Question 1

The Chief Information Security Officer (CISO) of an organization has requested that a Service Organization Control (SOC) report be created to outline the security and availability of a

particular system over a 12-month period. Which type of SOC report should be utilized?

Options :

A : SOC 1 Type 1

B : SOC 2 Type 2

C : SOC 2 Type 2

D : SOC 3 Type 1

Answer: C

Question 2

Which of the following is an advantage of' Secure Shell (SSH)?

Options :

A : It operates at the network layer.

B : It encrypts transmitted User ID and passwords.

C : It uses challenge-response to authenticate each party.

D : It uses the International Data Encryption Algorithm (IDEA) for data privacy.

Answer: C

Question 3

The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the team taken into consideration?

Options :

A : biometric data cannot be changed.

B : Separate biometric data streams require increased security.

C : The biometric devices are unknown.

D : Biometric data must be protected from disclosure.

Answer: A

Question 4

Which of the following techniques evaluates the secure Bet principles of network or software architectures?

Options :

A : Threat modeling

B : Risk modeling

C : Waterfall method

D : Fuzzing

Answer: A

Question 5

What type of encryption is used to protect sensitive data in transit over a network?

Options :

A : Payload encryption and transport encryption

B : Authentication Headers (AH)

C : Keyed-Hashing for Message Authentication

D : Point-to-Point Encryption (P2PE)

Answer: A