6. COBIT, Control Objectives for Information and Related Technology, is a framework for IT management and governance. Which data management role is most likely to select and apply COBIT to balance the need for security controls against business requirements?
2. Angela is an information security architect at a bank and has been assigned to ensure that transactions are secure as they traverse the network. She recommends that all transactions use TLS. What threat is she most likely attempting to stop, and what method is she using to protect against it?
9. The need to protect sensitive data drives what administrative process?
10. Fran’s company is considering purchasing a web-based email service from a vendor and eliminating its own email server environment as a cost-saving measure. What type of cloud computing environment is Fran’s company considering?
7. What term is used to describe a starting point for a minimum security standard?
8. When media is labelled based on the classification of the data it contains, what rule is typically applied regarding labels?
12. If Alice wishes to send Bob an encrypted message, what key does she use to encrypt the message?
Refer to the following scenario.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
13. When Bob receives the encrypted message from Alice, what key does he use to decrypt the message?
Refer to the following scenario.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
14. Which one of the following keys would Bob not possess in this scenario?
Refer to the following scenario.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
15. Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature?
Refer to the following scenario.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
16. What name is given to the random value added to a password in an attempt to defeat rainbow table attacks?
21. Which of the following options is not a common best practice for securing a wireless network?
22. What network topology is shown in the image below?
23. Ben has configured his network to not broadcast a SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered?
26. Which of the following items are not commonly associated with restricted interfaces?
28. What major issue often results from decentralized access control?
29. Jim has been contracted to perform a penetration test of a bank’s primary branch. In order to make the test as real as possible, he has not been given any information about the bank other than its name and address. What type of penetration test has Jim agreed to perform?
18. Which one of the following elements of information is not considered personally identifiable information that would trigger most US state data breach laws?
33. Which one of the following individuals is most likely to lead a regulatory investigation?
35. Toni responds to the desk of a user who reports slow system activity. Upon checking outbound network connections from that system, Toni notices a large amount of social media traffic originating from the system. The user does not use social media, and when Toni checks the accounts in question, they contain strange messages that appear encrypted. What is the most likely cause of this traffic?
19. Gary is deploying a wireless network and wants to deploy the fastest possible wireless technology. Of the 802.11 standards listed below, which is the fastest 2.4 GHz option he has?
20. What common applications are associated with each of the following TCP ports: 23, 25, 143, and 515?
25. If Susan’s organization requires her to log in with her username, a PIN, a password, and a retina scan, how many distinct types of factor has she used?
20. Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts?
30. Which one of the following is not a privileged administrative activity that should be automatically sent to a log of superuser actions?
26. Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite the fact that she knows the user’s password. What hardware security feature is likely causing this problem?
27. What type of attack has Saria discovered?
During a log review, Saria discovers a series of logs that show login failures as shown here:
Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=orange
Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=Orang3
Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=Orange93
Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=Orangutan1
Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=Orangemonkey
37. Which one of the following statements is not true about code review?
18. Which of the following is not a potential problem with active wireless scanning?
38.Which process is responsible for ensuring that changes to software include acceptance testing?
40. When using the SDLC, which one of these steps should, you take before the others?
34. Which one of the following trusted recovery types does not fail into a secure operating state?
1. An evil twin attack that broadcasts a legitimate SSID for an unauthorized network is an example of what category of threat?
2. FlyAway Travel has offices in both the European Union and the United States and transfers personal information between those offices regularly. Which of the seven requirements for processing personal information states that organizations must inform individuals about how the information they collect is used?
11. Michael is responsible for forensic investigations and is investigating a medium severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take?
