NEW QUESTION 1
Changes to a Trusted Computing Base (TCB) system that could impact the security posture of that system and trigger a recertification activity are documented in the

• A. security impact analysis.
• B. structured code review.
• C. routine self assessment.
• D. cost benefit analysis.

Answer: A

NEW QUESTION 2
An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to

• A. encrypt the contents of the repository and document any exceptions to that requirement.
• B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.
• C. keep individuals with access to high security areas from saving those documents into lower security areas.
• D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA).

Answer: C

NEW QUESTION 3
What is the ultimate objective of information classification?

• A. To assign responsibility for mitigating the risk to vulnerable systems
• B. To ensure that information assets receive an appropriate level of protection
• C. To recognize that the value of any item of information may change over time
• D. To recognize the optimal number of classification categories and the benefits to be gained from their use

Answer: B

NEW QUESTION 4
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?

• A. Anti-virus software
• B. Intrusion Prevention System (IPS)
• C. Anti-spyware software
• D. Integrity checking software

Answer: B

NEW QUESTION 5
After following the processes defined within the change management plan, a super user has upgraded a device within an Information system.
What step would be taken to ensure that the upgrade did NOT affect the network security posture?

• A. Conduct an Assessment and Authorization (A&A)
• B. Conduct a security impact analysis
• C. Review the results of the most recent vulnerability scan
• D. Conduct a gap analysis with the baseline configuration

Answer: B

Explanation: Section: Security Assessment and Testing

NEW QUESTION 6
Which of the following is the MOST crucial for a successful audit plan?

• A. Defining the scope of the audit to be performed
• B. Identifying the security controls to be implemented
• C. Working with the system owner on new controls
• D. Acquiring evidence of systems that are not compliant

Answer: A

NEW QUESTION 7
What maintenance activity is responsible for defining, implementing, and testing updates to application systems?

• A. Program change control
• B. Regression testing
• C. Export exception control
• D. User acceptance testing

Answer: A

NEW QUESTION 8
A minimal implementation of endpoint security includes which of the following?

• A. Trusted platforms
• B. Host-based firewalls
• C. Token-based authentication
• D. Wireless Access Points (AP)

Answer: A

NEW QUESTION 9
Multi-threaded applications are more at risk than single-threaded applications to

• A. race conditions.
• B. virus infection.
• C. packet sniffing.
• D. database injection.

Answer: A

NEW QUESTION 10
A Business Continuity Plan (BCP) is based on

• A. the policy and procedures manual.
• B. an existing BCP from a similar organization.
• C. a review of the business processes and procedures.
• D. a standard checklist of required items and objectives.

Answer: C

NEW QUESTION 11
Which of the following BEST describes a rogue Access Point (AP)?

• A. An AP that is not protected by a firewall
• B. An AP not configured to use Wired Equivalent Privacy (WEP) with Triple Data Encryption Algorithm (3DES)
• C. An AP connected to the wired infrastructure but not under the management of authorized network administrators
• D. An AP infected by any kind of Trojan or Malware

Answer: C

NEW QUESTION 12
A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?

• A. Host VM monitor audit logs
• B. Guest OS access controls
• C. Host VM access controls
• D. Guest OS audit logs

Answer: A

NEW QUESTION 13
The three PRIMARY requirements for a penetration test are

• A. A defined goal, limited time period, and approval of management
• B. A general objective, unlimited time, and approval of the network administrator
• C. An objective statement, disclosed methodology, and fixed cost
• D. A stated objective, liability waiver, and disclosed methodology

Answer: A

NEW QUESTION 14
Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

• A. VPN bandwidth
• B. Simultaneous connection to other networks
• C. Users with Internet Protocol (IP) addressing conflicts
• D. Remote users with administrative rights

Answer: B

NEW QUESTION 15
Who must approve modifications to an organization's production infrastructure configuration?

• A. Technical management
• B. Change control board
• C. System operations
• D. System users

Answer: B

NEW QUESTION 16
Which security access policy contains fixed security attributes that are used by the system to determine a user’s access to a file or object?

• A. Mandatory Access Control (MAC)
• B. Access Control List (ACL)
• C. Discretionary Access Control (DAC)
• D. Authorized user control

Answer: A

NEW QUESTION 17
In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of

• A. systems integration.
• B. risk management.
• C. quality assurance.
• D. change management.

Answer: D