• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$99.00 Free Updates Upto 90 Days

  • CISSP Dumps PDF
  • 1487 Questions
  • Updated On March 29, 2024

PDF + Test Engine

$169.00 Free Updates Upto 90 Days

  • CISSP Question Answers
  • 1487 Questions
  • Updated On March 29, 2024

Test Engine

$149.00 Free Updates Upto 90 Days

  • CISSP Practice Questions
  • 1487 Questions
  • Updated On March 29, 2024
Check Our Free ISC CISSP Online Test Engine Demo.

How to pass ISC CISSP exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest ISC CISSP Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know ISC CISSP Dumps are Worth it?

Did we mention our latest CISSP Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just ISC Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Certified Information Systems Security Professional (CISSP) Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Certified Information Systems Security Professional (CISSP) Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get CISSP Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the CISSP exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

ISC CISSP Exam Overview:

Aspect Details
Exam Name ISC Certified Information Systems Security Professional (CISSP)
Exam Cost $699 USD
Total Time 3 hours
Available Languages English, French, German, Portuguese, Spanish, Japanese, Chinese, Korean
Passing Marks The passing scaled score is 700 out of 1000 points
Exam Format Multiple choice and advanced innovative questions
Experience A minimum of five years of cumulative paid work experience in two or more of the eight domains of the (ISC)² CISSP CBK

Certified Information Systems Security Professional (CISSP) Exam Topics Breakdown

Domain Percentage Description
Security and Risk Management 15% Understand and apply concepts of confidentiality, integrity, and availability (CIA triad) in information security.
Asset Security 10% Manage and protect physical assets and information assets.
Security Architecture and Engineering 13% Design and implement secure architectures and security models.
Communication and Network Security 14% Secure the network infrastructure, communications, and data transmission.
Identity and Access Management (IAM) 13% Control access and manage identities throughout their lifecycle.
Security Assessment and Testing 12% Design, conduct, and analyze security tests and assessments.
Security Operations 13% Understand and support investigations, incident management, and disaster recovery.
Software Development Security 10% Understand and apply security controls in software development environments.
ISC CISSP Sample Question Answers

Question # 1

What is the PRIMARY purpose of auditing, as it relates to the security review cycle? 

A. To ensure the organization's controls and pokies are working as intended  
B. To ensure the organization can still be publicly traded  
C. To ensure the organization's executive team won't be sued  
D. To ensure the organization meets contractual requirements  

Question # 2

An application is used for funds transfer between an organization and a third-party. During a security audit, an issue with the business continuity/disaster recovery policy and procedures for this application. Which of the following reports should the audit file with the organization?

A. Service Organization Control (SOC) 1  
B. Statement on Auditing Standards (SAS) 70
C. Service Organization Control (SOC) 2  
D. Statement on Auditing Standards (SAS) 70-1  

Question # 3

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the MOST challenging aspect of this investigation?

A. SCADA network latency  
B. Group policy implementation  
C. Volatility of data  
D. Physical access to the system

Question # 4

Which of the following needs to be tested to achieve a Cat 6a certification for a company's data cabling?

A. RJ11  
B. LC ports  
C. Patch panel  
D. F-type connector  

Question # 5

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?

A. Mandatory Access Control (MAC)  
B. Role Based Access Control (RBAC)  
C. Discretionary Access Control (DAC)  
D. Attribute Based Access Control (ABAC)  

Question # 6

Which of the following are the B EST characteristics of security metrics? 

A. They are generalized and provide a broad overview  
B. They use acronyms and abbreviations to be concise  
C. They use bar charts and Venn diagrams  
D. They are consistently measured and quantitatively expressed  

Question # 7

Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users' internal control over financial reporting?

A. Statement on Auditing Standards (SAS)70  
B. Service Organization Control 1 (SOC1)  
C. Service Organization Control 2 (SOC2)  
D. Service Organization Control 3 (SOC3)  

Question # 8

Which of the following is the PRIMARY purpose of installing a mantrap within a facility? 

A. Control traffic  
B. Prevent rapid movement  
C. Prevent plggybacking  
C. Prevent piggybacking  

Question # 9

A manager identified two conflicting sensitive user functions that were assigned to a single user account that had the potential to result in a financial and regulatory risk to the company. The manager MOST likely discovered this during which of the following?

A. Security control assessment.  
B. Separation of duties analysis  
C. Network Access Control (NAC) review  
D. Federated identity management (FIM) evaluation  

Question # 10

Which of the following system components enforces access controls on an object? 

A. Security perimeter  
B. Access control matrix  
C. Trusted domain  
D. Reference monitor  

Question # 11

Which of the following provides the MOST secure method for Network Access Control (NAC)?

A. Media Access Control (MAC) filtering  
B. 802.IX authentication  
C. Application layer filtering  
D. Network Address Translation (NAT)  

Question # 12

A software development company found odd behavior in some recently developed software, creating a need for a more thorough code review. What is the MOST effective argument for a more thorough code review?

A. It will increase the flexibility of the applications developed.  
B. It will increase accountability with the customers.  
C. It will impede the development process.  
D. lt will reduce the potential for vulnerabilities.  

Question # 13

How should the retention period for an organization's social media content be defined? 

A. Wireless Access Points (AP)  
B. Token-based authentication  
C. Host-based firewalls  
D. Trusted platforms  

Question # 14

When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users from accessing the VoIP network. Which of the following will BEST help secure the VoIP network?

A. Transport Layer Security (TLS)  
B. 802.1x  
C. 802.119  
D. Web application firewall (WAF)

Question # 15

Which of the following factors should be considered characteristics of Attribute Based Access Control (ABAC) in terms of the attributes used?

A. Mandatory Access Control (MAC) and Discretionary Access Control (DAC)  
B. Discretionary Access Control (DAC) and Access Control List (ACL)  
C. Role Based Access Control (RBAC) and Mandatory Access Control (MAC)  
D. Role Based Access Control (RBAC) and Access Control List (ACL)  

Question # 16

What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?

A. Make all stakeholders aware of the program's progress.  
B. Measure the effect of the program on the organization's workforce.  
C. Facilitate supervision of periodic training events.  
D. Comply with legal regulations and document due diligence in security practices.  

Question # 17

In a DevOps environment, which of the following actions is MOST necessary to have confidence in the quality of the changes being made?

A. Prepare to take corrective actions quickly.  
B. Receive approval from the change review board.  
C. Review logs for any anomalies.  
D. Automate functionality testing.

Question # 18

A Chief Information Officer (CIO) has delegated responsibility of their system security to the head of the information technology (IT) department. While corporate policy dictates that only the CIO can make decisions on the level of data protection required, technical implementation decisions are done by the head of the IT department. Which of the following BEST describes the security role filled by the head of the IT department?

A. System analyst  
B. System security officer  
C. System processor  
D. System custodian  

Question # 19

During a Disaster Recovery (DR) simulation, it is discovered that the shared recovery site lacks adequate data restoration capabilities to support the implementation of multiple plans simultaneously. What would be impacted by this fact if left unchanged?

A. Recovery Point Objective (RPO) 
B. Recovery Time Objective (RTO) 
C. Business Impact Analysis (BIA) 
D. Return on Investment (ROI) 

Question # 20

In a multi-tenant cloud environment, what approach will secure logical access to assets? 

A. Hybrid cloud  
B. Transparency/Auditability of administrative access  
C. Controlled configuration management (CM)  
D. Virtual private cloud (VPC)

Question # 21

A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design principles are implemented in the new methodology?

A. All developers receive mandatory targeted information security training.  
B. The non-financial information security requirements remain mandatory for the new model. 
C. The information security department performs an information security assessment after each sprint.
D. Information security requirements are captured in mandatory user stories.  

Question # 22

Which of the following is the BEST method to gather evidence from a computer's hard drive?

A. Disk duplication  
B. Disk replacement  
C. Forensic signature  
D. Forensic imaging  

Question # 23

What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program? 

A. Establish an ISCM technical architecture.  
B. Collect the security-related information required for metrics, assessments, and reporting.  
C. Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.  
D. Define an ISCM strategy based on risk tolerance.  

Question # 24

The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?

A. data loss protection (DLP)  
B. Intrusion detection  
C. Vulnerability scanner  
D. Information Technology Asset Management (ITAM)  

Question # 25

Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?

A. Identifying the events and environmental factors that can adversely affect an organization
B. Identifying what is important and critical based on disruptions that can affect the organization. 
C. Establishing the need for a Business Continuity Plan (BCP) based on threats that can affect an organization 
D. Preparing a program to create an organizational awareness for executing the Business Continuity Plan (BCP) 

Question # 26

Computer forensics requires which of the following MAIN steps? 

A. Announce the incident to responsible sections, analyze the data, assimilate the data for correlation
B. Take action to contain the damage, announce the incident to responsible sections, analyze the data 
C. Acquire the data without altering, authenticate the recovered data, analyze the data  
D. Access the data before destruction, assimilate the data for correlation, take action to contain the damage 

Question # 27

An attacker is able to remain indefinitely logged into a exploit to remain on the web service?

A. Alert management  
B. Password management  
C. Session management  
D. Identity management (IM)  

Question # 28

Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation (GDPR)?

A. For the establishment, exercise, or defense of legal claims  
B. The personal data has been lawfully processed and collected  
C. The personal data remains necessary to the purpose for which it was collected  
D. For the reasons of private interest  

Question # 29

The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?

A. It determines the security requirements.
B. It affects other steps in the certification and accreditation process.  
C. It determines the functional and operational requirements.  
D. The system engineering process works with selected security controls.  

Question # 30

When defining a set of security controls to mitigate a risk, which of the following actions MUST occur?

A. Each control's effectiveness must be evaluated individually.  
B. Each control must completely mitigate the risk.  
C. The control set must adequately mitigate the risk.  
D. The control set must evenly divided the risk.  

Question # 31

When conducting a third-party risk assessment of a new supplier, which of the following reports should be reviewed to confirm the operating effectiveness of the security, availability, confidentiality, and privacy trust principles?

