Which of the following is NOT an accepted classification of security controls?

A. Nominative.

B. Preventive.

C. Detective.

D. Corrective.

In order to maintain the currency of risk countermeasures, how often SHOULD an organisation review these risks?

A. Once defined, they do not need reviewing.

B. A maximum of once every other month.

C. When the next risk audit is due.

D. Risks remain under constant review.

Which of the following describes a qualitative risk assessment approach?

A. A subjective assessment of risk occurrence likelihood against the potential impact that determines the overall severity of a risk.

B. The use of verifiable data to predict the risk occurrence likelihood and the potential impact so as to determine the overall severity of a risk.

C. The use of Monte-Carlo Analysis and Layers of Protection Analysis (LOPA) to determine the overall severity of a risk.

D. The use of Risk Tolerance and Risk Appetite values to determine the overall severity of a risk

Which of the following statements relating to digital signatures is TRUE?

A. Digital signatures are rarely legally enforceable even if the signers know they are signing a legal document.

B. Digital signatures are valid and enforceable in law in most countries in the world.

C. Digital signatures are legal unless there is a statutory requirement that predates the digital age.

D. A digital signature that uses a signer's private key is illegal.

Which of the following is a framework and methodology for Enterprise Security Architecture and Service Management?

A. TOGAF

B. SABSA

C. PCI DSS.

D. OWASP.

James is working with a software programme that completely obfuscates the entire source code, often in

the form of a binary executable making it difficult to inspect, manipulate or reverse engineer the original

source code.

What type of software programme is this?

A. Free Source.

B. Proprietary Source.

C. Interpreted Source.

D. Open Source.

What term is used to describe the act of checking out a privileged account password in a manner that bypasses normal access controls procedures during a critical emergency situation?

A. Privileged User Gateway

B. Enterprise Security Management

C. Multi Factor Authentication.

D. Break Glass

What form of training SHOULD developers be undertaking to understand the security of the code they have written and how it can improve security defence whilst being attacked?

A. Red Team Training.

B. Blue Team Training.

C. Black Hat Training.

D. Awareness Training.

In software engineering, what does 'Security by Design" mean?

A. Low Level and High Level Security Designs are restricted in distribution.

B. All security software artefacts are subject to a code-checking regime.

C. The software has been designed from its inception to be secure.

D. All code meets the technical requirements of GDPR.

What type of attack could directly affect the confidentiality of an unencrypted VoIP network?

A. Packet Sniffing.

B. Brute Force Attack.

C. Ransomware.

D. Vishing Attack