CISSP Exam Dumps | A security professional in an enterprise organization is evaluating a software product for acquisition.

<< Prev Question Next Question >>

Question 7/796

A security professional in an enterprise organization is evaluating a software product for acquisition. During the contracting phase of the acquisition, the security professional learned that the software product has certain security flaws and as a result does not meet the security requirements. Which of the following should the security professional do in response to the situation?

A. Recommend that enterprise organization develop the product internally

B. Redefine security requirements to match software conditions

C. Implement change control procedure and review software deliverables

D. Explore the possibility of mitigating risks with contract terms

Question List (796q): Question 1: What is the MAIN purpose of a bastion host?...; Question 2: An organization is implementing data encryption using symmet...; Question 3: Which of the following is a characteristic of the independen...; Question 4: Data remanence is the biggest threat in which of the followi...; Question 5: An organization discovers that its Secure File Transfer Prot...; Question 6: In developing a Disaster Recovery Plan (DRP), the FIRST step...; Question 7: A security professional in an enterprise organization is eva...; Question 8: Which of the following has the GREATEST Impact on an organiz...; Question 9: Which of the following departments initiates the request, ap...; Question 10: What is the PRIMARY reason for aligning a security program w...; Question 11: Which of the following is a document that identifies each it...; Question 12: Unused space in a disk cluster is important in media analysi...; Question 13: The initial security categorization should be done early in ...; Question 14: When developing an electronic health record (EHR) in the Uni...; Question 15: Which of the following is considered best practice for preve...; Question 16: A company is enrolled in a hard drive reuse program where de...; Question 17: A company has decided that they need to begin maintaining as...; Question 18: Which is the FIRST action the Incident Response team should ...; Question 19: Which of the following is the MOST effective countermeasure ...; Question 20: An organization is building an enterprise system using attri...; Question 21: Which of the following is the GREATEST risk of relying only ...; Question 22: When performing forensics, which of the following should be ...; Question 23: Which of the following aspects of physical security presents...; Question 24: An organization implements a remote access server (RAS), Onc...; Question 25: Which of the following is the PRIMARY goal of logical access...; Question 26: Individual access to a network is BEST determined based on...; Question 27: Which following data backup methods provides fast recovery t...; Question 28: Which of the following is MOST appropriate for protecting co...; Question 29: The principle that personally identifiable information (PII)...; Question 30: Which reporting type requires a service organization to desc...; Question 31: An attacker has compromised an application by enumerating us...; Question 32: After a breach incident, investigators narrowed the attack t...; Question 33: Which of the following would qualify as an exception to the ...; Question 34: Which of the following secure transport protocols is often u...; Question 35: The security team is notified that a device on the network i...; Question 36: When determining data and information asset handling, regard...; Question 37: Which of the following makes smartphones particularly vulner...; Question 38: An organization plans to acquire @ commercial off-the-shelf ...; Question 39: An organization is awarded a software engineering institute ...; Question 40: Commercial off-the-shelf (COTS) software presents which of t...; Question 41: What is the BEST method to ensure the integrity of physical ...; Question 42: An organization needs a general purpose document to prove th...; Question 43: A recent information security risk assessment identified wea...; Question 44: When MUST an organization's information security strategic p...; Question 45: A Distributed Denial of Service (DDoS) attack was carried ou...; Question 46: Which of the following is fundamentally required to address ...; Question 47: An internal Service level agreement (SLA) covering security ...; Question 48: A new site's gateway isn't able to form a tunnel to the exis...; Question 49: An authentication system that uses challenge and response wa...; Question 50: Which of the following media is LEAST problematic with data ...; Question 51: Mapping out all functionality and features to their associat...; Question 52: A vehicle of a private courier company that transports backu...; Question 53: Between which pair of Open System Interconnection (OSI) Refe...; Question 54: Which of the following is a characteristic of the independen...; Question 55: Secure coding can be developed by applying which one of the ...; Question 56: A security architect is responsible for the protection of a ...; Question 57: Which of the following adds end-to-end security inside a Lay...; Question 58: Which is the MOST effective countermeasure to prevent electr...; Question 59: What steps can be taken to prepare personally identifiable i...; Question 60: Which of the following MUST be done before a digital forensi...; Question 61: In a disaster recovery (DR) test, which of the following wou...; Question 62: Which of the following would BEST support effective testing ...; Question 63: Which of the following is the FIRST step an organization's s...; Question 64: Asymmetric algorithms are used for which of the following wh...; Question 65: The Security Content Automation Protocol (SCAP) framework us...; Question 66: The design of a secured physical facility starts with identi...; Question 67: Which inherent password weakness does a One Time Password (O...; Question 68: An organization is planning a penetration test that simulate...; Question 69: Why is it important that senior management clearly communica...; Question 70: From an asset security perspective, what is the BEST counter...; Question 71: Which of the following is the MOST effective corrective cont...; Question 72: Information Security Continuous Monitoring (1SCM) is defined...; Question 73: What documentation is produced FIRST when performing an effe...; Question 74: Which of the following system security measures is required ...; Question 75: Which of the following assessment metrics is BEST used to un...; Question 76: A hospital has three data classification levels: shareable w...; Question 77: The adoption of an enterprise-wide business continuilty prog...; Question 78: An analysis finds unusual activity coming from a computer th...; Question 79: Which of the following will an organization's network vulner...; Question 80: The quality assurance (QA) department is short-staffed and i...; Question 81: Two computers, each with a single connection on the same phy...; Question 82: Which of the fallowing statements is MOST accurate regarding...; Question 83: Which of the following encryption technologies is based on t...; Question 84: Which of the following are key activities when conducting a ...; Question 85: Which of the following is a major component of the federated...; Question 86: A security professional should consider the protection of wh...; Question 87: What does electronic vaulting accomplish?...; Question 88: A large organization is conducting an internal audit of tech...; Question 89: The core component of Role Based Access Control (RBAC) must ...; Question 90: Which of the following is the PRIMARY purpose of due diligen...; Question 91: In the "Do" phase of the Plan-Do-Check-Act model, which of