- Home
- ISC
- Certified Information Systems Security Professional (CISSP)
- ISC.CISSP.v2025-04-24.q737
- Question 84
Valid CISSP Dumps shared by EduDump.com for Helping Passing CISSP Exam! EduDump.com now offer the newest CISSP exam dumps, the EduDump.com CISSP exam questions have been updated and answers have been corrected get the newest EduDump.com CISSP dumps with Test Engine here:
Access CISSP Dumps Premium Version
(1533 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 84/737
An organization is planning a penetration test that simulates the malicious actions of a former network administrator. What kind of penetration test is needed?
Correct Answer: D
A White box penetration test simulates the actions of an attacker who has knowledge of the internal structure and operation of the system or network. This type of test is also known as an
"internal" test.
It is appropriate in this scenario of simulating the malicious actions of a former network administrator, as this person would have knowledge of the internal structure and operation of the network and may have access to privileged information, like credentials, and the knowledge of weak points in the network.
It allows the organization to identify vulnerabilities that an attacker could potentially exploit, and to evaluate the overall security of their network and systems.
"internal" test.
It is appropriate in this scenario of simulating the malicious actions of a former network administrator, as this person would have knowledge of the internal structure and operation of the network and may have access to privileged information, like credentials, and the knowledge of weak points in the network.
It allows the organization to identify vulnerabilities that an attacker could potentially exploit, and to evaluate the overall security of their network and systems.
- Question List (737q)
- Question 1: An organization purchased a commercial off-the-shelf (COTS) ...
- Question 2: A Java program is being developed to read a file from comput...
- Question 3: What are the three key benefits that application developers ...
- Question 4: A company wants to outsource its document scanning operation...
- Question 5: The use of private and public encryption keys is fundamental...
- Question 6: What is the FIRST step that should be considered in a Data L...
- Question 7: In the cybersecurity risk management of acquisition and proc...
- Question 8: A large customer of a cloud Service Provider (CSP) has serve...
- Question 9: Which of the following is the FIRST step in the incident res...
- Question 10: Which of the following was developed to support multiple pro...
- Question 11: Which of the following is the BEST way to protect against st...
- Question 12: Following project initiation, which of the following items r...
- Question 13: What type of risk is related to the sequences of value-addin...
- Question 14: An organization discovers a significant amount of confidenti...
- Question 15: In which of the following scenarios is locking server cabine...
- Question 16: Which of the following is MOST important to understand after...
- Question 17: Which of the following are key activities when conducting a ...
- Question 18: An organization's security policy delegates to the data owne...
- Question 19: A manager bought a home version of an antivirus product and ...
- Question 20: What is the PRIMARY reason that a bit-level copy is more des...
- Question 21: A security audit identifies a vulnerability in a current rel...
- Question 22: Recovery strategies of a Disaster Recovery planning (DRIP) M...
- Question 23: What PRIMARY role does a honey pot play in overall security?...
- Question 24: An Internet software application requires authentication bef...
- Question 25: Which of the following BEST describes the objectives of the ...
- Question 26: Which of the following is the MOST important first step in p...
- 1 commentQuestion 27: The Chief Information Officer (CIO) has decided that as part...
- Question 28: A director within the organization has told an employee abou...
- Question 29: During a routine audit of network logs, the security adminis...
- Question 30: Which of the following is PRIMARILY adopted for ensuring the...
- Question 31: An organization would like to implement an authorization mec...
- Question 32: What industry-recognized document could be used as a baselin...
- Question 33: Which of the following would present the highert annualized ...
- Question 34: Which mechanism provides the BEST protection against buffer ...
- Question 35: Which of the following methods of suppressing a fire is envi...
- Question 36: Which of the following represents the GREATEST risk to data ...
- Question 37: What is the MOST effective method for gaining unauthorized a...
- Question 38: What is the FIRST action a security professional needs to ta...
- Question 39: An organization has outsourced its financial transaction pro...
- Question 40: A large manufacturing organization arranges to buy an indust...
- Question 41: What is considered a compensating control for not having ele...
- Question 42: Why is it important that senior management clearly communica...
- Question 43: Which of the following is a weakness of the Data Encryption ...
- Question 44: For cellular networks, how does a rogue base station take ad...
- Question 45: Which of the following is the MOST effective practice in man...
- Question 46: Which of the following is the MOST important consideration i...
- Question 47: Which of the following technologies is the BEST measure to p...
- Question 48: Which of the following authorization standards is built to h...
- Question 49: Which of the following password tokens will generate a new. ...
- Question 50: An organization implements Network Access Control (NAC) ay I...
- Question 51: What is the MOST effective way to ensure that a cloud servic...
- Question 52: A security practitioner is tasked with securing the organiza...
- Question 53: What is a warn site when conducting Business continuity plan...
- Question 54: An organization plans to acquire @ commercial off-the-shelf ...
- Question 55: Which is the MOST critical aspect of computer-generated evid...
- Question 56: Which of the following would BEST support effective testing ...
- Question 57: When designing a data protection program, which of the follo...
- Question 58: Which of the following does the security design process ensu...
- Question 59: An information security administrator wishes to block peer-t...
- Question 60: A Denial of Service (DoS) attack on a syslog server exploits...
- Question 61: Which of the following terms is used for online service prov...
- Question 62: Which of the following methods is MOST effective in mitigati...
- Question 63: A hacker can use a lockout capability to start which of the ...
- Question 64: What Service Organization Controls (SOC) report can be freel...
- Question 65: Which of the following is the MAIN benefit of a comprehensiv...
- Question 66: When assessing web vulnerabilities, how can navigating the d...
- Question 67: Which of the following addresses requirements of security as...
- Question 68: Which of the fallowing is the FIRST step in a patch manageme...
- Question 69: Which of the following MUST a security professional do in or...
- Question 70: What is a key component of the Common Criteria (CC) evaluati...
- Question 71: Which of the following should be included a hardware retenti...
- Question 72: Which of the following is true of Service Organization Contr...
