1) Technical evaluation of assurance to ensure that security requirements have been met is known as?
Accreditation
Evaluation
Validation
Verfication
2) What is the process of making digital data unreadable to unauthorized users?
VPN
Encryption
FTP
Deserialization
3) The best way to ensure that no data remanence of sensitive information that was stored on a DVD-R media is by
Deletion
Destruction
Overwritting
Degaussing
4) What is the right time to plan for security?
Pre-deployment
Post-deployment
Testing Phase
Monitoring Phase
5) Which is concerned with identifying the root cause but also addressing the underlying issue?
Change management
Incident management
Configuration management
Problem management
6) When receiving an email from an unknown contact that has an attachment, you should:
Open the attachment and view the contents
Delete the email
Report the email as Phishing
Forward to your personal email
7) Triage encompasses which of the following incident response sub-phases?
Collection, transport, testimony
Traceback, feedback, loopback
Detection, identification, notification
Confidentiality, integrity, availability
8) What is optimal placement for network based intrusion detection system (NIDS)?
External Service Provider
Network Operation Center (NOC)
Network segments with business critical systems (DMZ) and certain intranet segments
Network perimeter to alert network admins of suspicious traffic
9) A way to defeat frequency analysis as a method to determine the key is to use what?
Inversion ciphers
Transposition ciphers
Substitution ciphers
Confusion
10) Many privacy laws dictate which of the following rules?
Individuals have a right to remove any data they do not want others to know
Agencies do not need to ensure that the data is accurate
Agencies need to allow all government agencies access to the data
Agencies cannot use collected data for a purpose different from what they were collected for
11) A SOC Type 2 report commonly covers what?
9-month period
12-month period
18-month period
Minimum of 6-month period
12) Formal acceptance of an evaluated system by management is known as what?
Authorization
Verification
Certification
Validation
13) Which of the following can help with ensuring that only the needed logs are collected for monitoring?
Clipping
Aggregation
Inference
XML Parsing
14) A disadvantage of single sign-on is?
Consistent time-out enforcement across platforms
A compromised password exposes all authorized resources
Use of multiple passwords to remember
Password change control
15) Which item is not part of a Kerberos authentication implementation?
Message authentication code
Ticket granting service
Authentication service
Users, programs, and services
16) In the OSI reference model, on which layer is Ethernet?
Layer 1 - Physical layer
Layer 2 - Data-link layer
Layer 3 - Network layer
Layer 4 - Transport layer
17) Security awareness training includes?
Legislated security compliance objectives
Security roles and responsibilities for staff
The high-level outcome of vulnerability assessments
Specialized curriculum assignments, coursework and an accredited institution
18) Which of the following best determines access of an individual?
Role
Clearance
Partnership with security team
Job rank or title
19) Which factor is the most important item when it comes to ensuring security is successful in an organization?
Senior management support
Effective controls and implementation methods
Updated and relevant security policies and procedures
Security awareness by all employees
20) If speed is preferred over resilience, which of the following RAID configurations is best?
Raid 1
Raid 10
Raid 5
Raid 0