- All Exams Instant Download
Which of the following is MOST suited to quickly implement a control?
An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?A . Add a new rule to the application layer firewallB . Block access to the serviceC . Install an Intrusion Detection System (IDS)D...
Which of the following does the Encapsulating Security Payload (ESP) provide?
Which of the following does the Encapsulating Security Payload (ESP) provide?A . Authorization and integrityB . Availability and integrityC . Integrity and confidentialityD . Authorization and confidentialityView AnswerAnswer: C
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?A . After the system preliminary design has been developed and the data security categorization has been performedB . After the vulnerability analysis has been performed and before the system detailed design beginsC . After the...
Which one of the following affects the classification of data?
Which one of the following affects the classification of data?A . Passage of timeB . Assigned security labelC . Multilevel Security (MLS) architectureD . Minimum query sizeView AnswerAnswer: A
Which contract is BEST in offloading the task from the IT staff?
An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations...
Who in the organization is accountable for classification of data information assets?
Who in the organization is accountable for classification of data information assets?A . Data ownerB . Data architectC . Chief Information Security Officer (CISO)D . Chief Information Officer (CIO)View AnswerAnswer: A
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?A . Link layerB . Physical layerC . Session layerD . Application layerView AnswerAnswer: D
Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?
Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?A . Personal Identity Verification (PIV)B . Cardholder Unique Identifier (CHUID) authenticationC . Physical Access Control System (PACS) repeated attempt detectionD . Asymmetric Card Authentication Key (CAK) challenge-responseView AnswerAnswer: C
A vulnerability test on an Information System (IS) is conducted to
A vulnerability test on an Information System (IS) is conducted toA . exploit security weaknesses in the IC . measure system performance on systems with weak security controls.D . evaluate the effectiveness of security controls.E . prepare for Disaster Recovery (DR) planning.View AnswerAnswer: C
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?A . Implementation PhaseB . Initialization PhaseC . Cancellation PhaseD . Issued PhaseView AnswerAnswer: D
