<< Prev Question Next Question >>

Question 64/490

What is the PRIMARY reason for implementing change management?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (490q)
Question 1: Which is the MOST critical aspect of computer-generated evid...
Question 2: What is the MAIN goal of information security awareness and ...
Question 3: Which of the following is a common measure within a Local Ar...
1 commentQuestion 4: Which of the following are the three MAIN categories of secu...
1 commentQuestion 5: An international medical organization with headquarters in t...
Question 6: Which of the following is a common characteristic of privacy...
1 commentQuestion 7: Which of the following is the key requirement for test resul...
2 commentQuestion 8: What is the BEST approach to anonymizing personally identifi...
Question 9: What is the threat modeling order using process for Attack s...
Question 10: A company-wide penetration test result shows customers could...
Question 11: When using Security Assertion markup language (SAML), it is ...
Question 12: Which of the following would an information security profess...
Question 13: Which of the following is a characteristic of a challenge/re...
Question 14: An organization has outsourced its financial transaction pro...
Question 15: Which of the following is used to ensure that data mining ac...
Question 16: What is the MAIN purpose of conducting a business impact ana...
Question 17: What is the GREATEST challenge of an agent-based patch manag...
Question 18: Which of the following vulnerability assessment activities B...
Question 19: Which of the following needs to be taken into account when a...
Question 20: Why are mobile devices something difficult to investigate in...
1 commentQuestion 21: A security professional can BEST mitigate the risk of using ...
Question 22: A Simple Power Analysis (SPA) attack against a device direct...
Question 23: Which of the following is used to detect steganography?...
Question 24: What a patch management program?...
Question 25: The application of which of the following standards would BE...
Question 26: What is the MAIN reason for testing a Disaster Recovery Plan...
Question 27: A security practitioner is tasked with securing the organiza...
Question 28: Refer to the information below to answer the question. A lar...
Question 29: Which attack defines a piece of code that is inserted into s...
Question 30: Which of the following technologies can be used to monitor a...
Question 31: An organization has implemented a protection strategy to sec...
Question 32: In which of the following programs is it MOST important to i...
Question 33: Which of the following could be considered the MOST signific...
Question 34: When reviewing the security logs, the password shown for an ...
Question 35: A security architect is reviewing plans for an application w...
Question 36: What level of Redundant Array of Independent Disks (RAID) is...
Question 37: Which of the following is the PRIMARY reason a sniffer opera...
Question 38: Which of the following is the MAIN benefit of off-site stora...
Question 39: Which of the following factors is a PRIMARY reason to drive ...
Question 40: What would be the MOST cost effective solution for a Disaste...
Question 41: Which of the following is an advantage of on-premise Credent...
Question 42: Drag the following Security Engineering terms on the left to...
Question 43: A security analyst for a large financial institution is revi...
Question 44: When designing a Cyber-Physical System (CPS), which of the f...
Question 45: Which one of the following is a threat related to the use of...
Question 46: To minimize the vulnerabilities of a web-based application, ...
Question 47: Refer to the information below to answer the question. A new...
Question 48: Who is responsible for the protection of information when it...
Question 49: What type of test assesses a Disaster Recovery (DR) plan usi...
Question 50: Which of the following is held accountable for the risk to o...
Question 51: In systems security engineering, what does the security prin...
Question 52: Data remanence refers to which of the following?...
Question 53: In order to provide dual assurance in a digital signature sy...
Question 54: Discretionary Access Control (DAC) restricts access accordin...
Question 55: Which layer handle packet fragmentation and reassembly in th...
Question 56: An engineer in a software company has created a virus creati...
Question 57: A cloud hosting provider would like to provide a Service Org...
Question 58: Which of the following BEST describes botnets?...
Question 59: A business has implemented Payment Card Industry Data Securi...
Question 60: Which is MOST important when negotiating an Internet service...
Question 61: An organization implements a remote access server (RAS), Onc...
Question 62: The core component of Role Based Access Control (RBAC) must ...
Question 63: Which of the following is the BEST way to verify the integri...
Question 64: What is the PRIMARY reason for implementing change managemen...
Question 65: Which inherent password weakness does a One Time Password (O...
Question 66: Which of the following is a common term for log reviews, syn...
Question 67: Why would a security architect specify that a default route ...
