Domain 5: Security Operations
How long does it take to crack a 10-number password using software with cryptographic calculation?
5 seconds
What does the term "whaling attacks" refer to in the context of phishing?
Attacks against highly placed officials or individuals with sizable assets
What is something which every security policy should have?
Consequences for non-compliance
Which of the following is the life cycle of data handling?
Create, store, use, share, archive, destroy
Which of the following can be used to map data flows through an organization and the relevant security controls used at each point along the way?
Data life cycle
Which type of organization is likely to have a stricter acceptable use policy according to the passage?
Healthcare facility, research institution, or defense contractor
Who is often tasked with coordinating the change management effort?
Information Security professionals
How does hashing respond to minor changes in the input, such as misspellings or changes in letter case?
It generates a different hash digest for each input
Why is asymmetric encryption considered more secure?
It involves a unique code for the sender and receiver
What is the most important aspect of security awareness/training?
Protecting health and human safety
What is the first step in the change management process?
Request for Change (RFC)
What is meant by the term rollback?
Restoring the system to its previous state before a change
What is the role of security engineers in data security?
Security engineers figure out who is trying to log in and assess security codes
What do integrity services, provided by hash functions and digital signatures, allow a recipient to verify?
That a message has not been altered by malice or error
What is the purpose of security awareness training?
To align information security goals with the organization's mission and vision
What is the primary purpose of storing passwords as hash values or digests?
To check if a password matches without revealing the password itself
