What physical characteristic does a retinal scan biometric device measure?

A.

The amount of light reflected by the retina

B.

The size, curvature, and shape of the retina

C.

The pattern of blood vessels at the back of the eye

D.

The pattern of light receptors at the back of the eye

What is the PRIMARY reason for ethics awareness and related policy implementation?

A.

It affects the workflow of an organization.

B.

It affects the reputation of an organization.

C.

It affects the retention rate of employees.

D.

It affects the morale of the employees

A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

A.

The inherent risk is greater than the residual risk.

B.

The Annualized Loss Expectancy (ALE) approaches zero.

C.

The expected loss from the risk exceeds mitigation costs.

D.

The infrastructure budget can easily cover the upgrade costs.

What component of a web application that stores the session state in a cookie can be bypassed by an attacker?

A.

An initialization check

B.

An identification check

C.

An authentication check

D.

An authorization check

Refer to the information below to answer the question.
During the investigation of a security incident, it is determined that an unauthorized
individual accessed a system which hosts a database containing financial information.
If the intrusion causes the system processes to hang, which of the following has been
affected?

A.

System integrity

B.

System availability

C.

System confidentiality

D.

System auditability

What is the BEST method to detect the most common improper initialization problems in
programming languages?

A.

Use and specify a strong character encoding.

B.

Use automated static analysis tools that target this type of weakness.

C.

Perform input validation on any numeric inputs by assuring that they are within the expected range.

D.

Use data flow analysis to minimize the number of false positives.

Place the following information classification steps in sequential order.

What is the PRIMARY advantage of using automated application security testing tools?

A.

The application can be protected in the production environment.

B.

Large amounts of code can be tested using fewer resources.

C.

The application will fail less when tested using these tools.

D.

Detailed testing of code functions can be performed.

Which of the following provides effective management assurance for a Wireless Local Area
Network (WLAN)?

A.

Maintaining an inventory of authorized Access Points (AP) and connecting devices

B.

Setting the radio frequency to the minimum range required

C.

Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator

D.

Verifying that all default passwords have been changed

For a service provider, which of the following MOST effectively addresses confidentiality
concerns for customers using cloud computing?

A.

Hash functions

B.

Data segregation

C.

File system permissions

D.

Non-repudiation controls

Which of the following assures that rules are followed in an identity management
architecture?

A.

Policy database

B.

Digital signature

C.

Policy decision point

D.

Policy enforcement point

Which of the following is a critical factor for implementing a successful data classification
program?

A.

Executive sponsorship

B.

Information security sponsorship

C.

End-user acceptance

D.

Internal audit acceptance