t...; Question 92: Knowing the language in which an encrypted message was origi...; Question 93: In a federated identity environment where an organization an...; Question 94: Which of the following is the MOST appropriate action when r...; Question 95: What are the essential elements of a Risk Assessment Report ...; Question 96: A new Chief Information Officer (CIO) created a group to wri...; Question 97: A Simple Power Analysis (SPA) attack against a device direct...; Question 98: Which is MOST important when negotiating an Internet service...; Question 99: Which organizational department is ultimately responsible fo...; Question 100: Which of the following provides the best protection of data ...; Question 101: Which of the following Is the PRIMARY role of a security arc...; Question 102: In Disaster Recovery (DR) and business continuity training, ...; Question 103: Which of the following is a responsibility of the informatio...; Question 104: Which of the following is the BEST method to identify securi...; Question 105: Management has decided that a core application will be used ...; Question 106: Which of the following is a technique used by database manag...; Question 107: The Chief Information Security Officer (CISO) is concerned a...; Question 108: Which of the following techniques is MOST useful when dealin...; Question 109: During an internal audit of an organizational Information Se...; Question 110: A network administrator is configuring a database server and...; Question 111: Which of the following is an initial consideration when deve...; Question 112: What information will BEST assist security and financial ana...; Question 113: Which part of an Operating System (OS) is responsible for pr...; Question 114: Which of the following actions taken by an Intrusion Prevent...; Question 115: In the common criteria, which of the following is a formal d...; Question 116: Which of the following is the PRIMARY consideration when det...; Question 117: An organization's retail website provides its only source of...; Question 118: Which of the following is true of Service Organization Contr...; Question 119: Which of the following provides the MOST comprehensive filte...; Question 120: Which of the following is the MOST comprehensive Business Co...; Question 121: In order for application developers to detect potential vuln...; Question 122: A web-based application known to be susceptible to attacks i...; Question 123: Which of the following is a covert channel type?...; Question 124: Which of the following BEST describes what a company should ...; Question 125: A security audit identifies a vulnerability in a current rel...; Question 126: Which scenario would be an example of a risk associated with...; Question 127: Which of the following provides the GREATEST level of data s...; Question 128: Which security approach will BEST minimize Personally Identi...; Question 129: What principle requires that changes to the plaintext affect...; Question 130: Which of the following activities are part of the Build and ...; Question 131: An organization is the victim of a major data breach just on...; Question 132: A company developed a web application which is sold as a Sof...; Question 133: When evaluating third-party applications, which of the follo...; Question 134: Which of the following is MOST important when assigning owne...; Question 135: A project manager for a large software firm has acquired a g...; Question 136: Which of the following is the BEST method to perform an end-...; Question 137: Which of the following is the PRIMARY benefit of applying a ...; Question 138: An organization would like to store cryptographic keys on it...; Question 139: When conducting a remote access session using Internet Proto...; Question 140: Which of the following is the GREATEST security risk associa...; Question 141: Which of the following sets of controls should allow an inve...; Question 142: Who is responsible for classifying assists in an organizatio...; Question 143: Which of the following is the BEST reason to apply patches m...; Question 144: Which of the following is a Key Performance Indicator (KPI) ...; Question 145: From a security perspective, which of the following is a bes...; Question 146: Which of the following MUST a security policy include to be ...; Question 147: In which identity management process is the subject's identi...; Question 148: Which of the following is a direct monetary cost of a securi...; Question 149: An organization recently conducted a review of the security ...; Question 150: Which of the following are the three MAIN categories of secu...; Question 151: A security engineer is assigned to work with the patch and v...; Question 152: Which of the following problems is not addressed by using Op...; Question 153: Which of the following wireless security protocols presents ...; Question 154: What capability would typically be included in a commerciall...; Question 155: An organization would like to use Security Assertion Markup ...; Question 156: A breach investigation found a website was exploited through...; Question 157: The core component of Role Based Access control (RBAC) must ...; Question 158: Which of the following is an accurate statement when an asse...; Question 159: A hospital enforces the Code of Fair Information Practices. ...; Question 160: A security architect is reviewing an implemented security fr...; Question 161: An attack utilizing social engineering and a malicious Unifo...; Question 162: A developer is creating an application that requires secure ...; Question 163: Which of the following is the MAIN goal of a data retention ...; Question 164: A security engineer is tasked with implementing a new identi...; Question 165: What is the PRIMARY purpose of peer code reviews?...; Question 166: When assessing the audit capability of an application, which...; Question 167: In Session Layer of the Open System Interconnect (OSI) model...; Question 168: An Internet media company produces and broadcasts highly pop...; Question 169: Which of the following is the MOST secure protocol for zremo...; Question 170: An application developer receives a report back from the sec...; Question 171: When traveling to a region where the safety and security of ...; Question 172: An organization acquired used technological equipment. This ...; Question 173: Which of the following is the MOST appropriate technique for...; Question 174: Which of the following provides the MOST secure method for N...; Question 175: An unknown device is connected to the network environment. W...; Question 176: What would be the MOST cost effective solution for a Disaste...; Question 177: An employee's home address should be categorized according t...; Question 178: Why is data classification control important to an organizat...; Question 179: Access to which of the following is required to validate web...; Question 180: The application owner of a system that handles confidential ...; Question 181: When designing a vulnerability test, which one of the follow...; Question 182: Which of the following is a security feature of Global Syste...; Question 183: Which of the following features is MOST effective in mitigat...; Question 184: From a security perspective, which of the following assumpti...; Question 185: What is considered the BEST when determining whether to prov...; Question 186: A large human resources organization wants to integrate thei...; Question 187: Which of the following does Secure Sockets Layer (SSL) encry...; Question 188: At a MINIMUM, audits of permissions to individual or group a...; Question 189: What should be the FIRST action for a security administrator...; Question 190: Which of the following penetration testing techniques can di...; Question 191: Which of the following is an important requirement when desi...; Question 192: Why are mobile devices sometimes