mail applications

D. End-to-end applications

Correct Answer: B

Community vote distribution

B (100%)
Question #17 Topic 1

An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference
architecture would mobile devices be tracked?

A. 0

B. 1

C. 2

D. 3

Correct Answer: A

Community vote distribution

B (50%) D (23%) A (15%) 13%

Question #18 Topic 1

Which of the following is the BEST way to protect an organization's data assets?

A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.

B. Monitor and enforce adherence to security policies.

C. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).

D. Create the Demilitarized Zone (DMZ) with proxies, 8rewalls and hardened bastion hosts.

Correct Answer: A

Community vote distribution

A (50%) B (50%)

Question #19 Topic 1

Within a large organization, what business unit is BEST positioned to initiate provisioning and deprovisioning of user accounts?

A. Training department

B. Internal audit

C. Human resources

D. Information technology (IT)

Correct Answer: C

Community vote distribution

C (92%) 8%
Question #20 Topic 1

Which of the following is the PRIMARY purpose of installing a mantrap within a facility?

A. Control tra[c

B. Control air eow

C. Prevent piggybacking

D. Prevent rapid movement

Correct Answer: C

Community vote distribution

C (100%)

Question #21 Topic 1

In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?

A. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management
review.

B. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and
determine and authorize actions for remediation and improvement.

C. Ensure the business continuity policy, controls, processes, and procedures have been implemented.

D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity
have been established.

Correct Answer: C

Community vote distribution

C (57%) B (40%)
%

Question #22 Topic 1

What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a
security assessment?

A. Service Organization Control (SOC) 1 Type 2

B. Service Organization Control (SOC) 1 Type 1

C. Service Organization Control (SOC) 2 Type 2

D. Service Organization Control (SOC) 2 Type 1

Correct Answer: D

Community vote distribution

D (88%) 12%
Question #23 Topic 1

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the
organization?

A. Organization loses control of their network devices.

B. Network is eooded with communication tra[c by the attacker.

C. Network management communications is disrupted.

D. Attacker accesses sensitive information regarding the network topology.

Correct Answer: A

Community vote distribution

A (80%) D (20%)

Question #24 Topic 1

Which reporting type requires a service organization to describe its system and de8ne its control objectives and controls that are relevant to users'
internal control over 8nancial reporting?

A. Statement on Auditing Standards (SAS) 70

B. Service Organization Control 1 (SOC1)

C. Service Organization Control 2 (SOC2)

D. Service Organization Control 3 (SOC3)

Correct Answer: B

Community vote distribution

B (87%) 13%

Question #25 Topic 1

Which of the following is the BEST method to validate secure coding techniques against injection and overeow attacks?

A. Scheduled team review of coding style and techniques for vulnerability patterns

B. The regular use of production code routines from similar applications already in use

C. Using automated programs to test for the latest known vulnerability patterns

D. Ensure code editing tools are updated against known vulnerability patterns

Correct Answer: C

Community vote distribution

C (78%) A (22%)
Question #26 Topic 1

When resolving ethical coneicts, the information security professional MUST consider many factors. In what order should the considerations be
prioritized?

A. Public safety, duties to individuals, duties to the profession, and duties to principals

B. Public safety, duties to principals, duties to the profession, and duties to individuals

C. Public safety, duties to principals, duties to individuals, and duties to the profession

D. Public safety, duties to the profession, duties to principals, and duties to individuals

Correct Answer: B

Community vote distribution

C (71%) 14% Other

Question #27 Topic 1

Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving
customer service?

A. Kanban

B. Lean Six Sigma

C. Information Technology Service Management (ITSM)

D. Information Technology Infrastructure Library (ITIL)

Correct Answer: D

Community vote distribution

D (68%) C (32%)

Question #28 Topic 1

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided
to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?

A. In-house team lacks resources to support an on-premise solution.

B. Third-party solutions are inherently more secure.

C. Third-party solutions are known for transferring the risk to the vendor.

D. In-house development provides more control.

Correct Answer: A

Community vote distribution

A (67%) C (24%) 10%
Question #29 Topic 1

An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to
obtain the information when a user's browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?

A. SQL injection (SQLi)

B. Extensible Markup Language (XML) external entities

C. Cross-Site Scripting (XSS)

D. Cross-Site Request Forgery (CSRF)

Correct Answer: C

Community vote distribution

C (100%)

Question #30 Topic 1

An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim's existing browser
session with a web application is an example of which of the following types of attack?

A. Clickjacking

B. Cross-site request forgery (CSRF)

C. Cross-Site Scripting (XSS)

D. Injection

Correct Answer: C

Community vote distribution

B (87%) 13%

Question #31 Topic 1

Which of the following encryption technologies has the ability to function as a stream cipher?

A. Cipher Block Chaining (CBC) with error propagation

B. Electronic Code Book (ECB)

C. Cipher Feedback (CFB)

D. Feistel cipher

Correct Answer: C

Community vote distribution

C (100%)
Question #32 Topic 1

In a disaster recovery (DR) test, which of the following would be a trait of crisis management?

A. Process

B. Anticipate

C. Strategic

D. Wide focus

Correct Answer: B

Community vote distribution

A (50%) B (33%) D (17%)

Question #33 Topic 1

Which of the following BEST describes the purpose of the reference monitor when de8ning access control to enforce the security model?

A. Strong operational security to keep unit members safe

B. Policies to validate organization rules

C. Cyber hygiene to ensure organizations can keep systems healthy

D. Quality design principles to ensure quality by design

Correct Answer: B

Community vote distribution

B (70%) A (20%) 10%

Question #34 Topic 1

Which of the following is security control volatility?

A. A reference to the impact of the security control.

B. A reference to the likelihood of change in the security control.

C. A reference to how unpredictable the security control is.

D. A reference to the stability of the security control.

Correct Answer: C

Community vote distribution

B (100%)
Question #35 Topic 1

When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?

A. Planning

B. Risk assessment

C. Due diligence

D. Requirements

Correct Answer: C

Community vote distribution

A (42%) D (40%) Other

Question #36 Topic 1

What is the term used to de8ne where data is geographically stored in the cloud?

A. Data privacy rights

B. Data sovereignty

C. Data warehouse

D. Data subject rights

Correct Answer: B

Community vote distribution

B (100%)

Question #37 Topic 1

Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

A. Proper security controls, security objectives, and security goals are properly initiated.

B. Security objectives, security goals, and system test are properly conducted.

C. Proper security controls, security goals, and fault mitigation are properly conducted.

D. Security goals, proper security controls, and validation are properly initiated.

Correct Answer: D

Community vote distribution

A (79%) D (21%)
Question #38 Topic 1

Which of the following is MOST important to follow when developing information security controls for an organization?

A. Use industry standard best practices for security controls in the organization.

B. Exercise due diligence with regard to all risk management information to tailor appropriate controls.

C. Review all local and international standards and choose the most stringent based on location.

D. Perform a risk assessment and choose a standard that addresses existing gaps.

Correct Answer: C

Community vote distribution

B (65%) C (24%) 12%

Question #39 Topic 1

When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?

A. The RPO is the minimum amount of data that needs to be recovered.

B. The RPO is the amount of time it takes to recover an acceptable percentage of data lost.

C. The RPO is a goal to recover a targeted percentage of data lost.

D. The RPO is the maximum amount of time for which loss of data is acceptable.

Correct Answer: D

Community vote distribution

D (89%) 11%

Question #40 Topic 1

Which of the following attacks, if successful, could give an intruder complete control of a software-de8ned networking (SDN) architecture?

A. A brute force password attack on the Secure Shell (SSH) port of the controller

B. Sending control messages to open a eow that does not pass a 8rewall from a compromised host within the network

C. Remote Authentication Dial-In User Service (RADIUS) token replay attack

D. Sni[ng the tra[c of a compromised host inside the network

Correct Answer: B

Community vote distribution

B (50%) A (43%) 7%
Question #41 Topic 1

Which of the following is the BEST option to reduce the network attack surface of a system?

A. Disabling unnecessary ports and services

B. Ensuring that there are no group accounts on the system

C. Uninstalling default software on the system

D. Removing unnecessary system user accounts

Correct Answer: A

Community vote distribution

A (100%)

Question #42 Topic 1

The security architect is designing and implementing an internal certi8cation authority to generate digital certi8cates for all employees. Which of
the following is the
BEST solution to securely store the private keys?

A. Physically secured storage device

B. Trusted Platform Module (TPM)

C. Encrypted eash drive

D. Public key infrastructure (PKI)

Correct Answer: B

Community vote distribution

B (56%) D (28%) A (16%)

Question #43 Topic 1

The existence of physical barriers, card and personal identi8cation number (PIN) access systems, cameras, alarms, and security guards BEST
describes this security approach?

A. Access control

B. Security information and event management (SIEM)

C. Defense-in-depth

D. Security perimeter

Correct Answer: D

Community vote distribution

D (46%) C (44%) 10%
Question #44 Topic 1

A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?

A. Purpose speci8cation

B. Collection limitation

C. Use limitation

D. Individual participation

Correct Answer: A

Community vote distribution

D (84%) A (16%)

Question #45 Topic 1

A colleague who recently left the organization asked a security professional for a copy of the organization's con8dential incident management
policy. Which of the following is the BEST response to this request?

A. Access the policy on a company-issued device and let the former colleague view the screen.

B. E-mail the policy to the colleague as they were already part of the organization and familiar with it.

C. Do not acknowledge receiving the request from the former colleague and ignore them.

D. Submit the request using company o[cial channels to ensure the policy is okay to distribute.

Correct Answer: C

Community vote distribution

D (68%) C (32%)

Question #46 Topic 1

Which of the following BEST describes when an organization should conduct a black box security audit on a new software protect?

A. When the organization wishes to check for non-functional compliance

B. When the organization wants to enumerate known security vulnerabilities across their infrastructure

C. When the organization is con8dent the 8nal source code is complete

D. When the organization has experienced a security incident

Correct Answer: C

Community vote distribution

C (71%) A (21%) 7%
Question #47 Topic 1

In software development, which of the following entities normally signs the code to protect the code integrity?

A. The organization developing the code

B. The quality control group

C. The developer

D. The data owner

Correct Answer: A

Community vote distribution

C (50%) A (50%)

Question #48 Topic 1

Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?

A. Field-level tokenization

B. Web application vulnerability scanners

C. Runtime application self-protection (RASP)

D. Security Assertion Markup Language (SAML)

Correct Answer: B

Community vote distribution

C (88%) 13%

Question #49 Topic 1

A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against
common vulnerabilities and attacks. What is the MOST e[cient option used to prevent buffer overeow attacks?

A. Access control mechanisms

B. Process isolation

C. Address Space Layout Randomization (ASLR)

D. Processor states

Correct Answer: C

Community vote distribution

C (91%) 9%
Question #50 Topic 1

In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system.
The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to
quarterly access reviews?

A. Implement bi-annual reviews.

B. Create policies for system access.

C. Implement and review risk-based alerts.

D. Increase logging levels.

Correct Answer: B

Community vote distribution

B (61%) C (39%)

Question #51 Topic 1

A corporation does not have a formal data destruction policy. During which phase of a criminal legal proceeding will this have the MOST impact?

A. Sentencing

B. Trial

C. Discovery

D. Arraignment

Correct Answer: C

Community vote distribution

C (83%) Other

Question #52 Topic 1

What is considered the BEST explanation when determining whether to provide remote network access to a third-party security service?

A. Contract negotiation

B. Supplier request

C. Business need

D. Vendor demonstration

Correct Answer: A

Community vote distribution

C (81%) A (19%)
Question #53 Topic 1

The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?

A. Collection Limitation Principle

B. Openness Principle

C. Purpose Speci8cation Principle

D. Data Quality Principle

Correct Answer: A

Community vote distribution

A (92%) 8%

Question #54 Topic 1

Which of the following is the MOST appropriate control for asset data labeling procedures?

A. Categorizing the types of media being used

B. Logging data media to provide a physical inventory control

C. Reviewing off-site storage access controls

D. Reviewing audit trails of logging records

Correct Answer: A

Community vote distribution

A (62%) D (38%)

Question #55 Topic 1

What is the BEST approach to anonymizing personally identi8able information (PII) in a test environment?

A. Swapping data

B. Randomizing data

C. Encoding data

D. Encrypting data

Correct Answer: D

Community vote distribution

B (55%) A (26%) D (19%)
Question #56 Topic 1

Which of the following departments initiates the request, approval, and provisioning business process?

A. Operations

B. Security

C. Human resources (HR)

D. Information technology (IT)

Correct Answer: A

Community vote distribution

A (67%) C (33%)

Question #57 Topic 1

An organization is setting a security assessment scope with the goal of developing a Security Management Program (SMP). The next step is to
select an approach for conducting the risk assessment. Which of the following approaches is MOST effective for the SMP?

A. Security controls driven assessment that focuses on controls management

B. Business processes based risk assessment with a focus on business goals

C. Asset driven risk assessment with a focus on the assets

D. Data driven risk assessment with a focus on data

Correct Answer: D

Community vote distribution

C (41%) B (39%) D (18%)
%

Question #58 Topic 1

Which technique helps system designers consider potential security concerns of their systems and applications?

A. Threat modeling

B. Manual inspections and reviews

C. Source code review

D. Penetration testing

Correct Answer: A

Community vote distribution

A (100%)
Question #59 Topic 1

A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of
the following controls in place?

A. Network segmentation

B. Blacklisting application

C. Whitelisting application

D. Hardened con8guration

Correct Answer: D

Community vote distribution

D (48%) A (43%) 9%

Question #60 Topic 1

Which of the following BEST describes centralized identity management?

A. Service providers perform as both the credential and identity provider (IdP).

B. Service providers identify an entity by behavior analysis versus an identi8cation factor.

C. Service providers agree to integrate identity system recognition across organizational boundaries.

D. Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identi8ers.

Correct Answer: C

Community vote distribution

C (41%) D (36%) A (23%)

Question #61 Topic 1

What is the MOST signi8cant bene8t of role-based access control (RBAC)?

A. Reduces inappropriate access

B. Management of least privilege

C. Most granular form of access control

D. Reduction in authorization administration overhead

Correct Answer: D

Community vote distribution

B (61%) D (39%)
Question #62 Topic 1

What is the MOST common security risk of a mobile device?

A. Data spoo8ng

B. Malware infection

C. Insecure communications link

D. Data leakage

Correct Answer: B

Community vote distribution

D (56%) B (44%)

Question #63 Topic 1

What level of Redundant Array of Independent Disks (RAID) is con8gured PRIMARILY for high-performance data reads and writes?

A. RAID-0

B. RAID-1

C. RAID-5

D. RAID-6

Correct Answer: A

Community vote distribution

A (100%)

Question #64 Topic 1

What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?

A. Control risk

B. Demand risk

C. Supply risk

D. Process risk

Correct Answer: D

Community vote distribution

D (100%)
Question #65 Topic 1

International bodies established a regulatory scheme that de8nes how weapons are exchanged between the signatories. It also addresses cyber
weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of
the following?

A. International Tra[c in Arms Regulations (ITAR)

B. Palermo convention

C. Wassenaar arrangement

D. General Data Protection Regulation (GDPR)

Correct Answer: C

Community vote distribution

C (100%)

Question #66 Topic 1

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information
Security O[cer
(CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC)
capability BEST meets this objective?

A. Port security

B. Two-factor authentication (2FA)

C. Strong passwords

D. Application 8rewall

Correct Answer: B

Community vote distribution

A (67%) B (33%)

Question #67 Topic 1

Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?

A. Findings de8nition section

B. Risk review section

C. Executive summary with full details

D. Key 8ndings section

Correct Answer: D

Community vote distribution

D (54%) A (31%) B (15%)
Question #68 Topic 1

Why is data classi8cation control important to an organization?

A. To enable data discovery

B. To ensure security controls align with organizational risk appetite

C. To ensure its integrity, con8dentiality and availability

D. To control data retention in alignment with organizational policies and regulation

Correct Answer: B

Community vote distribution

C (51%) B (46%)
%

Question #69 Topic 1

To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control?

A. Fencing around the facility with closed-circuit television (CCTV) cameras at all entry points

B. Ground sensors installed and reporting to a security event management (SEM) system

C. Regular sweeps of the perimeter, including manual inspection of the cable ingress points

D. Steel casing around the facility ingress points

Correct Answer: C

Community vote distribution

B (65%) A (18%) C (18%)

Question #70 Topic 1

An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following
statements is TRUE about the baseline cybersecurity standard?

A. It should be expressed as general requirements.

B. It should be expressed as technical requirements.

C. It should be expressed in business terminology.

D. It should be expressed in legal terminology.

Correct Answer: B

Community vote distribution

B (57%) A (29%) 14%
Question #71 Topic 1

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the
operational or situational context, and a set of policies speci8ed in terms of those features and context?

A. Mandatory Access Control (MAC)

B. Attribute Based Access Control (ABAC)

C. Role Based Access Control (RBAC)

D. Discretionary Access Control (DAC)

Correct Answer: B

Community vote distribution

B (86%) 14%

Question #72 Topic 1

What is a security concern when considering implementing software-de8ned networking (SDN)?

A. It has a decentralized architecture.

B. It increases the attack footprint.

C. It uses open source protocols.

D. It is cloud based.

Correct Answer: B

Community vote distribution

B (92%) 8%

Question #73 Topic 1

What is the BEST way to restrict access to a 8le system on computing systems?

A. Use least privilege at each level to restrict access.

B. Restrict access to all users.

C. Allow a user group to restrict access.

D. Use a third-party tool to restrict access.

Correct Answer: A

Community vote distribution

A (100%)
Question #74 Topic 1

Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?

A. Avoid lengthy audit reports

B. Enable generation of corrective action reports

C. Facilitate a root cause analysis (RCA)

D. Lower costs throughout the System Development Life Cycle (SDLC)

Correct Answer: B

Community vote distribution

C (77%) B (23%)

Question #75 Topic 1

What is the correct order of execution for security architecture?

A. Governance, strategy and program management, operations, project delivery

B. Governance, strategy and program management, project delivery, operations

C. Strategy and program management, project delivery, governance, operations

D. Strategy and program management, governance, project delivery, operations

Correct Answer: C

Community vote distribution

B (77%) C (23%)

Question #76 Topic 1

An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the
following compliance standards should the organization use to assess the international code security and data privacy of the solution?

A. Service Organization Control (SOC) 2

B. Information Assurance Technical Framework (IATF)

C. Health Insurance Portability and Accountability Act (HIPAA)

D. Payment Card Industry (PCI)

Correct Answer: B

Community vote distribution

A (96%)
%
Question #77 Topic 1

An authentication system that uses challenge and response was recently implemented on an organization's network, because the organization
conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was
MOST likely used to achieve this?

A. Hash collision

B. Pass the ticket

C. Brute force

D. Cross-Site Scripting (XSS)

Correct Answer: B

Community vote distribution

B (73%) A (27%)

Question #78 Topic 1

Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation (GDPR)?

A. For the establishment, exercise, or defense of legal claims

B. The personal data has been lawfully processed and collected

C. For the reasons of private interest

D. The personal data remains necessary to the purpose for which it was collected

Correct Answer: A

Community vote distribution

A (100%)

Question #79 Topic 1

Dumpster diving is a technique used in which stage of penetration testing methodology?

A. Attack

B. Reporting

C. Planning

D. Discovery

Correct Answer: D

Community vote distribution

D (100%)
Question #80 Topic 1

Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social
engineering attacks?

A. Employee evaluation of the training program

B. Internal assessment of the training program's effectiveness

C. Multiple choice tests to participants

D. Management control of reviews

Correct Answer: B

Community vote distribution

B (73%) A (18%) 9%

Question #81 Topic 1

The security team is noti8ed that a device on the network is infected with malware. Which of the following is MOST effective in enabling the
device to be quickly located and remediated?

A. Data loss protection (DLP)

B. Intrusion detection

C. Vulnerability scanner

D. Information Technology Asset Management (ITAM)

Correct Answer: D

Community vote distribution

D (100%)

Question #82 Topic 1

Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?

A. Distributed denial-of-service (DDoS) attack

B. Advanced persistent threat (APT) attempt

C. Zero-day attack

D. Phishing attempt

Correct Answer: C

Community vote distribution

B (55%) C (38%) 7%
Question #83 Topic 1

As a design principle, which one of the following actors is responsible for identifying and approving data security requirement in a cloud
ecosystem?

A. Cloud auditor

B. Cloud broker

C. Cloud provider

D. Cloud consumer

Correct Answer: C

Community vote distribution

D (86%) 14%

Question #84 Topic 1

Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization's
approved policies before being allowed on the network?

A. Network Access Control (NAC)

B. Privileged Access Management (PAM)

C. Group Policy Object (GPO)

D. Mobile Device Management (MDM)

Correct Answer: A

Community vote distribution

A (73%) D (27%)

Question #85 Topic 1

Which one of the following BEST protects vendor accounts that are used for emergency maintenance?

A. Vendor access should be disabled until needed

B. Frequent monitoring of vendor access

C. Role-based access control (RBAC)

D. Encryption of routing tables

Correct Answer: C

Community vote distribution

C (55%) A (45%)
Question #86 Topic 1

Which event magnitude is de8ned as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?

A. Crisis

B. Catastrophe

C. Accident

D. Disaster

Correct Answer: C

Community vote distribution

D (50%) B (50%)

Question #87 Topic 1

Which of the following BEST describes the purpose of software forensics?

A. To analyze possible malicious intent of malware

B. To perform cyclic redundancy check (CRC) veri8cation and detect changed applications

C. To determine the author and behavior of the code

D. To review program code to determine the existence of backdoors

Correct Answer: C

Community vote distribution

C (77%) A (15%) 8%

Question #88 Topic 1

A web developer is completing a new web application security checklist before releasing the application to production. The task of disabling
unnecessary services is on the checklist. Which web application threat is being mitigated by this action?

A. Session hijacking

B. Security miscon8guration

C. Broken access control

D. Sensitive data exposure

Correct Answer: B

Community vote distribution

B (83%) C (17%)
Question #89 Topic 1

What is the BEST method to use for assessing the security impact of acquired software?

A. Threat modeling

B. Common vulnerability review

C. Software security compliance validation

D. Vendor assessment

Correct Answer: A

Community vote distribution

A (100%)

Question #90 Topic 1

Which of the following ensures old log data is not overwritten?

A. Log retention

B. Implement Syslog

C. Increase log 8le size

D. Log preservation

Correct Answer: C

Community vote distribution

A (45%) D (42%) 12%

Question #91 Topic 1

Under the General Data Protection Regulation (GDPR), what is the maximum amount of time allowed for reporting a personal data breach?

A. 24 hours

B. 48 hours

C. 72 hours

D. 96 hours

Correct Answer: C

Community vote distribution

C (100%)
Question #92 Topic 1

A 8nancial organization that works according to agile principles has developed a new application for their external customer base to request a line
of credit. A security analyst has been asked to assess the security risk of the minimum viable product (MVP). Which is the MOST important
activity the analyst should assess?

A. The software has been signed off for release by the product owner.

B. The software had been branded according to corporate standards.

C. The software has the correct functionality.

D. The software has been code reviewed.

Correct Answer: D

Community vote distribution

D (72%) A (17%) 11%

Question #93 Topic 1

An application developer receives a report back from the security team showing their automated tools were able to successfully enter unexpected
data into the organization's customer service portal, causing the site to crash. This is an example of which type of testing?

A. Performance

B. Positive

C. Non-functional

D. Negative

Correct Answer: D

Community vote distribution

D (83%) B (17%)

Question #94 Topic 1

Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?

A. Design networks with the ability to adapt, recon8gure, and fail over.

B. Test business continuity and disaster recovery (DR) plans.

C. Follow security guidelines to prevent unauthorized network access.

D. Implement network segmentation to achieve robustness.

Correct Answer: C

Community vote distribution

C (44%) A (36%) D (16%)
%
Question #95 Topic 1

What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?

A. Policy creation

B. Information Rights Management (IRM)

C. Data classi8cation

D. Con8guration management (CM)

Correct Answer: C

Community vote distribution

C (70%) A (20%) 10%

Question #96 Topic 1

Which change management role is responsible for the overall success of the project and supporting the change throughout the organization?

A. Change driver

B. Project manager

C. Program sponsor

D. Change implementer

Correct Answer: B

Community vote distribution

C (53%) B (35%) 12%

Question #97 Topic 1

A company needs to provide shared access of sensitive data on a cloud storage to external business partners. Which of the following identity
models is the BEST to blind identity providers (IdP) and relying parties (RP) so that subscriber lists of other parties are not disclosed?

A. Proxied federation

B. Dynamic registration

C. Federation authorities

D. Static registration

Correct Answer: C

Community vote distribution

A (100%)
Question #98 Topic 1

A security professional needs to 8nd a secure and e[cient method of encrypting data on an endpoint. Which solution includes a root key?

A. Bitlocker

B. Trusted Platform Module (TPM)

C. Virtual storage array network (VSAN)

D. Hardware security module (HSM)

Correct Answer: B

Community vote distribution

B (47%) D (32%) A (21%)

Question #99 Topic 1

Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-
legacy systems?

A. Di[e-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature:
Digital Signature Algorithm (DSA) (>=2048 bits)

B. Di[e-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature:
Rivest-Shamir-Adleman (RSA) (1024 bits)

C. Di[e-hellman (DH) key exchange: DH (<=1024 bits) Symmetric Key: Blow8sh Digital Signature: Rivest-Shamir-Adleman (RSA) (>=2048 bits)

D. Di[e-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) < 128 bits Digital Signature:
Elliptic Curve Digital Signature Algorithm (ECDSA) (>=256 bits)

Correct Answer: B

Community vote distribution

A (83%) B (17%)

Question #100 Topic 1

What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?

A. Measure the effect of the program on the organization's workforce.

B. Make all stakeholders aware of the program's progress.

C. Facilitate supervision of periodic training events.

D. Comply with legal regulations and document due diligence in security practices.

Correct Answer: A

Community vote distribution

A (75%) D (25%)
Question #101 Topic 1

In a DevOps environment, which of the following actions is MOST necessary to have con8dence in the quality of the changes being made?

A. Prepare to take corrective actions quickly.

B. Automate functionality testing.

C. Review logs for any anomalies.

D. Receive approval from the change review board.

Correct Answer: D

Community vote distribution

D (50%) B (46%)
%

Question #102 Topic 1

What is the MAIN purpose of a security assessment plan?

A. Provide education to employees on security and privacy, to ensure their awareness on policies and procedures.

B. Provide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments.

C. Provide guidance on security requirements, to ensure the identi8ed security risks are properly addressed based on the recommendation.

D. Provide technical information to executives to help them understand information security postures and secure funding.

Correct Answer: B

Community vote distribution

B (89%) 11%

Question #103 Topic 1

What documentation is produced FIRST when performing an effective physical loss control process?

A. Deterrent controls list

B. Security standards list

C. Asset valuation list

D. Inventory list

Correct Answer: C

Community vote distribution

D (77%) C (23%)
Question #104 Topic 1

Which organizational department is ultimately responsible for information governance related to e-mail and other e-records?

A. Legal

B. Audit

C. Compliance

D. Security

Correct Answer: A

Community vote distribution

A (63%) C (38%)

Question #105 Topic 1

A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs
for the period of three months. The audit logging gene has extremely high amount of logs. What is the MOST appropriate strategy for the log
retention?

A. Keep all logs in an online storage.

B. Keep last week's logs in an online storage and the rest in an oqine storage.

C. Keep last week's logs in an online storage and the rest in a near-line storage.

D. Keep all logs in an oqine storage.

Correct Answer: B

Community vote distribution

C (71%) B (29%)

Question #106 Topic 1

In Federated Identity Management (FIM), which of the following represents the concept of federation?

A. Collection, maintenance, and deactivation of user objects and attributes in one or more systems, directories or applications

B. Collection of information logically grouped into a single entity

C. Collection of information for common identities in a system

D. Collection of domains that have established trust among themselves

Correct Answer: A

Community vote distribution

D (81%) A (19%)
Question #107 Topic 1

Which of the following is an indicator that a company's new user security awareness training module has been effective?

A. There are more secure connections to internal e-mail servers.

B. More incidents of phishing attempts are being reported.

C. Fewer incidents of phishing attempts are being reported.

D. There are more secure connections to the internal database servers.

Correct Answer: C

Community vote distribution

B (67%) C (33%)

Question #108 Topic 1

An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST
signi8cant challenge?

A. IM clients can interoperate between multiple vendors.

B. IM clients can run as executables that do not require installation.

C. IM clients can utilize random port numbers.

D. IM clients can run without administrator privileges.

Correct Answer: A

Community vote distribution

C (88%) 12%

Question #109 Topic 1

Using the cipher text and resultant cleartext message to derive the monoalphabetic cipher key is an example of which method of cryptanalytic
attack?

A. Known-plaintext attack

B. Ciphertext-only attack

C. Frequency analysis

D. Probable-plaintext attack

Correct Answer: A

Community vote distribution

A (70%) C (20%) 10%
Question #110 Topic 1

When developing an organization's information security budget, it is important that the:

A. requested funds are at an equal amount to the expected cost of breaches.

B. expected risk can be managed appropriately with the funds allocated.

C. requested funds are part of a shared funding pool with other areas.

D. expected risk to the organization does not exceed the funds allocated.

Correct Answer: B

Community vote distribution

B (100%)

Question #111 Topic 1

A subscription service which provides power, climate control, raised eooring, and telephone wiring but NOT the computer and peripheral
equipment is BEST described as a:

A. cold site.

B. warm site.

C. hot site.

D. reciprocal site.

Correct Answer: B

Community vote distribution

A (88%) 13%

Question #112 Topic 1

An international trading organization that holds an International Organization for Standardization (ISO) 27001 certi8cation is seeking to outsource
their security monitoring to a managed security service provider (MSSP). The trading organization's security o[cer is tasked with drafting the
requirements that need to be included in the outsourcing contract. Which of the following MUST be included in the contract?

A. A detailed overview of all equipment involved in the outsourcing contract

B. The right to perform security compliance tests on the MSSP's equipment

C. The MSSP having an executive manager responsible for information security

D. The right to audit the MSSP's security process

Correct Answer: A

Community vote distribution

D (94%) 6%
Question #113 Topic 1

Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?

A. Hashing

B. Message digest (MD)

C. Symmetric

D. Asymmetric

Correct Answer: A

Community vote distribution

D (69%) A (31%)

Question #114 Topic 1

What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?

A. Two-factor authentication

B. Reusable tokens for application level authentication

C. High performance encryption algorithms

D. Secure Sockets Layer (SSL) for all communications

Correct Answer: A

Community vote distribution

A (100%)

Question #115 Topic 1

Which of the following is MOST appropriate to collect evidence of a zero-day attack?

A. Honeypot

B. Antispam

C. Antivirus

D. Firewall

Correct Answer: A

Community vote distribution

A (100%)
Question #116 Topic 1

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?

A. Information may be found on hidden vendor patches.

B. The actual origin and tools used for the test can be hidden.

C. Information may be found on related breaches and hacking.

D. Vulnerabilities can be tested without impact on the tested environment.

Correct Answer: C

Community vote distribution

C (100%)

Question #117 Topic 1

The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application.
What security control is MOST likely to be violated?

A. Change management

B. Separation of environments

C. Program management

D. Mobile code controls

Correct Answer: A

Community vote distribution

A (72%) C (28%)

Question #118 Topic 1

Which of the following criteria ensures information is protected relative to its importance to the organization?

A. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modi8cation

B. The value of the data to the organization's senior management

C. Organizational stakeholders, with classi8cation approved by the management board

D. Legal requirements determined by the organization headquarters' location

Correct Answer: A

Community vote distribution

A (90%) 10%
Question #119 Topic 1

What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?

A. Collect the security-related information required for metrics, assessments, and reporting.

B. Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.

C. De8ne an ISCM strategy based on risk tolerance.

D. Establish an ISCM technical architecture.

Correct Answer: C

Community vote distribution

C (100%)

Question #120 Topic 1

An organization has requested storage area network (SAN) disks for a new project. What Redundant Array of Independent Disks (RAID) level
provides the BEST redundancy and fault tolerance?

A. RAID level 1

B. RAID level 3

C. RAID level 4

D. RAID level 5

Correct Answer: D

Community vote distribution

D (66%) A (34%)

Question #121 Topic 1

Compared to a traditional network, which of the following is a security-related bene8t that software-de8ned networking (SDN) provides?

A. Centralized network provisioning

B. Reduced network latency when scaled

C. Centralized network administrative control

D. Reduced hardware footprint and cost

Correct Answer: C

Community vote distribution

C (100%)
Question #122 Topic 1

What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?

A. Warn users of a breach.

B. Reset all passwords.

C. Segment the network.

D. Shut down the network.

Correct Answer: C

Community vote distribution

C (64%) D (23%) 14%

Question #123 Topic 1

Which of the following is a common term for log reviews, synthetic transactions, and code reviews?

A. Application development

B. Spiral development functional testing

C. Security control testing

D. DevOps Integrated Product Team (IPT) development

Correct Answer: C

Community vote distribution

C (100%)

Question #124 Topic 1

A database server for a 8nancial application is scheduled for production deployment. Which of the following controls will BEST prevent
tampering?

A. Data sanitization

B. Data validation

C. Service accounts removal

D. Logging and monitoring

Correct Answer: B

Community vote distribution

B (93%) 7%
Question #125 Topic 1

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware
speci8cally propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks
controlled by an internal Supervisory
Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response
(IR) and recovery.
Which of the following is the MOST challenging aspect of this investigation?

A. Group policy implementation

B. SCADA network latency

C. Physical access to the system

D. Volatility of data

Correct Answer: C

Community vote distribution

D (58%) C (42%)

Question #126 Topic 1

What term is commonly used to describe hardware and software assets that are stored in a con8guration management database (CMDB)?

A. Con8guration item

B. Con8guration element

C. Ledger item

D. Asset register

Correct Answer: A

Community vote distribution

A (100%)

Question #127 Topic 1

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud
infrastructure?

A. Implement software-de8ned networking (SDN) to provide the ability to apply high-level policies to shape and reorder network tra[c based
on users, devices and applications.

B. Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.

C. Implement software-de8ned networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data
planes.

D. Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.

Correct Answer: A

Community vote distribution

A (71%) 14% 14%
Question #128 Topic 1

Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely
provides Voice over
Internet Protocol (VoIP) services?

A. Mean time to repair (MTTR)

B. Quality of Service (QoS) between applications

C. Financial penalties in case of disruption

D. Availability of network services

Correct Answer: B

Community vote distribution

B (55%) D (45%)

Question #129 Topic 1

A company hired an external vendor to perform a penetration test of a new payroll system. The company's internal test team had already
performed an in-depth application and security test of the system and determined that it met security requirements. However, the external vendor
uncovered signi8cant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the
MOST likely cause of the security issues?

