- (Exam Topic 5)
Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?

1. A. Post a sign that states, “no tailgating” next to the special card reader adjacent to the secure door
2. B. Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card
3. C. Educate and enforce physical security policies of the company to all the employees on a regular basis
4. D. Setup a mock video camera next to the special card reader adjacent to the secure door

Correct Answer: C

- (Exam Topic 5)
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
How can you reduce the administrative burden of distributing symmetric keys for your employer?

1. A. Use asymmetric encryption for the automated distribution of the symmetric key
2. B. Use a self-generated key on both ends to eliminate the need for distribution
3. C. Use certificate authority to distribute private keys
4. D. Symmetrically encrypt the key and then use asymmetric encryption to unencrypt it

Correct Answer: A

- (Exam Topic 5)
What are the three stages of an identity and access management system?

1. A. Authentication, Authorize, Validation
2. B. Provision, Administration, Enforcement
3. C. Administration, Validation, Protect
4. D. Provision, Administration, Authentication

Correct Answer: A
Reference: https://digitalguardian.com/blog/what-identity-and-access-management-iam

- (Exam Topic 5)
What are the three hierarchically related aspects of strategic planning and in which order should they be done?

1. A. 1) Information technology strategic planning, 2) Enterprise strategic planning, 3) Cybersecurity orinformation security strategic planning
2. B. 1) Cybersecurity or information security strategic planning, 2) Enterprise strategic planning, 3)Informationtechnology strategic planning
3. C. 1) Enterprise strategic planning, 2) Information technology strategic planning, 3) Cybersecurity or information security strategic planning
4. D. 1) Enterprise strategic planning, 2) Cybersecurity or information security strategic planning, 3)Information technology strategic planning

Correct Answer: D

- (Exam Topic 2)
Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

1. A. Perform a vulnerability scan of the network
2. B. External penetration testing by a qualified third party
3. C. Internal Firewall ruleset reviews
4. D. Implement network intrusion prevention systems

Correct Answer: B