An organization allows ping traffic into and out of their network. An attacker has installed a program
on the network that uses the payload portion of the ping packet to move data into and out of the
network. What type of attack has the organization experienced?

Which of the following can BEST prevent security flaws occurring in outsourced software
development?

Which of the following is the MAIN reason that system re-certification and re-accreditation are
needed?

An external attacker has compromised an organization’s network security perimeter and installed a
sniffer onto an inside computer. Which of the following is the MOST effective layer of security the
organization could have implemented to mitigate the attacker’s ability to gain further information?

A security consultant has been asked to research an organization’s legal obligations to protect
privacy-related information. What kind of reading material is MOST relevant to this project?

According to best practice, which of the following groups is the MOST effective in performing an
information security compliance audit?

When is security personnel involvement in the Systems Development Life Cycle (SDLC) process
MOST beneficial?

A large bank deploys hardware tokens to all customers that use their online banking system. The
token generates and displays a six digit numeric password every 60 seconds. The customers must log
into their bank accounts using this numeric password. This is an example of

Which of the following is the BEST reason to review audit logs periodically?

What is the PRIMARY reason for ethics awareness and related policy implementation?