A subject is authenticating to the ID provider. Which of the following is not a cryptographic function or cipher and provides the lowest level of security in the authentication process?
A. Base64 for the encoding of ID and password in HTTP basic authentication
B. Electronic Codebook (ECB) that produces repeated patterns
C. Hash-based message authentication code (HMAC)
D. Cipher block chaining message authentication code (CBC-MAC)
Your organization set up a new position, CISO, which reports to the CIO, to be in charge of cybersecurity. As the CISO, you aim to support the business effectively. Which of the following is the most critical task for you?
A. Integrate security into IT processes
B. Implement comprehensive network access control
C. Sponsor and direct the business continuity program
D. Develop an information security management system
You are applying for a certificate from a certificate authority (CA) to support the secure transmission on the E-Commerce website that serves global customers. Which of the following actions exposes the least risk?
A. Randomly generate an asymmetric key pair on the portal of the CA.
B. Use a utility to create the certificate request on the local workstation
C. Upload the key pair to the CA server for approval and signing
D. Download and install the certificate containing the key pair onto the webserver
Which of the following provides the highest level of safety in storefront or shopping windows?
A. Tempered glass
B. Laminated glass
C. Wired glass
D. Annealed glass
You are the head of a public company’s manufacturing department in Taiwan as an original equipment manufacturer (OEM) that accepts orders from the globe. Your department has collected manufacturing parameters, accumulated rich experience to improve efficiency and optimize costs, and created sustainable competitive advantages. Which of the following is the most critical concern to protect the manufacturing parameters from the perspective of intellectual property?
A. The ownership of the parameters
B. The secrecy of the parameters
C. The innovation of the parameters
D. The expression of the parameters
You are the head of the research and development (R&D) department. As the data owner of R&D data sets, you are responsible for classifying data and accountable for the results. Which of the following is the best criterion that justifies your classification decision?
A. The importance or meaning to stakeholders
B. The risk of the unauthorized disclosure of information
C. The risk of the unauthorized modification or destruction of information
D. The risk of the disruption of access to or use of information or an information system
As the head of the research and development department, you are authorizing colleagues in your department access to resources. Which of the following best justifies your authorization decision?
A. Background check
B. Security clearance
C. Job description
D. Separation of duties
You are evaluating and selecting software vendors to customize the transportation management system in a procurement project. Which of the following is least likely to be part of the evaluation criteria for the vendor qualification?
A. FOCI (Foreign Ownership, Control, and Influence)
B. Capability Maturity Model Integration (CMMI)
C. Software Assurance Maturity Model (SAMM)
D. Common Criteria (ISO 15408)
Based on the NIST Risk Management Framework (RMF), you are categorizing the Transportation Management System (TMS) that handles the information types of Ground Transportation and Air Transportation. Which of the following is the most possible outcome of the system categorization?
A. Public
B. Moderate
C. Confidential
D. Catastrophic
Sanitization methods address the data remanence problem to different levels of effectiveness. Which of the following is the best method that makes the data recovery and media reuse infeasible using state of the art laboratory techniques per NIST SP 800-88 R1?
A. Purge
B. Destroy
C. Degaussing
D. Physical destruction