| Question.56 Which of the following departments initiates the request, approval, and provisioning business process? (A) Operations (B) Security (C) Human resources (HR) (D) Information technology (IT) |
56. Click here to View Answer
Correct Answer: A
| Question.57 An organization is setting a security assessment scope with the goal of developing a Security Management Program (SMP). The next step is to select an approach for conducting the risk assessment. Which of the following approaches is MOST effective for the SMP? (A) Security controls driven assessment that focuses on controls management (B) Business processes based risk assessment with a focus on business goals (C) Asset driven risk assessment with a focus on the assets (D) Data driven risk assessment with a focus on data |
57. Click here to View Answer
Correct Answer: B
| Question.58 Which technique helps system designers consider potential security concerns of their systems and applications? (A) Threat modeling (B) Manual inspections and reviews (C) Source code review (D) Penetration testing |
58. Click here to View Answer
Correct Answer: A
| Question.59 A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in place? (A) Network segmentation (B) Blacklisting application (C) Whitelisting application (D) Hardened configuration |
59. Click here to View Answer
Correct Answer: D
| Question.60 Which of the following BEST describes centralized identity management? (A) Service providers perform as both the credential and identity provider (IdP). (B) Service providers identify an entity by behavior analysis versus an identification factor. (C) Service providers agree to integrate identity system recognition across organizational boundaries. (D) Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers. |
60. Click here to View Answer
Correct Answer: D