- Question 73: The typical output of the National Institute of Standards an...
- Question 74: A facility will experience a major power failure once in 20 ...
- Question 75: Mobile devices are MOST susceptible to which of the followin...
- Question 76: Who in the organization is accountable for classification of...
- Question 77: Which of the following actions MUST be performed when using ...
- Question 78: What type of access control determines the authorization to ...
- Question 79: An organization provides its employees with laptops they can...
- Question 80: Which of the following is a responsibility of the informatio...
- Question 81: Security categorization of a new system takes place during w...
- Question 82: A firm within the defense industry has been directed to comp...
- Question 83: A security analyst has been asked to participate in a threat...
- Question 84: An organization is planning a penetration test that simulate...
- Question 85: Which of the following would be the MOST severe impact to ac...
- Question 86: Which role is primarily responsible for reviewing an analyze...
- Question 87: For a victim of a security breach to prevail in a negligence...
- Question 88: When securing Hypertext Markup Language (HTML) text data, wh...
- Question 89: What is the BEST control to be implemented at a login page i...
- Question 90: Which of the following addresses requirements of security as...
- Question 91: A developer begins employment with an information technology...
- Question 92: Which of the following is a term used to describe maintainin...
- Question 93: If a security requirement for a given system states that una...
- Question 94: Which type of access control includes a system that allows o...
- Question 95: When resolving ethical conflicts, the information security p...
- Question 96: Which of the following security testing strategies is BEST s...
- Question 97: Which of the following MUST be done before a digital forensi...
- Question 98: What BEST describes the confidentiality, integrity, availabi...
- Question 99: Which of the following BEST represents the concept of least ...
- Question 100: Wi-Fi Protected Access 2 (WPA2) provides users with a higher...
- Question 101: An engineer notices some late collisions on a half-duplex li...
- Question 102: A retail company is looking to start a development project t...
- Question 103: Which of the following is generally indicative of a replay a...
- Question 104: Which of the following is a standard Access Control List (AC...
- Question 105: During which of the following processes is least privilege i...
- Question 106: An established information technology (IT) consulting firm i...
- Question 107: Which of the fallowing statements is MOST accurate regarding...
- Question 108: Which part of an operating system (OS) is responsible for pr...
- Question 109: What is the MOST effective method to enhance security of a s...
- Question 110: A new site's gateway isn't able to farm a tunnel to the exis...
- Question 111: Which of the following is the MOST effective strategy to pre...
- Question 112: When collecting a raw dump of physical memory, when should t...
- Question 113: An organization is formulating a strategy to provide access ...
- Question 114: How does identity as a service (IDaaS) provide an easy mecha...
- Question 115: During an internal audit of an organizational Information Se...
- Question 116: In order to provide dual assurance in a digital signature sy...
- Question 117: What is the PRIMARY reason for implementing change managemen...
- Question 118: What security technique in the Software Development Life Cyc...
- Question 119: Why is it important for a security officer to report directl...
- Question 120: Why are packet filtering routers used in low-risk environmen...
- Question 121: Which of the following is FIRST defined in a company's data ...
- Question 122: Which of the following is a technique used by database manag...
- Question 123: What is the PRIMARY objective of the post-incident phase of ...
- Question 124: Which of the following processes is used to align security c...
- Question 125: Which of the following is the BEST action while reviewing re...
- Question 126: Which of the following should be performed FIRST in a Busine...
- Question 127: Which of the following contributes to secure source code han...
- Question 128: What Is a risk of using commercial off-the-shelf (COTS) prod...
- Question 129: Which Identity and Access Management (IAM) process can be us...
- Question 130: A security engineer is assigned to work with the patch and v...
- Question 131: Which of the following actions should be performed immediate...
- Question 132: Passive Infrared Sensors (PIR) used in a non-climate control...
- Question 133: Which security architecture strategy could be applied to sec...
- Question 134: Which of the following adds end-to-end security inside a Lay...
- Question 135: An organization has experienced multiple distributed denial-...
- Question 136: Which of the following makes smartphones particularly vulner...
- Question 137: Which step of the Risk Management Framework (RMF) identifies...
- Question 138: Which of the following methods provides the MOST protection ...
- Question 139: Which of the following is the PRIMARY reason a sniffer opera...
- Question 140: Which of the following is the MOST important information in ...
- Question 141: What term is commonly used to describe hardware and software...
- Question 142: Extensible Authentication Protocol-Message Digest 5 (EAP-MD5...
- Question 143: What is the PRIMARY objective of an application security ass...
- Question 144: Which of the following practices provides the development of...
- Question 145: Who is responsible for the protection of information when it...
- Question 146: Which attack defines a piece of code that is inserted into s...
- Question 147: Unused space in a disk cluster is important in media analysi...
- Question 148: In the Open System Interconnection (OSI) reference model, wh...
- Question 149: Which of the following techniques BEST protects against unau...
- Question 150: During a disruptive event, which security continuity objecti...
- Question 151: A network administrator is configuring a database server and...
- Question 152: Which of the following is TRUE for an organization that is u...
- Question 153: Which of the following media is LEAST problematic with data ...
- Question 154: A security professional should ensure that clients support w...
- Question 155: Which of the following is a second optional use of Network A...
- Question 156: Which of the following is MOST important when determining ap...
- Question 157: The restoration priorities of a Disaster Recovery Plan (DRP)...
- Question 158: Which of the following is an ethical value?...
- Question 159: An Information System Security Officer (ISSO) employed by a ...
- Question 160: The security team has been tasked with performing an interfa...
- Question 161: A security architect is responsible for the protection of a ...
- Question 162: An application developer is developing a web application tha...
- Question 163: The disaster recovery (DR) process should always include...
- Question 164: Which of the following s the MAIN security benefit of having...
- Question 165: Which of the following would be MOST useful to reduce risk i...
- Question 166: An internal audit for an organization recently identified ma...
- Question 167: Which of the following techniques is MOST useful when dealin...
