Q1. Which of the following describes the concept of a Single Sign-On (SSO) system?
A. Users are authenticated to one system at a time.
B. Users are.identified to multiple systems with several credentials.
C. Users are authenticated to.multiple systems with one login.
D. Only one user is using the system at a time.
Answer: C
Q2. What is the MOST efficient way to secure a production program and its data?
A. Disable default accounts and implement access control lists (ACL)
B. Harden the application and encrypt the data
C. Disable unused services and implement tunneling
D. Harden the servers and backup the data
Answer: B
Q3. Refer.to the information below to answer the question.
.A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
What additional considerations are there if the third party is located in a different country?
A. The organizational structure of the third party and how it may impact timelines within the organization
B. The ability of the third party to respond to the organization in a timely manner and with accurate information
C. The effects of transborder data flows and customer expectations regarding the storage or processing of their data
D. The quantity of data that must be provided to the third party and how it is to be used
Answer: C
Q4. What is the MOST effective method of testing custom application code?
A. Negative testing
B. White box testing
C. Penetration testing
D. Black box testing
Answer: B
Q5. Which of the following is TRUE about Disaster Recovery Plan (DRP) testing?
A. Operational networks are usually shut down during testing.
B. Testing should continue even if components of the test fail.
C. The company is fully prepared for a disaster if all tests pass.
D. Testing should not be done until the entire disaster plan can be tested.
Answer: B
Q6. Which of the following is the BEST way to verify the integrity of a software patch?
A. Cryptographic checksums
B. Version numbering
C. Automatic updates
D. Vendor assurance
Answer: A
Q7. Which of the following controls is the FIRST step in protecting privacy in an information system?
A. Data Redaction
B. Data Minimization
C. Data Encryption
D. Data Storage
Answer: B
Q8. Which of the following is an example of two-factor authentication?
A. Retina scan.and a palm print
B. Fingerprint and a smart card
C. Magnetic stripe card and an ID badge
D. Password and Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)
Answer: B
Q9. What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?
A. Man-in-the-Middle (MITM) attack
B. Smurfing
C. Session redirect
D. Spoofing
Answer: D
Q10. To protect auditable information, which of the following MUST be configured to only allow
read access?
A. Logging configurations
B. Transaction log files
C. User account configurations
D. Access control lists (ACL)
Answer: B