Download Cybersecurity Pre-Course Assessment: Multiple Choice Questions and Answers and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
Cybersecurity Pre-Course Assessment |
100% Correct Answers | Verified | Latest
2024 Version
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do? - ✔✔Inform (ISC)² Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do? - ✔✔Explain the style and format of the questions, but no detail A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing - ✔✔Non-repudiation The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? - ✔✔Law The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers' personal data. This set of rules is a _____. - ✔✔Standard Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? - ✔✔Stop participating in the group Which of the following probably poses the most risk? - ✔✔A high-likelihood, high-impact event
Druna is a security practitioner tasked with ensuring that laptops are not stolen from the organization's offices. Which sort of security control would probably be best for this purpose? - ✔✔Physical Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? - ✔✔Inform Triffid management Preenka works at an airport. There are red lines painted on the ground next to the runway; Preenka has been instructed that nobody can step or drive across a red line unless they request, and get specific permission from, the control tower. This is an example of a(n)______ control. - ✔✔Administrative The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company's commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security. The Triffid document is a ______, and the SANS documents are ________. - ✔✔Policy, standard Which of the following is an example of a "something you are" authentication factor? - ✔✔A photograph of your face For which of the following assets is integrity probably the most important security aspect? - ✔✔The file that contains passwords used to authenticate users Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe? - ✔✔Administrative For which of the following systems would the security concept of availability probably be most important? - ✔✔Medical systems that monitor patient condition in an intensive care unit
True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs. - ✔✔False Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees transferring from one department to another, getting promoted, or cross-training to new positions can get access to the different assets they'll need for their new positions, in the most efficient manner. Which method should Handel select? - ✔✔Role- based access controls (RBAC) Which of the following will have the most impact on determining the duration of log retention? - ✔✔Applicable laws Which of the following statements is true? - ✔✔It is best to use a blend of controls in order to provide optimum security A human guard monitoring a hidden camera could be considered a ______ control. - ✔✔Detective Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina's selection and determine whether to approve the purchase. This is a description of: - ✔✔Segregation of duties Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to log in for Doug, using Trina's credentials, so that Doug can get some work done. What is the problem with this? - ✔✔Anything either of them do will be attributed to Trina Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software. Which of the following could be used to describe Gelbi's account? - ✔✔Privileged Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a "classification." Every person in the agency is assigned a "clearance" level, which determines the classification of data each person can access.
What is the access control model being implemented in Tekila's agency? - ✔✔MAC (mandatory access control) Prina is a database manager. Prina is allowed to add new users to the database, remove current users and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of: - ✔✔Role-based access controls (RBAC) Which of the following is probably most useful at the perimeter of a property? - ✔✔A fence Which of the following roles does not typically require privileged account access? - ✔✔Data entry professional Which of these is an example of a physical access control mechanism? - ✔✔A lock on a door Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the following except: - ✔✔Fence Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. - ✔✔Dual control Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is Prachi? - ✔✔The subject Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select? - ✔✔Role-based access controls (RBAC)
Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an attack designed to affect the availability of the environment. Which of the following might be the attack Ludwig sees? - ✔✔DDOS (distributed denial of service) Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an additional task necessary to ensure this control will function properly? - ✔✔Update the anti-malware solution regularly A VLAN is a _____ method of segmenting networks. - ✔✔Logical Garfield is a security analyst at Triffid, Inc. Garfield notices that a particular application in the production environment is being copied very quickly, across systems and devices utilized by many users. What kind of attack could this be? - ✔✔Worm Which of the following is one of the common ways potential attacks are often identified? - ✔✔Users report unusual systems activity/response to Help Desk or the security office Which type of fire-suppression system is typically the safest for humans? - ✔✔Water Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's machine and Linda's machine and can then surveil the traffic between the two when they're communicating. What kind of attack is this? - ✔✔On-path A tool that inspects outbound traffic to reduce potential threats. - ✔✔DLP (data loss prevention) A device that is commonly useful to have on the perimeter between two networks. - ✔✔Firewall ______ is used to ensure that configuration management activities are effective and enforced. - ✔✔Verification and audit Security controls on log data should reflect ________. - ✔✔The sensitivity of the source device
Who dictates policy? - ✔✔Senior management Triffid, Inc., wants to host streaming video files for the company's remote users, but wants to ensure the data is protected while it's streaming. Which of the following methods are probably best for this purpose? - ✔✔Symmetric encryption Every document owned by Triffid, Inc., whether hardcopy or electronic, has a clear, 24-point word at the top and bottom. Only three words can be used: "Sensitive," "Proprietary" and "Public." This is an example of _____. - ✔✔Labeling Data _____ is data left behind on systems/media after normal deletion procedures have been attempted. - ✔✔Remanence If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need? - ✔✔ 4 Logs should be reviewed ______. - ✔✔Continually Which of these is the most important reason to conduct security instruction for all employees. - ✔✔An informed user is a more secure user If two people want to use symmetric encryption to conduct a confidential conversation, how many keys do they need? - ✔✔ 1 The output of any given hashing algorithm is always _____. - ✔✔The same length When data has reached the end of the retention period, it should be _____. - ✔✔Destroyed Hashing is often used to provide _______. - ✔✔Integrity
