Quix3 - 50Q

Which one of the following actions is not normally part of the project scope and planning phase of business continuity planning?

Gary is implementing a new website architecture that uses multiple small web servers behind a load balancer. What principle of information security is Gary seeking to enforce?

Becka recently signed a contract with an alternate data processing facility that will provide her company with space in the event of a disaster. The facility includes HVAC, power, and communications circuits but no hardware. What type of facility is Becka using?

Ben is seeking a control objective framework that is widely accepted around the world and focuses specifically on information security controls. Which one of the following frameworks would best meet his needs?

Which one of the following agreements typically requires that a vendor not disclose confidential information learned during the scope of an engagement?

What issue is the validation portion of the NIST SP 800-88 sample certificate of sanitization (shown here) intended to help prevent?

Why is declassification rarely chosen as an option for media reuse?

Incineration, crushing, shredding, and disintegration all describe what stage in the lifecycle of media?

The European Union (EU) General Data Protection Regulation (GDPR) does not include which of the following key elements?

Why might an organization use unique screen backgrounds or designs on workstations that deal with data of different classification levels?

Alice has read permissions on an object, and she would like Bob to have those same rights. Which one of the rules in the Take-Grant protection model would allow her to complete this operation?

As part of his incident response process, Charles securely wipes the drive of a compromised machine and reinstalls the operating system (OS) from original media. Once he is done, he patches the machine fully and applies his organization’s security templates before reconnecting the system to the network. Almost immediately after the system is returned to service, he discovers that it has reconnected to the same botnet it was part of before. Where should Charles look for the malware that is causing this behavior?

Which one of the following computing models allows the execution of multiple concurrent tasks within a single process?

Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message?

Lauren’s networking team has been asked to identify a technology that will allow them to dynamically change the organization’s network by treating the network like code. What type of architecture should she recommend?

Cable modems, ISDN, and DSL are all examples of what type of technology?

What type of firewall design is shown in the following image?

During a review of her organization’s network, Angela discovered that it was suffering from broadcast storms and that contractors, guests, and organizational administrative staff were on the same network segment. What design change should Angela recommend?

ICMP, RIP, and network address translation all occur at what layer of the OSI model?

Kathleen works for a data center hosting facility that provides physical data center space for individuals and organizations. Until recently, each client was given a magnetic-strip-based keycard to access the section of the facility where their servers are located, and they were also given a key to access the cage or rack where their servers reside. In the past month, a number of servers have been stolen, but the logs for the passcards show only valid IDs. What is Kathleen’s best option to make sure that the users of the passcards are who they are supposed to be?

Which of the following is a ticket-based authentication protocol designed to provide secure communication?

What type of access control is composed of policies and procedures that support regulations, requirements, and the organization’s own policies?

In a Kerberos environment, when a user needs to access a network resource, what is sent to the TGS?

Which objects and subjects have a label in a MAC model?

Emily builds a script that sends data to a web application that she is testing. Each time the script runs, it sends a series of transactions with data that fits the expected requirements of the web application to verify that it responds to typical customer behavior. What type of transactions is she using, and what type of test is this?

What passive monitoring technique records all user interaction with an application or website to ensure quality and performance?

Earlier this year, the information security team at Jim’s employer identified a vulnerability in the web server that Jim is responsible for maintaining. He immediately applied the patch and is sure that it installed properly, but the vulnerability scanner has continued to incorrectly flag the system as vulnerable due to the version number it is finding even though Jim is sure the patch is installed. Which of the following options is Jim’s best choice to deal with the issue?

Angela wants to test a web browser’s handling of unexpected data using an automated tool. What tool should she choose?

STRIDE, which stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege, is useful in what part of application threat modeling?

Helen is implementing a new security mechanism for granting employees administrative privileges in the accounting system. She designs the process so that both the employee’s manager and the accounting manager must approve the request before the access is granted. What information security principle is Helen enforcing?

Which one of the following is not a requirement for evidence to be admissible in court?

In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other’s identity?

Which of the following organizations would be likely to have a representative on a CSIRT? I. Information security II. Legal counsel III. Senior management IV. Engineering

Sam is responsible for backing up his company’s primary file server. He configured a backup schedule that performs full backups every Monday evening at 9 p.m. and differential backups on other days of the week at that same time. Files change according to the information shown in the following figure. How many files will be copied in Wednesday’s backup?

Victor recently took a new position at an online dating website and is responsible for leading a team of developers. He realized quickly that the developers are having issues with production code because they are working on different projects that result in conflicting modifications to the production code. What process should Victor invest in improving?

What type of database security issue exists when a collection of facts has a higher classification than the classification of any of those facts standing alone?

What are the two types of covert channels that are commonly exploited by attackers seeking to surreptitiously exfiltrate information?

Vivian would like to hire a software tester to come in and evaluate a new web application from a user’s perspective. Which of the following tests best simulates that perspective?

Referring to the database transaction shown here, what would happen if no account exists in the Accounts table with account number 1001?

Which one of the following security tools is not capable of generating an active response to a security event?

In virtualization platforms, what name is given to the module that is responsible for controlling access to physical resources by virtual resources?

What term is used to describe the default set of privileges assigned to a user when a new account is created?

Which one of the following types of agreements is the most formal document that contains expectations about availability and other performance parameters between a service provider and a customer?

Which one of the following frameworks focuses on IT service management and includes topics such as change management, configuration management, and service level agreements?

What type of malware is characterized by spreading from system to system under its own power by exploiting vulnerabilities that do not require user intervention?

Kim is troubleshooting an application firewall that serves as a supplement to the organization’s network and host firewalls and intrusion prevention system, providing added protection against webbased attacks. The issue the organization is experiencing is that the firewall technology suffers somewhat frequent restarts that render it unavailable for 10 minutes at a time. What configuration might Kim consider to maintain availability during that period at the lowest cost to the company?

What type of security issue arises when an attacker can deduce a more sensitive piece of information by analyzing several pieces of information classified at a lower level?

Greg is battling a malware outbreak in his organization. He used specialized malware analysis tools to capture samples of the malware from three different systems and noticed that the code is changing slightly from infection to infection. Greg believes that this is the reason that antivirus software is having a tough time defeating the outbreak. What type of malware should Greg suspect is responsible for this security incident?

Richard is experiencing issues with the quality of network service on his organization’s network. The primary symptom is that packets are consistently taking too long to travel from their source to their destination. What term describes the issue Richard is facing?

Why should passive scanning be conducted in addition to implementing wireless security technologies like wireless intrusion detection systems?