Which of these is NOT a characteristic of a weak password?

A) A common dictionary word

B) A long password

C) Using personal information

D) Using a predictable sequence of characters

How is the Security Assertion Markup Language (SAML) used?

A) It allows secure web domains to exchange user authentication and authorization data.

B) It is a backup to a RADIUS server.

C) It is an authenticator in IEEE 802.1x.

D) It is no longer used because it has been replaced by LDAP.

Which of the following is NOT true about privacy?

A) Today, individuals can achieve any level of privacy that is desired.

B) Privacy is difficult due to the volume of data silently accumulated by technology.

C) Privacy is freedom from attention, observation, or interference based on your decision.

D) Privacy is the right to be left alone to the degree that you choose.

Dilma has been tasked with creating a list of potential employees to serve in an upcoming tabletop exercise.  Which employees will be on her list?

A) All employees

B) Individuals on a decision-making level

C) Full-time employees

D) Only IT managers

Which of these is NOT a response to risk?

A) mitigation

B) transference

C) resistance

D) avoidance

Each of the following accounts should be prohibited EXCEPT:

A) Shared accounts

B) Generic accounts

C) Privileged accounts

D) Guest accounts

Ilya has been asked

A RADIUS authentication server requires the ________ to be authenticated first.

A) authenticator

B) user

C) authentication server

D) supplicant

Which of the following is NOT a risk associated with the use of private data?

A) Individual inconveniences and identity theft

B) Associations with groups

C) Statistical inferences

D) Devices being infected with malware

What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?

A) MTTR

B) MTBR

C) MTBF

D) MTTI

Angela was asked to create a report that listed the reasons why a contractor should be provided penetration testing authorization.  Which of the follow would she NOT list in her report?

A) Legal authorization

B) Indemnification

C) Limit retaliation

D) Access to resources

Mike has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?

A) OAuth

B) Open ID Connect

C) Shibboleth

D) NTLM

Which of the following is NOT true regarding how an enterprise should handle an orphaned or dormant account?

A) A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization.

B) Access should be ended as soon as the employee is no longer part of the organization.

C) Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account.

D) All orphaned and dormant accounts should be deleted immediately whenever they are discovered.

Which of the following is NOT an issue raised regarding how private data is gathered and used?

A) The data is gathered and kept in secret.

B) By law, all encrypted data must contain a “backdoor” entry point.

C) Informed consent is usually missing or is misunderstood.

D) The accuracy of the data cannot be verified.

Which of the following is NOT a category of fire suppression systems?

A) Water sprinkler system

B) Wet chemical system

C) Clean agent system

D) Dry chemical system

Which of the following risk control types would use video surveillance systems and barricades to limit access to secure sites?

A) operational

B) managerial

C) technical 

D) strategic