cyber security pre-assessment
Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to log in for Doug, using Trina's credentials, so that Doug can get some work done. What is the problem with this? (D3, L3.3.1)
Anything either of them do will be attributed to Trina
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? (D1, L1.5.1)
Inform Triffid management
Which common cloud service model offers the customer the most control of the cloud environment? (D4.3 L4.3.2)
Infrastructure as a service (IaaS)
Chad is a security practitioner tasked with ensuring that the information on the organization's public website is not changed by anyone outside the organization. This task is an example of ensuring _________. (D1, L1.1.1)
Integrity
Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina's selection and determine whether to approve the purchase. This is a description of: (D3, L3.1.1)
Segregation of duties
Which common cloud deployment model typically features only a single customer's data/functionality stored on specific systems/hardware? (D4.3 L4.3.2)
Private
A vendor sells a particular operating system (OS). In order to deploy the OS securely on different platforms, the vendor publishes several sets of instructions on how to install it, depending on which platform the customer is using. This is an example of a ________. (D1, L1.4.2)
Procedure
The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a _________. (D1, L1.4.1)
Procedure
What is the goal of an incident response effort? (D2, L2.1.1)
Reduce the impact of incidents on operations
To adequately ensure availability for a data center, it is best to plan for both resilience and _______ of the elements in the facility. (D4.3 L4.3.1)
Redundancy
Data _____ is data left behind on systems/media after normal deletion procedures have been attempted. (D5.1, L5.1.1)
Remanence
Which of the following is not an appropriate control to add to privileged accounts? (D3, L3.1.1)
Security deposit
Who approves the incident response policy? (D2, L2.1.1)
Senior management
Proper alignment of security policy and business goals within the organization is important because: (D5.3, L5.3.1)
Security policy that conflicts with business goals can inhibit productivity
Which of the following is one of the common ways potential attacks are often identified? (D4.2 L4.2.2)
Users report unusual systems activity/response to Help Desk or the security office
Which type of fire-suppression system is typically the safest for humans? (D4.3 L4.3.1)
water
A tool that monitors local devices to reduce potential threats from hostile software. (D4.2 L4.2.3)
Anti-malware
Archiving is typically done when _________. (D5.1, L5.1.1)
Data is not needed for regular work purposes
When data has reached the end of the retention period, it should be _____. (D5.1, L5.1.1)
Destroyed
A human guard monitoring a hidden camera could be considered a ______ control. (D3, L3.2.1)
Detective
If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need? (D5.1, L5.1.2)
4
Carol is browsing the Web. Which of the following ports is she probably using? (D4, L4.1.2)
80
Which of the following is a biometric access control mechanism? (D3, L3.2.1)
A door locked by a voiceprint identifier
Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the following except: (D3, L3.2.1)
A fence
Which of the following probably poses the most risk? (D1, L1.2.1)
A high-likelihood, high-impact event
By far, the most crucial element of any security instruction program. (D5.4, L5.4.1)
Preserve health and human safety
Of the following, which would probably not be considered a threat? (D1, L1.2.1)
A laptop with sensitive data on it
Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel. This is an example of _________. (D1, L1.2.2)
Acceptance
Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1)
Administrative
Which of the following is likely to be included in the business continuity plan? (D2, L2.2.1)
Alternate work areas for personnel affected by a natural disaster
Which of these is the most important reason to conduct security instruction for all employees. (D5.4, L5.4.1)
An informed user is a more secure user
At Parvi's place of work, the perimeter of the property is surrounded by a fence; there is a gate with a guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the hallways. Sensitive data and media are kept in safes when not in use. (D3, L3.1.1) This is an example of:
Defense in depth
One of the benefits of computer-based training (CBT): (D5.4, L5.4.1)
Scalable
The concept that the deployment of multiple types of controls provides better security than using a single type of control. (D4.3 L4.3.3)
Defense in depth
"Wiring _____" is a common term meaning "a place where wires/conduits are often run, and equipment can be placed, in order to facilitate the use of local networks." (D4.3 L4.3.1)
Closet
A tool that inspects outbound traffic to reduce potential threats. (D4.2 L4.2.3)
DLP (data loss prevention)
Bruce is the branch manager of a bank. Bruce wants to determine which personnel at the branch can get access to systems, and under which conditions they can get access. Which access control methodology would allow Bruce to make this determination? (D3, L3.3.1)
DAC (discretionary access control)
Hoshi is an (ISC)2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do? (D1, L1.5.1)
Disclose the relationship, but recommend the vendor/product
Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. Which security concept is being applied in this situation? (D3, L3.1.1)
Dual control
Which of the following is probably the main purpose of configuration management? (D5.2, L5.2.1)
Ensuring only authorized modifications are made to the IT environment
All of the following are important ways to practice an organization disaster recovery (DR) effort; which one is the most important? (D2, L2.3.1)
Facility evacuation drills
True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs.
False
A tool that filters inbound traffic to reduce potential threats. (D4.2 L4.2.3)
Firewall
Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk? (D4.2 L4.2.2)
Firewall
Network traffic originating from outside the organization might be admitted to the internal IT environment or blocked at the perimeter by a ________. (D3, L3.2.1)
Firewall
Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why? (D3, L3.3.1)
Gary's actions look like an attack
Triffid, Inc., has many remote workers who use their own IT devices to process Triffid's information. The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize and identify potential security issues. Which of the following is probably most appropriate for this specific purpose? (D4.2 L4.2.2)
HIDS (host-based intrusion-detection systems)
The common term for systems that ensure proper temperature and humidity in the data center. (D4.3 L4.3.1)
HVAC
Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit. What technique/tool could Dieter use to assist in this effort? (D5.1, L5.1.3)
Hashing
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do? (D1, L1.5.1)
Inform (ISC)²
All of the following are typically perceived as drawbacks to biometric systems, except: (D3, L3.2.1)
Lack of accuracy
Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________. (D1, L1.4.2)
Law, procedure
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachis logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. Which security concept is being applied in this situation? (D3, L3.1.1)
Least privilege
A VLAN is a _____ method of segmenting networks. (D4.3 L4.3.3)
Logical
For which of the following systems would the security concept of availability probably be most important? (D1, L1.1.1)
Medical systems that monitor patient condition in an intensive care unit
Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the best way to counter this threat would be to purchase and implement a particular security solution. This is an example of _______. (D1, L1.2.2)
Mitigation
Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's machine and Linda's machine and can then surveil the traffic between the two when they're communicating. What kind of attack is this? (D4.2 L4.2.1)
On-path
The Triffid Corporation publishes a strategic overview of the company's intent to secure all the data the company possesses. This document is signed by Triffid senior management. What kind of document is this? (D1, L1.4.1)
Policy
The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company's commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security. The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2)
Policy, standard
Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________. (D1, L1.2.2)
Risk tolerance
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select? (D3, L3.3.1)
Role-based access controls (RBAC)
Barry wants to upload a series of files to a web-based storage service, so that people Barry has granted authorization can retrieve these files. Which of the following would be Barry's preferred communication protocol if he wanted this activity to be efficient and secure? (D4, L4.1.2)
SFTP (Secure File Transfer Protocol)
The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers' personal data. This set of rules is a _____. (D1, L1.4.2)
Standard
Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? (D1, L1.5.1)
Stop participating in the group
A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. (D1, L1.3.1)
Technical
When Pritha started working for Triffid, Inc., Pritha had to sign a policy that described how Pritha would be allowed to use Triffid's IT equipment. What policy was this? (D5.3, L5.3.1)
The acceptable use policy (AUP)
What is the risk associated with resuming full normal operations too soon after a DR effort? (D2, L2.3.1)
The danger posed by the disaster might still be present
What is the risk associated with delaying resumption of full normal operations after a disaster? (D2, L2.3.1)
The impact of running alternate operations for extended periods
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the database? (D3, L3.1.1)
The object
The output of any given hashing algorithm is always _____. (D5.1, L5.1.3)
The same length
Guillermo logs onto a system and opens a document file. In this example, Guillermo is: (D3, L3.1.1)
The subject
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is Prachi? (D3, L3.1.1)
The subject
The organization should keep a copy of every signed Acceptable Use Policy (AUP) on file, and issue a copy to _______. (D5.3, L5.3.1)
The user who signed it
Which of the following activities is usually part of the configuration management process, but is also extremely helpful in countering potential attacks? (D4.2 L4.2.3)
Updating and patching systems
In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset. (D1, L1.2.1)
Threat
