Topic 12: NEW QUESTIONS A
An organization’s information security strategic plan MUST be reviewed
A.
whenever there are significant changes to a major application.
B.
quarterly, when the organization’s strategic plan is updated.
C.
whenever there are major changes to the business.
D.
every three years, when the organization’s strategic plan is updated
whenever there are major changes to the business.
Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation?
A.
To verify that only employees have access to the facility.
B.
To identify present hazards requiring remediation.
C.
To monitor staff movement throughout the facility.
D.
To provide a safe environment for employees.
To provide a safe environment for employees.
Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?
A.
Provide vulnerability reports to management.
B.
Validate vulnerability remediation activities.
C.
Prevent attackers from discovering vulnerabilities.
D.
Remediate known vulnerabilities.
Validate vulnerability remediation activities.
Which of the following information MUST be provided for user account provisioning?
A.
Full name
B.
Unique identifier
C.
Security question
D.
Date of birth
Unique identifier
Which of the following is a remote access protocol that uses a static authentication?
A.
Point-to-Point Tunneling Protocol (PPTP)
B.
Routing Information Protocol (RIP)
C.
Password Authentication Protocol (PAP)
D.
Challenge Handshake Authentication Protocol (CHAP)
Password Authentication Protocol (PAP)
A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?
A.
Confidentiality
B.
Integrity
C.
Availability
D.
Accessibility
Availability
A vulnerability in which of the following components would be MOST difficult to detect?
A.
Kernel
B.
Shared libraries
C.
Hardware
D.
System application
Hardware
What does the Maximum Tolerable Downtime (MTD) determine?
A.
The estimated period of time a business critical database can remain down before customers are affected.
B.
The fixed length of time a company can endure a disaster without any Disaster
Recovery (DR) planning
C.
The estimated period of time a business can remain interrupted beyond which it risks never recovering
D.
The fixed length of time in a DR process before redundant systems are engaged
The estimated period of time a business can remain interrupted beyond which it risks never recovering
Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test?
A.
Reversal
B.
Gray box
C.
Blind
D.
White box
Blind
Which of the following is a document that identifies each item seized in an investigation,
including date and time seized, full name and signature or initials of the person who seized
the item, and a detailed description of the item?
A.
Property book
B.
Chain of custody form
C.
Search warrant return
D.
Evidence tag
Evidence tag
Match the access control type to the example of the control type.
Drag each access control type net to its corresponding example.
For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies?
A.
Alert data
B.
User data
C.
Content data
D.
Statistical data
Statistical data
| Page 41 out of 124 Pages |
| Previous |