In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?

A.

Mowing users access to files based on their group membership

B.

Allowing users access to files based on username

C.

Allowing users access to files based on the users location at time of access

D.

Allowing users access to files based on the file type

Which of the following media is least problematic with data remanence?

A.

Magnetic disk

B.

Electrically Erasable Programming read-only Memory (EEPROM)

C.

Dynamic Random Access Memory (DRAM)

D.

Flash memory

An organization operates a legacy Industrial Control System (ICS) to support its core
business service, which carrot be replaced. Its management MUST be performed remotely
through an administrative console software, which in tum depends on an old version of the
Java Runtime Environment (JPE) known to be vulnerable to a number of attacks, How is
this risk BEST managed?

A.

Isolate the full ICS by moving It onto its own network segment

B.

Air-gap and harden the host used for management purposes

C.

Convince the management to decommission the ICS and mitigate to a modem
technology

D.

Deploy a restrictive proxy between all clients and the vulnerable management station

A large corporation is looking for a solution to automate access based on where the
request is coming from, who the user is, what device they are connecting with, and what
and time of day they are attempting this access. What type of solution would suit their
needs?

A.

Mandatory Access Control (MAC)

B.

Network Access Control (NAC)

C.

Role Based Access Control (RBAC)

D.

Discretionary Access Control (DAC)

Which of the following initiates the systems recovery phase of a disaster recovery plan?

A.

Issuing a formal disaster declaration

B.

Activating the organization's hot site

C.

Evacuating the disaster site

D.

Assessing the extent of damage following the disaster

Which of the following is included in the Global System for Mobile Communications (GSM)
security framework?

A.

Public-Key Infrastructure (PKI)

B.

Symmetric key cryptography

C.

Digital signatures

D.

Biometric authentication

Vulnerability scanners may allow for the administrator to assign which of the following in
order to assist in prioritizing remediation activities?

A.

Definitions for each exposure type

B.

Vulnerability attack vectors

C.

Asset values for networks

D.

Exploit code metrics

Which of the following is the BEST way to protect against structured Query Language (SQL) injection?

A.

Restrict use of SELECT command.

B.

Restrict stored procedures.

C.

Enforce boundary checking.

D.

Restrict Hyper Text Markup Language (HTML) source code access.

Which of the following is MOST important when determining appropriate countermeasures
for an identified risk?

A.

Interaction with existing controls

B.

Cost

C.

Organizational risk tolerance

D.

Patch availability

During a Disaster Recovery (DR) assessment, additional coverage for assurance is required. What should en assessor do?

A.

Increase the number and type of relevant staff to interview.

B.

Conduct a comprehensive examination of the Disaster Recovery Plan (DRP).

C.

Increase the level of detail of the interview questions.

D.

Conduct a detailed review of the organization's DR policy

Which of the following techniques is MOST useful when dealing with Advanced persistent
Threat (APT) intrusions on live virtualized environments?

A.

Antivirus operations

B.

Reverse engineering

C.

Memory forensics

D.

Logfile analysis

How can a security engineer maintain network separation from a secure environment while
allowing remote users to work in the secure environment?

A.

Use a Virtual Local Area Network (VLAN) to segment the network

B.

Implement a bastion host

C.

Install anti-virus on all enceinte

D.

Enforce port security on access switches