Question 68: Which of the following is needed to securely distribute symm...
Question 69: A cloud service provider requires its customer organizations...
Question 70: The application owner of a system that handles confidential ...
Question 71: When reviewing vendor certifications for handling and proces...
Question 72: Which of the following is the BEST method to prevent malware...
Question 73: To comply with industry requirements, a security assessment ...
Question 74: Which of the following describes the BEST method of maintain...
Question 75: As a best practice, the Security Assessment Report (SAR) sho...
Question 76: What should be the FIRST action for a security administrator...
Question 77: A security practitioner has been tasked with establishing or...
Question 78: Which of the following sets of controls should allow an inve...
Question 79: Single Sign-On (SSO) is PRIMARILY designed to address which ...
Question 80: When network management is outsourced to third parties, whic...
Question 81: Which of the following is the BEST way to determine the succ...
Question 82: Using Address Space Layout Randomization (ASLR) reduces the ...
Question 83: Secure real-time transport protocol (SRTP) provides security...
Question 84: Which of the following entails identification of data and li...
Question 85: Which of the following initiates the system recovery phase o...
Question 86: Secure Sockets Layer (SSL) encryption protects...
Question 87: Which of the following describes the concept of a Single Sig...
Question 88: When performing an investigation with the potential for lega...
Question 89: Which one of the following is an advantage of an effective r...
Question 90: Which of the following has the responsibility of information...
Question 91: At a MINIMUM, a formal review of any Disaster Recovery Plan ...
Question 92: Who is accountable for the information within an Information...
Question 93: During a Disaster Recovery (DR) simulation, it is discovered...
Question 94: In order to assure authenticity, which of the following are ...
Question 95: Which of the following needs to be included in order for Hig...
Question 96: Which of the following approaches is the MOST effective way ...
Question 97: As part of an application penetration testing process, sessi...
Question 98: If a content management system (CSM) is implemented, which o...
Question 99: The security accreditation task of the System Development Li...
Question 100: When transmitting information over public networks, the deci...
Question 101: Upon commencement of an audit within an organization, which ...
Question 102: Which of the following is the MOST important action regardin...
Question 103: Which of the following entails identification of data end li...
Question 104: The BEST example of the concept of "something that a user ha...
Question 105: A security professional should ensure that clients support w...
Question 106: Which of the following is a covert channel type?...
Question 107: Which of the following is the BEST technique to facilitate s...
Question 108: Which of the following is the MOST important first step in p...
Question 109: Which of the following is the PRIMARY benefit of implementin...
Question 110: Which security service is served by the process of encryptio...
Question 111: What MUST each information owner do when a system contains d...
Question 112: Which of the following are important criteria when designing...
Question 113: The process of mutual authentication involves a computer sys...
Question 114: Which of the following BEST describes an access control meth...
Question 115: How is it possible to extract private keys securely stored o...
Question 116: Which security approach will BEST minimize Personally Identi...
Question 117: In Federated Identity Management (FIM), which of the followi...
Question 118: Which of the following is a remote access protocol that uses...
Question 119: A criminal organization is planning an attack on a governmen...
Question 120: After a thorough analysis, it was discovered that a perpetra...
Question 121: An Intrusion Detection System (IDS) has recently been deploy...
Question 122: From a security perspective, which of the following is a bes...
Question 123: Which security feature fully encrypts code and data as it pa...
Question 124: Which of the following is the BEST countermeasure to brute f...
Question 125: A minimal implementation of endpoint security includes which...
Question 126: What type of investigation applies when malicious behavior i...
Question 127: Which of the following threats would be MOST likely mitigate...
Question 128: A colleague who recently left the organization asked a secur...
1 commentQuestion 129: Which of the following is the MOST common use of the Online ...
Question 130: An organization adopts a new firewall hardening standard. Ho...
Question 131: Which of the following phases involves researching a target'...
Question 132: Which of the following BEST describes a Protection Profile (...
Question 133: Which of the following types of security testing is the MOST...
Question 134: Which of the following is the BEST method to assess the effe...
Question 135: What does secure authentication with logging provide?...
Question 136: Which of the following is a common risk with fiber optical c...
Question 137: A software developer wishes to write code that will execute ...
Question 138: An organization regularly conducts its own penetration tests...
