Q1. Which of the following is the MOST important consideration.when.storing and processing.Personally Identifiable Information (PII)?
A. Encrypt and hash all PII to avoid disclosure and tampering.
B. Store PII for no more than one year.
C. Avoid storing PII in a Cloud Service Provider.
D. Adherence to collection limitation laws and regulations.
Answer: D
Q2. Which of the following methods protects.Personally Identifiable.Information (PII).by use of a full replacement of the data element?
A. Transparent Database Encryption (TDE)
B. Column level database encryption
C. Volume encryption
D. Data tokenization
Answer: D
Q3. Refer.to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Which of the following is considered the MOST important priority for the information security officer?
A. Formal acceptance of the security strategy
B. Disciplinary actions taken against unethical behavior
C. Development of an awareness program for new employees
D. Audit of all organization system configurations for faults
Answer: A
Q4. Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?
A. Discretionary Access Control (DAC) procedures
B. Mandatory Access Control (MAC) procedures
C. Data link encryption
D. Segregation of duties
Answer: B
Q5. A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?
A. The organization's current security policies concerning privacy issues
B. Privacy-related regulations enforced by governing bodies applicable to the organization
C. Privacy best practices published by recognized security standards organizations
D. Organizational procedures designed to protect privacy information
Answer: B
Q6. Contingency plan exercises are intended to do which of the following?
A. Train personnel in roles and responsibilities
B. Validate service level agreements
C. Train maintenance personnel
D. Validate operation metrics
Answer: A
Q7. Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?
A. Use of a unified messaging.
B. Use of separation for the voice network.
C. Use of Network Access Control (NAC) on switches.
D. Use of Request for Comments (RFC) 1918 addressing.
Answer: B
Q8. DRAG DROP
Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).
Answer:
Q9. Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?
A. Timing
B. Cold boot
C. Side channel
D. Acoustic cryptanalysis
Answer: B
Q10. In a data classification scheme, the data is owned by the
A. Information Technology (IT) managers.
B. business managers.
C. end users.
D. system security managers.
Answer: B