What is the GREATEST challenge of an agent-based patch management solution?
A. Time to gather vulnerability information about the computers in the program
B. Requires that software be installed, running, and managed on all participating computers
C. The significant amount of network bandwidth while scanning computers
D. The consistency of distributing patches to each participating computer
Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0 to integrate a third-party identity provider for a service?
A. Resource Servers are required to use passwords to authenticate end users.
B. Revocation of access of some users of the third party instead of all the users from the third party.
C. Compromise of the third party means compromise of all the users in the service.
D. Guest users need to authenticate with the third party identity provider.
By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the
A. confidentiality of the traffic is protected.
B. opportunity to sniff network traffic exists.
C. opportunity for device identity spoofing is eliminated.
D. storage devices are protected against availability attacks.
Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?
A. An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed.
B. An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject.
C. An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to.
D. An explanation of all the technologies employed by the collecting organization in gathering information on the data subject.
What is the purpose of an Internet Protocol (IP) spoofing attack?
A. To send excessive amounts of data to a process, making it unpredictable
B. To intercept network traffic without authorization
C. To disguise the destination address from a target's IP filtering devices
D. To convince a system that it is communicating with a known entity
Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized?
A. Information Owner (IO)
B. System Administrator
C. Business Continuity (BC) Manager
D. Chief Information Officer (CIO)
The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate future occurrences?
A. Encrypt disks on personal laptops
B. Issue cable locks for use on personal laptops
C. Create policies addressing critical information on personal laptops
D. Monitor personal laptops for critical information
Which of the following is the BEST way to protect an organization's data assets?
A. Monitor and enforce adherence to security policies.
B. Encrypt data in transit and at rest using up-to-date cryptographic algorithms.
C. Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.
D. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).
Which of the following is a term used to describe maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions?
A. Information Security Management System (ISMS)
B. Information Sharing and Analysis Centers (ISAC)
C. Risk Management Framework (RMF)
D. Information Security Continuous Monitoring (ISCM)
According to the (ISC)? ethics canon "act honorably, honestly, justly, responsibly, and legally," which order should be used when resolving conflicts?
A. Public safety and duties to principals, individuals, and the profession
B. Individuals, the profession, and public safety and duties to principals
C. Individuals, public safety and duties to principals, and the profession
D. The profession, public safety and duties to principals, and individuals
A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user's laptop. Which security mechanism addresses this requirement?
A. Hardware encryption
B. Certificate revocation list (CRL) policy
C. Trusted Platform Module (TPM)
D. Key exchange
International bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of the following?
A. General Data Protection Regulation (GDPR)
B. Palermo convention
C. Wassenaar arrangement
D. International Traffic in Arms Regulations (ITAR)
What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?
A. Demand risk
B. Process risk
C. Control risk
D. Supply risk
A large international organization that collects information from its consumers has contracted with a Software as a Service (SaaS) cloud provider to process this data. The SaaS cloud provider uses additional data processing to demonstrate other capabilities it wishes to offer to the data owner. This vendor believes additional data processing activity is allowed since they are not disclosing to other organizations. Which of the following BEST supports this rationale?
A. The data was encrypted at all times and only a few cloud provider employees had access.
B. As the data owner, the cloud provider has the authority to direct how the data will be processed.
C. As the data processor, the cloud provider has the authority to direct how the data will be processed.
D. The agreement between the two parties is vague and does not detail how the data can be used.
Which function does 802.1X provide?
A. Network intrusion detection system (NIDS)
B. Wireless access point (WAP)
C. Wi-Fi Protected Access (WPA)
D. Network Access Control (NAC)