NEW QUESTION 1
Which of the following is needed to securely distribute symmetric cryptographic keys?

• A. Officially approved Public-Key Infrastructure (PKI) Class 3 or Class 4 certificates
• B. Officially approved and compliant key management technology and processes
• C. An organizationally approved communication protection policy and key management plan
• D. Hardware tokens that protect the user’s private key.

Answer: C

NEW QUESTION 2
Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?

• A. The dynamic reconfiguration of systems
• B. The cost of downtime
• C. A recovery strategy for all business processes
• D. A containment strategy

Answer: C

NEW QUESTION 3
Which of the following is the MOST common method of memory protection?

• A. Compartmentalization
• B. Segmentation
• C. Error correction
• D. Virtual Local Area Network (VLAN) tagging

Answer: B

NEW QUESTION 4
In which identity management process is the subject’s identity established?

• A. Trust
• B. Provisioning
• C. Authorization
• D. Enrollment

Answer: D

NEW QUESTION 5
An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the application can be accredited?

• A. Acceptance of risk by the authorizing official
• B. Remediation of vulnerabilities
• C. Adoption of standardized policies and procedures
• D. Approval of the System Security Plan (SSP)

Answer: A

NEW QUESTION 6
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
What MUST the access control logs contain in addition to the identifier?

• A. Time of the access
• B. Security classification
• C. Denied access attempts
• D. Associated clearance

Answer: A

NEW QUESTION 7
Reciprocal backup site agreements are considered to be

• A. a better alternative than the use of warm sites.
• B. difficult to test for complex systems.
• C. easy to implement for similar types of organizations.
• D. easy to test and implement for complex systems.

Answer: B

NEW QUESTION 8
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is

• A. organization policy.
• B. industry best practices.
• C. industry laws and regulations.
• D. management feedback.

Answer: A

NEW QUESTION 9
A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user’s desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst’s next step?

• A. Send the log file co-workers for peer review
• B. Include the full network traffic logs in the incident report
• C. Follow organizational processes to alert the proper teams to address the issue.
• D. Ignore data as it is outside the scope of the investigation and the analyst’s role.

Answer: C

Explanation: Section: Security Operations

NEW QUESTION 10
Which of the following is a weakness of Wired Equivalent Privacy (WEP)?

• A. Length of Initialization Vector (IV)
• B. Protection against message replay
• C. Detection of message tampering
• D. Built-in provision to rotate keys

Answer: A

NEW QUESTION 11
Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation?

• A. To verify that only employees have access to the facility.
• B. To identify present hazards requiring remediation.
• C. To monitor staff movement throughout the facility.
• D. To provide a safe environment for employees.

Answer: D

NEW QUESTION 12
What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?

• A. Parallel
• B. Walkthrough
• C. Simulation
• D. Tabletop

Answer: C

NEW QUESTION 13
Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?

• A. Level of assurance of the Target of Evaluation (TOE) in intended operational environment
• B. Selection to meet the security objectives stated in test documents
• C. Security behavior expected of a TOE
• D. Definition of the roles and responsibilities

Answer: C

NEW QUESTION 14
A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

• A. The inherent risk is greater than the residual risk.
• B. The Annualized Loss Expectancy (ALE) approaches zero.
• C. The expected loss from the risk exceeds mitigation costs.
• D. The infrastructure budget can easily cover the upgrade costs.

Answer: C

NEW QUESTION 15
Which of the following could cause a Denial of Service (DoS) against an authentication system?

• A. Encryption of audit logs
• B. No archiving of audit logs
• C. Hashing of audit logs
• D. Remote access audit logs

Answer: D

NEW QUESTION 16
Which of the following defines the key exchange for Internet Protocol Security (IPSec)?

• A. Secure Sockets Layer (SSL) key exchange
• B. Internet Key Exchange (IKE)
• C. Security Key Exchange (SKE)
• D. Internet Control Message Protocol (ICMP)

Answer: B

NEW QUESTION 17
Data leakage of sensitive information is MOST often concealed by which of the following?

• A. Secure Sockets Layer (SSL)
• B. Secure Hash Algorithm (SHA)
• C. Wired Equivalent Privacy (WEP)
• D. Secure Post Office Protocol (POP)

Answer: A