During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?

A.

Calculate the value of assets being accredited.

B.

Create a list to include in the Security Assessment and Authorization package.

C.

Identify obsolete hardware and software.

D.

Define the boundaries of the information system

Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?

A.

Notification tool

B.

Message queuing tool

C.

Security token tool

D.

Synchronization tool

The PRIMARY purpose of accreditation is to:

A.

comply with applicable laws and regulations.

B.

allow senior management to make an informed decision regarding whether to accept the risk of operating the system.

C.

protect an organization’s sensitive datA.

D.

verify that all security controls have been implemented properly and are operating in the correct manner.

How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?

A.

Examines log messages or other indications on the system.

B.

Monitors alarms sent to the system administrator

C.

Matches traffic patterns to virus signature files

D.

Examines the Access Control List (ACL)

Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives?

A.

Delete every file on each drive.

B.

Destroy the partition table for each drive using the command line.

C.

Degauss each drive individually.

D.

Perform multiple passes on each drive using approved formatting methods

When evaluating third-party applications, which of the following is the GREATEST
responsibility of Information Security?

A.

Accept the risk on behalf of the organization.

B.

Report findings to the business to determine security gaps.

C.

Quantify the risk to the business for product selection.

D.

Approve the application that best meets security requirements

From a cryptographic perspective, the service of non-repudiation includes which of the following features?

A.

Validity of digital certificates

B.

Validity of the authorization rules

C.

Proof of authenticity of the message

D.

Proof of integrity of the message

Which of the following is the MAIN reason for using configuration management?

A.

To provide centralized administration

B.

To reduce the number of changes

C.

To reduce errors during upgrades

D.

To provide consistency in security controls

Backup information that is critical to the organization is identified through a

A.

Vulnerability Assessment (VA).

B.

Business Continuity Plan (BCP).

C.

Business Impact Analysis (BIA).

D.

data recovery analysis

Reciprocal backup site agreements are considered to be

A.

a better alternative than the use of warm sites.

B.

difficult to test for complex systems.

C.

easy to implement for similar types of organizations.

D.

easy to test and implement for complex systems

A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in place. Which is the MOST suitable approach that the administrator should take?

A.

Administrator should request data owner approval to the user access

B.

Administrator should request manager approval for the user access

C.

Administrator should directly grant the access to the non-sensitive files

D.

Administrator should assess the user access need and either grant or deny the access

As a best practice, the Security Assessment Report (SAR) should include which of the following sections?

A.

Data classification policy

B.

Software and hardware inventory

C.

Remediation recommendations

D.

Names of participants