A. Service Organization Control (SOC) 1, Type 2  
B. Service Organization Control (SOC) 2, Type 2  
C. International Organization for Standardization (ISO) 27001  
D. International Organization for Standardization (ISO) 27002  

Question # 32

During a penetration test, what are the three PRIMARY objectives of the planning phase? 

A. Determine testing goals, identify rules of engagement and conduct an initial discovery scan. 
B. Finalize management approval, determine testing goals, and gather port and service information. 
C. Identify rules of engagement, finalize management approval, and determine testing goals. 
D. Identify rules of engagement, document management approval, and collect system and application information. 

Question # 33

What is the PRIMARY reason that a bit-level copy is more desirable than a file-level copy when replicating a hard drive's contents for an e-discovery investigation?

A. Files that have been deleted will be transferred.  
B. The file and directory structure is retained.  
C. File-level security settings will be preserved.  
D. The corruption of files is less likely.

Question # 34

An organization wants to migrate to Session Initiation Protocol (SIP) to save on telephony expenses. Which of the following security related statements should be considered in the decision-making process? 

A. Cloud telephony is less secure and more expensive than digital telephony services.  
B. SIP services are more secure when used with multi-layer security proxies.  
C. H.323 media gateways must be used to ensure end-to-end security tunnels.  
D. Given the behavior of SIP traffic, additional security controls would be required.  

Question # 35

When assessing the audit capability of an application, which of the following activities is MOST important?

A. Determine if audit records contain sufficient information.  
B. Review security plan for actions to be taken in the event of audit failure.  
C. Verify if sufficient storage is allocated for audit records.  
D. Identify procedures to investigate suspicious activity.  

Question # 36

Which of the following vulnerabilities can be BEST detected using automated analysis? 

A. Valid cross-site request forgery (CSRF) vulnerabilities  
B. Multi-step process attack vulnerabilities
C. Business logic flaw vulnerabilities  
D. Typical source code vulnerabilities  

Question # 37

In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?

A. The target’s security posture cannot be further compromised.  
B. The results of the tests represent a point-in-time assessment of the target(s).  
C. The accuracy of testing results can be greatly improved if the target(s) are properly hardened. 
D. The deficiencies identified can be corrected immediately  

Question # 38

Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?

A. The business owner  
B. security subject matter expert (SME)  
C. The application owner  
D. A developer subject matter expert (SME)

Question # 39

An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?

A. IM clients can interoperate between multiple vendors.  
B. IM clients can run without administrator privileges.  
C. IM clients can utilize random port numbers.  
D. IM clients can run as executables that do not require installation.  

Question # 40

When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's first consideration?

A. Detection of sophisticated attackers  
B. Resiliency of the system  
C. Topology of the network used for the system  
D. Risk assessment of the system

Question # 41

Which of the following is fundamentally required to address potential security issues when initiating software development?

A. Implement ongoing security audits in all environments.  
B. Ensure isolation of development from production.  
C. Add information security objectives into development.  
D. Conduct independent source code review.

Question # 42

A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's information security manager has received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?

A. Information owner  
B. PM  
C. Data Custodian  
D. Mission/Business Owner  

Question # 43

What is the MOST appropriate hierarchy of documents when implementing a security program? 

A. Organization principle, policy, standard, guideline  
B. Policy, organization principle, standard, guideline  
C. Standard, policy, organization principle, guideline  
D. Organization principle, guideline, policy, standard  

Question # 44

employee training, risk management, and data handling procedures and policies could be characterized as which type of security measure?

A. Non-essential  
B. Management  
C. Preventative  
D. Administrative  

Question # 45

A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?

A. Intrusion detection system (IDS)  
B. Circuit-Level Proxy  
C. Application-Level Proxy  
D. Host-based Firewall  

Question # 46

An organization with divisions in the United States (US) and the United Kingdom (UK) processes data comprised of personal information belonging to subjects living in the European Union (EU) and in the US. Which data MUST be handled according to the privacy protections of General Data Protection Regulation (GDPR)?

A. Only the EU citizens’ data  
B. Only the EU residents' data  
C. Only the UK citizens’ data  
D. Only data processed in the UK

Question # 47

A company wants to store data related to users on an offsite server. What method can be deployed to protect the privacy of the user’s information while maintaining the field-level configuration of the database?

A. {Encryption  
B. Encoding  
C. Tokenization  
D. Hashing  

Question # 48

Which of the following determines how traffic should flow based on the status of the infrastructure layer?

A. Traffic plane  
B. Application plane  
C. Data plane  
D. Control plane  

Question # 49

Which of the following is security control volatility? 

A. A reference to the stability of the security control.  
B. A reference to how unpredictable the security control is.  
C. A reference to the impact of the security control.  
D. A reference to the likelihood of change in the security control.  

Question # 50

An organization has implemented a password complexity and an account lockout policy enforcing five incorrect logins tries within ten minutes. Network users have reported significantly increased account lockouts. Which of the following security principles is this company affecting?

A. Availability  
B. Integrity  
C. Confidentiality  
D. Authentication  

Question # 51

An organization implements Network Access Control (NAC) ay Institute of Electrical and Electronics Engineers (IEEE) 802.1x and discovers the printers do not support the IEEE 802.1x standard. Which of the following is the BEST resolution?

A. Implement port security on the switch ports for the printers.  
B. Implement a virtual local area network (VLAN) for the printers.  
C. Do nothing; IEEE 802.1x is irrelevant to printers.  
D. Install an IEEE 802. 1x bridge for the printers.  

Question # 52

An information security professional is reviewing user access controls on a customer-facing application. The application must have multi-factor authentication (MFA) in place. The application currently requires a username and password to log in. Which of the following options would BEST implement MFA?

A. Geolocate the user and compare to previous logins  
B. Require a pre-selected number as part of the login  
C. Have the user answer a secret question that is known to them  
D. Enter an automatically generated number from a hardware token  

Question # 53

Which of the following is a limitation of the Bell-LaPadula model? 

A. Segregation of duties (SoD) is difficult to implement as the "no read-up" rule limits the ability of an object to access information with a higher classification. 
B. Mandatory access control (MAC) is enforced at all levels making discretionary access control (DAC) impossible to implement. 
C. It contains no provision or policy for changing data access control and works well only with access systems that are static in nature. 
D. It prioritizes integrity over confidentiality which can lead to inadvertent information disclosure. 

Question # 54

What is the benefit of using Network Admission Control (NAC)? 

A. Operating system (OS) versions can be validated prior to allowing network access.  
B. NAC supports validation of the endpoint's security posture prior to allowing the session to go into an authorized state. 
C. NAC can require the use of certificates, passwords, or a combination of both before allowing network admission. 
D. NAC only supports Windows operating systems (OS).  

Question # 55

Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?

A. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature: Rivest-Shamir-Adleman (RSA) (1024 bits)
B. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) > 128 bits Digital Signature: Digital Signature Algorithm (DSA) (>=2048 bits)
C. Diffie-hellman (DH) key exchange: DH (<= 1024 bits) Symmetric Key: Blowfish Digital Signature: Rivest-Shamir-Adleman (RSA) (>=2048 bits)
D. Diffie-hellman (DH) key exchange: DH (>=2048 bits) Symmetric Key: Advanced Encryption Standard (AES) < 128 bits Digital Signature: Elliptic Curve Digital Signature Algorithm (ECDSA) (>=256 bits)

Question # 56

When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner’s first consideration?

A. Resiliency of the system  
B. Detection of sophisticated attackers  
C. Risk assessment of the system  
D. Topology of the network used for the system  

Question # 57

Which of the following vulnerability assessment activities BEST exemplifies the Examine method of assessment?

A. Ensuring that system audit logs capture all relevant data fields required by the security controls baseline 
B. Performing Port Scans of selected network hosts to enumerate active services  
C. Asking the Information System Security Officer (ISSO) to describe the organization’s patch management processes 
D. Logging into a web server using the default administrator account and a default password 

Question # 58

Building blocks for software-defined networks (SDN) require which of the following? 

A. The SDN is mostly composed of virtual machines (VM).  
B. The SDN is composed entirely of client-server pairs.  
C. Virtual memory is used in preference to random-access memory (RAM).  
D. Random-access memory (RAM) is used in preference to virtual memory.  

Question # 59

Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization? 

A. Software that does not perform as intended may be exploitable which makes it vulnerable to attack.
B. Request for proposals (RFP) avoid purchasing software that does not meet business needs. 
C. Contracting processes eliminate liability for security vulnerabilities for the purchaser.  
D. Decommissioning of old software reduces long-term costs related to technical debt.  

Question # 60

What is the FIRST step for an organization to take before allowing personnel to access social media from a corporate device or user account?

A. Publish a social media guidelines document.  
B. Publish an acceptable usage policy.  
C. Document a procedure for accessing social media sites.  
D. Deliver security awareness training.  

Question # 61

All hosts on the network are sending logs via syslog-ng to the log collector. The log collector is behind its own firewall, The security professional wants to make sure not to put extra load on the firewall due to the amount of traffic that is passing through it. Which of the following types of filtering would MOST likely be used?

A. Uniform Resource Locator (URL) Filtering  
B. Web Traffic Filtering  
C. Dynamic Packet Filtering  
D. Static Packet Filtering  

Question # 62

When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?

A. Annual Loss Expectancy (ALE) + Work Recovery Time (WRT)  
B. Business impact analysis (BIA) + Recovery Point Objective (RPO)  
C. Recovery Time Objective (RTO) + Work Recovery Time (WRT)  
D. Estimated Maximum Loss (EML) + Recovery Time Objective (RTO)  

Question # 63

Which of the following will an organization's network vulnerability testing process BEST enhance?

A. Firewall log review processes  
B. Asset management procedures  
C. Server hardening processes  
D. Code review procedures  

Question # 64

What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software-defined networking (SDN)?

A. Familiar syntax, abstraction of network topology, and definition of network protocols  
B. Network syntax, abstraction of network flow, and abstraction of network protocols  
C. Network syntax, abstraction of network commands, and abstraction of network protocols  
D. Familiar syntax, abstraction of network topology, and abstraction of network protocols  

Question # 65

An organization wants to share data securely with their partners via the Internet. Which standard port is typically used to meet this requirement?

A. Setup a server on User Datagram Protocol (UDP) port 69  
B. Setup a server on Transmission Control Protocol (TCP) port 21  
C. Setup a server on Transmission Control Protocol (TCP) port 22  
D. Setup a server on Transmission Control Protocol (TCP) port 80  

Question # 66

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?

A. Network is flooded with communication traffic by the attacker.  
B. Organization loses control of their network devices.  
C. Network management communications is disrupted.  
D. Attacker accesses sensitive information regarding the network topology.  

Question # 67

Which media sanitization methods should be used for data with a high security categorization?

A. Clear or destroy  
B. Clear or purge  
C. Destroy or delete  
D. Purge or destroy  

Question # 68

What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)? 

A. Save security costs for the organization.  
B. Improve vulnerability assessment capabilities.  
C. Standardize specifications between software security products.  
D. Achieve organizational compliance with international standards.  

Question # 69

Of the following, which BEST provides non- repudiation with regards to access to a server room?

A. Fob and Personal Identification Number (PIN)  
B. Locked and secured cages  
C. Biometric readers  
D. Proximity readers  

Question # 70

Which of the fallowing statements is MOST accurate regarding information assets? 

A. International Organization for Standardization (ISO) 27001 compliance specifies which information assets must be included in asset inventory.
B. S3 Information assets include any information that is valuable to the organization,  
C. Building an information assets register is a resource-intensive job.  
D. Information assets inventory is not required for risk assessment.  

Question # 71

Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?

A. Host-based intrusion prevention system (HIPS)  
B. Access control list (ACL)  
C. File integrity monitoring (FIM)  
D. Data loss prevention (DLP)

Question # 72

Which of the following would be the BEST mitigation practice for man-in-the-middle (MITM) Voice over Internet Protocol (VoIP) attacks?

A. Use Media Gateway Control Protocol (MGCP)  
B. Use Transport Layer Security (TLS) protocol
C. Use File Transfer Protocol (FTP)  
D. Use Secure Shell (SSH) protocol

Question # 73

Write Once, Read Many (WORM) data storage devices are designed to BEST support which of the following core security concepts?

A. lntegrity  
B. Scalability  
C. Availability  
D. Confidentiality  

Question # 74

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

A. ross-Site Scripting (XSS)  
B. Cross-Site request forgery (CSRF)  
C. Cross injection  
D. Broken Authentication And Session Management  

Question # 75

Which of the following is the PRIMARY type of cryptography required to support nonrepudiation of a digitally signed document?

A. Message digest (MD)  
B. Asymmetric  
C. Symmetric  
D. Hashing  

Question # 76

Which of the following is the MOST important first step in preparing for a security audit? 

A. Identify team members.  
B. Define the scope.  
C. Notify system administrators.  
D. Collect evidence.  

Question # 77

In which of the following scenarios is locking server cabinets and limiting access to keys preferable to locking the server room to prevent unauthorized access?

A. Server cabinets are located in an unshared workspace.  
B. Server cabinets are located in an isolated server farm.  
C. Server hardware is located in a remote area.  
D. Server cabinets share workspace with multiple projects.  

Question # 78

Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Which of the following is the FIRST step in developing an ISCM strategy and implementing an ISCM program?

A. Define a strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts.
B. Conduct a vulnerability assessment to discover current threats against the environment and incorporate them into the program.
C. Respond to findings with technical management, and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection. 
D. Analyze the data collected and report findings, determining the appropriate response. It may be necessary to collect additional information to clarify or supplement existing monitoring data. 

Question # 79

The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for which of the following operations?

A. Bulk data encryption and decryption  
B. One-way secure hashing for user and message authentication  
C. Secure key exchange for symmetric cryptography  
D. Creating digital checksums for message integrity  

Question # 80

Which security feature fully encrypts code and data as it passes to the servers and only decrypts below the hypervisor layer?

A. File-system level encryption  
B. Transport Layer Security (TLS)  
C. Key management service  
D. Trusted execution environments

Question # 81

Which of the following BEST describes the use of network architecture in reducing corporate risks associated with mobile devices?

A. Maintaining a "closed applications model on all mobile devices depends on demilitarized 2one (DM2) servers 
B. Split tunneling enabled for mobile devices improves demilitarized zone (DMZ) security posture
C. Segmentation and demilitarized zone (DMZ) monitoring are implemented to secure a virtual private network (VPN) access for mobile devices
D. Applications that manage mobile devices are located in an Internet demilitarized zone (DMZ) 

Question # 82

Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps? 

A. Key findings section  
B. Executive summary with full details  
C. Risk review section  
D. Findings definition section

Question # 83

What is the BEST method to use for assessing the security impact of acquired software? 

A. Common vulnerability review  
B. Software security compliance validation
C. Threat modeling  
D. Vendor assessment  

Question # 84

What is the correct order of execution for security architecture? 

A. Governance, strategy and program management, project delivery, operations  
B. Strategy and program management, governance, project delivery, operations  
C. Governance, strategy and program management, operations, project delivery  
D. Strategy and program management, project delivery, governance, operations  

Question # 85

A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to on and security However, an attacker was able to spoof a registered account on the network and query the SAML provider. What is the MOST common attack leverage against this flaw? 

A. Attacker forges requests to authenticate as a different user.  
B. Attacker leverages SAML assertion to register an account on the security domain.  
C. Attacker conducts denial-of-service (DoS) against the security domain by authenticating as the same user repeatedly.
D. Attacker exchanges authentication and authorization data between security domains.  

Question # 86

Network Access Control (NAC) capability BEST meets this objective? 

A. Application firewall  
B. Port security  
C. Strong passwords  
D. Two-factor authentication (2FA)

Question # 87

Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?

A. Employee evaluation of the training program  
B. Internal assessment of the training program's effectiveness  
C. Multiple choice tests to participants  
D. Management control of reviews

Question # 88

Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other. The first machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address of 192.168.1.3/30 and the second machine has an IP/CIDR address 192.168.1.6/30. Which of the following is correct?

A. Since each computer is on a different layer 3 networks, traffic between the computers must be processed by a network bridge in order to communicate. 
B. Since each computer is on the same layer 3 networks, traffic between the computers may be processed by a network bridge in order to communicate. 
C. Since each computer is on the same layer 3 networks, traffic between the computers may be processed by a network router in order to communicate. 
D. Since each computer is on a different layer 3 networks, traffic between the computers must be processed by a network router in order to communicate. 

Question # 89

The customer continues to experience attacks on their email, web, and File Transfer Protocol (FTP) servers. These attacks are impacting their business operations. Which of the following is the BEST recommendation to make?

A. Configure an intrusion detection system (IDS).  
B. Create a demilitarized zone (DMZ).  
C. Deploy a bastion host.  
D. Setup a network firewall.  

Question # 90

When testing password strength, which of the following is the BEST method for brute forcing passwords?

A. Conduct an offline attack on the hashed password information.  
B. Conduct an online password attack until the account being used is locked.  
C. Use a comprehensive list of words to attempt to guess the password.  
D. Use social engineering methods to attempt to obtain the password.  

Question # 91

A hospital’s building controls system monitors and operates the environmental equipment to maintain a safe and comfortable environment. Which of the following could be used to minimize the risk of utility supply interruption?

A. Digital devices that can turn equipment off and continuously cycle rapidly in order to increase supplies and conceal activity on the hospital network 
B. Standardized building controls system software with high connectivity to hospital networks 
C. Lock out maintenance personnel from the building controls system access that can impact critical utility supplies
D. Digital protection and control devices capable of minimizing the adverse impact to critical utility 

Question # 92

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

A. Planning  
B. Operation  
C. Assessment  
D. Improvement  

Question # 93

Which of the following is established to collect information Se eee ee ee nation readily available in part through implemented security controls?

A. Security Assessment Report (SAR)  
B. Organizational risk tolerance  
C. Information Security Continuous Monitoring (ISCM)  
D. Risk assessment report  

Question # 94

Two remote offices need to be connected securely over an untrustworthy MAN. Each office needs to access network shares at the other site. Which of the following will BEST provide this functionality?

A. Client-to-site VPN  
B. Third-party VPN service  
C. Site-to-site VPN  
D. Split-tunnel VPN  

Question # 95

An organization has discovered that organizational data is posted by employees to data storage accessible to the general public. What is the PRIMARY step an organization must take to ensure data is properly protected from public release? 

A. Implement a data classification policy.
B. Implement a data encryption policy.  
C. Implement a user training policy.  
D. Implement a user reporting policy.  

Question # 96

Which of the following is the FIRST step during digital identity provisioning? 

A. Authorizing the entity for resource access  
B. Synchronizing directories  
C. Issuing an initial random password  
D. Creating the entity record with the correct attributes  

Question # 97

Which of the following is the BEST way to protect an organization's data assets? 

A. Monitor and enforce adherence to security policies.  
B. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.  
C. Create the Demilitarized Zone (DMZ) with proxies, firewalls, and hardened bastion hosts.  
D. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).  

Question # 98

What is the FINAL step in the waterfall method for contingency planning? 

A. Maintenance  
B. Testing  
C. Implementation  
D. Training  

Question # 99

Which of the following is an open standard for exchanging authentication and authorization data between parties?

A. Wired markup language  
B. Hypertext Markup Language (HTML)  
C. Extensible Markup Language (XML)  
D. Security Assertion Markup Language (SAML)

Question # 100

Which of the following is the BEST method to identify security controls that should be implemented for a web-based application while in development?

A. Application threat modeling  
B. Secure software development.  
C. Agile software development  
D. Penetration testing  

Question # 101

Which of the following BEST describes the purpose of Border Gateway Protocol (BGP)? 

A. Maintain a list of network paths between internet routers.  
B. Provide Routing Information Protocol (RIP) version 2 advertisements to neighboring layer 3 devices. 
C. Provide firewall services to cloud-enabled applications.  
D. Maintain a list of efficient network paths between autonomous systems.  

Question # 102

Configuring a Wireless Access Point (WAP) with the same Service Set Identifier (SSID) as another WAP in order to have users unknowingly connect is referred to as which of the following?

A. Jamming  
B. Man-right-Middle (MITM)  
C. War driving  
D. Internet Protocol (IP) spoofing

Question # 103

A company hired an external vendor to perform a penetration test ofa new payroll system. The company’s internal test team had already performed an in-depth application and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?

A. Failure to perform interface testing  
B. Failure to perform negative testing  
C. Inadequate performance testing  
D. Inadequate application level testing  

Question # 104

What BEST describes the confidentiality, integrity, availability triad? 

A. A tool used to assist in understanding how to protect the organization's data  
B. The three-step approach to determine the risk level of an organization  
C. The implementation of security systems to protect the organization's data  
D. A vulnerability assessment to see how well the organization's data is protected  

Question # 105

Which of the following minimizes damage to information technology (IT) equipment stored in a data center when a false fire alarm event occurs?

A. A pre-action system is installed.  
B. An open system is installed.  
C. A dry system is installed.  
D. A wet system is installed.

Question # 106

Which of the following BEST ensures the integrity of transactions to intended recipients? 

A. Public key infrastructure (PKI)  
B. Blockchain technology  
C. Pre-shared key (PSK)  
D. Web of trust  

Question # 107

An organization has determined that its previous waterfall approach to software development is not keeping pace with business demands. To adapt to the rapid changes required for product delivery, the organization has decided to move towards an Agile software development and release cycle. In order to ensure the success of the Agile methodology, who is MOST critical in creating acceptance tests or acceptance criteria for each release?

A. Project managers  
B. Software developers  
C. Independent testers  
D. Business customers  

Question # 108

What documentation is produced FIRST when performing an effective physical loss control process?

A. Deterrent controls list  
B. Security standards list  
C. inventory list  
D. Asset valuation list  

Question # 109

A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used?

A. Triple Data Encryption Standard (3DES)
B. Advanced Encryption Standard (AES)  
C. Digital Signature Algorithm (DSA)  
D. Rivest-Shamir-Adieman (RSA)

Question # 110

Which of the (ISC)? Code of Ethics canons is MOST reflected when preserving the value of systems, applications, and entrusted information while avoiding conflicts of interest?

A. Act honorably, honestly, justly, responsibly, and legally.  
B. Protect society, the commonwealth, and the infrastructure.  
C. Provide diligent and competent service to principles.  
D. Advance and protect the profession.  

Question # 111

An organization is implementing data encryption using symmetric ciphers and the Chief Information Officer (CIO) is concerned about the risk of using one key to protect all sensitive data, The security practitioner has been tasked with recommending a solution to address the CIO's concerns, Which of the following is the BEST approach to achieving the objective by encrypting all sensitive data? 

A. Use a Secure Hash Algorithm 256 (SHA-256).  
B. Use a hierarchy of encryption keys.  
C. Use Hash Message Authentication Code (HMAC) keys.  
D. Use Rivest-Shamir-Adleman (RSA) keys.  

Question # 112

Which of the following are the three MAIN categories of security controls? 

A. Administrative, technical, physical  
B. Corrective, detective, recovery  
C. Confidentiality, integrity, availability
D. Preventative, corrective, detective  

Question # 113

Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy?

A. Training  
B. Legal  
C. Business  
D. Storage  

Question # 114

Compared to a traditional network, which of the following is a security-related benefit that software-defined networking (SDN) provides?

A. Centralized network provisioning  
B. Centralized network administrator control
C. Reduced network latency when scaled  
D. Reduced hardware footprint and cost  

Question # 115

A software developer installs a game on their organization-provided smartphone. Upon installing the game, the software developer is prompted to allow the game access to call logs, Short Message Service (SMS) messaging, and Global Positioning System (GPS) location data. What has the game MOST likely introduced to the smartphone?

A. Alerting  
B. Vulnerability  
C. Geo-fencing  
D. Monitoring  

Question # 116

In Federated Identity Management (FIM), which of the following represents the concept of federation?

A. Collection of information logically grouped into a single entity  
B. Collection, maintenance, and deactivation of user objects and attributes in one or more systems, directories or applications
C. Collection of information for common identities in a system  
D. Collection of domains that have established trust among themselves  

Question # 117

What is the second phase of public key infrastructure (PKI) key/certificate life-cycle management? 

A. Implementation Phase  
B. Cancellation Phase  
C. Initialization Phase  
D. Issued Phase  

Question # 118

A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration test. What is the BEST course of action?

A. Review data localization requirements and regulations.  
B. Review corporate security policies and procedures,  
C. With notice to the Configuring a Wireless Access Point (WAP) with the same Service Set Identifier external test.  
D. With notice to the organization, perform an external penetration test first, then an internal test.  

Question # 119

Which of the following is an important design feature for the outer door o f a mantrap? 

A. Allow it to be opened by an alarmed emergency button.  
B. Do not allow anyone to enter it alone.  
C. Do not allow it to be observed by dosed-circuit television (CCTV) cameras.  
D. Allow it be opened when the inner door of the mantrap is also open  

Question # 120

The security architect has been mandated to assess the security of various brands of mobile devices. At what phase of the product lifecycle would this be MOST likely to occur?

A. Disposal  
B. Implementation  
C. Development  
D. Operations and maintenance  

Question # 121

How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished?

A. It uses clear text and firewall rules.
B. It relies on Virtual Private Networks (VPN).  
C. It uses clear text and shared secret keys.  
D. It relies on asymmetric encryption keys.

Question # 122

The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?

A. Physically secured storage device  
B. Encrypted flash drive  
C. Public key infrastructure (PKI)  
D. Trusted Platform Module (TPM)

Question # 123

Which type of access control includes a system that allows only users that are type=managers and department=sales to access employee records? 

A. Discretionary access control (DAC)  
B. Mandatory access control (MAC)  
C. Role-based access control (RBAC)  
D. Attribute-based access control (ABAC)  

Question # 124

Which of the following is the PRIMARY goal of logical access controls? 

A. Restrict access to an information asset.  
B. Ensure integrity of an information asset.
C. Restrict physical access to an information asset.  
D. Ensure availability of an information asset.  

Question # 125

A security professional was tasked with rebuilding a company's wireless infrastructure.Which of the following are the MOST important factors to consider while making a decision on which wireless spectrum to deploy? 

A. Hybrid frequency band, service set identifier (SSID), and interpolation
B. Performance, geographic location, and radio signal interference
C. Facility size, intermodulation, and direct satellite service
D. Existing client devices, manufacturer reputation, and electrical interference

Question # 126

In an IDEAL encryption system, who has sole access to the decryption key? 

A. System owner
B. Data owner
C. Data custodian
D. System administrator

Question # 127

Which of the following criteria ensures information is protected relative to its importance to the organization?

A. The value of the data to the organization's senior management  
B. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification 
C. Legal requirements determined by the organization headquarters' location  
D. Organizational stakeholders, with classification approved by the management board  

Question # 128

Which of the following Disaster recovery (DR) testing processes is LEAST likely to disrupt normal business operations?

A. Parallel
B. Simulation
C. Table-top
D. Cut-over

Question # 129

Before allowing a web application into the production environment, the security practitioner performs multiple types of tests to confirm that the web application performs as expected. To test the username field, the security practitioner creates a test that enters more characters into the field than is allowed. Which of the following BEST describes the type of test performed? 

A. Misuse case testing  
B. Penetration testing  
C. Web session testing  
D. Interface testing  

Question # 130

The Chief Information Officer (CIO) has decided that as part of business modernizationefforts the organization will move towards a cloud architecture. All business-critical data willbe migrated to either internal or external cloud services within the next two years. The CIOhas a PRIMARY obligation to work with personnel in which role inorder to ensure proper protection of data during and after the cloud migration?

A. Information owner
B. General Counsel
C. Chief Information Security Officer (CISO)
D. Chief Security Officer (CSO)

Question # 131

If an employee transfers from one role to another, which of the following actions should this trigger within the identity and access management (IAM) lifecycle?

A. New account creation  
B. User access review and adjustment  
C. Deprovisioning  
D. System account access review and adjustment  

Question # 132

Which of the following outsourcing agreement provisions has the HIGHEST priority from a security operations perspective? 

A. Conditions to prevent the use of subcontractors
B. Terms for contract renegotiation in case of disaster
C. Escalation process for problem resolution during incidents
D. Root cause analysis for application performance issue

Question # 133

Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when traveling to high-risk countries? 

A. Review applicable destination country laws, forensically clean devices prior to travel,and only download sensitive data over a virtual private network (VPN) upon arriving at thedestination.
B. Keep laptops, external storage devices, and smartphones in the hotel room when not inuse.
C. Leverage a Secure Socket Layer (SSL) connection over a virtual private network (VPN)to download sensitive data upon arriving at the destination.
D. Use multi-factor authentication (MFA) to gain access to data stored on laptops orexternal storage devices and biometric fingerprint access control isms to unlocksmartphones.

Question # 134

Which of the following is the GREATEST risk of relying only on Capability Maturity Models Which of the following is the GREATEST risk of relying only on Capability Maturity Models

A. Organizations can only reach a maturity level 3 when using CMMs  
B. CMMs do not explicitly address safety and security  
C. CMMs can only be used for software developed in-house  
D. CMMs are vendor-specific and may be biased  

Question # 135

How is it possible to extract private keys securely stored on a cryptographic smartcard? 

A. Bluebugging  
B. Focused ion-beam
C. Bluejacking
D. Power analysis

Question # 136

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

A. Provide links to security policies  
B. Log all activities associated with sensitive systems  
C. Employ strong access controls  
D. Confirm that confidentiality agreements are signed  

Question # 137

When determining data and information asset handling, regardless of the specific toolset being used, which of the following is one of the common components of big data?

A. Consolidated data collection  
B. Distributed storage locations  
C. Distributed data collection  
D. Centralized processing location

Question # 138

A Certified Information Systems Security Professional (CISSP) with identity and accessmanagement (IAM) responsibilities is asked by the Chief Information Security Officer(CISO) to4 perform a vulnerability assessment on a web application to pass a PaymentCard Industry (PCI) audit. The CISSP has never performed this before. According to the(ISC)? Code of Professional Ethics, which of the following should the CISSP do?

A. Review the CISSP guidelines for performing a vulnerability assessment beforeproceeding to complete it
B. Review the PCI requirements before performing the vulnerability assessment
C. Inform the CISO that they are unable to perform the task because they should renderonly those services for which they are fully competent and qualified
D. Since they are CISSP certified, they have enough knowledge to assist with the request,but will need assistance in order to complete it in a timely manner

Question # 139

Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?

A. Trusted Computing Base (TCB)  
B. Time separation  
C. Security kernel  
D. Reference monitor  

Question # 140

Which of the following encryption technologies has the ability to function as a stream cipher?

A. Cipher Feedback (CFB)
B. Feistel cipher
C. Cipher Block Chaining (CBC) with error propagation
D. Electronic Code Book (ECB)

Question # 141

An organization's retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan. Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?

A. Update the Network Address Translation (NAT) table.  
B. Update Domain Name System (DNS) server addresses with domain registrar.  
C. Update the Border Gateway Protocol (BGP) autonomous system number.  
D. Update the web server network adapter configuration.  

Question # 142

Which of the following is the FIRST step for defining Service Level Requirements (SLR)? 

A. Creating a prototype to confirm or refine the customer requirements
B. Drafting requirements for the service level agreement (SLA)
C. Discussing technology and solution requirements with the customer
D. Capturing and documenting the requirements of the customer

Question # 143

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?

A. The actual origin and tools used for the test can be hidden.  
B. Information may be found on related breaches and hacking.  
C. Vulnerabilities can be tested without impact on the tested environment.  
D. Information may be found on hidden vendor patches.  

Question # 144

Which one of the following BEST protects vendor accounts that are used for emergency maintenance? 

A. Encryption of routing tables
B. Vendor access should be disabled until needed
C. Role-based access control (RBAC)
D. Frequent monitoring of vendor access

Question # 145

Which of the following techniques evaluates the secure Bet principles of network or software architectures?

A. Threat modeling  
B. Risk modeling  
C. Waterfall method  
D. Fuzzing  

Question # 146

At what stage of the Software Development Life Cycle (SDLC) does software vulnerability remediation MOST likely cost the least to implement? 

A. Development
B. Testing
C. Deployme
D. Design

Question # 147

Which of the following addresses requirements of security assessments during software acquisition?

A. Software configuration management (SCM)
B. Data loss prevention (DLP) policy  
C. Continuous monitoring  
D. Software assurance policy  

Question # 148

International bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of the following?

A. General Data Protection Regulation (GDPR)
B. Palermo convention
C. Wassenaar arrangement
D. International Traffic in Arms Regulations (ITAR)

Question # 149

An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?

A. Presentation  
B. Transport  
C. Session  
D. Application  

Question # 150

Which of the following is the MOST effective measure for dealing with rootkit attacks? 

A. Turing off unauthorized services and rebooting the system
B. Finding and replacing the altered binaries with legitimate ones
C. Restoring the system from the last backup
D. Reinstalling the system from trusted sources

Question # 151

An authentication system that uses challenge and response was recently implemented onan organization's network, because the organization conducted an annual penetration testshowing that testers were able to move laterally using authenticated credentials. Whichattack method was MOST likely used to achieve this?

A. Cross-Site Scripting (XSS)
B. Pass the ticket
C. Brute force
D. Hash collision

Question # 152

The European Union (EU) General Data Protection Regulation (GDPR) requires organizations to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Data Owner should therefore consider which of the following requirements?

A. Data masking and encryption of personal data  
B. Only to use encryption protocols approved by EU  
C. Anonymization of personal data when transmitted to sources outside the EU  
D. Never to store personal data of EU citizens outside the EU  

Question # 153

Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision? 

A. To provide each manager with precise direction on selecting an appropriate recovery alternative 
B. To demonstrate to the regulatory bodies that the company takes business continuityseriously
C. To demonstrate to the board of directors that senior management is committed tocontinuity recovery efforts
D. To provide a formal declaration from senior management as required by internal audit todemonstrate sound business practices

Question # 154

Within a large organization, what business unit is BEST positioned to initiate provisioning and deprovisioning of user accounts?

A. Training department  
B. Internal audit  
C. Human resources  
D. Information technology (IT)

Question # 155

Which of the following is a key responsibility for a data steward assigned to manage an enterprise data lake?

A. Ensure proper business definition, value, and usage of data collected and stored withinthe enterprise data lake.
B. Ensure proper and identifiable data owners for each data element stored within anenterprise data lake.
C. Ensure adequate security controls applied to the enterprise data lake.
D. Ensure that any data passing within remit is being used in accordance with the rules andregulations of the business.

Question # 156

Which of the following is the BEST way to determine the success of a patch management process?

A. Analysis and impact assessment
B. Auditing and assessment
C. Configuration management (CM)
D. Change management

Question # 157

An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective of the system. Which trust service principle would be MOST applicable in this situation?

A. Processing Integrity  
B. Availability  
C. Confidentiality  
D. Security  

Question # 158

Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?

A. Focus on operating environments that are changing, evolving, and full of emerging threats. 
B. Secure information technology (IT) systems that store, process, or transmit organizational information. 
C. Enable management to make well-informed risk-based decisions justifying security expenditure. 
D. Provide an improved mission accomplishment approach.  

Question # 159

A user is allowed to access the file labeled “Financial Forecast,” but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of access mechanism should be used to accomplish this?

A. Minimum access control 
B. Rule-based access control 
C. Limited role-based access control (RBAC)
D. Access control list (ACL)

Question # 160

What is the MOST common security risk of a mobile device? 

A. Insecure communications link  
B. Data leakage  
C. Malware infection  
D. Data spoofing  

Question # 161

Which of the following is the PRIMARY issue when analyzing detailed log information? 

A. Logs may be unavailable when required  
B. Timely review of the data is potentially difficult  
C. Most systems and applications do not support logging  
D. Logs do not provide sufficient details of system and individual activities  

Question # 162

A system developer has a requirement for an application to check for a secure digitalsignature before the application is accessed on a user's laptop. Which security mechanismaddresses this requirement?

A. Hardware encryption
B. Certificate revocation list (CRL) policy
C. Trusted Platform Module (TPM)
D. Key exchange

Question # 163

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?

A. Transport Layer  
B. Data Link and Physical Layers  
C. Application, Presentation, and Session Layers  
D. Session and Network Layers

Question # 164

An international trading organization that holds an International Organization forStandardization (ISO) 27001 certification is seeking to outsource their security monitoringto a managed security service provider (MSSP), The trading organization's security officeris tasked with drafting the requirements that need to be included in the outsourcingcontract.Which of the following MUST be included in the contract?

A. A detailed overview of all equipment involved in the outsourcing contract
B. The MSSP having an executive manager responsible for information security
C. The right to perform security compliance tests on the MSSP's equipment
D. The right to audit the MSSP's security process

Question # 165

When are security requirements the LEAST expensive to implement? 

A. When identified by external consultants
B. During the application rollout phase  
C. During each phase of the project cycle
D. When built into application design  

Question # 166

Physical Access Control Systems (PACS) allow authorized security personnel to manage and monitor access control for subjects through which function?

A. Remote access administration
B. Personal Identity Verification (PIV)
C. Access Control List (ACL)
D. Privileged Identity Management (PIM)

Question # 167

The security team has been tasked with performing an interface test against a frontendexternal facing application and needs to verify that all input fields protect againstinvalid input. Which of the following BEST assists this process?

A. Application fuzzing
B. Instruction set simulation
C. Regression testing
D. Sanity testing

Question # 168

What industry-recognized document could be used as a baseline reference that is related to data security and business operations for conducting a security assessment?

A. Service Organization Control (SOC) 1 Type 2  
B. Service Organization Control (SOC) 2 Type 1  
C. Service Organization Control (SOC) 1 Type 1  
D. Service Organization Control (SOC) 2 Type 2  

Question # 169

What part of an organization’s strategic risk assessment MOST likely includes information on items affecting the success of the organization? 

A. Key Risk Indicator (KRI)
B. Threat analysis
C. Vulnerability analysis
D. Key Performance Indicator (KPI)

Question # 170

What is the MINIMUM standard for testing a disaster recovery plan (DRP)? 

A. Semi-annually and in alignment with a fiscal half-year business cycle  
B. Annually or less frequently depending upon audit department requirements  
C. Quarterly or more frequently depending upon the advice of the information security manager
D. As often as necessary depending upon the stability of the environment and business requirements

Question # 171

Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when disposing of an office printer or copier? 

A. The device could contain a document with PII on the platen glass
B. Organizational network configuration information could still be present within the device
C. A hard disk drive (HDD) in the device could contain PII
D. The device transfer roller could contain imprints of PII 

Question # 172

Which of the following would be considered an incident if reported by a security information and event management (SIEM) system?

A. An administrator is logging in on a server through a virtual private network (VPN).  
B. A log source has stopped sending data.
C. A web resource has reported a 404 error.
D. A firewall logs a connection between a client on the Internet and a web server usingTransmission Control Protocol (TCP) on port 80.  

Question # 173

Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?

A. Disaster  
B. Catastrophe  
C. Crisis  
D. Accident  

Question # 174

Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?

A. Disaster  
B. Catastrophe  
C. Crisis  
D. Accident  

Question # 175

What is the PRIMARY objective of business continuity planning? 

A. Establishing a cost estimate for business continuity recovery operations  
B. Restoring computer systems to normal operations as soon as possible  
C. Strengthening the perceived importance of business continuity planning among senior management
D. Ensuring timely recovery of mission-critical business processes  

Question # 176

Which of the following MUST be done before a digital forensics investigator may acquire digital evidence?

A. Inventory the digital evidence.  
B. Isolate the digital evidence.  
C. Verify that the investigator has the appropriate legal authority to proceed.  
D. Perform hashing to verify the integrity of the digital evidence.  

Question # 177

Which technique helps system designers consider potential security concerns of their systems and applications?

A. Penetration testing  
B. Threat modeling  
C. Manual inspections and reviews  
D. Source code review  

Question # 178

What is the MAIN purpose of a security assessment plan? 

