Topic 7: . Security Operations
Which of the following is a PRIMARY advantage of using a third-party identity service?
A.
Consolidation of multiple providers
B.
Directory synchronization
C.
Web based logon
D.
Automated account management
Directory synchronization
What is the MOST important step during forensic analysis when trying to learn the purpose
of an unknown application?
A.
Disable all unnecessary services
B.
Ensure chain of custody
C.
Prepare another backup of the system
D.
Isolate the system from the network
Isolate the system from the network
What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?
A.
Warm site
B.
Hot site
C.
Mirror site
D.
Cold site
Warm site
Which of the following types of business continuity tests includes assessment of resilience
to internal and external risks without endangering live operations?
A.
Walkthrough
B.
Simulation
C.
Parallel
D.
White box
Parallel
Which of the following is the FIRST step in the incident response process?
A.
Determine the cause of the incident
B.
Disconnect the system involved from the network
C.
Isolate and contain the system involved
D.
Investigate all symptoms to confirm the incident
Investigate all symptoms to confirm the incident
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?
A.
Walkthrough
B.
Simulation
C.
Parallel
D.
White box
Parallel
Which of the following is the BEST method to prevent malware from being introduced into a production environment?
A.
Purchase software from a limited list of retailers
B.
Verify the hash key or certificate key of all updates
C.
Do not permit programs, patches, or updates from the Internet
D.
Test all new software in a segregated environment
Test all new software in a segregated environment
Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?
A.
Check arguments in function calls
B.
Test for the security patch level of the environment
C.
Include logging functions
D.
Digitally sign each application module
Test for the security patch level of the environment
A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?
A.
Least privilege
B.
Privilege escalation
C.
Defense in depth
D.
Privilege bracketing
Least privilege
When in the Software Development Life Cycle (SDLC) MUST software security functional
requirements be defined?
A.
After the system preliminary design has been developed and the data security categorization has been performed
B.
After the vulnerability analysis has been performed and before the system detailed design begins
C.
After the system preliminary design has been developed and before the data security categorization begins
D.
After the business functional analysis and the data security categorization have been performed
After the business functional analysis and the data security categorization have been performed
Which of the following is the PRIMARY risk with using open source software in a
commercial software construction?
A.
Lack of software documentation
B.
License agreements requiring release of modified code
C.
Expiration of the license agreement
D.
Costs associated with support of the software
Costs associated with support of the software
The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?
A.
System acquisition and development
B.
System operations and maintenance
C.
System initiation
D.
System implementation
System acquisition and development
| Page 5 out of 124 Pages |
| Previous |