A security practitioner has been tasked with establishing organizational asset handling procedures. What should be considered that would have the GRFATEST impact to the development of these procedures?
A. Media handling procedures
B. User roles and responsibilities
C. Acceptable Use Policy (ALP)
D. Information classification scheme
Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?
A. Configuration
B. Identity
C. Compliance
D. Patch
During a fingerprint verification process, which of the following is used to verify identity and authentication?
A. A pressure value is compared with a stored template
B. Sets of digits are matched with stored values
C. A hash table is matched to a database of stored value
D. A template of minutiae is compared with a stored template
Which of the following is required to determine classification and ownership?
A. System and data resources are properly identified
B. Access violations are logged and audited
C. Data file references are identified and linked
D. System security controls are fully integrated
Which of the following BEST describes the responsibilities of a data owner?
A. Ensuring quality and validation through periodic audits for ongoing data integrity
B. Maintaining fundamental data availability, including data storage and archiving
C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
D. Determining the impact the information has on the mission of the organization
Which of the following is true of Service Organization Control (SOC) reports?
A. SOC 1 Type 2 reports assess the security, confidentiality, integrity, and availability of an organization's controls
B. SOC 2 Type 2 reports include information of interest to the service organization's management
C. SOC 2 Type 2 reports assess internal controls for financial reporting
D. SOC 3 Type 2 reports assess internal controls for financial reporting
Which of the following open source software issues pose the MOST risk to an application?
A. The software is beyond end of life and the vendor is out of business.
B. The software is not used or popular in the development community.
C. The software has multiple Common Vulnerabilities and Exposures (CVE) and only some are remediated.
D. The software has multiple Common Vulnerabilities and Exposures (CVE) but the CVEs are classified as low risks.
What is the MAIN reason for having a developer sign a Non-Disclosure Agreement (NDA)?
A. Signing the NDA always gives consent to the developer to access tools and privileged company information to do their work.
B. Signing the NDA allows the developer to use their developed coding methods.
C. Signing the NDA protects confidential, technical, or Intellectual Property (IP) from disclosure to others.
D. Signing the NDA is legally binding for up to one year of employment.
Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?
A. Message digest (MD)
B. Asymmetric
C. Symmetric
D. Hashing
What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?
A. Risk assessment
B. Performance testing
C. Security audit
D. Risk management