- (Exam Topic 15)
In which of the following scenarios is locking server cabinets and limiting access to keys preferable to locking the server room to prevent unauthorized access?

1. A. Server cabinets are located in an unshared workspace.
2. B. Server cabinets are located in an isolated server farm.
3. C. Server hardware is located in a remote area.
4. D. Server cabinets share workspace with multiple projects.

Correct Answer: D

- (Exam Topic 14)
Why should Open Web Application Security Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application?

1. A. ASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats.
2. B. Opportunistic attackers will look for any easily exploitable vulnerable applications.
3. C. Most regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications.
4. D. Securing applications at ASVS Level 1 provides adequate protection for sensitive data.

Correct Answer: B

- (Exam Topic 9)
Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?

1. A. Challenge Handshake Authentication Protocol (CHAP)
2. B. Point-to-Point Protocol (PPP)
3. C. Extensible Authentication Protocol (EAP)
4. D. Password Authentication Protocol (PAP)

Correct Answer: A

- (Exam Topic 11)
The application of which of the following standards would BEST reduce the potential for data breaches?

1. A. ISO 9000
2. B. ISO 20121
3. C. ISO 26000
4. D. ISO 27001

Correct Answer: D

- (Exam Topic 15)
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods.
Which of the following is the BEST data protection method?

1. A. Encryption
2. B. Backups
3. C. Data obfuscation
4. D. Strong authentication

Correct Answer: C