Q181. What security risk does the role-based access approach mitigate MOST effectively? 

A. Excessive access rights to systems and data 

B. Segregation of duties conflicts within business applications 

C. Lack of system administrator activity monitoring 

D. Inappropriate access requests 

Answer:


Q182. DRAG DROP 

Drag the following Security Engineering terms on the left to the BEST definition on the right. 

Answer: 


Q183. As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to 

A. overcome the problems of key assignments. 

B. monitor the opening of windows and doors. 

C. trigger alarms when intruders are detected. 

D. lock down a facility during an emergency. 

Answer:


Q184. An organization's data policy MUST include a data retention period which is based on 

A. application dismissal. 

B. business procedures. 

C. digital certificates expiration. 

D. regulatory compliance. 

Answer:


Q185. Which of the following methods can be used to achieve confidentiality.and integrity.for data in transit? 

A. Multiprotocol Label Switching (MPLS) 

B. Internet Protocol Security (IPSec) 

C. Federated identity management 

D. Multi-factor authentication 

Answer:


Q186. When planning a penetration test, the tester will be MOST interested in which information? 

A. Places to install back doors 

B. The main network access points 

C. Job application handouts and tours 

D. Exploits that can attack weaknesses 

Answer:


Q187. Which of the following is an advantage of on-premise Credential Management Systems? 

A. Improved credential interoperability 

B. Control over system configuration 

C. Lower infrastructure capital costs 

D. Reduced administrative overhead 

Answer:


Q188. Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage? 

A. Requirements Analysis 

B. Development and Deployment 

C. Production Operations 

D. Utilization Support 

Answer:


Q189. A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue? 

A. A lack of baseline standards 

B. Improper documentation of security guidelines 

C. A poorly designed security policy communication program 

D. Host-based Intrusion Prevention System (HIPS).policies are ineffective 

Answer:


Q190. Which of the following explains why record destruction requirements are included in a data retention policy? 

A. To comply with legal and business requirements 

B. To save cost for storage and backup 

C. To meet destruction.guidelines 

D. To validate data ownership 

Answer: