Q91. Refer.to the information below to answer the question. 

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. 

Which of the following will MOST likely allow the organization to keep risk at an acceptable level? 

A. Increasing the amount of audits performed by third parties 

B. Removing privileged accounts from operational staff 

C. Assigning privileged functions to appropriate staff 

D. Separating the security function into distinct roles 

Answer:


Q92. An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern? 

A. Availability 

B. Confidentiality 

C. Integrity 

D. Ownership 

Answer:


Q93. Which of the following has the GREATEST impact on an organization's security posture? 

A. International and country-specific compliance requirements 

B. Security.violations by employees and contractors 

C. Resource constraints due to increasing costs of supporting security 

D. Audit findings related to employee access and permissions process 

Answer:


Q94. A large university needs to enable student.access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment? 

A. Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software. 

B. Use Secure Sockets Layer (SSL) VPN technology. 

C. Use Secure Shell (SSH) with public/private keys. 

D. Require students to purchase home router capable of VPN. 

Answer:


Q95. What is the PRIMARY advantage of using automated application security testing tools? 

A. The application can be protected in the production environment. 

B. Large amounts of code can be tested using fewer resources. 

C. The application will fail less when tested using these tools. 

D. Detailed testing of code functions can be performed. 

Answer:


Q96. While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following.is the correct procedure for handling such 

equipment? 

A. They should be recycled to save energy. 

B. They should be recycled according to NIST SP 800-88..

C. They should be inspected and sanitized following the organizational policy. 

D. They should be inspected and categorized properly to sell them for reuse. 

Answer:


Q97. Which one of the following considerations has the LEAST impact when considering transmission security? 

A. Network availability 

B. Data integrity 

C. Network bandwidth 

D. Node locations 

Answer:


Q98. DRAG DROP 

Place the following information classification steps in.sequential order. 

Answer: 


Q99. What maintenance activity is responsible for defining, implementing, and testing updates to application systems? 

A. Program change control 

B. Regression testing 

C. Export exception control 

D. User acceptance testing 

Answer:


Q100. What does secure authentication with logging provide? 

A. Data integrity 

B. Access accountability 

C. Encryption logging format 

D. Segregation of duties 

Answer: