Q21. - (Topic 4) 

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process? 

A. Collection, Identification, Preservation, Examination, Analysis, Presentation. 

B. Identification, Preservation, Collection, Examination, Analysis, Presentation. 

C. Collection, Preservation, Examination, Identification, Analysis, Presentation. 

D. Identification, Examination, Preservation, Collection, Analysis, Presentation. 


Q22. - (Topic 2) 

An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the following matrix: 




Client addressLOWMEDIUMLOW 


The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate score? 






Q23. - (Topic 3) 

Customer Need: 

“We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website.” 

Which of the following BEST restates the customer need? 

A. The system shall use a pseudo-random number generator seeded the same every time. 

B. The system shall generate a pseudo-random number upon invocation by the existing Java program. 

C. The system shall generate a truly random number based upon user PKI certificates. 

D. The system shall implement a pseudo-random number generator for use by corporate customers. 


Q24. - (Topic 1) 

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO). 

A. Demonstration of IPS system 

B. Review vendor selection process 

C. Calculate the ALE for the event 

D. Discussion of event timeline 

E. Assigning of follow up items 

Answer: D,E 

Q25. - (Topic 2) 

A port in a fibre channel switch failed, causing a costly downtime on the company’s primary website. Which of the following is the MOST likely cause of the downtime? 

A. The web server iSCSI initiator was down. 

B. The web server was not multipathed. 

C. The SAN snapshots were not up-to-date. 

D. The SAN replication to the backup site failed. 


Q26. - (Topic 3) 

Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ. 

Which of the following is the MOST important to be considered before going ahead with the service? 

A. Internal auditors have approved the outsourcing arrangement. 

B. Penetration testing can be performed on the externally facing web system. 

C. Ensure there are security controls within the contract and the right to audit. 

D. A physical site audit is performed on Company XYZ’s management / operation. 


Q27. - (Topic 5) 

Which of the following is the information owner responsible for? 

A. Developing policies, standards, and baselines. 

B. Determining the proper classification levels for data within the system. 

C. Integrating security considerations into application and system purchasing decisions. 

D. Implementing and evaluating security controls by validating the integrity of the data. 


Q28. - (Topic 3) 

The security administrator at a company has received a subpoena for the release of all the email received and sent by the company Chief Information Officer (CIO) for the past three years. The security administrator is only able to find one year’s worth of email records on the server and is now concerned about the possible legal implications of not complying with the request. Which of the following should the security administrator check BEFORE responding to the request? 

A. The company data privacy policies 

B. The company backup logs and archives 

C. The company data retention policies and guidelines 

D. The company data retention procedures 


Q29. - (Topic 5) 

A security consultant is investigating acts of corporate espionage within an organization. Each time the organization releases confidential information to high-ranking engineers, the information is soon leaked to competing companies. Which of the following techniques should the consultant use to discover the source of the information leaks? 

A. Digital watermarking 

B. Steganography 

C. Enforce non-disclosure agreements 

D. Digital rights management 


Q30. - (Topic 5) 

The Chief Executive Officer (CEO) has asked the IT administrator to protect the externally facing web server from SQL injection attacks and ensure the backend database server is monitored for unusual behavior while enforcing rules to terminate unusual behavior. Which of the following would BEST meet the CEO’s requirements? 

A. WAF and DAM 

B. UTM and NIDS 

C. DAM and SIEM 

D. UTM and HSM 

E. WAF and SIEM