Question 139: The World Trade Organization's (WTO) agreement on Trade-Rela...
Question 140: Which of the following encryption technologies has the abili...
Question 141: Refer to the information below to answer the question. An or...
Question 142: Which of the following provides the MOST protection against ...
Question 143: According to the Capability Maturity Model Integration (CMMI...
Question 144: Which of the following is the MOST crucial for a successful ...
Question 145: What is the BEST way to correlate large volumes of disparate...
Question 146: Which of the following BEST describes the purpose of softwar...
Question 147: Which of the following is MOST important when deploying digi...
Question 148: If an identification process using a biometric system detect...
Question 149: If compromised, which of the following would lead to the exp...
Question 150: Which of the following is a function of Security Assertion M...
Question 151: If an employee transfers from one role to another, which of ...
Question 152: Which event magnitude is defined as deadly, destructive, and...
Question 153: An organization outgrew its internal data center and is eval...
Question 154: Which of the following provides effective management assuran...
Question 155: A client has reviewed a vulnerability assessment report and ...
Question 156: Which of the following is a limitation of the Common Vulnera...
Question 157: In order for application developers to detect potential vuln...
Question 158: Which of the following is the BEST reason to review audit lo...
Question 159: Which section of the assessment report addresses separate vu...
Question 160: Information security metrics provide the GREATEST value tp m...
Question 161: A recent information security risk assessment identified wea...
Question 162: Which Web Services Security (WS-Security) specification nego...
Question 163: Which of the following is an attacker MOST likely to target ...
Question 164: Which of the following is the MOST beneficial to review when...
Question 165: A network security engineer needs to ensure that a security ...
Question 166: An organization is trying to secure instant messaging (IM) c...
Question 167: Which of the following elements MUST a compliant EU-US Safe ...
Question 168: Which of the following would be the BEST mitigation practice...
Question 169: Refer to the information below to answer the question. A lar...
Question 170: An organization is preparing to achieve General Data Protect...
Question 171: If an attacker in a SYN flood attack uses someone else's val...
Question 172: A system has been scanned for vulnerabilities and has been f...
Question 173: Which of the following is used to support the of defense in ...
Question 174: What is the MOST important criterion that needs to be adhere...
Question 175: Which of the following is part of a Trusted Platform Module ...
Question 176: An organization would like to ensure that all new users have...
Question 177: Which of the following is a benefit in implementing an enter...
Question 178: From a cryptographic perspective, the service of non-repudia...
Question 179: Which of the following disaster recovery test plans will be ...
Question 180: Which of the following is a web application control that sho...
Question 181: Which of the following outsourcing agreement provisions has ...
Question 182: A Denial of Service (DoS) attack on a syslog server exploits...
Question 183: When recovering from an outage, what is the Recovery Point O...
Question 184: Which of the following defines the key exchange for Internet...
Question 185: The goal of software assurance in application development is...
Question 186: Which one of the following would cause an immediate review a...
Question 187: When evaluating third-party applications, which of the follo...
Question 188: Why is lexical obfuscation in software development discourag...
Question 189: Which of the following questions can be answered using user ...
Question 190: Which of the following will accomplish Multi-Factor Authenti...
Question 191: Which layer of the Open system Interconnect (OSI) model is r...
Question 192: Which of the following BEST describes the purpose of perform...
Question 193: Activity to baseline, tailor, and scope security controls ti...
Question 194: An Intrusion Detection System (IDS) is generating alarms tha...
Question 195: Which of the following is a recommended alternative to an in...
Question 196: Which of the following describes the order in which a digita...
Question 197: What is the FIRST step prior to executing a test of an organ...
Question 198: Which of the following is the PRIMARY consideration when det...
Question 199: Which of the following are core categories of malicious atta...
Question 200: An organization is planning a penetration test that simulate...
Question 201: What is the BEST design for securing physical perimeter prot...
Question 202: What is the MOST significant benefit of role-based access co...
Question 203: Two remote offices need to be connected securely over an unt...
Question 204: Which one of the following BEST protects vendor accounts tha...
Question 205: An organization wants a service provider to authenticate use...
Question 206: When dealing with shared, privilaged accounts, especially th...
Question 207: What is the MOST common cause of Remote Desktop Protocol (RD...
Question 208: Which of the following is the BEST method to reduce the effe...
