Topic 9: Exam Set A
The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide
A.
data integrity.
B.
defense in depth.
C.
data availability.
D.
non-repudiation.
defense in depth.
Which of the following is ensured when hashing files during chain of custody handling?
A.
Availability
B.
Accountability
C.
Integrity
D.
Non-repudiation
Integrity
Which of the following is a strategy of grouping requirements in developing a Security Test
and Evaluation (ST&E)?
A.
Standards, policies, and procedures
B.
Tactical, strategic, and financial
C.
Management, operational, and technical
D.
Documentation, observation, and manual
Management, operational, and technical
In a financial institution, who has the responsibility for assigning the classification to a piece of information?
A.
Chief Financial Officer (CFO)
B.
Chief Information Security Officer (CISO)
C.
Originator or nominated owner of the information
D.
Department head responsible for ensuring the protection of the information
Originator or nominated owner of the information
What security management control is MOST often broken by collusion?
A.
Job rotation
B.
Separation of duties
C.
Least privilege model
D.
Increased monitoring
Separation of duties
Internet Protocol (IP) source address spoofing is used to defeat
A.
address-based authentication.
B.
Address Resolution Protocol (ARP).
C.
Reverse Address Resolution Protocol (RARP).
D.
Transmission Control Protocol (TCP) hijacking
address-based authentication.
An organization allows ping traffic into and out of their network. An attacker has installed a
program on the network that uses the payload portion of the ping packet to move data into
and out of the network. What type of attack has the organization experienced?
A.
Data leakage
B.
Unfiltered channel
C.
Data emanation
D.
Covert channel
Data leakage
Who must approve modifications to an organization's production infrastructure
configuration?
A.
Technical management
B.
Change control board
C.
System operations
D.
System users
Change control board
Which of the following is a network intrusion detection technique?
A.
Statistical anomaly
B.
Perimeter intrusion
C.
Port scanning
D.
Network spoofing
Statistical anomaly
The three PRIMARY requirements for a penetration test are
A.
A defined goal, limited time period, and approval of management
B.
A general objective, unlimited time, and approval of the network administrator
C.
An objective statement, disclosed methodology, and fixed cost
D.
A stated objective, liability waiver, and disclosed methodology
A defined goal, limited time period, and approval of management
When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
A.
Create a user profile.
B.
Create a user access matrix.
C.
Develop an Access Control List (ACL).
D.
Develop a Role Based Access Control (RBAC) list.
Create a user access matrix.
Which security action should be taken FIRST when computer personnel are terminated from their jobs?
A.
Remove their computer access
B.
Require them to turn in their badge
C.
Conduct an exit interview
D.
Reduce their physical access level to the facility
Remove their computer access
| Page 15 out of 124 Pages |
| Previous |