| Question.26 When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should the considerations be prioritized? (A) Public safety, duties to individuals, duties to the profession, and duties to principals (B) Public safety, duties to principals, duties to the profession, and duties to individuals (C) Public safety, duties to principals, duties to individuals, and duties to the profession (D) Public safety, duties to the profession, duties to principals, and duties to individuals |
26. Click here to View Answer
Correct Answer: C
| Question.27 Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving customer service? (A) Kanban (B) Lean Six Sigma (C) Information Technology Service Management (ITSM) (D) Information Technology Infrastructure Library (ITIL) |
27. Click here to View Answer
Correct Answer: D
| Question.28 A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution? (A) In-house team lacks resources to support an on-premise solution. (B) Third-party solutions are inherently more secure. (C) Third-party solutions are known for transferring the risk to the vendor. (D) In-house development provides more control. |
28. Click here to View Answer
Correct Answer: A
| Question.29 An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user’s browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred? (A) SQL injection (SQLi) (B) Extensible Markup Language (XML) external entities (C) Cross-Site Scripting (XSS) (D) Cross-Site Request Forgery (CSRF) |
29. Click here to View Answer
Correct Answer: C
| Question.30 An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim’s existing browser session with a web application is an example of which of the following types of attack? (A) Clickjacking (B) Cross-site request forgery (CSRF) (C) Cross-Site Scripting (XSS) (D) Injection |
30. Click here to View Answer
Correct Answer: B