- Question 168: A vulnerability test on an Information System (IS) is conduc...
- Question 169: Which of the following is considered the FIRST step when des...
- Question 170: Which security service is served by the process of encryptio...
- Question 171: Limiting the processor, memory, and Input/output (I/O) capab...
- Question 172: When conducting software development, what is the BEST secur...
- Question 173: The configuration management and control task of the certifi...
- Question 174: What is the PRIMARY advantage of using automated application...
- Question 175: Backup information that is critical to the organization is i...
- Question 176: Dumpster diving is a technique used in which stage of penetr...
- Question 177: Why would an administrator use a Trusted platform Module (TP...
- Question 178: Which of the following is the PRIMARY purpose of installing ...
- Question 179: A security practitioner needs to implement a solution to ver...
- Question 180: Commercial off-the-shelf (COTS) software presents which of t...
- Question 181: Which Open Systems Interconnection (OSI) layer(s) BEST corre...
- Question 182: A proxy firewall operates at what layer of the Open System I...
- Question 183: Which testing method requires very limited or no information...
- Question 184: In a dispersed network that lacks central control, which of ...
- Question 185: Which of the following is a best practice in a data handling...
- Question 186: Which of the following would an attacker BEST be able to acc...
- Question 187: An organization wants to implement a security service that a...
- Question 188: Which of the following will allow the host system to check q...
- Question 189: At which stage of the System Development Life Cycle (SDLC)ar...
- Question 190: When designing a new Voice over Internet Protocol (VoIP) net...
- Question 191: A cloud service provider requires its customer organizations...
- Question 192: What are the MAIN Information Assurance (IA) goals of Virtua...
- Question 193: What protocol is often used between gateway hosts on the Int...
- Question 194: Which of the following is MOST critical in a contract in a c...
- Question 195: Which one of the following is an advantage of an effective r...
- Question 196: Who is responsible for classifying assists in an organizatio...
- Question 197: What technique used for spoofing the origin of an email can ...
- Question 198: An organization decides to evaluate the security of a system...
- Question 199: Which of the following is the BEST reason for the use of sec...
- Question 200: A security professional should consider the protection of wh...
- Question 201: When considering a VPN solution, what possible disadvantage ...
- Question 202: Which of the following features is MOST effective in mitigat...
- Question 203: What is the BEST approach to annual safety training?...
- Question 204: What is the BEST way to encrypt web application communicatio...
- Question 205: It is better to use Elliptic Curve Cryptography (ECC) instea...
- Question 206: What is the PRIMARY benefit of incident reporting and comput...
- Question 207: A software architect has been asked to build a platform to d...
- Question 208: What are the roles within a scrum methodoligy?...
- Question 209: The PRIMARY purpose of accreditation is to:...
- Question 210: Prohibiting which of the following techniques is MOST helpfu...
- Question 211: Which of the following describes the BEST configuration mana...
- Question 212: Which of the following is part of a Trusted Platform Module ...
- Question 213: Which of the following is performed to determine a measure o...
- Question 214: Which of the following is the PRIMARY purpose of due diligen...
- Question 215: What is the FIRST step an organization should take if it is ...
- Question 216: A security engineer is tasked with implementing a new identi...
- Question 217: What does a Synchronous (SYN) flood attack do?...
- Question 218: What is often referred to as front door access?...
- Question 219: An organization is attempting to strengthen the configuratio...
- Question 220: Which of the following Is the PRIMARY role of a security arc...
- Question 221: Which of the following best practices mitigates the risk of ...
- Question 222: Which of the following is the PRIMARY benefit of implementin...
- Question 223: Which of the following is a characteristic of a challenge/re...
- Question 224: Which one of the following considerations has the LEAST impa...
- Question 225: Why Is It important to have a comprehensive inventory of Inf...
- Question 226: An organization has received an initial draft of a security ...
- Question 227: A web developer is completing a new web application security...
- Question 228: What should be used to determine the risks associated with u...
- Question 229: Which of the following is a benefit of implementing data-in-...
- Question 230: Which of the following value comparisons MOST accurately ref...
- Question 231: In The Open System Interconnection (OSI) model, which layer ...
- Question 232: An organization has been collecting a large amount of redund...
- Question 233: A large international organization that collects information...
- Question 234: Which type of log collection is focused on detecting and res...
- Question 235: What security tenet is BEST ensured when deployment controls...
- Question 236: Which of the following encryption technologies has the abili...
- Question 237: Which of the following is needed to securely distribute symm...
- Question 238: Which of the following is an essential requirement of a faul...
- Question 239: An organization contracts with a consultant to perform a Sys...
- Question 240: How can a security engineer maintain network separation from...
- Question 241: A system administrator is tasked with assigning unique ident...
- Question 242: Which of the following provides the BEST method to verify th...
- Question 243: Which of the following is the primary security consideration...
- Question 244: A corporation does not have a formal data destruction policy...
- Question 245: Which of the following is the greatest weakness with attacke...
- Question 246: The design of a secured physical facility starts with identi...
- Question 247: Which of the following BEST describes the use of network arc...
- Question 248: What is the PRIMARY role of a scrum master in agile developm...
- Question 249: A vehicle of a private courier company that transports backu...
- Question 250: Which of the following is a method used to prevent Structure...
- Question 251: Which one of the ciphering techniques for mobile communicati...
- Question 252: Organizational leadership wants to move away from compliance...
- Question 253: Attack trees are MOST useful for which of the following?...
- Question 254: When assessing an organization's security policy according t...
- Question 255: A company seizes a mobile device suspected of being used in ...
- Question 256: When writing security assessment procedures, what is the MAI...
- Question 257: A company is attempting to enhance the security of its user ...
- Question 258: Which of the following is the MOST likely reason a Human Res...
- Question 259: An organization has detected that the contents of a static t...
- Question 260: The quality assurance (QA) department is short-staffed and i...
- Question 261: Which of the following contributes MOST to the effectiveness...
