A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?

A.

Access is based on rules.

B.

Access is determined by the system.

C.

Access is based on user's role.

D.

Access is based on data sensitivity

By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?

A.

Lock pinging

B.

Lock picking

C.

Lock bumping

Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?

A.

External

B.

Overt

C.

Internal

D.

Covert

Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?

A.

Security control baselines, access controls, employee awareness and training

B.

Human resources, asset management, production management

C.

Supply chain lead time, inventory control, encryption

D.

Polygraphs, crime statistics, forensics

Which of the following methods can be used to achieve confidentiality and integrity for data in transit?

A.

Multiprotocol Label Switching (MPLS)

B.

Internet Protocol Security (IPSec)

C.

Federated identity management

D.

Multi-factor authentication

Discretionary Access Control (DAC) is based on which of the following?

A.

Information source and destination

B.

Identification of subjects and objects

C.

Security labels and privileges

D.

Standards and guidelines

The PRIMARY security concern for handheld devices is the

A.

strength of the encryption algorithm.

B.

spread of malware during synchronization.

C.

ability to bypass the authentication mechanism.

D.

strength of the Personal Identification Number (PIN).

The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it

A.

exploits weak authentication to penetrate networks.

B.

can be detected with signature analysis.

C.

looks like normal network activity.

D.

is commonly confused with viruses or worms.

Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).

Which of the following is the PRIMARY issue when collecting detailed log information?

A.

Logs may be unavailable when required

B.

Timely review of the data is potentially difficult

C.

Most systems and applications do not support logging

D.

Logs do not provide sufficient details of system and individual activities

Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?

A.

Data at rest encryption

B.

Configuration Management

C.

Integrity checking software

D.

Cyclic redundancy check (CRC)

Which Web Services Security (WS-Security) specification negotiates how security tokens will be issued, renewed and validated? Click on the correct specification in the image below.