difficult to investigate in...; Question 193: When dealing with shared, privilaged accounts, especially th...; Question 194: What is the MAIN reason to ensure the appropriate retention ...; Question 195: Which of the following is a second optional use of Network A...; Question 196: Which of the following is used to detect steganography?...; Question 197: During the change management process, which of the following...; Question 198: What is the purpose of an Internet Protocol (IP) spoofing at...; Question 199: Which of the following objects should be removed FIRST prior...; Question 200: Which of the following is a common characteristic of privacy...; Question 201: An organization is in the process of developing a system to ...; Question 202: Transport Layer Security (TLS) provides which of the followi...; Question 203: Which of the following is an environmental security control ...; Question 204: Which of the following is a security weakness in the evaluat...; Question 205: An organization has experienced multiple distributed denial-...; Question 206: Which process compares its results against a standard to det...; Question 207: Refer to the information below to answer the question. A lar...; Question 208: How does a Host Based Intrusion Detection System (HIDS) iden...; Question 209: Which of the following is the BEST network defense against u...; Question 210: Which of the following is the MOST common method of memory p...; Question 211: Security Software Development Life Cycle (SDLC) expects appl...; Question 212: What Hypertext Transfer Protocol (HTTP) response header can ...; Question 213: An application developer is deciding on the amount of idle s...; Question 214: An audit requires that data must be deleted without remanenc...; Question 215: What is the term used to define where data is geographically...; Question 216: During a routine audit of network logs, the security adminis...; Question 217: Which of the following MUST be done when promoting a securit...; Question 218: What is the benefit of using Network Admission Control (NAC)...; Question 219: An access control list (ACL) on a router is a feature MOST s...; Question 220: A security professional determines that a number of outsourc...; Question 221: What is the MAIN purpose of a security assessment plan?...; Question 222: What is the FIRST step an organization should take if it is ...; Question 223: Functional security testing is MOST critical during which ph...; Question 224: Which of the following will allow the host system to check q...; Question 225: Which of the following traits are fundamental to Software De...; Question 226: Why are packet filtering routers used in low-risk environmen...; Question 227: The development team has been tasked with collecting data fr...; Question 228: The Rivest-Shamir-Adleman (RSA) algorithm is best suited for...; Question 229: When configuring Extensible Authentication Protocol (EAP) in...; Question 230: Which stage in the identity management (IdM) lifecycle const...; Question 231: Which of the following is the MAIN difference between a netw...; Question 232: Which of the following is most helpful in applying the princ...; Question 233: An organization allows ping traffic into and out of their ne...; Question 234: Which of the following MUST be considered when developing bu...; Question 235: What technology can be used to implement Single sign-On (SSO...; Question 236: What is the BEST way to encrypt web application communicatio...; Question 237: Which of the following should be the FIRST response to the d...; Question 238: What term is commonly used to describe hardware and software...; Question 239: A security practitioner has been tasked with establishing or...; Question 240: What should an auditor do when conducting a periodic audit o...; Question 241: A development operations team would like to start building n...; Question 242: Continuity of operations is BEST supported by which of the f...; Question 243: Which of the following is a strategy of grouping requirement...; Question 244: What are the three key benefits that application developers ...; Question 245: Which of the following is a best practice in a data handling...; Question 246: An organization wants to ensure that employees that move to ...; Question 247: Which of the following terms is used for online service prov...; Question 248: Which of the following is the FIRST control step in provisio...; Question 249: Which of the following is security control volatility?...; Question 250: Who should perform the design review to uncover security des...; Question 251: What can happen when an Intrusion Detection System (IDS) is ...; Question 252: Which of the following is a key responsibility for a data st...; Question 253: A security professional has been assigned to assess a web ap...; Question 254: What is the MAXIMUM number of host addresses available in a ...; Question 255: An organization is planning to have an it audit of its as a ...; Question 256: In which of the following programs is it MOST important to i...; Question 257: What is the MOST important consideration from a data securit...; Question 258: Which of the fallowing is the FIRST step in a patch manageme...; Question 259: What is the MOST efficient way to verify the integrity of da...; Question 260: Which of the following activities is MOST likely to be perfo...; Question 261: What is the BEST reason to include supply chain risks in a c...; Question 262: Which of the following is the PRIMARY objective of performin...; Question 263: The organization would like to deploy an authorization mecha...; Question 264: Physical assets defined in an organization's Business Impact...; Question 265: Which of the following is the MOST crucial for a successful ...; Question 266: A company needs to provide shared access of sensitive data o...; Question 267: When transmitting data over Unshielded Twisted Pair (UTP)cab...; Question 268: The security team has been tasked with performing an interfa...; Question 269: Which of the following purging methods will allow the full d...; Question 270: When investigating a possible cybercrime, which of the follo...; Question 271: Which of the following is the BEST way to mitigate circumven...; Question 272: When implementing a data classification program, why is it i...; Question 273: Which of the following countermeasures is the MOST effective...; Question 274: A security professional recommends that a company integrate ...; Question 275: Which of the following is the primary advantage of segmentin...; Question 276: What should be the FIRST action to protect the chain of evid...; Question 277: Which of the following would be the BEST mitigation practice...; Question 278: What does a Synchronous (SYN) flood attack do?...; Question 279: An organization is outsourcing its payroll system and is req...; Question 280: Which of the following is critical if an employee is dismiss...; Question 281: What is static analysis intended to do when analyzing an exe...; Question 282: Individuls have been identified and determined as having a n...; Question 283: An organization is looking to include mobile devices in its ...; Question 284: With data labeling, which of the following MUST be the key d...; Question 285: Which of the following is recommended to establish repeatabl...; Question 286: Which of the following methods of suppressing a fire is envi...; Question 287: A large organization's human resources and security teams ar...; Question 288: Which statement describes the differences between the synchr...; Question 289: Which of the following would MINIMIZE the ability of an atta...; Question 290: Which of the following explains why classifying data is an i...; Question 291: Network-based logging has which advantage over host-based lo...; Question 292: Which of the following is a common feature of an Identity as...; Question 