Topic 11: Exam Set C
Single Sign-On (SSO) is PRIMARILY designed to address which of the following?
A.
Confidentiality and Integrity
B.
Availability and Accountability
C.
Integrity and Availability
D.
Accountability and Assurance
Accountability and Assurance
Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?
A.
Read-through
B.
Parallel
C.
Full interruption
D.
Simulation
Simulation
Discretionary Access Control (DAC) restricts access according to
A.
data classification labeling.
B.
page views within an application.
C.
authorizations granted to the user.
D.
management accreditation.
authorizations granted to the user.
Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?
A.
Ensure end users are aware of the planning activities
B.
Validate all regulatory requirements are known and fully documented
C.
Develop training and awareness programs that involve all stakeholders
D.
Ensure plans do not violate the organization's cultural objectives and goals
Develop training and awareness programs that involve all stakeholders
How can lessons learned from business continuity training and actual recovery incidents BEST be used?
A.
As a means for improvement
B.
As alternative options for awareness and training
C.
As indicators of a need for policy
D.
As business function gap indicators
As a means for improvement
Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?
A.
Level of assurance of the Target of Evaluation (TOE) in intended operational
environment
B.
Selection to meet the security objectives stated in test documents
C.
Security behavior expected of a TOE
D.
Definition of the roles and responsibilities
Security behavior expected of a TOE
While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?
A.
Retention
B.
Reporting
C.
Recovery
D.
Remediation
Retention
A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?
A.
Onward transfer
B.
Collection Limitation
C.
Collector Accountability
D.
Individual Participation
Collection Limitation
Data leakage of sensitive information is MOST often concealed by which of the following?
A.
Secure Sockets Layer (SSL)
B.
Secure Hash Algorithm (SHA)
C.
Wired Equivalent Privacy (WEP)
D.
Secure Post Office Protocol (POP)
Secure Sockets Layer (SSL)
Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?
A.
Access based on rules
B.
Access based on user's role
C.
Access determined by the system
D.
Access based on data sensitivity
Access based on user's role
What is the process called when impact values are assigned to the security objectives for
information types?
A.
Qualitative analysis
B.
Quantitative analysis
C.
Remediation
D.
System security categorization
System security categorization
What does an organization FIRST review to assure compliance with privacy requirements?
A.
Best practices
B.
Business objectives
C.
Legal and regulatory mandates
D.
Employee's compliance to policies and standards
Legal and regulatory mandates
| Page 30 out of 124 Pages |
| Previous |