Chapter 2 Questions

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which ISO contains controls for managing and controlling risk? 1. ISO XRS 2. ISO 31000 3. ISO 271101 4. ISO 27555

Answer: 2. ISO 31000

Which of the following are developed by established professional organizations or government agencies using the expertise of seasoned security professionals? 1. Legislation 2. White papers 3. Regulations 4. Benchmarks

Answer: 3. Regulations

Which of the following is NOT a general information source that can provide valuable in-depth information on cybersecurity? 1. Twitter 2. Conferences 3. Local industry groups 4. Vendor websites

Answer: 1. Twitter

Tuva's supervisor wants to share a recent audit outside the organization. Tuva warns him that this type of audit can only be read by those within the organization. What audit does Tuva's supervisor want to distribute? 1. SSAE SOC 2 Type II 2. SSAE SOC 2 Type III 3. SSAE SOC 3 Type IV 4. SSAE SOC 3.2 Type X

Answer: 1. SSAE SOC 2 Type II

Tilde is working on a contract with the external penetration testing consultants. She does not want any executives to receive spear-phishing emails. Which rule of engagement would cover this limitation? 1. Scope 2. Exploitation 3. Targets 4. Limitations and exclusion

Answer: 1. Scope

What are documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas? 1. Cybersecurity feeds 2. White notebooks 3. Blue papers 4. Requests for comments (RFCs)

Answer: 4. Requests for comments (RFCs)

Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo? 1. The employees could have inside knowledge of the network that would give them an advantage 2. There may be a lack of expertise 3. Employees may have a reluctance to reveal a vulnerability 4. They would have to stay overnight to perform the test

Answer: 4. They would have to stay overnight to perform the test

Which of the following is not something that a SIEM can perform? 1. User behavior analysis 2. Sentiment analysis 3. Log aggregation 4. Incident response

Answer: 4. Incident response

Which group is responsible for the Cloud Controls Matrix? 1. CSA 2. CIS 3. OSINT 4. NIST

Answer: 1. CSA

Which of the following can automate an incident response? 1. SIEM 2. SOAR 3. CVCC 4. SOSIA

Answer: 2. SOAR

Which is the final rule of engagement that would be conducted in a pen test? 1. Cleanup 2. Communication 3. Reporting 4. Exploitation

Answer: 3. Reporting

When researching how an attack recently took place, Nova discovered that the threat actor, after penetrating the system, started looking to move through the network with their elevated position. What is the name of this technique? 1. Jumping 2. Twirling 3. Squaring up 4. Lateral Movement

Answer: 4. Lateral Movement

Linnea has requested to be placed on the penetration testing team that scans for vulnerabilities to exploit them. Which team does she want to be placed on? 1. Blue Team 2. Purple team 3. White team 4. Red team

Answer: 4. Red team

Which of the following is NOT a characteristic of a penetration test? 1. Automated 2. Finds deep vulnerabilities 3. Performed occasionally 4. May use internal employees or external consultants

Answer: 1. Automated

What penetration testing level name is given to testers who have no knowledge of the network and no special privileges? 1. Black box 2. Gray box 3. White box 4. Purple box

Answer: 1. Black box

What is another name for footprinting? 1. High-level reconnaissance 2. Active reconnaissance 3. Modeling 4. Revealing

Answer: 2. Active reconnaissance

Which of the following is NOT an advantage of crowdsourced penetration testing? 1. Faster testing 2. Less expensive 3. Ability to rotate teams 4. Conducting multiple tests simultaneously

Answer: 2. Less expensive

Which premise is the foundation of threat hunting? 1. Cybercrime will only increase 2. Threat actors have already infiltrated our network 3. Attacks are becoming more difficult 4. Pivoting is more difficult to detect than ever before

Answer: 2. Threat actors have already infiltrated our network

Ebba has received a new initiative for her security team to perform an in-house penetration test. What is the first step that Ebba should undertake? 1. Approval 2. Budgeting 3. Planning 4. Documentation

Answer: 3. Planning

Which of the following is a standard for the handling of customer card information? 1. DRD STR 2. OSS XRS 3. RMR CDC 4. PCI DSS

Answer: 4. PCI DSS

Voir tous les ensembles d'études

Chapter 2 Questions

Ensembles d'études connexes

BIO 112 Chapter 23

Electronegativity of atoms

Aerospace lesson 2 chapter 2 test 2 study guide

Maternal Nursing: Chapter 21 (PrepU, End of Chapter Questions, NCLEX-Style Review Questions)

Interpersonal Communication Exam 2

leasing vs. buying a car (quiz)

Economics chapter 6 and 7

Chapter 6 Stats

OPMT 303 Chapter 16

COMM 100

8.2. The Skull

Connect HW 4: Meiosis and Crossing Over

Perfusion - Quiz 4 Pathopsyiology

alterations in immune function

IS Exam 1

FAR Part 32 - Contract Financing

WW2 In Colour Episode: 6

Classification : Biology

Chapter 10 PP

Military Customs and Courtesies (24C)