Ensurepass  QUESTION 91 When should procedures be evaluated? A. When new functional users join an organization B. On the anniversary of the procedures' implementation C. Each time procedures are used D. Whenever business processes are modified E. When new exploits and attacks are discovered Answer: D  QUESTION 92 Which principle of secure design states that a security mechanism's methods must be testable? A. Separation of privilege B. Least common mechanism C. Complete Read more [...]
Ensurepass  QUESTION 81 You are a system administrator for a pool of Web servers. The vendor who sells your Web server posts a patch and sample exploit for a newly discovered vulnerability. You will take all of the actions listed below. Which of the following actions should you take first? A. Run the sample exploit against a test server. B. Run the sample exploit against a production server. C. Apply the patch to all production servers. D. Test the patch on a production server. E. Test Read more [...]
Ensurepass  QUESTION 71 What is the purpose of resource isolation? A. To reduce the level of broadcast traffic on physical segments. B. To ensure that anyone accessing a resource has appropriate integrity. C. To automate the creation of access control lists and Trusted Computing Bases. D. To enforce access controls, and clearly separate resources from each other. E. To make people buy more computers than they really need. Answer: D  QUESTION 72 _________ intrusion-detection Read more [...]
Ensurepass  QUESTION 61 Maintenance of the Business Continuity Plan (BCP) must be integrated with________an organization's process. A. Change-control B. Disaster-recovery C. Inventory-maintenance D. Discretionary-budget E. Compensation-review Answer: A  QUESTION 62 A _____________ attack uses multiple systems to launch a coordinated attack. A. Distributed denial-of-service B. Teardrop C. Birthday D. FTP Bounce E. Salami Answer: A  QUESTION 63 You are considering Read more [...]
Ensurepass  QUESTION 51 _________ involves gathering pieces of information and drawing a conclusion, whose sensitivity exceeds any of the Individual pieces of Information. A. Inference B. Social engineering C. Movement analysis D. Communication-pattern analysis E. Aggregation Answer: E  QUESTION 52 What is mandatory sign-on? An authentication method that: A. uses smart cards, hardware tokens, and biometrics to authenticate users; also known as three-factor authentication Read more [...]
Ensurepass  QUESTION 41 A __________ posture provides many levels of security possibilities, for access control. A. Layered defensive B. Multipleoffensive C. Flat defensive D. Reactive defensive E. Proactive offensive Answer: A  QUESTION 42 A(n) ___________ is the first step for determining which technical information assets should be protected. A. Network diagram B. Business Impact Analysis C. Office floor plan D. Firewall E. Intrusion detection system Answer: Read more [...]
Ensurepass  QUESTION 31 What type of document contains information on alternative business locations, IT resources, and personnel? A. End-user license agreement B. Nondisclosure agreement C. Acceptable use policy D. Security policy E. Business continuity plan Answer: E  QUESTION 32 Distinguish between the role of the data owner and the role of the data custodian. Complete the following sentence. The data owner is the: A. department in the organization responsible for Read more [...]
Ensurepass  QUESTION 21 Which of the following best describes an external intrusion attempt on a local-area network (LAN)? A. Internal users try to gain unauthorized access to information assets outside the organizational perimeter. B. External-intrusion attempts from sources outside the LAN are not granted permissions or rights to an organization's information assets C. External users attempt to access public resources. D. External intruders attempt exploitation of vulnerabilities, Read more [...]
Ensurepass  QUESTION 11 What must system administrators do when they cannot access a complete i testing? A. Extrapolate results from a limited subset. B. Eliminate the testing phase of change control. C. Request additional hardware and software. D. Refuse to implement change requests. E. Deploy directly to the production environment. Answer: A  QUESTION 12 To protect its information assets, ABC Company purchases a safeguard that costs $60,000. The annual cost to maintain Read more [...]
Ensurepass  QUESTION 1 Which of the following is NOT a restriction, for partners accessing internal corporate resources through an extranet? A. Preventing modification of restricted information B. Using restricted programs, to access databases and other information resources C. Allowing access from any location D. Preventing access to any network resource, other than those explicitly permitted E. Viewing inventory levels for partner products only Answer: C  QUESTION 2 Which Read more [...]