Question 1

Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals?

Accepted Answer

The answer of Who has the PRIMARY responsibility to ensure...

Question 2

Which of the following offers the BEST security functionality for transmitting authentication tokens?

Accepted Answer

SAML is specifically designed for exchanging authentication and authorization data between parties, providing robust security features for transmitting authentication tokens.

Question 3

A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of the assessment was this error MOST likely made?

Accepted Answer

The answer of A vulnerability assessment report has been submitted...

Question 4

Who is accountable for the information within an Information System (IS)?

Accepted Answer

The answer of Who is accountable for the information within...

Question 5

A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?

Accepted Answer

Syslog servers typically use UDP for log transmission, which is connectionless and can be exploited in DoS attacks due to its lack of congestion control and flow control mechanisms.

Question 6

An organization has a short-term agreement with a public Cloud Service Provider (CSP). Which of the following BEST protects sensitive data once the agreement expires and the assets are reused?

Accepted Answer

The answer of An organization has a short-term agreement with...

Question 7

Who would be the BEST person to approve an organizations information security policy?

Accepted Answer

The answer of Who would be the BEST person to...

Question 8

Which one of the following data integrity models assumes a lattice of integrity levels?

Accepted Answer

The answer of Which one of the following data integrity...

Question 9

Which of the following models uses unique groups contained in unique conflict classes?

Accepted Answer

The answer of Which of the following models uses unique...

Question 10

Which of the following is a remote access protocol that uses a static authentication?

Accepted Answer

Password Authentication Protocol (PAP) uses static authentication by transmitting usernames and passwords in plaintext, making it less secure compared to other protocols like CHAP, which uses dynamic authentication.

Question 11

Which of the following is held accountable for the risk to organizational systems and data that result from outsourcing Information Technology (IT) systems and services?

Accepted Answer

The answer of Which of the following is held accountable...

Question 12

In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?

Accepted Answer

The primary goal of using a virtual router address in an HA environment is to ensure seamless failover. If the first router fails, the second router takes over the traffic without interruption.

Question 13

Which of the following is the FIRST step in the incident response process?

Accepted Answer

The first step in the incident response process is to investigate all symptoms to confirm the incident, ensuring that the response is appropriate and necessary.

Question 14

What is the PRIMARY reason for implementing change management?

Accepted Answer

Change management is primarily implemented to ensure accountability for changes to the environment, ensuring that changes are tracked, evaluated, and authorized properly.

Question 15

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

Accepted Answer

The answer of What is the MAIN reason for testing...

Question 16

Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host?

Accepted Answer

Switches use MAC address tables to send packets only to the intended recipient, preventing sniffers from capturing packets not addressed to their host.

Question 17

What is a characteristic of Secure Sockets Layer (SSL) and Transport Layer Security (TLS)?

Accepted Answer

SSL and TLS are protocols that provide secure communication over a computer network by encrypting the data transmitted between the client and server, typically operating on top of TCP.

Question 18

A company-wide penetration test result shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability?

Accepted Answer

The answer of A company-wide penetration test result shows customers...

Question 19

The goal of a Business Impact Analysis (BIA) is to determine which of the following?

Accepted Answer

A Business Impact Analysis (BIA) identifies critical business functions and determines the resource priorities for recovery and the Maximum Tolerable Downtime (MTD) for these functions.

Question 20

A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?

Accepted Answer

The answer of A security professional should consider the protection...

Exam 3: Certified Information Systems Security Professional