Topic 2: . Asset Security
Which of the following is a function of Security Assertion Markup Language (SAML)?
A.
File allocation
B.
Redundancy check
C.
Extended validation
D.
Policy enforcement
Policy enforcement
Which of the following protocols would allow an organization to maintain a centralized list of users that can read a protected webpage?
A.
Lightweight Directory Access Control (LDAP)
B.
Security Assertion Markup Language (SAML)
C.
Hypertext Transfer Protocol (HTTP)
D.
Kerberos
Lightweight Directory Access Control (LDAP)
During the risk assessment phase of the project the CISO discovered that a college within
the University is collecting Protected Health Information (PHI) data via an application that
was developed in-house. The college collecting this data is fully aware of the regulations
for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
Which of the following statements is TRUE regarding value boundary analysis as a
functional software testing technique?
A.
It is useful for testing communications protocols and graphical user interfaces.
B.
It is characterized by the stateless behavior of a process implemented in a function.
C.
Test inputs are obtained from the derived threshold of the given functional
specifications.
D.
An entire partition can be covered by considering only one representative value from that partition.
Test inputs are obtained from the derived threshold of the given functional
specifications.
Which of the following is the MOST effective method of mitigating data theft from an active user workstation?
A.
Implement full-disk encryption
B.
Enable multifactor authentication
C.
Deploy file integrity checkers
D.
Disable use of portable devices
Disable use of portable devices
Which of the following entities is ultimately accountable for data remanence vulnerabilities
with data replicated by a cloud service provider?
A.
Data owner
B.
Data steward
C.
Data custodian
D.
Data processor
Data owner
What is one way to mitigate the risk of security flaws in custom software?
A.
Include security language in the Earned Value Management (EVM) contract
B.
Include security assurance clauses in the Service Level Agreement (SLA)
C.
Purchase only Commercial Off-The-Shelf (COTS) products
D.
Purchase only software with no open source Application Programming Interfaces (APIs)
Include security assurance clauses in the Service Level Agreement (SLA)
The goal of a Business Continuity Plan (BCP) training and awareness program is to
A.
enhance the skills required to create, maintain, and execute the plan.
B.
provide for a high level of recovery in case of disaster.
C.
describe the recovery organization to new employees.
D.
provide each recovery team with checklists and procedures
enhance the skills required to create, maintain, and execute the plan.
Which of the following is the MOST likely cause of a non-malicious data breach when the
source of the data breach was an un-marked file cabinet containing sensitive documents?
A.
Ineffective data classification
B.
Lack of data access controls
C.
Ineffective identity management controls
D.
Lack of Data Loss Prevention (DLP) tools
Ineffective data classification
An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?
A.
Limits and scope of the testing.
B.
Physical location of server room and wiring closet.
C.
Logical location of filters and concentrators.
D.
Employee directory and organizational chart
Limits and scope of the testing.
Retaining system logs for six months or longer can be valuable for what activities?
A.
Disaster recovery and business continuity
B.
Forensics and incident response
C.
Identity and authorization management
Forensics and incident response
A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
A.
Static discharge
B.
Consumption
C.
Generation
D.
Magnetism
Consumption
| Page 26 out of 124 Pages |
| Previous |