- Question 262: Which of the following is the BEST way to protect an organiz...
- Question 263: What is the MAXIMUM number of host addresses available in a ...
- Question 264: The security organization is looking for a solution that cou...
- Question 265: While dealing with the consequences of a security incident, ...
- Question 266: Which of the following entails identification of data end li...
- Question 267: What is the PRIMARY reason for criminal law being difficult ...
- Question 268: Which of the following is the BEST definition of Cross-Site ...
- Question 269: A malicious user gains access to unprotected directories on ...
- Question 270: A project manager for a large software firm has acquired a g...
- Question 271: Which of the following is a safeguard that could be used to ...
- Question 272: A developer creates an application to be distributed worldwi...
- Question 273: Which of the following is TRUE about Disaster Recovery Plain...
- Question 274: A user has infected a computer with malware by connecting a ...
- Question 275: Which of the following management process allows ONLY those ...
- Question 276: In which of the following cloud services is the service prov...
- Question 277: During the change management process, which of the following...
- Question 278: Which of the following documents specifies services from the...
- Question 279: Once the types of information have been identified, who shou...
- Question 280: Which of the following is the MOST appropriate action when r...
- Question 281: Which of the following MUST be done before a digital forensi...
- Question 282: The application of which of the following standards would BE...
- Question 283: Company A is evaluating new software to replace an in-house ...
- Question 284: Of the following, which BEST provides non-repudiation with r...
- Question 285: Which of the following provides for the STRONGEST protection...
- Question 286: Exploitation of knowledge regarding the response time for a ...
- Question 287: The security team has determined they lack the ability to mo...
- Question 288: Which of the following is the BEST defense against password ...
- Question 289: Under which of the following circumstances should cryptograp...
- Question 290: A financial services organization has employed a security co...
- Question 291: Which of the following questions will be addressed through t...
- Question 292: When investigating a possible cybercrime, which of the follo...
- Question 293: Which of the following is the BEST reason for writing an inf...
- Question 294: Which of the following is required to verify the authenticit...
- Question 295: When adopting software as a service (Saas), which security r...
- Question 296: Which of the following measures is the MOST critical in orde...
- Question 297: A large law firm would like to enable employees to participa...
- Question 298: Which of the following criteria ensures information is prote...
- Question 299: A colleague who recently left the organization asked a secur...
- Question 300: An organization wants to define its physical perimeter. What...
- Question 301: Which of the following is the BEST way to mitigate circumven...
- Question 302: Which of the following is a security feature of Global Syste...
- Question 303: An organization's retail website provides its only source of...
- Question 304: What are the roles within a scrum methodology?...
- Question 305: When should the software Quality Assurance (QA) team feel co...
- Question 306: Which of the following is the PRIMARY reason Android devices...
- Question 307: Under which of the following circumstances should Cryptograp...
- Question 308: An organization would like to use Security Assertion Markup ...
- Question 309: Which of the following design elements are included in Opera...
- Question 310: Which of the below strategies would MOST comprehensively add...
- Question 311: Which of the following is a recommended method to control re...
- Question 312: What would be the BEST action to take in a situation where c...
- Question 313: An organization that has achieved a Capability Maturity Mode...
- Question 314: What is a use for mandatory access control (MAC)?...
- Question 315: A control to protect from a Denial-of-Service (DoS) attach h...
- Question 316: A security professional has been assigned to assess a web ap...
- Question 317: Which of the following is the MOST important output from a m...
- Question 318: Which of the following fire suppression solutions is MOST ha...
- Question 319: What type of wireless network attack BEST describes an Elect...
- Question 320: A post-implementation review has identified that the Voice O...
- Question 321: Between which pair of Open System Interconnection (OSI) Refe...
- Question 322: What is the PRIMARY purpose for an organization to conduct a...
- Question 323: A security practitioner detects an Endpoint attack on the or...
- Question 324: Which of the following statements BEST describes least privi...
- Question 325: Which of the following is a risk matrix?...
- Question 326: Identity and Access Management (IAM) tools support the use o...
- Question 327: Which is MOST important when negotiating an Internet service...
- Question 328: A company is preparing to migrate part of its applications t...
- Question 329: Which of the following terms is used to describe original, u...
- Question 330: What is the MOST effective response to a hacker who has alre...
- Question 331: Which of the following BEST ensures the integrity of transac...
- Question 332: To comply with industry requirements, a security assessment ...
- Question 333: What is the MOST important criterion that needs to be adhere...
- Question 334: Which of the following provides the best protection of data ...
- Question 335: In regard to multimedia files, which Digital Rights Manageme...
- Question 336: The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunn...
- Question 337: When partnering with a third-party, it is the responsibility...
- Question 338: An advantage of link encryption in a communications network ...
- Question 339: Which of the following activities will be MOST significant i...
- Question 340: The threat modeling identifies a man-in-the-middle (MITM) ex...
- Question 341: What requirement MUST be met during internal security audits...
- Question 342: An organization would like to secure a trusted and untrusted...
- Question 343: A financial company has decided to move its main business ap...
- Question 344: employee training, risk management, and data handling proced...
- Question 345: Why would a system be structured to isolate different classe...
- Question 346: In an IDEAL encryption system, who has sole access to the de...
- Question 347: Which of the following access control models is MOST restric...
- Question 348: In what phase of the System Development Life Cycle (SDLC) sh...
- Question 349: Which of the following is a correct feature of a virtual loc...
- Question 350: An information security analyst observed a device on the org...
- Question 351: When determining data and information asset handling, regard...
- Question 352: Which of the following is the PRIMARY purpose of routinely t...
- Question 353: Which of the following is an important design feature for th...
- Question 354: In a quarterly system access review, an active privileged ac...
- Question 355: Which of the following is the MOST effective preventative me...
- Question 356: Why might a network administrator choose distributed virtual...
- Question 357: Which reporting type requires a service organization to desc...
- Question 358: Which of the following was the first version of the Network ...
