Which of the following BEST describes how access to a system is granted to federated
user accounts?

A.

With the federation assurance level

B.

Based on defined criteria by the Relying Party (RP)

C.

Based on defined criteria by the Identity Provider (IdP)

D.

With the identity assurance level

When designing on Occupent Emergency plan (OEP) for United states (US) Federal
government facilities, what factor must be considered?

A.

location of emergency exits in building

B.

Average age of the agency employees

C.

Geographical location and structural design of building

D.

Federal agency for which plan is being drafted

Company A is evaluating new software to replace an in-house developed application.
During the acquisition process. Company A specified the security retirement, as well as the
functional requirements. Company B responded to the acquisition request with their
flagship product that runs on an Operating System (OS) that Company A has never used
nor evaluated. The flagship product meets all security -and functional requirements as
defined by Company A.
Based upon Company B's response, what step should Company A take?

A.

Move ahead with the acpjisition process, and purchase the flagship software

B.

Conduct a security review of the OS

C.

Perform functionality testing

D.

Enter into contract negotiations ensuring Service Level Agreements (SLA) are
established to include security patching

If virus infection is suspected, which of the following is the FIRST step for the user to take?

A.

Unplug the computer from the network.

B.

Save the opened files and shutdown the computer.

C.

Report the incident to service desk.

D.

Update the antivirus to the latest version

Which of the following is mobile device remote fingerprinting?

A.

Installing an application to retrieve common characteristics of the device

B.

Storing information about a remote device in a cookie file

C.

Identifying a device based on common characteristics shared by all devices of a certain type

D.

Retrieving the serial number of the mobile device

Which of the following factors is á PRIMARY reason to drive changes in an Information
Security Continuous Monitoring (ISCM) strategy?

A.

Testing and Evaluation (TE) personnel changes

B.

Changes to core missions or business processes

C.

Increased Cross-Site Request Forgery (CSRF) attacks

D.

Changes in Service Organization Control (SOC) 2 reporting requirements

Which of the following techniques is effective to detect taps in fiber optic cables?

A.

Taking baseline signal level of the cable

B.

Measuring signal through external oscillator solution devices

C.

Outlining electromagnetic field strength

D.

Performing network vulnerability scanning

Which of the following is PRIMARILY adopted for ensuring the integrity of information is
preserved?

A.

Data at rest protection

B.

Transport Layer Security (TLS)

C.

Role Based Access Control (RBAC)

D.

One-way encryption

Which of the following is a PRIMARY challenge when running a penetration test?

A.

Determining the cost

B.

Establishing a business case

C.

Remediating found vulnerabilities

D.

Determining the depth of coverage

What is maintained by using write blocking devices whan forensic evidence is examined?

A.

Inventory

B.

lntegrity

C.

Confidentiality

D.

Availability

Which open standard could l large corporation deploy for authorization services for single sign-on (SSO) use across multiple internal and external application?

A.

Terminal Access Controller Access Control System (TACACS)

B.

Security Assertion Markup Language (SAML)

C.

Lightweight Directory Access Protocol (LDAP)

D.

Active Directory Federation Services (ADFS)

Which attack defines a piece of code that is inserted into software to trigger a malicious
function?

A.

Phishing

B.

Salami

C.

Back door

D.

Logic bomb