What is the MAIN reason for having a developer sign a Non-Disclosure Agreement (NDA)?

A. Signing the NDA always gives consent to the developer to access tools and privileged company information to do their work.
B. Signing the NDA allows the developer to use their developed coding methods.
C. Signing the NDA protects confidential, technical, or Intellectual Property (IP) from disclosure to others.
D. Signing the NDA is legally binding for up to one year of employment.

How can an attacker exploit a stack overflow to execute arbitrary code?

A. Modify a function’s return address.
B. Move the stack pointer
C. Substitute elements in the stack.
D. Alter the address of the stack.

Which step of the Risk Management Framework (RMF) identifies the initial set of baseline security controls?

A. Selection
B. Monitoring
C. Implementation
D. Assessment

Which of the following are the FIRST two steps to securing employees from threats involving workplace violence and acts of terrorism?

A. Physical barriers impeding unauthorized access and security guards at each entrance
B. Physical barriers and the ability to identify people as they enter the workplace
C. Security guards and metal detectors posted at each entrance
D. Metal detectors and the ability to identify people as they enter the workplace

What information will BEST assist security and financial analysts in determining if a security control is cost effective to mitigate a vulnerability?

A. Annualized Loss Expectancy (ALE) and the cost of the control
B. Single Loss Expectancy (SLE) and the cost of the control
C. Annual Rate of Occurrence (ARO) and the cost of the control
D. Exposure Factor (EF) and the cost of the control

What is the MOST efficient way to verify the integrity of database backups?

A. Test restores on a regular basis.
B. Restore every file in the system to check its health.
C. Use checksum as part of the backup operation to make sure that no corruption has occurred.
D. Run DBCC CHECKDB on a regular basis to check the logical and physical integrity of the database objects.

Which of the following MUST a security policy include to be effective within an organization?

A. A list of all standards that apply to the policy
B. Owner information and date of last revision
C. Disciplinary measures for non-compliance
D. Strong statements that clearly define the problem

A system administration office desires to implement the following rules:

• An administrator that is designated as a skill level 3, with 5 years of experience, is allowed to perform system backups, upgrades, and local administration.
• An administrator that is designated as a skill level 5, with 10 years of experience, is permitted to perform all actions related to system administration.

Which of the following access control methods MUST be implemented to achieve this goal?

A. Discretionary Access Control (DAC)
B. Role Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Attribute Based Access Control (ABAC)

When should the software Quality Assurance (QA) team feel confident that testing is complete?

A. When release criteria are met
B. When the time allocated for testing the software is met
C. When senior management approves the test results
D. When the software has zero security vulnerabilities

Which of the following is the BEST reason to apply patches manually instead of automated patch management?

A. The cost required to install patches will be reduced.
B. The time during which systems will remain vulnerable to an exploit will be decreased.
C. The target systems reside within isolated networks.
D. The ability to cover large geographic areas is increased.