<< Prev Question Next Question >>

Question 5/213

Which of the following authorization standards is built to handle application programming interface (API) access for Federated identity management (FIM)?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (213q)
Question 1: What is a consideration when determining the potential impac...
Question 2: Which of the following BEST describes an access control meth...
1 commentQuestion 3: When determining who can accept the risk associated with a v...
Question 4: A user has infected a computer with malware by connecting a ...
Question 5: Which of the following authorization standards is built to h...
Question 6: Which Radio Frequency Interference (RFI) phenomenon associat...
Question 7: A security engineer is tasked with implementing a new identi...
Question 8: Which of the following describes the BEST configuration mana...
Question 9: Which of the following is the PRIMARY security consideration...
Question 10: Due to system constraints, a group of system administrators ...
Question 11: What type of access control determines the authorization to ...
Question 12: Which of the following BEST provides for non-repudiation od ...
Question 13: Which of the following is the PRIMARY reason for employing p...
Question 14: Which of the following is the BIGGEST weakness when using na...
Question 15: Digital certificates used transport Layer security (TLS) sup...
Question 16: Which type of test suite should be run for fast feedback dur...
Question 17: What is the MOST effective way to determine a mission critic...
Question 18: Drag and Drop Question What is the correct order of steps in...
Question 19: If virus infection is suspected, which of the following is t...
Question 20: Which of the following can be used to calculate the loss eve...
Question 21: Directive controls are a form of change management policy an...
Question 22: What is the BEST approach to addressing security issues in l...
Question 23: Which of the following BEST describles a protection profile ...
Question 24: How can an attacker exploit overflow to execute arbitrary co...
Question 25: What capability would typically be included in a commerciall...
Question 26: Which of the following is a weakness of Wired Equivalent Pri...
Question 27: Reciprocal backup site agreements are considered to be...
Question 28: Which of the following is the MOST important security goal w...
Question 29: Which of the following media is least problematic with data ...
Question 30: Who would be the BEST person to approve an organizations inf...
Question 31: A continuous information security monitoring program can BES...
Question 32: Why is lexical obfuscation in software development discourag...
Question 33: Which of the following is needed to securely distribute symm...
Question 34: How can an attacker exploit a stack overflow to execute arbi...
Question 35: Which of the following approaches is the MOST effective way ...
Question 36: An external attacker has compromised an organization's netwo...
Question 37: Which of the following trust services principles refers to t...
Question 38: When using Security Assertion markup language (SAML), it is ...
Question 39: Which security approach will BEST minimize Personally Identi...
Question 40: Which of the following steps is performed during the forensi...
Question 41: Which of the following would an internal technical security ...
Question 42: With what frequency should monitoring of a control occur whe...
Question 43: Which of the following is held accountable for the risk to o...
Question 44: Which of the following objects should be removed FIRST prior...
Question 45: Which of the following is the BEST method to prevent malware...
Question 46: Which of the following provides the MOST comprehensive filte...
Question 47: The application of a security patch to a product previously ...
Question 48: Which of the following could be considered the MOST signific...
Question 49: What are the roles within a scrum methodoligy?...
Question 50: What is maintained by using write blocking devices whan fore...
Question 51: Even though a particular digital watermark is difficult to d...
Question 52: What are the roles within a scrum methodology?...
Question 53: Which of the following are important criteria when designing...
Question 54: Which of the following questions will be addressed through t...
Question 55: What Is the FIRST step for a digital investigator to perform...
Question 56: Which of the following is TRUE about Disaster Recovery Plan ...
Question 57: A new Chief Information Officer (CIO) created a group to wri...
Question 58: A client has reviewed a vulnerability assessment report and ...
Question 59: A security professional recommends that a company integrate ...
Question 60: Individuls have been identified and determined as having a n...
Question 61: Which of the following is the MOST efficient mechanism to ac...
Question 62: A security consultant has been hired by a company to establi...
Question 63: Which of the following operates at the Network Layer of the ...
Question 64: Which of the following BEST describes the responsibilities o...
1 commentQuestion 65: A group of organizations follows the same access standards a...
Question 66: Security categorization of a new system takes place during w...
Question 67: Which of the following is the MOST effective practice in man...
Question 68: Which of the following is the BEST way to protect against st...
Question 69: When in the Software Development Life Cycle (SDLC) MUST soft...
Question 70: Which one of the following is an advantage of an effective r...