A. Inadequate performance testing

B. Inadequate application level testing

C. Failure to perform negative testing

D. Failure to perform interface testing

Correct Answer: B

Community vote distribution

D (79%) B (21%)

Question #130 Topic 1

An organization wants to de8ne as physical perimeter. What primary device should be used to accomplish this objective if the organization's
perimeter MUST cost- e[ciently deter casual trespassers?

A. Fences three to four feet high with a turnstile

B. Fences six to seven feet high with a painted gate

C. Fences accompanied by patrolling security guards

D. Fences eight or more feet high with three strands of barbed wire

Correct Answer: D

Community vote distribution

A (73%) D (27%)
Question #131 Topic 1

Which of the following vulnerabilities can be BEST detected using automated analysis?

A. Multi-step process attack vulnerabilities

B. Business logic eaw vulnerabilities

C. Valid cross-site request forgery (CSRF) vulnerabilities

D. Typical source code vulnerabilities

Correct Answer: D

Community vote distribution

D (100%)

Question #132 Topic 1

A project manager for a large software 8rm has acquired a government contract that generates large amounts of Controlled Unclassi8ed
Information (CUI). The organization's information security manager had received a request to transfer project-related CUI between systems of
differing security classi8cations. What role provides the authoritative guidance for this transfer?

A. PM

B. Information owner

C. Data Custodian

D. Mission/Business Owner

Correct Answer: C

Community vote distribution

B (63%) C (30%) 7%

Question #133 Topic 1

Which of the following determines how tra[c should eow based on the status of the infrastructure layer?

A. Control plane

B. Application plane

C. Tra[c plane

D. Data plane

Correct Answer: D

Community vote distribution

A (91%) 9%
Question #134 Topic 1

When testing password strength, which of the following is the BEST method for brute forcing passwords?

A. Conduct an oqine attack on the hashed password information.

B. Use a comprehensive list of words to attempt to guess the password.

C. Use social engineering methods to attempt to obtain the password.

D. Conduct an online password attack until the account being used is locked.

Correct Answer: A

Community vote distribution

A (74%) B (23%)
%

Question #135 Topic 1

Which of the following is the name of an individual or group that is impacted by a change?

A. Change agent

B. End User

C. Stakeholder

D. Sponsor

Correct Answer: B

Community vote distribution

C (53%) B (47%)

Question #136 Topic 1

The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational
measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?

A. Never to store personal data of EU citizens outside the EU

B. Data masking and encryption of personal data

C. Only to use encryption protocols approved by EU

D. Anonymization of personal data when transmitted to sources outside the EU

Correct Answer: B

Community vote distribution

B (77%) A (23%)
Question #137 Topic 1

What is the PRIMARY bene8t of incident reporting and computer crime investigations?

A. Complying with security policy

B. Repairing the damage and preventing future occurrences

C. Providing evidence to law enforcement

D. Appointing a computer emergency response team

Correct Answer: C

Community vote distribution

B (53%) C (40%) 3%

Question #138 Topic 1

Which of the following is the MOST common method of memory protection?

A. Error correction

B. Virtual local area network (VLAN) tagging

C. Segmentation

D. Compartmentalization

Correct Answer: C

Community vote distribution

C (100%)

Question #139 Topic 1

What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?

A. Source code review

B. Threat modeling

C. Penetration testing

D. Manual inspections and reviews

Correct Answer: B

Community vote distribution

B (94%) 6%
Question #140 Topic 1

Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web
privately?

A. Store information about browsing activities on the personal device.

B. Prevent information about browsing activities from being stored on the personal device.

C. Prevent information about browsing activities from being stored in the cloud.

D. Store browsing activities in the cloud.

Correct Answer: C

Community vote distribution

C (57%) B (43%)

Question #141 Topic 1

A software engineer uses automated tools to review application code and search for application eaws, back doors, or other malicious code. Which
of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?

A. Deployment

B. Development

C. Test

D. Design

Correct Answer: B

Community vote distribution

B (82%) Other

Question #142 Topic 1

A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a
web server running on a speci8c operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that
the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?

A. Administrative privileges on the hypervisor

B. Administrative privileges on the application folders

C. Administrative privileges on the web server

D. Administrative privileges on the OS

Correct Answer: B

Community vote distribution

B (70%) C (30%)
Question #143 Topic 1

A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future
Endpoint attacks?

A. Remove all non-essential client-side web services from the network.

B. Harden the client image before deployment.

C. Screen for harmful exploits of client-side services before implementation.

D. Block all client-side web exploits at the perimeter.

Correct Answer: C

Community vote distribution

B (84%) C (16%)

Question #144 Topic 1

What are the essential elements of a Risk Assessment Report (RAR)?

A. Executive summary, body of the report, and appendices

B. Executive summary, graph of risks, and process

C. Table of contents, testing criteria, and index

D. Table of contents, chapters, and executive summary

Correct Answer: A

Community vote distribution

A (100%)

Question #145 Topic 1

The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a
destructive virus. After obtaining a sample set of this virus' variants and reverse engineering them to understand how they work, a commonality
was found. All variants are coded to write to a speci8c memory location. It is determined this virus is of no threat to the organization because they
had the foresight to enable what feature on all endpoints?

A. Address Space Layout Randomization (ASLR)

B. Trusted Platform Module (TPM)

C. Virtualization

D. Process isolation

Correct Answer: A

Community vote distribution

A (100%)
Question #146 Topic 1

The Chief Information Security O[cer (CISO) is to establish a single, centralized, and relational repository to hold all information regarding the
software and hardware assets. Which of the following s ions would be the BEST option?

A. Information Security Management System (ISMS)

B. Con8guration Management Database (CMDB)

C. Security Information and Event Management (SIEM)

D. Information Technology Asset Management (ITAM)

Correct Answer: B

Community vote distribution

B (100%)

Question #147 Topic 1

What type of investigation applies when malicious behavior is suspected between two organizations?

A. Regulatory

B. Operational

C. Civil

D. Criminal

Correct Answer: C

Community vote distribution

C (83%) D (17%)

Question #148 Topic 1

Which of the following techniques evaluates the secure design principles of network or software architectures?

A. Risk modeling

B. Waterfall method

C. Threat modeling

D. Fuzzing

Correct Answer: C

Community vote distribution

C (100%)
Question #149 Topic 1

Which element of software supply chain management has the GREATEST security risk to organizations?

A. Unsupported libraries are often used.

B. Applications with multiple contributors are di[cult to evaluate.

C. Vulnerabilities are di[cult to detect.

D. New software development skills are hard to acquire.

Correct Answer: A

Community vote distribution

A (69%) B (25%) 6%

Question #150 Topic 1

Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?

A. Communicate with the press following the communications plan

B. Dispatch personnel to the disaster recovery (DR) site

C. Take photos of the damage

D. Notify all of the Board of Directors

Correct Answer: D

Community vote distribution

C (51%) D (28%) B (21%)

Question #151 Topic 1

When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users accessing the
VoIP network.
Which of the following will BEST help secure the VoIP network?

A. 802.11g

B. Web application 8rewall (WAF)

C. Transport Layer Security (TLS)

D. 802.1x

Correct Answer: C

Community vote distribution

D (54%) C (46%)
Question #152 Topic 1

A user's credential for an application is stored in a relational database. Which control protects the con8dentiality of the credential while it is
stored?

A. Use a salted cryptographic hash of the password.

B. Validate passwords using a stored procedure.

C. Allow only the application to have access to the password 8eld in order to verify user authentication.

D. Encrypt the entire database and embed an encryption key in the application.

Correct Answer: D

Community vote distribution

A (63%) D (31%) 6%

Question #153 Topic 1

Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?

A. Common Vulnerabilities and Exposures (CVE)

B. Center for Internet Security (CIS)

C. Common Vulnerability Scoring System (CVSS)

D. Open Web Application Security Project (OWASP)

Correct Answer: C

Community vote distribution

C (87%) 13%

Question #154 Topic 1

A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the
application infrastructure located within one co-location data center. Which security principle is the architect currently assessing?

A. Disaster recovery (DR)

B. Availability

C. Redundancy

D. Business continuity (BC)

Correct Answer: B

Community vote distribution

B (86%) 14%
Question #155 Topic 1

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements

B. Compliance o[ce roles and responsibilities, classi8ed material handling standards, storage system lifecycle requirements

C. Data stewardship roles, data handling and storage standards, data lifecycle requirements

D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

Correct Answer: A

Community vote distribution

C (80%) A (20%)

Question #156 Topic 1

The Chief Information Security O[cer (CISO) of a small organization is making a case for building a security operations center (SOC). While
debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the
model?

A. Headcount and capacity

B. Scope and service catalog

C. Skill set and training

D. Tools and technologies

Correct Answer: B

Community vote distribution

B (62%) C (38%)

Question #157 Topic 1

An organization would like to ensure that all new users have a prede8ned departmental access template applied upon creation. The organization
would also like additional access for users to be granted on a per-project basis. What type of user access administration is BEST suited to meet
the organization's needs?

A. Decentralized

B. Hybrid

C. Centralized

D. Federated

Correct Answer: D

Community vote distribution

B (79%) D (21%)
Question #158 Topic 1

Which of the following is a secure design principle for a new product?

A. Restrict the use of modularization.

B. Do not rely on previously used code.

C. Build in appropriate levels of fault tolerance.

D. Utilize obfuscation whenever possible.

Correct Answer: C

Community vote distribution

C (62%) D (23%) B (15%)

Question #159 Topic 1

What is the PRIMARY bene8t of relying on Security Content Automation Protocol (SCAP)?

A. Standardize speci8cations between software security products.

B. Achieve organizational compliance with international standards.

C. Improve vulnerability assessment capabilities.

D. Save security costs for the organization.

Correct Answer: A

Community vote distribution

A (50%) C (46%)

Question #160 Topic 1

What are the three key bene8ts that application developers should derive from the northbound application programming interface (API) of
software de8ned networking (SDN)?

A. Network syntax, abstraction of network eow, and abstraction of network protocols

B. Network syntax, abstraction of network commands, and abstraction of network protocols

C. Familiar syntax, abstraction of network topology, and de8nition of network protocols

D. Familiar syntax, abstraction of network topology, and abstraction of network protocols

Correct Answer: A

Community vote distribution

D (64%) A (18%) C (18%)
Question #161 Topic 1

Which of the following is a unique feature of attribute-based access control (ABAC)?

A. A user is granted access to a system at a particular time of day.

B. A user is granted access to a system based on username and password.

C. A user is granted access to a system based on group a[nity.

D. A user is granted access to a system with biometric authentication.

Correct Answer: A

Community vote distribution

A (92%) 8%

Question #162 Topic 1

Which of the following is the BEST approach to implement multiple servers on a virtual system?

A. Implement one primary function per virtual server and apply individual security con8guration for each virtual server.

B. Implement multiple functions within the same virtual server and apply individual security con8gurations to each function.

C. Implement one primary function per virtual server and apply high security con8guration on the host operating system.

D. Implement multiple functions per virtual server and apply the same security con8guration for each virtual server.

Correct Answer: D

Community vote distribution

A (80%) D (20%)

Question #163 Topic 1

Which of the following is the MOST common cause of system or security failures?

A. Lack of physical security controls

B. Lack of change control

C. Lack of logging and monitoring

D. Lack of system documentation

Correct Answer: B

Community vote distribution

B (100%)
Question #164 Topic 1

The Chief Information O[cer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud
architecture. All business-critical data will be migrated to either internal or external cloud services within the next two years. The CIO has a
PRIMARY obligation to work with personnel in which role in order to ensure proper protection of data during and after the cloud migration?

A. Chief Security O[cer (CSO)

B. Information owner

C. Chief Information Security O[cer (CISO)

D. General Counsel

Correct Answer: C

Community vote distribution

B (50%) C (50%)

Question #165 Topic 1

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to
the log 8le to ensure requirements are met?

A. Execute

B. Read

C. Write

D. Append

Correct Answer: C

Community vote distribution

D (88%) 13%

Question #166 Topic 1

When performing an investigation with the potential for legal action, what should be the analyst's FIRST consideration?

A. Data decryption

B. Chain-of-custody

C. Authorization to collect

D. Court admissibility

Correct Answer: B

Community vote distribution

B (70%) C (24%) 6%
Question #167 Topic 1

Building blocks for software-de8ned networks (SDN) require which of the following?

A. The SDN is composed entirely of client-server pairs.

B. Random-access memory (RAM) is used in preference to virtual memory.

C. The SDN is mostly composed of virtual machines (VM).

D. Virtual memory is used in preference to random-access memory (RAM).

Correct Answer: C

Community vote distribution

C (55%) D (36%) 9%

Question #168 Topic 1

What is the MINIMUM standard for testing a disaster recovery plan (DRP)?

A. Quarterly or more frequently depending upon the advice of the information security manager

B. As often as necessary depending upon the stability of the environment and business requirements

C. Annually or less frequently depending upon audit department requirements

D. Semi-annually and in alignment with a 8scal half-year business cycle

Correct Answer: D

Community vote distribution

B (43%) D (33%) C (22%)

Question #169 Topic 1

Which security audit standard provides the BEST way for an organization to understand a vendor's Information Systems (IS) in relation to
con8dentiality, integrity, and availability?

A. Service Organization Control (SOC) 2

B. Statement on Standards for Attestation Engagements (SSAE) 18

C. Statement on Auditing Standards (SAS) 70

D. Service Organization Control (SOC) 1

Correct Answer: D

Community vote distribution

A (76%) B (24%)
Question #170 Topic 1

An application team is running tests to ensure that user entry 8elds will not accept invalid input of any length. What type of negative testing is this
an example of?

A. Allowed number of characters

B. Population of required 8elds

C. Reasonable data

D. Session testing

Correct Answer: B

Community vote distribution

A (44%) C (41%) B (16%)

Question #171 Topic 1

An organization is considering partnering with a third-party supplier of cloud services. The organization will only be providing the data and the
third-party supplier will be providing the security controls. Which of the following BEST describes this service offering?

A. Platform as a Service (PaaS)

B. Anything as a Service (XaaS)

C. Infrastructure as a Service (IaaS)

D. Software as a Service (SaaS)

Correct Answer: A

Community vote distribution

D (57%) A (43%)

Question #172 Topic 1

Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?

A. Mandatory Access Control (MAC) and Discretionary Access Control (DAC)

B. Discretionary Access Control (DAC) and Access Control List (ACL)

C. Role Based Access Control (RBAC) and Mandatory Access Control (MAC)

D. Role Based Access Control (RBAC) and Access Control List (ACL)

Correct Answer: D

Community vote distribution

D (90%) 10%
Question #173 Topic 1

Which of the following is the MOST signi8cant key management problem due to the number of keys created?

A. Exponential growth when using symmetric keys

B. Exponential growth when using asymmetric keys

C. Storage of the keys require increased security

D. Keys are more di[cult to provision and revoke

Correct Answer: C

Community vote distribution

A (62%) B (24%) C (15%)

Question #174 Topic 1

Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security
O[cer (CISO) to perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never
performed this before. According to the (ISC)
Code of Professional Ethics, which of the following should the CISSP do?

A. Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent
and quali8ed

B. Since they are CISSP certi8ed, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a
timely manner

C. Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it

D. Review the PCI requirements before performing the vulnerability assessment

Correct Answer: A

Community vote distribution

A (81%) D (19%)

Question #175 Topic 1

While performing a security review for a new product, an information security professional discovers that the organization's product development
team is proposing to collect government-issued identi8cation (ID) numbers from customers to use as unique customer identi8ers. Which of the
following recommendations should be made to the product development team?

A. Customer identi8ers should be a variant of the user's government-issued ID number.

B. Customer identi8ers should be a cryptographic hash of the user's government-issued ID number.

C. Customer identi8ers that do not resemble the user's government-issued ID number should be used.

D. Customer identi8ers should be a variant of the user's name, for example, "jdoe" or "john.doe."

Correct Answer: B

Community vote distribution

C (83%) D (17%)
Question #176 Topic 1

The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data
streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the
team taken into consideration?

A. Biometric data cannot be changed.

B. The biometric devices are unknown.

C. Biometric data must be protected from disclosure.

D. Separate biometric data streams require increased security.

Correct Answer: A

Community vote distribution

C (88%) 13%

Question #177 Topic 1

Information security practitioners are in the midst of implementing a new 8rewall. Which of the following failure methods would BEST prioritize
security in the event of failure?

A. Failover

B. Fail-Closed

C. Fail-Safe

D. Fail-Open

Correct Answer: B

Community vote distribution

B (80%) C (20%)

Question #178 Topic 1

Which of the following services can be deployed via a cloud service or on-premises to integrate with Identity as a Service (IDaaS) as the
authoritative source of user identities?

A. Multi-factor authentication (MFA)

B. Directory

C. User database

D. Single sign-on (SSO)

Correct Answer: B

Community vote distribution

B (71%) D (24%) 6%
Question #179 Topic 1

Which of the following statements is TRUE about Secure Shell (SSH)?

A. SSH supports port forwarding, which can be used to protect less secured protocols.

B. SSH does not protect against man-in-the-middle (MITM) attacks.

C. SSH is easy to deploy because it requires a Web browser only.

D. SSH can be used with almost any application because it is concerned with maintaining a circuit.

Correct Answer: A

Community vote distribution

A (100%)

Question #180 Topic 1

What is considered a compensating control for not having electrical surge protectors installed?

A. Having dual lines to network service providers built to the site

B. Having a hot disaster recovery (DR) environment for the site

C. Having network equipment in active-active clusters at the site

D. Having backup diesel generators installed to the site

Correct Answer: B

Community vote distribution

B (69%) D (31%)

Question #181 Topic 1

What is the FIRST step in risk management?

