A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the
organizations vulnerabilities. Which of the following would BEST meet this need?
Which of the following environments minimizes end-user disruption and MOST likely to be used to assess the impacts of any
database migrations or major system changes by using the final version of the code?
A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new
product before its general release. Which of the following BEST describes the tasks the developer is conducting?
An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT
operations in a:
A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to
software compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported.
The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to
be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following
resiliency techniques will provide these capabilities?
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft.
Which of the following would be the MOST acceptable?
A systems administrator needs to implement an access control scheme that will allow an objects access policy to be
determined by its owner. Which of the following access control schemes BEST fits the requirements?
An analyst visits an Internet forum looking for information about a tool. The analyst finds a thread that appears to contain
relevant information. One of the posts says the following:
Which of the following BEST describes the attack that was attempted against the forum readers?
A security analyst discovers that a companys username and password database was posted on an Internet forum. The
usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of
data exfiltration in the future?
An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last
two assessments. Which of the following BEST explains the appliances vulnerable state?