NEW QUESTION 1
Mandatory Access Controls (MAC) are based on:

• A. security classification and security clearance
• B. data segmentation and data classification
• C. data labels and user access permissions
• D. user roles and data encryption

Answer: A

NEW QUESTION 2
Which of the following assures that rules are followed in an identity management architecture?

• A. Policy database
• B. Digital signature
• C. Policy decision point
• D. Policy enforcement point

Answer: D

NEW QUESTION 3
During a fingerprint verification process, which of the following is used to verify identity and authentication?

• A. A pressure value is compared with a stored template
• B. Sets of digits are matched with stored values
• C. A hash table is matched to a database of stored value
• D. A template of minutiae is compared with a stored template

Answer: D

NEW QUESTION 4
Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine?

• A. Addresses and protocols of network-based logs are analyzed.
• B. Host-based system logging has files stored in multiple locations.
• C. Properly handled network-based logs may be more reliable and valid.
• D. Network-based systems cannot capture users logging into the console.

Answer: A

NEW QUESTION 5
A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance?

• A. Enterprise asset management framework
• B. Asset baseline using commercial off the shelf software
• C. Asset ownership database using domain login records
• D. A script to report active user logins on assets

Answer: A

NEW QUESTION 6
Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)?

• A. Standards, policies, and procedures
• B. Tactical, strategic, and financial
• C. Management, operational, and technical
• D. Documentation, observation, and manual

Answer: C

NEW QUESTION 7
Which of the following BEST describes Recovery Time Objective (RTO)?

• A. Time of data validation after disaster
• B. Time of data restoration from backup after disaster
• C. Time of application resumption after disaster
• D. Time of application verification after disaster

Answer: C

NEW QUESTION 8
Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique?

• A. It is useful for testing communications protocols and graphical user interfaces.
• B. It is characterized by the stateless behavior of a process implemented in a function.
• C. Test inputs are obtained from the derived boundaries of the given functional specifications.
• D. An entire partition can be covered by considering only one representative value from that partition.

Answer: A

NEW QUESTION 9
A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?

• A. The network administrators have no knowledge of ICS
• B. The ICS is now accessible from the office network
• C. The ICS does not support the office password policy
• D. RS422 is more reliable than Ethernet

Answer: B

NEW QUESTION 10
What MUST each information owner do when a system contains data from multiple information owners?

• A. Provide input to the Information System (IS) owner regarding the security requirements of the data
• B. Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate.
• C. Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data
• D. Move the data to an Information System (IS) that does not contain data owned by other information owners

Answer: C

Explanation: Section: Security Assessment and Testing

NEW QUESTION 11
Who is responsible for the protection of information when it is shared with or provided to other organizations?

• A. Systems owner
• B. Authorizing Official (AO)
• C. Information owner
• D. Security officer

Answer: C

Explanation: Section: Security Operations

NEW QUESTION 12
Which of the following violates identity and access management best practices?

• A. User accounts
• B. System accounts
• C. Generic accounts
• D. Privileged accounts

Answer: C

NEW QUESTION 13
Which of the following is the MOST effective method of mitigating data theft from an active user workstation?

• A. Implement full-disk encryption
• B. Enable multifactor authentication
• C. Deploy file integrity checkers
• D. Disable use of portable devices

Answer: D

NEW QUESTION 14
Which of the following mandates the amount and complexity of security controls applied to a security risk?

• A. Security vulnerabilities
• B. Risk tolerance
• C. Risk mitigation
• D. Security staff

Answer: C

NEW QUESTION 15
Which of the following methods provides the MOST protection for user credentials?

• A. Forms-based authentication
• B. Digest authentication
• C. Basic authentication
• D. Self-registration

Answer: B

NEW QUESTION 16
A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization?

• A. Trusted third-party certification
• B. Lightweight Directory Access Protocol (LDAP)
• C. Security Assertion Markup language (SAML)
• D. Cross-certification

Answer: C

NEW QUESTION 17
Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)?

• A. Hierarchical inheritance
• B. Dynamic separation of duties
• C. The Clark-Wilson security model
• D. The Bell-LaPadula security model

Answer: B