Play it Safe: Manage Security Risks quiz- Week 1 & 2

What is vulnerability? A weakness that can be exploited by a threat. Any circumstance or even that can negatively impact assets. An organization's ability to manage it's defense of critical assets and data and react to change. Anything that can impact the confidentiality, integrity, or availability of an asset.

A weakness that can be exploited by a threat

A security analyst works on a project design to reduce the risk of vishing. They develop a plan to protect their organization from attackers who could exploit biometrics. Which type of security control does this scenario describe? Authentication Classification Ciphertext Encryption

Authentication

You work as a security analyst at a bank and need to ensure that customers can access their account information. Which core principle of the CIA triad are you using to confirm their data is accessible to them? Confidentiality Accuracy Integrity Availability

Availability

A person's fingerprint, eye or palm scan are examples of what? Codes Passwords Statistics Biometrics

Biometrics

What is the purpose of a security framework?

Build plans to help mitigate risks and threats to data and privacy.

What is the purpose of a security framework? Create security controls to protect marketing companies. Establish policies to expand business campaigns Build plans to help mitigate risks and threats to data and privacy. Develop procedures to help identify productivity goals.

Build plans to help mitigate risks and threats to data and privacy.

How does business continuity enable an organization to maintain everyday productivity? By exploiting vulnerabilities. By establishing risk disaster recovery plans. By outlining faults to business policies. By ensuring return on investment.

By establishing risk disaster recovery plans

How does security control testing enable companies to identify new and better ways to mitigate threats? Select two answers. By granting employee access to physical spaces. By revising project milestones. By evaluating whether the current controls help achieve goals. By examining organizational goals and objectives.

By evaluating whether the current controls help achieve goals. By examining organizational goals and objectives.

Which of the following statements accurately describe the CSF? Select all that apply. A) The identify function of the CSF involves returning affected systems back to normal operation. B) The detect function of the CSF involves improving monitoring capabilities to increase the speed and efficiency of detections. C) Restoring affected files or data is part of the recover function of the CSF. D) The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

C and D

What is the focus of the security and risk management domain?

Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations.

TRUE or FALSE: Competitor organizations are the biggest threat to a company's security.

False

A business experiences an attack. As a result, it's critical business operations are interrupted and it faces regulatory fines. What type of consequences does this scenario describe? Reputation Financial Practical Identity

Financial

Which of the following characteristics are examples of biometrics? Select all that apply. Fingerprint Password Palm scan Eye scan

Fingerprint, palm scan, and eye scan

Which of the following examples are key focus area of the security and risk management domain? Select three answers. Store data properly. Follow legal regulations. Maintain business continuity. Mitigate risk.

Follow legal regulations. Maintain business continuity. Mitigate risk.

A security analyst researches ways to improve access authorization at their business. Their primary goal is to keep data secure. Which security domain does this scenario describe?

Identity and access management

The ____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.

Identity and access management

What are the key impacts of threats, risks, and vulnerabilities? Select three answers. Employee retention Identity theft. Financial damage. Damage to reputation.

Identity theft. Financial damage. Damage to reputation.

Which of the following statements accurately describe risk? Select all that apply. If compromised, a high-risk asses is unlikely to cause financial damage. Website content or published research data are examples of low-risk assets. If compromised, a medium-risk asset may cause some damage to an organization's finances. Organizations often rate risks at different levels: low, medium, and high.

If compromised, a medium-risk asset may cause some damage to an organization's finances. Organizations often rate risks at different levels: low, medium, and high.

In the Risk Management Framework (RMF), which step involves having effective security and privacy plans in place in order to minimize the impact of ongoing risk? Categorize Authorize Implement Prepare

Implement

__________ are the biggest threat to a company's security. This is why educating employees about security challenges is essential for minimizing the possibility of a breach.

People

In which domain would a security professional conduct security testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities?

Security assessment and aesting.

The _______ domain concerns conducting investigations and implementing preventative measures.

Security operations.

What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?

Shared responsability

How do security frameworks enable security to help mitigate risk? They are used to establish guidelines for building security plans. They are used to refine elements of a core security model known as the CIA triad. They are used to create unique physical characteristics to verify a person's identity. They are used to establish laws that reduce a specific security risk.

They are used to establish guidelines for building security plans.

TRUE OR FALSE: Phishing exploits human error to acquire sensitive data and private information.

True

An employee using multi-factor authentication to verify their identity is an example of the _____________ process. encryption authentication confidentiality integrity

authentication

This describes __________, which is the process of implementing controls to verify who someone or something is before granting access to specific resources within a system.

authentication

You work as a security analyst at a bank and need to ensure that customers can access their account information. Which core principal of the CIA triad are you using to confirm their data is accessible to them? Confidentiality Integrity Accuracy Availability

availability

The steps in the Risk Management Framework (RMF) are prepare, __________, select, implement, assess, authorize, and monitor. reflect. categorize. communicate. produce.

categorize.

Security posture refers to an organization's ability to react to ____________ and manage it's defense of critical assets and data. sustainability tasks change competition

change

Information protected by regulations or laws is a ___________. If it is compromised, there is likely to be a severe negative impact on an organization's finances, operations, or reputation. high-risk asset. new-risk asset. low-risk asset. medium-risk asset.

high-risk asset.

The software development ___________ process may involve performing secure code reviews during the development and testing phases of software design.

lifecycle

Security controls are safeguards designed to reduce ___________ security risks. general public broadscale specific

specific