A. Identify the factors that have potential to impact business.

B. Establish the scope and actions required.

C. Identify existing controls in the environment.

D. Establish the expectations of stakeholder involvement.

Correct Answer: C

Community vote distribution

A (92%) 8%
Question #182 Topic 1

Which of the following is the PRIMARY goal of logical access controls?

A. Restrict access to an information asset.

B. Ensure availability of an information asset.

C. Restrict physical access to an information asset.

D. Ensure integrity of an information asset.

Correct Answer: A

Community vote distribution

A (73%) D (27%)

Question #183 Topic 1

Which of the following is a covert channel type?

A. Pipe

B. Memory

C. Storage

D. Monitoring

Correct Answer: D

Community vote distribution

C (89%) 11%

Question #184 Topic 1

A software developer wishes to write code that will execute safely and only as intended. Which of the following programming language types is
MOST likely to achieve this goal?

A. Weakly typed

B. Dynamically typed

C. Strongly typed

D. Statically typed

Correct Answer: B

Community vote distribution

C (100%)
Question #185 Topic 1

Which of the following roles is responsible for ensuring that important datasets are developed, maintained, and are accessible within their de8ned
speci8cations?

A. Data Custodian

B. Data Reviewer

C. Data User

D. Data Owner

Correct Answer: D

Community vote distribution

A (79%) D (21%)

Question #186 Topic 1

What is static analysis intended to do when analyzing an executable 8le?

A. Search the documents and 8les associated with the executable 8le.

B. Analyze the position of the 8le in the 8le system and the executable 8le's libraries.

C. Collect evidence of the executable 8le's usage, including dates of creation and last use.

D. Disassemble the 8le to gather information about the executable 8le's function.

Correct Answer: B

Community vote distribution

D (71%) B (29%)

Question #187 Topic 1

A network security engineer needs to ensure that a security solution analyzes tra[c for protocol manipulation and various sorts of common
attacks. In addition, all
Uniform Resource Locator (URL) tra[c must be inspected and users prevented from browsing inappropriate websites. Which of the following
solutions should be implemented to enable administrators the capability to analyze tra[c, blacklist external sites, and log user tra[c for later
analysis?

A. Application-Level Proxy

B. Intrusion detection system (IDS)

C. Host-based Firewall

D. Circuit-Level Proxy

Correct Answer: A

Community vote distribution

A (78%) C (22%)
Question #188 Topic 1

What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?

A. ICS often run on UNIX operating systems.

B. ICS often do not have availability requirements.

C. ICS are often sensitive to unexpected tra[c.

D. ICS are often isolated and di[cult to access.

Correct Answer: C

Community vote distribution

C (79%) D (21%)

Question #189 Topic 1

The security team plans on using automated account reconciliation in the corporate user access review process. Which of the following must be
implemented for the BEST results with fewest errors when running the audit?

A. Frequent audits

B. Segregation of Duties (SoD)

C. Removal of service accounts from review

D. Clear provisioning policies

Correct Answer: D

Community vote distribution

D (100%)

Question #190 Topic 1

In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?

A. Organizational Security Policy

B. Security Target (ST)

C. Protection Pro8le (PP)

D. Target of Evaluation (TOE)

Correct Answer: C

Community vote distribution

C (89%) 11%
Question #191 Topic 1

Which of the following is an example of a vulnerability of full-disk encryption (FDE)?

A. Data on the device cannot be restored from backup.

B. Data on the device cannot be backed up.

C. Data in transit has been compromised when the user has authenticated to the device.

D. Data at rest has been compromised when the user has authenticated to the device.

Correct Answer: D

Community vote distribution

D (69%) C (31%)

Question #192 Topic 1

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?

A. Implement network access control lists (ACL).

B. Implement an intrusion prevention system (IPS).

C. Implement a web application 8rewall (WAF).

D. Implement egress 8ltering at the organization's network boundary.

Correct Answer: D

Community vote distribution

A (72%) D (22%) 6%

Question #193 Topic 1

A large organization's human resources and security teams are planning on implementing technology to eliminate manual user access reviews
and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?

A. Implement a Privileged Access Management (PAM) system.

B. Implement a role-based access control (RBAC) system.

C. Implement identity and access management (IAM) platform.

D. Implement a single sign-on (SSO) platform.

Correct Answer: C

Community vote distribution

C (100%)
Question #194 Topic 1

A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to exchange authentication and authorization data
between security domains. However, an attacker was able to spoof a registered account on the network and query the SAML provider. What is the
MOST common attack leveraged against this eaw?

A. Attacker leverages SAML assertion to register an account on the security domain.

B. Attacker forges requests to authenticate as a different user.

C. Attacker exchanges authentication and authorization data between security domains.

D. Attacker conducts denial-of-service (DoS) against the security domain by authenticating as the same user repeatedly.

Correct Answer: B

Community vote distribution

B (100%)

Question #195 Topic 1

An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow?

A. Perform incremental assessments.

B. Engage a third-party auditing 8rm.

C. Review security architecture.

D. Conduct penetration testing.

Correct Answer: A

Community vote distribution

A (45%) C (32%) B (23%)

Question #196 Topic 1

What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution of inline JavaScript and the execution of eval()-
type functions?

A. X-XSS-Protection

B. Content-Security-Policy

C. X-Frame-Options

D. Strict-Transport-Security

Correct Answer: C

Community vote distribution

B (100%)
Question #197 Topic 1

A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the following are the MOST important factors to
consider while making a decision on which wireless spectrum to deploy?

A. Facility size, intermodulation, and direct satellite service

B. Performance, geographic location, and radio signal interference

C. Existing client devices, manufacturer reputation, and electrical interference

D. Hybrid frequency band, service set identi8er (SSID), and interpolation

Correct Answer: B

Community vote distribution

B (63%) C (37%)

Question #198 Topic 1

A software development company has a short timeline in which to deliver a software product. The software development team decides to use
open-source software libraries to reduce the development time. What concept should software developers consider when using open-source
software libraries?

A. Open source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild.

B. Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be
exploited.

C. Open source libraries contain unknown vulnerabilities, so they should not be used.

D. Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.

Correct Answer: A

Community vote distribution

A (89%) 11%

Question #199 Topic 1

A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved
and needs to be applied. The research is complete, and the security engineer has provided recommendations. Where should the patch be applied
FIRST?

A. Lower environment

B. Desktop environment

C. Server environment

D. Production environment

Correct Answer: A

Community vote distribution

A (80%) D (20%)
Question #200 Topic 1

What BEST describes the con8dentiality, integrity, availability triad?

A. A vulnerability assessment to see how well the organization's data is protected

B. The three-step approach to determine the risk level of an organization

C. The implementation of security systems to protect the organization's data

D. A tool used to assist in understanding how to protect the organization's data

Correct Answer: C

Community vote distribution

C (56%) D (41%)
%

Question #201 Topic 1

Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?

A. To provide each manager with precise direction on selecting an appropriate recovery alternative

B. To demonstrate to the board of directors that senior management is committed to continuity recovery efforts

C. To provide a formal declaration from senior management as required by internal audit to demonstrate sound business practices

D. To demonstrate to the regulatory bodies that the company takes business continuity seriously

Correct Answer: D

Community vote distribution

A (100%)

Question #202 Topic 1

A Simple Power Analysis (SPA) attack against a device directly observes which of the following?

A. Magnetism

B. Generation

C. Consumption

D. Static discharge

Correct Answer: B

Community vote distribution

C (100%)
Question #203 Topic 1

Which of the following MUST the administrator of a security information and event management (SIEM) system ensure?

A. All sources are synchronized with a common time reference.

B. All sources are reporting in the exact same Extensible Markup Language (XML) format.

C. Data sources do not contain information infringing upon privacy regulations.

D. Each source uses the same Internet Protocol (IP) address for reporting.

Correct Answer: A

Community vote distribution

A (69%) C (31%)

Question #204 Topic 1

An organization wants to share data securely with their partners via the Internet. Which standard port is typically used to meet this requirement?

A. Setup a server on User Datagram Protocol (UDP) port 69

B. Setup a server on Transmission Control Protocol (TCP) port 21

C. Setup a server on Transmission Control Protocol (TCP) port 22

D. Setup a server on Transmission Control Protocol (TCP) port 80

Correct Answer: C

Community vote distribution

C (100%)

Question #205 Topic 1

When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?

A. Estimated Maximum Loss (EML) + Recovery Time Objective (RTO)

B. Business impact analysis (BIA) + Recovery Point Objective (RPO)

C. Annual Loss Expectancy (ALE) + Work Recovery Time (WRT)

D. Recovery Time Objective (RTO) + Work Recovery Time (WRT)

Correct Answer: D

Community vote distribution

D (100%)
Question #206 Topic 1

In systems security engineering, what does the security principle of modularity provide?

A. Minimal access to perform a function

B. Documentation of functions

C. Isolated functions and data

D. Secure distribution of programs and data

Correct Answer: C

Community vote distribution

C (100%)

Question #207 Topic 1

Which of the following is the strongest physical access control?

A. Biometrics, a password, and personal identi8cation number (PIN)

B. Individual password for each user

C. Biometrics and badge reader

D. Biometrics, a password, and badge reader

Correct Answer: D

Community vote distribution

D (68%) C (32%)

Question #208 Topic 1

An access control list (ACL) on a router is a feature MOST similar to which type of 8rewall?

A. Stateful 8rewall

B. Packet 8ltering 8rewall

C. Application gateway 8rewall

D. Heuristic 8rewall

Correct Answer: B

Community vote distribution

B (91%) 9%
Question #209 Topic 1

While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?

A. Detective and recovery controls

B. Corrective and recovery controls

C. Preventative and corrective controls

D. Recovery and proactive controls

Correct Answer: B

Community vote distribution

B (92%) 8%

Question #210 Topic 1

A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an
abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?

A. SOC 1

B. SOC 2 Type 1

C. SOC 2 Type 2

D. SOC 3

Correct Answer: B

Community vote distribution

D (100%)

Question #211 Topic 1

Which of the following is TRUE for an organization that is using a third-party federated identity service?

A. The organization speci8es alone how to authenticate other organization's users

B. The organization de8nes internal standard for overall user identi8cation

C. The organization establishes a trust relationship with the other organizations

D. The organization enforces the rules to other organization's user provisioning

Correct Answer: C

Community vote distribution

C (100%)
Question #212 Topic 1

Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization?

A. Maintaining the inventory through a combination of asset owner interviews, open-source system management, and open-source
management tools

B. Maintaining the inventory through a combination of desktop con8guration, administration management, and procurement management
tools

C. Maintaining the inventory through a combination of on premise storage con8guration, cloud management, and partner management tools

D. Maintaining the inventory through a combination of system con8guration, network management, and license management tools

Correct Answer: C

Community vote distribution

D (100%)

Question #213 Topic 1

Which of the following outsourcing agreement provisions has the HIGHEST priority from a security operations perspective?

A. Conditions to prevent the use of subcontractors

B. Terms for contract renegotiation in case of disaster

C. Root cause analysis for application performance issue

D. Escalation process for problem resolution during incidents

Correct Answer: D

Community vote distribution

D (80%) A (20%)

Question #214 Topic 1

Which of the following is the MOST comprehensive Business Continuity (BC) test?

A. Full interruption

B. Full simulation

C. Full table top

D. Full functional drill

Correct Answer: A

Community vote distribution

A (82%) B (18%)
Question #215 Topic 1

A security practitioner needs to implement a solution to verify endpoint security protections and operating system (OS) versions. Which of the
following is the
BEST solution to implement?

A. An intrusion prevention system (IPS)

B. Network Access Control (NAC)

C. Active Directory (AD) authentication

D. A 8rewall

Correct Answer: B

Community vote distribution

B (100%)

Question #216 Topic 1

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identi8ed. In which of the
following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

A. Assessment

B. Planning

C. Improvement

D. Operation

Correct Answer: D

Community vote distribution

C (73%) D (27%)

Question #217 Topic 1

When developing an external facing web-based system, which of the following would be the MAIN focus of the security assessment prior to
implementation and production?

A. Ensuring Secure Sockets Layer (SSL) certi8cates are signed by a certi8cate authority

B. Ensuring Secure Sockets Layer (SSL) certi8cates are internally signed

C. Assessing the Uniform Resource Locator (URL)

D. Ensuring that input validation is enforced

Correct Answer: A

Community vote distribution

D (71%) A (29%)
Question #218 Topic 1

A 8nancial services organization has employed a security consultant to review processes used by employees across various teams. The
consultant interviewed a member of the application development practice and found gaps in their threat model. Which of the following correctly
represents a trigger for when a threat model should be revised?

A. After operating system (OS) patches are applied

B. A new developer is hired into the team.

C. After a modi8cation to the 8rewall rule policy

D. A new data repository is added.

Correct Answer: D

Community vote distribution

D (100%)

Question #219 Topic 1

The Chief Information Security O[cer (CISO) of an organization has requested that a Service Organization Control (SOC) report be created to
outline the security and availability of a particular system over a 12-month period. Which type of SOC report should be utilized?

A. SOC 1 Type 1

B. SOC 1 Type 2

C. SOC 2 Type 2

D. SOC 3 Type 1

Correct Answer: C

Community vote distribution

C (100%)

Question #220 Topic 1

An organization recently upgraded to a Voice over Internet Protocol (VoIP) phone system. Management is concerned with unauthorized phone
usage. The security consultant is responsible for putting together a plan to secure these phones. Administrators have assigned unique personal
identi8cation number (PIN) codes for each person in the organization. What is the BEST solution?

A. Have the administrator enforce a policy to change the PIN regularly. Implement call detail records (CDR) reports to track usage.

B. Have the administrator change the PIN regularly. Implement call detail records (CDR) reports to track usage.

C. Use phone locking software to enforce usage and PIN policies. Inform the user to change the PIN regularly.

D. Implement call detail records (CDR) reports to track usage.

Correct Answer: A

Community vote distribution

A (86%) 14%
Question #221 Topic 1

Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?

A. Sender non-repudiation

B. Multi-factor authentication (MFA)

C. Payload encryption

D. Sender con8dentiality

Correct Answer: A

Community vote distribution

A (100%)

Question #222 Topic 1

An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor
documents a 8nding a related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective
of the system. Which trust service principle would be MOST applicable in th is situation?

A. Con8dentiality

B. Processing Integrity

C. Security

D. Availability

Correct Answer: B

Community vote distribution

B (70%) A (20%) 10%

Question #223 Topic 1

In which process MUST security be considered during the acquisition of new software?

A. Request for proposal (RFP)

B. Implementation

C. Vendor selection

D. Contract negotiation

Correct Answer: A

Community vote distribution

A (56%) C (44%)
Question #224 Topic 1

Which of the following is the MAIN difference between a network-based 8rewall and a host-based 8rewall?

A. A network-based 8rewall is stateful, while a host-based 8rewall is stateless.

B. A network-based 8rewall blocks network intrusions, while a host-based 8rewall blocks malware.

C. A network-based 8rewall controls tra[c passing through the device, while a host-based 8rewall controls tra[c destined for the device.

D. A network-based 8rewall veri8es network tra[c, while a host-based 8rewall veri8es processes and applications.

Correct Answer: C

Community vote distribution

C (77%) D (23%)

Question #225 Topic 1

Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when
traveling to high- risk countries?

A. Review applicable destination country laws, forensically clean devices prior to travel, and only download sensitive data over a virtual private
network (VPN) upon arriving at the destination.

B. Leverage a Secure Socket Layer (SSL) connection over a virtual private network (VPN) to download sensitive data upon arriving at the
destination.

C. Keep laptops, external storage devices, and smartphones in the hotel room when not in use.

D. Use multi-factor authentication (MFA) to gain access to data stored on laptops or external storage devices and biometric 8ngerprint access
control mechanisms to unlock smartphones.

Correct Answer: D

Community vote distribution

D (59%) A (41%)

Question #226 Topic 1

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

A. Con8rm that con8dentiality agreements are signed

B. Employ strong access controls

C. Log all activities associated with sensitive systems

D. Provide links to security policies

Correct Answer: B

Community vote distribution

B (70%) A (30%)
Question #227 Topic 1

Which of the following regulations dictates how data breaches are handled?

A. Payment Card Industry Data Security Standard (PCI-DSS)

B. National Institute of Standards and Technology (NIST)

C. Sarbanes-Oxley (SOX)

D. General Data Protection Regulation (GDPR)

Correct Answer: D

Community vote distribution

D (100%)

Question #228 Topic 1

In software development, developers should use which type of queries to prevent a Structured Query Language (SQL) injection?

A. Parameterised

B. Controlled

C. Dynamic

D. Static

Correct Answer: A

Community vote distribution

A (100%)

Question #229 Topic 1

Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee
records?

A. Role-based access control (RBAC)

B. Attribute-based access control (ABAC)

C. Discretionary access control (DAC)

D. Mandatory access control (MAC)

Correct Answer: A

Community vote distribution

B (69%) A (31%)
Question #230 Topic 1

Which of the following examples is BEST to minimize the attack surface for a customer's private information?

A. Data masking

B. Authentication

C. Obfuscation

D. Collection limitation

Correct Answer: D

Community vote distribution

D (78%) B (22%)

Question #231 Topic 1

Which evidence collecting technique would be utilized when it is believed an attacker is employing a rootkit and a quick analysis is needed?

A. Forensic disk imaging

B. Live response

C. Memory collection

D. Malware analysis

Correct Answer: C

Community vote distribution

C (58%) B (42%)

Question #232 Topic 1

An application is used for funds transfers between an organization and a third-party. During a security audit, an auditor has found an issue with
the business continuity disaster recovery policy and procedures for this application. Which of the following reports should the auditor 8le with the
organization?

