1) Which of the following is not addressed by the data retention policy?
What data to keep
For whom data is kept
How long data is kept
Where data is kept
2) What best describes two-factor authentication?
A hard token and a smart card
A user name and a PIN
A password and a PIN
A PIN and a hard token
3) Who is accountable for implementing information security?
Everyone
Senior management
Security officer
Data owners
4) Many privacy laws dictate which of the following rules?
Individuals have a right to remove any data they do not want others to know
Agencies do not need to ensure that the data is accurate
Agencies need to allow all government agencies access to the data
Agencies cannot use collected data for a purpose different from what they were collected for
5) Business impact analysis is performed to best identify what?
Exposure to loss the organization faces
Impacts of a threat to the organization operations
Cost-effcient way to eliminate threats
Impacts of a risk to the organization
6) Which factor is the most important item when it comes to ensuring security is successful in an organization?
Senior management support
Effective controls and implementation methods
Updated and relevant security policies and procedures
Security awareness by all employees
7) When selecting a security testing method or tool, the practitioner needs to consider many different things, such as:
Surface and supported technology
Security roles and responsibilities for staff
Culture of the organization and likelihood of exposure
Local annual frequency estimate and standard annual frequency estimate
8) What is an advantage of RSA over DSA?
It can provide digital signature and encryption functionality
It uses fewer resources and encrypts faster because it uses symmetric keys
It is a block cipher rather than a stream cipher
It employs a one-time encryption pad
9) Tactical security plans are best used to do what?
Deploy new security technology
Enable enterprise security management
Establish high-level security policies
Reduce downtime
10) What is optimal placement for network based intrusion detection system (NIDS)?
External Service Provider
Network Operation Center (NOC)
Network segments with business critical systems (DMZ) and certain intranet segments
Network perimeter to alert network admins of suspicious traffic
11) Which is concerned with identifying the root cause but also addressing the underlying issue?
Change management
Incident management
Configuration management
Problem management
12) Single loss expectancy (SLE) is calculated by using?
Asset value and annualized rate of occurrence (ARO)
Asset value, local annual frequency estimate (LAFE), and standard annual frequency estimate (SAFE)
Asset value and exposure factor
Local annual frequency estimate and annualized rate of occurrence
13) Triage encompasses which of the following incident response sub-phases?
Collection, transport, testimony
Traceback, feedback, loopback
Detection, identification, notification
Confidentiality, integrity, availability
14) What is the term for the act of secretly observing and recording someone's keystrokes on a computer?
Keystroking
Keylogging
Logkeying
Stokelogs
15) Which of the following best determines access of an individual?
Role
Clearance
Partnership with security team
Job rank or title
16) Which item is not part of a Kerberos authentication implementation?
Message authentication code
Ticket granting service
Authentication service
Users, programs, and services
17) Before applying a software update to production systems, it is most important that
The patching is documented
The systems are backed up
Full information about the threat that the patch addresses is available
An independent third-party attests the validity of the patch
18) Which one is the most common security threat with IoT devices?
Logical Network Segmentation
Lack of device management
Lack of system updates against a new vulnerability
Backdoor
19) Which of the following can help with ensuring that only the needed logs are collected for monitoring?
Clipping
Aggregation
Inference
XML Parsing
20) In the OSI reference model, on which layer is Ethernet?
Layer 1 - Physical layer
Layer 2 - Data-link layer
Layer 3 - Network layer
Layer 4 - Transport layer