- Question 359: A new employee formally reported suspicious behavior to the ...
- Question 360: Digital certificates used in Transport Layer Security (TLS) ...
- Question 361: What is the MAIN benefit of change management in an applicat...
- Question 362: Which of the following is the MOST effective countermeasure ...
- Question 363: Which of the following is the BEST approach to mitigate all ...
- Question 364: Which of the following has the responsibility of information...
- Question 365: When implementing a data classification program, why is it i...
- Question 366: Which of the following BEST describes a virtual circuit wher...
- Question 367: Which process presents the greatest security concern while a...
- Question 368: Which of the following is the PRIMARY risk with using open s...
- Question 369: If a content management system (CMC) is implemented, which o...
- Question 370: A criminal organization is planning an attack on a governmen...
- Question 371: Which of the following is the PRIMARY reason for selecting t...
- Question 372: Why is planning the MOST critical phase of a Role Based Acce...
- Question 373: Which Internet Protocol Security (IPSec) mechanism, when add...
- Question 374: Which of the following is considered the PRIMARY security is...
- Question 375: An organization is considering partnering with a third-party...
- Question 376: A company is enrolled in a hard drive reuse program where de...
- Question 377: Wi-Fi Protected Access 2 (WPA2) is a security protocol desig...
- Question 378: A security operations center (SOC) discovers a recently depl...
- Question 379: What is the PRIMARY benefit of relying on Security Content A...
- Question 380: Which is the PRIMARY mechanism for providing the workforce w...
- Question 381: Which of the following is a Key Performance Indicator (KPI) ...
- Question 382: Vulnerability scanners may allow for the administrator to as...
- Question 383: As part of an application penetration testing process, sessi...
- Question 384: A control to protect from the Denial-of-Service (DOS) attack...
- Question 385: How should the retention period for an organization's social...
- Question 386: A retail company suffered a ransomware attack that compromis...
- Question 387: Which open standard could l large corporation deploy for aut...
- Question 388: A security professional has been requested by the Board of D...
- Question 389: Which of the following is the PRIMARY objective of performin...
- Question 390: Which of the following is an advantage of Star Network Topol...
- Question 391: A security professional should identify special regulatory o...
- Question 392: At what stage of the Software Development Life Cycle (SDLC) ...
- Question 393: Functional security testing is MOST critical during which ph...
- Question 394: The design review for an application has been completed and ...
- Question 395: Which of the following is a process in the access provisioni...
- Question 396: During a Disaster Recovery (DR) simulation, it is discovered...
- Question 397: Which of the following methods of suppressing a fire is envi...
- Question 398: Which of the following is the LEAST secure authentication me...
- Question 399: Upon commencement of an audit within an organization, which ...
- Question 400: What part of an organization's strategic risk assessment MOS...
- Question 401: A security consultant is asked to make recommendations for a...
- Question 402: Which of the following is responsible for establishing an en...
- Question 403: During examination of internet history records, the followin...
- Question 404: Drag and Drop Question Match the types of e-authentication t...
- Question 405: What is the BEST approach to anonymizing personally identifi...
- Question 406: Computer forensics requires which of the following MAIN step...
- Question 407: Which of the following is the BEST metric to obtain when gai...
- Question 408: Which of the following problems is not addressed by using Op...
- Question 409: An organization decides to create a team to define its new c...
- Question 410: Which of the following mechanisms are PRIMARILY used to safe...
- Question 411: The security architect has been assigned the responsibility ...
- Question 412: Which of the following has the HIGHEST priority when designi...
- Question 413: The security team is notified that a device on the network i...
- Question 414: Which service management process BEST helps information tech...
- Question 415: Which would result in the GREATEST import following a breach...
- Question 416: Which of the following mechanisms will BEST prevent a Cross-...
- Question 417: Which of the following examples is BEST to minimize the atta...
- Question 418: An organization deploys a Single Sign-On (SSO) solution for ...
- Question 419: Which of the following practices provides the development te...
- Question 420: Which of the following is a responsibility of a data steward...
- Question 421: Knowing the language in which an encrypted message was origi...
- Question 422: What is the BEST way that a closed-circuit television (CCTV)...
- Question 423: The Online Certificate Status Protocol (OCSP) is used to con...
- Question 424: When determining who can accept the risk associated with a v...
- Question 425: An employee of a retail company has been granted an extended...
- Question 426: Which of the following is the BEST method to validate secure...
- Question 427: Company A acquired company B in a merger. Company A immediat...
- Question 428: The PRIMARY characteristic of a Distributed Denial of Servic...
- Question 429: Which part of an Operating System (OS) is responsible for pr...
- Question 430: Which of the following is the FINAL step when implementing a...
- Question 431: Which of the following is an environmental security control ...
- Question 432: Within the company, desktop clients receive Internet Protoco...
- Question 433: Which of the following goals represents a modern shift in ri...
- Question 434: Which of the following provides the GREATEST level of data s...
- Question 435: Which of the following BEST describes the responsibilities o...
- Question 436: What is a consideration when determining the potential impac...
- Question 437: The adoption of an enterprise-wide business continuilty prog...
- Question 438: What type of database attack would allow a customer service ...
- Question 439: What is the MOST important goal of conducting security asses...
- Question 440: Which of the following is key when assessing weaknesses in a...
- Question 441: Which of the following is an initial consideration when deve...
- Question 442: Which of the following takes place earliest in the use of Se...
- Question 443: Which type of security testing is being performed when an et...
- Question 444: Write Once, Read Many (WORM) data storage devices are design...
- Question 445: Which of the following is the MOST challenging issue in appr...
- Question 446: When network management is outsourced to third parties, whic...
- Question 447: Which of the following types of datacenter architectures wil...
- Question 448: Which of the following would be the BEST guideline to follow...
- Question 449: Which of the following is the MOST important activity an org...
- Question 450: Which is the MOST important consideration for a policy safeg...
- Question 451: An organization is the victim of a major data breach just on...
- Question 452: Which of the following is a remote access protocol that uses...
