Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?
Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?A . Integration with organizational directory services for authenticationB . Tokenization of dataC . Accommodation of hybrid deployment modelsD . Identification of data locationView AnswerAnswer: D
Which of the following can BEST prevent security flaws occurring in outsourced software development?
Which of the following can BEST prevent security flaws occurring in outsourced software development?A . Contractual requirements for code qualityB . Licensing, code ownership and intellectual property rightsC . Certification of the quality and accuracy of the work doneD . Delivery dates, change management control and budgetary controlView AnswerAnswer: C
Which of the following BEST represents the principle of open design?
Which of the following BEST represents the principle of open design?A . Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.B . Algorithms must be protected to ensure the security and interoperability of the designed system.C . A knowledgeable user should have limited privileges on...
Why must all users be positively identified prior to using multi-user computers?
Why must all users be positively identified prior to using multi-user computers?A . To provide access to system privilegesB . To provide access to the operating systemC . To ensure that unauthorized persons cannot access the computersD . To ensure that management knows what users are currently logged onView AnswerAnswer:...
The goal of software assurance in application development is to
The goal of software assurance in application development is toA . enable the development of High Availability (HA) systems.B . facilitate the creation of Trusted Computing Base (TCB) systems.C . prevent the creation of vulnerable applications.D . encourage the development of open source applications.View AnswerAnswer: C
The BEST method of demonstrating a company's security level to potential customers is
The BEST method of demonstrating a company's security level to potential customers isA . a report from an external auditor.B . responding to a customer's security questionnaire.C . a formal report from an internal auditor.D . a site visit by a customer's security team.View AnswerAnswer: A
Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?
Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?A . Check arguments in function callsB . Test for the security patch level of the environmentC . Include logging functionsD . Digitally sign each application moduleView AnswerAnswer:...
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?A . WalkthroughB . SimulationC . ParallelD . White boxView AnswerAnswer: C
The birthday attack is MOST effective against which one of the following cipher technologies?
The birthday attack is MOST effective against which one of the following cipher technologies?A . Chaining block encryptionB . Asymmetric cryptographyC . Cryptographic hashD . Streaming cryptographyView AnswerAnswer: C
An advantage of link encryption in a communications network is that it
An advantage of link encryption in a communications network is that itA . makes key management and distribution easier.B . protects data from start to finish through the entire network.C . improves the efficiency of the transmission.D . encrypts all information, including headers and routing information.View AnswerAnswer: D