In black box penetration testing, what information is provided to the tester about the target environment?

Which security control can best protect against shadow IT by identifying and preventing use of unsanctioned cloud apps and services?

Which option describes the best defense against collusion?

During a penetration test, you find a file containing hashed passwords for the system you are attempting to breach. Which type of attack is most likely to succeed in accessing the hashed passwords in a reasonable amount of time?

You configure an encrypted USB drive for a user who needs to deliver a sensitive file at an in-person meeting. What type of encryption is typically used to encrypt the file?

What is the difference between DRP and BCP

Which main reference coupled with the Cloud Security Alliance Guidance comprise the Security Guidance for Critical Areas of Focus in Cloud Computing?

Which organization has published the most comprehensive set of controls in its security guideline for the Internet of Things?

Which security control scheme do vendors often submit their products to for evaluation, to provide an independent view of product assurance?

There are four possible treatments once an assessment has identified a risk. Which risk treatment implements controls to reduce risk?

You have implemented controls to mitigate the threats, vulnerabilities, and impact to your business. Which type of risk is left over?