Question 209: Which of the following MUST be in place to recognize a syste...
Question 210: Which of the following MOST applies to session initiation pr...
Question 211: Which of the following is the PRIMARY security consideration...
Question 212: Recently, an unknown event has disrupted a single Layer-2 ne...
Question 213: In setting expectations when reviewing the results of a secu...
Question 214: A security manager has noticed an inconsistent application o...
Question 215: While investigating a malicious event, only six days of audi...
Question 216: Which of the following is MOST important to follow when deve...
Question 217: Compared to a traditional network, which of the following is...
Question 218: The initial security categorization should be done early in ...
Question 219: Attack trees are MOST useful for which of the following?...
Question 220: The use of proximity card to gain access to a building is an...
Question 221: Host-Based Intrusion Protection (HIPS) systems are often dep...
Question 222: "Stateful" differs from "Static" packet filtering firewalls ...
Question 223: Which of the following BEST obtains an objective audit of se...
Question 224: When are security requirements the LEAST expensive to implem...
Question 225: A security professional has reviewed a recent site assessmen...
Question 226: Why is it important that senior management clearly communica...
Question 227: Which of the following is the PRIMARY benefit of a formalize...
Question 228: What Hypertext Transfer Protocol (HTTP) response header can ...
Question 229: Which of the following is critical for establishing an initi...
Question 230: Which of the following methods provides the MOST protection ...
Question 231: Which of the following is a common feature of an Identity as...
Question 232: Which of the following are all elements of a disaster recove...
Question 233: During a recent assessment an organization has discovered th...
Question 234: An organization wants to share data securely with their part...
Question 235: The MAIN task of promoting security for Personal Computers (...
Question 236: Which of the following is the primary advantage of segmentin...
Question 237: What industry-recognized document could be used as a baselin...
Question 238: Which of the following is ensured when hashing files during ...
Question 239: A hospital's building controls system monitors and operates ...
Question 240: Which of the following is an advantage of' Secure Shell (SSH...
Question 241: Which of the following would be the BEST guideline to follow...
Question 242: When conducting a third-party risk assessment of a new suppl...
Question 243: A large human resources organization wants to integrate thei...
Question 244: What is the PRIMARY benefit of analyzing the partition layou...
Question 245: Identify the component that MOST likely lacks digital accoun...
Question 246: When designing a business continuity plan (BCP), what is the...
Question 247: The FIRST step in building a firewall is to...
Question 248: Which of the below strategies would MOST comprehensively add...
Question 249: What does the result of Cost-Benefit Analysis (C8A) on new s...
Question 250: What is an advantage of Elliptic Curve Cryptography (ECC)?...
Question 251: Which of the following is mobile device remote fingerprintin...
Question 252: What is static analysis intended to do when analyzing an exe...
Question 253: A security engineer is assigned to work with the patch and v...
Question 254: A security architect plans to reference a Mandatory Access C...
Question 255: Which combination of cryptographic algorithms are compliant ...
Question 256: Which Wide Area Network (WAN) technology requires the first ...
Question 257: The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunn...
Question 258: Which of the following is the BEST definition of Cross-Site ...
Question 259: Which of the following types of devices can provide content ...
Question 260: Which of the following is the BEST method to identify securi...
Question 261: The security architect has been mandated to assess the secur...
Question 262: A technician is troubleshooting a client's report about poor...
Question 263: Which of the following is PRIMARILY adopted for ensuring the...
Question 264: An organization wants to migrate to Session Initiation Proto...
Question 265: A vehicle of a private courier company that transports backu...
Question 266: The adoption of an enterprise-wide Business Continuity (BC) ...
Question 267: In a disaster recovery (DR) test, which of the following wou...
Question 268: Why is planning the MOST critical phase of a Role Based Acce...
Question 269: What is the MOST important reason to configure unique user I...
Question 270: During a fingerprint verification process, which of the foll...
Question 271: Which of the following steps should be conducted during the ...
Question 272: What are the steps of a risk assessment?...
Question 273: Which of the following would an internal technical security ...
Question 274: What is the ultimate objective of information classification...
Question 275: Why is a system's criticality classification important in la...
Question 276: Which of the following terms BEST describes a system which a...
Question 277: Which of the following is a characteristic of an internal au...
