Test Out security Domain 5
Natural
A broken water pipe that floods the reception area would be considered which type of threat?
Both tangible and intangible
A file server with data is consider which of the following asset types?
Confidentiality
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is most pressing?
Implicit deny
An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone who is not on the list?
Detective
Audit trails produced by auditing activities are which type of security control?
Every aspect
Change control should be used to oversee and manage changes over which aspect of an organization?
Perpetrators attempt to compromise or affect the operations of a system.-Active attack Unauthorized individuals try to breach a network from off-site.-External attack Attempting to find the root password on a web server by brute force.-Active attack Attempting to gather information without affecting the flow of information on the network.-Passive Attack Sniffing network packets or performing a port scan.-Passive Attack
Drag the network attack technique on the left to the appropriate description or example on the right. (Each technique may be used once, more than once, or not at all.)
Technical
Encryption is which type of access control?
Privacy
HIPAA is a set of federal regulations that define security guidelines. What do HIPAA guidelines protect?
Any time a production system is altered.
How often should change-control management be implemented?
Personally identifiable information (PII)
If you lose your wallet or purse and it ends up in the wrong hands, several pieces of information could be used to do personal harm to you. These pieces of information include the following: Name and address Driver license number Credit card numbers Date of birth Which of the following classifications does this information fall into?
Destruction
In a high-security environment, which of the following is the most important concern when removable media is no longer needed?
Inherent vulnerabilities
In healthcare, regulations often dictate that important systems remain unpatched to maintain compliance. Which kind of vulnerability does this introduce?
Specifies exactly which services are to be performed by the third party-SLA Creates an agreement with a vendor to provide services on an ongoing basis-BPO Summarizes which party is responsible for performing specific tasks-MOU Documents how data is to be shared-ISA Defines how disputes are managed-SLA Specifies a preset discounted pricing structure-BPO
Match each interoperability agreement document on the left with the appropriate description on the right. Each document may be used once, more than once, or not at all.
Preventive
Separation of duties is an example of which type of access control?
User education Employee onboarding
The Policies, Procedures, and Awareness layer of the security model includes which of the following? (Select two.)
The lowest level of classified information used by the military. Release of this information could cause damage to military efforts.-confidential If this information is released, it poses grave consequences to national security.-Top Secret This information can be accessed by the public and poses no security threat.-Unclassified If this information is disclosed, it could cause some harm, but not a national disaster.-Sensitive But Unclassified If this information is disclosed, it could cause severe and permanent damage to military actions.-Secret
The government and military use the following information classification system: Unclassified Sensitive But Unclassified Confidential Secret Top Secret Drag each classification on the left to the appropriate description on the right.
Replaces actual data with a randomly generated alphanumeric character set Protects data on its server with authentication and authorization protocols
Tokenization is another effective tool in data loss prevention. Tokenization does which of the following? (Select two.)
A guarantee of a specific level of service.
What is a service level agreement (SLA)?
Annualized rate of occurrence
What is the average number of times that a specific risk is likely to be realized in a single year?
Prevent conflicts of interest
What is the primary purpose of separation of duties?
Quantitative
When analyzing assets, which analysis method assigns financial values to assets?
Through historical data provided by insurance companies and crime statistics.
When conducting a risk assessment, how is the annualized rate of occurrence (ARO) calculated?
Mission-critical services
When recovering from a disaster, which services should you stabilize first?
Just before its MTBF is reached
When should a hardware device be replaced in order to minimize downtime?
Password policies Clean desk policies
When training your employees on how to identify various attacks, which of the following policies should you be sure to have and enforce? (Select two.)
Disable his or her network access
When you inform an employee that he or she is being terminated, which of the following is the most important activity?
Masking
Which DLP method works by replacing sensitive data with realistic fictional data?
27002
Which ISO publication lays out guidelines for selecting and implementing security controls?
II
Which SOC type reports focus on predetermined controls that are audited and a detailed report that attests to a company's compliance?
Corrective
Which access control type is used to implement short-term repairs to restore basic functionality following an attack?
Partial control solution that is implemented when a control cannot fully meet a requirement.
Which of the following BEST describes compensating controls?
It can be used to control which users can see the actual data. It replaces original information with a mask that mimics the original in form and function.
Which of the following BEST describes dynamic data masking? (Select two.)
Operational Managerial Technical
Which of the following are control categories? (Select three.)
The total monetary loss associated with a single occurrence of a threat.
Which of the following best defines single loss expectancy (SLE)?
An agreement that identifies employees' rights to use company property, such as internet access and computer equipment, for personal use.
Which of the following defines an acceptable use agreement?
CSA
Which of the following frameworks introduced the first cloud-centric individual certification?
HIPAA
Which of the following government acts protects medical records and personal health information?
SOX
Which of the following is a government audit by the SEC that relates to internal controls and focuses on IT security, access controls, data backup, change management, and physical security?
Acceptable use policy (AUP)
Which of the following is a policy that defines appropriate and inappropriate usage of company resources, assets, and communications?
A user accidentally deletes the new product designs. Correct Answer:
Which of the following is an example of an internal threat?
Service level agreement
Which of the following is defined as a contract that prescribes the technical support or business parameters a provider bestows to its client?
Wanda has been given access to the files that she needs for her job.
Which of the following is the BEST example of the principle of least privilege?
Prevent unmanaged change
Which of the following is the primary purpose of change control?
COPPA
Which of the following laws was designed to protect a child's information on the internet?
NIST
Which of the following security frameworks is used by the federal government and all its departments, including the Department of Defense?
PCI DSS
Which of the following standards relates to the use of credit cards?
Recovery time objective (RTO)
Which of the following terms describes the actual time required to successfully recover operations in the event of an incident?
Usage audit
Which of the following types of auditing verifies that systems are utilized appropriately and in accordance with written organizational policies?
Only open emails if you recognize the sender.
Which of the following would you do to help protect against phishing?
Physical access control
Which security control, if not applied, can allow an attacker to bypass other security controls?
Separation of duties
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?
Deterrent
Which type of control is used to discourage malicious actors from attempting to breach a network?
Managerial
Which type of control makes use of policies, DPRs, and BCPs?
SOC Type III
Which type of report is used for marketing and letting future partners know that compliance has been met?
Job rotation
You are concerned that the accountant in your organization might have the chance to modify financial information and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which security principle are you implementing by periodically shifting accounting responsibilities?
Principle of least privilege
You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with?
Accept the risk or find another countermeasure.
You have conducted a risk analysis to protect a key company asset. You identify the following values: Asset value = 400 Exposure factor = 75 Annualized rate of occurrence (ARO) = .25 Countermeasure A has a cost of 320 and protects the asset for four years. Countermeasure B has an annual cost of 85. An insurance policy to protect the asset has an annual premium of 90. What should you do?
75
You have conducted a risk analysis to protect a key company asset. You identify the following values: Asset value = 400 Exposure factor = 75 Annualized rate of occurrence = .25 What is the annualized loss expectancy (ALE)?
300
You have conducted a risk analysis to protect a key company asset. You identify the following values: Asset value = 400 Exposure factor = 75 Annualized rate of occurrence = .25 What is the single loss expectancy (SLE)?
Change management
You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device?
Explicit allow, implicit deny
You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control should the access list use?
Separation of duties
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principle should you implement to accomplish this goal?
Residual risk
Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called?
Ensure that the integration process maintains the security of each organization's network Correct Answer:
Your company is preparing to enter into a partner relationship with another organization. It will be necessary for the information systems used by each organization to connect and integrate with each other. Which of the following is of primary importance as you take steps to enter into this partner relationship?
Implement an AUP that specifies where and when mobile devices can be possessed within the organization.
Your organization allows employees to bring their own devices into work, but management is concerned that a malicious internal user could use a mobile device to conduct an insider attack. Which of the following should be implemented to help mitigate this threat?
Verify compliance with the IA documents Conduct periodic vulnerability assessments
Your organization entered into an interoperability agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain. The partnership has been in the ongoing operations phase for almost nine months now. As a security administrator, which tasks should you complete during this phase? (Select two.)
IP theft
Your organization has discovered that an overseas company has reverse-engineered and copied your main product and is now selling a counterfeit version. Which of the following BEST describes the type of consequence your organization has suffered?
User education and training
Your organization has started receiving phishing emails. You suspect that an attacker is attempting to find an employee workstation they can compromise. You know that a workstation can be used as a pivot point to gain access to more sensitive systems. Which of the following is the MOST important aspect of maintaining network security against this type of attack?
Reputation damage
Your organization has suffered a data breach, and it was made public. As a result, stock prices have fallen, as consumers no longer trust the organization. Which of the following BEST describes the type of consequence your organization has suffered due to the breach?
Dynamic
Your organization is having a third party come in and perform an audit on the financial records. You want to ensure that the auditor has access to the data they need while keeping the customers' data secure. To accomplish this goal, you plan to implement a mask that replaces the client names and account numbers with fictional data. Which masking method are you implementing?
An advanced network appliance
which of the following is an example of a preventative control type?
