Q111. Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?
A. Challenge Handshake Authentication Protocol (CHAP)
B. Point-to-Point Protocol (PPP)
C. Extensible Authentication Protocol (EAP)
D. Password Authentication Protocol (PAP)
Answer: A
Q112. An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?
A. Provide the encrypted passwords and analysis tools to the auditor for analysis.
B. Analyze the encrypted passwords for the auditor and show them the results.
C. Demonstrate that non-compliant passwords cannot be created in the system.
D. Demonstrate that non-compliant passwords cannot be encrypted in the system.
Answer: C
Q113. What is the MOST critical factor to achieve the goals of a security program?
A. Capabilities of security resources
B. Executive management support
C. Effectiveness of security management
D. Budget approved for security resources
Answer: B
Q114. Discretionary Access Control (DAC) restricts access according to
A. data classification labeling.
B. page views within an application.
C. authorizations granted to the user.
D. management accreditation.
Answer: C
Q115. Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?
A. Immediately document the.finding and.report to senior management.
B. Use system privileges to alter the permissions to secure the server
C. Continue the testing to its completion and then inform IT management
D. Terminate the penetration test and pass the finding to the server management team
Answer: A
Q116. Which security action should be taken FIRST when computer personnel are terminated from their jobs?
A. Remove their computer access
B. Require them to turn in their badge
C. Conduct an exit interview
D. Reduce their physical access level to the facility
Answer: A
Q117. The PRIMARY outcome of a certification process is that it provides documented
A. system weaknesses for remediation.
B. standards for security assessment, testing, and process evaluation.
C. interconnected systems and their implemented security controls.
D. security analyses needed to make a risk-based decision.
Answer: D
Q118. Regarding asset security and appropriate retention,.which of the following INITIAL.top three areas are.important.to focus on?
A. Security control baselines, access controls, employee awareness and training
B. Human resources, asset management, production management
C. Supply chain lead time, inventory control, encryption
D. Polygraphs, crime statistics, forensics
Answer: A
Q119. Refer.to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Which of the following is considered the MOST important priority for the information security officer?
A. Formal acceptance of the security strategy
B. Disciplinary actions taken against unethical behavior
C. Development of an awareness program for new employees
D. Audit of all organization system configurations for faults
Answer: A
Q120. What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?
A. Physical access to the electronic hardware
B. Regularly scheduled maintenance process
C. Availability of the network connection
D. Processing delays
Answer: A