Question 278: What is a use for mandatory access control (MAC)?...
Question 279: Which of the following will have the MOST influence on the d...
Question 280: Which of the following is the BEST Identity-as-a-Service (ID...
Question 281: Which one of the following security mechanisms provides the ...
Question 282: Which of the following is a method of attacking internet (IP...
Question 283: Which of the following is the FIRST action that a system adm...
Question 284: What are the roles within a scrum methodoligy?...
Question 285: Which of the following determines how traffic should flow ba...
Question 286: Before allowing a web application into the production enviro...
Question 287: Which programming methodology allows a programmer to use pre...
Question 288: The PRIMARY security concern for handheld devices is the...
Question 289: In a data classification scheme, the data is owned by the...
Question 290: When designing a networked Information System (IS) where the...
Question 291: An input validation and exception handling vulnerability has...
Question 292: What are the three key benefits that application developers ...
Question 293: A security professional determines that a number of outsourc...
Question 294: Which of the following is the MOST important consideration t...
Question 295: The security organization is looking for a solution that cou...
Question 296: Which of the following is the MOST important activity an org...
Question 297: Which of the following types of web-based attack is happenin...
Question 298: A client has reviewed a vulnerability assessment report and ...
Question 299: While impersonating an Information Security Officer (ISO), a...
Question 300: An application team is running tests to ensure that user ent...
Question 301: In which order, from MOST to LEAST impacted, does user aware...
Question 302: Which of the following BEST describes why software assurance...
Question 303: The existence of physical barriers, card and personal identi...
Question 304: Spyware is BEST described as
Question 305: Which of the following BEST describes the use of network arc...
Question 306: An organization has decided to contract with a cloud-based s...
Question 307: Which of the following explains why record destruction requi...
Question 308: An engineer notices some late collisions on a half-duplex li...
Question 309: Which of the following are mandatory canons for the (ISC)* C...
Question 310: An organization has a short-term agreement with a public Clo...
Question 311: Which of the following is the MOST appropriate action when r...
Question 312: An organization allows ping traffic into and out of their ne...
Question 313: A technician wants to install a WAP in the center of a room ...
Question 314: A software security engineer is developing a black box-based...
Question 315: What is the PRIMARY objective of the post-incident phase of ...
Question 316: Which one of the following can be used to detect an anomaly ...
Question 317: A software development company found odd behavior in some re...
Question 318: What documentation is produced FIRST when performing an effe...
Question 319: Which of the following poses the GREATEST privacy risk to pe...
Question 320: A large organization's human resources and security teams ar...
Question 321: Which of the following would an attacker BEST be able to acc...
Question 322: Which of the following is applicable to a publicly held comp...
Question 323: What operations role is responsible for protecting the enter...
Question 324: After the INITIAL input o f a user identification (ID) and p...
Question 325: Which factors MUST be considered when classifying informatio...
Question 326: An organization decides to implement a partial Public Key In...
Question 327: In Business Continuity Planning (BCP), what is the importanc...
Question 328: Which of the following is the MOST significant key managemen...
Question 329: Refer to the information below to answer the question. A new...
Question 330: A security professional was tasked with rebuilding a company...
Question 331: Which of the following PRIMARILY contributes to security inc...
Question 332: Which of the following is used to support the concept of def...
Question 333: A practice that permits the owner of a data object to grant ...
Question 334: Which of the following would be considered an incident if re...
Question 335: While dealing with the consequences of a security incident, ...
Question 336: Sensitive customer data is going to be added to a database. ...
Question 337: Which of the following methods of suppressing a fire is envi...
Question 338: Which of the following is the PRIMARY reason to perform regu...
Question 339: Refer to the information below to answer the question. Durin...
Question 340: Refer to the information below to answer the question. In a ...
Question 341: Which of the following minimizes damage to information techn...
Question 342: A company is planning to implement a private cloud infrastru...
Question 343: Refer to the information below to answer the question. A new...
Question 344: Which of the following actions should be undertaken prior to...
Question 345: A company needs to provide shared access of sensitive data o...
Question 346: Using the cipher text and resultant clear text message to de...
Question 347: Physical assets defined in an organization's Business Impact...
Question 348: Changes to a Trusted Computing Base (TCB) system that could ...
