You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network.
While auditing the company’s network, you are facing problems in searching the faults and other
entities that belong to it. Which of the following risks may occur due to the existence of these
The National Information Assurance Certification and Accreditation Process (NIACAP) is the
minimum standard process for the certification and accreditation of computer and
telecommunications systems that handle U.S. national security information. Which of the following
participants are required in a NIACAP security assessment? Each correct answer represents a
part of the solution. Choose all that apply.
Which of the following penetration testing techniques automatically tests every phone line in an
exchange and tries to locate modems that are attached to the network?
Which of the following roles is also known as the accreditor?
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance
Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high
integrity and medium availability?
Microsoft software security expert Michael Howard defines some heuristics for determining code
review in “A Process for Performing Security Code Reviews”. Which of the following heuristics
increase the application’s attack surface? Each correct answer represents a complete solution.
Choose all that apply.
Which of the following cryptographic system services ensures that information will not be disclosed
to any unauthorized person on a local network?
What are the various activities performed in the planning phase of the Software Assurance
Acquisition process? Each correct answer represents a complete solution. Choose all that apply.
You work as a project manager for BlueWell Inc. You are working on a project and the
management wants a rapid and cost-effective means for establishing priorities for planning risk
responses in your project. Which risk management process can satisfy management’s objective for your project?
Which of the following models uses a directed graph to specify the rights that a subject can
transfer to an object or that a subject can take from another subject?