Your company charted a committee to evaluate an initiative to construct a data center in Taiwan located in the circum-Pacific seismic belt or ring of fire and subject to earthquakes. It will operate as a region of the global infrastructure for cloud services. The committee approved the investment despite the concern of frequent earthquakes.Which of the following is the best justification for the decision? A. The reliability of the data center is assured. B. The residual risk is higher than the risk appetite of the board. C. The data center can be recovered within the recovery point objective. D. The recovery time objective is less than the maximum tolerable downtime (MTD).
As the head of research and development, you are classifying assets based on the corporate asset classification guideline. Which of the following is least likely to happen? A. Identify the original purchase cost B. Evaluate the impact of data compromises C. Establish the classification scheme in terms of business value D. Determine the security level to support mandatory access control
A malicious program, Notepad.com, mimics the legitimate one, Notepad.exe, by using a file extension name with precedence. Which of the following best describes the malicious program? A. Polymorphic virus B. Multipartite virus C. Stealth virus D. Companion virus
You are concerned with session hijacking by a middle man replaying the session token stored in the HTTP cookie. Which of the following is the least effective control to mitigate the risk? A. End-to-end encryption between the browser and the web server using TLS B. Automatic log off if a session ends or expires C. User data or input validation D. Long and random Session ID
Your organization established a sound mechanism for authentication, authorization, and accounting by implementing systems for single sign-on, policy enforcement and decision, security information and event management, intrusion detection and prevention, etc. After an administrative investigation, a malicious employee was held accountable for the attempts to steal research and development secrets and got fired. Which of the following is the best perspective that justifies the punitive action? A. Auditing B. Authentication C. Authorization D. Accounting
After a periodic security assessment, you are reviewing the plan of action and milestones (POA&M)to correct non-compliance issues and mitigate risk. As a CISO, which of the following is your most concern? A. Tasks not assigned an owner B. Tasks underestimated on purpose C. Tasks marked for further evaluation D. Tasks solved and inherited from the previous report
The software testing team is testing a web-based E-Commerce system. The back-end API receives an HTTP request, GET /customer/delete?country=all, with an empty HTTP message body. Which of the following is the most likely test undergoing? A. Fuzz testing B. Stress testing C. Synthetic transaction D. Misuse/Abuse testing
Which of the following block cipher modes of operation in which a block cipher doesn’t use plaintext as the direct input but operates on its output and the plaintext to produce the ciphertext? A. Cipher Block Chaining (CBC) B. Cipher feedback (CFB) C. Electronic codebook (ECB) D. Initialization Vector (IV)