Question 349: The Chief Information Security Officer (CISO) of a small org...
Question 350: Which of the following is considered the FIRST step when des...
Question 351: In the Software Development Life Cycle (SDLC), maintaining a...
Question 352: A company receives an email threat informing of an Imminent ...
Question 353: A database server for a financial application is scheduled f...
Question 354: Without proper signal protection, embedded systems may be pr...
Question 355: Which of the following is a correct feature of a virtual loc...
Question 356: Which of the following is a secure design principle for a ne...
Question 357: What is the PRIMARY purpose for an organization to conduct a...
Question 358: When assessing web vulnerabilities, how can navigating the d...
Question 359: Which of the following threats exists with an implementation...
Question 360: In which identity management process is the subject's identi...
Question 361: What is the MOST effective method of testing custom applicat...
Question 362: A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) ...
Question 363: Which of the following controls is the FIRST step in protect...
Question 364: An organization has requested storage area network (SAN) dis...
Question 365: What is the P R IM A R Y reason criminal law is difficult to...
Question 366: What is the purpose of an Internet Protocol (IP) spoofing at...
Question 367: A security professional is assessing the risk in an applicat...
Question 368: What part of an organization's strategic risk assessment MOS...
Question 369: Which Hyper Text Markup Language 5 (HTML5) option presents a...
Question 370: A corporation does not have a formal data destruction policy...
Question 371: It is MOST important to perform which of the following to mi...
Question 372: Order the below steps to create an effective vulnerability m...
Question 373: Which area of embedded devices are most commonly attacked?...
Question 374: What is the best way for mutual authentication of devices be...
Question 375: What is the GREATEST challenge to identifying data leaks?...
Question 376: Which access control method is based on users issuing access...
Question 377: When in the Software Development Life Cycle (SDLC) MUST soft...
Question 378: In an environment where there is not full administrative con...
Question 379: What would be the PRIMARY concern when designing and coordin...
Question 380: Which would result in the GREATEST import following a breach...
Question 381: A large university needs to enable student access to univers...
Question 382: Which one of the following is a fundamental objective in han...
Question 383: What method could be used to prevent passive attacks against...
Question 384: Which of the following is the MOST critical success factor i...
Question 385: What is the PRIMARY benefit of incident reporting and comput...
Question 386: Clothing retailer employees are provisioned with user accoun...
Question 387: Which of the following is the MOST efficient mechanism to ac...
Question 388: Which Web Services Security (WS-Security) specification hand...
Question 389: An organization discovers that its secure file transfer prot...
Question 390: A web-based application known to be susceptible to attacks i...
Question 391: An organization recently upgraded to a Voice over Internet P...
Question 392: copyright provides protection for which of the following?...
Question 393: An organization has implemented a password complexity and an...
Question 394: Which of the following activities should a forensic examiner...
Question 395: Which of the following presents the PRIMARY concern to an or...
Question 396: What high Availability (HA) option of database allows multip...
Question 397: Which of the following wraps the decryption key of a full di...
Question 398: Which of the following MUST be considered when developing bu...
Question 399: Which of the following media is least problematic with data ...
Question 400: Which of the following is a network intrusion detection tech...
Question 401: When configuring Extensible Authentication Protocol (EAP) in...
Question 402: Refer to the information below to answer the question. A lar...
Question 403: The Chief Information Security Officer (CISO) is concerned a...
Question 404: What is the PRIMARY reason for ethics awareness and related ...
Question 405: Which of the following provides the MOST comprehensive filte...
Question 406: Regarding asset security and appropriate retention, which of...
Question 407: Functional security testing is MOST critical during which ph...
Question 408: The security team is notified that a device on the network i...
Question 409: When network management is outsourced to third parties, whic...
Question 410: How does identity as a service (IDaaS) provide an easy mecha...
Question 411: A continuous information security monitoring program can BES...
Question 412: Which of the following is the MOST significant benefit to im...
Question 413: The PRIMARY outcome of a certification process is that it pr...
Question 414: Which one of the following data integrity models assumes a l...
Question 415: Which of the following actions should be taken by a security...
Question 416: An employee of a retail company has been granted an extended...
Question 417: Which of the following is a PRIMARY benefit of using a forma...
Question 418: An organization wants to define its physical perimeter. What...
