A system has been scanned for vulnerabilities and has been found to contain a number of
communication ports that have been opened without authority. To which of the following
might this system have been subjected?

A.

Trojan horse

B.

Denial of Service (DoS)

C.

Spoofing

D.

Man-in-the-Middle (MITM)

An organization is designing a large enterprise-wide document repository system. They
plan to have several different classification level areas with increasing levels of controls.
The BEST way to ensure document confidentiality in the repository is to

A.

encrypt the contents of the repository and document any exceptions to that requirement.

B.

utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.

C.

keep individuals with access to high security areas from saving those documents into
lower security areas.

D.

require individuals with access to the system to sign Non-Disclosure Agreements (NDA).

Passive Infrared Sensors (PIR) used in a non-climate controlled environment should 

A.

reduce the detected object temperature in relation to the background temperature.

B.

increase the detected object temperature in relation to the background temperature.

C.

automatically compensate for variance in background temperature.

D.

detect objects of a specific temperature independent of the background temperature

A disadvantage of an application filtering firewall is that it can lead to

A.

a crash of the network as a result of user activities.

B.

performance degradation due to the rules applied.

C.

loss of packets on the network due to insufficient bandwidth.

D.

Internet Protocol (IP) spoofing by hackers.

As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to

A.

overcome the problems of key assignments.

B.

monitor the opening of windows and doors.

C.

trigger alarms when intruders are detected.

D.

lock down a facility during an emergency

Which of the following actions should be performed when implementing a change to a database schema in a production system?

A.

Test in development, determine dates, notify users, and implement in production

B.

Apply change to production, run in parallel, finalize change in production, and develop a

C.

Perform user acceptance testing in production, have users sign off, and finalize change

D.

Change in development, perform user acceptance testing, develop a back-out strategy, and implement change

Multi-threaded applications are more at risk than single-threaded applications to

A.

race conditions.

B.

virus infection.

C.

packet sniffing.

D.

database injection.

Which of the following is a security feature of Global Systems for Mobile Communications
(GSM)?

A.

It uses a Subscriber Identity Module (SIM) for authentication.

B.

It uses encrypting techniques for all communications.

C.

The radio spectrum is divided with multiple frequency carriers.

D.

The signal is difficult to read as it provides end-to-end encryption

Which one of the following considerations has the LEAST impact when considering transmission security?

A.

Network availability

B.

Data integrity

C.

Network bandwidth

D.

Node locations

Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

A.

Transparent Database Encryption (TDE)

B.

Column level database encryption

C.

Volume encryption

D.

Data tokenization

A security consultant has been asked to research an organization's legal obligations to
protect privacy-related information. What kind of reading material is MOST relevant to this
project?

A.

The organization's current security policies concerning privacy issues

B.

Privacy-related regulations enforced by governing bodies applicable to the organization

C.

Privacy best practices published by recognized security standards organizations

D.

Organizational procedures designed to protect privacy information 

The key benefits of a signed and encrypted e-mail include

A.

confidentiality, authentication, and authorization.

B.

confidentiality, non-repudiation, and authentication.

C.

non-repudiation, authorization, and authentication.

D.

non-repudiation, confidentiality, and authorization.