Question 11: When conducting a user access review to prevent malicious attacks or internal mistakes, which is true of user responsibilities and privileges?
A. They cannot vary for two people hired at the same time.
B. They vary based on employee seniority.
C. They cannot vary for two people in the same role.
D. They can vary for two people in the same role.
Correct Answer: D. They can vary for two people in the same role.
Explanation: Responsibilities and privilege can vary for two people in the same role. Many access privileges are granted based on an individual’s role, department or responsibility. However, conducting user access reviews may reveal that a more granular approach is required to ensure database and application security.
Question 12: Which of the following is accepted as the strongest encryption algorithm currently available?
A. TLS
B. Advanced Encryption Standard (AES) 128
C. AES 256
D. AES 192
Correct Answer: C. AES 256
Explanation: Organizations with the most sensitive data to transmit and secure should opt for AES 256, which is accepted as the strongest encryption algorithm currently available. AES is the accepted standard based on NIST guidelines and can be used in 128- and 192-bit variants. These options are suitable for organizations with encryption speed and resource use priorities.
Question 13: Which of the following is not a key step in the process of properly testing applications for security vulnerabilities?
A. Determining which applications you have that are in scope and in need of testing
B. Assuming SaaS vendors or hosting providers conduct the necessary vulnerability and penetration testing
C. Understanding the specific requirements for the application security testing process
D. Performing or outsourcing the testing using known methodologies and proven tools
Correct Answer: B. Assuming SaaS vendors or hosting providers conduct the necessary vulnerability and penetration testing
Explanation: To properly test applications for security vulnerabilities, you must determine which apps are in need of testing, understand the requirements of the testing process and perform or outsource the test using known and proven tools. Never assume hosting providers of cloud applications are responsible for app testing.
Question 14: Since today’s applications will likely need to integrate with one or more databases, software developers can benefit by learning the following database language(s):
A. SQL
B. NoSQL
C. MySQL
D. Both SQL and NoSQL
Correct Answer: D. Both SQL and NoSQL
Explanation: Software developers can benefit from a preliminary understanding of data structures, algorithms and database languages, such as SQL and NoSQL. Those who acquire these database integration and management skills are better equipped to create applications that can process vast quantities of data.
Question 15: What is the best method to secure data in use (information that is being processed, accessed or read) and data in motion (information that is being transported between systems)?
A. Enforcing role-based access to the data
B. Encrypting data when it’s traversing internal or external networks
C. Obtaining proper visibility to detect breaches, assess damage and provide actionable remediation steps
D. All of the above
Correct Answer: D. All of the above
Explanation: To secure data in use and in motion, organizations should enforce role-based access and encrypt data traversing internal and external networks, as well as ensure visibility that enables timely network detection and response.
Question 16: To mitigate the damage of ransomware attacks and other incidents, organizations can incorporate the 3-2-1 method of backup into their data security strategy, consisting of:
A. Three types of storage, two copies of the data and one copy stored on premises
B. Three copies of the data, stored on two different types of storage and one copy stored off-site
C. Three copies of the data, using two-factor authentication to access and one copy stored off-site
D. Three copies of the data, using two-factor authentication to access and one tape backup stored offline
Correct Answer: B. Three copies of the data, stored on two different types of storage and one copy stored off-site
Explanation: One effective way to improve enterprise data security is to monitor where copies of data are by implementing the 3-2-1 method of data backup. This entails having three copies of the data — one primary and two backups — stored on two different types of storage and one copy of the data stored off-site.
Question 17: Voice ID, fingerprint scan and iris recognition are each examples of:
A. Data protected by PCI DSS
B. Biometric authentication factors
C. Security tokens
D. IoT technology
Correct Answer: B. Biometric authentication factors
Explanation: Voice ID, fingerprint and iris scans, and facial recognition are examples of biometric authentication factors. Biometrics are mostly used as one part of two- or multifactor authentication processes to improve an enterprise’s security posture.
Question 18: Following too many failed login attempts, users are forced to validate their identity via an account lockout policy, which includes the following security settings:
A. Account lockout threshold
B. Account lockout duration
C. Reset account lockout counter after
D. All of the above
Correct Answer: D. All of the above
Explanation: The account lockout policy is made up of three security settings: account lockout duration, account lockout threshold and reset account lockout counter after. These policy settings can decrease the chances of successful attacks on an organization’s network by preventing attackers from guessing users’ credentials.
Question 19: The following are best practices for IT administrators to ensure remote users meet data security and protection standards, except:
A. Allow applications such as WhatsApp and Facebook Messenger to access business data
B. Audit all systems accessing corporate data and standardize on secure collaborative apps
C. Contact users directly to ensure they are familiar with standard work applications and processes
D. Make efforts to support remote users and proactively ask if they need help
Correct Answer: A. Allow applications such as WhatsApp and Facebook Messenger to access business data
Explanation: Under no circumstances, should IT administrators allow unsafe applications, such as WhatsApp and Facebook Messenger, to access business data. This is a direct threat to remote data security and may threaten the organization’s efforts to meet data protection compliance standards.
Question 20: The process of _______, when staff change roles and gain new permissions without eliminating outdated and unneeded privileges, expands the scope of attack in the event of an account compromise.
A. Principle of least privilege
B. Pass the hash
C. Role-based access
D. Privilege creep
Correct Answer: D. Privilege creep
Explanation: Privilege creep occurs when users accumulate more permissions than are necessary to perform their specific roles. To detect errors such as privilege creep — which can extend the blast radius in the event of account compromise — organizations should conduct audits of identity and access management processes.