What is the PRIMARY goal for using Domain Name System Security Extensions
(DNSSEC) to sign records?

A.

Integrity

B.

Confidentiality

C.

Accountability

D.

Availability

Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?

A.

Delayed revocation or destruction of credentials

B.

Modification of Certificate Revocation List

C.

Unauthorized renewal or re-issuance

D.

Token use after decommissioning

How does an organization verify that an information system's current hardware and software match the standard system configuration?

A.

By reviewing the configuration after the system goes into production

B.

By running vulnerability scanning tools on all devices in the environment

C.

By comparing the actual configuration of the system against the baseline

D.

By verifying all the approved security patches are implemented

Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic media.

A global organization wants to implement hardware tokens as part of a multifactor
authentication solution for remote access. The PRIMARY advantage of this implementation is

A.

the scalability of token enrollment.

B.

increased accountability of end users.

C.

it protects against unauthorized access.

D.

it simplifies user access administration.

Changes to a Trusted Computing Base (TCB) system that could impact the security posture of that system and trigger a recertification activity are documented in the

A.

security impact analysis.

B.

structured code review.

C.

routine self assessment.

D.

cost benefit analysis.

The BEST example of the concept of "something that a user has" when providing an authorized user access to a computing system is

A.

the user's hand geometry.

B.

a credential stored in a token.

C.

a passphrase.

D.

the user's face.

Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?

A.

Hierarchical inheritance

B.

Dynamic separation of duties

C.

The Clark-Wilson security model

D.

The Bell-LaPadula security model

After a thorough analysis, it was discovered that a perpetrator compromised a network by
gaining access to the network through a Secure Socket Layer (SSL) Virtual Private
Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue?

A.

Implement strong passwords authentication for VPN

B.

Integrate the VPN with centralized credential stores

C.

Implement an Internet Protocol Security (IPSec) client

D.

Use two-factor authentication mechanisms

The BEST method to mitigate the risk of a dictionary attack on a system is to

A.

use a hardware token.

B.

use complex passphrases.

C.

implement password history.

D.

encrypt the access control list (ACL).

Which of the following secures web transactions at the Transport Layer?

A.

Secure HyperText Transfer Protocol (S-HTTP)

B.

Secure Sockets Layer (SSL)

C.

Socket Security (SOCKS)

D.

Secure Shell (SSH)

How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)?

A.

Encrypts and optionally authenticates the IP header, but not the IP payload

B.

Encrypts and optionally authenticates the IP payload, but not the IP header

C.

Authenticates the IP payload and selected portions of the IP header

D.

Encrypts and optionally authenticates the complete IP packet