A computer forensic analyst is examining suspected malware from a computer system post-attack. Upon reverse engineering the code, the analyst sees several concerning instructions. One of those concerning instructions is that it installs a Unified Extensible Firmware Interface Basic Input/Output System (BIOS) rootkit, and when the system is then rebooted, the BIOS checks for a certain unknown program to be installed. Which security feature MOST likely would have detected and prevented this type of attack if already on the system?
A company that has experienced steady growth for seasonal products in the last several years currently is reevaluating its production planning approach. The chase production plan initially requires 150 employees, then increases to 440 employees, and then decreases to 165 employees. Which of the following factors would be most relevant when evaluating the cost of this production planning approach?
An organization has implemented a control that requires users to change their passwords every 30 days. Which setting of the password policy will prevent users from reusing passwords?
While doing a penetration test, auditors found an old credential hash for a privileged user. To prevent a privileged user ' s hash from being cached, what is the MOST appropriate policy to mandate?
A manufacturer begins production of an item when a customer order is placed. This is an example of a(n):
What order BEST reflects the steps when adding threat modeling practices to a Software Development Life Cycle (SDLC)?
Which of the following factors is the MOST important consideration for a security team when determining when determining whether cryptographic erasure can be used for disposal of a device?
A hot Disaster Recovery (DR) data center is the victim of a data breach. The hackers are able to access and copy 10GB of clear text confidential information. Which of the following could have decreased the amount of exposure from this data breach?
A Generic Routing Encapsulation (GRE) tunnel moves data across a third-party Internet Protocol (IP) network. What is the risk of using GRE tunnels?
Objective security metrics tend to be easier to gather, easier to interpret, and easier to include in reports to management.
What is the BEST objective metric for the effectiveness of a security awareness training?
An information security professional is enhancing the organization ' s existing information security awareness program through educational posters. Which of the following is the MOST effective location for poster placement?
After reviewing the output of a threat modelling workshop, the development manager decides not to implement the application features where issues were identified. What is the BEST description of how the threats from the workshop are being addressed?
Which of the following techniques is BEST suited to preserve the confidentiality of a system’s data?
An organization donates used computer equipment to a non-profit group. A system administrator used a degausser on both the magnetic and Solid State Drives (SSD) before delivery. A volunteer at the non-profit group discovered some of the drives still contained readable data and alerted the system administrator. What is the BEST solution to ensure that computer equipment does not contain data before release?