31. A security engineer is soliciting bids for a software product that will perform centralized authentication. The engineer has found two products so far: one that is based on LDAP and one that is based on TACACS. Which of the following statements is the best approach?
Correct answer: (B)
Do not consider the TACACS-based product, consider the LDAP- based product, and continue looking for other products
32. A security incident as defined as:
Correct answer: (D)
Violation of security policy
33. A security manager has been asked to investigate employee behavior on the part of a senior manager. The investigation has shown that the subject has suffered a serious lapse in judgment and has violated the organization's code of conduct. The security manager has been asked to keep the results of the investigation a secret. How should the security manager respond?
Correct answer: (C)
Deliver the results of the investigation and recommendations for next steps to his superiors
34. A security manager has discovered that sensitive information stored on a server has been compromised. The organization is required by law to notify law enforcement. What should the security manager do first to preserve evidence on the server:
Correct answer: (A)
Disconnect power to the server
35. A security manager has instructed a system administrator to wipe files on a hard disk. This means that the administrator needs to:
Correct answer: (C)
Use a tool to overwrite files multiple times
36. A security manager is concerned that lost key cards can be used by an intruder to gain entrance to a facility. What measure can be used to prevent this?
Correct answer: (A)
Implement PIN pads at card reader stations
37. A security manager is developing a data classification policy. What elements need to be in the policy?
Correct answer: (A)
Sensitivity levels, marking procedures, access procedures, and handling procedures
38. A security manager is performing a quantitative risk assessment on a particular asset. The security manager wants to determine the quantitative loss for a single loss based on a particular threat. The correct way to calculate this is:
Correct answer: (D)
Multiply the asset's value times the exposure factor
39. A security manager is performing a quantitative risk assessment on a particular asset. The security manager wants to estimate the yearly loss based on a particular threat. The correct way to calculate this is:
Correct answer: (D)
Multiply the single loss expectancy times the annualized rate of occurrence
40. A security manager is searching for an encryption algorithm to be used to encrypt data files containing sensitive information. Which of the following algorithms should NOT be considered:
Correct answer: (A)
FISH