- All Exams Instant Download
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?A . Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be takenB . Technical teams will understand the testing objectives, testing strategies applied, and...
Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?
Which of the following is a method used to prevent Structured Query Language (SQL) injection attacks?A . Data compressionB . Data classificationC . Data warehousingD . Data validationView AnswerAnswer: D
What would be the MOST probable cause?
Topic 7, . Security Operations An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?A . Absence of a Business Intelligence (BI) solutionB . Inadequate cost modelingC . Improper deployment of the Service-Oriented...
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?A . Development, testing, and deploymentB . Prevention, detection, and remediationC . People, technology, and operationsD . Certification, accreditation, and monitoringView AnswerAnswer: C
Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?
Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?A . Challenge Handshake Authentication Protocol (CHAP)B . Point-to-Point Protocol (PPP)C . Extensible Authentication Protocol (EAP)D . Password Authentication Protocol (PAP)View AnswerAnswer: A
When is a Business Continuity Plan (BCP) considered to be valid?
When is a Business Continuity Plan (BCP) considered to be valid?A . When it has been validated by the Business Continuity (BC) managerB . When it has been validated by the board of directorsC . When it has been validated by all threat scenariosD . When it has been validated...
The BEST method of demonstrating a company's security level to potential customers is
The BEST method of demonstrating a company's security level to potential customers isA . a report from an external auditor.B . responding to a customer's security questionnaire.C . a formal report from an internal auditor.D . a site visit by a customer's security team.View AnswerAnswer: A
As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to
As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability toA . overcome the problems of key assignments.B . monitor the opening of windows and doors.C . trigger alarms when intruders are detected.D . lock down a facility during an...
What is the BEST approach to addressing security issues in legacy web applications?
What is the BEST approach to addressing security issues in legacy web applications?A . Debug the security issuesB . Migrate to newer, supported applications where possibleC . Conduct a security assessmentD . Protect the legacy application with a web application firewallView AnswerAnswer: D
A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?
A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?A . Guaranteed recovery of all business functionsB . Minimization of the need decision making during a crisisC . Insurance against litigation following a disasterD . Protection from loss of organization resourcesView AnswerAnswer: D
