- (Exam Topic 14)
Which of the following attacks is dependent upon the compromise of a secondary target in order to reach the primary target?

1. A. Watering hole
2. B. Brute force
3. C. Spear phishing
4. D. Address Resolution Protocol (ARP) poisoning

Correct Answer: D

- (Exam Topic 15)
Which of the following is the PRIMARY purpose of due diligence when an organization embarks on a merger or acquisition?

1. A. Assess the business risks.
2. B. Formulate alternative strategies.
3. C. Determine that all parties are equally protected.
4. D. Provide adequate capability for all parties.
5. E. Strategy and program management, project delivery, governance, operations

Correct Answer: A

- (Exam Topic 13)
Which of the following is the MOST appropriate action when reusing media that contains sensitive data?

1. A. Erase
2. B. Sanitize
3. C. Encrypt
4. D. Degauss

Correct Answer: B

- (Exam Topic 15)
A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in ?

1. A. Whitelisting application
2. B. Network segmentation
3. C. Hardened configuration
4. D. Blacklisting application

Correct Answer: A

- (Exam Topic 13)
The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

1. A. System acquisition and development
2. B. System operations and maintenance
3. C. System initiation
4. D. System implementation

Correct Answer: B