1. Which of the following would best ensure a controlled version release of a new software application?
A. Business continuity planning
B. Quantified risk analysis
C. Static code analysis
D. Change management procedures Correct
Explanation
Change management procedures provide a structured, systematic approach to managing all changes to an IT environment. This includes processes for planning, reviewing, approving, testing, and documenting software releases, thereby ensuring a controlled and predictable version release.
2. Which of the following would best prepare a security team for a specific incident response scenario?
A. Situational awareness
B. Risk assessment
C. Root cause analysis
D. Tabletop exercise Correct
Explanation
A tabletop exercise simulates a specific incident response scenario in a discussion-based format. It allows the security team to walk through their roles, responsibilities, and decision-making processes in a low-stress environment, effectively preparing them for real-world incidents without actual system impact.
3. A software developer released a new application and is distributing application files via the developer's website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?
A. Hashes Correct
B. Certificates
C. Algorithms
D. Salting
Explanation
Posting the hash (e.g., MD5, SHA-256) of the original application files allows users to compute the hash of their downloaded files. If the computed hash matches the posted hash, it confirms the integrity of the downloaded files, assuring users that the files have not been corrupted or tampered with during transit.
4. A business provides long-term cold storage services to banks that are required to follow regulator-imposed data retention guidelines. Banks that use these services require that data is disposed of in a specific manner at the conclusion of the regulatory threshold for data retention. Which of the following aspects of data management is the most important to the bank in the destruction of this data?
A. Encryption
B. Classification
C. Certification Correct
D. Procurement
Explanation
For regulated industries like banking, merely disposing of data is not enough; the method of destruction often needs to be certified. Certification means that the data destruction process meets specific regulatory standards and that there is documented proof (a certificate) that the data was securely and irretrievably destroyed according to those requirements.
5. Which of the following allows for the attribution of messages to individuals?
A. Adaptive identity
B. Non-repudiation Correct
C. Authentication
D. Access logs
Explanation
Non-repudiation ensures that a party cannot deny having made a statement or committed an action. In the context of messages, it provides undeniable proof of origin and integrity, allowing specific messages to be reliably attributed to specific individuals, often achieved through digital signatures or cryptographic hashes.