Question 1

During which of the following processes is least privilege implemented for a user account?

Accepted Answer

During the provision process, least privilege is implemented by assigning only the necessary permissions to a user account to perform their job functions.

Question 2

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Accepted Answer

A duress alarm is a cost-effective reactive control that allows personnel to quickly alert security or law enforcement in case of an emergency, providing immediate response without the high costs associated with physical barriers or hiring additional personnel.

Question 3

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Accepted Answer

The answer of Which of the following actions will reduce...

Question 4

The use of private and public encryption keys is fundamental in the implementation of which of the following?

Accepted Answer

B  The Diffie-Hellman algorithm and Secure Sockets Layer (SSL) both use private and public encryption keys. Diffie-Hellman is a method of securely exchanging cryptographic keys over a public channel, and SSL uses public key cryptography to establish a secure connection. AES is a symmetric key encryption standard, and MD5 is a hashing algorithm, neither of which use public/private key pairs.

Question 5

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Accepted Answer

The answer of All of the following items should be...

Question 6

Which of the following Service Organization Control (SOC) report types should an organization request if they require a period of time report covering security and availability for a particular system?

Accepted Answer

SOC 2 Type 2 reports cover the effectiveness of controls over a period of time and include criteria for security and availability, making it suitable for organizations needing such assurances.

Question 7

Which of the following is considered the PRIMARY security issue associated with encrypted e-mail messages?

Accepted Answer

The answer of Which of the following is considered the...

Question 8

When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following?

Accepted Answer

Organizations must regularly validate the PCI-DSS compliance status of their service providers to ensure ongoing adherence to security standards.

Question 9

A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually?

Accepted Answer

The Identify function includes categories such as Asset Management, Business Environment, Governance, and Risk Assessment. These are areas where the company needs to improve based on the low maturity grade in the Identify function.

Question 10

What is the FIRST step required in establishing a records retention program?

Accepted Answer

The answer of What is the FIRST step required in...

Question 11

What is the FIRST step in establishing an information security program?

Accepted Answer

The answer of What is the FIRST step in establishing...

Question 12

Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/Internet Protocol (TCP/IP) traffic?

Accepted Answer

The answer of Which of the following is MOST effective...

Question 13

A security practitioner has just been assigned to address an ongoing Denial of Service (DoS) attack against the company's network, which includes an e-commerce web site. The strategy has to include defenses for any size of attack without rendering the company network unusable. Which of the following should be a PRIMARY concern when addressing this issue?

Accepted Answer

The primary concern in addressing a DoS attack is to maintain service availability by allowing legitimate traffic while blocking malicious traffic.

Question 14

A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?

Accepted Answer

A proxy firewall operates at the Application layer of the OSI model, as it acts as an intermediary for requests from clients seeking resources from other servers, handling application-specific traffic.

Question 15

A security team member was selected as a member of a Change Control Board (CCB) for an organization. Which of the following is one of their responsibilities?

Accepted Answer

The answer of A security team member was selected as...

Question 16

Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?

Accepted Answer

Inert gas fire suppression systems are environmentally friendly as they use gases like nitrogen and argon, which do not harm the ozone layer and are safe for electronic equipment, making them suitable for data centers.

Question 17

An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred?

Accepted Answer

The answer of An Intrusion Detection System (IDS) has recently...

Question 18

In Disaster Recovery (DR) and Business Continuity (DC) training, which BEST describes a functional drill?

Accepted Answer

The answer of In Disaster Recovery (DR) and Business Continuity...

Question 19

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?

Accepted Answer

The answer of At what level of the Open System...

Question 20

A security practitioner is tasked with securing the organization's Wireless Access Points (WAP). Which of these is the MOST effective way of restricting this environment to authorized users?

Accepted Answer

The answer of A security practitioner is tasked with securing...

Exam 3: Certified Information Systems Security Professional