An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?

A. Reasonable data
B. Population of required fields
C. Allowed number of characters
D. Session testing

Which of the following is MOST effective in detecting information hiding in Transmission Control Protocol/Internet Protocol (TCP/IP) traffic?

A. Packet-filter firewall
B. Content-filtering web proxy
C. Stateful inspection firewall
D. Application-level firewall

Which of the following is the key requirement for test results when implementing forensic procedures?

A. The test results must be cost-effective.
B. The test result must be authorized.
C. The test results must be quantifiable.
D. The test results must be reproducible.

For the purpose of classification, which of the following is used to divide trust domain and trust boundaries?

A. Network architecture
B. Integrity
C. Identity Management (IdM)
D. Confidentiality management

Which of the following needs to be taken into account when assessing vulnerability?

A. Risk identification and validation
B. Threat mapping
C. Risk acceptance criteria
D. Safeguard selection

What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

A. Isolate and contain the intrusion.
B. Notify system and application owners.
C. Apply patches to the Operating Systems (OS).
D. Document and verify the intrusion.

Once the types of information have been identified, who should an information security practitioner work with to ensure that the information is properly categorized?

A. Information Owner (IO)
B. System Administrator
C. Business Continuity (BC) Manager
D. Chief Information Officer (CIO)

Which of the following is the PRIMARY mechanism used to limit the range of objects available to a given subject within different execution domains?

A. Process isolation
B. Data hiding and abstraction
C. Use of discrete layering and Application Programming Interfaces (API)
D. Virtual Private Network (VPN)

Which of the following open source software issues pose the MOST risk to an application?

A. The software is beyond end of life and the vendor is out of business.
B. The software is not used or popular in the development community.
C. The software has multiple Common Vulnerabilities and Exposures (CVE) and only some are remediated.
D. The software has multiple Common Vulnerabilities and Exposures (CVE) but the CVEs are classified as low risks.

Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider’s customers?

A. Security
B. Privacy
C. Access
D. Availability