- Question 453: A company wants to implement two-factor authentication (2FA)...
- Question 454: When are security metrics MOST effective?...
- Question 455: Which of the following is a MAJOR concern when there is a ne...
- Question 456: When dealing with compliance with the Payment card Industry ...
- Question 457: Using the cipher text and resultant clear text message to de...
- Question 458: A network administrator receives complaints from users that ...
- Question 459: What is the PRIMARY purpose of peer code reviews?...
- Question 460: Which action is most effective for controlling risk and mini...
- Question 461: A project requires the use of an authentication mechanism wh...
- Question 462: A large organization's human resources and security teams ar...
- Question 463: A security architect is reviewing plans for an application w...
- Question 464: Which of the following describes the order in which a digita...
- Question 465: What is the motivation for use of the Online Certificate Sta...
- Question 466: Which of the following techniques BEST prevents buffer overf...
- Question 467: Which of the following is the MOST important consideration w...
- Question 468: Which of the following would BEST describe the role directly...
- Question 469: How is Remote Authentication Dial-In User Service (RADIUS) a...
- Question 470: Which of the following is the MOST important action regardin...
- Question 471: What are facets of trustworthy software in supply chain oper...
- Question 472: In Disaster Recovery (DR) and business continuity training, ...
- Question 473: What is the BEST way to correlate large volumes of disparate...
- Question 474: What is the most effective form of media sanitization to ens...
- Question 475: Security Software Development Life Cycle (SDLC) expects appl...
- Question 476: If traveling abroad and a customs official demands to examin...
- Question 477: An organization's internal audit team performed a security a...
- Question 478: Which role determines the impact the information has on the ...
- Question 479: An auditor carrying out a compliance audit requests password...
- Question 480: A company-wide penetration test result shows customers could...
- Question 481: Reciprocal backup site agreements are considered to be...
- Question 482: A vulnerability assessment report has been submitted to a cl...
- Question 483: Why are mobile devices something difficult to investigate in...
- Question 484: Which of the following security tools will ensure authorized...
- Question 485: Which of the following is the MOST important consideration w...
- Question 486: The core component of Role Based Access Control (RBAC) must ...
- Question 487: When conducting a third-party risk assessment of a new suppl...
- Question 488: Who is accountable for the information with an Information S...
- Question 489: If virus infection is suspected, which of the following is t...
- Question 490: Which of the following is a key responsibility for a data st...
- Question 491: When implementing a secure wireless network, which of the fo...
- Question 492: What determines the level of security of a combination lock?...
- Question 493: In the common criteria, which of the following is a formal d...
- Question 494: What steps can be taken to prepare personally identifiable i...
- Question 495: Which of the following is used to support the concept of def...
- Question 496: An organization is considering outsourcing applications and ...
- Question 497: Which of the following is the strongest physical access cont...
- Question 498: Which of the following is a strategy of grouping requirement...
- Question 499: Which of the following is the BEST statement for a professio...
- Question 500: A Chief Information Officer (CIO) has delegated responsibili...
- Question 501: Which of the following is the FIRST step an organization's s...
- Question 502: An authentication system that uses challenge and response wa...
- Question 503: Which of the following techniques is known to be effective i...
- Question 504: Which of the following encryption technologies is based on t...
- Question 505: An application developer receives a report back from the sec...
- Question 506: The Chief Information Security Officer (CISO) of a small org...
- Question 507: When recovering from an outage, what is the Recovery Point O...
- Question 508: What is the MOST common component of a vulnerability managem...
- Question 509: What is the GREATEST challenge of an agent based patch manag...
- Question 510: Which of the following BEST describes the purpose of softwar...
- Question 511: A company developed a web application which is sold as a Sof...
- Question 512: Recently, an unknown event has disrupted a single Layer-2 ne...
- Question 513: The design of a security system to prevent potential conflic...
- Question 514: What is the MOST important factor in establishing an effecti...
- Question 515: Which of the following is the BEST method to gather evidence...
- Question 516: A recent security audit is reporting several unsuccessful lo...
- Question 517: What is the PRIMARY consideration when testing industrial co...
- Question 518: While performing a security review for a new product, an inf...
- Question 519: An organization outgrew its internal data center and is eval...
- Question 520: Who is accountable for the information within an Information...
- Question 521: Which of the following is an effective control in preventing...
- Question 522: A company wants to buy a Commercial ff-The-Shelf (CTS) appli...
- Question 523: Which of the following security tools monitors devices and r...
- Question 524: Which of the following BEST describes centralized identity m...
- Question 525: Which of the following offers the BEST security functionalit...
- Question 526: After following the processes defined within the change mana...
- Question 527: Which organizational department is ultimately responsible fo...
- Question 528: In designing the architecture of an access control system, i...
- Question 529: When can a security program be considered effective?...
- Question 530: Which of the following BEST describes a cache poisoning atta...
- Question 531: Which of the following types of web-based attack is happenin...
- Question 532: Which of the following statements applies to Structured Quer...
- Question 533: Which of the following actions MUST be taken if a vulnerabil...
- Question 534: Which of the following BEST represents a defense in depth co...
- Question 535: What is the MOST common cause of Remote Desktop Protocol (RD...
- Question 536: Which of the following phases involves researching a target'...
- Question 537: Which of the following is an example of a Time of Check/Time...
- Question 538: An information security professional is performing an intern...
- Question 539: Which of the following is the PRIMARY type of cryptography r...
- Question 540: Which of the following is a best practice in a data handling...
- Question 541: When developing an information security policy, why is it BE...
- Question 542: The MAIN purpose of placing a tamper seal on a computer syst...
- Question 543: Which of the following is the MAIN benefit of off-site stora...
- Question 544: A user is allowed to access the file labeled "Financial Fore...
- Question 545: How should an organization determine the priority of its rem...
- Question 546: Which of the following is the PRIMARY security interest of t...
- Question 547: While reviewing a web application-to-application connection,...