293: What does the term "100-year floodplain" mean to emergency p...; Question 294: Which of the following is the PRIMARY benefit of a formalize...; Question 295: Which of the following phases involves researching a target'...; Question 296: Which of the following is an important design feature for th...; Question 297: What is the PRIMARY goal of fault tolerance?...; Question 298: Which of the following is a method used to prevent Structure...; Question 299: Which of the following risks could occur with an external en...; Question 300: Upon commencement of an audit within an organization, which ...; Question 301: Which of the following buffers is employed to isolate traffi...; Question 302: What is the BEST way that a closed-circuit television (CCTV)...; Question 303: What is a warn site when conducting Business continuity plan...; Question 304: Continuity of operations is BEST supported by which of the f...; Question 305: What part of an organization's strategic risk assessment MOS...; Question 306: Which of the following BEST describes when an organization s...; Question 307: A security professional can BEST mitigate the risk of using ...; Question 308: A thorough review of an organization's audit logs finds that...; Question 309: What does the result of Cost-Benefit Analysis (C8A) on new s...; Question 310: The European Union (EU) General Data Protection Regulation (...; Question 311: In the last 15 years a company has experienced three electri...; Question 312: Which of the following is the PRIMARY purpose of routinely t...; Question 313: What are the roles within a scrum methodology?...; Question 314: Which of the following is the MOST common use of the Online ...; Question 315: What testing method MOST efficiently identifies how code wil...; Question 316: In a change-controlled environment, which of the following i...; Question 317: A hospital's building controls system monitors and operates ...; Question 318: An organization is setting a security assessment scope with ...; Question 319: Drag and Drop Question Given a file containing ordered numbe...; Question 320: To ensure proper governance of information throughout the li...; Question 321: A security engineer is designing a Customer Relationship Man...; Question 322: What is the MOST important criterion that needs to be adhere...; Question 323: When can a security program be considered effective?...; Question 324: Point-to-Point Protocol (PPP) was designed to specifically a...; Question 325: Which of the following is a weakness of the Data Encryption ...; Question 326: The ability to send malicious code, generally in the form of...; Question 327: Which of the following is the BEST definition of Cross-Site ...; Question 328: When considering a VPN solution, what possible disadvantage ...; Question 329: An application is used for funds transfer between an organiz...; Question 330: Which of the following BEST describes the objectives of the ...; Question 331: Which of the following can a system administrator do to impr...; Question 332: A new internal auditor is tasked with auditing the supply ch...; Question 333: The adoption of an enterprise-wide Business Continuity (BC) ...; Question 334: How should the retention period for an organization's social...; Question 335: Which of the following BEST describes the use of network arc...; Question 336: What is the MAIN purpose for writing planned procedures in t...; Question 337: A software development company has a short timeline in which...; Question 338: A cybersecurity engineer has been tasked to research and imp...; Question 339: Which of the following media sanitization techniques is MOST...; Question 340: An Information Technology (IT) professional attends a cybers...; Question 341: Which of the following is the MOST important information in ...; Question 342: Information security metrics provide the GREATEST to managem...; Question 343: What requirement MUST be met during internal security audits...; Question 344: Which of the following was the first version of the Network ...; Question 345: Which of the following is the BEST approach for a forensic e...; Question 346: An employee of a retail company has been granted an extended...; Question 347: Which element of software supply chain management has the GR...; Question 348: Which of the following is FIRST defined in a company's data ...; Question 349: Which of the following secure design principles would be rec...; Question 350: Security categorization of a new system takes place during w...; Question 351: Which type of test suite should be run for fast feedback dur...; Question 352: An Intrusion Detection System (IDS) has recently been deploy...; Question 353: In an IDEAL encryption system, who has sole access to the de...; Question 354: A patch for a third-party software product has been released...; Question 355: Which of the following techniques BEST prevents buffer overf...; Question 356: In an environment where there is not full administrative con...; Question 357: Which security architecture strategy could be applied to sec...; Question 358: In which of the following phases in the change management pr...; Question 359: A retail company is looking to start a development project t...; Question 360: Organization A is adding a large collection of confidential ...; Question 361: Which of the following initiates the system recovery phase o...; Question 362: A company is preparing to migrate part of its applications t...; Question 363: During a Disaster Recovery (DR) assessment, additional cover...; Question 364: Which of the following MUST the administrator of a security ...; Question 365: Which attack defines a piece of code that is inserted into s...; Question 366: Which of the following is required to perform brute force pa...; Question 367: A control to protect from a Denial-of-Service (DoS) attach h...; Question 368: Which of the following encryption types is used in Hash Mess...; Question 369: Which testing method requires very limited or no information...; Question 370: Which of the following is the reason that transposition ciph...; Question 371: Which of the following is a possible advantage of manual vul...; Question 372: Which of the following authorization standards is built to h...; Question 373: Which of the following methods of suppressing a fire is envi...; Question 374: For cellular networks, how does a rogue base station take ad...; Question 375: An organization has implemented a new backup process which p...; Question 376: The MAIN purpose of placing a tamper seal on a computer syst...; Question 377: In Identity Management (IdM), when is the verification stage...; Question 378: Which type of security control is used to establish the limi...; Question 379: A vulnerability test on an Information System (IS) is conduc...; Question 380: Which asset tracking method is MOST secure and cost-effectiv...; Question 381: Which of the following is the FIRST requirement a data owner...; Question 382: Which of the following is the MAIN benefit of a comprehensiv...; Question 383: Which of the Following is designed to resolve differences in...; Question 384: Which of the following is the MOST important consideration t...; Question 385: An organization discovers that its Secure File Transfer Prot...; Question 386: What is the MAIN objective of risk analysis in Disaster Reco...; Question 387: Which of the following is the BEST method to validate secure...; Question 388: A MAJOR security flaw with Voice over Internet Protocol (VoI...; Question 389: What is the MOST important element when considering the effe...; Question 390: How long should the records on a project be retained?...; Question 391: Along with detection, which of the following security strate...; Question 392: Which of the following is mobile device remote fingerprintin...; Question 393: What BEST describes data ownership?...; Question 394: What is the MOST important standard control process to follo...; Question 395: Which of the following is the MOST important consideration w...; Question 396: Which of the following benefits does Role Based Access Contr...; Question 397: Which of the following is the BEST technique to facilitate s...; Question 398: Computer forensics requires which of the following MAIN step...; Question 399: Which of the following is the PRIMARY type of cryptography r...; Question 400: A security professional needs to find a secure and efficient...; Question 401: According to the Capability Maturity Model Integration (CMMI...; Question 402: Which of the following statements BEST describes least privi...; Question 403: Why is planning the MOST critical phase of a Role Based Acce...; Question 404: An organization that has achieved a Capability Maturity Mode...; Question 405: Which of the following principles is intended to produce inf...; Question 406: The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for...; Question 407: Which of the following is a strong security protection provi...; Question 408: Which function does 802.1X provide?...; Question 409: Which of the following is included in the Global System for ...; Question 410: When a system changes significantly, who is PRIMARILY respon...; Question 411: Which of the following vulnerability assessment activities B...; Question 412: What is the Best approach for maintaining ethics when a secu...; Question 413: Which of the following BEST exemplifies the use of Mandatory...; Question 414: Which of the following initiates the systems recovery phase ...; Question 415: A software development company found odd behavior in some re...; Question 416: A company wants to buy a Commercial ff-The-Shelf (CTS) appli...; Question 417: Which of the following is primarily responsible for deciding...; Question 418: What is the primary purpose of the stakeholder needs and req...; Question 419: Which of the following management processes allots ONLY thos...; Question 420: Mobile devices are MOST susceptible to which of the followin...; Question 421: Which of the following needs to be included in order for Hig...; Question 422: Why Is It important to have a comprehensive inventory of Inf...; Question 423: Which security service is served by the process of encryptio...; Question 424: Who is primarily responsible to review analyzed reports resu...; Question 425: What are the steps of a risk assessment?...; Question 426: What MUST each information owner do when a system contains d...; Question 427: Which of the following is a common term for log reviews, syn...; Question 428: Which of the following contributes MOST to the effectiveness...; Question 429: Which of the following should be done at a disaster site bef...; Question 430: Physical Access Control Systems (PACS) allow authorized secu...; Question 431: What is the PRIMARY purpose of auditing, as it relates to th...; Question 432: A developer begins employment with an information technology...; Question 433: Who is responsible for the protection of information when it...; Question 434: Which of the following BEST describes the standard used to e...; Question 435: Trust relationships between organizations can BEST be mainta...; Question 436: Which of the following is the BEST method a security practit...; Question 437: A customer continues to experience attacks on their email, w...; Question 438: If the wide area network (WAN) is supporting converged appli...; Question 439: Which layer of the Open systems Interconnection (OSI) model ...; Question 440: Which of the following options is the best to provide remote...; Question 441: A retail company suffered a ransomware attack that compromis...; Question 442: Which of the following is the final phase of the identity an...; Question 443: If Disaster Recovery Plan (DRP) testing is to be done annual...; Question 444: Which of the following is an advantage of' Secure Shell (SSH...; Question 445: Where would an organization typically place an endpoint secu...; Question 446: Email credentials were stolen when a user clicked on a link ...; Question 447: After the INITIAL input of a user identification (ID) and pa...; Question 448: Which of the following is a unique feature of Attribute Base...; Question 449: When recovering from an outage, what is the Recovery Point O...; Question 450: An organization has requested storage area network (SAN) dis...; Question 451: What is the MOST common component of a vulnerability managem...; Question 452: Which of the following factors should be considered characte...; Question 453: Which of the following is the PRIMARY risk associated with E...; Question 454: A recent security audit is reporting several unsuccessful lo...; Question 455: The PRIMARY outcome of a certification process is that it pr...; Question 456: Why might a network administrator choose distributed virtual...; Question 457: An application relies on untrusted user input and permits an...; Question 458: In the Software Development Life Cycle (SDLC), maintaining a...; Question 459: What security principle addresses the issue of "Security by ...; Question 460: Which of the following is the PRIMARY benefit of implementin...; Question 461: What industry-recognized document could be used as a baselin...; Question 462: Why would an administrator use a Trusted platform Module (TP...; Question 463: Which of the following is the MOST important output from a m...; Question 464: Which one of the following describes granularity?...; Question 465: Which of the following factors contributes to the weakness o...; Question 466: The defense strategy "never trust any input" is MOST effecti...; Question 467: Which of the following best practices mitigates the risk of ...; Question 468: Which application type is considered high risk and provides ...; Question 469: In which phase of the four-stage penetration methodology is ...; Question 470: A developer creates an application to be distributed worldwi...; Question 471: Which is the second phase of public key Infrastructure (pk1)...; Question 472: Of the following, which BEST provides non-repudiation with r...; Question 473: A corporation does not have a formal data destruction policy...; Question 474: A project requires the use of en authentication mechanism wh...; Question 475: Which of the following MUST be included in a fully functiona...; Question 476: Which of the following is a security limitation of File Tran...; Question 477: Which of the following processes is BEST used to determine t...; Question 478: A security team member was selected as a member of a Change ...; Question 479: Which of the following provides for the STRONGEST protection...; Question 480: What is the second step in the identity and access provision...; Question 481: For the purpose of classification, which of the following is...; Question 482: Which of the following is the MOST important first step in p...; Question 483: Which of the following is the primary security consideration...; Question 484: Which of the following is a PRIMARY advantage of using a thi...; Question 485: An Information Technology [IT) manager has learned that vend...; Question 486: When adopting software as a service (Saas), which security r...; Question 487: The Secure Shell (SSH) version 2 protocol supports....; Question 488: Which of the following is the MAIN benefit of off-site stora...; Question 489: An organization would like to implement an authorization mec...; Question 490: An organization operates a legacy Industrial Control System ...; Question 491: What is the benefit of an operating system (OS) feature that...; Question 492: Which one of the following data integrity models assumes a l...; Question 493: Which of the following controls is the most for a system ide...; Question 494: The security organization is loading for a solution that cou...; Question 495: What is the MOST effective way an organization ensures that ...; Question 496: A security practitioner needs to implement a solution to ver...; Question 497: Which of the following BEST describes an attack on session m...; Question 498: During a recent assessment an organization has discovered th...; Question 499: From a cryptographic perspective, the service of non-repudia...; Question 500: Which of the following is a safeguard that could be used to ...; Question 501: What is a use for mandatory access control (MAC)?...; Question 502: Which of the following is the PRIMARY reason Android devices...; Question 503: Which of the following needs to be taken into account when a...; Question 504: The four basic principles of Kerberos are?...; Question 505: Which security feature fully encrypts code and data as it pa...; Question 506: Which of the following is a process in the access provisioni...; Question 507: Which of the following design elements are included in Opera...; Question 508: An organization is implementing a bring your own device (BYO...; Question 509: What should be the FIRST action for a security administrator...; Question 510: A data owner determines the appropriate job-based access for...; Question 511: During a Disaster Recovery (DR) simulation, it is discovered...; Question 512: Which of the following is a security limitation of File Tran...; Question 513: An input validation and exception handling vulnerability has...; Question 514: An organization is considering outsourcing applications and ...; Question 515: Two remote offices need to be connected securely over an unt...; Question 516: Risk based internal audit (RBIA) of an organization must be ...; Question 517: An organization needs to evaluate the effectiveness of secur...; Question 518: A system administration office desires to implement the foll...; Question 519: A large manufacturing organization arranges to buy an indust...; Question 520: A security consultant is asked to make recommendations for a...; Question 521: During a penetration test, an assessor has difficulty findin...; Question 522: Which of the following is a best practice in a data handling...; Question 523: Which concept might require users to use a second access tok...; Question 524: Why is lexical obfuscation in software development discourag...; Question 525: Which of the following is a MAJOR consideration in implement...; Question 526: When conveying the results of a security assessment, which o...; Question 527: Which of the following is the MOST effective way to ensure t...; Question 528: Which of the following combinations would MOST negatively af...; Question 529: As a best practice, the Security Assessment Report (SAR) sho...; Question 530: Which of the following goals represents a modern shift in ri...; Question 531: Which of the following attack types can be used to compromis...; Question 532: "Stateful" differs from "Static" packet filtering firewalls ...; Question 533: What is the MOST significant benefit of role-based access co...; Question 534: Within a large organization, what business unit is BEST posi...; Question 535: Which of the following is a PRIMARY challenge when running a...; Question 536: Which of the following is the strongest physical access cont...; Question 537: Which is the FIRST type of Business Continuity (BC) test tha...; Question 538: Which of the following is the MOST common cause of system or...; Question 539: Which of the following is the BEST reason to apply patches m...; Question 540: Which of the following should ALWAYS be included in audit re...; Question 541: Which of the following is the key requirement for test resul...; Question 542: When participating in a forensic investigation, who should b...; Question 543: What is the FIRST step in developing a patch management plan...; Question 544: As part of the security assessment plan, the security profes...; Question 545: Compared with hardware cryptography, software cryptography i...; Question 546: In order for application developers to detect potential vuln...; Question 547: An organization needs to implement media encryption for a la...; Question 548: Security personnel should be trained by emergency management...; Question 549: Which of the following is the BEST method for meeting a requ...; Question 550: Which of the following actions should be performed immediate...; Question 551: Which of the following is an effective control in preventing...; Question 552: Which of the following is the last-mile reliability of plain...; Question 553: When developing the entitlement review process, which of the...; Question 554: Compared with hardware cryptography, software cryptography i...; Question 555: Which of the following does the security design process ensu...; Question 556: It is better to use Elliptic Curve Cryptography (ECC) instea...; Question 557: Which of the following factors would MOST likely cause a sec...; Question 558: What is the process of removing sensitive data from a system...; Question 559: A company is concerned that its employees may come under thr...; Question 560: The security architect is designing and implementing an inte...; Question 561: Which of the following is a correct feature of a virtual loc...; Question 562: An organization with divisions in the United States (US) and...; Question 563: Which of the following BEST describes Recovery Time Objectiv...; Question 564: Directive controls are a form of change management policy an...; Question 565: Which dynamic routing protocol is BEST suited for a disperse...; Question 566: Which of the following kind of attacks uses e-mail or websit...; Question 567: Which of the following has the responsibility of information...; Question 568: A software developer installs a game on their organization-p...; Question 569: Which of the following is key when assessing weaknesses in a...; Question 570: What PRIMARY role does a honey pot play in overall security?...; Question 571: During which of the following processes is least privilege i...; Question 572: Which of the following is the MOST important consideration i...; Question 573: Which of the following access control mechanisms characteriz...; Question 574: In which of the following system life cycle processes should...; Question 575: Which type of test would an organization perform in order to...; Question 576: Which of the following significantly influences the level of...; Question 577: What is a common mistake in records retention?...; Question 578: How should an organization determine the priority of its rem...; Question 579: Which of the following is the BEST way to determine the succ...; Question 580: An information security audit identifies that there are open...; Question 581: An organization provides its employees with laptops they can...; Question 582: Which of the following is used to support the of defense in ...; Question 583: Which Open Systems Interconnection (OSI) layer(s) BEST corre...; Question 584: If virus infection is suspected, which of the following is t...; Question 585: When using Generic Routing Encapsulation (GRE) tunneling ove...; Question 586: What security technique in the Software Development Life Cyc...; Question 587: Which of the following is responsible for establishing an en...; Question 588: With what frequency should monitoring of a control occur whe...; Question 589: An organization has discovered that users are visiting unaut...; Question 590: What is the MAIN goal of information security awareness and ...; Question 591: Which component of the Security Content Automation Protocol ...; Question 592: Which of the following uses the destination IP address to fo...; Question 593: Which one of the following is an advantage of an effective r...; Question 594: A colleague who recently left the organization asked a secur...; Question 595: Which of the following is key when assessing weakness