When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?

A.

Topology diagrams

B.

Mapping tools

C.

Asset register

D.

Ping testing

Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

A.

User awareness

B.

Two-factor authentication

C.

Anti-phishing software

D.

Periodic vulnerability scan

Which of the following is MOST important when deploying digital certificates?

A.

Validate compliance with X.509 digital certificate standards

B.

Establish a certificate life cycle management framework

C.

Use a third-party Certificate Authority (CA)

D.

Use no less than 256-bit strength encryption when creating a certificate

The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents?

A.

Service Level Agreement (SLA)

B.

Business Continuity Plan (BCP)

C.

Business Impact Analysis (BIA)

D.

Crisis management plan

When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?

A.

Into the options field

B.

Between the delivery header and payload

C.

Between the source and destination addresses

D.

Into the destination address

A database administrator is asked by a high-ranking member of management to perform
specific changes to the accounting system database. The administrator is specifically
instructed to not track or evidence the change in a ticket. Which of the following is the
BEST course of action?

A.

Ignore the request and do not perform the change.

B.

Perform the change as requested, and rely on the next audit to detect and report the situation.

C.

Perform the change, but create a change ticket regardless to ensure there is complete traceability.

D.

Inform the audit committee or internal audit directly using the corporate whistleblower process.

A company was ranked as high in the following National Institute of Standards and
Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low
maturity grade was attributed to the Identify function. In which of the following the controls
categories does this company need to improve when analyzing its processes individually?

A.

Asset Management, Business Environment, Governance and Risk Assessment

B.

Access Control, Awareness and Training, Data Security and Maintenance

C.

Anomalies and Events, Security Continuous Monitoring and Detection Processes

D.

Recovery Planning, Improvements and Communications

When writing security assessment procedures, what is the MAIN purpose of the test outputs and reports?

A.

To force the software to fail and document the process

B.

To find areas of compromise in confidentiality and integrity

C.

To allow for objective pass or fail decisions

D.

To identify malware or hidden code within the test results

When building a data classification scheme, which of the following is the PRIMARY
concern?

A.

Purpose

B.

Cost effectiveness

C.

Availability

D.

Authenticity

What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?

A.

Radio Frequency (RF) attack

B.

Denial of Service (DoS) attack

C.

Data modification attack

D.

Application-layer attack

vWhich one of the following activities would present a significant security risk to
organizations when employing a Virtual Private Network (VPN) solution?

A.

VPN bandwidth

B.

Simultaneous connection to other networks

C.

Users with Internet Protocol (IP) addressing conflicts

D.

Remote users with administrative rights

What operations role is responsible for protecting the enterprise from corrupt or
contaminated media?

A.

Information security practitioner

B.

Information librarian

C.

Computer operator

D.

Network administrator