What is the primary goal of change management in an organization?

Reducing the likelihood of service disruptions

Communicating to all affected stakeholders

Organizing the work associated with a change

Amy's organization uses quite a bit of open source software in their custom development work and she is concerned about the security impact of that use. What program can she deploy to help track the use of this software and identify outdated components?

Software Configuration Management (SCM)

Commericial-off-the-Shelf (COTS)

Security Orchestration, Automation, and Response (SOAR)

Which one of the following individuals or groups would be the most likely direct recipient of an audit report performed by an external auditor?

Chief Information Security Officer (CISO)

Chief Information Officer (CIO)

Rob is helping to conduct a risk assessment of a new web application that will shortly be deployed to production in his organization. To assist with his process, he sets up a web application scanning tool that will probe a test instance of the application overnight so that he can review the results in the morning. What term best describes the type of test that Rob is performing?

Dynamic Application Security Testing (DAST)

Interactive Application Security Testing (IAST)

Static Application Security Testing (SAST)

You are reviewing the security controls around your organization's WiFi network and want to ensure that only authorized users are able to access the network and that they are able to do so in a seamless manner. Which one of the following approaches would best meet this requirement?

WPA2 with enterprise authenticaiton

Francis is an identity and access management professional at a very large corporation. She is reviewing her organization's process for revoking access assigned to terminated employees. What action would BEST protect the organization against the risks associated with a terminated employee's account?

Revoke all permissions from the account

You would like to enhance your security assessment and testing program by including automated techniques that seek to exploit security vulnerabilities and report on discovered deficiencies. Which of the following assessment techniques would best meet this need?

Breach and attack simulation (BAS)

Carla is the security compliance officer for a large chain of retail stores. As part of her PCI DSS compliance work, Carla discovers that the organization routinely sends cardholder data to a service provider who helps detect fraudulent transactions. Under PCI DSS, what is Carla obligated to do?

Verify that the service provider appears on the list of validated service providers

Perform an annual penetration test of the service provider

Perform quarterly vulnerability scanning of the service provider

Review the results of an external audit of the service provider and ensure any criticalfindings are remediated

In an organization's identity management (IdM) program, which one of the following technologies is commonly used as an authorization mechanism for internal users?

Multifactor authentication (MFA)

You recently received a request from a user in the sales department to have access to records of past employees for use in developing business leads. This type of access has never been granted in the past. What would be the best course of action for you to take?

Refer the request to the data owner

Refuse the request because it violates past precedent

Grant the request because it aligns with business objectives

Your organization recently signed a contract with a service provider who will be maintaining manufacturing equipment at a variety of field sites. The provider requires access to some of your internal systems in order to view and update work orders so you are establishing connectivity to your network for them. The connection will be an always-on virtual private network (VPN) between your locations. What is the most appropriate location on your network to terminate the connection?

Demilitarized Zone (DMZ) network

As the Chief Information Security Officer (CISO) of a large organization, Justin is concerned that his team is unable to rapidly respond to many smaller incidents. He would like to have runbooks that automatically respond to simple events that occur on endpoints, network devices, and applications. What technology platform would best meet his needs?

Security orchestration, automation, and response (SOAR)

Security information and event management (SIEM)

Managed detection and response (MDR)

You are deploying a virtual private network (VPN) to support remote users who will be telecommuting but require access to internal resources. Where would be the most appropriate location to place the VPN server?

Demilitarized zone (DMZ) network

Outside the firewall on the public Internet

Which one of the following is the best example of a security awareness activity that might be used as part of an organization's information security program?

Mandatory computer-based training

Specialized training for security administrators

Lisa is attempting to prevent her network from being targeted by IP spoofing attacks as well as preventing her network from being the source of those attacks. Which of the following rules are best practices that Lisa should configure at her network border? (Select all that apply.)

Block packets with internal source addresses from entering the network.

Block packets with external source addresses from leaving the network.

Block packets with private IP addresses from exiting the network.

Block packets with public IP addresses from entering the network.

Fran is building a forensic analysis workstation and is selecting a forensic disk controller to include in the setup. Which of the following are functions of a forensic disk controller? (Select all that apply.)

Preventing the modification of data on a storage device

Returning data requested from the device

Reporting errors sent by the device to the forensic host

Blocking read commands sent to the device

Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system only after the local system starts communication. What type of firewall is Susan using?

A stateful packet inspection firewall

A static packet filtering firewall

An application-level gateway firewall

A circuit-level gateway firewall

Please refer to the following scenario: Ben owns a coffeehouse and wants to provide wireless internet service for his customers. Ben's network is simple and uses a single consumer-grade wireless router and a cable modem connected via a commercial cable data contract. Ben intends to run an open (unencrypted) wireless network. How should he connect his business devices?

Set up a separate SSID using WPA3.

Run the open network in Enterprise mode.

Set up a separate wireless network using WEP.

