Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan
will be necessary to address these concerns.
What is the BEST reason for the organization to pursue a plan to mitigate client-based
attacks?

A.

Client privilege administration is inherently weaker than server privilege administration.

B.

Client hardening and management is easier on clients than on servers.

C.

Client-based attacks are more common and easier to exploit than server and network based attacks.

D.

Client-based attacks have higher financial impact.

Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system
session. Application access is based on job classification. The organization is subject to
periodic independent reviews of access controls and violations. The organization uses
wired and wireless networks and remote access. The organization also uses secure
connections to branch offices and secure backup and recovery strategies for selected
information and processes.
Following best practice, where should the permitted access for each department and job
classification combination be specified?

A.

Security procedures

B.

Security standards

C.

Human resource policy

D.

Human resource standards

Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

A.

Application monitoring procedures

B.

Configuration control procedures

C.

Security audit procedures

D.

Software patching procedures

Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information
Technology (IT) organization to a third-party provider’s facility. This provider will be
responsible for the design, development, testing, and support of several critical, customerbased
applications used by the organization.
What additional considerations are there if the third party is located in a different country?

A.

The organizational structure of the third party and how it may impact timelines within the organization

B.

The ability of the third party to respond to the organization in a timely manner and with accurate information

C.

The effects of transborder data flows and customer expectations regarding the storage or processing of their data

D.

The quantity of data that must be provided to the third party and how it is to be used

A Business Continuity Plan (BCP) is based on

A.

the policy and procedures manual.

B.

an existing BCP from a similar organization.

C.

a review of the business processes and procedures.

D.

a standard checklist of required items and objectives

A large bank deploys hardware tokens to all customers that use their online banking
system. The token generates and displays a six digit numeric password every 60 seconds.
The customers must log into their bank accounts using this numeric password. This is an
example of

A.

asynchronous token.

B.

Single Sign-On (SSO) token.

C.

single factor authentication token.

D.

synchronous token

Without proper signal protection, embedded systems may be prone to which type of attack?

A.

Brute force

B.

Tampering

C.

Information disclosure

D.

Denial of Service (DoS)

Which of the following is the MAIN goal of a data retention policy?

A.

Ensure that data is destroyed properly.

B.

Ensure that data recovery can be done on the datA.

C.

Ensure the integrity and availability of data for a predetermined amount of time.

D.

Ensure the integrity and confidentiality of data for a predetermined amount of time

Which of the following is the MOST crucial for a successful audit plan?

A.

Defining the scope of the audit to be performed

B.

Identifying the security controls to be implemented

C.

Working with the system owner on new controls

D.

Acquiring evidence of systems that are not compliant

What does secure authentication with logging provide?

A.

Data integrity

B.

Access accountability

C.

Encryption logging format

D.

Segregation of duties

Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department.
The officer has adequate people resources but is lacking the other necessary components
to have an effective security program. There are numerous initiatives requiring security
involvement.
The security program can be considered effective when

A.

vulnerabilities are proactively identified.

B.

audits are regularly performed and reviewed.

C.

backups are regularly performed and validated.

D.

risk is lowered to an acceptable level

Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?

A.

Use of a unified messaging.

B.

Use of separation for the voice network.

C.

Use of Network Access Control (NAC) on switches.

D.

Use of Request for Comments (RFC) 1918 addressing.