Question 71: Which of the following is used to detect steganography?...
Question 72: Which of the following is the BEST way to protect against st...
Question 73: When developing a business case for updating a security prog...
Question 74: Secure real-time transport protocol (SRTP) provides security...
Question 75: What testing technique enables the designer to develop mitig...
Question 76: Which of the following is a PRIMARY benefit of using a forma...
Question 77: Which of the following is PRIMARILY adopted for ensuring the...
Question 78: Which of the following is a web application control that sho...
Question 79: Which of the following is the final phase of the identity an...
Question 80: An organization has doubled in size due to a rapid market sh...
Question 81: What steps can be taken to prepare personally identifiable i...
Question 82: Which of the following steps should be performed FIRST when ...
Question 83: Continuity of operations is BEST supported by which of the f...
Question 84: Which step of the Risk Management Framework (RMF) identifies...
Question 85: As part of an application penetration testing process, sessi...
Question 86: A vulnerability in which of the following components would b...
Question 87: An organization is outsourcing its payroll system and is req...
Question 88: Which of the following is a credible source to validate that...
Question 89: What operations role is responsible for protecting the enter...
Question 90: What is the MOST critical factor to achieve the goals of a s...
Question 91: Which of the following is a remote access protocol that uses...
Question 92: Which of the following are the FIRST two steps to securing e...
Question 93: An organization discovers that its secure file transfer prot...
Question 94: Refer to the information below to answer the question. A lar...
Question 95: Which of the following BEST mitigates a replay attack agains...
Question 96: Which of the following offers the BEST security functionalit...
Question 97: What is the term commonly used to refer to a technique of au...
Question 98: A security team member was selected as a member of a Change ...
Question 99: Which one of the following affects the classification of dat...
Question 100: Which of the following is a responsibility of the informatio...
Question 101: A security compliance manager of a large enterprise wants to...
Question 102: What type of wireless network attack BEST describes an Elect...
Question 103: In order for application developers to detect potential vuln...
Question 104: Which of the following management process allows ONLY those ...
Question 105: Which of the following is true of Service Organization Contr...
Question 106: Why do certificate Authorities (CA) add value to the securit...
Question 107: Which of the following types of business continuity tests in...
Question 108: Which of the following authorization standards is built to h...
Question 109: The core component of Role Based Access Control (RBAC) must ...
Question 110: What technique used for spoofing the origin of an email can ...
Question 111: What can happen when an Intrusion Detection System (IDS) is ...
Question 112: All of the following items should be included in a Business ...
Question 113: An organization publishes and periodically updates its emplo...
Question 114: Physical assets defined in an organization's Business Impact...
Question 115: Which of the following is used to support the of defense in ...
Question 116: Which of the following will have the MOST influence on the d...
Question 117: Attack trees are MOST useful for which of the following?...
Question 118: Which of the following is the BEST definition of Cross-Site ...
Question 119: Who determines the required level of independence for securi...
Question 120: Which of the following is the FIRST thing to consider when r...
Question 121: Which one of the following describes granularity?...
Question 122: In Disaster Recovery (DR) and business continuity training, ...
Question 123: Which of the following is the PRIMARY benefit of a formalize...
Question 124: In order to assure authenticity, which of the following are ...
Question 125: What protocol is often used between gateway hosts on the Int...
3 commentQuestion 126: Intellectual property rights are PRIMARY concerned with whic...
Question 127: Where would an organization typically place an endpoint secu...
Question 128: An organization implements a remote access server (RAS), Onc...
Question 129: What is the threat modeling order using process for Attack s...
Question 130: Which of the following findings would MOST likely indicate a...
Question 131: When conduting a security assessment of access controls , Wh...
Question 132: The type of authorized interactions a subject can have with ...
Question 133: The core component of Role Based Access control (RBAC) must ...
Question 134: Vulnerability scanners may allow for the administrator to as...
Question 135: What MUST each information owner do when a system contains d...
Question 136: Which layer handle packet fragmentation and reassembly in th...
Question 137: When a flaw in Industrial control (ICS) software is discover...
Question 138: Which of the following is the PRIMARY risk associated with E...
Question 139: When implementing a secure wireless network, which of the fo...
Question 140: Drag and Drop Question Given a file containing ordered numbe...
Question 141: Which of the following is an initial consideration when deve...
Question 142: Which of the following is the MOST challenging issue in appr...
Question 143: Which of the following are effective countermeasures against...
Question 144: Which layer of the Open system Interconnect (OSI) model is r...
Question 145: What does electronic vaulting accomplish?...
Question 146: Which of the following is the BEST reason to apply patches m...
Question 147: When is a Business Continuity Plan (BCP) considered to be va...
Question 148: A control to protect from a Denial-of-Service (DoS) attach h...
Question 149: An organization is required to comply with the Payment Card ...
Question 150: Mandatory Access Controls (MAC) are based on:...
Question 151: Which of the following is a method used to prevent Structure...
Question 152: Which of the following techniques BEST prevents buffer overf...
Question 153: Which security access policy contains fixed security attribu...
Question 154: After following the processes defined within the change mana...
Question 155: An organization implements a Remote Access Server (RAS). Onc...
Question 156: Which of the following would an attacker BEST be able to acc...
Question 157: Which of the following is MOST important when deploying digi...
Question 158: The PRIMARY purpose of accreditation is to:...
Question 159: Access to which of the following is required to validate web...
Question 160: Which of the following techniques is MOST useful when dealin...
Question 161: Which of the following is the MAIN reason that system re-cer...
Question 162: Which of the following security testing strategies is BEST s...
Question 163: Who has the PRIMARY responsibility to ensure that security o...
Question 164: Refer to the information below to answer the question. An or...
Question 165: An application team is running tests to ensure that user ent...
Question 166: In the Software Development Life Cycle (SDLC), maintaining a...
Question 167: In configuration management, what baseline configuration inf...
Question 168: Which of the following methods MOST efficiently manages user...
Question 169: After a breach incident, investigators narrowed the attack t...
Question 170: Which of the following mobile code security models relies on...
Question 171: What is the PRIMARY role of a scrum master in agile developm...
Question 172: Which of the following is an attacker MOST likely to target ...
Question 173: A vulnerability test on an Information System (IS) is conduc...
Question 174: How does Encapsulating Security Payload (ESP) in transport m...
Question 175: Which security modes is MOST commonly used in a commercial e...
Question 176: Which of the following factors contributes to the weakness o...
Question 177: At a MINIMUM, audits of permissions to individual or group a...
Question 178: The adoption of an enterprise-wide business continuilty prog...
Question 179: When a system changes significantly, who is PRIMARILY respon...
Question 180: A Java program is being developed to read a file from comput...
Question 181: What would be the MOST cost effective solution for a Disaste...
Question 182: An organization that has achieved a Capability Maturity Mode...
Question 183: An important principle of defense in depth is that achieving...
Question 184: Additional padding may be added to the Encapsulating securit...
Question 185: Which of the following is the GREATEST benefit of implementi...
Question 186: Drag and Drop Question Match the types of e-authentication t...
Question 187: Which of the following is a strategy of grouping requirement...
Question 188: Which of the following is an effective control in preventing...
Question 189: What is the process of removing sensitive data from a system...
Question 190: Which of the following is the MOST important output from a m...
Question 191: Which of the following does Secure Sockets Layer (SSL) encry...
Question 192: Information security metrics provide the GREATEST value tp m...
Question 193: Which of the following features is MOST effective in mitigat...
Question 194: A company whose Information Technology (IT) services are bei...
Question 195: Which of the following techniques is known to be effective i...
Question 196: Which of the following is a security limitation of File Tran...
Question 197: Which of the following is the BEST identity-as-a-service (ID...
Question 198: What is the MAIN purpose of a change management policy?...
Question 199: In fault-tolerant systems, what do rollback capabilities per...
Question 200: Which of the following is critical if an empolyee is dismiss...
Question 201: Which of the following is MOST appropriate for protecting co...
Question 202: The process of "salting" a password is designed to increase ...
Question 203: Internet protocol security (IPSec), point-to-point tunneling...
Question 204: Why are mobile devices something difficult to investigate in...
Question 205: Which of the following is a characteristic of convert securi...
Question 206: Which of the following would BEST support effective testing ...
Question 207: Which of the following technologies would provide the BEST a...
Question 208: Company A is evaluating new software to replace an in-house ...
Question 209: A system administration office desires to implement the foll...
Question 210: A proxy firewall operates at what layer of the Open System I...
Question 211: An organization recently conducted a review of the security ...
Question 212: In an organization where Network Access Control (NAC) has be...
Question 213: In a dispersed network that lacks central control, which of ...