A. Provide guidance on security requirements, to ensure the identified security risks are properly addressed based on the recommendation 
B. Provide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments. 
C. Provide technical information to executives to help them understand information security postures and secure funding. 
D. Provide education to employees on security and privacy, to ensure their awareness on policies and procedures 

Question # 179

An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization's dedicated environment with a cloud service provider. What is the BEST way to prevent and correct the software's security weal

A. Implement a dedicated COTS sandbox environment  
B. Follow the software end-of-life schedule
C. Transfer the risk to the cloud service provider  
D. Examine the software updating and patching process  

Question # 180

Which of the following is the MOST significant key management problem due to the number of keys created?

A. Keys are more difficult to provision and
B. Storage of the keys requires increased security  
C. Exponential growth when using asymmetric keys  
D. Exponential growth when using symmetric keys  

Question # 181

A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the BEST response to this request? 

A. Email the policy to the colleague as they were already part of the organization and familiar with it. 
B. Do not acknowledge receiving the request from the former colleague and ignore them.  
C. Access the policy on a company-issued device and let the former colleague view the screen. 
D. Submit the request using company official channels to ensure the policy is okay to distribute. 

Question # 182

In order to support the least privilege security principle when a resource is transferring within the organization from a production support system administration role to a developer role, what changes should be made to the resource’s access to the production operating system (OS) directory structure?

A. From Read Only privileges to No Access Privileges  
B. From Author privileges to Administrator privileges  
C. From Administrator privileges to No Access privileges  
D. From No Access Privileges to Author privileges  

Question # 183

Which of the following is a correct feature of a virtual local area network (VLAN)? 

A. A VLAN segregates network traffic therefore information security is enhanced significantly.
B. Layer 3 routing is required to allow traffic from one VLAN to another.  
C. VLAN has certain security features such as where the devices are physically connected.  
D. There is no broadcast allowed within a single VLAN due to network segregation.  

Question # 184

Which of the following is the MOST important rule for digital investigations? 

A. Ensure event logs are rotated.  
B. Ensure original data is never modified.
C. Ensure individual privacy is protected.
D. Ensure systems are powered on.

Question # 185

Which change management role is responsible for the overall success of the project and supporting the change throughout the organization?

A. Change driver  
B. Change implementer  
C. Program sponsor  
D. Project manager  

Question # 186

Which of the following VPN configurations should be used to separate Internet and corporate traffic?

A. Split-tunnel  
B. Remote desktop gateway  
C. Site-to-site  
D. Out-of-band management  

Question # 187

Why would a system be structured to isolate different classes of information from one another and segregate them by user jurisdiction?

A. The organization can avoid e-discovery processes in the event of litigation.  
B. The organization's infrastructure is clearly arranged and scope of responsibility is simplified. 
C. The organization can vary its system policies to comply with conflicting national laws.  
D. The organization is required to provide different services to various third-party organizations.

Question # 188

When conducting a remote access session using Internet Protocol Security (IPSec), which Open Systems Interconnection (OSI) model layer does this connection use?

A. Transport
B. Network
C. Data link
D. Presentation

Question # 189

In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed? 

A. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement. 
B. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review. 
C. Ensure the business continuity policy, controls, processes, and procedures have been implemented.
D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established. 

Question # 190

A cybersecurity engineer has been tasked to research and implement an ultra-securecommunications channel to protect the organization's most valuable intellectual property(IP). The primary directive in this initiative is to ensure there Is no possible way thecommunications can be intercepted without detection. Which of the following Is the onlyway to ensure this‘outcome?

A. Diffie-Hellman key exchange
B. Symmetric key cryptography
C. [Public key infrastructure (PKI)
D. Quantum Key Distribution

Question # 191

Which of the following is the MOST common cause of system or security failures? 

A. Lack of system documentation
B. Lack of physical security controls
C. Lack of change control
D. Lack of logging and monitoring

Question # 192

When performing an investigation with the potential for legal action, what should be the analyst's FIRST consideration?

A. Chain-of-custody  
B. Authorization to collect  
C. Court admissibility  
D. Data decryption  

Question # 193

Which of the following attack types can be used to compromise the integrity of data during transmission?

A. Keylogging
B. Packet sniffing
C. Synchronization flooding
D. Session hijacking

Question # 194

Which of the following is the PRIMARY purpose of due diligence when an organization embarks on a merger or acquisition?

A. Assess the business risks.  
B. Formulate alternative strategies.  
C. Determine that all parties are equally protected.  
D. Provide adequate capability for all parties.  
E. Strategy and program management, project delivery, governance, operations  

Question # 195

A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in ?

A. Whitelisting application
B. Network segmentation
C. Hardened configuration
D. Blacklisting application

Question # 196

To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk of an attack? 

A. Install an antivirus on the server
B. Run a vulnerability scanner
C. Review access controls
D. Apply the latest vendor patches and updates

Question # 197

A hacker can use a lockout capability to start which of the following attacks? 

A. Denial of service (DoS)
B. Dictionary
C. Ping flood
D. Man-in-the-middle (MITM)

Question # 198

Who should formulate conclusions from a particular digital fore Ball, Submit a Toper Of Tags, and the results?

A. The information security professional's supervisor  
B. Legal counsel for the information security professional's employer  
C. The information security professional who conducted the analysis  
D. A peer reviewer of the information security professional  

Question # 199

Which of the following is TRUE for an organization that is using a third-party federated identity service?

A. The organization enforces the rules to other organization's user provisioning
B. The organization establishes a trust relationship with the other organizations
C. The organization defines internal standard for overall user identification
D. The organization specifies alone how to authenticate other organization's users

Question # 200

Dumpster diving is a technique used in which stage of penetration testing methodology? 

A. Attack  
B. Discovery  
C. Reporting  
D. Planning  

Question # 201

Which of the following are mandatory canons for the (ISC)* Code of Ethics? 

A. Develop comprehensive security strategies for the organization.  
B. Perform is, honestly, fairly, responsibly, and lawfully for the organization.  
C. Create secure data protection policies to principals.  
D. Provide diligent and competent service to principals.  

Question # 202

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input?

A. Unit testing
B. Integration testing
C. Negative testing
D. Acceptance testing

Question # 203

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-system gracefully handle invalid input? 

A. Negative testing  
B. Integration testing  
C. Unit testing  
D. Acceptance testing  

Question # 204

A large organization’s human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access? 

A. Implement a role-based access control (RBAC) system.
B. Implement identity and access management (IAM) platform.
C. Implement a Privileged Access Management (PAM) system.
D. Implement a single sign-on (SSO) platform.

Question # 205

What is the BEST approach to anonymizing personally identifiable information (PII) in a test environment? 

A. Randomizing data
B. Swapping data
C. Encrypting data
D. Encoding data

Question # 206

A security professional has reviewed a recent site assessment and has noted that a server room on the second floor of a building has Heating, Ventilation, and Air Conditioning (HVAC) intakes on the ground level that have ultraviolet light filters installed, Aero-K Fire suppression in the server room, and pre-action fire suppression on floors above the server room. Which of the following changes can the security professional recommend to reduce risk associated with these conditions?

A. Remove the ultraviolet light filters on the HVAC intake and replace the fire suppression system on the upper floors with a dry system 
B. Add additional ultraviolet light filters to the HVAC intake supply and return ducts and change server room fire suppression to FM-200
C. Apply additional physical security around the HVAC intakes and update upper floor fire suppression to FM-200.
D. Elevate the HVAC intake by constructing a plenum or external shaft over it and convert the server room fire suppression to a pre-action system 

Question # 207

A recent security audit is reporting several unsuccessful login attempts being repeated at specific times during the day on an Internet facing authentication server. No alerts have been generated by the security information and event management (SIEM) system. What PRIMARY action should be taken to improve SIEM performance? 

A. Implement role-based system monitoring
B. Audit firewall logs to identify the source of login attempts
C. Enhance logging detail
D. Confirm alarm thresholds

Question # 208

What is the PRIMARY objective of the post-incident phase of the incident response process in the security operations center (SOC)?

A. improve the IR process.  
B. Communicate the IR details to the stakeholders.  
C. Validate the integrity of the IR.  
D. Finalize the IR.  

Question # 209

Using the ciphertext and resultant clear text message to derive the non-alphabetic cipher key is an example of which method of cryptanalytic attack?

A. Frequency analysis  
B. Ciphertext-only attack  
C. Probable-plaintext attack  
D. Known-plaintext attack  

Question # 210

A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored? 

A. Validate passwords using a stored procedure.
B. Allow only the application to have access to the password field in order to verify userauthentication.
C. Use a salted cryptographic hash of the password.
D. Encrypt the entire database and embed an encryption key in the application.

Question # 211

The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?

A. Data Quality Principle  
B. Openness Principle  
C. Purpose Specification Principle  
D. Collection Limitation Principle

Question # 212

In which of the following system life cycle processes should security requirements be developed?

A. Risk management
B. Business analysis
C. Information management
D. System analysis

Question # 213

What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle?

A. Man-in-the-Middle (MITM)  
B. Denial of Service (DoS)  
C. Domain Name Server (DNS) poisoning  
D. Buffer overflow  

Question # 214

Which of the following is a covert channel type? 

A. Storage
B. Pipe
C. Memory
D. Monitoring

Question # 215

Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?

A. Test business continuity and disaster recovery (DR) plans.  
B. Design networks with the ability to adapt, reconfigure, and fail over.  
C. Implement network segmentation to achieve robustness.  
D. Follow security guidelines to prevent unauthorized network access.  

Question # 216

What would be the BEST action to take in a situation where collected evidence was left unattended overnight in an unlocked vehicle?

A. Report the matter to the local police authorities.  
B. Move evidence to a climate-controlled environment.  
C. Re-inventory the evidence and provide it to the evidence custodian.  
D. Immediately report the matter to the case supervisor.  

Question # 217

An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization's business goals?

A. Default the user to not share any information.  
B. Inform the user of the sharing feature changes after implemented.  
C. Share only what the organization decides is best.  
D. Stop sharing data with the other users.

