Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

A.

Challenge Handshake Authentication Protocol (CHAP)

B.

Point-to-Point Protocol (PPP)

C.

Extensible Authentication Protocol (EAP)

D.

Password Authentication Protocol (PAP)

The Structured Query Language (SQL) implements Discretionary Access Controls (DAC) using

A.

INSERT and DELETE.

B.

GRANT and REVOKE.

C.

PUBLIC and PRIVATE.

D.

ROLLBACK and TERMINATE

Which of the following is a potential risk when a program runs in privileged mode?

A.

It may serve to create unnecessary code complexity

B.

It may not enforce job separation duties

C.

It may create unnecessary application hardening

D.

It may allow malicious code to be inserted

What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?

A.

Ensure that the Incident Response Plan is available and current.

B.

Determine the traffic's initial source and block the appropriate port.

C.

Disable or disconnect suspected target and source systems.

D.

Verify the threat and determine the scope of the attack.

Which of the following BEST represents the principle of open design?

A.

Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.

B.

Algorithms must be protected to ensure the security and interoperability of the designed system.

C.

A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities.

D.

The security of a mechanism should not depend on the secrecy of its design or
implementation.

Which of the following is an effective method for avoiding magnetic media data
remanence?

A.

Degaussing

B.

Encryption

C.

Data Loss Prevention (DLP)

D.

Authentication

What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?

A.

Signature

B.

Inference

C.

Induction

D.

Heuristic

Contingency plan exercises are intended to do which of the following?

A.

Train personnel in roles and responsibilities

B.

Validate service level agreements

C.

Train maintenance personnel

D.

Validate operation metrics

Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?

A.

Write a Service Level Agreement (SLA) for the two companies.

B.

Set up a Virtual Private Network (VPN) between the two companies.

C.

Configure a firewall at the perimeter of each of the two companies.

D.

Establish a File Transfer Protocol (FTP) connection between the two companies.

When constructing an Information Protection Policy (IPP), it is important that the stated rules are necessary, adequate, and

A.

flexible.

B.

confidential.

C.

focused.

D.

achievable.

Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information
Technology (IT) organization to a third-party provider’s facility. This provider will be
responsible for the design, development, testing, and support of several critical, customerbased
applications used by the organization.
The organization should ensure that the third party's physical security controls are in place
so that they

A.

are more rigorous than the original controls.

B.

are able to limit access to sensitive information.

C.

allow access by the organization staff at any time.

D.

cannot be accessed by subcontractors of the third party.

An organization's data policy MUST include a data retention period which is based on

A.

application dismissal.

B.

business procedures.

C.

digital certificates expiration.

D.

regulatory compliance