A. Statement on Auditing Standards (SAS) 70-1

B. Statement on Auditing Standards (SAS) 70

C. Service Organization Control (SOC) 1

D. Service Organization Control (SOC) 2

Correct Answer: C

Community vote distribution

D (89%) 11%
Question #233 Topic 1

When determining data and information asset handling, regardless of the speci8c toolset being used, which of the following is one of the common
components of big data?

A. Distributed storage locations

B. Centralized processing location

C. Distributed data collection

D. Consolidated data collection

Correct Answer: C

Community vote distribution

A (67%) C (33%)

Question #234 Topic 1

A Chief Information Security O[cer (CISO) of a 8rm which decided to migrate to cloud has been tasked with ensuring an optimal level of security.
Which of the following would be the FIRST consideration?

A. Analyze the 8rm's applications and data repositories to determine the relevant control requirements.

B. Request a security risk assessment of the cloud vendor be completed by an independent third-party.

C. De8ne the cloud migration roadmap and set out which applications and data repositories should be moved into the cloud.

D. Ensure that the contract between the cloud vendor and the 8rm clearly de8nes responsibilities for operating security controls.

Correct Answer: C

Community vote distribution

A (55%) D (20%) C (20%) 5%

Question #235 Topic 1

Which of the following BEST describes the purpose of Border Gateway Protocol (BGP)?

A. Provide Routing Information Protocol (RIP) version 2 advertisements to neighboring layer 3 devices.

B. Maintain a list of network paths between internet routers.

C. Provide 8rewall services to cloud-enabled applications.

D. Maintain a list of e[cient network paths between autonomous systems.

Correct Answer: D

Community vote distribution

D (100%)
Question #236 Topic 1

What is the BEST design for securing physical perimeter protection?

A. Closed-circuit television (CCTV)

B. Business continuity planning (BCP)

C. Barriers, fences, gates, and walls

D. Crime Prevention through Environmental Design (CPTED)

Correct Answer: D

Community vote distribution

C (64%) D (36%)

Question #237 Topic 1

The security organization is looking for a solution that could help them determine with a strong level of con8dence that attackers have breached
their network.
Which solution is MOST effective at discovering a successful network breach?

A. Developing a sandbox

B. Installing an intrusion detection system (IDS)

C. Deploying a honeypot

D. Installing an intrusion prevention system (IPS)

Correct Answer: C

Community vote distribution

C (59%) B (41%)

Question #238 Topic 1

Which of the following is a bene8t of implementing data-in-use controls?

A. If the data is lost, it must be decrypted to be opened.

B. When the data is being viewed, it can only be printed by authorized users.

C. When the data is being viewed, it can be accessed using secure protocols.

D. If the data is lost, it may not be accessible to unauthorized users.

Correct Answer: B

Community vote distribution

B (65%) C (27%) 8%
Question #239 Topic 1

When con8guring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network, which of the following authentication
types is the
MOST secure?

A. EAP-Protected Extensible Authentication Protocol (PEAP)

B. EAP-Transport Layer Security (TLS)

C. EAP-Tunneled Transport Layer Security (TLS)

D. EAP-Flexible Authentication via Secure Tunneling

Correct Answer: B

Community vote distribution

B (100%)

Question #240 Topic 1

Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?

A. Monitor mail servers for sensitive data being ex8ltrated.

B. Educate end-users on methods of attacks on sensitive data.

C. Establish report parameters for sensitive data.

D. Store sensitive data only when necessary.

Correct Answer: D

Community vote distribution

D (69%) B (31%)

Question #241 Topic 1

An organization with divisions in the United States (US) and the United Kingdom (UK) processes data comprised of personal information
belonging to subjects living in the European Union (EU) and in the US. Which data MUST be handled according to the privacy protections of
General Data Protection Regulation
(GDPR)?

A. Only the UK citizens' data

B. Only the EU residents' data

C. Only data processed in the UK

D. Only the EU citizens' data

Correct Answer: D

Community vote distribution

B (65%) D (35%)
Question #242 Topic 1

What are the 8rst two components of logical access control?

A. Authentication and availability

B. Authentication and identi8cation

C. Identi8cation and con8dentiality

D. Con8dentiality and authentication

Correct Answer: D

Community vote distribution

B (100%)

Question #243 Topic 1

Which of the following is the MOST effective measure for dealing with rootkit attacks?

A. Restoring the system from the last backup

B. Finding and replacing the altered binaries with legitimate ones

C. Turning off unauthorized services and rebooting the system

D. Reinstalling the system from trusted sources

Correct Answer: D

Community vote distribution

D (100%)

Question #244 Topic 1

Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy?

A. Storage

B. Training

C. Legal

D. Business

Correct Answer: C

Community vote distribution

C (100%)
Question #245 Topic 1

A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not a[liated with the
organization was inquiring about the member's work location, length of employment, and building access controls. The employee's reporting is
MOST likely the result of which of the following?

A. Security engineering

B. Security awareness

C. Phishing

D. Risk avoidance

Correct Answer: C

Community vote distribution

B (100%)

Question #246 Topic 1

The disaster recovery (DR) process should always include:

A. periodic inventory review

B. 8nancial data analysis

C. plan maintenance

D. periodic vendor review

Correct Answer: A

Community vote distribution

C (100%)

Question #247 Topic 1

An organization has determined that its previous waterfall approach to software development is not keeping pace with business demands. To
adapt to the rapid changes required for product delivery, the organization has decided to move towards an Agile software development and
release cycle. In order to ensure the success of the Agile methodology, who is the MOST critical in creating acceptance criteria for each release?

A. Business customers

B. Software developers

C. Independent testers

D. Project managers

Correct Answer: C

Community vote distribution

A (60%) D (20%) 13% 7%
Question #248 Topic 1

What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?

A. Publish an acceptable usage policy.

B. Publish a social media guidelines document.

C. Deliver security awareness training.

D. Document a procedure for accessing social media sites.

Correct Answer: A

Community vote distribution

A (80%) C (20%)

Question #249 Topic 1

A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon auditing the internal con8guration, the
network administrator discovered that split-tunneling was enabled. What is the concern with this con8guration?

A. The network intrusion detection system (NIDS) will fail to inspect Secure Sockets Layer (SSL) tra[c.

B. Remote sessions will not require multi-layer authentication.

C. Remote clients are permitted to exchange tra[c with the public and private network.

D. Multiple Internet Protocol Security (IPSec) tunnels may be exploitable in speci8c circumstances.

Correct Answer: C

Community vote distribution

C (56%) A (33%) 11%

Question #250 Topic 1

In an IDEAL encryption system, who has sole access to the decryption key?

A. Data custodian

B. System owner

C. System administrator

D. Data owner

Correct Answer: D

Community vote distribution

D (83%) A (17%)
Question #251 Topic 1

Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?

A. Cutover

B. Parallel

C. Walkthrough

D. Tabletop

Correct Answer: D

Community vote distribution

A (93%) 7%

Question #252 Topic 1

Which of the following methods provides the MOST protection for user credentials?

A. Forms-based authentication

B. Self-registration

C. Basic authentication

D. Digest authentication

Correct Answer: A

Community vote distribution

D (100%)

Question #253 Topic 1

An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration
test is needed?

A. Functional test

B. Unit test

C. Grey box

D. White box

Correct Answer: D

Community vote distribution

D (56%) C (44%)
Question #254 Topic 1

How does Radio-Frequency Identi8cation (RFID) assist with asset management?

A. It uses biometric information for system identi8cation.

B. It uses two-factor authentication (2FA) for system identi8cation.

C. It transmits unique serial numbers wirelessly.

D. It transmits unique Media Access Control (MAC) addresses wirelessly.

Correct Answer: C

Community vote distribution

C (100%)

Question #255 Topic 1

Which of the following is the FIRST step an organization's professional performs when de8ning a cyber-security program based upon industry
standards?

A. Review the past security assessments

B. De8ne the organization's objectives regarding security and risk mitigation

C. Map the organization's current security practices to industry standards and frameworks

D. Select from a choice of security best practices

Correct Answer: C

Community vote distribution

B (100%)

Question #256 Topic 1

What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?

A. Maintaining the chain of custody

B. Capturing an image of the system

C. Outlining all actions taken during the investigation

D. Complying with the organization's security policy

Correct Answer: A

Community vote distribution

A (100%)
Question #257 Topic 1

Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other.
The 8rst machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address of 192.168.1.3/30 and the second machine
has an IP/CIDR address
192.168.1.6/30. Which of the following is correct?

A. Since each computer is on a different layer 3 network, tra[c between the computers must be processed by a network bridge in order to
communicate

B. Since each computer is on the same layer 3 network, tra[c between the computers may be processed by a network router in order to
communicate

C. Since each computer is on the same layer 3 network, tra[c between the computers may be processed by a network bridge in order to
communicate

D. Since each computer is on a different layer 3 network, tra[c between the computers must be processed by a network router in order to
communicate

Correct Answer: B

Community vote distribution

D (100%)

Question #258 Topic 1

Security Software Development Life Cycle (SDLC) expects application code to be written in a consistent manner to allow ease of auditing and
which of the following?

A. Protecting

B. Copying

C. Enhancing

D. Executing

Correct Answer: A

Community vote distribution

A (67%) C (33%)

Question #259 Topic 1

Which of the following is a risk matrix?

A. A tool for determining risk management decisions for an activity or system.

B. A database of risks associated with a speci8c information system.

C. A two-dimensional picture of risk for organizations, products, projects, or other items of interest.

D. A table of risk management factors for management to consider.

Correct Answer: A

Community vote distribution

C (61%) A (39%)
Question #260 Topic 1

What part of an organization's strategic risk assessment MOST likely includes information on items affecting the success of the organization?

A. Threat analysis

B. Vulnerability analysis

C. Key Performance Indicator (KPI)

D. Key Risk Indiaitor (KRI)

Correct Answer: A

Community vote distribution

D (64%) C (23%) 14%

Question #261 Topic 1

A company needs to provide employee access to travel services, which are hosted by a third-party service provider. Employee experience is
important, and when users are already authenticated, access to the travel portal is seamless. Which of the following methods is used to share
information and grant user access to the travel portal?

A. Single sign-on (SSO) access

B. Security Assertion Markup Language (SAML) access

C. Open Authorization (OAuth) access

D. Federated access

Correct Answer: D

Community vote distribution

D (65%) A (31%)

Question #262 Topic 1

The Chief Executive O[cer (CEO) wants to implement an internal audit of the company's information security posture. The CEO wants to avoid any
bias in the audit process; therefore, has assigned the Sales Director to conduct the audit. After signi8cant interaction over a period of weeks the
audit concludes that the company's policies and procedures are su[cient, robust and well established. The CEO then moves on to engage an
external penetration testing company in order to showcase the organization's robust information security stance. This exercise reveals signi8cant
failings in several critical security controls and shows that the incident response processes remain undocumented. What is the MOST likely
reason for this disparity in the results of the audit and the external penetration test?

A. The audit team lacked the technical experience and training to make insightful and objective assessments of the data provided to them.

B. The scope of the penetration test exercise and the internal audit were signi8cantly different.

C. The external penetration testing company used custom zero-day attacks that could not have been predicted.

D. The information technology (IT) and governance teams have failed to disclose relevant information to the internal audit team leading to an
incomplete assessment being formulated.

Correct Answer: A

Community vote distribution

A (80%) 10% 10%
Question #263 Topic 1

An information security administrator wishes to block peer-to-peer (P2P) tra[c over Hypertext Transfer Protocol (HTTP) tunnels. Which of the
following layers of the Open Systems Interconnection (OSI) model requires inspection?

A. Application

B. Transport

C. Session

D. Presentation

Correct Answer: A

Community vote distribution

A (100%)

Question #264 Topic 1

A Chief Information O[cer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department.
While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions
are done by the head of the IT department. Which of the following BEST describes the security role 8lled by the head of the IT department?

A. System security o[cer

B. System processor

C. System custodian

D. System analyst

Correct Answer: C

Community vote distribution

C (70%) A (30%)

Question #265 Topic 1

Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Pro8le (PP)?

A. Conduct a site survey.

B. Choose a suitable location.

C. Check the technical design.

D. Categorize assets.

Correct Answer: A

Community vote distribution

A (60%) D (40%)
Question #266 Topic 1

Management has decided that a core application will be used on personal cellular phones. As an implementation requirement, regularly scheduled
analysis of the security posture needs to be conducted. Management has also directed that continuous monitoring be implemented. Which of the
following is required to accomplish management's directive?

A. Routine reports generated by the user's cellular phone provider that detail security events

B. Strict integration of application management, con8guration management (CM), and phone management

C. Management application installed on user phones that tracks all application events and cellular tra[c

D. Enterprise-level security information and event management (SIEM) dashboard that provides full visibility of cellular phone activity

Correct Answer: C

Community vote distribution

B (72%) C (17%) 11%

Question #267 Topic 1

A systems engineer is designing a wide area network (WAN) environment for a new organization. The WAN will connect sites holding information
at various levels of sensitivity, from publicly available to highly con8dential. The organization requires a high degree of interconnectedness to
support existing business processes.
What is the BEST design approach to securing this environment?

A. Use reverse proxies to create a secondary "shadow" environment for critical systems.

B. Place 8rewalls around critical devices, isolating them from the rest of the environment.

C. Layer multiple detective and preventative technologies at the environment perimeter.

D. Align risk across all interconnected elements to ensure critical threats are detected and handled.

Correct Answer: B

Community vote distribution

D (47%) B (27%) C (27%)

Question #268 Topic 1

Which of the following techniques is MOST useful when dealing with advanced persistent threat (APT) intrusions on live virtualized environments?

A. Memory forensics

B. Log8le analysis

C. Reverse engineering

D. Antivirus operations

Correct Answer: C

Community vote distribution

A (85%) Other
Question #269 Topic 1

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an
authenticated user realizing it?

A. Process injection

B. Cross-Site request forgery (CSRF)

C. Cross-Site Scripting (XSS)

D. Broken Authentication And Session Management

Correct Answer: B

Community vote distribution

B (100%)

Question #270 Topic 1

A scan report returned multiple vulnerabilities affecting several production servers that are mission critical. Attempts to apply the patches in the
development environment have caused the servers to crash. What is the BEST course of action?

A. Mitigate the risks with compensating controls.

B. Upgrade the software affected by the vulnerability.

C. Remove the affected software from the servers.

D. Inform management of possible risks.

Correct Answer: A

Community vote distribution

A (50%) D (50%)

Question #271 Topic 1

A security professional has reviewed a recent site assessment and has noted that a server room on the second eoor of a building has Heating,
Ventilation, and Air
Conditioning (HVAC) intakes on the ground level that have ultraviolet light 8 lters installed, Aero-K Fire suppression in the server room, and pre-
action 8re suppression on eoors above the server room. Which of the following changes can the security professional recommend to reduce risk
associated with these conditions?

A. Remove the ultraviolet light 8lters on the HVAC intake and replace the 8re suppression system on the upper eoors with a dry system

B. Elevate the HVAC intake by constructing a plenum or external shaft over it and convert the server room 8re suppression to a pre-action
system

C. Add additional ultraviolet light 8 lters to the HVAC intake supply and return ducts and change server room 8re suppression to FM-200

D. Apply additional physical security around the HVAC intakes and update upper eoor 8re suppression to FM-200

Correct Answer: A

Community vote distribution

D (69%) A (31%)
Question #272 Topic 1

Which of the following is the MOST common use of the Online Certi8cate Status Protocol (OCSP)?

A. To verify the validity of an X.509 digital certi8cate

B. To obtain the expiration date of an X.509 digital certi8cate

C. To obtain the revocation status of an X.509 digital certi8cate

D. To obtain the author name of an X.509 digital certi8cate

Correct Answer: C

Community vote distribution

C (65%) A (35%)

Question #273 Topic 1

A security professional has been assigned to assess a web application. The assessment report recommends switching to Security Assertion
Markup Language
(SAML). What is the PRIMARY security bene8t in switching to SAML?

A. It enables single sign-on (SSO) for web applications.

B. It uses Transport Layer Security (TLS) to address con8dentiality.

C. It limits unnecessary data entry on web forms.

D. The users' password is not passed during authentication.

Correct Answer: A

Community vote distribution

D (52%) A (48%)

Question #274 Topic 1

An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to
migrate the application into the cloud, but is concerned about the application security of the software in the organization's dedicated environment
with a cloud service provider.
What is the BEST way to prevent and correct the software's security weaknesses?

A. Follow the software end-of-life schedule

B. Implement a dedicated COTS sandbox environment

C. Transfer the risk to the cloud service provider

D. Examine the software updating and patching process

Correct Answer: B

Community vote distribution

D (86%) 14%
Question #275 Topic 1

What type of database attack would allow a customer service employee to determine quarterly sales results before they are publicly announced?

A. Inference

B. Aggregation

C. Polyinstantiation

D. Data mining

Correct Answer: A

Community vote distribution

A (69%) B (17%) D (15%)

Question #276 Topic 1

In a multi-tenant cloud environment, what approach will secure logical access to assets?

A. Controlled con8guration management (CM)

B. Transparency/Auditability of administrative access

C. Virtual private cloud (VPC)

D. Hybrid cloud

Correct Answer: C

Community vote distribution

C (100%)

Question #277 Topic 1

An information technology (IT) employee who travels frequently to various countries remotely connects to an organization's resources to
troubleshoot problems.
Which of the following solutions BEST serves as a secure control mechanism to meet the organization's requirements?

A. Install a third-party screen sharing solution that provides remote connection from a public website.

B. Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.

