What is the primary goal of change management in an organization?

Reducing the likelihood of service disruptions

Communicating to all affected stakeholders

Organizing the work associated with a change

Amy's organization uses quite a bit of open source software in their custom development work and she is concerned about the security impact of that use. What program can she deploy to help track the use of this software and identify outdated components?

Software Configuration Management (SCM)

Commericial-off-the-Shelf (COTS)

Security Orchestration, Automation, and Response (SOAR)

Which one of the following individuals or groups would be the most likely direct recipient of an audit report performed by an external auditor?

Chief Information Security Officer (CISO)

Chief Information Officer (CIO)

Rob is helping to conduct a risk assessment of a new web application that will shortly be deployed to production in his organization. To assist with his process, he sets up a web application scanning tool that will probe a test instance of the application overnight so that he can review the results in the morning. What term best describes the type of test that Rob is performing?

Dynamic Application Security Testing (DAST)

Interactive Application Security Testing (IAST)

Static Application Security Testing (SAST)

You are reviewing the security controls around your organization's WiFi network and want to ensure that only authorized users are able to access the network and that they are able to do so in a seamless manner. Which one of the following approaches would best meet this requirement?

WPA2 with enterprise authenticaiton

Francis is an identity and access management professional at a very large corporation. She is reviewing her organization's process for revoking access assigned to terminated employees. What action would BEST protect the organization against the risks associated with a terminated employee's account?

Revoke all permissions from the account

You would like to enhance your security assessment and testing program by including automated techniques that seek to exploit security vulnerabilities and report on discovered deficiencies. Which of the following assessment techniques would best meet this need?

Breach and attack simulation (BAS)

Carla is the security compliance officer for a large chain of retail stores. As part of her PCI DSS compliance work, Carla discovers that the organization routinely sends cardholder data to a service provider who helps detect fraudulent transactions. Under PCI DSS, what is Carla obligated to do?

Verify that the service provider appears on the list of validated service providers

Perform an annual penetration test of the service provider

Perform quarterly vulnerability scanning of the service provider

Review the results of an external audit of the service provider and ensure any criticalfindings are remediated

In an organization's identity management (IdM) program, which one of the following technologies is commonly used as an authorization mechanism for internal users?

Multifactor authentication (MFA)

You recently received a request from a user in the sales department to have access to records of past employees for use in developing business leads. This type of access has never been granted in the past. What would be the best course of action for you to take?

Refer the request to the data owner

Refuse the request because it violates past precedent

Grant the request because it aligns with business objectives

Your organization recently signed a contract with a service provider who will be maintaining manufacturing equipment at a variety of field sites. The provider requires access to some of your internal systems in order to view and update work orders so you are establishing connectivity to your network for them. The connection will be an always-on virtual private network (VPN) between your locations. What is the most appropriate location on your network to terminate the connection?

Demilitarized Zone (DMZ) network

As the Chief Information Security Officer (CISO) of a large organization, Justin is concerned that his team is unable to rapidly respond to many smaller incidents. He would like to have runbooks that automatically respond to simple events that occur on endpoints, network devices, and applications. What technology platform would best meet his needs?

Security orchestration, automation, and response (SOAR)

Security information and event management (SIEM)

Managed detection and response (MDR)

You are deploying a virtual private network (VPN) to support remote users who will be telecommuting but require access to internal resources. Where would be the most appropriate location to place the VPN server?

Demilitarized zone (DMZ) network

Outside the firewall on the public Internet

Which one of the following is the best example of a security awareness activity that might be used as part of an organization's information security program?

Mandatory computer-based training

Specialized training for security administrators

Lisa is attempting to prevent her network from being targeted by IP spoofing attacks as well as preventing her network from being the source of those attacks. Which of the following rules are best practices that Lisa should configure at her network border? (Select all that apply.)

Block packets with internal source addresses from entering the network.

Block packets with external source addresses from leaving the network.

Block packets with private IP addresses from exiting the network.

Block packets with public IP addresses from entering the network.

Fran is building a forensic analysis workstation and is selecting a forensic disk controller to include in the setup. Which of the following are functions of a forensic disk controller? (Select all that apply.)

Preventing the modification of data on a storage device

Returning data requested from the device

Reporting errors sent by the device to the forensic host

Blocking read commands sent to the device

Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system only after the local system starts communication. What type of firewall is Susan using?

A stateful packet inspection firewall

A static packet filtering firewall

An application-level gateway firewall

A circuit-level gateway firewall

Please refer to the following scenario: Ben owns a coffeehouse and wants to provide wireless internet service for his customers. Ben's network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices?

Set up a separate SSID using WPA3.

Run the open network in Enterprise mode.

Set up a separate wireless network using WEP.

