The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?

A.

Two-factor authentication

B.

Single Sign-On (SSO)

C.

User self-service

D.

A metadirectory

Which of the following BEST avoids data remanence disclosure for cloud hosted
resources?

A.

Strong encryption and deletion of the keys after data is deleted.

B.

Strong encryption and deletion of the virtual host after data is deleted.

C.

Software based encryption with two factor authentication.

D.

Hardware based encryption on dedicated physical servers.

Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments? Click on the correct specification in the image below.

Which Web Services Security (WS-Security) specification handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below.

Drag the following Security Engineering terms on the left to the BEST definition on the right.

Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

A.

Insecure implementation of Application Programming Interfaces (API)

B.

Improper use and storage of management keys

C.

Misconfiguration of infrastructure allowing for unauthorized access

D.

Vulnerabilities within protocols that can expose confidential data

When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

A.

After the system preliminary design has been developed and the data security
categorization has been performed

B.

After the business functional analysis and the data security categorization have been performed

C.

After the vulnerability analysis has been performed and before the system detailed design begins

D.

After the system preliminary design has been developed and before the data security categorization begins

Which of the following BEST describes the purpose of performing security certification?

A.

To identify system threats, vulnerabilities, and acceptable level of risk

B.

To formalize the confirmation of compliance to security policies and standards

C.

To formalize the confirmation of completed risk mitigation and risk analysis

D.

To verify that system architecture and interconnections with other systems are
effectively implemented

Which of the following is the MOST important element of change management
documentation?

A.

List of components involved

B.

Number of changes being made

C.

Business case justification

D.

A stakeholder communication

Disaster Recovery Plan (DRP) training material should be

A.

consistent so that all audiences receive the same training.

B.

stored in a fire proof safe to ensure availability when needed.

C.

only delivered in paper format.

D.

presented in a professional looking manner

The MAIN reason an organization conducts a security authorization process is to

A.

force the organization to make conscious risk decisions.

B.

assure the effectiveness of security controls.

C.

assure the correct security organization exists.

D.

force the organization to enlist management support.

What security risk does the role-based access approach mitigate MOST effectively?

A.

Excessive access rights to systems and data

B.

Segregation of duties conflicts within business applications

C.

Lack of system administrator activity monitoring

D.

Inappropriate access requests