Question # 218

Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

A. Security Assertion Markup Language (SAML)
B. Service Oriented Architecture (SOA)
C. Extensible Markup Language (XML)  
D. Wireless Authentication Protocol (WAP)

Question # 219

A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?

A. Pinning  
B. Single-pass wipe  
C. Degaussing  
D. Multi-pass wipes  

Question # 220

A software architect has been asked to build a platform to distribute music to thousands of users on a global scale. The architect has been reading about content delivery networks (CDN). Which of the following is a principal task to undertake?

A. Establish a service-oriented architecture (SOA).  
B. Establish a media caching methodology.
C. Establish relationships with hundreds of Internet service providers (ISP).  
D. Establish a low-latency wide area network (WAN).  

Question # 221

Which of the following protects personally identifiable information (PII) used by financial services organizations? 

A. National Institute of Standards and Technology (NIST) SP 800-53
B. Gramm-Leach-Bliley Act (GLBA)
C. Payment Card Industry Data Security Standard (PCI-DSS)
D. Health Insurance Portability and Accountability Act (HIPAA) 

Question # 222

What is considered the BEST explanation when determining whether to provide remote network access to a third-party security service? 

A. Contract negotiation
B. Vendor demonstration
C. Supplier request
D. Business need

Question # 223

A Distributed Denial of Service (DDoS) attack was carried out using malware called Mirai to create a large-scale command and control system to launch a botnet. Which of the following devices were the PRIMARY sources used to generate the attack traffic?

A. Internet of Things (IoT) devices  
B. Microsoft Windows hosts  
C. Web servers running open source operating systems (OS)  
D. Mobile devices running Android

Question # 224

What is the MOST common cause of Remote Desktop Protocol (RDP) compromise? 

A. Port scan
B. Brute force attack
C. Remote exploit
D. Social engineering

Question # 225

To comply with industry requirements, a security assessment on the cloud server should identify which protocols and weaknesses are being exposed to attackers on the Internet. Which of the following tools is the MOST appropriate to complete the assessment?

A Use tcpdump and parse the output file in a protocol analyzer. 
B. Use an IP scanner and target the cloud WAN network addressing 
C. Run netstat in each cloud server and retrieve the running processes. 
D. Use nmap and set the servers’ public IPs as the targets. 

Question # 226

In a disaster recovery (DR) test, which of the following would be a trait of crisis management? 

A. Wide focus
B. Strategic
C. Anticipate
D. Process

Question # 227

Which of the following is MOST appropriate to collect evidence of a zero-day attack? 

A. Firewall  
B. Honeypot  
C. Antispam  
D. Antivirus  

Question # 228

The ability to send malicious code, generally in the form of a client side script, to a different end user is categorized as which type of vulnerability? 

A. Session hijacking
B. Cross-site request forgery (CSRF)
C. Cross-Site Scripting (XSS)
D. Command injection

Question # 229

Which of the following is considered the FIRST step when designing an internal security control assessment?

A. Create a plan based on recent vulnerability scans of the systems in question.  
B. Create a plan based on comprehensive knowledge of known breaches.  
C. Create a plan based on a recognized framework of known controls.  
D. Create a plan based on reconnaissance of the organization's infrastructure.  

Question # 230

Which of the following describes the order in which a digital forensic process is usually conducted?  

A. Ascertain legal authority, agree upon examination strategy, conduct examination, andreport results
B. Ascertain legal authority, conduct investigation, report results, and agree uponexamination strategy
C. Agree upon examination strategy, ascertain legal authority, conduct examination, andreport results
D. Agree upon examination strategy, ascertain legal authority, report results, and conductexamination

Question # 231

While classifying credit card data related to Payment Card Industry Data Security Standards (PCI-DSS), which of the following is a PRIMARY security requirement?

A. Processor agreements with card holders
B. Three-year retention of data  
C. Encryption of data  
D. Specific card disposal methodology  

Question # 232

An employee's home address should be categorized according to which of the following references?

A. The consent form terms and conditions signed by employees
B. The organization's data classification model
C. Existing employee data classifications
D. An organization security plan for human resources

Question # 233

If traveling abroad and a customs official demands to examine a personal computer, which of the following should be assumed?

A. The hard drive has been stolen.  
B. The Internet Protocol (IP) address has been copied.  
C. The hard drive has been copied.  
D. The Media Access Control (MAC) address was stolen  

Question # 234

Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization's approved policies before being allowed on the network? 

A. Group Policy Object (GPO)
B. Network Access Control (NAC)
C. Mobile Device Management (MDM)
D. Privileged Access Management (PAM)

Question # 235

An organization is considering partnering with a third-party supplier of cloud services. The organization will only be providing the data and the third-party supplier will be providing the security controls. Which of the following BEST describes this service offering?

A. Platform as a Service (PaaS)
B. Infrastructure as a Service (IaaS)
C. Software as a Service (SaaS)
D. Anything as a Service (XaaS)

Question # 236

Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?

A. Time separation  
B. Trusted Computing Base (TCB)  
C. Reference monitor  
D. Security kernel  

Question # 237

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

A. Read
B. Execute
C. Write
D. Append

Question # 238

Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?

A. Security Assertion Markup Language (SAML)
B. Web application vulnerability scanners
C. Runtime application self-protection (RASP)  
D. Field-level tokenization  

Question # 239

Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?

A. Vendors take on the liability for COTS software vulnerabilities.
B. In-house developed software is inherently less secure.
C. Exploits for COTS software are well documented and publicly available.
D. COTS software is inherently less secure.

Question # 240

Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations? 

A. Multiprotocol Label Switching (MPLS)
B. Synchronous Optical Networking (SONET)
C. Session Initiation Protocol (SIP)
D. Fiber Channel Over Ethernet (FCoE)

Question # 241

The MAIN purpose of placing a tamper seal on a computer system's case is to: 

A. raise security awareness.  
B. detect efforts to open the case.  
C. expedite physical auditing.  
D. make it difficult to steal internal components.  

Question # 242

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks? 

A. Implement egress filtering at the organization's network boundary.
B. Implement network access control lists (ACL).
C. Implement a web application firewall (WAF).
D. Implement an intrusion prevention system (IPS).

Question # 243

Which of the following factors is á PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?

A. Testing and Evaluation (TE) personnel changes  
B. Changes to core missions or business processes  
C. Increased Cross-Site Request Forgery (CSRF) attacks  
D. Changes in Service Organization Control (SOC) 2 reporting requirements  

Question # 244

What is the overall goal of software security testing? 

A. Identifying the key security features of the software
B. Ensuring all software functions perform as specified
C. Reducing vulnerabilities within a software system
D. Making software development more agile

Question # 245

When configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network, which of the following authentication types is the MOST secure?

A. EAP-Transport Layer Security (TLS)  
B. EAP-Flexible Authentication via Secure Tunneling  
C. EAP-Tunneled Transport Layer Security (TLS)  
D. EAP-Protected Extensible Authentication Protocol (PEAP)  

Question # 246

Data remanence is the biggest threat in which of the following scenarios? 

A. A physical disk drive has been overwritten and reused within a datacenter.
B. A physical disk drive has been degaussed, verified, and released to a third party fordest…….
C. A flash drive has been overwritten, verified, and reused within a datacenter.
D. A flash drive has been overwritten and released to a third party for destruction.

Question # 247

What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?

A. Risk assessment  
B. Performance testing  
C. Security audit  
D. Risk management  

Question # 248

A large human resources organization wants to integrate its identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share them with other partners in the future. Which of the following options does BEST serve their needs?

A. Federated identity  
B. Cloud Active Directory (AD)  
C. Security Assertion Markup Language (SAML)
D. Single sign-on (SSO)  

Question # 249

In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware? 

A. Disable all command line interfaces.
B. Disallow untested code in the execution space of the SCADA device.
C. Prohibit the use of unsecure scripting languages.
D. Disable Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port138 and 139 on the SCADA device.  

Question # 250

A malicious user gains access to unprotected directories on a web server. Which of the following is MOST likely the cause for this information disclosure?

A. Security misconfiguration
B. Cross-site request forgery (CSRF)
C. Structured Query Language injection (SQLi)
D. Broken authentication management

Question # 251

Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?

A. Time separation  
B. Trusted Computing Base (TCB)  
C. Reference monitor  
D. Security kernel  

Question # 252

Which of the following describes the BEST method of maintaining the inventory of software and hardware within the organization? 

A. Maintaining the inventory through a combination of desktop configuration, administrationmanagement, and procurement management tools
B. Maintaining the inventory through a combination of asset owner interviews, open-sourcesystem management, and open-source management tools
C. Maintaining the inventory through a combination of on-premise storage configuration,cloud management, and partner management tools
D. Maintaining the inventory through a combination of system configuration, networkmanagement, and license management tools

Question # 253

Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?

A. Security Assertion Markup Language (SAML)
B. Web application vulnerability scanners
C. Runtime application self-protection (RASP)  
D. Field-level tokenization  

Question # 254

An Internet media company produces and broadcasts highly popular television shows. The company is suffering a huge revenue loss due to piracy. What technique should be used to track the distribution of content?

A. Install the latest data loss prevention (DLP) software at every server used to distributecontent.
B. Log user access to servers. Every day those log records are going to be audited by ateam of specialized investigators.
C. Hire several investigators to identify sources of pirated content and report peoplesharing the content.
D. Use watermarking to hide a signature into the digital media such that it can be used tofind who is using the company’s content. 

Question # 255

An application developer receives a report back from the security team showing theirautomated tools were able to successfully enter unexpected data into the organization'scustomer service portal, causing the site to crash. This is an example of which type oftesting?

A. Non-functional
B. Positive
C. Performance
D. Negative

Question # 256

The MAIN purpose of placing a tamper seal on a computer system's case is to: 

A. raise security awareness.  
B. detect efforts to open the case.  
C. expedite physical auditing.  
D. make it difficult to steal internal components.  

Question # 257

A software developer wishes to write code that will execute safely and only as intended.Which of the following programming language types is MOST likely to achieve this goal?

A. Statically typed
B. Weakly typed
C. Strongly typed
D. Dynamically typed

Question # 258

Which of the following factors is á PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?

