During an application design, the development team specifics a LDAP module for single sign-on communication with the company's access control database. This is an example of which of the following?

A. Application control

B. Data in-transit

C. Identification

D. Authentication

The chief Security Officer (CSO) has reported a rise in data loss but no break ins have occurred. By doing which of the following is the CSO most likely to reduce the number of incidents?

A. Implement protected distribution

B. Empty additional firewalls

C. Conduct security awareness training

D. Install perimeter barricades

Two users need to securely share encrypted files via email. Company policy prohibits users from sharing credentials or exchanging encryption keys. Which of the following can be implemented to enable users to share encrypted data while abiding by company policies?

A. Key escrow

B. Digital signatures

C. PKI

D. Hashing

While reviewing the security controls in place for a web-based application, a security controls assessor notices that there are no password strength requirements in place. Because of this vulnerability, passwords might be easily discovered using a brute force attack. Which of the following password requirements will MOST effectively improve the security posture of the application against these attacks? (Select two)

A. Minimum complexity

B. Maximum age limit

C. Maximum length

D. Minimum length

E. Minimum age limit

F. Minimum re-use limit

During a third-party audit, it is determined that a member of the firewall team can request, approve, and implement a new rule-set on the firewall. Which of the following will the audit team most l likely recommend during the audit out brief?

A. Discretionary access control for the firewall team

B. Separation of duties policy for the firewall team

C. Least privilege for the firewall team

D. Mandatory access control for the firewall team

A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)

A. ALE

B. AV

C. ARO

D. EF

E. ROI

A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired?

A. The certificate was self signed, and the CA was not imported by employees or customers

B. The root CA has revoked the certificate of the intermediate CA

C. The valid period for the certificate has passed, and a new certificate has not been issued

D. The key escrow server has blocked the certificate from being validated

A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate?

A. It can protect multiple domains

B. It provides extended site validation

C. It does not require a trusted certificate authority

D. It protects unlimited subdomains

An attacker wearing a building maintenance uniform approached a company's receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge and checks the company's list approved maintenance personnel prior to granting physical access to the secure are.

The controls used by the receptionist are in place to prevent which of the following types of attacks?

A. Tailgating

B. Shoulder surfing

C. Impersonation

D. Hoax

A system administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network?

A. Open wireless network and SSL VPN

B. WPA using a preshared key

C. WPA2 using a RADIUS back-end for 802.1x authentication

D. WEP with a 40-bit key