- (Exam Topic 1)
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

1. A. Development, testing, and deployment
2. B. Prevention, detection, and remediation
3. C. People, technology, and operations
4. D. Certification, accreditation, and monitoring

Correct Answer: C

- (Exam Topic 11)
Disaster Recovery Plan (DRP) training material should be

1. A. consistent so that all audiences receive the same training.
2. B. stored in a fire proof safe to ensure availability when needed.
3. C. only delivered in paper format.
4. D. presented in a professional looking manner.

Correct Answer: A

- (Exam Topic 14)
Why should Open Web Application Security Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application?

1. A. ASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats.
2. B. Opportunistic attackers will look for any easily exploitable vulnerable applications.
3. C. Most regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications.
4. D. Securing applications at ASVS Level 1 provides adequate protection for sensitive data.

Correct Answer: B

- (Exam Topic 10)
An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?

1. A. Availability
2. B. Confidentiality
3. C. Integrity
4. D. Ownership

Correct Answer: A

- (Exam Topic 9)
Why MUST a Kerberos server be well protected from unauthorized access?

1. A. It contains the keys of all clients.
2. B. It always operates at root privilege.
3. C. It contains all the tickets for services.
4. D. It contains the Internet Protocol (IP) address of all network entities.

Correct Answer: A