What is the GREATEST challenge of an agent-based patch management solution?

A.

Time to gather vulnerability information about the computers in the program

B.

Requires that software be installed, running, and managed on all participating
computers

C.

The significant amount of network bandwidth while scanning computers

D.

The consistency of distributing patches to each participating computer

Which of the following PRIMARILY contributes to security incidents in web-based
applications?

A.

Systems administration and operating systems

B.

System incompatibility and patch management

C.

Third-party applications and change controls

D.

Improper stress testing and application interfaces

An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.
As part of the authentication process, which of the following must the end user provide?

A.

An access token

B.

A username and password

C.

A username

D.

A password

Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?

A.

dig

B.

ifconfig

C.

ipconfig

D.

nbtstat

Which methodology is recommended for penetration testing to be effective in the
development phase of the life-cycle process?

A.

White-box testing

B.

Software fuzz testing

C.

Black-box testing

D.

Visual testing

In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?

Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

A.

Data Custodian

B.

Data Owner

C.

Data Creator

D.

Data User

Which of the following is an advantage of on-premise Credential Management Systems?

A.

Improved credential interoperability

B.

Control over system configuration

C.

Lower infrastructure capital costs

D.

Reduced administrative overhead

What balance MUST be considered when web application developers determine how informative application error messages should be constructed?

A.

Risk versus benefit

B.

Availability versus auditability

C.

Confidentiality versus integrity

D.

Performance versus user satisfaction

What is the BEST way to encrypt web application communications?

A.

Secure Hash Algorithm 1 (SHA-1)

B.

Secure Sockets Layer (SSL)

C.

Cipher Block Chaining Message Authentication Code (CBC-MAC)

D.

Transport Layer Security (TLS)

Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?

A.

Transport and Session

B.

Data-Link and Transport

C.

Network and Session

D.

Physical and Data-Link

Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

A.

Transference

B.

Covert channel

C.

Bleeding

D.

Cross-talk