Which of the following is the MOST challenging issue in apprehending cyber criminals?

A.

They often use sophisticated method to commit a crime.

B.

It is often hard to collect and maintain integrity of digital evidence.

C.

The crime is often committed from a different jurisdiction.

D.

There is often no physical evidence involved

Which of the following is considered a secure coding practice?

A.

Use concurrent access for shared variables and resources

B.

Use checksums to verify the integrity of libraries

C.

Use new code for common tasks

D.

Use dynamic execution functions to pass user supplied data

A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results. What should be implemented to BEST achieve the desired results?

A.

Configuration Management Database (CMDB)

B.

Source code repository

C.

Configuration Management Plan (CMP)

D.

System performance monitoring application

An Information Technology (IT) professional attends a cybersecurity seminar on current
incident response
methodologies.
What code of ethics canon is being observed?

A.

Provide diligent and competent service to principals

B.

Protect society, the commonwealth, and the infrastructure

C.

Advance and protect the profession

D.

Act honorable, honesty, justly, responsibly, and legally

Which of the following MUST be scalable to address security concerns raised by the integration of third-party
identity services?

A.

Mandatory Access Controls (MAC)

B.

Enterprise security architecture

C.

Enterprise security procedures

D.

Role Based Access Controls (RBAC)

In a change-controlled environment, which of the following is MOST likely to lead to
unauthorized changes to
production programs?

A.

Modifying source code without approval

B.

Promoting programs to production without approval

C.

Developers checking out source code without approval

D.

Developers using Rapid Application Development (RAD) methodologies without approval

Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?

A.

Ensures that a trace for all deliverables is maintained and auditable

B.

Enforces backward compatibility between releases

C.

Ensures that there is no loss of functionality between releases

D.

Allows for future enhancements to existing features

Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?

A.

Mutual authentication

B.

Server authentication

C.

User authentication

D.

Streaming ciphertext data

Which of the following is a characteristic of an internal audit?

A.

An internal audit is typically shorter in duration than an external audit.

B.

The internal audit schedule is published to the organization well in advance.

C.

The internal auditor reports to the Information Technology (IT) department

D.

Management is responsible for reading and acting upon the internal audit results

Which of the following mandates the amount and complexity of security controls applied to a security risk?

A.

Security vulnerabilities

B.

Risk tolerance

C.

Risk mitigation

D.

Security staff

A security practitioner is tasked with securing the organization’s Wireless Access Points
(WAP). Which of
these is the MOST effective way of restricting this environment to authorized users?

A.

Enable Wi-Fi Protected Access 2 (WPA2) encryption on the wireless access point

B.

Disable the broadcast of the Service Set Identifier (SSID) name

C.

Change the name of the Service Set Identifier (SSID) to a random value not associated
with the
organization

D.

Create Access Control Lists (ACL) based on Media Access Control (MAC) addresses

Mandatory Access Controls (MAC) are based on:

A.

security classification and security clearance

B.

data segmentation and data classification

C.

data labels and user access permissions

D.

user roles and data encryption