Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?

Quality of Service (QoS) between applications

Availability of network services

Financial penalties in case of disruption

A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running ona specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?

Administrative privileges on the application folders

Administrative privileges on the OS

Administrative privileges on the web server

Administrative privileges on the hypervisor

A systems engineer is designing a wide area network (WAN) environment for a new organization. The WAN will connect sites holding information at various levels of sensitivity, from publicly available to highly confidential. The organization requires a high degree of interconnectedness to support existing business processes. What is the BEST design approach to securing this environment?

Layer multiple detective and preventative technologies at the environment perimeter.

Place firewalls around critical devices, isolating them from the rest of the environment. Place firewalls around critical devices, isolating them from the rest of the environment.

Use reverse proxies to create a secondary "shadow" environment for critical systems.

Align risk across all interconnected elements to ensure critical threats are detected and handled.

An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user’s browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?

Extensible Markup Language (XML) external entities

Cross-Site Request Forgery (CSRF)

Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?

Enable management to make well-informed risk-based decisions justifying security expenditure.

Focus on operating environments that are changing, evolving, and full of emerging threats.

Secure information technology (IT) systems that store, process, or transmit organizational information.

Provide an improved mission accomplishment approach

Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?

Common Vulnerability Scoring System (CVSS)

Common Vulnerabilities and Exposures (CVE)

Center for Internet Security (CIS)

Open Web Application Security Project (OWASP)

Which of the following is a limitation of the Bell-LaPadula model

Segregation of duties (SoD) is difficult to implement as the "no read-up" rule limits the ability of an object to access information with a higher classification

Mandatory access control (MAC) is enforced at all levels making discretionary access control (DAC) impossible to implement.

It contains no provision or policy for changing data access control and works well only with access systems that are static in nature.

It prioritizes integrity over confidentiality which can lead to inadvertent information disclosure.

Which of the following is the BEST option to reduce the network attack surface of a system?

Facilitate a root cause analysis (RCA)

Lower costs throughout the System Development Life Cycle (SDLC)

Enable generation of corrective action reports

A financial organization that works according to agile principles has developed a new application for their external customer base to request a line of credit. A security analyst has been asked to assess the security risk of the minimum viable product (MVP). Which is the MOST important activity the analyst should assess?

The software has the correct functionality.

The software has been code reviewed.

The software had been branded according to corporate standards,

The software has been signed off for release by the product owner.

When configuring Extensible Authentication Protocol (EAP) in a Voice over Internet Protocol (VoIP) network, which of the following authentication types is the MOST secure?

EAP-Tunneled Transport Layer Security (TLS)

EAP-Transport Layer Security (TLS)

EAP-Flexible Authentication via Secure Tunneling

EAP-Protected Extensible Authentication Protocol (PEAP)

A firm within the defense industry has been directed to comply with contractual requirements for encryption of a government client’s Controlled Unclassified Information (CUI). What encryption strategy represents how to protect data at rest in the MOST efficient and cost-effective manner?

Perform logical separation of program information, using virtualized storage solutions with encryption management in the back-end disk systems

Perform physical separation of program information and encrypt only information deemed critical by the defense client

Perform logical separation of program information, using virtualized storage solutions with built-in encryption at the virtualization layer

Implement data at rest encryption across the entire storage area network (SAN)

hat industry-recognized document could be used as a baseline reference that is related to data security and business operations for conducting a security assessment?

Service Organization Control (SOC) 2 Type 2

Service Organization Control (SOC) 1 Type 2

Service Organization Control (SOC) 2 Type 1

Service Organization Control (SOC) 1 Type 1

Ascan report returned multiple vulnerabilities affecting several production servers that are mission critical. Attempts to apply the patches in the development environment have caused the servers to crash. What is the BEST course of action?

Mitigate the risks with compensating controls.

Upgrade the software affected by the vulnerability.

Inform management of possible risks.

Remove the affected software from the servers

Which of the following would be the BEST guideline to follow when attempting to avoid the exposure of sensitive data?

Store sensitive data only when necessary.

Educate end-users on methods of attacks on sensitive data.

Establish report parameters for sensitive data.

Monitor mail servers for sensitive data being exfiltrated.

Which application type is considered high risk and provides a common way for malware and viruses to enter a network?

Instant messaging or chat applications

Peer-to-Peer (P2P) file sharing applications

A software architect has been asked to build a platform to distribute music to thousands of users on a global scale. The architect has been reading about content delivery networks (CDN). Which of the following is a principal task to undertake?

Establish a media caching methodology.

Establish a service-oriented architecture (SOA).

Establish relationships with hundreds of Internet service providers (ISP).

Establish a low-latency wide area network (WAN).

Which of the following BEST describes centralized identity management?

Service providers agree to integrate identity system recognition across organizational boundaries

Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers.

Service providers identify an entity by behavior analysis versus an identification factor

Service providers perform as both the credential and identity provider (IdP).

What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?

Information Rights Management (IRM)

What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?

Reduces the risk of polymorphic viruses from encrypting their payload

Identifies which security patches still need to be installed on the system

Stops memory resident viruses from propagating their payload

Helps prevent certain exploits that store code in buffers

The Chief Information Security Officer (CISO) is to establish a single, centralized, and relational repository to hold all information regarding the software and hardware assets. Which of the following solutions would be the BEST option?

)Configuration Management Database (CMDB)

Information Security Management System (ISMS)

Information Technology Asset Management (ITAM)

Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?

Executive summary with full details

In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?

iImplement and review risk-based alerts.

Create policies for system access.

When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?

The RPO is the minimum amount of data that needs to be recovered.

The RPO is a goal to recover a targeted percentage of data lost.

The RPO is the maximum amount of time for which loss of data is acceptable.

The RPO is the amount of time it takes to recover an acceptable percentage of data lost.

The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a destructive virus. After obtaining a sample set of this virus’ variants and reverse engineering them to understand how they work, a commonality was found. All variants are coded to write to a specific memory location. It is determined this virus is of no threat to the organization because they had the foresight to enable what feature on all endpoints?

Address Space Layout Randomization (ASLR)

n information technology (IT) employee who travels frequently to various countries remotely connects to an organization's resources to troubleshoot problems. Which of the following solutions BEST serves as a secure control mechanism to meet the organization's requirements?

implement a Dynamic Domain Name Services (DDNS) account to initiate a virtual private network (VPN) using the DDNS record.

Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.

Install a third-party screen sharing solution that provides remote connection from a public website.

Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access

Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?

Prevent information about browsing activities from being stored in the cloud.

Store browsing activities in the cloud.

Prevent information about browsing activities from being stored on the personal device.

Store information about browsing activities on the personal device.

Which of the following types of firewall only examines the “handshaking” between packets before forwarding traffic

Network Address Translation (NAT) firewalls

The security team plans on using automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with fewest errors when running the audit?

Removal of service accounts from review

Which of the following is included in change management

User Acceptance Testing (UAT) before implementation

Technical review by business owner

Cost-benefit analysis (CBA) after implementation

Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?

Runtime application self-protection (RASP)

Security Assertion Markup Language (SAML)

Web application vulnerability scanners

Choloe

Authored by Vernice Gaylor

Other

12th Grade

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

101 questions

Show all answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which of the following is the PRIMARY purpose of installing a mantrap within a facility?

Control traffic

Prevent rapid movement

|Prevent piggybacking

Control air flow

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place?

Whitelisting application

Network segmentation

Hardened configuration

Blacklisting application

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

File Integrity Checker

Security information and event management (SIEM) system

Audit Logs

Intrusion detection system (IDS)

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An organization with divisions in the United States (US) and the United Kingdom (UK) processes data comprised of personal information belonging to subjects living in the
European Union (EU) and in the US. Which data MUST be handled according to the privacy protections of General Data Protection Regulation (GDPR)?

Only the EU citizens’ data

Only the EU residents’ data

Only the UK citizens' data

Only data processed in the UK

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following has the responsibility of information technology (IT) governance?

Chief Information Officer (CIO)

Senior IT Management

Board of Directors

Chief Information Security Officer (CISO)

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Dumpster diving is a technique used in which stage of penetration testing methodology?

Attack

Discovery

Reporting

Planning

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the MOST common cause of Remote Desktop Protocol (RDP) compromise?

Brute force attack

POrt Scan

Remote Exploit

Social Engineering

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

100 questions

Personal Finance Final Exam

Quiz

•

12th Grade - University

100 questions

Government

Quiz

•

9th - 12th Grade

100 questions

x quiz by Duong Do Nhat

Quiz

•

1st Grade - Professio...

100 questions

Маркетинговый анализ

Quiz

•

12th Grade

100 questions

9-12 Quiz (Sept. 8-11)

Quiz

•

12th Grade

99 questions

Rabbit Quiz 1

Quiz

•

12th Grade

98 questions

Customer Service Quiz

Quiz

•

12th Grade

101 questions

Ultimate Logo Quiz

Quiz

•

4th Grade - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Other

20 questions

-AR -ER -IR present tense

Quiz

•

10th - 12th Grade

15 questions

Making Inferences

Quiz

•

7th - 12th Grade

12 questions

Add and Subtract Polynomials

Quiz

•

9th - 12th Grade

7 questions

How James Brown Invented Funk

Interactive video

•

10th Grade - University

15 questions

Atomic Habits: Career Habits

Lesson

•

9th - 12th Grade

20 questions

Banking

Quiz

•

9th - 12th Grade

15 questions

Exponential Growth and Decay Word Problems Practice

Quiz

•

9th - 12th Grade

18 questions

AP Bio Insta-Review Topic 6.1*: DNA & RNA Structure

Quiz

•

9th - 12th Grade

Choloe

Which of the following is the PRIMARY purpose of installing a mantrap within a facility?

A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place?

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

Which of the following has the responsibility of information technology (IT) governance?

Dumpster diving is a technique used in which stage of penetration testing methodology?

What is the MOST common cause of Remote Desktop Protocol (RDP) compromise?

An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference architecture would mobiledevices be tracked?

Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over InternetProtocol (VoIP) services?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference architecture would mobile
devices be tracked?

Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet
Protocol (VoIP) services?