274 Chapter 11 ■ Practice Test 3
- Which one of the following tools is most often used for identification purposes and is not
suitable for use as an authenticator?
A. Password
B. Retinal scan
C. Username
D. Token - Ben needs to verify that the most recent patch for his organization’s critical application did
not introduce issues elsewhere. What type of testing does Ben need to conduct to ensure
this?
A. Unit testing
B. White box
C. Regression testing
D. Black box - Tamara recently decided to purchase cyber-liability insurance to cover her company’s costs
in the event of a data breach. What risk management strategy is she pursuing?
A. Risk acceptance
B. Risk mitigation
C. Risk transference
D. Risk avoidance - Which of the following is not one of the four canons of the (ISC)^2 code of ethics?
A. Avoid conflicts of interest that may jeopardize impartiality.
B. Protect society, the common good, necessary public trust and confidence, and the
infrastructure.
C. Act honorably, honestly, justly, responsibly, and legally.
D. Provide diligent and competent service to principals. - Jim wants to allow a partner organization’s Active Directory forest (B) to access his
domain forest’s (A)’s resources but doesn’t want to allow users in his domain to access B’s
resources. He also does not want the trust to flow upward through the domain tree as it is
formed. What should he do?
A. Set up a two-way transitive trust.
B. Set up a one-way transitive trust.
C. Set up a one-way nontransitive trust.
D. Set up a two-way nontransitive trust. - Susan’s team is performing code analysis by manually reviewing the code for flaws. What
type of analysis are they performing?
A. Gray box
B. Static
C. Dynamic
D. Fuzzing