What is the BEST method to detect the most common improper initialization problems in programming languages?
- A . Use and specify a strong character encoding.
- B . Use automated static analysis tools that target this type of weakness.
- C . Perform input validation on any numeric inputs by assuring that they are within the expected range.
- D . Use data flow analysis to minimize the number of false positives.
Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP).
Which of the following represents a valid measure to help protect the network against unauthorized access?
- A . Implement path management
- B . Implement port based security through 802.1x
- C . Implement DHCP to assign IP address to server systems
- D . Implement change management
What is the PRIMARY purpose for an organization to conduct a security audit?
- A . To ensure the organization is adhering to a well-defined standard
- B . To ensure the organization is applying security controls to mitigate identified risks
- C . To ensure the organization is configuring information systems efficiently
- D . To ensure the organization is documenting findings
Which of the following BEST provides for non-repudiation od user account actions?
- A . Centralized authentication system
- B . File auditing system
- C . Managed Intrusion Detection System (IDS)
- D . Centralized logging system
An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP) .
Which of the following is the MOST important concern regarding privacy?
- A . The CSP determines data criticality.
- B . The CSP provides end-to-end encryption services.
- C . The CSP’s privacy policy may be developer by the organization.
- D . The CSP may not be subject to the organization’s country legation.
Which is the MOST critical aspect of computer-generated evidence?
- A . Objectivity
- B . Integrity
- C . Timeliness
- D . Relevancy
Which of the following defines the key exchange for Internet Protocol Security (IPSec)?
- A . Secure Sockets Layer (SSL) key exchange
- B . Internet Key Exchange (IKE)
- C . Security Key Exchange (SKE)
- D . Internet Control Message Protocol (ICMP)
What physical characteristic does a retinal scan biometric device measure?
- A . The amount of light reflected by the retina
- B . The size, curvature, and shape of the retina
- C . The pattern of blood vessels at the back of the eye
- D . The pattern of light receptors at the back of the eye
The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would
- A . require an update of the Protection Profile (PP).
- B . require recertification.
- C . retain its current EAL rating.
- D . reduce the product to EAL 3.
Why is lexical obfuscation in software development discouraged by many organizations?
- A . Problems writing test cases
- B . Problems recovering systems after disaster
- C . Problems compiling the code
- D . Problems maintaining data connections
An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?
- A . Application Manager
- B . Database Administrator
- C . Privacy Officer
- D . Finance Manager
Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?
- A . Inert gas fire suppression system
- B . Halon gas fire suppression system
- C . Dry-pipe sprinklers
- D . Wet-pipe sprinklers
A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report.
In which phase of the assessment was this error MOST likely made?
- A . Enumeration
- B . Reporting
- C . Detection
- D . Discovery
Explanation:
Section: Security Assessment and Testing
Which of the following BEST describes the responsibilities of a data owner?
- A . Ensuring quality and validation through periodic audits for ongoing data integrity
- B . Maintaining fundamental data availability, including data storage and archiving
- C . Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
- D . Determining the impact the information has on the mission of the organization
When adopting software as a service (Saas), which security responsibility will remain with remain with the adopting organization?
- A . Physical security
- B . Data classification
- C . Network control
- D . Application layer control