CISSP Final

Professional Development

•

98 Qs

Similar activities

LATIHAN SOAL PEDAGOGIK BY RISKA LISMAYANTI

Professional Development

•

100 Qs

GA4 GAds

Professional Development

•

100 Qs

PART 6

Professional Development

•

100 Qs

POLA KALIMAT 4-6 BAYU

Professional Development

•

100 Qs

Soal PPPK Teknis Pejuang NIP

Professional Development

•

100 Qs

Kiến thức chung

Professional Development

•

100 Qs

NURSING PRACTICE 2 📌 FINAL PROOF READ MAY NLE 2022

Professional Development

•

100 Qs

Buying a car

Professional Development

•

100 Qs

CISSP Final

Quiz

•

Professional Development

•

Professional Development

•

Practice Problem

•

Easy

Sylvia Anderson

Used 8+ times

FREE Resource

98 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

In an infrastructure-as-a-service (IaaS) cloud model, who bears primary responsibility for securing physical and information assets?

Responsibility primarily rests with the customer

Responsibility primarily rests with the provider

Responsibility is shared between the customer and provider

Responsibility primarily rests with the cloud access security broker

MULTIPLE CHOICE QUESTION

1 min • 1 pt

In a federated identity access management solution, what task is most commonly handled by the identity provider (IdP)?

Identification

Authorization

Provisioning

Authentication

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You are working with a team of software and hardware developers on the creation of a new product that will deploy sensors to factory floors and then analyze the data from those sensors using a back-end SaaS solution. Before you develop the software, you would like to understand the potential paths that an attacker could take to undermine the security of the system. What activity would best provide you with this perspective?

Threat hunting

Threat modeling

Penetration testing

Vulnerability scanning

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You recently performed a vulnerability assessment and found hundreds of vulnerabilities in your organization's infrastructure. It will take months to address all of these issues. What factors should you use to prioritize these vulnerabilities?

Likelihood and probability

Impact and exploitability

Impact and CVSS score

Likelihood and impact

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You are attempting to secure a wired network belonging to your organization. You would like to deploy technology that limits network access to authorized users. Which one of the following technologies would best meet that need?

WiFi Protected Access v2 (WPA2)

WiFi Protected Access v3 (WPA3)

IEEE 802.1x

MAC filtering

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A user connected a device to your network and, when they open their web browser, are redirected to a website advising them that they have been placed on an isolation network because their system does not meet the organization's security requirements. They are unable to access any network resources until they remediate their device to comply with the organization's security policy. What type of security solution is in use on this network?

Intrusion Prevention System (IPS)

Configuration Management (CM) platform

Network Access Control (NAC)

Endpoint Detection and Response (EDR) platform

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You have been asked to assist in the investigation of a security incident that took place in your organization. You are handed a laptop computer that is powered off and asked to analyze the data contained on its hard drive. What action should you take first?

Remove the hard drive from the device

Power on the laptop

Connect to the hard drive with a forensic software package

Connect a write blocker to the device

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

96 questions

Practice Praxis Test 5205

Quiz

•

Professional Development

100 questions

Engineering Management

Quiz

•

Professional Development

101 questions

D4(RAH) MASTER THE DAY

Quiz

•

Professional Development

100 questions

Kompetensi Teknis HOTS

Quiz

•

Professional Development

100 questions

Traffic Code

Quiz

•

Professional Development

100 questions

TEST ECTP BULAN KE-2

Quiz

•

Professional Development

100 questions

DATOS, TRANS, LBRL, EAA, CONTRATOS, OFI 2, 3 y 4_AYTO SEVILLA

Quiz

•

Professional Development

100 questions

Hacker Academy - Ethical Hacking Quiz

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

100 questions

Screening Test Customer Service

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

10 questions

Reading a ruler in Inches

Quiz

•

4th Grade - Professio...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

CISSP Final

98 questions

In an infrastructure-as-a-service (IaaS) cloud model, who bears primary responsibility for securing physical and information assets?

In a federated identity access management solution, what task is most commonly handled by the identity provider (IdP)?

You recently performed a vulnerability assessment and found hundreds of vulnerabilities in your organization's infrastructure. It will take months to address all of these issues. What factors should you use to prioritize these vulnerabilities?

You are attempting to secure a wired network belonging to your organization. You would like to deploy technology that limits network access to authorized users. Which one of the following technologies would best meet that need?

You have been asked to assist in the investigation of a security incident that took place in your organization. You are handed a laptop computer that is powered off and asked to analyze the data contained on its hard drive. What action should you take first?

Carla is conducting an assessment of an organization using the Software Assurance Maturity Model (SAMM). She notes that the organization seems to have difficulty with defect management and will be reporting that finding. Which business function of SAMM includes defect management?

You are working with the team developing a new web application and you would like to perform a test that evaluates whether the application is able to successfully handle malicious input that it receives through that interface. Which one of the following activities would best meet this need?

What is the primary goal of change management in an organization?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development