- Question 548: For a given Key size, which of the following statements corr...
- Question 549: Who is essential for developing effective test scenarios for...
- Question 550: What is the FIRST step in risk management?...
- Question 551: A security team member was selected as a member of a Change ...
- Question 552: A manufacturing organization wants to establish a Federated ...
- Question 553: A security architect is implementing an authentication syste...
- Question 554: How does a Host Based Intrusion Detection System (HIDS) iden...
- Question 555: Which of the following VPN configurations should be used to ...
- Question 556: What is the MOST appropriate hierarchy of documents when imp...
- Question 557: Which of the following is the MOST critical task for a foren...
- Question 558: When designing a business continuity plan (BCP), what is the...
- Question 559: Which of the following would an information security profess...
- Question 560: What is a security concern when considering implementing sof...
- Question 561: A large human resources organization wants to integrate thei...
- Question 562: Which of the following is TRUE about Disaster Recovery Plan ...
- Question 563: When MUST an organization's information security strategic p...
- Question 564: What is a common mistake in records retention?...
- Question 565: For privacy protected data, which of the following roles has...
- Question 566: An external consultant has violated an organization's Accept...
- Question 567: In the last 15 years a company has experienced three electri...
- Question 568: Why should Open Wab Application Secuirty Project (OWASP) App...
- Question 569: Which of the following is the MOST effective method of detec...
- Question 570: In a High Availability (HA) environment, what is the PRIMARY...
- Question 571: Utilizing a public wireless Local Area network (WLAN) to con...
- Question 572: Which is the FIRST type of Business Continuity (BC) test tha...
- Question 573: Which of the following is the MOST secure password technique...
- Question 574: Which of the following alarm systems is recommended to detec...
- Question 575: An organization discovers that its Secure File Transfer Prot...
- Question 576: XYZ Textiles has just acquired a smaller competitor, AcmeTex...
- Question 577: A large organization uses biometrics to allow access to its ...
- Question 578: At the destination host, which of the following OSI model la...
- Question 579: What is the second step in the identity and access provision...
- Question 580: Information Security continuous Monitoring (ISCM) is a criti...
- Question 581: When can Authorizing Officials (AO) authorize a system to op...
- Question 582: Which following data backup methods provides fast recovery t...
- Question 583: Information security metrics provide the GREATEST to managem...
- Question 584: In a Transmission Control Protocol/Internet Protocol (TCP/IP...
- Question 585: Which of the following types of physical security testing do...
- Question 586: An organization has implemented a protection strategy to sec...
- Question 587: What is the FIRST step in reducing the exposure of a network...
- Question 588: Which of the following roles typically works with the Inform...
- Question 589: Which of the following initiates the system recovery phase o...
- Question 590: Which of the following command line tools can be used in the...
- Question 591: Which of the following BEST describes the purpose of the ref...
- Question 592: Which of the following steps should be performed FIRST when ...
- Question 593: An Internet media company produces and broadcasts highly pop...
- Question 594: To ensure compliance with the General Data Protection Regula...
- Question 595: Which of the following is the MOST effective measure to prev...
- Question 596: Drag and Drop Question Match the following generic software ...
- Question 597: In a client server application, why would there be paddling ...
- Question 598: A vendor released a security patch for a dangerous vulnerabi...
- Question 599: Which of the following will an organization's network vulner...
- Question 600: An attacker is able to remain indefinitely logged into a exp...
- Question 601: All hosts on the network are sending logs via syslog-ng to t...
- Question 602: Which of the following attacks can be leveraged only against...
- Question 603: The organization would like to deploy an authorization mecha...
- Question 604: What information will BEST assist security and financial ana...
- Question 605: In which of the following system life cycle processes should...
- Question 606: An organization is implementing a bring your own device (BYO...
- Question 607: Which of the following is fundamentally required to address ...
- Question 608: Which of the following is the BEST way to protect privileged...
- Question 609: Secure coding can be developed by applying which one of the ...
- Question 610: Which of the following is most helpful in applying the princ...
- Question 611: While reviewing the financial reporting risks of a third-par...
- Question 612: Why are mobile devices sometimes difficult to investigate in...
- Question 613: What should be the FIRST action for a security administrator...
- Question 614: Which of the following aspects in an asset table is the MOST...
- Question 615: Which of the following statements BEST distinguishes a state...
- Question 616: Drag and Drop Question Match the level of evaluation to the ...
- Question 617: An organization is trying to secure instant messaging (IM) c...
- Question 618: A technician wants to install a WAP in the center of a room ...
- Question 619: What is the BEST method to use for assessing the security im...
- Question 620: A Distributed Denial of Service (DDoS) attack was carried ou...
- Question 621: When designing a Cyber-Physical System (CPS), which of the f...
- Question 622: Lack of which of the following options could cause a negativ...
- Question 623: When using Security Assertion markup language (SAML), it is ...
- Question 624: An application developer is deciding on the amount of idle s...
- Question 625: At what level of the Open System Interconnection (OSI) model...
- Question 626: A security professional needs to find a secure and efficient...
- Question 627: Which of the following could be considered the MOST signific...
- Question 628: Which of the following attributes could be used to describe ...
- Question 629: What is static analysis intended to do when analyzing an exe...
- Question 630: Which one of the following BEST augments the Lightweight Dir...
- Question 631: A software engineer uses automated tools to review applicati...
- Question 632: An application is used for funds transfers between an organi...
- Question 633: An IT technician suspects a break in one of the uplinks that...
- Question 634: Which of the following services can be deployed via a cloud ...
- Question 635: For network based evidence, which of the following contains ...
- Question 636: Which of the following describes total evacuation time?...
- Question 637: Which of the following is the PRIMARY concern when using an ...
- Question 638: How does Encapsulating Security Payload (ESP) in transport m...
- Question 639: Which of the following factors should be considered characte...
- Question 640: Additional padding may be added to toe Encapsulating Securit...
- Question 641: An information technology (IT) employee who travels frequent...
