CISSP Exam Dumps | When dealing with compliance with the Payment card Industry Data Security standard (PCI- DSS), an organization

<< Prev Question Next Question >>

Question 691/796

When dealing with compliance with the Payment card Industry Data Security standard (PCI- DSS), an organization that shares card holder information with a service provider MUST do which of?

A. Perform a service provider PCI-DSS assessment on a yearly basis.

B. Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly basis.

C. Validate the service provider's PCI-DSS compliance status on a regular basis.

D. Validate that the service providers security policies are in alignment with those of the organization.

Question List (796q): Question 1: What is the MAIN purpose of a bastion host?...; Question 2: An organization is implementing data encryption using symmet...; Question 3: Which of the following is a characteristic of the independen...; Question 4: Data remanence is the biggest threat in which of the followi...; Question 5: An organization discovers that its Secure File Transfer Prot...; Question 6: In developing a Disaster Recovery Plan (DRP), the FIRST step...; Question 7: A security professional in an enterprise organization is eva...; Question 8: Which of the following has the GREATEST Impact on an organiz...; Question 9: Which of the following departments initiates the request, ap...; Question 10: What is the PRIMARY reason for aligning a security program w...; Question 11: Which of the following is a document that identifies each it...; Question 12: Unused space in a disk cluster is important in media analysi...; Question 13: The initial security categorization should be done early in ...; Question 14: When developing an electronic health record (EHR) in the Uni...; Question 15: Which of the following is considered best practice for preve...; Question 16: A company is enrolled in a hard drive reuse program where de...; Question 17: A company has decided that they need to begin maintaining as...; Question 18: Which is the FIRST action the Incident Response team should ...; Question 19: Which of the following is the MOST effective countermeasure ...; Question 20: An organization is building an enterprise system using attri...; Question 21: Which of the following is the GREATEST risk of relying only ...; Question 22: When performing forensics, which of the following should be ...; Question 23: Which of the following aspects of physical security presents...; Question 24: An organization implements a remote access server (RAS), Onc...; Question 25: Which of the following is the PRIMARY goal of logical access...; Question 26: Individual access to a network is BEST determined based on...; Question 27: Which following data backup methods provides fast recovery t...; Question 28: Which of the following is MOST appropriate for protecting co...; Question 29: The principle that personally identifiable information (PII)...; Question 30: Which reporting type requires a service organization to desc...; Question 31: An attacker has compromised an application by enumerating us...; Question 32: After a breach incident, investigators narrowed the attack t...; Question 33: Which of the following would qualify as an exception to the ...; Question 34: Which of the following secure transport protocols is often u...; Question 35: The security team is notified that a device on the network i...; Question 36: When determining data and information asset handling, regard...; Question 37: Which of the following makes smartphones particularly vulner...; Question 38: An organization plans to acquire @ commercial off-the-shelf ...; Question 39: An organization is awarded a software engineering institute ...; Question 40: Commercial off-the-shelf (COTS) software presents which of t...; Question 41: What is the BEST method to ensure the integrity of physical ...; Question 42: An organization needs a general purpose document to prove th...; Question 43: A recent information security risk assessment identified wea...; Question 44: When MUST an organization's information security strategic p...; Question 45: A Distributed Denial of Service (DDoS) attack was carried ou...; Question 46: Which of the following is fundamentally required to address ...; Question 47: An internal Service level agreement (SLA) covering security ...; Question 48: A new site's gateway isn't able to form a tunnel to the exis...; Question 49: An authentication system that uses challenge and response wa...; Question 50: Which of the following media is LEAST problematic with data ...; Question 51: Mapping out all functionality and features to their associat...; Question 52: A vehicle of a private courier company that transports backu...; Question 53: Between which pair of Open System Interconnection (OSI) Refe...; Question 54: Which of the following is a characteristic of the independen...; Question 55: Secure coding can be developed by applying which one of the ...; Question 56: A security architect is responsible for the protection of a ...; Question 57: Which of the following adds end-to-end security inside a Lay...; Question 58: Which is the MOST effective countermeasure to prevent electr...; Question 59: What steps can be taken to prepare personally identifiable i...; Question 60: Which of the following MUST be done before a digital forensi...; Question 61: In a disaster recovery (DR) test, which of the following wou...; Question 62: Which of the following would BEST support effective testing ...; Question 63: Which of the following is the FIRST step an organization's s...; Question 64: Asymmetric algorithms are used for which of the following wh...; Question 65: The Security Content Automation Protocol (SCAP) framework us...; Question 66: The design of a secured physical facility starts with identi...; Question 67: Which inherent password weakness does a One Time Password (O...; Question 68: An organization is planning a penetration test that simulate...; Question 69: Why is it important that senior management clearly communica...; Question 70: From an asset security perspective, what is the BEST counter...; Question 71: Which of the following is the MOST effective corrective cont...; Question 72: Information Security Continuous Monitoring (1SCM) is defined...; Question 73: What documentation is produced FIRST when performing an effe...; Question 74: Which of the following system security measures is required ...; Question 75: Which of the following assessment metrics is BEST used to un...; Question 76: A hospital has three data classification levels: shareable w...; Question 77: The adoption of an enterprise-wide business continuilty prog...; Question 78: An analysis finds unusual activity coming from a computer th...; Question 79: Which of the following will an organization's network vulner...; Question 80: The quality assurance (QA) department is short-staffed and i...; Question 81: Two computers, each with a single connection on the same phy...; Question 82: Which of the fallowing statements is MOST accurate regarding...; Question 83: Which of the following encryption technologies is based on t...; Question 84: Which of the following are key activities when conducting a ...; Question 85: Which of the following is a major component of the federated...; Question 86: A security professional should consider the protection of wh...; Question 87: What does electronic vaulting accomplish?...; Question 88: A large organization is conducting an internal audit of tech...; Question 89: The core component of Role Based Access Control (RBAC) must ...; Question 90: Which of the following is the PRIMARY purpose of due diligen...; Question 91: In the "Do" phase of the Plan-Do-Check-Act model, which of t...; Question 92: Knowing the language in which an encrypted message was origi...; Question 93: In a federated identity environment