Which of the following is the risk calculation that the CIO is asking for?
The Chief Information Officer (CIO) has asked a security analyst to determine the estimated costs
associated with each potential breach of their database that contains customer information. Which of the
following is the risk calculation that the CIO is asking for?
Which of the following BEST describes the appropriate method of testing or technique to use in this scenario?
A security assurance officer is preparing a plan to measure the technical state of a customer’s enterprise.
The testers employed to perform the audit will be given access to the customer facility and network. The
testers will not be given access to the details of custom developed software used by the customer.
However the testers with have access to the source code for several open source applications and pieces
of networking equipment used at the facility, but these items will not be within the scope of the audit.
Which of the following BEST describes the appropriate method of testing or technique to use in this
scenario? (Select TWO)
Which of the following authentication services combines authentication and authorization in a use profile and
Which of the following authentication services combines authentication and authorization in a use profile
and use UDP?
which of the following is the BEST combination of factors?
A security administrator is designing an access control system, with an unlimited budget, to allow
authenticated users access to network resources. Given that a multifactor authentication solution is more
secure, which of the following is the BEST combination of factors?
Will Ann and Joe be able to run the file?
The access control list (ACL) for a file on a server is as follows:
User: rwx
User: Ann: r- –
User: Joe: r- –
Group: rwx
Group: sales: r-x
Other: r-x
Joe and Ann are members of the Human Resources group. Will Ann and Joe be able to run the file?
Which of the following should the consultant recommend to the company, in order to mitigate the risk of employ
Using a protocol analyzer, a security consultant was able to capture employee’s credentials. Which of the
following should the consultant recommend to the company, in order to mitigate the risk of employees
credentials being captured in the same manner in the future?
Which of the following will once defined, be the requirement for restoration of these systems within a certain
A Company has recently identified critical systems that support business operations. Which of the
following will once defined, be the requirement for restoration of these systems within a certain period of
time?
Which of the following practices are they following to ensure application integrity?
The software developer is responsible for writing the code and promoting from the development network
to the quality network. The network administrator is responsible for promoting code to the application
servers. Which of the following practices are they following to ensure application integrity?
Which of the following should Ann do to retrieve her email messages?
Ann is traveling for business and is attempting to use the hotel’s wireless network to check for new
messages. She selects the hotel’s wireless SSID from a list of networks and successfully connects. After
opening her email client and waiting a few minutes, the connection times out. Which of the following
should Ann do to retrieve her email messages?
Which of the following password attacks involves attempting all kinds of keystroke combinations on the keyboar
Which of the following password attacks involves attempting all kinds of keystroke combinations on the
keyboard with the intention to gain administrative access?