CISSP Final

Professional Development

•

98 Qs

Similar activities

D40 MASTER THE DAY

Professional Development

•

100 Qs

PRETEST PPG 1

Professional Development

•

100 Qs

Nursing Practice 4

Professional Development

•

100 Qs

PPPK SOSIO KULTURAL

Professional Development

•

100 Qs

LEGISLACIÓN DE TRANSITO

Professional Development

•

100 Qs

Pilihan Ganda

Professional Development

•

100 Qs

PENYEGARAN IKM

Professional Development

•

100 Qs

Piping Design

Professional Development

•

94 Qs

CISSP Final

Quiz

•

Professional Development

•

Professional Development

•

Practice Problem

•

Easy

Sylvia Anderson

Used 8+ times

FREE Resource

98 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

In an infrastructure-as-a-service (IaaS) cloud model, who bears primary responsibility for securing physical and information assets?

Responsibility primarily rests with the customer

Responsibility primarily rests with the provider

Responsibility is shared between the customer and provider

Responsibility primarily rests with the cloud access security broker

MULTIPLE CHOICE QUESTION

1 min • 1 pt

In a federated identity access management solution, what task is most commonly handled by the identity provider (IdP)?

Identification

Authorization

Provisioning

Authentication

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You are working with a team of software and hardware developers on the creation of a new product that will deploy sensors to factory floors and then analyze the data from those sensors using a back-end SaaS solution. Before you develop the software, you would like to understand the potential paths that an attacker could take to undermine the security of the system. What activity would best provide you with this perspective?

Threat hunting

Threat modeling

Penetration testing

Vulnerability scanning

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You recently performed a vulnerability assessment and found hundreds of vulnerabilities in your organization's infrastructure. It will take months to address all of these issues. What factors should you use to prioritize these vulnerabilities?

Likelihood and probability

Impact and exploitability

Impact and CVSS score

Likelihood and impact

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You are attempting to secure a wired network belonging to your organization. You would like to deploy technology that limits network access to authorized users. Which one of the following technologies would best meet that need?

WiFi Protected Access v2 (WPA2)

WiFi Protected Access v3 (WPA3)

IEEE 802.1x

MAC filtering

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A user connected a device to your network and, when they open their web browser, are redirected to a website advising them that they have been placed on an isolation network because their system does not meet the organization's security requirements. They are unable to access any network resources until they remediate their device to comply with the organization's security policy. What type of security solution is in use on this network?

Intrusion Prevention System (IPS)

Configuration Management (CM) platform

Network Access Control (NAC)

Endpoint Detection and Response (EDR) platform

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You have been asked to assist in the investigation of a security incident that took place in your organization. You are handed a laptop computer that is powered off and asked to analyze the data contained on its hard drive. What action should you take first?

Remove the hard drive from the device

Power on the laptop

Connect to the hard drive with a forensic software package

Connect a write blocker to the device

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

100 questions

PRETEST PPG 1

Quiz

•

Professional Development

100 questions

ĐỀ THI NGHIỆP VỤ KSGN 10.2024

Quiz

•

Professional Development

100 questions

SOAL KFRC SMMS 401 - 500B

Quiz

•

Professional Development

100 questions

National Section Practice Exam - Appendix A

Quiz

•

Professional Development

99 questions

TRCN EXAM practice By Mr Ajibola

Quiz

•

Professional Development

100 questions

E-Test Posbakum

Quiz

•

Professional Development

100 questions

Pilihan Ganda

Quiz

•

Professional Development

100 questions

D40 MASTER THE DAY

Quiz

•

Professional Development

Popular Resources on Wayground

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Identify Iconic Christmas Movie Scenes

Interactive video

•

6th - 10th Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

11 questions

How well do you know your Christmas Characters?

Lesson

•

3rd Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

20 questions

How the Grinch Stole Christmas

Quiz

•

5th Grade

Discover more resources for Professional Development

15 questions

Fun Holiday Trivia

Quiz

•

Professional Development

20 questions

Christmas Trivia

Quiz

•

Professional Development

21 questions

Name that Holiday Movie

Quiz

•

Professional Development

CISSP Final

98 questions

In an infrastructure-as-a-service (IaaS) cloud model, who bears primary responsibility for securing physical and information assets?

In a federated identity access management solution, what task is most commonly handled by the identity provider (IdP)?

You recently performed a vulnerability assessment and found hundreds of vulnerabilities in your organization's infrastructure. It will take months to address all of these issues. What factors should you use to prioritize these vulnerabilities?

You are attempting to secure a wired network belonging to your organization. You would like to deploy technology that limits network access to authorized users. Which one of the following technologies would best meet that need?

You have been asked to assist in the investigation of a security incident that took place in your organization. You are handed a laptop computer that is powered off and asked to analyze the data contained on its hard drive. What action should you take first?

Carla is conducting an assessment of an organization using the Software Assurance Maturity Model (SAMM). She notes that the organization seems to have difficulty with defect management and will be reporting that finding. Which business function of SAMM includes defect management?

You are working with the team developing a new web application and you would like to perform a test that evaluates whether the application is able to successfully handle malicious input that it receives through that interface. Which one of the following activities would best meet this need?

What is the primary goal of change management in an organization?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development