C. Implement a Dynamic Domain Name Services (DONS) account to initiate a virtual private network (VPN) using the DONS record.

D. Update the 8rewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.

Correct Answer: B

Community vote distribution

B (100%)
Question #278 Topic 1

Which of the following is the BEST way to determine the success of a patch management process?

A. Change management

B. Con8guration management (CM)

C. Analysis and impact assessment

D. Auditing and assessment

Correct Answer: C

Community vote distribution

D (79%) A (21%)

Question #279 Topic 1

An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the
PRIMARY step an organization must take to ensure data is properly protected from public release?

A. Implement a user reporting policy.

B. Implement a data encryption policy.

C. Implement a user training policy.

D. Implement a data classi8cation policy.

Correct Answer: C

Community vote distribution

D (75%) C (25%)

Question #280 Topic 1

A security engineer is required to integrate security into a software project that is implemented by small groups that quickly, continuously, and
independently develop, test, and deploy code to the cloud. The engineer will MOST likely integrate with which software development process?

A. Devops Integrated Product Team (IPT)

B. Structured Waterfall Programming Development

C. Service-oriented architecture (SOA)

D. Spiral Methodology

Correct Answer: D

Community vote distribution

A (57%) D (39%)
Question #281 Topic 1

Which of the following is the BEST method to identify security controls that should be implemented for a web-based application while in
development?

A. Agile software development

B. Secure software development

C. Application threat modeling

D. Penetration testing

Correct Answer: C

Community vote distribution

C (100%)

Question #282 Topic 1

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet
Protocol (TCP/
IP) model?

A. Data Link and Physical Layers

B. Session and Network Layers

C. Transport Layer

D. Application, Presentation, and Session Layers

Correct Answer: B

Community vote distribution

A (100%)

Question #283 Topic 1

An organization's retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for
each step in the plan. Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?

A. Update the Network Address Translation (NAT) table.

B. Update Domain Name System (DNS) server addresses with domain registrar.

C. Update the Border Gateway Protocol (BGP) autonomous system number.

D. Update the web server network adapter con8guration.

Correct Answer: B

Community vote distribution

C (67%) B (33%)
Question #284 Topic 1

In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?

A. Disallow untested code in the execution space of the SCADA device.

B. Disable all command line interfaces.

C. Disable Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port 138 and 139 on the SCADA device.

D. Prohibit the use of unsecure scripting languages.

Correct Answer: D

Community vote distribution

A (88%) 13%

Question #285 Topic 1

Which of the following secure transport protocols is often used to secure Voice over Internet Protocol (VoIP) communications on a network from
end to end?

A. Secure File Transfer Protocol (SFTP)

B. Secure Real-time Transport Protocol (SRTP)

C. Generic Routing Encapsulation (GRE)

D. Internet Protocol Security (IPSec)

Correct Answer: D

Community vote distribution

B (100%)

Question #286 Topic 1

A healthcare insurance organization chose a vendor to develop a software application. Upon review of the draft contract, the information security
professional notices that software security is not addressed. What is the BEST approach to address the issue?

A. Update the contract to require the vendor to perform security code reviews.

B. Update the service level agreement (SLA) to provide the organization the right to audit the vendor.

C. Update the contract so that the vendor is obligated to provide security capabilities.

D. Update the service level agreement (SLA) to require the vendor to provide security capabilities.

Correct Answer: B

Community vote distribution

C (75%) 13% 13%
Question #287 Topic 1

Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud-based application?

A. Host-based intrusion prevention system (HIPS)

B. Access control list (ACL)

C. Data loss prevention (DLP)

D. File integrity monitoring (FIM)

Correct Answer: A

Community vote distribution

C (65%) B (35%)

Question #288 Topic 1

A client server infrastructure that provides user-to-server authentication describes which one of the following?

A. Secure Sockets Layer (SSL)

B. User-based authorization

C. Kerberos

D. X.509

Correct Answer: B

Community vote distribution

C (100%)

Question #289 Topic 1

A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user's
laptop. Which security mechanism addresses this requirement?

A. Trusted Platform Module (TPM)

B. Certi8cate revocation list (CRL) policy

C. Key exchange

D. Hardware encryption

Correct Answer: A

Community vote distribution

B (50%) A (50%)
Question #290 Topic 1

Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support
organizational risk management decisions?

A. Information Security Continuous Monitoring (ISCM)

B. Risk Management Framework (RMF)

C. Information Sharing & Analysis Centers (ISAC)

D. Information Security Management System (ISMS)

Correct Answer: A

Community vote distribution

A (100%)

Question #291 Topic 1

Which of the following types of 8rewall only examines the "handshaking" between packets before forwarding tra[c?

A. Proxy 8rewalls

B. Circuit-level 8rewalls

C. Network Address Translation (NAT) 8rewalls

D. Host-based 8rewalls

Correct Answer: C

Community vote distribution

B (100%)

Question #292 Topic 1

What is a use for mandatory access control (MAC)?

A. Allows for mandatory user identity and passwords based on sensitivity

B. Allows for mandatory system administrator access control over objects

C. Allows for labeling of sensitive user accounts for access control

D. Allows for object security based on sensitivity represented by a label

Correct Answer: D

Community vote distribution

D (100%)
Question #293 Topic 1

An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users
were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue
while still trying to accomplish the organization's business goals?

A. Share only what the organization decides is best.

B. Stop sharing data with the other users.

C. Default the user to not share any information.

D. Inform the user of the sharing feature changes after implemented.

Correct Answer: C

Community vote distribution

C (50%) D (50%)

Question #294 Topic 1

Which of the following system components enforces access controls on an object?

A. Security perimeter

B. Access control matrix

C. Trusted domain

D. Reference monitor

Correct Answer: D

Community vote distribution

D (100%)

Question #295 Topic 1

In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?

A. The accuracy of testing results can be greatly improved if the target(s) are properly hardened.

B. The results of the tests represent a point-in-time assessment of the target(s).

C. The de8ciencies identi8ed can be corrected immediately.

D. The target's security posture cannot be further compromised.

Correct Answer: C

Community vote distribution

B (100%)
Question #296 Topic 1

What is the bene8t of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable
memory region?

A. Identi8es which security patches still need to be installed on the system

B. Reduces the risk of polymorphic viruses from encrypting their payload

C. Stops memory resident viruses from propagating their payload

D. Helps prevent certain exploits that store code in buffers

Correct Answer: B

Community vote distribution

D (100%)

Question #297 Topic 1

What is the overall goal of software security testing?

A. Identifying the key security features of the software

B. Ensuring all software functions perform as speci8ed

C. Reducing vulnerabilities within a software system

D. Making software development more agile

Correct Answer: B

Community vote distribution

C (88%) 12%

Question #298 Topic 1

Which of the following implementations will achieve high availability in a website?

A. Disk mirroring of the web server with redundant disk drives in a hardened data center

B. Disk striping of the web server hard drives and large amounts of bandwidth

C. Multiple geographically dispersed web servers that are con8gured for failover

D. Multiple Domain Name System (DNS) entries resolving to the same web server and large amounts of bandwidth

Correct Answer: C

Community vote distribution

C (100%)
Question #299 Topic 1

Which of the following is an important design feature for the outer door of a mantrap?

A. Allow it to be opened by an alarmed emergency button.

B. Do not allow anyone to enter it alone.

C. Do not allow it to be observed by closed-circuit television (CCTV) cameras.

D. Allow it be opened when the inner door of the mantrap is also open.

Correct Answer: D

Community vote distribution

A (94%) 6%

Question #300 Topic 1

Which of the following is the MOST important rule for digital investigations?

A. Ensure original data is never modi8ed.

B. Ensure systems are powered on.

C. Ensure event logs are rotated.

D. Ensure individual privacy is protected.

Correct Answer: A

Community vote distribution

A (100%)

Question #301 Topic 1

An information security professional is reviewing user access controls on a customer-facing application. The application must have multi-factor
authentication
(MFA) in place. The application currently requires a username and password to login. Which of the following options would BEST implement MFA?

A. Geolocate the user and compare to previous logins

B. Require a pre-selected number as part of the login

C. Have the user answer a secret question that is known to them

D. Enter an automatically generated number from a hardware token

Correct Answer: C

Community vote distribution 3

D (97%)
Question #302 Topic 1

Which of the following is a MAJOR consideration in implementing a Voice over Internet Protocol (VoIP) network?

A. Use of Request for Comments (RFC) 1918 addressing.

B. Use of Network Access Control (NAC) on switches.

C. Use of separation for the voice network.

D. Use of a uni8ed messaging.

Correct Answer: D

Community vote distribution

C (100%)

Question #303 Topic 1

During testing, where are the requirements to inform parent organizations, law enforcement, and a computer incident response team documented?

A. Security Assessment Report (SAR)

B. Security assessment plan

C. Unit test results

D. System integration plan

Correct Answer: A

Community vote distribution

B (100%)

Question #304 Topic 1

The security architect has been mandated to assess the security of various brands of mobile devices. At what phase of the product lifecycle
would this be MOST likely to occur?

A. Implementation

B. Operations and maintenance

C. Disposal

D. Development

Correct Answer: D

Community vote distribution

D (100%)
Question #305 Topic 1

Which of the following statements is MOST accurate regarding information assets?

A. International Organization for Standardization (ISO) 27001 compliance speci8es which information assets must be included in asset
inventory.

B. Information assets include any information that is valuable to the organization.

C. Building an information assets register is a resource-intensive job.

D. Information assets inventory is not required for risk assessment.

Correct Answer: B

Community vote distribution

B (83%) A (17%)

Question #306 Topic 1

Which of the following attack types can be used to compromise the integrity of data during transmission?

A. Synchronization eooding

B. Session hijacking

C. Keylogging

D. Packet sni[ng

Correct Answer: D

Community vote distribution

B (90%) 10%

Question #307 Topic 1

A malicious user gains access to unprotected directories on a web server. Which of the following is MOST likely the cause for this information
disclosure?

A. Broken authentication management

B. Security miscon8guration

C. Cross-site request forgery (CSRF)

D. Structured Query Language injection (SQLi)

Correct Answer: B

Community vote distribution

B (100%)
Question #308 Topic 1

When reviewing the security logs, the password shown for an administrative login event was ' OR ' '1'='1' --. This is an example of which of the
following kinds of attack?

A. Structured Query Language (SQL) Injection

B. Brute Force Attack

C. Rainbow Table Attack

D. Cross-Site Scripting (XSS)

Correct Answer: A

Community vote distribution

A (100%)

Question #309 Topic 1

Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) con8dentiality category?

A. File hashing

B. Storage encryption

C. Data retention policy

D. Data processing

Correct Answer: B

Community vote distribution

B (100%)

Question #310 Topic 1

Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an
organization?

A. Request for proposals (RFP) avoid purchasing software that does not meet business needs.

B. Contracting processes eliminate liability for security vulnerabilities for the purchaser.

C. Decommissioning of old software reduces long-term costs related to technical debt.

D. Software that does not perform as intended may be exploitable which makes it vulnerable to attack.

Correct Answer: A

Community vote distribution

D (100%)
Question #311 Topic 1

An employee's home address should be categorized according to which of the following references?

A. The consent form terms and conditions signed by employees

B. An organization security plan for human resources

C. Existing employee data classi8cations

D. The organization's data classi8cation model

Correct Answer: D

Community vote distribution

D (100%)

Question #312 Topic 1

Which of the following activities should a forensic examiner perform FIRST when determining the priority of digital evidence collection at a crime
scene?

A. Gather physical evidence.

B. Assign responsibilities to personnel on the scene.

C. Establish a list of 8les to examine.

D. Establish order of volatility.

Correct Answer: B

Community vote distribution

D (100%)

Question #313 Topic 1

Which software de8ned networking (SDN) architectural component is responsible for translating network requirements?

A. SDN Controller

B. SDN Datapath

C. SDN Northbound Interfaces

D. SDN Application

Correct Answer: C

Community vote distribution

A (74%) C (26%)
Question #314 Topic 1

An internal audit for an organization recently identi8ed malicious actions by a user account. Upon further investigation, it was determined the
offending user account was used by multiple people at multiple locations simultaneously for various services and applications. What is the BEST
method to prevent this problem in the future?

A. Ensure each user has their own unique account.

B. Allow several users to share a generic account.

C. Ensure the security information and event management (SIEM) is set to alert.

D. Inform users only one user should be using the account at a time.

Correct Answer: C

Community vote distribution

A (76%) C (24%)

Question #315 Topic 1

Who should perform the design review to uncover security design eaws as part of the Software Development Life Cycle (SDLC)?

A. A security subject matter expert (SME)

B. A developer subject matter expert (SME)

C. The business owner

D. The application owner

Correct Answer: A

Community vote distribution

A (100%)

Question #316 Topic 1

The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to
be done correctly?

A. It determines the functional and operational requirements.

B. It determines the security requirements.

C. It affects other steps in the certi8cation and accreditation process.

D. The system engineering process works with selected security controls.

Correct Answer: C

Community vote distribution

B (94%) 6%
Question #317 Topic 1

When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's 8rst consideration?

A. Detection of sophisticated attackers

B. Topology of the network used for the system

C. Risk assessment of the system

D. Resiliency of the system

Correct Answer: D

Community vote distribution

D (56%) C (44%)

Question #318 Topic 1

Which of the following events prompts a review of the disaster recovery plan (DRP)?

A. Change in senior management

B. Completion of the security policy review

C. Organizational merger

D. New members added to the steering committee

Correct Answer: C

Community vote distribution

C (100%)

Question #319 Topic 1

A user is allowed to access the 8le labeled "Financial Forecast," but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of
access mechanism should be used to accomplish this?

A. Minimum access control

B. Limited role-based access control (RBAC)

C. Access control list (ACL)

D. Rule-based access control

Correct Answer: B

Community vote distribution

D (87%) 13%
Question #320 Topic 1

What is the bene8t of using Network Admission Control (NAC)?

A. NAC only supports Windows operating systems (OS).

B. NAC supports validation of the endpoint's security posture prior to allowing the session to go into an authorized state.

C. NAC can require the use of certi8cates, passwords, or a combination of both before allowing network admission.

D. Operating system (OS) versions can be validated prior to allowing network access.

Correct Answer: C

Community vote distribution

B (95%) 5%

Question #321 Topic 1

When MUST an organization's information security strategic plan be reviewed?

A. Whenever there are major changes to the business

B. Quarterly, when the organization's strategic plan is updated

C. Every three years, when the organization's strategic plan is updated

D. Whenever there are signi8cant changes to a major application

Correct Answer: A

Community vote distribution

A (86%) 14%

Question #322 Topic 1

An established information technology (IT) consulting 8rm is considering acquiring a successful local startup. To gain a comprehensive
understanding of the startup's security posture, which type of assessment provides the BEST information?

A. A security audit

B. A tabletop exercise

C. A penetration test

D. A security threat model

Correct Answer: A

Community vote distribution

A (100%)
Question #323 Topic 1

An organization plans to acquire a commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the
organization's security team FIRST get involved in this acquisition's life cycle?

A. When the system is veri8ed and validated

B. When the need for a system is expressed and the purpose of the system is documented

C. When the system is deployed into production

D. When the system is being designed, purchased, programmed, developed, or otherwise constructed

Correct Answer: B

Community vote distribution

B (100%)

Question #324 Topic 1

Which of the following is a PRIMARY security weakness in the design of Domain Name System (DNS)?

A. Each DNS server must hold the address of the root servers.

B. A DNS server can be disabled in a denial-of-service (DoS) attack.

C. A DNS server does not authenticate source of information.

D. A DNS server database can be injected with falsi8ed checksums.

Correct Answer: B

Community vote distribution

C (86%) 14%

Question #325 Topic 1

To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk
of an attack?

A. Apply the latest vendor patches and updates

B. Run a vulnerability scanner

C. Review access controls

D. Install an antivirus on the server

Correct Answer: A

Community vote distribution

A (64%) C (36%)
Question #326 Topic 1

An organization has implemented a password complexity and an account lockout policy enforcing 8ve incorrect logins tries within ten minutes.
Network users have reported signi8cantly increased account lockouts. Which of the following security principles is this company affecting?

A. Con8dentiality

B. Integrity

C. Availability

D. Authentication

Correct Answer: C

Community vote distribution

C (60%) B (20%) A (20%)

Question #327 Topic 1

In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below. Which of the
following would be a reasonable annual loss expectation?

A. 3,500

B. 140,000

C. 14,000

D. 350,000

Correct Answer: A

Community vote distribution

C (100%)

Question #328 Topic 1

A security practitioner has been asked to model best practices for disaster recovery (DR) and business continuity. The practitioner has decided
that a formal committee is needed to establish a business continuity policy. Which of the following BEST describes this stage of business
continuity development?

A. Developing and Implementing business continuity plans (BCP)

B. Project Initiation and Management

C. Risk Evaluation and Control

D. Business impact analysis (BIA)

Correct Answer: D

Community vote distribution

B (94%) 6%
Question #329 Topic 1

What physical characteristic does a retinal scan biometric device measure?

A. The amount of light reeected by the retina

B. The pattern of blood vessels at the back of the eye

C. The size, curvature, and shape of the retina

D. The pattern of light receptors It the back of the eye

Correct Answer: B

Community vote distribution

B (100%)

Question #330 Topic 1

Which of the following BEST represents a defense in depth concept?

