A security professional determines that a number of outsourcing contracts inherited from a
previous merger do not adhere to the current security requirements. Which of the following
BEST minimizes the risk of this
happening again?

A.

Define additional security controls directly after the merger

B.

Include a procurement officer in the merger team

C.

Verify all contracts before a merger occurs

D.

Assign a compliancy officer to review the merger conditions

What is the BEST location in a network to place Virtual Private Network (VPN) devices when an internal review reveals network design flaws in remote access?

A.

In a dedicated Demilitarized Zone (DMZ)

B.

In its own separate Virtual Local Area Network (VLAN)

C.

At the Internet Service Provider (ISP)

D.

Outside the external firewall

Proven application security principles include which of the following?

A.

Minimizing attack surface area

B.

Hardening the network perimeter

C.

Accepting infrastructure security controls

D.

Developing independent modules

What are the steps of a risk assessment?

A.

identification, analysis, evaluation

B.

analysis, evaluation, mitigation

C.

classification, identification, risk management

D.

identification, evaluation, mitigation

Intellectual property right are PRIMARILY concerned with which of the following?

A.

Right of the owner to enjoy their creation

B.

Owner’s ability to maintain copyright

C.

Owner’s ability to realize financial gain

D.

Right of the to control delivery method

Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)?

A.

Minimize malicious attacks from third parties

B.

Manage resource privileges

C.

Share digital identities in hybrid cloud

D.

Defined a standard protocol

Which one of the following considerations has the LEAST impact when considering
transmission security?

A.

Network availability

B.

Node locations

C.

Network bandwidth

D.

Data integrity

Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?

A.

Triple Data Encryption Standard (3DES)

B.

Advanced Encryption Standard (AES)

C.

Message Digest 5 (MD5)

D.

Secure Hash Algorithm 2(SHA-2)

Which of the following MUST be in place to recognize a system attack?

A.

Stateful firewall

B.

Distributed antivirus

C.

Log analysis

D.

Passive honeypot

Which of the following steps should be performed FIRST when purchasing Commercial Off-
The-Shelf (COTS) software?

A.

undergo a security assessment as part of authorization process

B.

establish a risk management strategy

C.

harden the hosting server, and perform hosting and application vulnerability scans

D.

establish policies and procedures on system and services acquisition

Which of the following is the BEST reason for the use of security metrics?

A.

They ensure that the organization meets its security objectives.

B.

They provide an appropriate framework for Information Technology (IT) governance.

C.

They speed up the process of quantitative risk assessment.

D.

They quantify the effectiveness of security processes

What is the PRIMARY goal of fault tolerance?

A.

Elimination of single point of failure

B.

Isolation using a sandbox

C.

Single point of repair

D.

Containment to prevent propagation