Q1. When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
A. Create a user profile.
B. Create a user access matrix.
C. Develop an Access Control List (ACL).
D. Develop a Role Based Access Control (RBAC) list.
Answer: B
Q2. DRAG DROP
Drag the following Security Engineering terms on the left to the BEST definition on the right.
Answer:
Q3. With data labeling, which of the following MUST be the key decision maker?
A. Information security
B. Departmental management
C. Data custodian
D. Data owner
Answer: D
Q4. Which of the following is a reason to use manual patch installation instead of automated patch management?
A. The cost required to install patches will be reduced.
B. The time during which systems will remain vulnerable to an exploit will be decreased.
C. The likelihood of system or application incompatibilities will be decreased.
D. The ability to cover large geographic areas is increased.
Answer: C
Q5. The overall goal of a penetration test is to determine a system's
A. ability to withstand an attack.
B. capacity management.
C. error recovery capabilities.
D. reliability under stress.
Answer: A
Q6. Which methodology is recommended for penetration testing to be effective in the development phase of the life-cycle process?
A. White-box testing
B. Software fuzz testing
C. Black-box testing
D. Visual testing
Answer: A
Q7. What is one way to mitigate the risk of security flaws in.custom.software?
A. Include security language in the Earned Value Management (EVM) contract
B. Include security assurance clauses in the Service Level Agreement (SLA)
C. Purchase only Commercial Off-The-Shelf (COTS) products
D. Purchase only software with no open source Application Programming Interfaces (APIs)
Answer: B
Q8. Which of the following explains why record destruction requirements are included in a data retention policy?
A. To comply with legal and business requirements
B. To save cost for storage and backup
C. To meet destruction.guidelines
D. To validate data ownership
Answer: A
Q9. A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of
A. asynchronous token.
B. Single Sign-On (SSO) token.
C. single factor authentication token.
D. synchronous token.
Answer: D
Q10. The 802.1x standard provides a framework for what?
A. Network authentication for only wireless networks
B. Network authentication for wired and wireless networks
C. Wireless encryption using the Advanced Encryption Standard (AES)
D. Wireless network encryption using Secure Sockets Layer (SSL)
Answer: B