a cybersecurity company. He is currently examining a third-party vendor and finds a way to use SQLi to deface their web server due to a missing patch in the company's web application. What is the threat of doing business with this organization?Web defacementUnpatched applicationsHackersEducation awareness64 Your organization's primary network backup server went down at midnight. Your RPO is nine hours. At what time will you exceed the business process recovery tolerably, given the volume of data that has been lost in that time frame?6 A.M.9 A.M. Noon3 P.M.
65 Your company needs to decide on a data backup plan strategy. You established your RPO as 8 hours, and your RTO after any disaster, man-made or natural, as 48 hours. These RTOs were established by the business owner while developing the BIA. The RTO includes which of the following?Recovery, testing, and communicationsDecision timeParallel processingOnly the time for trying to fix the problem without a recovery
66 Your organization has a new policy to implement security based on least privilege and separation of duties. A key component is making a decision on data access. They decided it is BEST made by which of the following roles?Data stewardData ownerUser/managerSenior management
67 You are hired by an insurance company as their new data custodian. Which of the following best describes your new responsibilities?Writing and proofing administrative documentationEnsuring accessibility and appropriate access using policy and data ownership guidelinesConducting an audit of the data's strategic, tactical, and operation (STO) controlsImproving the data consistency and increasing data integration
68 Your healthcare organization decided to begin outsourcing some IT systems. Which of the following statements is true?All outsourcing frees your organization from any rules or requirements.All compliance and regulatory requirements are passed on to the provider.The IT systems are no longer configured, maintained, or evaluated by your organization.The outsourcing organization is free from any rules or regulations.
69 You work as a security analyst for a large banking organization that is about to disclose to the public that a substantial breach occurred. You are called into a meeting with the CISO and CEO to discuss how to ensure proper forensic action took place and that the incident response team responded appropriately. Which of these should you ensure happens after the incident?Avoid conflict of interest by hiring outside counselCreation of forensic images of all mission-critical servers Formal investigation performed by yourself without law enforcementIncident treated as though a crime had been committed
70 Bob is the owner of a website that provides information to healthcare providers. He is concerned that the PHI data he is storing falls under the jurisdiction of HIPAA. How does he ensure that he removes the data correctly?By deleting the suspected PHI data on the driveBy degaussing the drives that hold suspected PHI dataBy determining how long to keep the healthcare data securely encrypted and then using a drive-wipe utilityBy adding SSDs to the web server and storing used drives in a physically secured location
71 Your U.S.-based company manufactures children's clothing and is contemplating expanding their business into the European Union. You are concerned about regulation and compliance. What should your organization examine first?Payment Card IndustryGeneral Data Protection RegulationChildren's Online Privacy ProtectionFamily Educational Rights and Privacy Act
72 A company outsourced payroll and is concerned about whether the right technical and legal agreements are in place. Data is viewed and stored by a third party, and an agreement needs to be set in place about that data. Which type of interoperability agreement can you use to make sure the data is encrypted while in transit and at rest?BPAMOUISANDA
73 You decided to start a new consulting business. You began the risk analysis process and developed employee policies and researched and tested third-party security. What is the next riskiest problem for SOHO?Mobile devicesEmailTrainingGuidelines
74 You need an agreement that lets your business implement a comprehensive risk allocation strategy and provides indemnification, the method that holds one party harmless against existing or future losses. What contract should you negotiate?Master service agreementBusiness impact agreement Interconnection security agreementMemorandum of understanding
75 Which of the following security programs is designed to provide employees with the knowledge they need to fulfill their job requirements and protect the organization?AwarenessTrainingIndoctrinationDevelopment
76 You have a well-configured firewall and IDS. Which of the following can BEST steal intellectual property or trade secrets because there is no system auditing?HacktivistAuditorsMalwareEmployees
77 Bob needs your professional opinion on encryption capabilities. You explained to him that cryptography supports all the core principles of information security with an exception. What is that exception?AuthenticityIntegrityConfidentialityAvailability
78 Alice discovered a meterpreter shell running a keylogger on the CFO's laptop. What security tenet is the keylogger mostly likely to break?AvailabilityThreatsIntegrityConfidentiality
79 You were hired for a role in healthcare as a system architect. You need to factor in CIA requirements for a new SAN. Which of the following CIA requirements is best for multipathing?ConfidentialityThreatIntegrityAvailability
80 As a technical project manager on a VoIP/teleconference project, the customer shared their requirements with your department. Availability must be at least five nines (99.999 percent), and all devices must support collaboration. Which controls are the BEST to apply to this ecosystem?All images must be standardized and double redundant.Security policies of network access controls and high-speed processing.RAID 0 and hot sites.Enforced security policies, standard images/configurations, and backup on all storage devices.
81 A software startup hired you to provide expertise on data security. Clients are concerned about confidentiality. If confidentiality is stressed more than availability and integrity, which of the following scenarios is BEST suited for the client?Virtual servers in a highly available environment. Clients will use redundant virtual storage and terminal services to access software.Virtual servers in a highly available environment. Clients will use single virtual storage and terminal services to access software.Clients are assigned virtual hosts running on shared hardware. Physical storage is partitioned with block cipher encryption.Clients are assigned virtual hosts running shared hardware. Virtual storage is partitioned with streaming cipher encryption.
82 Your company is considering adding a new host to a computer cluster. The cluster will be connected to a single storage solution. What are you most likely trying to accomplish?AvailabilityProvisioningIntegrityConfidentiality
83 You work as a security analyst for a healthcare organization. A small legacy cluster of computers was acquired from a small hospital clinic. All virtual machines use the same NIC to connect to the network. Some of these machines have patient data, while others have financial data. One of these VMs is hosting an externally facing web application. What is the biggest problem you see with this scenario?ConfidentialityThreatsIntegrityUtilization
84 You are a security administrator for a network that uses Fibre Channel over Ethernet (FCoE). The network administrator would like to access raw data from the storage array and restore it to yet another host. Which of the following might be an issue for availability?The new host might not be compatible with FCoE.The data may not be in a usable format. The process could cause bottlenecks.Deduplication will cause errors in the data.
85 A senior security architect for a hospital is creating a hardened version of the newest GUI OS. The testing will focus on the CIA triad as well as on compliance and reporting. Which of these is the BEST life cycle for the architect to deploy in the final image?Employing proper disposal protocols for existing equipment and ensuring compliance with corporate data retention policiesUpdating whole disk encryption and testing operational modelsEmploying interoperability, integrity of the
