NEW QUESTION 1
Which of the following should occur at each stage of the SDLC?

• A. Added functionality
• B. Management review
• C. Verification and validation
• D. Repurposing of any newly developed components

Answer: C

NEW QUESTION 2
What does nonrepudiation mean?
Response:

• A. Prohibiting certain parties from a private conversation
• B. Ensuring that a transaction is completed before saving the results
• C. Ensuring that someone cannot turn off auditing capabilities while performing a function
• D. Preventing any party that participates in a transaction from claiming that it did not

Answer: D

NEW QUESTION 3
In which of the following situations does the data owner have to administer the OS? Response:

• A. IaaS
• B. PaaS
• C. Offsite archive
• D. SaaS

Answer: A

NEW QUESTION 4
The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes “sensitive data exposure.”
Which of these is a technique to reduce the potential for a sensitive data exposure? Response:

• A. Extensive user training on proper data handling techniques
• B. Advanced firewalls inspecting all inbound traffic, to include content-based screening
• C. Ensuring the use of utility backup power supplies
• D. Roving security guards

Answer: A

NEW QUESTION 5
A typical DLP tool can enhance the organization’s efforts at accomplishing what legal task? Response:

• A. Evidence collection
• B. Delivering testimony
• C. Criminal prosecution
• D. Enforcement of intellectual property rights

Answer: A

NEW QUESTION 6
DLP can be combined with what other security technology to enhance data controls? Response:

• A. DRM
• B. SIEM
• C. Kerberos
• D. Hypervisors

Answer: A

NEW QUESTION 7
Before deploying a specific brand of virtualization toolset, it is important to configure it according to
______ .
Response:

• A. Industry standards
• B. Prevailing law of that jurisdiction
• C. Vendor guidance
• D. Expert opinion

Answer: C

NEW QUESTION 8
All of the following might be used as data discovery characteristics in a content-analysis-based data discovery effort except ______.
Response:

• A. Keywords
• B. Pattern-matching
• C. Frequency
• D. Inheritance

Answer: D

NEW QUESTION 9
Which cloud service category brings with it the most expensive startup costs, but also the lowest costs for ongoing support and maintenance staff?
Response:

• A. IaaS
• B. SaaS
• C. PaaS
• D. DaaS

Answer: B

NEW QUESTION 10
A loosely coupled storage cluster will have performance and capacity limitations based on the ______.
Response:

• A. Physical backplane connecting it
• B. Total number of nodes in the cluster
• C. Amount of usage demanded
• D. The performance and capacity in each node

Answer: D

NEW QUESTION 11
When using transparent encryption of a database, where does the encryption engine reside? Response:

• A. At the application using the database
• B. On the instance(s) attached to the volume
• C. In a key management system
• D. Within the database

Answer: D

NEW QUESTION 12
From a security perspective, automation of configuration aids in ______.
Response:

• A. Enhancing performance
• B. Reducing potential attack vectors
• C. Increasing ease of use of the systems
• D. Reducing need for administrative personnel

Answer: B

NEW QUESTION 13
A bare-metal hypervisor is Type ______.
Response:

• A. 1
• B. 2
• C. 3
• D. 4

Answer: A

NEW QUESTION 14
Data labels could include all the following, except: Response:

• A. Confidentiality level
• B. Distribution limitations
• C. Access restrictions
• D. Multifactor authentication

Answer: D

NEW QUESTION 15
Which of the following is essential for getting full security value from your system baseline? Response:

• A. Capturing and storing an image of the baseline
• B. Keeping a copy of upcoming suggested modifications to the baseline
• C. Having the baseline vetted by an objective third party
• D. Using a baseline from another industry member so as not to engage in repetitious efforts

Answer: A

NEW QUESTION 16
You are a consultant performing an external security review on a large manufacturing firm. You determine that its newest assembly plant, which cost $24 million, could be completely destroyed by a fire but that a fire suppression system could effectively protect the plant.
The fire suppression system costs $15 million. An insurance policy that would cover the full replacement cost of the plant costs $1 million per month.
In order to establish the true annualized loss expectancy (ALE), you would need all of the following information except ______ .
Response:

• A. The amount of revenue generated by the plant
• B. The rate at which the plant generates revenue
• C. The length of time it would take to rebuild the plant
• D. The amount of product the plant creates

Answer: D

NEW QUESTION 17
Which concept of cloud computing pertains to the ability to reuse components and services of an application for other purposes?

• A. Portability
• B. Interoperability
• C. Resource pooling
• D. Elasticity

Answer: B