ISC(2) Post Assessment

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Which common cloud deployment model typically features only a single customer's data/functionality stored on specific systems/hardware? A) Public B) Private C) Community D) Hybrid

Private

Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software. Which of the following could be used to describe Gelbi's account? A) Privileged B) Internal C) External D) User

Privileged

What is the goal of an incident response effort? A) No incidents ever happen B) Reduce the impact of incidents on operations C) Punish wrongdoers D) Save money

Reduce the impact of incidents on operations

To adequately ensure availability for a data center, it is best to plan for both resilience and _______ of the elements in the facility. A) Uniqueness B) Destruction C) Redundancy D) Hue

Redundancy

Data _____ is data left behind on systems/media after normal deletion procedures have been attempted. A) Fragments B) Packets C) Remanence D) Residue

Remanence

Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________. A) Risk tolerance B) Risk inversion C) Threat D) Vulnerability

Risk Tollerance

Which of the following is a biometric access control mechanism? A) A badge reader B) A copper key C) A fence with razor tape on it D) A door locked by a voiceprint identifier

A door locked by a voiceprint identifier

Which of the following is probably most useful at the perimeter of a property? A) A safe B) A fence C) A data center D) A centralized log storage facility

A fence

What is the most important goal of a business continuity effort? A) Ensure all IT systems function during a potential interruption B) Ensure all business activities are preserved during a potential disaster C) Ensure the organization survives a disaster D) Preserve health and human safety

Preserve health and human safety

If two people want to use symmetric encryption to conduct a confidential conversation, how many keys do they need? A) 1 B) 3 C) 8 D) none

1

Carol is browsing the Web. Which of the following ports is she probably using? A) 12 B) 80 C) 247 D) 999

80 (port 80 is used for HTTP traffic, and HTTP is a Web-browsing protocol)

Which of the following probably poses the most risk? A) A high-likelihood, high-impact event B) A high-likelihood, low-impact event C) A low-likelihood, high-impact event D) A low-likelihood, low-impact event

A high-likelihood, high-impact event

Which of the following is an example of a "something you are" authentication factor? A) A credit card presented to a cash machine B) Your password and PIN C) A user ID D) A photograph of your face

A photograph of your face

Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel. This is an example of _________. A) Acceptance B) Avoidance C) Mitigation D) Transference

Acceptance

Preenka works at an airport. There are red lines painted on the ground next to the runway; Preenka has been instructed that nobody can step or drive across a red line unless they request, and get specific permission from, the control tower. This is an example of a(n)______ control. A) Physical B) Administrative C) Critical D) Technical

Administrative

Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? A) Administrative B) Finite C) Physical D) Technical

Administrative

Security needs to be provided to ____ data. A) Restricted B) Illegal C) Private D) All

All

Which of the following is likely to be included in the business continuity plan? A) Alternate work areas for personnel affected by a natural disaster B) The organization's strategic security approach C) Last year's budget information D) Log data from all systems

Alternate work areas for personnel affected by a natural disaster

Which of these is the most important reason to conduct security instruction for all employees. A) Reduce liability B) Provide due diligence C) It is a moral imperative D) An informed user is a more secure user

An informed user is a more secure user

A tool that monitors local devices to reduce potential threats from hostile software. A) NIDS (network-based intrusion-detection systems) B) Anti-malware C) DLP (data loss prevention) D) Firewall

Anti-malware

Which of the following will have the most impact on determining the duration of log retention? A) Personal preference B) Applicable laws C) Industry standards D) Type of storage media

Applicable Laws

Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to several people and wants the recipients to know that the message definitely came from Bluga. What type of encryption should Bluga use? A) Symmetric encryption B) Asymmetric encryption C) Small-scale encryption D) Hashing

Asymmetric encryption

"Wiring _____" is a common term meaning "a place where wires/conduits are often run, and equipment can be placed, in order to facilitate the use of local networks." A) Shelf B) Closet C) Bracket D) House

Closet

Logs should be reviewed ______. A) Every Thursday B) Continually C) Once per calendar year D) Once per fiscal year

Continually

At Parvi's place of work, the perimeter of the property is surrounded by a fence; there is a gate with a guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the hallways. Sensitive data and media are kept in safes when not in use. This is an example of: A) Two-person integrity B) Segregation of duties C) Defense in depth D) Penetration testing

Defense in depth

Bruce is the branch manager of a bank. Bruce wants to determine which personnel at the branch can get access to systems, and under which conditions they can get access. Which access control methodology would allow Bruce to make this determination? A) MAC (mandatory access control) B) DAC (discretionary access control) C) RBAC (role-based access control) D) Defense-in-depth