in aut...; Question 596: What is the MAIN benefit of change management in an applicat...; Question 597: In regard to multimedia files, which Digital Rights Manageme...; Question 598: As a design principle, which one of the following actors is ...; Question 599: What is the PRIMARY purpose of the identification phase of t...; Question 600: Which of the following is a secure design principle for a ne...; Question 601: What operations role is responsible for protecting the enter...; Question 602: An organization has implemented a password complexity and an...; Question 603: Which Redundant Array c/ Independent Disks (RAID) Level does...; Question 604: Which of the following is required to verify the authenticit...; Question 605: In the Open System Interconnection (OSI) reference model, wh...; Question 606: Which of the following s the MAIN security benefit of having...; Question 607: Which of the following kinds of program should organizations...; Question 608: An established information technology (IT) consulting firm i...; Question 609: The MAIN task of promoting security for Personal Computers (...; Question 610: Which of the following areas need a higher level of security...; Question 611: A security practitioner is tasked with securing the organiza...; Question 612: A security practitioner detects an Endpoint attack on the or...; Question 613: Which of the following will have the MOST influence on the d...; Question 614: What is the PRIMARY benefit of analyzing the partition layou...; Question 615: Which of the following statements is TRUE regarding equivale...; Question 616: If a security practitioner needs to recover the password sto...; Question 617: What is a common reason for implementing fine-grained segmen...; Question 618: Refer to the information below to answer the question. An or...; Question 619: Drag and Drop Question What is the correct order of steps in...; Question 620: An organization's Information Technology (IT) group has just...; Question 621: What protocol is often used between gateway hosts on the Int...; Question 622: An organization has detected that the contents of a static t...; Question 623: What is the common mistake in records retention?...; Question 624: Which of the below strategies would MOST comprehensively add...; Question 625: Which of the following is the weakest form of protection for...; Question 626: Which of the following would be the MOST severe impact to ac...; Question 627: What is the BEST defense against an unauthorized sniffer on ...; Question 628: If a content management system (CMC) is implemented, which o...; Question 629: Which of the following actions MUST be performed when using ...; Question 630: A user downloads a file from the Internet, then applies the ...; Question 631: Which of the following is the BEST method for authenticating...; Question 632: Change the management is critical to the patch management We...; Question 633: Which of the following MOST applies to session initiation pr...; Question 634: Which of the following addresses requirements of security as...; Question 635: Which of the following describes a required dependency found...; Question 636: Which of the following is a peor entity authentication metho...; Question 637: Who should formulate conclusions from a particular digital f...; Question 638: Which of the following is the MOST effective countermeasure ...; Question 639: An internal audit for an organization recently identified ma...; Question 640: What is the MOST effective way to determine a mission critic...; Question 641: Which of the following is the FIRST step in the incident res...; Question 642: While dealing with the consequences of a security incident, ...; Question 643: What is the PRIMARY advantage of using automated application...; Question 644: An organization has discovered that organizational data is p...; Question 645: Directive controls are a form of change management policy an...; Question 646: A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) ...; Question 647: Where can the Open Web Application Security Project (OWASP) ...; Question 648: A security architect is developing an information system for...; Question 649: What is the PRIMARY objective of an application security ass...; Question 650: Which of the following would be the FIRST step to take when ...; Question 651: Which one of the following considerations has the LEAST impa...; Question 652: Which of the following processes has the PRIMARY purpose of ...; Question 653: A chemical plan wants to upgrade the Industrial Control Syst...; Question 654: Which of the following technologies is the BEST measure to p...; Question 655: When designing on Occupent Emergency plan (OEP) for United s...; Question 656: A client has reviewed a vulnerability assessment report and ...; Question 657: Company A acquired company B in a merger. Company A immediat...; Question 658: Which step of the Risk Management Framework (RMF) identifies...; Question 659: Which of the following is the weakest form of protection for...; Question 660: Which of the following is the MOST effective practice in man...; Question 661: Which Wide Area Network (WAN) technology requires the first ...; Question 662: An engineer notices some late collisions on a half-duplex li...; Question 663: An organization purchased a commercial off-the-shelf (COTS) ...; Question 664: After learning that the security budget will decrease in the...; Question 665: Which of the following is the MOST important consideration i...; Question 666: What is the FIRST step in risk management?...; Question 667: Which of the following actions should be taken by a security...; Question 668: What is a consideration when determining the potential impac...; Question 669: What is the correct order of execution for security architec...; Question 670: A security practitioner has just been assigned to address an...; Question 671: Which of the following routing protocols is used to exchange...; Question 672: A company has purchased a new building and is working with c...; Question 673: When collecting a raw dump of physical memory, when should t...; Question 674: A company receives an email threat informing of an Imminent ...; Question 675: While performing a security review for a new product, an inf...; Question 676: What is the FIRST step required in establishing a records re...; Question 677: Which of the following phrases involves researching a target...; Question 678: During the Security Assessment and Authorization process, wh...; Question 679: What is the PRIMARY responsibility of a data owner?...; Question 680: Which of the following components of the Content Distributio...; Question 681: A software developer wishes to write code that will execute ...; Question 682: Once the types of information have been identified, who shou...; Question 683: From a security perspective, which of the following is a bes...; Question 684: What is the MOST effective way to ensure that a cloud servic...; Question 685: Which of the following would need to be configured to ensure...; Question 686: A Virtual Machine (VM) environment has five guest Operating ...; Question 687: A company-wide penetration test result shows customers could...; Question 688: Which of the following is a benefit of implementing data-in-...; Question 689: What is a key component of the Common Criteria (CC) evaluati...; Question 690: Which one of the following can be used to detect an anomaly ...; Question 691: When dealing with compliance with the Payment card Industry ...; Question 692: What is a characteristic of Secure Socket Layer (SSL) and Tr...; Question 693: Information security practitioners are in the midst of imple...; Question 694: What High Availability (HA) option of database allow multipl...; Question 695: An online retail company has formulated a record retention s...; Question 696: An organization decides to create