Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan
will be necessary to address these concerns.
In addition to web browsers, what PRIMARY areas need to be addressed concerning
mobile code used for malicious purposes?

A.

Text editors, database, and Internet phone applications

B.

Email, presentation, and database applications

C.

Image libraries, presentation and spreadsheet applications

D.

Email, media players, and instant messaging applications

If an attacker in a SYN flood attack uses someone else's valid host address as the source
address, the system under attack will send a large number of Synchronize/Acknowledge
(SYN/ACK) packets to the

A.

default gateway.

B.

attacker's address.

C.

local interface being attacked.

D.

specified source address.

With data labeling, which of the following MUST be the key decision maker?

A.

Information security

B.

Departmental management

C.

Data custodian

D.

Data owner

Which of the following is the PRIMARY benefit of a formalized information classification
program?

A.

It drives audit processes.

B.

It supports risk assessment.

C.

It reduces asset vulnerabilities.

D.

It minimizes system logging requirements

Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee
does not have a personal computer at home and has a child that uses the computer to
send and receive e-mail, search the web, and use instant messaging. The organization’s
Information Technology (IT) department discovers that a peer-to-peer program has been
installed on the computer using the employee's access.
Which of the following could have MOST likely prevented the Peer-to-Peer (P2P) program
from being installed on the computer?

A.

Removing employee's full access to the computer

B.

Supervising their child's use of the computer

C.

Limiting computer's access to only the employee

D.

Ensuring employee understands their business conduct guidelines

According to best practice, which of the following is required when implementing third party software in a production environment?

A.

Scan the application for vulnerabilities

B.

Contract the vendor for patching

C.

Negotiate end user application training

D.

Escrow a copy of the software

Which of the following is the BEST countermeasure to brute force login attacks?

A.

Changing all canonical passwords

B.

Decreasing the number of concurrent user sessions

C.

Restricting initial password delivery only in person

D.

Introducing a delay after failed system access attempts

Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing
levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance
levels for four users, while Table B lists the security classes of four different files

Which of the following is true according to the star property (*property)?

A.

User D can write to File 1

B.

User B can write to File 1

C.

User A can write to File 1

D.

User C can write to File 1

What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?

A.

Experience in the industry

B.

Definition of security profiles

C.

Human resource planning efforts

D.

Procedures in systems development

When implementing a secure wireless network, which of the following supports
authentication and authorization for individual client endpoints?

A.

Temporal Key Integrity Protocol (TKIP)

B.

Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK)

C.

Wi-Fi Protected Access 2 (WPA2) Enterprise

D.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

Which of the following is an example of two-factor authentication?

A.

Retina scan and a palm print

B.

Fingerprint and a smart card

C.

Magnetic stripe card and an ID badge

D.

Password and Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)

Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized
individual accessed a system which hosts a database containing financial information.
Aside from the potential records which may have been viewed, which of the following
should be the PRIMARY concern regarding the database information?

A.

Unauthorized database changes

B.

Integrity of security logs

C.

Availability of the database

D.

Confidentiality of the incident