A. Network-based data loss prevention (DLP), Network Access Control (NAC), network-based Intrusion prevention system (NIPS), Port security
on core switches

B. Host-based data loss prevention (DLP), Endpoint anti-malware solution, Host-based integrity checker, Laptop locks, hard disk drive (HDD)
encryption

C. Endpoint security management, network intrusion detection system (NIDS), Network Access Control (NAC), Privileged Access Management
(PAM), security information and event management (SIEM)

D. Web application 8rewall (WAF), Gateway network device tuning, Database 8rewall, Next-Generation Firewall (NGFW), Tier-2 demilitarized
zone (DMZ) tuning

Correct Answer: C

Community vote distribution

C (63%) B (38%)

Question #331 Topic 1

Which of the following is required to verify the authenticity of a digitally signed document?

A. Agreed upon shared secret

B. Digital hash of the signed document

C. Recipient's public key

D. Sender's private key

Correct Answer: B

Community vote distribution

B (62%) C (23%) D (15%)
Question #332 Topic 1

Which of the following contributes MOST to the effectiveness of a security o[cer?

A. Developing precise and practical security plans

B. Integrating security into the business strategies

C. Understanding the regulatory environment

D. Analyzing the strengths and weakness of the organization

Correct Answer: C

Community vote distribution

B (100%)

Question #333 Topic 1

Where can the Open Web Application Security Project (OWASP) list of associated vulnerabilities be found?

A. OWASP Mobile Project

B. OWASP Software Assurance Maturity Model (SAMM) Project

C. OWASP Guide Project

D. OWASP Top 10 Project

Correct Answer: D

Community vote distribution

D (100%)

Question #334 Topic 1

Employee training, risk management, and data handling procedures and policies could be characterized as which type of security measure?

A. Preventative

B. Management

C. Non-essential

D. Administrative

Correct Answer: D

Community vote distribution

D (73%) A (27%)
Question #335 Topic 1

A hospital's building controls system monitors and operates the environmental equipment to maintain a safe and comfortable environment. Which
of the following could be used to minimize the risk of utility supply interruption?

A. Digital protection and control devices capable of minimizing the adverse impact to critical utility

B. Standardized building controls system software with high connectivity to hospital networks

C. Lock out maintenance personnel from the building controls system access that can impact critical utility supplies

D. Digital devices that can turn equipment off and continuously cycle rapidly in order to increase supplies and conceal activity on the hospital
network

Correct Answer: A

Community vote distribution

A (100%)

Question #336 Topic 1

Which of the following statements BEST distinguishes a stateful packet inspection 8rewall from a stateless packet 8lter 8rewall?

A. The SPI inspects tra[c on a packet-by-packet basis.

B. The SPI inspects the eags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets.

C. The SPI is capable of dropping packets based on a pre-de8ned rule set.

D. The SPI inspects the tra[c in the context of a session.

Correct Answer: C

Community vote distribution

D (100%)

Question #337 Topic 1

What is the MAIN purpose of conducting a business impact analysis (BIA)?

A. To determine the cost for restoration of damaged information system

B. To determine the controls required to return to business critical operations

C. To determine the critical resources required to recover from an incident within a speci8ed time period

D. To determine the effect of mission-critical information system failures on core business processes

Correct Answer: D

Community vote distribution

D (100%)
Question #338 Topic 1

Which algorithm gets its security from the di[culty of calculating discrete logarithms in a 8nite 8eld and is used to distribute keys, but cannot be
used to encrypt or decrypt messages?

A. Kerberos

B. Digital Signature Algorithm (DSA)

C. Di[e-Hellman

D. Rivest-Shamir-Adleman (RSA)

Correct Answer: A

Community vote distribution

C (92%) 4%

Question #339 Topic 1

Which of the following is established to collect information in accordance with pre-established metrics, utilizing information readily available in
part through implemented security controls?

A. Security Assessment Report (SAR)

B. Organizational risk tolerance

C. Risk assessment report

D. Information Security Continuous Monitoring (ISCM)

Correct Answer: C

Community vote distribution

D (100%)

Question #340 Topic 1

When conducting a remote access session using Internet Protocol Security (IPSec), which Open Systems Interconnection (OSI) model layer does
this connection use?

A. Presentation

B. Transport

C. Network

D. Data link

Correct Answer: C

Community vote distribution

C (100%)
Question #341 Topic 1

Which of the following is the MOST effective corrective control to minimize the effects of a physical intrusion?

A. Rapid response by guards or police to apprehend a possible intruder

B. Sounding a loud alarm to frighten away a possible intruder

C. Automatic videotaping of a possible intrusion

D. Activating bright lighting to frighten away a possible intruder

Correct Answer: D

Community vote distribution

A (94%) 6%

Question #342 Topic 1

Which of the following are the three MAIN categories of security controls?

A. Preventative, corrective, detective

B. Administrative, technical, physical

C. Corrective, detective, recovery

D. Con8dentiality, integrity, availability

Correct Answer: B

Community vote distribution

B (100%)

Question #343 Topic 1

Which is the PRIMARY mechanism for providing the workforce with the information needed to protect an agency's vital information resources?

A. Implementation of access provisioning process for coordinating the creation of user accounts

B. Incorporating security awareness and training as part of the overall information security program

C. An information technology (IT) security policy to preserve the con8dentiality, integrity, and availability of systems

D. Execution of periodic security and privacy assessments to the organization

Correct Answer: C

Community vote distribution

B (67%) C (33%)
Question #344 Topic 1

Which of the following is considered the FIRST step when designing an internal security control assessment?

A. Create a plan based on comprehensive knowledge of known breaches.

B. Create a plan based on reconnaissance of the organization's infrastructure.

C. Create a plan based on a recognized framework of known controls.

D. Create a plan based on recent vulnerability scans of the systems in question.

Correct Answer: B

Community vote distribution

C (43%) B (36%) A (21%)

Question #345 Topic 1

The Open Web Application Security Project's (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a eexible
software security strategy to measure organizational impact based on what risk management aspect?

A. Risk exception

B. Risk tolerance

C. Risk treatment

D. Risk response

Correct Answer: D

Community vote distribution

D (45%) B (30%) C (25%)
Question #346 Topic 1

DRAG DROP -
Match the roles for an external audit to the appropriate responsibilities. Drag each role on the left to its corresponding responsibility on the right.
Select and Place:

Correct Answer:
Question #347 Topic 1

What is the PRIMARY reason that a bit-level copy is more desirable than a 8le-level copy when replicating a hard drives contents for an e-discovery
investigation?

A. The corruption of 8les is less likely.

B. Files that have been deleted will be transferred.

C. The 8le and directory structure is retained.

D. File-level security settings will be preserved.

Correct Answer: B

Community vote distribution

B (100%)

Question #348 Topic 1

An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a
PRIMARY factor for selection?

A. Facility provides an acceptable level of risk

B. Facility provides disaster recovery (DR) services

C. Facility has physical access protection measures

D. Facility provides the most cost-effective solution

Correct Answer: D

Community vote distribution

A (57%) D (43%)

Question #349 Topic 1

A large manufacturing organization arranges to buy an industrial machine system to produce a new line of products. The system includes
software provided to the vendor by a third-party organization. The 8nancial risk to the manufacturing organization starting production is high.
What step should the manufacturing organization take to minimize its 8nancial risk in the new venture prior to the purchase?

A. Require that the software be thoroughly tested by an accredited independent software testing company.

B. Hire a performance tester to execute oqine tests on a system.

C. Calculate the possible loss in revenue to the organization due to software bugs and vulnerabilities, and compare that to the system's overall
price.

D. Place the machine behind a Layer 3 8rewall.

Correct Answer: C

Community vote distribution

C (58%) A (42%)
Question #350 Topic 1

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input?

A. Unit testing

B. Acceptance testing

C. Integration testing

D. Negative testing

Correct Answer: C

Community vote distribution

D (96%)
%

Question #351 Topic 1

Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?

A. Vendors take on the liability for COTS software vulnerabilities.

B. In-house developed software is inherently less secure.

C. COTS software is inherently less secure.

D. Exploits for COTS software are well documented and publicly available.

Correct Answer: D

Community vote distribution

D (77%) C (23%)

Question #352 Topic 1

When conducting a third-party risk assessment of a new supplier, which of the following reports should be reviewed to con8rm the operating
effectiveness of the security, availability, con8dentiality, and privacy trust principles?

A. Service Organization Control (SOC) 1, Type 2

B. Service Organization Control (SOC) 2, Type 2

C. International Organization for Standardization (ISO) 27001

D. International Organization for Standardization (ISO) 27002

Correct Answer: B

Community vote distribution

B (100%)
Question #353 Topic 1

Which of the following would be the BEST mitigation practice for man-in-the-middle (MITM) Voice over Internet Protocol (VoIP) attacks?

A. Use Secure Shell (SSH) protocol

B. Use File Transfer Protocol (FTP)

C. Use Transport Layer Security (TLS) protocol

D. Use Media Gateway Control Protocol (MGCP)

Correct Answer: C

Community vote distribution

C (100%)

Question #354 Topic 1

The Chief Information Security O[cer (CISO) is concerned about business application availability. The organization was recently subject to a
ransomware attack that resulted in the unavailability of applications and services for 10 working days that required paper-based running of all
main business processes. There are now aggressive plans to enhance the Recovery Time Objective (RTO) and cater for more frequent data
captures. Which of the following solutions should be implemented to fully comply to the new business requirements?

A. Virtualization

B. Antivirus

C. Host-based intrusion prevention system (HIPS)

D. Process isolation

Correct Answer: A

Community vote distribution

A (100%)

Question #355 Topic 1

What is the MOST appropriate hierarchy of documents when implementing a security program?

A. Policy, organization principle, standard, guideline

B. Standard, policy, organization principle, guideline

C. Organization principle, policy, standard, guideline

D. Organization principle, guideline, policy, standard

Correct Answer: B

Community vote distribution

C (92%) 8%
Question #356 Topic 1

Which of the following is the MOST important consideration in selecting a security testing method based on different Radio-Frequency
Identi8cation (RFID) vulnerability types?

A. An understanding of the attack surface

B. Adaptability of testing tools to multiple technologies

C. The quality of results and usability of tools

D. The performance and resource utilization of tools

Correct Answer: A

Community vote distribution

A (100%)

Question #357 Topic 1

An organization's internal audit team performed a security audit on the company's system and reported that the manufacturing application is
rarely updated along with other issues categorized as minor. Six months later, an external audit team reviewed the same system with the same
scope, but identi8ed severe weaknesses in the manufacturing application's security controls. What is MOST likely to be the root cause of the
internal audit team's failure in detecting these security issues?

A. Inadequate security patch testing

B. Inadequate test coverage analysis

C. Inadequate log reviews

D. Inadequate change control procedures

Correct Answer: B

Community vote distribution

B (75%) D (25%)

Question #358 Topic 1

Which of the following is a limitation of the Bell-LaPadula model?

A. Segregation of duties (SoD) is di[cult to implement as the "no read-up" rule limits the ability of an object to access information with a
higher classi8cation.

B. Mandatory access control (MAC) is enforced at all levels making discretionary access control (DAC) impossible to implement.

C. It contains no provision or policy for changing data access control and works well only with access systems that are static in nature.

D. It prioritizes integrity over con8dentiality which can lead to inadvertent information disclosure.

Correct Answer: C

Community vote distribution

C (57%) A (43%)
Question #359 Topic 1

Which of the following vulnerability assessment activities BEST exempli8es the Examine method of assessment?

A. Asking the Information System Security O[cer (ISSO) to describe the organization's patch management processes

B. Ensuring that system audit logs capture all relevant data 8elds required by the security controls baseline

C. Logging into a web server using the default administrator account and a default password

D. Performing Port Scans of selected network hosts to enumerate active services

Correct Answer: B

Community vote distribution

B (57%) D (29%) 14%

Question #360 Topic 1

Which of the following BEST ensures the integrity of transactions to intended recipients?

A. Public key infrastructure (PKI)

B. Blockchain technology

C. Pre-shared key (PSK)

D. Web of trust

Correct Answer: A

Community vote distribution

A (50%) B (50%)

Question #361 Topic 1

Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network
engineers have asked for assistance in identifying the root cause of the event. Which of the following is the MOST likely cause?

A. Smurf attack

B. Miscon8gured routing protocol

C. Broadcast domain too large

D. Address spoo8ng

Correct Answer: D

Community vote distribution

C (64%) D (32%)
%
Question #362 Topic 1

A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design
principles are implemented in the new methodology?

A. Information security requirements are captured in mandatory user stories.

B. All developers receive a mandatory targeted information security training.

C. The information security department performs an information security assessment after each sprint.

D. The non-8nancial information security requirements remain mandatory for the new model.

Correct Answer: A

Community vote distribution

A (82%) C (18%)

Question #363 Topic 1

Which of the (ISC)

Code of Ethics canons is MOST reeected when preserving the value of systems, applications, and entrusted information while avoiding coneicts
of interest?

A. Provide diligent and competent service to principles.

B. Act honorably, honestly, justly, responsibly, and legally.

C. Advance and protect the profession.

D. Protect society, the commonwealth, and the infrastructure.

Correct Answer: B

Community vote distribution

A (74%) B (16%) 11%

Question #364 Topic 1

Which of the following should exist in order to perform a security audit?

A. Neutrality of the auditor

B. Industry framework to audit against

C. External (third-party) auditor

D. Internal certi8ed auditor

Correct Answer: B

Community vote distribution

B (68%) A (32%)
Question #365 Topic 1

When telephones in a city are connected by a single exchange, the caller can only connect with the switchboard operator. The operator then
manually connects the call. This is an example of which type of network topology?

A. Point-to-Point Protocol (PPP)

B. Bus

C. Star

D. Tree

Correct Answer: B

Community vote distribution

C (100%)

Question #366 Topic 1

A 8rm within the defense industry has been directed to comply with contractual requirements for encryption of a government client's Controlled
Unclassi8ed
Information (CUI). What encryption strategy represents how to protect data at rest in the MOST e[cient and cost-effective manner?

A. Perform logical separation of program information, using virtualized storage solutions with encryption management in the back-end disk
systems

B. Perform logical separation of program information, using virtualized storage solutions with built-in encryption at the virtualization layer

C. Perform physical separation of program information and encrypt only information deemed critical by the defense client

D. Implement data at rest encryption across the entire storage area network (SAN)

Correct Answer: D

Community vote distribution

D (56%) B (33%) 11%

Question #367 Topic 1

Which audit type is MOST appropriate for evaluating the effectiveness of a security program?

A. Analysis

B. Threat

C. Assessment

D. Validation

Correct Answer: C

Community vote distribution

C (100%)
Question #368 Topic 1

Before allowing a web application into the production environment, the security practitioner performs multiple types of tests to con8rm that the
web application performs as expected. To test the username 8eld, the security practitioner creates a test that enters more characters into the 8eld
than is allowed. Which of the following BEST describes the type of test performed?

A. Misuse case testing

B. Interface testing

C. Web session testing

D. Penetration testing

Correct Answer: A

Community vote distribution

A (88%) 13%

Question #369 Topic 1

If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol (VoIP), which of the following becomes
even MORE essential to the assurance of the network?

A. Boundary routing

B. Classless Inter-Domain Routing (CIDR)

C. Internet Protocol (IP) routing lookups

D. Deterministic routing

Correct Answer: C

Community vote distribution

D (100%)

Question #370 Topic 1

Why would a system be structured to isolate different classes of information from one another and segregate them by user jurisdiction?

A. The organization is required to provide different services to various third-party organizations.

B. The organization can avoid e-discovery processes in the event of litigation.

C. The organization's infrastructure is clearly arranged and scope of responsibility is simpli8ed.

D. The organization can vary its system policies to comply with coneicting national laws.

Correct Answer: D

Community vote distribution

D (60%) C (40%)
Question #371 Topic 1

An organization implements Network Access Control (NAC) using Institute of Electrical and Electronics Engineers (IEEE) 802.1x and discovers the
printers do not support the IEEE 802.1x standard. Which of the following is the BEST resolution?

A. Implement port security on the switch ports for the printers.

B. Do nothing; IEEE 802.1x is irrelevant to printers.

C. Install an IEEE 802.1x bridge for the printers.

D. Implement a virtual local area network (VLAN) for the printers.

Correct Answer: D

Community vote distribution

D (68%) A (32%)

Question #372 Topic 1

Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?

A. Provide an improved mission accomplishment approach.

B. Focus on operating environments that are changing, evolving, and full of emerging threats.

C. Enable management to make well-informed risk-based decisions justifying security expenditure.

D. Secure information technology (IT) systems that store, mass, or transmit organizational information.

Correct Answer: B

Community vote distribution

B (86%) 14%

Question #373 Topic 1

Which of the following security tools monitors devices and records the information in a central database for further analysis?

A. Antivirus

B. Host-based intrusion detection system (HIDS)

C. Security orchestration automation and response

D. Endpoint detection and response (EDR)

Correct Answer: C

Community vote distribution

D (73%) B (18%) 9%
Question #374 Topic 1

In addition to life, protection of which of the following elements is MOST important when planning a data center site?

A. Data and hardware

B. Property and operations

C. Resources and reputation

D. Pro8ts and assets

Correct Answer: A

Community vote distribution

A (56%) C (22%) D (17%) 6%

Question #375 Topic 1

Which of the following documents speci8es services from the client's viewpoint?

A. Business Impact analysis (BIA)

B. Service level agreement (SLA)

C. Service Level Requirement (SLR)

D. Service level report

Correct Answer: B

Community vote distribution

C (83%) B (17%)

Question #376 Topic 1

Which of the following should be included in a good defense-in-depth strategy provided by object-oriented programming for software
development?

A. Polymorphism

B. Inheritance

C. Polyinstantiation

D. Encapsulation

Correct Answer: C

Community vote distribution

D (67%) C (33%)
Question #377 Topic 1

Which of the following is a key responsibility for a data steward assigned to manage an enterprise data lake?