Question 419: A security professional needs to find a secure and efficient...
Question 420: In a dispersed network that lacks central control, which of ...
Question 421: Which of the (ISC)? Code of Ethics canons is MOST reflected ...
Question 422: Which of the following is a MAJOR consideration in implement...
Question 423: Which type of disaster recovery plan (DRP) testing carries t...
Question 424: Which of the following statements BEST describes least privi...
Question 425: An organization operates a legacy Industrial Control System ...
Question 426: Which of the following entities is ultimately accountable fo...
Question 427: Which of the following activities BEST identifies operationa...
Question 428: Which of the following models uses unique groups contained i...
Question 429: As part of the security assessment plan, the security profes...
Question 430: Which of the following actions MUST be taken if a vulnerabil...
Question 431: When conducting a security assessment of access controls , W...
Question 432: Which of the following attack types can be used to compromis...
Question 433: Which of the following is the MOST important part of an awar...
Question 434: In a DevOps environment, which of the following actions is M...
Question 435: When dealing with compliance with the Payment Card Industry-...
Question 436: Refer to the information below to answer the question. In a ...
Question 437: Which of the following is a characteristic of the initializa...
Question 438: What principle requires that changes to the plaintext affect...
Question 439: Application of which of the following Institute of Electrica...
Question 440: Which of the following is the BEST reason for the use of sec...
Question 441: An organization is planning to have an it audit of its as a ...
Question 442: Which of the following actions should be performed when impl...
Question 443: Which security access policy contains fixed security attribu...
Question 444: Rank the Hypertext Transfer protocol (HTTP) authentication t...
Question 445: What is the BEST method to detect the most common improper i...
Question 446: An Information Technology (IT) professional attends a cybers...
Question 447: Which is the second phase of public key Infrastructure (pk1)...
Question 448: Internet protocol security (IPSec), point-to-point tunneling...
Question 449: When is security personnel involvement in the Systems Develo...
Question 450: Match the name of access control model with its associated r...
Question 451: Which of the following criteria ensures information is prote...
Question 452: Discretionary Access Control (DAC) is based on which of the ...
Question 453: A network administrator is configuring a database server and...
Question 454: Which application type is considered high risk and provides ...
Question 455: A manager identified two conflicting sensitive user function...
Question 456: Which of the following practices provides the development of...
Question 457: In a quarterly system access review, an active privileged ac...
Question 458: With data labeling, which of the following MUST be the key d...
Question 459: Which of the following would need to be configured to ensure...
Question 460: From an asset security perspective, what is the BEST counter...
Question 461: What is the foundation of cryptographic functions?...
Question 462: How does security in a distributed file system using mutual ...
Question 463: Which security modes is MOST commonly used in a commercial e...
Question 464: A hospital enforces the Code of Fair Information Practices. ...
Question 465: Secure coding can be developed by applying which one of the ...
Question 466: Logical access control programs are MOST effective when they...
Question 467: Intellectual property rights are PRIMARY concerned with whic...
Question 468: Which of the following management process allows ONLY those ...
Question 469: Which part of an operating system (OS) is responsible for pr...
Question 470: Software Code signing is used as a method of verifying what ...
Question 471: Which of the following techniques is known to be effective i...
Question 472: Which of the following BEST mitigates a replay attack agains...
Question 473: A project manager for a large software firm has acquired a g...
Question 474: The amount of data that will be collected during an audit is...
Question 475: Proven application security principles include which of the ...
Question 476: An organization is considering outsourcing applications and ...
Question 477: What is the BEST approach for maintaining ethics when a secu...
Question 478: Which of the following would qualify as an exception to the ...
Question 479: A web developer is completing a new web application security...
Question 480: Which of the following BEST represents a defense in depth co...
Question 481: In software development, which of the following entities nor...
Question 482: The use of strong authentication, the encryption of Personal...
Question 483: What is considered a compensating control for not having ele...
Question 484: What is the PRIMARY objective of business continuity plannin...
Question 485: Which one of the following describes granularity?...
Question 486: A client server infrastructure that provides user-to-server ...
Question 487: What is the difference between media marking and media label...
Question 488: When resolving ethical conflicts, the information security p...
Question 489: Which of the following is an essential element of a privileg...
Question 490: What is the second phase of public key infrastructure (PKI) ...