Who would be the BEST person to approve an organizations information security policy?

A.

Chief Information Officer (CIO)

B.

Chief Information Security Officer (CISO)

C.

Chief internal auditor

D.

Chief Executive Officer (CEO)

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

A.

Known-plaintext attack

B.

Denial of Service (DoS)

C.

Cookie manipulation

D.

Structured Query Language (SQL) injection

A minimal implementation of endpoint security includes which of the following?

A.

Trusted platforms

B.

Host-based firewalls

C.

Token-based authentication

D.

Wireless Access Points (AP)

Which security modes is MOST commonly used in a commercial environment because it
protects the integrity
of financial and accounting data?

A.

Biba

B.

Graham-Denning

C.

Clark-Wilson

D.

Beil-LaPadula

What does electronic vaulting accomplish?

A.

It protects critical files.

B.

It ensures the fault tolerance of Redundant Array of Independent Disks (RAID) systems

C.

It stripes all database records

D.

It automates the Disaster Recovery Process (DRP)

When developing solutions for mobile devices, in which phase of the Software
Development Life Cycle (SDLC) should technical limitations related to devices be
specified?

A.

Implementation

B.

Initiation

C.

Review

D.

Development

Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization’s systems?

A.

Standardized configurations for devices

B.

Standardized patch testing equipment

C.

Automated system patching

D.

Management support for patching

Which of the following is the BEST metric to obtain when gaining support for an Identify and Access Management (IAM) solution?

A.

Application connection successes resulting in data leakage

B.

Administrative costs for restoring systems after connection failure

C.

Employee system timeouts from implementing wrong limits

D.

Help desk costs required to support password reset requests

During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL):
http://www.companysite.com/products/products.asp?productid=123 or 1=1
What type of attack does this indicate?

A.

Directory traversal

B.

Structured Query Language (SQL) injection

C.

Cross-Site Scripting (XSS)

D.

Shellcode injection

A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections?

A.

Develop a written organizational policy prohibiting unauthorized USB devices

B.

Train users on the dangers of transferring data in USB devices

C.

Implement centralized technical control of USB port connections

D.

Encrypt removable USB devices containing data at rest

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

A.

System acquisition and development

B.

System operations and maintenance

C.

System initiation

D.

System implementation

Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another

A.

Sending assertions to an identity provider

B.

Requesting Identity assertions from the partners domain

C.

defining the identity mapping scheme

D.

Having the resource provider query the Identity provider