A bank is evaluating two models of one-time password tokens for multi-factor authentication. Both models have a button, an LCD, volatile memory, and a battery, but no keypad. Model A uses a non-replaceable battery, while the battery of Model B must be replaced in three minutes if the low battery. Which of the following token types is most likely implemented by Model A?
A. Static password token
B. Synchronous dynamic password token
C. Asynchronous password token
D. Challenge-response token
TEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions) is about spying on information systems through leaking electromagnetic emanations, sounds, and mechanical vibrations and how to shield equipment against such spying. Which of the following is the most effective countermeasure against the concern of TEMPEST?
A. Captive portal
B. Awareness training
C. Air-gapped network
D. Wire-meshed space
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
Which of the following least contributes to access control on the need-to-know basis?
A. An object with non-hierarchical label
B. A subject’s capability table
C. A subject’s security clearance
D. A compartmented object
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
Your company decides to subscribe to SaaS from a well-known cloud service provider. As a security professional, you are tasked to prepare for a security plan. Which of the following should you do first?
A. Determine data types processed by the SaaS cloud services.
B. Categorize the system based on its impact level
C. Scope and tailor security controls
D. Identify stakeholders
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
As the newly hired CISO for a global company selling toys all over the world, you are reviewing the company’s mission statement and organizational structure and processes, identifying applicable legal and regulatory requirements, and interviewing stakeholders to implement the business continuity management system (BCMS). Which of the following is the most likely activity you will do next?
A. Conduct business impact analysis
B. Determine the scope
C. Assess risk
D. Develop the business continuity plan
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
You are planning the program for security awareness, training, and education. Which of the following is not the primary target audience who needs more knowledge and skills that will enable them to perform their jobs more effectively?
A. All employees
B. End-users
C. Security administrators
D. IT engineers
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
Your company sells toys online worldwide. A web-based E-Commerce system developed by an in-house Integrated Product Team (IPT) supports the business. The development team is considering a solution to protect customer orders in motion. Which of the following is the best solution in terms of security, performance, and cost/benefit ratio?
A. For developers to implement encryption in the business logic layer for full mediation
B. For the architect to incorporate a software encryption module as a cross-cutting aspect
C. For database administrators to implement a secure enclave on the database server
D. For web server administrators to enable secure transmission
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
You are the head of the research and development department in charge of web conferencing products. The development team develops the product using an object-oriented language. Which of the following object-oriented principles or features relies on interfaces to decouple dependencies and exchange messages and achieve loose coupling?
A. Inheritance
B. Middleware
C. Polymorphism
D. Application Programming Interface (API)
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
Your company develops web conferencing products. You are the head of the research and development department. You plan to provide end-to-end protection over user sessions based on the symmetric cipher. An open design, work factor of cryptanalysis, and user acceptance are major evaluation criteria. Which of the following is the least appropriate cipher?
A. Rijndael
B. Skipjack
C. RSA RC6
D. Serpent
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
You are the CISO at Wonderland county government. The incident response team reports to you that unknown ransomware has successfully attacked the county’s file servers and encrypted production data. As a CISO, which of the following do you think the IR team should conduct next?
A. Identify the root cause and remediate the problem
B. Prioritize the incident
C. Isolate infected machines
D. Validate if the incident is true
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR