Which of the following security design principles supports comprehensive and simple design and implementation
Which of the following security design principles supports comprehensive and simple design and
implementation of protection mechanisms, so that an unintended access path does not exist or
can be readily identified and eliminated?
What risk response is the most appropriate for this instance?
Rob is the project manager of the IDLK Project for his company. This project has a budget of
$5,600,000 and is expected to last 18 months. Rob has learned that a new law may affect how the
project is allowed to proceed – even though the organization has already invested over $750,000
in the project. What risk response is the most appropriate for this instance?
What will be the Single Loss Expectancy of the project?
Mark is the project manager of the NHQ project in StarTech Inc. The project has an asset valued
at $195,000 and is subjected to an exposure factor of 35 percent. What will be the Single Loss
Expectancy of the project?
Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level
FIPS 199 defines the three levels of potential impact on organizations: low, moderate, and high.
Which of the following are the effects of loss of confidentiality, integrity, or availability in a high
level potential impact?
What is he suggesting this as a countermeasure against?
John works as a professional Ethical Hacker. He has been assigned the project of testing the
security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to
attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP
printing capability from the server. He is suggesting this as a countermeasure against
__________.
What are the different categories of penetration testing?
Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are
attempting to break in. What are the different categories of penetration testing? Each correct
answer represents a complete solution. Choose all that apply.
Which of the following is violated in a shoulder surfing attack?
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the
premises of an organization. This attack is often performed by looking surreptitiously at the
keyboard of an employee’s computer while he is typing in his password at any access point such
as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?
Which of the following statements reflect the ‘Code of Ethics Canons’ in the ‘(ISC)2 Code of
Which of the following statements reflect the ‘Code of Ethics Canons’ in the ‘(ISC)2 Code of
Ethics’? Each correct answer represents a complete solution. Choose all that apply.
Which of the following are the different phases of system development life cycle?
The Systems Development Life Cycle (SDLC) is the process of creating or altering the systems;
and the models and methodologies that people use to develop these systems. Which of the
following are the different phases of system development life cycle? Each correct answer
represents a complete solution. Choose all that apply.
Which of the following activities integrates SOA software assets and establishes SOA logical environment depen
The service-oriented modeling framework (SOMF) introduces five major life cycle modeling
activities that drive a service evolution during design-time and run-time. Which of the following
activities integrates SOA software assets and establishes SOA logical environment
dependencies?