where an organization an...; Question 94: Which of the following is the MOST appropriate action when r...; Question 95: What are the essential elements of a Risk Assessment Report ...; Question 96: A new Chief Information Officer (CIO) created a group to wri...; Question 97: A Simple Power Analysis (SPA) attack against a device direct...; Question 98: Which is MOST important when negotiating an Internet service...; Question 99: Which organizational department is ultimately responsible fo...; Question 100: Which of the following provides the best protection of data ...; Question 101: Which of the following Is the PRIMARY role of a security arc...; Question 102: In Disaster Recovery (DR) and business continuity training, ...; Question 103: Which of the following is a responsibility of the informatio...; Question 104: Which of the following is the BEST method to identify securi...; Question 105: Management has decided that a core application will be used ...; Question 106: Which of the following is a technique used by database manag...; Question 107: The Chief Information Security Officer (CISO) is concerned a...; Question 108: Which of the following techniques is MOST useful when dealin...; Question 109: During an internal audit of an organizational Information Se...; Question 110: A network administrator is configuring a database server and...; Question 111: Which of the following is an initial consideration when deve...; Question 112: What information will BEST assist security and financial ana...; Question 113: Which part of an Operating System (OS) is responsible for pr...; Question 114: Which of the following actions taken by an Intrusion Prevent...; Question 115: In the common criteria, which of the following is a formal d...; Question 116: Which of the following is the PRIMARY consideration when det...; Question 117: An organization's retail website provides its only source of...; Question 118: Which of the following is true of Service Organization Contr...; Question 119: Which of the following provides the MOST comprehensive filte...; Question 120: Which of the following is the MOST comprehensive Business Co...; Question 121: In order for application developers to detect potential vuln...; Question 122: A web-based application known to be susceptible to attacks i...; Question 123: Which of the following is a covert channel type?...; Question 124: Which of the following BEST describes what a company should ...; Question 125: A security audit identifies a vulnerability in a current rel...; Question 126: Which scenario would be an example of a risk associated with...; Question 127: Which of the following provides the GREATEST level of data s...; Question 128: Which security approach will BEST minimize Personally Identi...; Question 129: What principle requires that changes to the plaintext affect...; Question 130: Which of the following activities are part of the Build and ...; Question 131: An organization is the victim of a major data breach just on...; Question 132: A company developed a web application which is sold as a Sof...; Question 133: When evaluating third-party applications, which of the follo...; Question 134: Which of the following is MOST important when assigning owne...; Question 135: A project manager for a large software firm has acquired a g...; Question 136: Which of the following is the BEST method to perform an end-...; Question 137: Which of the following is the PRIMARY benefit of applying a ...; Question 138: An organization would like to store cryptographic keys on it...; Question 139: When conducting a remote access session using Internet Proto...; Question 140: Which of the following is the GREATEST security risk associa...; Question 141: Which of the following sets of controls should allow an inve...; Question 142: Who is responsible for classifying assists in an organizatio...; Question 143: Which of the following is the BEST reason to apply patches m...; Question 144: Which of the following is a Key Performance Indicator (KPI) ...; Question 145: From a security perspective, which of the following is a bes...; Question 146: Which of the following MUST a security policy include to be ...; Question 147: In which identity management process is the subject's identi...; Question 148: Which of the following is a direct monetary cost of a securi...; Question 149: An organization recently conducted a review of the security ...; Question 150: Which of the following are the three MAIN categories of secu...; Question 151: A security engineer is assigned to work with the patch and v...; Question 152: Which of the following problems is not addressed by using Op...; Question 153: Which of the following wireless security protocols presents ...; Question 154: What capability would typically be included in a commerciall...; Question 155: An organization would like to use Security Assertion Markup ...; Question 156: A breach investigation found a website was exploited through...; Question 157: The core component of Role Based Access control (RBAC) must ...; Question 158: Which of the following is an accurate statement when an asse...; Question 159: A hospital enforces the Code of Fair Information Practices. ...; Question 160: A security architect is reviewing an implemented security fr...; Question 161: An attack utilizing social engineering and a malicious Unifo...; Question 162: A developer is creating an application that requires secure ...; Question 163: Which of the following is the MAIN goal of a data retention ...; Question 164: A security engineer is tasked with implementing a new identi...; Question 165: What is the PRIMARY purpose of peer code reviews?...; Question 166: When assessing the audit capability of an application, which...; Question 167: In Session Layer of the Open System Interconnect (OSI) model...; Question 168: An Internet media company produces and broadcasts highly pop...; Question 169: Which of the following is the MOST secure protocol for zremo...; Question 170: An application developer receives a report back from the sec...; Question 171: When traveling to a region where the safety and security of ...; Question 172: An organization acquired used technological equipment. This ...; Question 173: Which of the following is the MOST appropriate technique for...; Question 174: Which of the following provides the MOST secure method for N...; Question 175: An unknown device is connected to the network environment. W...; Question 176: What would be the MOST cost effective solution for a Disaste...; Question 177: An employee's home address should be categorized according t...; Question 178: Why is data classification control important to an organizat...; Question 179: Access to which of the following is required to validate web...; Question 180: The application owner of a system that handles confidential ...; Question 181: When designing a vulnerability test, which one of the follow...; Question 182: Which of the following is a security feature of Global Syste...; Question 183: Which of the following features is MOST effective in mitigat...; Question 184: From a security perspective, which of the following assumpti...; Question 185: What is considered the BEST when determining whether to prov...; Question 186: A large human resources organization wants to integrate thei...; Question 187: Which of the following does Secure Sockets Layer (SSL) encry...; Question 188: At a MINIMUM, audits of permissions to individual or group a...; Question 189: What should be the FIRST action for a security administrator...; Question 190: Which of the following penetration testing techniques can di...; Question 191: Which of the following is an important requirement when desi...; Question 192: Why are mobile devices sometimes difficult to investigate in...; Question 193: When dealing with shared, privilaged accounts, especially