Q121. Refer.to the information below to answer the question. 

Desktop computers in an organization were sanitized.for re-use.in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed. 

After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing? 

A. Commercial products often have serious weaknesses of the magnetic force available in the degausser product. 

B. Degausser products may not be properly maintained and operated. 

C. The inability to turn the drive around in the chamber for the second pass due to human error. 

D. Inadequate record keeping when sanitizing media. 

Answer:


Q122. Retaining system logs for six months or longer can be valuable for what activities?.

A. Disaster recovery and business continuity 

B. Forensics and incident response 

C. Identity and authorization management 

D. Physical and logical access control 

Answer:


Q123. What is the MOST efficient way to secure a production program and its data? 

A. Disable default accounts and implement access control lists (ACL) 

B. Harden the application and encrypt the data 

C. Disable unused services and implement tunneling 

D. Harden the servers and backup the data 

Answer:


Q124. Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches? 

A. Simple Mail Transfer Protocol (SMTP) blacklist 

B. Reverse Domain Name System (DNS) lookup 

C. Hashing algorithm 

D. Header analysis 

Answer:


Q125. Which of the following describes the concept of a Single Sign-On (SSO) system? 

A. Users are authenticated to one system at a time. 

B. Users are.identified to multiple systems with several credentials. 

C. Users are authenticated to.multiple systems with one login. 

D. Only one user is using the system at a time. 

Answer:


Q126. An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid.reason a customer transaction is kept beyond the retention schedule? 

A. Pending legal hold 

B. Long term data mining needs 

C. Customer makes request to retain 

D. Useful for future business initiatives 

Answer:


Q127. Which of the following is a reason to use manual patch installation instead of automated patch management? 

A. The cost required to install patches will be reduced. 

B. The time during which systems will remain vulnerable to an exploit will be decreased. 

C. The likelihood of system or application incompatibilities will be decreased. 

D. The ability to cover large geographic areas is increased. 

Answer:


Q128. Refer.to the information below to answer the question. 

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. 

The security program can be considered effective when 

A. vulnerabilities are proactively identified. 

B. audits are regularly performed and reviewed. 

C. backups are regularly performed and validated. 

D. risk is lowered to an acceptable level. 

Answer:


Q129. What is the MOST important reason to configure unique user IDs? 

A. Supporting accountability 

B. Reducing authentication errors 

C. Preventing password compromise 

D. Supporting Single Sign On (SSO) 

Answer:


Q130. During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take? 

A. Immediately call the police 

B. Work with the client to resolve the issue internally 

C. Advise.the.person performing the illegal activity to cease and desist 

D. Work with the client to report the activity to the appropriate authority 

Answer: