Loading questions...
Updated
What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?
In a DevOps environment, which of the following actions is MOST necessary to have confidence in the quality of the changes being made?
What is the MAIN purpose of a security assessment plan?
What documentation is produced FIRST when performing an effective physical loss control process?
Which organizational department is ultimately responsible for information governance related to e-mail and other e-records?
A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The audit logging gene has extremely high amount of logs. What is the MOST appropriate strategy for the log retention?
In Federated Identity Management (FIM), which of the following represents the concept of federation?
Which of the following is an indicator that a company's new user security awareness training module has been effective?
An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?
Using the cipher text and resultant cleartext message to derive the monoalphabetic cipher key is an example of which method of cryptanalytic attack?
Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations?
When developing an organization's information security budget, it is important that the:
A subscription service which provides power, climate control, raised flooring, and telephone wiring but NOT the computer and peripheral equipment is BEST described as a:
An international trading organization that holds an International Organization for Standardization (ISO) 27001 certification is seeking to outsource their security monitoring to a managed security service provider (MSSP). The trading organization's security officer is tasked with drafting the requirements that need to be included in the outsourcing contract. Which of the following MUST be included in the contract?
Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?
What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?
Which of the following is MOST appropriate to collect evidence of a zero-day attack?
When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?
The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?
Which of the following criteria ensures information is protected relative to its importance to the organization?
What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?
Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?
An organization has requested storage area network (SAN) disks for a new project. What Redundant Array of Independent Disks (RAID) level provides the BEST redundancy and fault tolerance?
Physical assets defined in an organization's business impact analysis (BIA) could include which of the following?
An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?