th...; Question 194: What is the MAIN reason to ensure the appropriate retention ...; Question 195: Which of the following is a second optional use of Network A...; Question 196: Which of the following is used to detect steganography?...; Question 197: During the change management process, which of the following...; Question 198: What is the purpose of an Internet Protocol (IP) spoofing at...; Question 199: Which of the following objects should be removed FIRST prior...; Question 200: Which of the following is a common characteristic of privacy...; Question 201: An organization is in the process of developing a system to ...; Question 202: Transport Layer Security (TLS) provides which of the followi...; Question 203: Which of the following is an environmental security control ...; Question 204: Which of the following is a security weakness in the evaluat...; Question 205: An organization has experienced multiple distributed denial-...; Question 206: Which process compares its results against a standard to det...; Question 207: Refer to the information below to answer the question. A lar...; Question 208: How does a Host Based Intrusion Detection System (HIDS) iden...; Question 209: Which of the following is the BEST network defense against u...; Question 210: Which of the following is the MOST common method of memory p...; Question 211: Security Software Development Life Cycle (SDLC) expects appl...; Question 212: What Hypertext Transfer Protocol (HTTP) response header can ...; Question 213: An application developer is deciding on the amount of idle s...; Question 214: An audit requires that data must be deleted without remanenc...; Question 215: What is the term used to define where data is geographically...; Question 216: During a routine audit of network logs, the security adminis...; Question 217: Which of the following MUST be done when promoting a securit...; Question 218: What is the benefit of using Network Admission Control (NAC)...; Question 219: An access control list (ACL) on a router is a feature MOST s...; Question 220: A security professional determines that a number of outsourc...; Question 221: What is the MAIN purpose of a security assessment plan?...; Question 222: What is the FIRST step an organization should take if it is ...; Question 223: Functional security testing is MOST critical during which ph...; Question 224: Which of the following will allow the host system to check q...; Question 225: Which of the following traits are fundamental to Software De...; Question 226: Why are packet filtering routers used in low-risk environmen...; Question 227: The development team has been tasked with collecting data fr...; Question 228: The Rivest-Shamir-Adleman (RSA) algorithm is best suited for...; Question 229: When configuring Extensible Authentication Protocol (EAP) in...; Question 230: Which stage in the identity management (IdM) lifecycle const...; Question 231: Which of the following is the MAIN difference between a netw...; Question 232: Which of the following is most helpful in applying the princ...; Question 233: An organization allows ping traffic into and out of their ne...; Question 234: Which of the following MUST be considered when developing bu...; Question 235: What technology can be used to implement Single sign-On (SSO...; Question 236: What is the BEST way to encrypt web application communicatio...; Question 237: Which of the following should be the FIRST response to the d...; Question 238: What term is commonly used to describe hardware and software...; Question 239: A security practitioner has been tasked with establishing or...; Question 240: What should an auditor do when conducting a periodic audit o...; Question 241: A development operations team would like to start building n...; Question 242: Continuity of operations is BEST supported by which of the f...; Question 243: Which of the following is a strategy of grouping requirement...; Question 244: What are the three key benefits that application developers ...; Question 245: Which of the following is a best practice in a data handling...; Question 246: An organization wants to ensure that employees that move to ...; Question 247: Which of the following terms is used for online service prov...; Question 248: Which of the following is the FIRST control step in provisio...; Question 249: Which of the following is security control volatility?...; Question 250: Who should perform the design review to uncover security des...; Question 251: What can happen when an Intrusion Detection System (IDS) is ...; Question 252: Which of the following is a key responsibility for a data st...; Question 253: A security professional has been assigned to assess a web ap...; Question 254: What is the MAXIMUM number of host addresses available in a ...; Question 255: An organization is planning to have an it audit of its as a ...; Question 256: In which of the following programs is it MOST important to i...; Question 257: What is the MOST important consideration from a data securit...; Question 258: Which of the fallowing is the FIRST step in a patch manageme...; Question 259: What is the MOST efficient way to verify the integrity of da...; Question 260: Which of the following activities is MOST likely to be perfo...; Question 261: What is the BEST reason to include supply chain risks in a c...; Question 262: Which of the following is the PRIMARY objective of performin...; Question 263: The organization would like to deploy an authorization mecha...; Question 264: Physical assets defined in an organization's Business Impact...; Question 265: Which of the following is the MOST crucial for a successful ...; Question 266: A company needs to provide shared access of sensitive data o...; Question 267: When transmitting data over Unshielded Twisted Pair (UTP)cab...; Question 268: The security team has been tasked with performing an interfa...; Question 269: Which of the following purging methods will allow the full d...; Question 270: When investigating a possible cybercrime, which of the follo...; Question 271: Which of the following is the BEST way to mitigate circumven...; Question 272: When implementing a data classification program, why is it i...; Question 273: Which of the following countermeasures is the MOST effective...; Question 274: A security professional recommends that a company integrate ...; Question 275: Which of the following is the primary advantage of segmentin...; Question 276: What should be the FIRST action to protect the chain of evid...; Question 277: Which of the following would be the BEST mitigation practice...; Question 278: What does a Synchronous (SYN) flood attack do?...; Question 279: An organization is outsourcing its payroll system and is req...; Question 280: Which of the following is critical if an employee is dismiss...; Question 281: What is static analysis intended to do when analyzing an exe...; Question 282: Individuls have been identified and determined as having a n...; Question 283: An organization is looking to include mobile devices in its ...; Question 284: With data labeling, which of the following MUST be the key d...; Question 285: Which of the following is recommended to establish repeatabl...; Question 286: Which of the following methods of suppressing a fire is envi...; Question 287: A large organization's human resources and security teams ar...; Question 288: Which statement describes the differences between the synchr...; Question 289: Which of the following would MINIMIZE the ability of an atta...; Question 290: Which of the following explains why classifying data is an i...; Question 291: Network-based logging has which advantage over host-based lo...; Question 292: Which of the following is a common feature of an Identity as...; Question 293: What does the term "100-year floodplain" mean to emergency p...; Question 294: Which