a team to define its new c...; Question 697: Which of the following is the BEST approach to mitigate all ...; Question 698: What is the MOST effective way to protect privacy?...; Question 699: Which factors MUST be considered when classifying informatio...; Question 700: Which of the following is used to support the concept of def...; Question 701: What is the PRIMARY purpose of creating and reporting metric...; Question 702: Which of the following is the MOST relevant risk indicator a...; Question 703: Which of the following is the MOST likely reason a Human Res...; Question 704: The Transmission Control Protocol (TCP) three-way handshake ...; Question 705: Why should Open Wab Application Secuirty Project (OWASP) App...; Question 706: An organization wants to define its physical perimeter. What...; Question 707: Sensitive customer data is going to be added to a database. ...; Question 708: What is the foundation of cryptographic functions?...; Question 709: In order to support the least privilege security principle w...; Question 710: Which of the following is a vulnerability in Public Key Cryp...; Question 711: A Chief Information Officer (CIO) has delegated responsibili...; Question 712: In a DevOps environment, which of the following actions is M...; Question 713: Which of the following questions will be addressed through t...; Question 714: Which of the following is the PRIMARY reason to perform regu...; Question 715: Which of the following is one of the key objectives regardin...; Question 716: Which of the following is a process in the access provisioni...; Question 717: Building blocks for software-defined networks (SDN) require ...; Question 718: A hospital has allowed virtual private networking (VPN) acce...; Question 719: Which of the following statements is TRUE regarding state-ba...; Question 720: Which of the following media is least problematic with data ...; Question 721: Which of the following BEST obtains an objective audit of se...; Question 722: An organization is found lacking the ability to properly est...; Question 723: Why do organizations perform rotating backups?...; Question 724: What is the FIRST step for an organization to take before al...; Question 725: Which of the following examples is BEST to minimize the atta...; Question 726: Single sign-on (SSO) for federated identity management (FIM)...; Question 727: A post-implementation review has identified that the Voice O...; Question 728: Which of the following is the BEST action while reviewing re...; Question 729: A company was ranked as high in the following National Insti...; Question 730: A security analyst has been asked to participate in a threat...; Question 731: Which of the following is MOST useful for determining whethe...; Question 732: Which of the following models uses unique groups contained i...; Question 733: Lack of which of the following options could cause a negativ...; Question 734: Internet protocol security (IPSec), point-to-point tunneling...; Question 735: What is the motivation for use of the Online Certificate Sta...; Question 736: Which of the following types of hosts should be operating in...; Question 737: At which layer of the Open Systems Interconnect (OSI) model ...; Question 738: What is the GREATEST challenge of an agent based patch manag...; Question 739: Which is the MOST important consideration for a policy safeg...; Question 740: What is the HIGHEST priority in agile development?...; Question 741: With regards to physical security, what is the MOST critical...; Question 742: Which of the following is a characteristic of an operating s...; Question 743: Change management policies and procedures belong to which of...; Question 744: When conducting a forensic criminal investigation on a compu...; Question 745: Compared to a traditional network, which of the following is...; Question 746: When developing an information security policy, why is it BE...; Question 747: A cloud hosting provider would like to provide a Service Org...; Question 748: The goal of a Business Impact Analysis (BIA) is to determine...; Question 749: An Information System Security Officer (ISSO) employed by a ...; Question 750: What protocol is often used between gateway hosts on the Int...; Question 751: An organization wants to implement a security service that a...; Question 752: Which of the following processes is used to align security c...; Question 753: In an organization where Network Access Control (NAC) has be...; Question 754: Which layer of the Open System Interconnection (OSI) model i...; Question 755: Which of the following mechanisms will BEST prevent a Cross-...; Question 756: An enterprise is developing a baseline cybersecurity standar...; Question 757: Which of the following would an internal technical security ...; Question 758: Which of the following would be the BEST guideline to follow...; Question 759: An organization regularly conducts its own penetration tests...; Question 760: Which of the following methods protects Personally Identifia...; Question 761: An effective information security strategy is PRIMARILY base...; Question 762: What is the FIRST step when developing an Information Securi...; Question 763: An organization is required to comply with a new privacy reg...; Question 764: Which one of the following affects the classification of dat...; Question 765: A user downloads a file from the Internet, then applies the ...; Question 766: Which of the following types of business continuity tests in...; Question 767: How is supply chain risk determined?...; Question 768: Security issues with shared push-button combination lock dev...; Question 769: Users require access rights that allow them to view the aver...; Question 770: What can an Internet Service Provider (ISP) use to authentic...; Question 771: What is the MAIN purpose of conducting a business impact ana...; Question 772: Which of the following is MOST important when deploying digi...; Question 773: Clothing retailer employees are provisioned with user accoun...; Question 774: Which of the following BEST describes why physical data cent...; Question 775: Which of the following is a benefit in implementing an enter...; Question 776: Which of the following is PRIMARILY adopted for ensuring the...; Question 777: Which of the following is the MOST important reason for usin...; Question 778: In a multi-tenant cloud environment, what approach will secu...; Question 779: Which of the following is a characteristic of a challenge/re...; Question 780: The type of authorized interactions a subject can have with ...; Question 781: Which of the following is MOST effective method of defending...; Question 782: One of Canada's leading pharmaceutical firms recently hired ...; Question 783: What Service Organization Controls (SOC) report can be freel...; Question 784: To monitor the security of buried data lines inside the peri...; Question 785: A vulnerability assessment report has been submitted to a cl...; Question 786: What is the PRIMARY purpose for an organization to conduct a...; Question 787: Which of the following terms is used to describe original, u...; Question 788: A small office is running WiFi 4 APs, and neighboring office...; Question 789: A fiber link connecting two campus networks is broken. Which...; Question 790: Which of the following aspects in an asset table is the MOST...; Question 791: During a disruptive event, which security continuity objecti...; Question 792: Which of the following are common components of a Security A...; Question 793: What would be the BEST action to take in a situation where c...; Question 794: In which process MUST security be considered during the acqu...; Question 795: Which of the following BEST describles a protection profile ...; Question 796: Which of the following is the PRIMARY purpose of installing ...

Question 7/796

LEAVE A REPLY

Download PDF File