Q1. Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?
A. False Acceptance Rate (FAR)
B. False Rejection Rate (FRR)
C. Crossover Error Rate (CER)
D. Rejection Error Rate
Answer: A
Q2. What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?
A. Ensure that the Incident Response Plan is available and current.
B. Determine the traffic's initial source and block the appropriate port.
C. Disable or disconnect suspected target and source systems.
D. Verify the threat and determine the scope of the attack.
Answer: D
Q3. While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?
A. Retention
B. Reporting
C. Recovery
D. Remediation
Answer: A
Q4. Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches?
A. Simple Mail Transfer Protocol (SMTP) blacklist
B. Reverse Domain Name System (DNS) lookup
C. Hashing algorithm
D. Header analysis
Answer: D
Q5. Which of the following is a potential risk when a program runs in privileged mode?
A. It may serve to create unnecessary code complexity
B. It may not enforce job separation duties
C. It may create unnecessary application hardening
D. It may allow malicious code to be inserted
Answer: D
Q6. Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?
A. Access based on rules
B. Access based on user's role
C. Access determined by the system
D. Access based on data sensitivity
Answer: B
Q7. The BEST method of demonstrating a company's security level to potential customers is
A. a report from an external auditor.
B. responding to a customer's security questionnaire.
C. a formal report from an internal auditor.
D. a site visit by a customer's security team.
Answer: A
Q8. Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?
A. External
B. Overt
C. Internal
D. Covert
Answer: D
Q9. Which one of the following considerations has the LEAST impact when considering transmission security?
A. Network availability
B. Data integrity
C. Network bandwidth
D. Node locations
Answer: C
Q10. A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
A. Static discharge
B. Consumption
C. Generation
D. Magnetism
Answer: B