Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

A.

False Acceptance Rate (FAR)

B.

False Rejection Rate (FRR)

C.

Crossover Error Rate (CER)

D.

Rejection Error Rate

Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?

A.

An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed.

B.

An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject.

C.

An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to.

D.

An explanation of all the technologies employed by the collecting organization in gathering information on the data subject.

The type of authorized interactions a subject can have with an object is

A.

control.

B.

permission.

C.

procedure.

D.

protocol.

Which of the following is the BEST mitigation from phishing attacks?

A.

Network activity monitoring

B.

Security awareness training

C.

Corporate policy and procedures

D.

Strong file and directory permissions

When transmitting information over public networks, the decision to encrypt it should be based on

A.

the estimated monetary value of the information.

B.

whether there are transient nodes relaying the transmission.

C.

the level of confidentiality of the information.

D.

the volume of the information.

Which one of the following transmission media is MOST effective in preventing data interception?

A.

Microwave

B.

Twisted-pair

C.

Fiber optic

D.

Coaxial cable

Which of the following defines the key exchange for Internet Protocol Security (IPSec)?

A.

Secure Sockets Layer (SSL) key exchange

B.

Internet Key Exchange (IKE)

C.

Security Key Exchange (SKE)

D.

Internet Control Message Protocol (ICMP)

What is the BEST approach to addressing security issues in legacy web applications?

A.

Debug the security issues

B.

Migrate to newer, supported applications where possible

C.

Conduct a security assessment

D.

Protect the legacy application with a web application firewall

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

A.

Continuously without exception for all security controls

B.

Before and after each change of the control

C.

At a rate concurrent with the volatility of the security control

D.

Only during system implementation and decommissioning

What is the ultimate objective of information classification?

A.

To assign responsibility for mitigating the risk to vulnerable systems

B.

To ensure that information assets receive an appropriate level of protection

C.

To recognize that the value of any item of information may change over time

D.

To recognize the optimal number of classification categories and the benefits to be gained from their use

Following the completion of a network security assessment, which of the following can BEST be demonstrated?

A.

The effectiveness of controls can be accurately measured

B.

A penetration test of the network will fail

C.

The network is compliant to industry standards

D.

All unpatched vulnerabilities have been identified

Which one of the following describes granularity?

A.

Maximum number of entries available in an Access Control List (ACL)

B.

Fineness to which a trusted system can authenticate users

C.

Number of violations divided by the number of total accesses

D.

Fineness to which an access control system can be adjusted