of the following is the PRIMARY benefit of a formalize...; Question 295: Which of the following phases involves researching a target'...; Question 296: Which of the following is an important design feature for th...; Question 297: What is the PRIMARY goal of fault tolerance?...; Question 298: Which of the following is a method used to prevent Structure...; Question 299: Which of the following risks could occur with an external en...; Question 300: Upon commencement of an audit within an organization, which ...; Question 301: Which of the following buffers is employed to isolate traffi...; Question 302: What is the BEST way that a closed-circuit television (CCTV)...; Question 303: What is a warn site when conducting Business continuity plan...; Question 304: Continuity of operations is BEST supported by which of the f...; Question 305: What part of an organization's strategic risk assessment MOS...; Question 306: Which of the following BEST describes when an organization s...; Question 307: A security professional can BEST mitigate the risk of using ...; Question 308: A thorough review of an organization's audit logs finds that...; Question 309: What does the result of Cost-Benefit Analysis (C8A) on new s...; Question 310: The European Union (EU) General Data Protection Regulation (...; Question 311: In the last 15 years a company has experienced three electri...; Question 312: Which of the following is the PRIMARY purpose of routinely t...; Question 313: What are the roles within a scrum methodology?...; Question 314: Which of the following is the MOST common use of the Online ...; Question 315: What testing method MOST efficiently identifies how code wil...; Question 316: In a change-controlled environment, which of the following i...; Question 317: A hospital's building controls system monitors and operates ...; Question 318: An organization is setting a security assessment scope with ...; Question 319: Drag and Drop Question Given a file containing ordered numbe...; Question 320: To ensure proper governance of information throughout the li...; Question 321: A security engineer is designing a Customer Relationship Man...; Question 322: What is the MOST important criterion that needs to be adhere...; Question 323: When can a security program be considered effective?...; Question 324: Point-to-Point Protocol (PPP) was designed to specifically a...; Question 325: Which of the following is a weakness of the Data Encryption ...; Question 326: The ability to send malicious code, generally in the form of...; Question 327: Which of the following is the BEST definition of Cross-Site ...; Question 328: When considering a VPN solution, what possible disadvantage ...; Question 329: An application is used for funds transfer between an organiz...; Question 330: Which of the following BEST describes the objectives of the ...; Question 331: Which of the following can a system administrator do to impr...; Question 332: A new internal auditor is tasked with auditing the supply ch...; Question 333: The adoption of an enterprise-wide Business Continuity (BC) ...; Question 334: How should the retention period for an organization's social...; Question 335: Which of the following BEST describes the use of network arc...; Question 336: What is the MAIN purpose for writing planned procedures in t...; Question 337: A software development company has a short timeline in which...; Question 338: A cybersecurity engineer has been tasked to research and imp...; Question 339: Which of the following media sanitization techniques is MOST...; Question 340: An Information Technology (IT) professional attends a cybers...; Question 341: Which of the following is the MOST important information in ...; Question 342: Information security metrics provide the GREATEST to managem...; Question 343: What requirement MUST be met during internal security audits...; Question 344: Which of the following was the first version of the Network ...; Question 345: Which of the following is the BEST approach for a forensic e...; Question 346: An employee of a retail company has been granted an extended...; Question 347: Which element of software supply chain management has the GR...; Question 348: Which of the following is FIRST defined in a company's data ...; Question 349: Which of the following secure design principles would be rec...; Question 350: Security categorization of a new system takes place during w...; Question 351: Which type of test suite should be run for fast feedback dur...; Question 352: An Intrusion Detection System (IDS) has recently been deploy...; Question 353: In an IDEAL encryption system, who has sole access to the de...; Question 354: A patch for a third-party software product has been released...; Question 355: Which of the following techniques BEST prevents buffer overf...; Question 356: In an environment where there is not full administrative con...; Question 357: Which security architecture strategy could be applied to sec...; Question 358: In which of the following phases in the change management pr...; Question 359: A retail company is looking to start a development project t...; Question 360: Organization A is adding a large collection of confidential ...; Question 361: Which of the following initiates the system recovery phase o...; Question 362: A company is preparing to migrate part of its applications t...; Question 363: During a Disaster Recovery (DR) assessment, additional cover...; Question 364: Which of the following MUST the administrator of a security ...; Question 365: Which attack defines a piece of code that is inserted into s...; Question 366: Which of the following is required to perform brute force pa...; Question 367: A control to protect from a Denial-of-Service (DoS) attach h...; Question 368: Which of the following encryption types is used in Hash Mess...; Question 369: Which testing method requires very limited or no information...; Question 370: Which of the following is the reason that transposition ciph...; Question 371: Which of the following is a possible advantage of manual vul...; Question 372: Which of the following authorization standards is built to h...; Question 373: Which of the following methods of suppressing a fire is envi...; Question 374: For cellular networks, how does a rogue base station take ad...; Question 375: An organization has implemented a new backup process which p...; Question 376: The MAIN purpose of placing a tamper seal on a computer syst...; Question 377: In Identity Management (IdM), when is the verification stage...; Question 378: Which type of security control is used to establish the limi...; Question 379: A vulnerability test on an Information System (IS) is conduc...; Question 380: Which asset tracking method is MOST secure and cost-effectiv...; Question 381: Which of the following is the FIRST requirement a data owner...; Question 382: Which of the following is the MAIN benefit of a comprehensiv...; Question 383: Which of the Following is designed to resolve differences in...; Question 384: Which of the following is the MOST important consideration t...; Question 385: An organization discovers that its Secure File Transfer Prot...; Question 386: What is the MAIN objective of risk analysis in Disaster Reco...; Question 387: Which of the following is the BEST method to validate secure...; Question 388: A MAJOR security flaw with Voice over Internet Protocol (VoI...; Question 389: What is the MOST important element when considering the effe...; Question 390: How long should the records on a project be retained?...; Question 391: Along with detection, which of the following security strate...; Question 392: Which of the following is mobile device remote fingerprintin...; Question 393: What BEST describes data ownership?...; Question 394: What is the MOST important standard control process to follo...; Question 395: Which of the following is the MOST important consideration w...; Question 396: Which of the following benefits does Role Based Access Contr...; Question 397: Which of the following is the BEST technique to facilitate s...; Question 398: Computer forensics requires which of the following MAIN step...; Question 399: Which of the following is the PRIMARY type of cryptography r...; Question 400: A security professional needs to find a secure and efficient...; Question 401: According to the Capability Maturity Model Integration (CMMI...; Question 402: Which of the following statements BEST describes least privi...; Question 403: Why is planning the MOST critical phase of a Role Based Acce...; Question 404: An organization that has achieved a Capability Maturity Mode...; Question 405: Which of the following principles is intended to produce inf...; Question 406: The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for...; Question 407: Which of the following is a strong security protection provi...; Question 408: Which function does 802.1X provide?...; Question 409: Which of the following is included in the Global System for ...; Question 410: When a system changes significantly, who is PRIMARILY respon...; Question 411: Which of the following vulnerability assessment activities B...; Question 412: What is the Best approach for maintaining ethics when a secu...; Question 413: Which of the following BEST exemplifies the use of Mandatory...; Question 414: Which of the following initiates the systems recovery phase ...; Question 415: A software development company found odd behavior in some re...; Question 416: A company wants to buy a Commercial ff-The-Shelf (CTS) appli...; Question 417: Which of the following is primarily responsible for deciding...; Question 418: What is the primary purpose of the stakeholder needs and req...; Question 419: Which of the following management processes allots ONLY thos...; Question 420: Mobile devices are MOST susceptible to which of the followin...; Question 421: Which of the following needs to be included in order for Hig...; Question 422: Why Is It important to have a comprehensive inventory of Inf...; Question 423: Which security service is served by the process of encryptio...; Question 424: Who is primarily responsible to review analyzed reports resu...; Question 425: What are the steps of a risk assessment?...; Question 426: What MUST each information owner do when a system contains d...; Question 427: Which of the following is a common term for log reviews, syn...; Question 428: Which of the following contributes MOST to the effectiveness...; Question 429: Which of the following should be done at a disaster site bef...; Question 430: Physical Access Control Systems (PACS) allow authorized secu...; Question 431: What is the PRIMARY purpose of auditing, as it relates to th...; Question 432: A developer begins employment with an information technology...; Question 433: Who is responsible for the protection of information when it...; Question 434: Which of the following BEST describes the standard used to e...; Question 435: Trust relationships between organizations can BEST be mainta...; Question 436: Which of the following is the BEST method a security practit...; Question 437: A customer continues to experience attacks on their email, w...; Question 438: If the wide area network (WAN) is supporting converged appli...; Question 439: Which layer of the Open systems Interconnection (OSI) model ...; Question 440: Which of the following options is the best to provide remote...; Question 441: A retail company suffered a ransomware attack that compromis...; Question 442: Which of the following is the final phase of the identity an...; Question 443: If Disaster Recovery Plan (DRP) testing is to be done annual...; Question 444: Which of the following is an advantage of' Secure Shell (SSH...; Question 445: Where would an organization typically place an endpoint secu...; Question 446: Email credentials were stolen when a user clicked on a link ...; Question 447: After the INITIAL input of a user identification (ID) and pa...; Question 448: Which of the following is a unique feature of Attribute Base...; Question 449: When recovering from an outage, what is the Recovery Point O...; Question 450: An organization has requested storage area network (SAN) dis...; Question 451: What is the MOST common component of a vulnerability managem...; Question 452: Which of the following factors should be considered characte...; Question 453: Which of the following is the PRIMARY risk associated with E...; Question 454: A recent security audit is reporting several unsuccessful lo...; Question 455: The PRIMARY outcome of a certification process is that it pr...; Question 456: Why might a network administrator choose distributed virtual...; Question 457: An application relies on untrusted user input and permits an...; Question 458: In the Software Development Life Cycle (SDLC), maintaining a...; Question 459: What security principle addresses the issue of "Security by ...; Question 460: Which of the following is the PRIMARY benefit of implementin...; Question 461: What industry-recognized document could be used as a baselin...; Question 462: Why would an administrator use a Trusted platform Module (TP...; Question 463: Which of the following is the MOST important output from a m...; Question 464: Which one of the following describes granularity?...; Question 465: Which of the following factors contributes to the weakness o...; Question 466: The defense strategy "never trust any input" is MOST effecti...; Question 467: Which of the following best practices mitigates the risk of ...; Question 468: Which application type is considered high risk and provides ...; Question 469: In which phase of the four-stage penetration methodology is ...; Question 470: A developer creates an application to be distributed worldwi...; Question 471: Which is the second phase of public key Infrastructure (pk1)...; Question 472: Of the following, which BEST provides non-repudiation with r...; Question 473: A corporation does not have a formal data destruction policy...; Question 474: A project requires the use of en authentication mechanism wh...; Question 475: Which of the following MUST be included in a fully functiona...; Question 476: Which of the following is a security limitation of File Tran...; Question 477: Which of the following processes is BEST used to determine t...; Question 478: A security team member was selected as a member of a Change ...; Question 479: Which of the following provides for the STRONGEST protection...; Question 480: What is the second step in the identity and access provision...; Question 481: For the purpose of classification, which of the following is...; Question 482: Which of the following is the MOST important first step in p...; Question 483: Which of the following is the primary security consideration...; Question 484: Which of the following is a PRIMARY advantage of using a thi...; Question 485: An Information Technology [IT) manager has learned that vend...; Question 486: When adopting software as a service (Saas), which security r...; Question 487: The Secure Shell (SSH) version 2 protocol supports....; Question 488: Which of the following is the MAIN benefit of off-site stora...; Question 489: An organization would like to implement an authorization mec...; Question 490: An organization operates a legacy Industrial Control System ...; Question 491: What is the benefit of an operating system (OS) feature that...; Question 492: Which one of the following data integrity models assumes a l...; Question 493: Which of the following controls is the most for a system ide...; Question 494: The security organization is loading for a solution that cou...; Question 495: What is the MOST effective way an organization ensures that ...; Question 496: A security practitioner needs to implement a solution to ver...; Question 497: Which of the following BEST describes an attack on session m...; Question 498: During a recent assessment an organization has discovered th...; Question 499: From a cryptographic perspective, the service of non-repudia...; Question 500: Which of the following is a safeguard that could be used to ...; Question 501: What is a use for mandatory access control (MAC)?...; Question 502: Which of the following is the PRIMARY reason Android devices...; Question 503: Which of the following needs to be taken into account when a...; Question 504: The four basic principles of Kerberos are?...; Question 505: Which security feature fully encrypts code and data as it pa...; Question 506: Which of the following is a process in the access provisioni...; Question 507: Which of the following design elements are included in Opera...; Question 508: An organization is implementing a bring your own device (BYO...; Question 509: What should be the FIRST action for a security administrator...; Question 510: A data owner determines the appropriate job-based access for...; Question 511: During a Disaster Recovery (DR) simulation, it is discovered...; Question 512: Which of the following is a security limitation of File Tran...; Question 513: An input validation and exception handling vulnerability has...; Question 514: An organization is considering outsourcing applications and ...; Question 515: Two remote offices need to be connected securely over an unt...; Question 516: Risk based internal audit (RBIA) of an organization must be ...; Question 517: An organization needs to evaluate the effectiveness of secur...; Question 518: A system administration office desires to implement the foll...; Question 519: A large manufacturing organization arranges to buy an indust...; Question 520: A security consultant is asked to make recommendations for a...; Question 521: During a penetration test, an assessor has difficulty findin...; Question 522: Which of the following is a best practice in a data handling...; Question 523: Which concept might require users to use a second access tok...; Question 524: Why is lexical obfuscation in software development discourag...; Question 525: Which of the following is a MAJOR consideration in implement...; Question 526: When conveying the results of a security assessment, which o...; Question 527: Which of the following is the MOST effective way to ensure t...; Question 528: Which of the following combinations would MOST negatively af...; Question 529: As a best practice, the Security Assessment Report (SAR) sho...; Question 530: Which of the following goals represents a modern shift in ri...; Question 531: Which of the following attack types can be used to compromis...; Question 532: "Stateful" differs from "Static" packet filtering firewalls ...; Question 533: What is the MOST significant benefit of role-based access co...; Question 534: Within a large organization, what business unit is BEST posi...; Question 535: Which of the following is a PRIMARY challenge when running a...; Question 536: Which of the following is the strongest physical access cont...; Question 537: Which is the FIRST type of Business Continuity (BC) test tha...; Question 538: Which of the following is the MOST common cause of system or...; Question 539: Which of the following is the BEST reason to apply patches m...; Question 540: Which of the following should ALWAYS be included in audit re...; Question 541: Which of the following is the key requirement for test resul...; Question 542: When participating in a forensic investigation, who should b...; Question 543: What is the FIRST step in developing a patch management plan...; Question 544: As part of the security assessment plan, the security profes...; Question 545: Compared with hardware cryptography, software cryptography i...; Question 546: In order for application developers to detect potential vuln...; Question 547: An organization needs to implement media encryption for a la...; Question 548: Security personnel should be trained by emergency management...; Question 549: Which of the following is the BEST method for meeting a requ...; Question 550: Which of the following actions should be performed immediate...; Question 551: Which of the following is an effective control in preventing...; Question 552: Which of the following is the last-mile reliability of plain...; Question 553: When developing the entitlement review process, which of the...; Question 554: Compared with hardware cryptography, software cryptography i...; Question 555: Which of the following does the security design process ensu...; Question 556: It is better to use Elliptic Curve Cryptography (ECC) instea...; Question 557: Which of the following factors would MOST likely cause a sec...; Question 558: What is the process of removing sensitive data from a system...; Question 559: A company is concerned that its employees may come under thr...; Question 560: The security architect is designing and implementing an inte...; Question 561: Which of the following is a correct feature of a virtual loc...; Question 562: An organization with divisions in the United States (US) and...; Question 563: Which of the following BEST describes Recovery Time Objectiv...; Question 564: Directive controls are a form of change management policy an...; Question 565: Which dynamic routing protocol is BEST suited for a disperse...; Question 566: Which of the following kind of attacks uses e-mail or websit...; Question 567: Which of the following has the responsibility of information...; Question 568: A software developer installs a game on their organization-p...; Question 569: Which of the following is key when assessing weaknesses in a...; Question 570: What PRIMARY role does a honey pot play in overall security?...; Question 571: During which of the following processes is least privilege i...; Question 572: Which of the following is the MOST important consideration i...; Question 573: Which of the following access control mechanisms characteriz...; Question 574: In which of the following system life cycle processes should...; Question 575: Which type of test would an organization perform in order to...; Question 576: Which of the following significantly influences the level of...; Question 577: What is a common mistake in records retention?...; Question 578: How should an organization determine the priority of its rem...; Question 579: Which of the following is the BEST way to determine the succ...; Question 580: An information security audit identifies that there are open...; Question 581: An organization provides its employees with laptops they can...; Question 582: Which of the following is used to support the of defense in ...; Question 583: Which Open Systems Interconnection (OSI) layer(s) BEST corre...; Question 584: If virus infection is suspected, which of the following is t...; Question 585: When using Generic Routing Encapsulation (GRE) tunneling ove...; Question 586: What security technique in the Software Development Life Cyc...; Question 587: Which of the following is responsible for establishing an en...; Question 588: With what frequency should monitoring of a control occur whe...; Question 589: An organization has discovered that users are visiting unaut...; Question 590: What is the MAIN goal of information security awareness and ...; Question 591: Which component of the Security Content Automation Protocol ...; Question 592: Which of the following uses the destination IP address to fo...; Question 593: Which one of the following is an advantage of an effective r...; Question 594: A colleague who recently left the organization asked a secur...; Question 595: Which of the following is key when assessing weakness in aut...; Question 596: What is the MAIN benefit of change management in an applicat...; Question 597: In regard to multimedia files, which Digital Rights Manageme...; Question 598: As a design principle, which one of the following actors is ...; Question 599: What is the PRIMARY purpose of the identification phase of t...; Question 600: Which of the following is a secure design principle for a ne...; Question 601: What operations role is responsible for protecting the enter...; Question 602: An organization has implemented a password complexity and an...; Question 603: Which Redundant Array c/ Independent Disks (RAID) Level does...; Question 604: Which of the following is required to verify the authenticit...; Question 605: In the Open System Interconnection (OSI) reference model, wh...; Question 606: Which of the following s the MAIN security benefit of having...; Question 607: Which of the following kinds of program should organizations...; Question 608: An established information technology (IT) consulting firm i...; Question 609: The MAIN task of promoting security for Personal Computers (...; Question 610: Which of the following areas need a higher level of security...; Question 611: A security practitioner is tasked with securing the organiza...; Question 612: A security practitioner detects an Endpoint attack on the or...; Question 613: Which of the following will have the MOST influence on the d...; Question 614: What is the PRIMARY benefit of analyzing the partition layou...; Question 615: Which of the following statements is TRUE regarding equivale...; Question 616: If a security practitioner needs to recover the password sto...; Question 617: What is a common reason for implementing fine-grained segmen...; Question 618: Refer to the information below to answer the question. An or...; Question 619: Drag and Drop Question What is the correct order of steps in...; Question 620: An organization's Information Technology (IT) group has just...; Question 621: What protocol is often used between gateway hosts on the Int...; Question 622: An organization has detected that the contents of a static t...; Question 623: What is the common mistake in records retention?...; Question 624: Which of the below strategies would MOST comprehensively add...; Question 625: Which of the following is the weakest form of protection for...; Question 626: Which of the following would be the MOST severe impact to ac...; Question 627: What is the BEST defense against an unauthorized sniffer on ...; Question 628: If a content management system (CMC) is implemented, which o...; Question 629: Which of the following actions MUST be performed when using ...; Question 630: A user downloads a file from the Internet, then applies the ...; Question 631: Which of the following is the BEST method for authenticating...; Question 632: Change the management is critical to the patch management We...; Question 633: Which of the following MOST applies to session initiation pr...; Question 634: Which of the following addresses requirements of security as...; Question 635: Which of the following describes a required dependency found...; Question 636: Which of the following is a peor entity authentication metho...; Question 637: Who should formulate conclusions from a particular digital f...; Question 638: Which of the following is the MOST effective countermeasure ...; Question 639: An internal audit for an organization recently identified ma...; Question 640: What is the MOST effective way to determine a mission critic...; Question 641: Which of the following is the FIRST step in the incident res...; Question 642: While dealing with the consequences of a security incident, ...; Question 643: What is the PRIMARY advantage of using automated application...; Question 644: An organization has discovered that organizational data is p...; Question 645: Directive controls are a form of change management policy an...; Question 646: A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) ...; Question 647: Where can the Open Web Application Security Project (OWASP) ...; Question 648: A security architect is developing an information system for...; Question 649: What is the PRIMARY objective of an application security ass...; Question 650: Which of the following would be the FIRST step to take when ...; Question 651: Which one of the following considerations has the LEAST impa...; Question 652: Which of the following processes has the PRIMARY purpose of ...; Question 653: A chemical plan wants to upgrade the Industrial Control Syst...; Question 654: Which of the following technologies is the BEST measure to p...; Question 655: When designing on Occupent Emergency plan (OEP) for United s...; Question 656: A client has reviewed a vulnerability assessment report and ...; Question 657: Company A acquired company B in a merger. Company A immediat...; Question 658: Which step of the Risk Management Framework (RMF) identifies...; Question 659: Which of the following is the weakest form of protection for...; Question 660: Which of the following is the MOST effective practice in man...; Question 661: Which Wide Area Network (WAN) technology requires the first ...; Question 662: An engineer notices some late collisions on a half-duplex li...; Question 663: An organization purchased a commercial off-the-shelf (COTS) ...; Question 664: After learning that the security budget will decrease in the...; Question 665: Which of the following is the MOST important consideration i...; Question 666: What is the FIRST step in risk management?...; Question 667: Which of the following actions should be taken by a security...; Question 668: What is a consideration when determining the potential impac...; Question 669: What is the correct order of execution for security architec...; Question 670: A security practitioner has just been assigned to address an...; Question 671: Which of the following routing protocols is used to exchange...; Question 672: A company has purchased a new building and is working with c...; Question 673: When collecting a raw dump of physical memory, when should t...; Question 674: A company receives an email threat informing of an Imminent ...; Question 675: While performing a security review for a new product, an inf...; Question 676: What is the FIRST step required in establishing a records re...; Question 677: Which of the following phrases involves researching a target...; Question 678: During the Security Assessment and Authorization process, wh...; Question 679: What is the PRIMARY responsibility of a data owner?...; Question 680: Which of the following components of the Content Distributio...; Question 681: A software developer wishes to write code that will execute ...; Question 682: Once the types of information have been identified, who shou...; Question 683: From a security perspective, which of the following is a bes...; Question 684: What is the MOST effective way to ensure that a cloud servic...; Question 685: Which of the following would need to be configured to ensure...; Question 686: A Virtual Machine (VM) environment has five guest Operating ...; Question 687: A company-wide penetration test result shows customers could...; Question 688: Which of the following is a benefit of implementing data-in-...; Question 689: What is a key component of the Common Criteria (CC) evaluati...; Question 690: Which one of the following can be used to detect an anomaly ...; Question 691: When dealing with compliance with the Payment card Industry ...; Question 692: What is a characteristic of Secure Socket Layer (SSL) and Tr...; Question 693: Information security practitioners are in the midst of imple...; Question 694: What High Availability (HA) option of database allow multipl...; Question 695: An online retail company has formulated a record retention s...; Question 696: An organization decides to create a team to define