A. Testing and Evaluation (TE) personnel changes  
B. Changes to core missions or business processes  
C. Increased Cross-Site Request Forgery (CSRF) attacks  
D. Changes in Service Organization Control (SOC) 2 reporting requirements  

Question # 259

Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?

A. Prevent information about browsing activities from being stored in the cloud.
B. Store browsing activities in the cloud.
C. Prevent information about browsing activities farm being stored on the personal device.
D. Store information about browsing activities on the personal device.

Question # 260

When configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network, which of the following authentication types is the MOST secure?

A. EAP-Transport Layer Security (TLS)  
B. EAP-Flexible Authentication via Secure Tunneling  
C. EAP-Tunneled Transport Layer Security (TLS)  
D. EAP-Protected Extensible Authentication Protocol (PEAP)  

Question # 261

Where can the Open Web Application Security Project (OWASP) list of associated vulnerabilities be found?

A. OWASP Top 10 Project
B. OWASP Software Assurance Maturity Model (SAMM) Project
C. OWASP Guide Project
D. OWASP Mobile Project

Question # 262

An organization is setting a security assessment scope with the goal of developing a Security Management Program (SMP). The next step is to select an approach for conducting the risk assessment. Which of the following approaches is MOST effective for the SMP?

A. Data driven risk assessment with a focus on data
B. Security controls driven assessment that focuses on controls management
C. Business processes based risk assessment with a focus on business goals
D. Asset driven risk assessment with a focus on the assets

Question # 263

What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?

A. Risk assessment  
B. Performance testing  
C. Security audit  
D. Risk management  

Question # 264

A large human resources organization wants to integrate its identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share them with other partners in the future. Which of the following options does BEST serve their needs?

A. Federated identity  
B. Cloud Active Directory (AD)  
C. Security Assertion Markup Language (SAML)
D. Single sign-on (SSO)  

Question # 265

A security engineer is assigned to work with the patch and vulnerability managementgroup. The deployment of a new patch has been approved and needs to be applied.The research is complete, and the security engineer has provided recommendations.Where should the patch be applied FIRST?

A. Server environment
B. Desktop environment
C. Lower environment
D. Production environment

Question # 266

Which of the following routing protocols is used to exchange route information between public autonomous systems? 

A. OSPF
B. BGP
C. EIGRP
D. RIP

Question # 267

Which of the following determines how traffic should flow based on the status of the infrastructure true?

A. Application plane  
B. Data plane  
C. Control plane  
D. Traffic plane  

Question # 268

A federal agency has hired an auditor to perform penetration testing on a critical system aspart of the mandatory, annual Federal Information Security Management Act (FISMA)security assessments. The auditor is new to this system but has extensive experience withall types of penetration testing. The auditor has decided to begin withsniffing network traffic. What type of penetration testing is the auditor conducting?

A. White box testing
B. Black box testing
C. Gray box testing
D. Red box testing

Question # 269

Which of the following is the MOST appropriate technique for destroying magnetic platter style hard disk drives (HDD) containing data with a "HIGH" security categorization?

A. Drill through the device and platters.
B. Mechanically shred the entire HDD.  
C. Remove the control electronics.  
D. HP iProcess the HDD through a degaussing device.  

Question # 270

Which of the following is an example of a vulnerability of full-disk encryption (FDE)? 

A. Data at rest has been compromised when the user has authenticated to the device.
B. Data on the device cannot be restored from backup.
C. Data in transit has been compromised when the user has authenticated to the device.
D. Data on the device cannot be backed up.

Question # 271

Which of the following is a secure design principle for a new product? 

A. Build in appropriate levels of fault tolerance.
B. Utilize obfuscation whenever possible.
C. Do not rely on previously used code.
D. Restrict the use of modularization.

Question # 272

Which of the following protection is provided when using a Virtual Private Network (VPN) with Authentication Header (AH)?

A. Payload encryption  
B. Sender confidentiality  
C. Sender non-repudiation  
D. Multi-factor authentication (MFA)  

Question # 273

Recently, an unknown event has disrupted a single Layer-2 network that spans betweentwo geographically diverse data centers. The network engineers have asked for assistanceinidentifying the root cause of the event. Which of the following is the MOST likely cause?

A. Misconfigured routing protocol
B. Smurf attack
C. Broadcast domain too large
D. Address spoofing

Question # 274

A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?

A. Design  
B. Test  
C. Development  
D. Deployment  

Question # 275

Which of the following phases in the software acquisition process does developing evaluation criteria take place? 

A. Follow-On
B. Planning
C. Contracting
D. Monitoring and Acceptance

Question # 276

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?

A. Secure Shell (SSH)
B. Internet Protocol Security (IPsec)
C. Secure Sockets Layer (SSL)
D. Extensible Authentication Protocol (EAP)

Question # 277

Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?

A. Information Security Management System (ISMS)  
B. Information Sharing & Analysis Centers (ISAC)  
C. Risk Management Framework (RMF)  
D. Information Security Continuous Monitoring (ISCM)  

Question # 278

What is the term used to define where data is geographically stored in the cloud? 

A. Data warehouse
B. Data privacy rights
C. Data subject rights
D. Data sovereignty

Question # 279

Which of the following is the reason that transposition ciphers are easily recognizable? 

A. Key  
B. Block  
C. Stream  
D. Character  

Question # 280

Which of the following statements BEST describes least privilege principle in a cloud environment?

A. Network segments remain private if unneeded to access the internet.  
B. Internet traffic is inspected for all incoming and outgoing packets.
C. A single cloud administrator is configured to access core functions.
D. Routing configurations are regularly updated with the latest routes.

Question # 281

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?

A. In-house development provides more control.  
B. In-house team lacks resources to support an on-premise solution.  
C. Third-party solutions are inherently more secure.  
D. Third-party solutions are known for transferring the risk to the vendor.  

Question # 282

Which type of disaster recovery plan (DRP) testing carries the MOST operational risk? 

A. Cutover
B. Walkthrough
C. Tabletop
D. Parallel

Question # 283

In order to provide dual assurance in a digital signature system, the design MUST include which of the following?

A. The public key must be unique for the signed document.
B. signature process must generate adequate authentication credentials.
C. The hash of the signed document must be present.
D. The encrypted private key must be provided in the signing certificate.

Question # 284

A large manufacturing organization arranges to buy an industrial machine system to produce a new line of products. The system includes software provided to the vendor by a thirdparty organization. The financial risk to the manufacturing organization starting production is high. What step should the manufacturing organization take to minimize its financial risk in the new venture prior to the purchase? 

A. Hire a performance tester to execute offline tests on a system.  
B. Calculate the possible loss in revenue to the organization due to software bugs and vulnerabilities, and compare that to the system's overall price.
C. Place the machine behind a Layer 3 firewall.  
D. Require that the software be thoroughly tested by an accredited independent software testing company. 

Question # 285

A web developer is completing a new web application security checklist before releasingthe application to production. the task of disabling unecessary services is on the checklist.Which web application threat is being mitigated by this action?

A. Security misconfiguration
B. Sensitive data exposure
C. Broken access control
D. Session hijacking

Question # 286

A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement? 

A. SOC 1
B. SOC 2 Type I
C. SOC 2 Type II
D. SOC 3

Question # 287

Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

A. The SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets. 
B. The SPI inspects the traffic in the context of a session.  
C. The SPI is capable of dropping packets based on a pre-defined rule set.  
D. The SPI inspects traffic on a packet-by-packet basis.  

Question # 288

What requirement MUST be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation?

A. The auditor must be independent and report directly to the management.
B. The auditor must utilize automated tools to back their findings.
C. The auditor must work closely with both the information Technology (IT) and securitysections of an organization.
D. The auditor must perform manual reviews of systems and processes.

Question # 289

A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?

A. Open-source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild. 
B. Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited. 
C. Open-source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit. 
D. Open-source libraries contain unknown vulnerabilities, so they should not be used.  

Question # 290

Which of the following actions should be taken by a security professional when a mission critical computer network attack is suspected?  

A. Isolate the network, log an independent report, fix the problem, and redeploy thecomputer.
B. Isolate the network, install patches, and report the occurrence.
C. Prioritize, report, and investigate the occurrence.
D. Turn the rooter off, perform forensic analysis, apply the appropriate fin, and logincidents.

Question # 291

What method could be used to prevent passive attacks against secure voice communications between an organization and its vendor? 

A. Encryption in transit  
B. Configure a virtual private network (VPN)  
C. Configure a dedicated connection  
D. Encryption at rest  

Question # 292

Which of the following types of devices can provide content filtering and threat protection, and manage multiple IPSec site-to-site connections? 

A. Layer 3 switch
B. VPN headend
C. Next-generation firewall
D. Proxy server
E. Intrusion prevention

Question # 293

Which of the following BEST describes botnets? 

A. Computer systems on the Internet that are set up to trap people who attempt to penetrate another computer system 
B. Set of related programs that protects the resources of a private network from other networks
C. Small network inserted in a neutral zone between an organization's private network and the outside public network 
D. Groups of computers that are used to launch destructive attacks  

Question # 294

Which of the following is the final phase of the identity and access provisioning lifecycle?

A. Recertification 
B. Revocation 
C. Removal 
D. Validation 

Question # 295

Upon commencement of an audit within an organization, which of the following actions is MOST important for the auditor(s) to take?

A. Understand circumstances which may delay the overall audit timelines.  
B. Review all prior audit results to remove all areas of potential concern from the audit scope. 
C. Meet with stakeholders to review methodology, people to be interviewed, and audit scope. 
D. Meet with stakeholders to understand which types of audits have been completed.  

Question # 296

Which of the following access control models is MOST restrictive? 

A. Discretionary Access Control (DAC)  
B. Mandatory Access Control (MAC)  
C. Role-Based Access Control (RBAC)  
D. Rule-based access control  

Question # 297

An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the FIRSTaction to be taken?

A. Recommend an update to the change control process. 
B. Verify the approval of the configuration change. 
C. Roll back the application to the original configuration. 
D. Document the changes to the configuration.