Question 1

A vulnerability in which of the following components would be MOST difficult to detect?

Accepted Answer

Hardware vulnerabilities are most difficult to detect because they often require physical access or specialized equipment to identify, and they are not as easily patched or updated as software vulnerabilities.

Question 2

What is the BEST way to correlate large volumes of disparate data sources in a Security Operations Center (SOC) environment?

Accepted Answer

A Security Information and Event Management (SIEM) system is specifically designed to collect, analyze, and correlate data from various sources, making it the best choice for handling large volumes of disparate data in a SOC environment.

Question 3

When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?

Accepted Answer

The GRE header is inserted between the delivery header (IPv4 header) and the payload (the encapsulated packet).

Question 4

A project requires the use of an authentication mechanism where playback must be protected and plaintext secret must be used. Which of the following should be used?

Accepted Answer

CHAP provides protection against playback attacks by using a challenge-response mechanism and does not transmit the plaintext secret over the network.

Question 5

What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle?

Accepted Answer

The answer of What type of attack sends Internet Control...

Question 6

After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Accepted Answer

Conducting a security impact analysis helps determine if the upgrade has affected the network security posture by identifying any new vulnerabilities or changes in risk.

Question 7

What is the motivation for use of the Online Certificate Status Protocol (OCSP)?

Accepted Answer

OCSP is used to provide real-time, up-to-date information about the revocation status of a digital certificate, offering a more efficient alternative to downloading and parsing large CRLs.

Question 8

Which of the following is the BEST way to mitigate circumvention of access controls?

Accepted Answer

Diversifying technologies in multi-layer access controls ensures that if one layer is compromised, others remain secure, reducing the risk of circumvention.

Question 9

Which of the following provides the GREATEST level of data security for a Virtual Private Network (VPN) connection?

Accepted Answer

Internet Protocol Security (IPSec) provides the greatest level of data security for a VPN connection by encrypting and authenticating IP packets, ensuring data confidentiality, integrity, and authenticity.

Question 10

Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain. Which of the following is LEAST associated with the attack surface?

Accepted Answer

Error messages are typically not directly associated with the attack surface, which is more concerned with points of entry and interaction like input protocols, target processes, and access rights.

Question 11

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

Accepted Answer

The security accreditation task is completed at the end of the System Implementation phase, as this is when the system is fully developed and ready to be assessed for compliance with security requirements before being deployed.

Question 12

Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

Accepted Answer

Security Assertion Markup Language (SAML) is a standard used for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider.

Question 13

A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?

Accepted Answer

The best course of action is to inform the audit committee or internal audit using the corporate whistleblower process, as this request may indicate unethical or illegal activity.

Question 14

Reciprocal backup site agreements are considered to be

Accepted Answer

The answer of Reciprocal backup site agreements are considered to...

Question 15

For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?

Accepted Answer

Network architecture is used to define and divide trust domains and trust boundaries, as it involves the design and structure of a network, determining how different segments are isolated or connected.

Question 16

Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?

Accepted Answer

Code review helps identify and fix vulnerabilities, such as buffer overflows, before the software is deployed.

Question 17

Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?

Accepted Answer

The answer of Which Identity and Access Management (IAM) process...

Question 18

An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?

Accepted Answer

Anonymizing data is a common practice to ensure privacy and compliance with international data protection laws, allowing the organization to process it in the US.

Question 19

Which of the following BEST represents the concept of least privilege?

Accepted Answer

The concept of least privilege means that access is denied by default and only granted when explicitly allowed, ensuring users have the minimum level of access necessary.

Question 20

It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?

Accepted Answer

The answer of It is MOST important to perform which...

Exam 3: Certified Information Systems Security Professional