- (Exam Topic 12)
As a best practice, the Security Assessment Report (SAR) should include which of the following sections?

1. A. Data classification policy
2. B. Software and hardware inventory
3. C. Remediation recommendations
4. D. Names of participants

Correct Answer: B

- (Exam Topic 11)
Which of the following is most helpful in applying the principle of LEAST privilege?

1. A. Establishing a sandboxing environment
2. B. Setting up a Virtual Private Network (VPN) tunnel
3. C. Monitoring and reviewing privileged sessions
4. D. Introducing a job rotation program

Correct Answer: A

- (Exam Topic 15)
The ability to send malicious code, generally in the form of a client side script, to a different end user is categorized as which type of vulnerability?

1. A. Session hijacking
2. B. Cross-site request forgery (CSRF)
3. C. Cross-Site Scripting (XSS)
4. D. Command injection

Correct Answer: C

- (Exam Topic 13)
Which of the following is considered a secure coding practice?

1. A. Use concurrent access for shared variables and resources
2. B. Use checksums to verify the integrity of libraries
3. C. Use new code for common tasks
4. D. Use dynamic execution functions to pass user supplied data

Correct Answer: B

- (Exam Topic 15)
How should the retention period for an organization's social media content be defined?

1. A. Wireless Access Points (AP)
2. B. Token-based authentication
3. C. Host-based firewalls
4. D. Trusted platforms

Correct Answer: C