- (Exam Topic 3)
An organization has a strict policy that if elevated permissions are needed, users should always run commands under their own account, with temporary administrator privileges if necessary. A security analyst is reviewing syslog entries and sees the following:
Which of the following entries should cause the analyst the MOST concern?
Correct Answer:A
- (Exam Topic 3)
A security technician configured a NIDS to monitor network traffic. Which of the following is a condition in which harmless traffic is classified as a potential network attack?
Correct Answer:D
- (Exam Topic 1)
It is important to parameterize queries to prevent:
Correct Answer:A
Reference: https://stackoverflow.com/QUESTION NO:s/4712037/what-is-parameterized-query
- (Exam Topic 3)
Which of the following BEST explains the function of a managerial control?
Correct Answer:C
Managerial controls are procedural mechanisms that focus on the mechanics of the risk management process. Examples of administrative controls include periodic risk assessments, security planning exercises, and the incorporation of security into the organization's change management, service acquisition, and project management practices
- (Exam Topic 3)
An organizational policy requires one person to input accounts payable and another to do accounts receivable.
A separate control requires one person to write a check and another person to sign all checks greater than
$5,000 and to get an additional signature for checks greater than $10,000. Which of the following controls has the organization implemented?
Correct Answer:D