Which of the following standards/guidelines requires an Information Security Management
System (ISMS) to be defined?

A.

International Organization for Standardization (ISO) 27000 family

B.

Information Technology Infrastructure Library (ITIL)

C.

Payment Card Industry Data Security Standard (PCIDSS)

D.

ISO/IEC 20000

The application of which of the following standards would BEST reduce the potential for
data breaches?

A.

ISO 9000

B.

ISO 20121

C.

ISO 26000

D.

ISO 27001

Which of the following statements is TRUE regarding state-based analysis as a functional
software testing technique?

A.

It is useful for testing communications protocols and graphical user interfaces.

B.

It is characterized by the stateless behavior of a process implemented in a function.

C.

Test inputs are obtained from the derived boundaries of the given functional
specifications.

D.

An entire partition can be covered by considering only one representative value from that partition.

During a fingerprint verification process, which of the following is used to verify identity and authentication?

A.

A pressure value is compared with a stored template

B.

Sets of digits are matched with stored values

C.

A hash table is matched to a database of stored value

D.

A template of minutiae is compared with a stored template

Which of the following is the PRIMARY security concern associated with the
implementation of smart cards?

A.

The cards have limited memory

B.

Vendor application compatibility

C.

The cards can be misplaced

D.

Mobile code can be embedded in the card

Which of the following is a recommended alternative to an integrated email encryption system?

A.

Sign emails containing sensitive data

B.

Send sensitive data in separate emails

C.

Encrypt sensitive data separately in attachments

D.

Store sensitive information to be sent in encrypted drives

An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?

A.

Acceptance of risk by the authorizing official

B.

Remediation of vulnerabilities

C.

Adoption of standardized policies and procedures

D.

Approval of the System Security Plan (SSP)

A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

A.

Assess vulnerability risk and program effectiveness.

B.

Assess vulnerability risk and business impact.

C.

Disconnect all systems with critical vulnerabilities.

D.

Disconnect systems with the most number of vulnerabilities.

Software Code signing is used as a method of verifying what security concept?

A.

Integrity

B.

Confidentiality

C.

Availability

D.

Access Control

A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

A.

Public Key Infrastructure (PKI) and digital signatures

B.

Trusted server certificates and passphrases

C.

User ID and password

D.

Asymmetric encryption and User ID

What is the MOST efficient way to secure a production program and its data?

A.

Disable default accounts and implement access control lists (ACL)

B.

Harden the application and encrypt the data

C.

Disable unused services and implement tunneling

D.

Harden the servers and backup the data

Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?

A.

Concept, Development, Production, Utilization, Support, Retirement

B.

Stakeholder Requirements Definition, Architectural Design, Implementation, Verification, Operation

C.

Acquisition, Measurement, Configuration Management, Production, Operation, Support

D.

Concept, Requirements, Design, Implementation, Production, Maintenance, Support, Disposal