A. Ensure proper business de8nition, value, and usage of data collected and stored within the enterprise data lake.

B. Ensure adequate security controls applied to the enterprise data lake.

C. Ensure proper and identi8able data owners for each data element stored within an enterprise data lake.

D. Ensure that any data passing within remit is being used in accordance with the rules and regulations of the business.

Correct Answer: A

Community vote distribution

A (50%) B (50%)

Question #378 Topic 1

What is the FIRST step prior to executing a test of an organization's disaster recovery (DR) or business continuity plan (BCP)?

A. Develop clear evaluation criteria.

B. Identify key stakeholders.

C. Develop recommendations for disaster scenarios.

D. Identify potential failure points.

Correct Answer: A

Community vote distribution

B (56%) A (44%)

Question #379 Topic 1

A breach investigation found a website was exploited through an open source component. What is the FIRST step in the process that could have
prevented this breach?

A. Application whitelisting

B. Vulnerability remediation

C. Web application 8rewall (WAF)

D. Software inventory

Correct Answer: C

Community vote distribution

D (47%) B (26%) C (26%)
Question #380 Topic 1

What security principle addresses the issue of "Security by Obscurity"?

A. Open design

B. Role Based Access Control (RBAC)

C. Segregation of duties (SoD)

D. Least privilege

Correct Answer: C

Community vote distribution

A (92%) 8%

Question #381 Topic 1

What is the MOST important goal of conducting security assessments?

A. To align the security program with organizational risk appetite

B. To demonstrate proper function of security controls and processes to senior management

C. To prepare the organization for an external audit, particularly by a regulatory entity

D. To discover unmitigated security vulnerabilities, and propose paths for mitigating them

Correct Answer: D

Community vote distribution

D (58%) B (42%)

Question #382 Topic 1

Which of the following virtual network con8guration options is BEST to protect virtual machines (VM)?

A. Data segmentation

B. Data encryption

C. Tra[c 8ltering

D. Tra[c throttling

Correct Answer: D

Community vote distribution

A (53%) C (45%)
Question #383 Topic 1

Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device which has been stolen?

A. Mobile Device Management (MDM) with device wipe

B. Mobile device tracking with geolocation

C. Virtual private network (VPN) with tra[c encryption

D. Whole device encryption with key escrow

Correct Answer: A

Community vote distribution

A (60%) D (40%)

Question #384 Topic 1

An organization is implementing data encryption using symmetric ciphers and the Chief Information O[cer (CIO) is concerned about the risk of
using one key to protect all sensitive data. The security practitioner has been tasked with recommending a solution to address the CIO's concerns.
Which of the following is the
BEST approach to achieving the objective by encrypting all sensitive data?

A. Use a Secure Hash Algorithm 256 (SHA-256).

B. Use Rivest-Shamir-Adleman (RSA) keys.

C. Use a hierarchy of encryption keys.

D. Use Hash Message Authentication Code (HMAC) keys.

Correct Answer: B

Community vote distribution

C (71%) B (29%)

Question #385 Topic 1

Which of the following is a MUST for creating a new custom-built, cloud-native application designed to be horizontally scalable?

A. Network as a Service (NaaS)

B. Platform as a Service (PaaS)

C. Infrastructure as a Service (IaaS)

D. Software as a Service (SaaS)

Correct Answer: C

Community vote distribution

B (55%) C (36%) 9%
Question #386 Topic 1

Which of the following access control mechanisms characterized subjects and objects using a set of encoded security-relevant properties?

A. Mandatory access control (MAC)

B. Role-based access control (RBAC)

C. Attribute-based access control (ABAC)

D. Discretionary access control (DAC)

Correct Answer: C

Community vote distribution

C (60%) A (40%)

Question #387 Topic 1

Which kind of dependencies should be avoided when implementing secure design principles in software-de8ned networking (SDN)?

A. Hybrid

B. Circular

C. Dynamic

D. Static

Correct Answer: B

Question #388 Topic 1

Which mechanism provides the BEST protection against buffer overeow attacks in memory?

A. Address Space Layout Randomization (ASLR)

B. Memory management unit

C. Stack and heap allocation

D. Dynamic random access memory (DRAM)

Correct Answer: A

Community vote distribution

A (80%) B (20%)
Question #389 Topic 1

Which of the following terms is used for online service providers operating within a federation?

A. Active Directory Federation Services (ADFS)

B. Relying party (RP)

C. Single sign-on (SSO)

D. Identity and access management (IAM)

Correct Answer: A

Community vote distribution

B (100%)

Question #390 Topic 1

The Chief Information Security O[cer (CISO) of a large 8nancial institution is responsible for implementing the security controls to protect the
con8dentiality and integrity of the organization’s Information Systems. Which of the controls below is prioritized FIRST?

A. Firewall and reverse proxy

B. Web application 8rewall (WAF) and HyperText Transfer Protocol Secure (HTTPS)

C. Encryption of data in transit and data at rest

D. Firewall and intrusion prevention system (IPS)

Correct Answer: C

Community vote distribution

C (67%) D (33%)

Question #391 Topic 1

Who is the BEST person to review developed application code to ensure it has been tested and veri8ed?

A. A developer who knows what is expected of the application, but not the same one who developed it.

B. A member of quality assurance (QA) should review the developer’s code.

C. A developer who understands the application requirements document, and who also developed the code.

D. The manager should review the developer’s application code.

Correct Answer: B

Community vote distribution

B (50%) A (50%)
Question #392 Topic 1

A bank failed to meet service-level agreements (SLA) with customers after suffering from a database failure of the transaction processing system
(TPS) that resulted in delayed 8nancial deposits. A regulatory agency overseeing the bank would like to determine if the cause of the delay was a
material weakness. Which of the following documents is MOST relevant for the regulatory agency to review?

A. Business continuity plan (BCP)

B. Business impact analysis (BIA)

C. Continuity of Operations Plan (COOP)

D. Enterprise resource planning (ERP)

Correct Answer: B

Community vote distribution

A (63%) B (38%)

Question #393 Topic 1

What is the MOST effective way to ensure that a cloud service provider does not access a customer’s data stored within its infrastructure?

A. Use the organization’s encryption tools and data management controls.

B. Ensure that the cloud service provider will contractually not access data unless given explicit authority.

C. Request audit logs on a regular basis.

D. Utilize the cloud provider’s key management and elastic hardware security module (HSM) support.

Correct Answer: B

Community vote distribution

A (89%) 11%

Question #394 Topic 1

Prohibiting which of the following techniques is MOST helpful in preventing users from obtaining con8dential data by using statistical queries?

A. Sequences of queries that refer repeatedly to the same population

B. Repeated queries that access multiple databases

C. Selecting all records from a table and displaying all columns

D. Running queries that access sensitive data

Correct Answer: D

Community vote distribution

A (100%)
Question #395 Topic 1

Which of the following is a major component of the federated identity management (FIM) implementation model and used to establish a network
between dozens of organizations?

A. Identity as a Service (IDaaS)

B. Attribute-based access control (ABAC)

C. Cross-certi8cation

D. Trusted third party (TTP)

Correct Answer: C

Community vote distribution

A (43%) D (29%) C (29%)

Question #396 Topic 1

A Chief Information Security O[cer (CISO) is considering various proposals for evaluating security weaknesses and vulnerabilities at the source
code level. Which of the following items BEST equips the CISO to make smart decisions for the organization?

A. The Common Weakness Risk Analysis Framework (CWRAF)

B. The Common Vulnerabilities and Exposures (CVE)

C. The Common Weakness Enumeration (CWE)

D. The Open Web Application Security Project (OWASP) Top Ten

Correct Answer: C

Community vote distribution

A (100%)

Question #397 Topic 1

Which of the following methods is MOST effective in mitigating Cross-Site Scripting (XSS) vulnerabilities within HyperText Markup Language
(HTML) websites?

A. Use antivirus and endpoint protection on the server to secure the web-based application

B. Place the web-based system in a de8ned Demilitarized Zone (DMZ)

C. Use .NET framework with .aspx extension to provide a higher level of security to the web application so that the web server display can be
locked down

D. Not returning any HTML tags to the browser client

Correct Answer: D

Community vote distribution

D (33%) C (33%) A (33%)
Question #398 Topic 1

Which of the following MOST accurately describes the Security Target (ST) in the Common Criteria framework?

A. The set of rules that de8ne how resources or assets are managed and protected

B. A product independent set of security criteria for a class of products

C. The product and documentation to be evaluated

D. A document that includes a product speci8c set of security criteria

Correct Answer: D

Community vote distribution

D (100%)

Question #399 Topic 1

An organization has approved deployment of a virtual environment for the development servers and has established controls for restricting
access to resources. In order to implement best security practices for the virtual environment, the security team MUST also implement which of
the following steps?

A. Implement a dedicated management network for the hypervisor.

B. Deploy Terminal Access Controller Access Control System Plus (TACACS+) for authentication.

C. Implement complex passwords using Privileged Access Management (PAM).

D. Capture network tra[c for the network interface.

Correct Answer: A

Community vote distribution

A (100%)

Question #400 Topic 1

Which of the following is a weakness of the Data Encryption Standard (DES)?

A. Block encryption scheme

B. Use of same key for encryption and decryption

C. Publicly disclosed algorithm

D. Inadequate key length

Correct Answer: D

Community vote distribution

D (100%)
Question #401 Topic 1

What are facets of trustworthy software in supply chain operations?

A. Functionality, safety, reliability, integrity, and accuracy

B. Con8dentiality, integrity, availability, authenticity, and possession

C. Safety, reliability, availability, resilience, and security

D. Reparability, security, upgradability, functionality, and accuracy

Correct Answer: D

Community vote distribution

C (100%)

Question #402 Topic 1

In order to meet the project delivery deadline, a web application developer used readily available software components. Which is the BEST method
for reducing the risk associated with this practice?

A. Ensure developers are using approved software development frameworks.

B. Obtain components from o[cial sources over secured link.

C. Ensure encryption of all sensitive data in a manner that protects and defends against threats.

D. Implement a process to verify the effectiveness of the software components and settings.

Correct Answer: D

Community vote distribution

D (43%) B (43%) 14%

Question #403 Topic 1

To ensure proper governance of information throughout the lifecycle, which of the following should be assigned FIRST?

A. Owner

B. Classi8cation

C. Custodian

D. Retention

Correct Answer: A

Community vote distribution

B (77%) A (23%)
Question #404 Topic 1

An effective information security strategy is PRIMARILY based upon which of the following?

A. Risk management practices

B. Security budget constraints

C. Security control implementation

D. Industry and regulatory standards

Correct Answer: A

Community vote distribution

A (75%) C (25%)

Question #405 Topic 1

One of Canada’s leading pharmaceutical 8rms recently hired a Chief Data O[cer (CDO) to oversee its data privacy program. The CDO has
discovered the 8rm’s marketing department has been collecting information from individuals without their knowledge and consent via the
company website. Which of the following privacy regulations should concern the CDO regarding this practice?

A. The Health Insurance Portability and Accountability Act (HIPAA)

B. The Privacy Act of 1974

C. The Fair Information Practice Principles (FIPPs)

D. The Personal Information Protection and Electronic Documents Act (PIPEDA)

Correct Answer: D

Community vote distribution

D (100%)

Question #406 Topic 1

An organization is attempting to strengthen the con8guration of its enterprise resource planning (ERP) software in order to enforce su[cient
segregation of duties (SoD). Which of the following approaches would BEST improve SoD effectiveness?

A. Implementation of frequent audits of access and activity in the ERP by a separate team with no operational duties

B. Implementation of strengthened authentication measures including mandatory second-factor authentication

C. Review of ERP access pro8les to enforce the least-privilege principle based on existing employee responsibilities

D. Review of employee responsibilities and ERP access pro8les to differentiate mission activities from system support activities

Correct Answer: C

Community vote distribution

D (100%)
Question #407 Topic 1

Which type of log collection is focused on detecting and responding to attacks, malware infection, and data theft?

A. Intrusion detection

B. Operational

C. Security

D. Compliance

Correct Answer: C

Community vote distribution

C (57%) A (43%)

Question #408 Topic 1

If a medical analyst independently provides protected health information (PHI) to an external marketing organization, which ethical principal is
this a violation of?

A. Higher ethic in the worst case

B. Informed consent

C. Change of scale test

D. Privacy regulations

Correct Answer: D

Community vote distribution

D (58%) B (42%)

Question #409 Topic 1

Which of the following measures is the MOST critical in order to safeguard from a malware attack on a smartphone?

A. Enable strong password.

B. Install anti-virus for mobile.

C. Enable biometric authentication.

D. Prevent jailbreaking or rooting.

Correct Answer: B

Community vote distribution

D (90%) 10%
Question #410 Topic 1

Which of the following Secure Shell (SSH) remote access practices is MOST suited for scripted functions?

A. Restricting authentication by Internet Protocol (IP) address

B. Requiring multi-factor authentication (MFA)

C. Implementing access credentials management tools

D. Using public key-based authentication method

Correct Answer: D

Community vote distribution

D (100%)

Question #411 Topic 1

Which stage in the identity management (IdM) lifecycle constitutes the GREATEST risk for an enterprise if performed incorrectly?

A. Propagating

B. Deprovisioning

C. Provisioning

D. Maintaining

Correct Answer: B

Community vote distribution

B (57%) C (43%)

Question #412 Topic 1

Which of the following reports provides the BEST attestation of detailed controls when evaluating an Identity as a Service (IDaaS) solution?

A. Service Organization Control (SOC) 1

B. Service Organization Control (SOC) 2

C. Service Organization Control (SOC) 3

D. Statement on Auditing Standards (SAS) 70

Correct Answer: B

Community vote distribution

B (100%)
Question #413 Topic 1

Single sign-on (SSO) for federated identity management (FIM) must be implemented and managed so that authorization mechanisms protect
access to privileged information using OpenID Connect (OIDC) token or Security Assertion Markup Language (SAML) assertion. What is the BEST
method to use to protect them?

A. Pass data in a bearer assertion, only signed by the identity provider.

B. Tokens and assertion should use base64 encoding to assure con8dentiality.

C. Use a challenge and response mechanism such as Challenge Handshake Authentication Protocol (CHAP).

D. The access token or assertion should be encrypted to ensure privacy.

Correct Answer: D

Question #414 Topic 1

The client of a security 8rm reviewed a vulnerability assessment report and claims the report is inaccurate. The client states that the
vulnerabilities listed are not valid because the host’s operating system (OS) was not properly detected. Where in the vulnerability assessment
process did the error MOST likely occur?

A. Report writing

B. Detection

C. Enumeration

D. Scanning

Correct Answer: B

Community vote distribution

D (60%) B (40%)

Question #415 Topic 1

For a victim of a security breach to prevail in a negligence claim, what MUST the victim establish?

A. Concern

B. Breach of contract

C. Proximate cause

D. Hardship

Correct Answer: C
Question #416 Topic 1

A large international organization that collects information from its consumers has contracted with a Software as a Service (SaaS) cloud provider
to process this data. The SaaS cloud provider uses additional data processing to demonstrate other capabilities it wishes to offer to the data
owner. This vendor believes additional data processing activity is allowed since they are not disclosing to other organizations. Which of the
following BEST supports this rationale?

A. The data was encrypted at all times and only a few cloud provider employees had access.

B. As the data owner, the cloud provider has the authority to direct how the data will be processed.

C. As the data processor, the cloud provider has the authority to direct how the data will be processed.

D. The agreement between the two parties is vague and does not detail how the data can be used.

Correct Answer: C

Community vote distribution

D (100%)

Question #417 Topic 1

A security engineer is conducting an audit of an organization’s Voice over Internet Protocol (VoIP) phone network due to a large increase in
charges from their phone provider. The engineer discovers unauthorized endpoints have connected to the phone server from the public internet
and placed hundreds of unauthorized calls to parties around the globe. Which type of attack occurred?

A. Control eavesdropping

B. Toll fraud

C. Call hijacking

D. Address spoo8ng

Correct Answer: B

Question #418 Topic 1

An organization is looking to improve threat detection on their wireless network. The company goal is to automate alerts to improve response
efforts. Which of the following best practices should be implemented FIRST?

A. Deploy a standalone guest Wi-Fi network.

B. Implement multi-factor authentication (MFA) on all domain accounts.

C. Deploy a wireless intrusion detection system (IDS).

D. Implement 802.1x authentication.

Correct Answer: D

Community vote distribution

C (82%) D (18%)
Question #419 Topic 1

Security personnel should be trained by emergency management personnel in what to do before and during a disaster, as well as their role in
recovery efforts. Personnel should take required training for emergency response procedures and protocols. Which part of physical security
design does this fall under?

A. Legal concerns

B. Loss prevention

C. Emergency preparedness

D. Liability for employee conduct

Correct Answer: C

Community vote distribution

C (100%)

Question #420 Topic 1

How is protection for hypervisor host and software administration functions BEST achieved?

A. Enforce network controls using a host-based 8rewall.

B. Deploy the management interface in a dedicated virtual network segment.

C. The management tra[c pathway should have separate physical network interface cards (NIC) and network.

D. Deny permissions to speci8c virtual machines (VM) groups and objects.

Correct Answer: B

Community vote distribution

C (83%) B (17%)

Question #421 Topic 1

To ensure compliance with the General Data Protection Regulation (GDPR), who in the organization should the help desk manager confer with
before selecting a Software as a Service (SaaS) solution?

A. Data owner

B. Database administrator (DBA)

C. Data center manager

D. Data Protection O[cer (DPO)

Correct Answer: D

Community vote distribution

D (100%)