Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system
session. Application access is based on job classification. The organization is subject to
periodic independent reviews of access controls and violations. The organization uses
wired and wireless networks and remote access. The organization also uses secure
connections to branch offices and secure backup and recovery strategies for selected
information and processes.

A.

Time of the access

B.

Security classification

C.

Denied access attempts

D.

Associated clearance

Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system
session. Application access is based on job classification. The organization is subject to
periodic independent reviews of access controls and violations. The organization uses
wired and wireless networks and remote access. The organization also uses secure
connections to branch offices and secure backup and recovery strategies for selected
information and processes.
Which of the following BEST describes the access control methodology used?

A.

Least privilege

B.

Lattice Based Access Control (LBAC)

C.

Role Based Access Control (RBAC)

D.

Lightweight Directory Access Control (LDAP)

A thorough review of an organization's audit logs finds that a disgruntled network
administrator has intercepted emails meant for the Chief Executive Officer (CEO) and
changed them before forwarding them to their intended recipient. What type of attack has
MOST likely occurred?

A.

Spoofing

B.

Eavesdropping

C.

Man-in-the-middle

D.

Denial of service

Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department.
The officer has adequate people resources but is lacking the other necessary components
to have an effective security program. There are numerous initiatives requiring security
involvement.
Which of the following is considered the MOST important priority for the information
security officer?

A.

Formal acceptance of the security strategy

B.

Disciplinary actions taken against unethical behavior

C.

Development of an awareness program for new employees

D.

Audit of all organization system configurations for faults

A security manager has noticed an inconsistent application of server security controls
resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

A.

A lack of baseline standards

B.

Improper documentation of security guidelines

C.

A poorly designed security policy communication program

D.

Host-based Intrusion Prevention System (HIPS) policies are ineffective

Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?

A.

Automatically create exceptions for specific actions or files

B.

Determine which files are unsafe to access and blacklist them

C.

Automatically whitelist actions or files known to the system

D.

Build a baseline of normal or safe system events for review

Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan
will be necessary to address these concerns.
What MUST the plan include in order to reduce client-side exploitation?

A.

Approved web browsers

B.

Network firewall procedures

C.

Proxy configuration

D.

Employee education

A system is developed so that its business users can perform business functions but not
user administration functions. Application administrators can perform administration
functions but not user business functions. These capabilities are BEST described as

A.

least privilege.

B.

rule based access controls.

C.

Mandatory Access Control (MAC).

D.

separation of duties.

What is the MOST important reason to configure unique user IDs?

A.

Supporting accountability

B.

Reducing authentication errors

C.

Preventing password compromise

D.

Supporting Single Sign On (SSO)

When dealing with compliance with the Payment Card Industry-Data Security Standard
(PCI-DSS), an organization that shares card holder information with a service provider
MUST do which of the following?

A.

Perform a service provider PCI-DSS assessment on a yearly basis.

B.

Validate the service provider's PCI-DSS compliance status on a regular basis.

C.

Validate that the service providers security policies are in alignment with those of the organization.

D.

Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis.

Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan
will be necessary to address these concerns.
In the plan, what is the BEST approach to mitigate future internal client-based attacks?

A.

Block all client side web exploits at the perimeter.

B.

Remove all non-essential client-side web services from the network.

C.

Screen for harmful exploits of client-side services before implementation.

D.

Harden the client image before deployment

The use of proximity card to gain access to a building is an example of what type of security control?

A.

Legal

B.

Logical

C.

Physical

D.

Procedural