Which of the following devices could potentially stop a Structured Query Language (SQL) injection attack?

• A.An intrusion prevention system (IPS)
• B.An intrusion detection system (IDS)
• C.A host-based intrusion detection system (HIDS)
• D.A host-based firewall

Comment: *

Name: *

Email: *

Verification: *

Which of the following will MOST effectively minimize the chance of inadvertent disclosure of confidential information?

• A.Enforcing penalties for security policy violations
• B.Following the principle of least privilege
• C.Restricting the use of removable media
• D.Applying data classification rules

Comment: *

Name: *

Email: *

Verification: *

When a user employs a client-side digital certificate to authenticate to a web server through Secure Socket Layer (SSL), confidentiality is MOST vulnerable to which of the following?

• A.IP spoofing
• B.Man-in-the-middle attack
• C.Repudiation
• D.Trojan

Comment: *

Name: *

Email: *

Verification: *

Threat and vulnerability assessments are important PRIMARILY because they are:

• A.needed to estimate risk
• B.the basis for setting control objectives
• C.elements of the organization's security posture
• D.used to establish security investments

Comment: *

Name: *

Email: *

Verification: *

The effectiveness of an information security governance framework will BEST be enhanced if:

• A.consultants review the information security governance framework
• B.risk management is built into operational and strategic activities.
• C.a culture of legal and regulatory compliance is promoted by management.
• D.IS auditors are empowered to evaluate governance activities,

Comment: *

Name: *

Email: *

Verification: *