DAC (discretionary access control)

Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an attack designed to affect the availability of the environment. Which of the following might be the attack Ludwig sees? A) DDOS (distributed denial of service) B) Spoofing C) Exfiltrating stolen data D) An insider sabotaging the power supply

DDOS (distributed denial of service)

A tool that inspects outbound traffic to reduce potential threats. A) NIDS (network-based intrusion-detection systems) B) Anti-malware C) DLP (data loss prevention) D) Firewall

DLP (data loss prevention)

When data has reached the end of the retention period, it should be _____. A) Destroyed B) Archived C) Enhanced D) Sold

Destroyed

A human guard monitoring a hidden camera could be considered a ______ control. A) Detective B) Preventive C) Deterrent D) Logical

Detective

Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. Which security concept is being applied in this situation? A) Defense in depth B) Segregation of duties C) Least privilege D) Dual control

Dual Control

All visitors to a secure facility should be _______. A) Fingerprinted B) Photographed C) Escorted D) Required to wear protective equipment

Escorted

Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do? A) Inform (ISC)² B) Explain the style and format of the questions, but no detail C) Inform the colleague's supervisor D) Nothing

Explain the style and format of the questions, but no detail

All of the following are important ways to practice an organization disaster recovery (DR) effort; which one is the most important? A) Practice restoring data from backups B) Facility evacuation drills C) Desktop/tabletop testing of the plan D) Running the alternate operating site to determine if it could handle critical functions in times of emergency

Facility evacuation drills

Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the following except: A) Sign-in sheet/tracking log B) Fence C) Badges that differ from employee badges D) Receptionist

Fence

A device that filters network traffic in order to enhance overall security/performance. A) Endpoint B) Laptop C) MAC (media access control) D) Firewall

Firewall

A device that is commonly useful to have on the perimeter between two networks. A) User laptop B) IoT C) Camera D) Firewall

Firewall

Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why? A) Gary is being punished B) The network is tired C) Users remember their credentials if they are given time to think about it D) Gary's actions look like an attack

Gary's actions look like an attack

Cheryl is browsing the Web. Which of the following protocols is she probably using? A) SNMP (Simple Network Management Protocol) B) FTP (File Transfer Protocol) C) TFTP (Trivial File Transfer Protocol) D) HTTP (Hypertext Transfer Protocol)

HTTP (Hypertext Transfer Protocol)

Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit. What technique/tool could Dieter use to assist in this effort? A) Hashing B) Clockwise rotation C) Symmetric encryption D) Asymmetric encryption

Hashing

Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do? A) Nothing B) Inform (ISC)² C) Inform law enforcement D) Inform Glen's employer

Inform (ISC)²

Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? A) Inform (ISC)² B) Inform law enforcement C) Inform Triffid management D) Nothing

Inform Triffid management

Which common cloud service model offers the customer the most control of the cloud environment? A) Lunch as a service (LaaS) B) Infrastructure as a service (IaaS) C) Platform as a service (PaaS) D) Software as a service (SaaS)

Infrastructure as a service (IaaS)

The logical address of a device connected to the network or Internet. A) Media access control (MAC) address B) Internet Protocol (IP) address C) Geophysical address D) Terminal address

Internet Protocol (IP) address

An attacker outside the organization attempts to gain access to the organization's internal files. This is an example of a(n) ______. A) Intrusion B) Exploit C) Disclosure D) Publication

Intrusion

Which of the following statements is true? A) Logical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls B) Physical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls C) Administrative access controls can protect the IT environment perfectly; there is no reason to deploy any other controls D) It is best to use a blend of controls in order to provide optimum security

It is best to use a blend of controls in order to provide optimum security

Every document owned by Triffid, Inc., whether hardcopy or electronic, has a clear, 24-point word at the top and bottom. Only three words can be used: "Sensitive," "Proprietary" and "Public." This is an example of _____. A) Secrecy B) Privacy C) Inverting D) Labeling

Labeling

A _____ is a record of something that has occurred. A) Biometric B) Law C) Log D) Firewall

Log

Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task? A) Administrative B) Technical C) Physical D) Nuanced

Physical

A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________. A) Non-repudiation B) Multifactor authentication C) Biometrics D) Privacy

Non-repudiation

Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's machine and Linda's machine and can then surveil the traffic between the two when they're communicating. What kind of attack is this? A) Side channel B) DDOS C) On-path D) Physical

