After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?

After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?




A. Information Security Awareness
B. Social Media and BYOD
C. Data Handling and Disposal
D. Acceptable Use of IT Systems


Answer: A

A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?

A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?




A. AES
B. 3DES
C. RC4
D. WPA2


Answer: B

A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?

A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?




A. Database field encryption
B. File-level encryption
C. Data loss prevention system
D. Full disk encryption


Answer: A

Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?

Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?




A. It should be enforced on the client side only.
B. It must be protected by SSL encryption.
C. It must rely on the user's knowledge of the application.
D. It should be performed on the server side.


Answer: D

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?



A. Privilege escalation
B. Advanced persistent threat
C. Malicious insider threat
D. Spear phishing


Answer: D