ICS

Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel. This is an example of

A) Acceptance

Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction?

A) Administrative

When data has reached the end of the retention period, it should be ___

A) Destroyed

Triffid, Inc., has many remote workers who use their own IT devices to process Triffid's information. The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize and identify potential security issues. Which of the following is probably most appropriate for this specific purpose? (D4.2 L4.2.2)

A) HIDS (host-based intrusion-detection systems)

Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of

A) Risk tolerance

Prina is a database manager. Prina is allowed to add new users to the database, remove current users and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of

A) Role-based access controls (RBAC)

A tool that monitors local devices to reduce potential threats from hostile software.

Anti-malware

Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to several people and wants the recipients to know that the message definitely came from Bluga. What type of encryption should Bluga use?

B) Asymmetric encryption

All of the following are important ways to practice an organization disaster recovery (DR) effort; which one is the most important?

B) Facility evacuation drills

The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a

B) Procedure

Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do?

B) Stop participating in the group

A tool that inspects outbound traffic to reduce potential threats.

C) DLP (data loss prevention

Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task?

C) Physical

Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. Which security concept is being applied in this situation? (D3, L3.1.1)

D) Dual control

An IoT (Internet of Things) device is typified by its effect on or use of the _____ environment.

D) Physical

Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the following except:

D) Receptionist

Which of the following are not typically involved in incident detection?

D) Regulators

Which of the following is not an appropriate control to add to privileged accounts?

D) Security deposit

is used to ensure that configuration management activities are effective and enforced. (

D) Verification and audit

The section of the IT environment that is closest to the external world; where we locate IT systems that communicate with the Internet.

DMZ

True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs.

False

Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk?

Firewall

Triffid, Inc., has many remote workers who use their own IT devices to process Triffid's information. The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize and identify potential security issues. Which of the following is probably most appropriate for this specific purpose?

HIDS

Which common cloud service model offers the customer the most control of the cloud environment?

Infrastructure as a service (IaaS)

An organization must always be prepared to ______ when applying a patch.

Rollback

Which common cloud service model only offers the customer access to a given application?

Software as a service (SaaS)

The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers' personal data. This set of rules is a

Standard

In order for a biometric security to function properly, an authorized person's physiological data must be

Stored

A means to allow remote users to have secure access to the internal IT environment.

VPN

NIDS

are useful for monitoring internal traffic,