Q1. Refer.to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Which of the following BEST describes the access control methodology used?
A. Least privilege
B. Lattice Based Access Control (LBAC)
C. Role Based Access Control (RBAC)
D. Lightweight Directory Access Control (LDAP)
Answer: C
Q2. Refer.to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?
A. Anti-virus software
B. Intrusion Prevention System (IPS)
C. Anti-spyware software
D. Integrity checking software
Answer: B
Q3. Which of the following statements is TRUE for point-to-point microwave transmissions?
A. They are not subject to interception due to encryption.
B. Interception only depends on signal strength.
C. They are too highly multiplexed for meaningful interception.
D. They are subject to interception by an antenna within proximity.
Answer: D
Q4. An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?
A. Provide the encrypted passwords and analysis tools to the auditor for analysis.
B. Analyze the encrypted passwords for the auditor and show them the results.
C. Demonstrate that non-compliant passwords cannot be created in the system.
D. Demonstrate that non-compliant passwords cannot be encrypted in the system.
Answer: C
Q5. Refer.to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which.of.the.following.could.have.MOST.likely.prevented.the.Peer-to-Peer.(P2P).program.from.being.installed.on.the.computer?
A. Removing employee's full access to the computer
B. Supervising their child's use of the computer
C. Limiting computer's access to only the employee
D. Ensuring employee understands their business conduct guidelines
Answer: A
Q6. For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?
A. Challenge response and private key
B. Digital certificates and Single Sign-On (SSO)
C. Tokens and passphrase
D. Smart card and biometrics
Answer: D
Q7. Passive Infrared Sensors (PIR) used in a non-climate controlled environment should
A. reduce the detected object temperature in relation to the background temperature.
B. increase the detected object temperature in relation to the background temperature.
C. automatically compensate for variance in background temperature.
D. detect objects of a specific temperature independent of the background temperature.
Answer: C
Q8. If compromised, which of the following would lead to the exploitation of multiple virtual machines?
A. Virtual device drivers
B. Virtual machine monitor
C. Virtual machine instance
D. Virtual machine file system
Answer: B
Q9. During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again?
A. Encrypt communications between the servers
B. Encrypt the web server traffic
C. Implement server-side filtering
D. Filter outgoing traffic at the perimeter firewall
Answer: C
Q10. HOTSPOT
Identify the component that MOST likely lacks digital accountability related to.information access.
Click on the correct device in the image below.
Answer: