Q1. Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data? 

A. Secondary use of the data by business users 

B. The organization's security policies and standards 

C. The business purpose for which the data is to be used 

D. The overall protection of corporate resources and data 


Q2. An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced? 

A. Data leakage 

B. Unfiltered channel 

C. Data emanation 

D. Covert channel 


Q3. Which of the following is the BEST reason to review audit logs periodically? 

A. Verify they are operating properly 

B. Monitor employee productivity 

C. Identify anomalies in use patterns 

D. Meet compliance regulations 


Q4. An advantage of link encryption in a communications network is that it 

A. makes key management and distribution easier. 

B. protects data from start to finish through the entire network. 

C. improves the efficiency of the transmission. 

D. encrypts all information, including headers and routing information. 


Q5. Which layer of the Open Systems Interconnections (OSI) model implementation adds information concerning the logical connection between the sender and receiver? 

A. Physical 

B. Session 

C. Transport 

D. Data-Link 


Q6. Which of the following is the FIRST step of a penetration test plan? 

A. Analyzing a network diagram of the target network 

B. Notifying the company's customers 

C. Obtaining the approval of the company's management 

D. Scheduling the penetration test during a period of least impact 


Q7. Which of the following is an attacker MOST likely to target to gain privileged access to a system? 

A. Programs that write to system resources 

B. Programs that write to user directories 

C. Log files containing sensitive information 

D. Log files containing system calls 


Q8. Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization? 

A. Data Custodian 

B. Data Owner 

C. Data Creator 

D. Data User 


Q9. What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system? 

A. Physical access to the electronic hardware 

B. Regularly scheduled maintenance process 

C. Availability of the network connection 

D. Processing delays 


Q10. During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this? 

A. The procurement officer lacks technical knowledge. 

B. The security requirements have changed during the procurement process. 

C. There were no security professionals in the vendor's bidding team. 

D. The description of the security requirements was insufficient.