Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Which of the following MUST be in place for security to be effective in an organization?

A.

Security objectives are documented and in line with the organization’s mission and goals.

B.

Security policies are in line with international standards.

C.

Technology strategy decisions have the involvement and approval of the security organization.

D.

Risk assessments on business plans include security issues as part of the analysis.

During an investigation, a forensic analyst executed a task to allow for the authentication of all documents, data, and objects collected, if required. Which of the options below BEST describes this task?

A.

Electronically stored information was collected through a forensic tool.

B.

Metadata was collected from files and objects were listed in a notebook.

C.

A chain of custody form was filled with all items quantity and descriptions.

D.

Archive tagging was applied to all digital data and physical papers were stamped.

A company that has experienced steady growth for seasonal products in the last several years currently is reevaluating its production planning approach. The chase production plan initially requires 150 employees, then increases to 440 employees, and then decreases to 165 employees. Which of the following factors would be most relevant when evaluating the cost of this production planning approach?

A.

Inventory carrying cost

B.

Material cost

C.

Overhead cost

D.

Labor-related cost

A manufacturing facility uses common wireless technologies to communicate. The head of security is concerned about eavesdropping by attackers outside the perimeter fence. The distance between the facility and fence is at least 300 feet (100 m). Which of the following wireless technologies is MOST likely to be available to an attacker outside the fence?

A.

ZigBee

B.

Radio-Frequency Identification (RFID)

C.

Long-Term Evolution (LTE)

D.

Bluetooth

An organization processes healthcare data, stores credit card data, and must provide audited financial statements, each of which is controlled by a separate compliance standard. To support compliance against multiple standards and the testing of the greatest number of controls with a limited budget, how would the internal audit team BEST audit the organization?

A.

Conduct an integrated audit against the most stringent security controls.

B.

Combine the systems into a single audit and implement security controls per applicable standard.

C.

Combine the systems into a single audit against all of the associated security controls.

D.

Audit each system individually and implement the applicable standard specific security controls.

An advertising agency is working on a campaign for a prospective client. Competitors are working on a similar campaign and are interested in knowing what the firm has designed. What should the advertising agency do to BEST ensure intellectual property does not leave the organization?

A.

Protect the information by installing a Data Loss Prevention (DLP) system

B.

Block all organizational email communication with the competitor

C.

Install an Intrusion Prevention System (IPS)

D.

Encrypt the data on the servers and distribute private-key information to authorized users

During a security incident investigation, a security analyst discovered an unauthorized module was compiled into an application package as part of the application assembly phase. This incident occurred immediately prior to being digitally signed and deployed using a deployment pipeline.

Which of the following security controls would BEST prevent this type of incident in the future?

A.

Invoke code repository vulnerability scanning on a regularly scheduled basis.

B.

Implement Role-Based Access Controls (RBAC) in each component of the deployment pipeline.

C.

Encrypt the application package after being digitally signed.

D.

Implement a software Bill of Materials (BOM) for each application package.

After a recent threat modeling workshop, the organization has requested that the Chief Information Security Officer (CISO) implement zero trust (ZT) policies. What was the MOST likely threat identified in the workshop?

A.

Natural threats

B.

Elevation of privilege

C.

Repudiation

D.

Information disclosure

Which of the following BEST describes the purpose of black hat testing during an assessment?

A.

Assess systems without the knowledge of end-users.

B.

Focus on identifying vulnerabilities.

C.

Examine the damage or impact an adversary can cause.

D.

Determine the risk associated with unknown vulnerabilities.

Which of the following are compromised in an untrusted network using public key cryptography when a digitally signed message is modified without being detected?

A.

Integrity and authentication

B.

Integrity and non-repuditation

C.

Integrity and availability

D.

Confidentiality and availability

In which cloud computing model is Identify And Access Management (IAM) the responsibility of a service provider?

A.

Software As A Service (SaaS).

B.

Platform As A Service (PaaS).

C.

Desktop As A Service (DaaS).

D.

Infrastructure As A Service (IaaS).

An organization has hired a consultant to establish their Identity and Access Management (IAM) system. One of the consultant’s main priorities will be to understand the current state and establish visibility across the environment. How can the consultant start to establish an IAM governance process?

A.

Implement Attribute-Based Access Control (ABAC) process for sensitive applications.

B.

Determine authoritative identity sources.

C.

Understand connectivity to target applications.

D.

Implement Role-Based Access Control (RBAC) process for web-based applications.

A cybersecurity professional has been tasked with instituting a risk management function at a new organization. Which of the following is the MOST important step the professional should take in this endeavor?

A.

Determine the acceptable level of loss exposure at which the organization is comfortable operating.

B.

Conduct a gap assessment and produce a risk rating report for the executive leadership.

C.

Engage consultants to audit the organization against best practices and provide a risk report.

D.

Implement an enterprise Governance, Risk, and Compliance (GRC) management solution.

Why would a network administrator monitor Internet of Things (IoT) security differently than the security of standards network devices?

A.

IoT devices are not developed with cybersecurity in mind.

B.

IoT devices are unencrypted.

C.

IoT devices require Power over Ethernet.

D.

IoT devices are wireless.

Which of the following is the BEST type of fire extinguisher for a data center environment?

A.

Class A

B.

Class B

C.

Class C

D.

Class D