Refer to the information below to answer the question 
During the investigation of a security incident, it is determined that an unauthorized
individual accessed a system which hosts a database containing financial information.
If it is discovered that large quantities of information have been copied by the unauthorized
individual, what attribute of the data has been compromised?

A.

Availability

B.

Integrity

C.

Accountability

D.

Confidentiality

Which of the following are required components for implementing software configuration management systems?

A.

Audit control and signoff

B.

User training and acceptance

C.

Rollback and recovery processes

D.

Regression testing and evaluation

Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee
does not have a personal computer at home and has a child that uses the computer to
send and receive e-mail, search the web, and use instant messaging. The organization’s
Information Technology (IT) department discovers that a peer-to-peer program has been
installed on the computer using the employee's access.
Which of the following solutions would have MOST likely detected the use of peer-to-peer
programs when the computer was connected to the office network?

A.

Anti-virus software

B.

Intrusion Prevention System (IPS)

C.

Anti-spyware software

D.

Integrity checking software

Which of the following provides the MOST protection against data theft of sensitive
information when a laptop is stolen?

A.

Set up a BIOS and operating system password

B.

Encrypt the virtual drive where confidential files can be stored

C.

Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network

D.

Encrypt the entire disk and delete contents after a set number of failed access attempts

Refer to the information below to answer the question.
Desktop computers in an organization were sanitized for re-use in an equivalent security
environment. The data was destroyed in accordance with organizational policy and all
marking and other external indications of the sensitivity of the data that was formerly stored
on the magnetic drives were removed.
After magnetic drives were degaussed twice according to the product manufacturer's
directions, what is the MOST LIKELY security issue with degaussing?

A.

Commercial products often have serious weaknesses of the magnetic force available in the degausser product.

B.

Degausser products may not be properly maintained and operated.

C.

The inability to turn the drive around in the chamber for the second pass due to human error.

D.

Inadequate record keeping when sanitizing mediA.

What is a common challenge when implementing Security Assertion Markup Language
(SAML) for identity integration between on-premise environment and an external identity
provider service?

A.

Some users are not provisioned into the service.

B.

SAML tokens are provided by the on-premise identity provider.

C.

Single users cannot be revoked from the service.

D.

SAML tokens contain user information.

Given the various means to protect physical and logical assets, match the access
management area to the technology.

Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?

A.

Secondary use of the data by business users

B.

The organization's security policies and standards

C.

The business purpose for which the data is to be used

D.

The overall protection of corporate resources and data

Which of the following is the BEST solution to provide redundancy for telecommunications
links?

A.

Provide multiple links from the same telecommunications vendor.

B.

Ensure that the telecommunications links connect to the network in one location.

C.

Ensure that the telecommunications links connect to the network in multiple locations.

D.

Provide multiple links from multiple telecommunications vendors.

When using third-party software developers, which of the following is the MOST effective
method of providing software development Quality Assurance (QA)?

A.

Retain intellectual property rights through contractual wording.

B.

Perform overlapping code reviews by both parties.

C.

Verify that the contractors attend development planning meetings.

D.

Create a separate contractor development environment.

Which of the following methods provides the MOST protection for user credentials?

A.

Forms-based authentication

B.

Digest authentication

C.

Basic authentication

D.

Self-registration

During an investigation of database theft from an organization's web site, it was determined
that the Structured Query Language (SQL) injection technique was used despite input
validation with client-side scripting. Which of the following provides the GREATEST
protection against the same attack occurring again?

A.

Encrypt communications between the servers

B.

Encrypt the web server traffic

C.

Implement server-side filtering

D.

Filter outgoing traffic at the perimeter firewall