Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic
Host Configuration
Protocol (DHCP).
Which of the following represents a valid measure to help protect the network against
unauthorized access?

A.

Implement path management

B.

Implement port based security through 802.1x

C.

Implement DHCP to assign IP address to server systems

D.

Implement change management

Which of the following is the GREATEST benefit of implementing a Role Based Access Control (RBAC)
system?

A.

Integration using Lightweight Directory Access Protocol (LDAP)

B.

Form-based user registration process

C.

Integration with the organizations Human Resources (HR) system

D.

A considerably simpler provisioning process

Which of the following would MINIMIZE the ability of an attacker to exploit a buffer
overflow?

A.

Memory review

B.

Code review

C.

Message division

D.

Buffer division

Even though a particular digital watermark is difficult to detect, which of the following
represents a way it might still be inadvertently removed?

A.

Truncating parts of the data

B.

Applying Access Control Lists (ACL) to the data

C.

Appending non-watermarked data to watermarked data

D.

Storing the data in a database

Unused space in a disk cluster is important in media analysis because it may contain which
of the following?

A.

Residual data that has not been overwritten

B.

Hidden viruses and Trojan horses

C.

Information about the File Allocation table (FAT)

D.

Information about patches and upgrades to the system

The organization would like to deploy an authorization mechanism for an Information
Technology (IT)
infrastructure project with high employee turnover.
Which access control mechanism would be preferred?

A.

Attribute Based Access Control (ABAC)

B.

Discretionary Access Control (DAC)

C.

Mandatory Access Control (MAC)

D.

Role-Based Access Control (RBAC)

What is the correct order of steps in an information security assessment?
Place the information security assessment steps on the left next to the numbered boxes on
the right in the
correct order.

Which of the following techniques is known to be effective in spotting resource exhaustion
problems, especially with resources such as processes, memory, and connections?

A.

Automated dynamic analysis

B.

Automated static analysis

C.

Manual code review

D.

Fuzzing

Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery
(CSRF) attack?

A.

parameterized database queries

B.

whitelist input values

C.

synchronized session tokens

D.

use strong ciphers

Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

A.

Password requirements are simplified.

B.

Risk associated with orphan accounts is reduced.

C.

Segregation of duties is automatically enforced.

D.

Data confidentiality is increased.

The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity?

A.

Application authentication

B.

Input validation

C.

Digital signing

D.

Device encryption

Which of the following is a responsibility of a data steward?

A.

Ensure alignment of the data governance effort to the organization.

B.

Conduct data governance interviews with the organization.

C.

Document data governance requirements.

D.

Ensure that data decisions and impacts are communicated to the organization.