its new c...; Question 697: Which of the following is the BEST approach to mitigate all ...; Question 698: What is the MOST effective way to protect privacy?...; Question 699: Which factors MUST be considered when classifying informatio...; Question 700: Which of the following is used to support the concept of def...; Question 701: What is the PRIMARY purpose of creating and reporting metric...; Question 702: Which of the following is the MOST relevant risk indicator a...; Question 703: Which of the following is the MOST likely reason a Human Res...; Question 704: The Transmission Control Protocol (TCP) three-way handshake ...; Question 705: Why should Open Wab Application Secuirty Project (OWASP) App...; Question 706: An organization wants to define its physical perimeter. What...; Question 707: Sensitive customer data is going to be added to a database. ...; Question 708: What is the foundation of cryptographic functions?...; Question 709: In order to support the least privilege security principle w...; Question 710: Which of the following is a vulnerability in Public Key Cryp...; Question 711: A Chief Information Officer (CIO) has delegated responsibili...; Question 712: In a DevOps environment, which of the following actions is M...; Question 713: Which of the following questions will be addressed through t...; Question 714: Which of the following is the PRIMARY reason to perform regu...; Question 715: Which of the following is one of the key objectives regardin...; Question 716: Which of the following is a process in the access provisioni...; Question 717: Building blocks for software-defined networks (SDN) require ...; Question 718: A hospital has allowed virtual private networking (VPN) acce...; Question 719: Which of the following statements is TRUE regarding state-ba...; Question 720: Which of the following media is least problematic with data ...; Question 721: Which of the following BEST obtains an objective audit of se...; Question 722: An organization is found lacking the ability to properly est...; Question 723: Why do organizations perform rotating backups?...; Question 724: What is the FIRST step for an organization to take before al...; Question 725: Which of the following examples is BEST to minimize the atta...; Question 726: Single sign-on (SSO) for federated identity management (FIM)...; Question 727: A post-implementation review has identified that the Voice O...; Question 728: Which of the following is the BEST action while reviewing re...; Question 729: A company was ranked as high in the following National Insti...; Question 730: A security analyst has been asked to participate in a threat...; Question 731: Which of the following is MOST useful for determining whethe...; Question 732: Which of the following models uses unique groups contained i...; Question 733: Lack of which of the following options could cause a negativ...; Question 734: Internet protocol security (IPSec), point-to-point tunneling...; Question 735: What is the motivation for use of the Online Certificate Sta...; Question 736: Which of the following types of hosts should be operating in...; Question 737: At which layer of the Open Systems Interconnect (OSI) model ...; Question 738: What is the GREATEST challenge of an agent based patch manag...; Question 739: Which is the MOST important consideration for a policy safeg...; Question 740: What is the HIGHEST priority in agile development?...; Question 741: With regards to physical security, what is the MOST critical...; Question 742: Which of the following is a characteristic of an operating s...; Question 743: Change management policies and procedures belong to which of...; Question 744: When conducting a forensic criminal investigation on a compu...; Question 745: Compared to a traditional network, which of the following is...; Question 746: When developing an information security policy, why is it BE...; Question 747: A cloud hosting provider would like to provide a Service Org...; Question 748: The goal of a Business Impact Analysis (BIA) is to determine...; Question 749: An Information System Security Officer (ISSO) employed by a ...; Question 750: What protocol is often used between gateway hosts on the Int...; Question 751: An organization wants to implement a security service that a...; Question 752: Which of the following processes is used to align security c...; Question 753: In an organization where Network Access Control (NAC) has be...; Question 754: Which layer of the Open System Interconnection (OSI) model i...; Question 755: Which of the following mechanisms will BEST prevent a Cross-...; Question 756: An enterprise is developing a baseline cybersecurity standar...; Question 757: Which of the following would an internal technical security ...; Question 758: Which of the following would be the BEST guideline to follow...; Question 759: An organization regularly conducts its own penetration tests...; Question 760: Which of the following methods protects Personally Identifia...; Question 761: An effective information security strategy is PRIMARILY base...; Question 762: What is the FIRST step when developing an Information Securi...; Question 763: An organization is required to comply with a new privacy reg...; Question 764: Which one of the following affects the classification of dat...; Question 765: A user downloads a file from the Internet, then applies the ...; Question 766: Which of the following types of business continuity tests in...; Question 767: How is supply chain risk determined?...; Question 768: Security issues with shared push-button combination lock dev...; Question 769: Users require access rights that allow them to view the aver...; Question 770: What can an Internet Service Provider (ISP) use to authentic...; Question 771: What is the MAIN purpose of conducting a business impact ana...; Question 772: Which of the following is MOST important when deploying digi...; Question 773: Clothing retailer employees are provisioned with user accoun...; Question 774: Which of the following BEST describes why physical data cent...; Question 775: Which of the following is a benefit in implementing an enter...; Question 776: Which of the following is PRIMARILY adopted for ensuring the...; Question 777: Which of the following is the MOST important reason for usin...; Question 778: In a multi-tenant cloud environment, what approach will secu...; Question 779: Which of the following is a characteristic of a challenge/re...; Question 780: The type of authorized interactions a subject can have with ...; Question 781: Which of the following is MOST effective method of defending...; Question 782: One of Canada's leading pharmaceutical firms recently hired ...; Question 783: What Service Organization Controls (SOC) report can be freel...; Question 784: To monitor the security of buried data lines inside the peri...; Question 785: A vulnerability assessment report has been submitted to a cl...; Question 786: What is the PRIMARY purpose for an organization to conduct a...; Question 787: Which of the following terms is used to describe original, u...; Question 788: A small office is running WiFi 4 APs, and neighboring office...; Question 789: A fiber link connecting two campus networks is broken. Which...; Question 790: Which of the following aspects in an asset table is the MOST...; Question 791: During a disruptive event, which security continuity objecti...; Question 792: Which of the following are common components of a Security A...; Question 793: What would be the BEST action to take in a situation where c...; Question 794: In which process MUST security be considered during the acqu...; Question 795: Which of the following BEST describles a protection profile ...; Question 796: Which of the following is the PRIMARY purpose of installing ...

Question 691/796

LEAVE A REPLY

Download PDF File