On-path

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees transferring from one department to another, getting promoted, or cross-training to new positions can get access to the different assets they'll need for their new positions, in the most efficient manner. Which method should Handel select? A) Role-based access controls (RBAC) B) Mandatory access controls (MAC) C) Discretionary access controls (DAC) D) Barbed wire

Role-based access controls (RBAC)

Prina is a database manager. Prina is allowed to add new users to the database, remove current users and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of: A) Role-based access controls (RBAC) B) Mandatory access controls (MAC) C) Discretionary access controls (DAC) D) Alleviating threat access controls (ATAC)

Role-based access controls (RBAC)

Barry wants to upload a series of files to a web-based storage service, so that people Barry has granted authorization can retrieve these files. Which of the following would be Barry's preferred communication protocol if he wanted this activity to be efficient and secure? A) SMTP (Simple Mail Transfer Protocol) B) FTP (File Transfer Protocol) C) SFTP (Secure File Transfer Protocol) D) SNMP (Simple Network Management Protocol)

SFTP (Secure File Transfer Protocol)

Proper alignment of security policy and business goals within the organization is important because: A) Security should always be as strict as possible B) Security policy that conflicts with business goals can inhibit productivity C) Bad security policy can be illegal D) Security is more important than business

Security policy that conflicts with business goals can inhibit productivity

Who approves the incident response policy? A) (ISC)² B) Senior management C) The security manager D) Investors

Senior Management

Who dictates policy? A) The security manager B) The Human Resources office C) Senior management D) Auditors

Senior Management

A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages. A) Router B) Switch C) Server D) Laptop

Server

(ISC)² publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to refer to. Certifications can be issued for demonstrating expertise in this Common Body of Knowledge. What kind of document is the Common Body of Knowledge? A) Policy B) Procedure C) Standard D) Law

Standard

The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers' personal data. This set of rules is a _____. A) Law B) Policy C) Standard D) Procedure

Standard

Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? A) Nothing B) Stop participating in the group C) Report the group to law enforcement D) Report the group to (ISC)²

Stop participating in the group

Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that Suvid has to reset the password. What may have occurred to cause this? A) Suvid broke the law B) Suvid's password has expired C) Suvid made the manager angry D) Someone hacked Suvid's machine

Suvid's password has expired

A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. A) Physical B) Administrative C) Passive D) Technical

Technical

Jengi is setting up security for a home network. Jengi decides to configure MAC address filtering on the router, so that only specific devices will be allowed to join the network. This is an example of a(n)_______ control. A) Physical B) Administrative C) Substantial D) Technical

Technical

The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is this? A) Administrative B) Entrenched C) Physical D) Technical

Technical

Olaf is a member of (ISC)² and a security analyst for Triffid Corporation. During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid. What should Olaf do? A) Tell the auditors the truth B) Ask supervisors for guidance C) Ask (ISC)² for guidance D) Lie to the auditors

Tell the auditors the truth

What is the risk associated with resuming full normal operations too soon after a DR effort? A) The danger posed by the disaster might still be present B) Investors might be upset C) Regulators might disapprove D) The organization could save money

The danger posed by the disaster might still be present

For which of the following assets is integrity probably the most important security aspect? A) One frame of a streaming video B) The file that contains passwords used to authenticate users C) The color scheme of a marketing website D) Software that checks the spelling of product descriptions for a retail website

The file that contains passwords used to authenticate users

Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the ACL? A) The subject B) The object C) The rule D) The firmware

The rule

Security controls on log data should reflect ________. A) The organization's commitment to customer service B) The local culture where the log data is stored C) The price of the storage device D) The sensitivity of the source device

The sensitivity of the source device

In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset. A) Fear B) Threat C) Control D) Asset

Threat

Bert wants to add a flashlight capability to a smartphone. Bert searches the internet for a free flashlight app, and downloads it to the phone. The app allows Bert to use the phone as a flashlight, but also steals Bert's contacts list. What kind of app is this? A) DDOS B) Trojan C) Side channel D) On-path

Trojan

A means to allow remote users to have secure access to the internal IT environment. A) Internet B) VLAN C) MAC D) VPN

VPN

______ is used to ensure that configuration management activities are effective and enforced. A) Inventory B) Baseline C) Identification D) Verification and audit

Verification and audit

Which type of fire-suppression system is typically the safest for humans? A) Water B) Dirt C) Oxygen-depletion D) Gaseous

Water


Kaugnay na mga set ng pag-aaral

P2T3 - Questions CNS Anti-seizure Medication

View Set

America's First National Government-The Articles of Confederation

View Set

Chapter 4: Pregnancy and Prenatal Development

View Set

Chapter 3 Real Estate U- Contract Law

View Set