Certified in Cyber Security
How many temperature sensors are required to measure the actual operating temperature of the environment in a Data Center Rack?
3
What does not ensure network security?
VLANs
Which technology helps limit the broadcast traffic within a network
VLANs
What technology does not provide encryption?
VPNs
An attacker outside the organization attempts to gain access to the organization's internal files. This is an example of a) intrusion b) exploit c) disclosure d) publication
A
What is the risk associated with resuming full operations too soon after a DR effort? a) the danger posed by the disaster might still be present b) Investors might be upset c) Regulators might disapprove d) the organization could save money
A
Which of the below definitions represents the DMZ (Demilitarized Zone) in IT Security?
A DMZ is a network area that is designed to be accessed by outside visitors but is still isolated from the private network of the organization
Of the following, which would probably not be considered a threat? a) natural disaster b) unintentional damage to the system caused by a user c) a laptop with sensitive data on it d) an external attacker trying to gain unauthorized access to the environment
A laptop with sensitive data on it
(ISC2) publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to refer to. Certifications can be issued for demonstrating expertise in the CBK. What kind of document is a CBK?
A standard
Sofia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel . This is an example of
Acceptance
Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1)
Administrative
Within the organization, who can identify risk?
Anyone
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do? (D1, L1.5.1) A) Inform (ISC)² B) Explain the style and format of the questions, but no detail C) Inform the colleague's supervisor D) Nothing
B
who approves the incident response policy? a) ISC2 b) Senior management c) the security manager d) investors
B
Bruce is the branch manager of a bank. Bruce wants to determine which personnel at the branch can get access to systems, and under which conditions they can get access. Which access control methodology would allow Bruce to make this determination? (D3, L3.3.1) Question options: A) MAC (mandatory access control) B) DAC (discretionary access control) C) RBAC (role-based access control) D) Defense-in-depth
C
When choosing a cable type for a data center, one should look for the lowest attenuation. Which of the below cable types have the highest attenuation?
Copper Wires
For which of the following systems would the security concept of availability probably be most important? a) medical systems that store patient data b) retail records of past transactions c) online streaming of camera feeds that display historical works of art in museums around the world d) medical systems that monitor patient condition in an intensice care unit
D
While securing data from the public, an organization employs two-factor authentication (2FA), role-based access control, tokenization, and air-gapped networks. Which concept of cyber security is being applied here by this organization?
Defense in Depth
Which of the below features provides redundancy in the cloud model?
Different availability zones
Hoshi is an (ISC)2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do? (D1, L1.5.1) Question options: A) recommend a different vendor/product B) recommend the cousin's product C) Hoshi should ask to be recused from the task D) disclose the relationship, but recommend the vendor/product
Disclose the relationship, but recommend the vendor/product
When choosing a cable type for a data center, someone should look for the lowest attenuation. Which of the below cable type is best for the data center where the signal needs to travel from one rack to far located last rack?
Glass Cable
Which of the following is required to be protected by redundant power?
HVAC
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? (D1, L1.5.1) a) inform isc2 b) inform law enforcement c) inform triffid management d) nothing
Inform Triffid Management
Chad is a security practitioner tasked with ensuring that the information on the organization's public website is not changed by anyone outside the organization. This task is an example of ensuring _________. (D1, L1.1.1) A) Confidentiality B) Integrity C) Availability D) Confirmation
Integrity
What is the most common threat of IoT devices?
Lack of system update against a new vulnerability
Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________.
Law, procedure
A _______ is a record of something that has occurred
Log
Which type of security control does micro-segmentation support?
Logical rules
Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the best way to counter this threat would be to purchase and implement a particular security solution. This is an example of _______. (D1, L1.2.2) A) Acceptance B) Avoidance C) Mitigation D) Transference
Mitigation
Druna is a security practitioner tasked with ensuring that laptops are not stolen from the organization's offices. Which sort of security control would probably be best for this purpose? (D1, L1.3.1)
Physical
Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task? (D1, L1.3.1)
Physical
The Triffid Corporation publishes a strategic overview of the company's intent to secure all the data the company possesses. This document is signed by Triffid senior management. What kind of document is this? (D1, L1.4.1)
Policy
The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company's commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security. The Triffid document is a _______ and the SANS documents are _________.
Policy, Standard
What is the right time to plan for security?
Pre-deployment
To ensure the availability of a data center, it is best to plan for both resilience and ___________ of the elements in the facility.
Redundancy
Which of the following are not typically involved in incident detection? a) users b) security analysts c) automated tools d) regulators
Regulators
What type of encryption is best for hosting streaming video files?
Symmetric Encryption
A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of _______ control.
Technical
True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs .
True
What is the overall objective of disaster recovery? a) save money b) return to normal, full operations c) preserve critical business functions during a disaster d) enhance public perception of the organization
b
You are reviewing log data from a router; there is an entry that shows a user sent traffic through the router at 11:45 am, local time, yesterday. This is an example of a(n) a) incident b) event c) attack d) threat
b) event
A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing
non-repudiation
the triffid corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a
procedure
The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is this? (D1, L1.3.1)
technical
