Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Which of the following mechanisms are PRIMARILY designed to thwart side channel attacks?

A.

Honeypots

B.

Adding listening devices

C.

Adding noise

D.

Acoustic cryptanalysis

Disaster Recovery (DR) training plan outcomes should have which KEY quality?

A.

Comprehensible

B.

Identifiable

C.

Measurable

D.

Editable

An organization has hired a consultant to establish their Identity and Access Management (IAM) system. One of the consultant’s main priorities will be to understand the current state and establish visibility across the environment. How can the consultant start to establish an IAM governance process?

A.

Implement Attribute-Based Access Control (ABAC) process for sensitive applications.

B.

Determine authoritative identity sources.

C.

Understand connectivity to target applications.

D.

Implement Role-Based Access Control (RBAC) process for web-based applications.

Which of the following are compromised in an untrusted network using public key cryptography when a digitally signed message is modified without being detected?

A.

Integrity and authentication

B.

Integrity and non-repuditation

C.

Integrity and availability

D.

Confidentiality and availability

Which of the following capacity planning methods uses the master production schedule (MPS) as its primary input?

A.

Resource planning

B.

Rough-cut capacity planning (RCCP)

C.

Finite loading

D.

Input/output analysis

An information security professional is enhancing the organization's existing information security awareness program through educational posters. Which of the following is the MOST effective location for poster placement?

A.

In a secure room inside the office

B.

Beside the copy machine

C.

Outside the office

D.

In the human resources area

An organization provides customer call center operations for major financial services organizations around the world. As part of a long-term strategy, the organization plans to add healthcare clients to the portfolio. In preparation for contract negotiations with new clients, to which cybersecurity framework(s) should the security team ensure the organization adhere?

A.

Control Objectives For Information And Related Technology (COBIT) and Health Insurance Portability And Accountability Act (HIPAA) frameworks

B.

National Institute Of Standards And Technology (NIST) and International Organization For Standardization (ISO) frameworks

C.

Frameworks specific to the industries and locations clients do business in

D.

Frameworks that fit the organization’s risk appetite, as cybersecurity does not vary industry to industry

A security practitioner has been asked to investigate the presence of customer Personally Identifiable Information (PII) on a social media website. Where does the practitioner begin?

A.

Initiate the organization’s Incident Response Plan (IRP).

B.

Review the organizational social media policy.

C.

Review logs of all user’s social media activity.

D.

Determine a list of information assets that contain PII.

An organization is looking to integrate security concepts into the code development process early in development to detect issues before the software is launched. Which advantage does the organization gain from using Static Application Security Testing (SAST) techniques versus dynamic application security testing techniques?

A.

Allows tailored techniques

B.

Executes code to detect issues

C.

Allows for earlier vulnerability detection

D.

Simulates attacker patterns

What is the MAIN privacy risk raised by federated identity solutions?

A.

The potential for tracking and profiling an individual's transactions

B.

The potential to break the chain of trust between identity brokers

C.

The potential for exposing an organization's sensitive business information

D.

The potential for unauthorized access to user attributes

The development team wants new commercial software to integrate into the current system. What steps can the security office take to ensure the software has no vulnerabilities?

A.

Ask the development team to reevaluate the current program and have a toolset developed securely within the organization.

B.

Request a copy of the most recent System and Organization Controls (SOC) report and/or most recent security audit reports and any vulnerability scans of the software code from the vendor.

C.

Purchase the software, deploy it in a test environment, and perform Dynamic Application Security Testing (DAST) on the software.

D.

Request a software demo with permission to have a third-party penetration test completed on it.

An organization currently has a network with 55,000 unique Internet Protocol (IP) addresses in their private Internet Protocol version 4 (IPv4) network range and has acquired another organization and must integrate their 25,000 endpoints with the existing, flat network topology. If subnetting is not implemented, which network class is implied for the organization’s resulting private network segment?

A.

A

B.

B

C.

C

D.

E

An organization wants to ensure a risk does not occur. The action taken is to eliminate the attack surface by uninstalling vulnerable software. Which risk response strategy did the organization take?

A.

Accepting risk

B.

Avoiding risk

C.

Mitigating risk

D.

Transferring risk

An organization’s computer incident responses team PRIMARY responds to which type of control?

A.

Administrative

B.

Detective

C.

Corrective

D.

presentative

Which of the following BEST describes an individual modifying something the individual is not supposed to?

A.

Exfiltration

B.

Tampering

C.

Spoofing

D.

Repudiation