- Question 642: What technology can be used to implement Single sign-On (SSO...
- Question 643: When participating in a forensic investigation, who should b...
- Question 644: Which of the following is an attacker MOST likely to target ...
- Question 645: Security personnel should be trained by emergency management...
- Question 646: Which of the following is a source to consider when assessin...
- Question 647: Which of the following poses the GREATEST privacy risk to pe...
- Question 648: Which of the following is the BEST approach to implement mul...
- Question 649: In software development, developers should use which type of...
- Question 650: When designing a vulnerability test, which one of the follow...
- Question 651: Which of the following tests MUST a Security Control Assesso...
- Question 652: An organization implements a Remote Access Server (RAS). Onc...
- Question 653: Determining outage costs caused by a disaster can BEST be me...
- Question 654: In the "Do" phase of the Plan-Do-Check-Act model, which of t...
- Question 655: When transmitting information over public networks, the deci...
- Question 656: Which of the following is the key requirement for test resul...
- Question 657: Which of the following types of hosts should be operating in...
- Question 658: Which of the following is a characteristic of convert securi...
- Question 659: Which of the following is the FIRST requirement a data owner...
- Question 660: What High Availability (HA) option of database allow multipl...
- Question 661: Which access control method allows an entity to make certain...
- Question 662: Which element of software supply chain management has the GR...
- Question 663: Which of the following authorization standards is built to h...
- Question 664: In fault-tolerant systems, what do rollback capabilities per...
- Question 665: Which of the following is the MOST common cause of system or...
- Question 666: Why is data classification control important to an organizat...
- Question 667: Which of the following is critical if an empolyee is dismiss...
- Question 668: Access to which of the following is required to validate web...
- Question 669: What can happen when an Intrusion Detection System (IDS) is ...
- Question 670: What approach in embedded systems communication allows both ...
- Question 671: Which of the following is the FIRST step in data classificat...
- Question 672: Which of the following BEST describes the standard used to e...
- Question 673: What is the MOST efficient way to verify the integrity of da...
- Question 674: A company needs to provide employee access to travel service...
- Question 675: A security professional is assessing the risk in an applicat...
- Question 676: Which of the following Disaster recovery (DR) testing proces...
- Question 677: What BEST describes data ownership?...
- Question 678: Which of the following needs to be included in order for Hig...
- Question 679: Which of the following activities is MOST likely to be perfo...
- Question 680: A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) ...
- Question 681: Which protocol provides confidentiality, integrity and authe...
- Question 682: What method could be used to prevent passive attacks against...
- Question 683: Which of the following routing protocols is used to exchange...
- Question 684: Which of the following global privacy legislation principles...
- Question 685: For the detection of internet of things (loT) devices, a pro...
- Question 686: Which of the following is the BEST method to perform an end-...
- Question 687: Which one of the following describes granularity?...
- Question 688: The occurrence of a stack overflow can provide an opportunit...
- Question 689: Refer to the information below to answer the question. A new...
- Question 690: Which of the following countermeasures is the MOST effective...
- Question 691: Which of the following is a benefit in implementing an enter...
- Question 692: An organization discovers that its secure file transfer prot...
- Question 693: What principle requires that changes to the plaintext affect...
- Question 694: When managing supply chain risks for contingent business int...
- Question 695: The security architect is designing and implementing an inte...
- Question 696: Which of the following is BEST suited for exchanging authent...
- Question 697: Which of the following is a credible source to validate that...
- Question 698: An organization adopts a new firewall hardening standard. Ho...
- Question 699: Which one of the following affects the classification of dat...
- Question 700: An employee's home address should be categorized according t...
- Question 701: Which inherent password weakness does a One Time Password (O...
- Question 702: In a DevOps environment, which of the following actions is M...
- Question 703: An access control list (ACL) on a router is a feature MOST s...
- Question 704: Which of the following is the FIRST step during digital iden...
- Question 705: An organization is planning to establish a connection to a t...
- Question 706: Which of the following describes the BEST method of maintain...
- Question 707: Which Redundant Array c/ Independent Disks (RAID) Level does...
- Question 708: What should be the FIRST action for a security administrator...
- Question 709: In which stage of a Software Development Life Cycle (SDLC) i...
- Question 710: Which of the following vulnerabilities can be BEST detected ...
- Question 711: An organization has discovered that users are visiting unaut...
- Question 712: Which of the following are the three MAIN categories of secu...
- Question 713: How is the session key used to encrypt a Secure Multipurpose...
- Question 714: A data owner determines the appropriate job-based access for...
- Question 715: Which of the following methods protects Personally Identifia...
- Question 716: In a multi-tenant cloud environment, what approach will secu...
- Question 717: What is the HIGHEST priority in agile development?...
- Question 718: Which of the following is the MOST secure protocol for zremo...
- Question 719: In a data classification scheme, the data is owned by the...
- Question 720: What type of investigation applies when malicious behavior i...
- Question 721: A large corporation is looking for a solution to automate ac...
- Question 722: Single sign-on (SSO) for federated identity management (FIM)...
- Question 723: A vulnerability in which of the following components would b...
- Question 724: How does security in a distributed file system using mutual ...
- Question 725: Which of the following is applicable to a publicly held comp...
- Question 726: Activity to baseline, tailor, and scope security controls ti...
- Question 727: Which function does 802.1X provide?...
- Question 728: A continuous information security monitoring program can BES...
- Question 729: How can an attacker exploit overflow to execute arbitrary co...
- Question 730: A security architect plans to reference a Mandatory Access C...
- Question 731: An input validation and exception handling vulnerability has...
- Question 732: A recent information security risk assessment identified wea...
- Question 733: Which of the following presents the PRIMARY concern to an or...
- Question 734: The ability to send malicious code, generally in the form of...
- Question 735: A client has reviewed a vulnerability assessment report and ...
- Question 736: In a disaster recovery (DR) test, which of the following wou...
- Question 737: Drag and Drop Question Given a file containing ordered numbe...
