- (Exam Topic 15)
Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users internal control over financial reporting?

1. A. Statement on Auditing Standards (SAS)70
2. B. Service Organization Control 1 (SOC1)
3. C. Service Organization Control 2 (SOC2)
4. D. Service Organization Control 3 (SOC3)

Correct Answer: B

- (Exam Topic 15)
While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?

1. A. Detective and recovery controls
2. B. Corrective and recovery controls
3. C. Preventative and corrective controls
4. D. Recovery and proactive controls

Correct Answer: C

- (Exam Topic 7)
Which of the following is a PRIMARY advantage of using a third-party identity service?

1. A. Consolidation of multiple providers
2. B. Directory synchronization
3. C. Web based logon
4. D. Automated account management

Correct Answer: D

- (Exam Topic 15)
Dumpster diving is a technique used in which stage of penetration testing methodology?

1. A. Attack
2. B. Discovery
3. C. Reporting
4. D. Planning

Correct Answer: B

- (Exam Topic 15)
What is the overall goal of software security testing?

1. A. Identifying the key security features of the software
2. B. Ensuring all software functions perform as specified
3. C. Reducing vulnerabilities within a software system
4. D. Making software development more agile

Correct Answer: B