Notifications
Clear all
What is the BEST method to detect the most common improper initialization problems in programming languages?
- A . Use and specify a strong character encoding.
- B . Use automated static analysis tools that target this type of weakness.
- C . Perform input validation on any numeric inputs by assuring that they are within the expected range.
- D . Use data flow analysis to minimize the number of false positives.
Suggested Answer: B
Posted : 03/05/2024 6:29 pm
Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP).
Which of the following represents a valid measure to help protect the network against unauthorized access?
- A . Implement path management
- B . Implement port based security through 802.1x
- C . Implement DHCP to assign IP address to server systems
- D . Implement change management
Suggested Answer: B
Posted : 03/05/2024 9:22 pm
What is the PRIMARY purpose for an organization to conduct a security audit?
- A . To ensure the organization is adhering to a well-defined standard
- B . To ensure the organization is applying security controls to mitigate identified risks
- C . To ensure the organization is configuring information systems efficiently
- D . To ensure the organization is documenting findings
Suggested Answer: A
Posted : 03/05/2024 11:34 pm
Which of the following BEST provides for non-repudiation od user account actions?
- A . Centralized authentication system
- B . File auditing system
- C . Managed Intrusion Detection System (IDS)
- D . Centralized logging system
Suggested Answer: D
Posted : 04/05/2024 2:21 am
An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP) .
Which of the following is the MOST important concern regarding privacy?
- A . The CSP determines data criticality.
- B . The CSP provides end-to-end encryption services.
- C . The CSP’s privacy policy may be developer by the organization.
- D . The CSP may not be subject to the organization’s country legation.
Suggested Answer: D
Posted : 04/05/2024 5:24 am
Which is the MOST critical aspect of computer-generated evidence?
- A . Objectivity
- B . Integrity
- C . Timeliness
- D . Relevancy
Suggested Answer: B
Posted : 04/05/2024 8:23 am
Which of the following defines the key exchange for Internet Protocol Security (IPSec)?
- A . Secure Sockets Layer (SSL) key exchange
- B . Internet Key Exchange (IKE)
- C . Security Key Exchange (SKE)
- D . Internet Control Message Protocol (ICMP)
Suggested Answer: B
Posted : 04/05/2024 1:33 pm
What physical characteristic does a retinal scan biometric device measure?
- A . The amount of light reflected by the retina
- B . The size, curvature, and shape of the retina
- C . The pattern of blood vessels at the back of the eye
- D . The pattern of light receptors at the back of the eye
Suggested Answer: C
Posted : 04/05/2024 2:59 pm
The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would
- A . require an update of the Protection Profile (PP).
- B . require recertification.
- C . retain its current EAL rating.
- D . reduce the product to EAL 3.
Suggested Answer: B
Posted : 04/05/2024 4:13 pm
Why is lexical obfuscation in software development discouraged by many organizations?
- A . Problems writing test cases
- B . Problems recovering systems after disaster
- C . Problems compiling the code
- D . Problems maintaining data connections
Suggested Answer: C
Posted : 04/05/2024 10:17 pm
An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?
- A . Application Manager
- B . Database Administrator
- C . Privacy Officer
- D . Finance Manager
Suggested Answer: C
Posted : 05/05/2024 9:03 am
Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?
- A . Inert gas fire suppression system
- B . Halon gas fire suppression system
- C . Dry-pipe sprinklers
- D . Wet-pipe sprinklers
Suggested Answer: A
Posted : 05/05/2024 12:56 pm
A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.
In which phase of the assessment was this error MOST likely made?
- A . Enumeration
- B . Reporting
- C . Detection
- D . Discovery
Suggested Answer: A
Explanation:
Section: Security Assessment and Testing
Explanation:
Section: Security Assessment and Testing
Posted : 05/05/2024 3:33 pm
Which of the following BEST describes the responsibilities of a data owner?
- A . Ensuring quality and validation through periodic audits for ongoing data integrity
- B . Maintaining fundamental data availability, including data storage and archiving
- C . Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
- D . Determining the impact the information has on the mission of the organization
Suggested Answer: D
Posted : 05/05/2024 8:37 pm
When adopting software as a service (Saas), which security responsibility will remain with remain with the adopting organization?
- A . Physical security
- B . Data classification
- C . Network control
- D . Application layer control
Suggested Answer: B
Posted : 05/05/2024 9:18 pm