Which of the following is a common feature of an Identity as a Service (IDaaS) solution?

A.

Single Sign-On (SSO) authentication support

B.

Privileged user authentication support

C.

Password reset service support

D.

Terminal Access Controller Access Control System (TACACS) authentication support

Which of the BEST internationally recognized standard for evaluating security products and
systems?

A.

Payment Card Industry Data Security Standards (PCI-DSS)

B.

Common Criteria (CC)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Sarbanes-Oxley (SOX)

Which of the following is the BEST way to reduce the impact of an externally sourced flood attack?

A.

Have the service provider block the soiree address.

B.

Have the soiree service provider block the address.

C.

Block the source address at the firewall.

D.

Block all inbound traffic until the flood ends.

Who is accountable for the information within an Information System (IS)?

A.

Security manager

B.

System owner

C.

Data owner

D.

Data processor

Which of the following is the BEST Identity-as-a-Service (IDaaS) solution for validating
users?

A.

Single Sign-On (SSO)

B.

Security Assertion Markup Language (SAML)

C.

Lightweight Directory Access Protocol (LDAP)

D.

Open Authentication (OAuth)

Which of the following is a direct monetary cost of a security incident?

A.

Morale

B.

Reputation

C.

Equipment

D.

Information

Which of the following is the BEST reason for writing an information security policy?

A.

To support information security governance

B.

To reduce the number of audit findings

C.

To deter attackers

D.

To implement effective information security controls

A post-implementation review has identified that the Voice Over Internet Protocol (VoIP)
system was designed
to have gratuitous Address Resolution Protocol (ARP) disabled.
Why did the network architect likely design the VoIP system with gratuitous ARP disabled?

A.

Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1.

B.

Gratuitous ARP requires the use of insecure layer 3 protocols.

C.

Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone.

D.

Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

A security analyst for a large financial institution is reviewing network traffic related to an
incident. The analyst determines the traffic is irrelevant to the investigation but in the
process of the review, the analyst also finds that an applications data, which included full
credit card cardholder data, is transferred in clear text between the server and user’s
desktop. The analyst knows this violates the Payment Card Industry Data Security
Standard (PCI-DSS). Which of the following is the analyst’s next step?

A.

Send the log file co-workers for peer review

B.

Include the full network traffic logs in the incident report

C.

Follow organizational processes to alert the proper teams to address the issue.

D.

Ignore data as it is outside the scope of the investigation and the analyst’s role.

A company receives an email threat informing of an Imminent Distributed Denial of Service
(DDoS) attack
targeting its web application, unless ransom is paid. Which of the following techniques
BEST addresses that threat?

A.

Deploying load balancers to distribute inbound traffic across multiple data centers

B.

Set Up Web Application Firewalls (WAFs) to filter out malicious traffic

C.

Implementing reverse web-proxies to validate each new inbound connection

D.

Coordinate with and utilize capabilities within Internet Service Provider (ISP)

It is MOST important to perform which of the following to minimize potential impact when
implementing a new vulnerability scanning tool in a production environment?

A.

Negotiate schedule with the Information Technology (IT) operation’s team

B.

Log vulnerability summary reports to a secured server

C.

Enable scanning during off-peak hours

D.

Establish access for Information Technology (IT) management

Which of the following management process allows ONLY those services required for
users to accomplish
their tasks, change default user passwords, and set servers to retrieve antivirus updates?

A.

Configuration

B.

Identity

C.

Compliance

D.

Patch