(ISC)2 Practice Exam 3

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

What is meant by non-repudiation? (D1, L1.1.1)

If a user does something, they can't later claim that they didn't do it.

Which of the following tools can be used to grant remote users access to the internal IT environment? (D4.3 L4.3.3)

VPN (virtual private network)

Is it possible to avoid risk? (D1, L1.2.1)

Yes

Which of the following is a subject? (D3, L3.1.1)

a user

A security solution that detects, identifies and often quarantines potentially hostile software. (D4.2 L4.2.3)

anti-malware

Which of the following is always true about logging? (D5.1.3, L5.1.3)

logs should be stored separately from the systems they're logging

A cloud arrangement whereby the provider owns and manages the hardware, operating system, and applications in the cloud, and the customer owns the data. (D4.3 L4.3.2)

platform as a service (PaaS)

Guillermo is the system administrator for a midsized retail organization. Guillermo has been tasked with writing a document that describes, step-by-step, how to securely install the operating system on a new laptop. This document is an example of a ________. (D1, L1.4.1)

procedure

What is the most important aspect of security awareness/training? (D5.4, L5.4.1)

protecting health and human safety

Sinka is considering a physical deterrent control to dissuade unauthorized people from entering the organization's property. Which of the following would serve this purpose? (D3, L3.2.1)

razor tape

Common network device used to connect networks. (D4.1 L4.1.1)

router

Why is an asset inventory so important? (D5.2.1, L5.2.1)

you can't protect what you don't know you have

Which port number is associated with the protocol typically used in this connection? (D4.1 L4.1.2)

80

The concept of "secrecy" is most related to which foundational aspect of security? (D1, L1.1.1)

Confidentiality

Which of the following is NOT one of the four typical ways of managing risk? (D1, L1.2.1)

Conflate

True or False? The IT department is responsible for creating the organization's business continuity plan. (D2, L2.2.1)

False

The common term used to describe the mechanisms that control the temperature and humidity in a data center. (D4.3 L4.3.1)

HVAC (heating, ventilation and air conditioning)

A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of a: (D1, L1.3.1)

Management/Administrative control

While taking the certification exam for this certification, you notice another candidate for the certification cheating. What should you do? (D1, L1.5.1)

Report the candidate to (ISC)2.

Which is a physical control that prevents "piggybacking" or "tailgating"; that is, an unauthorized person following an authorized person into a controlled area? (D3, L3.2.1)

Turnstile

Siobhan is deciding whether to make a purchase online; the vendor wants Siobhan to create a new user account, and is requesting Siobhan's full name, home address, credit card number, phone number, email address, the ability to send marketing messages to Siobhan, and permission to share this data with other vendors. Siobhan decides that the item for sale is not worth the value of Siobhan's personal information, and decides to not make the purchase. What kind of risk management approach did Siobhan make? (D1, L1.2.2)

avoidance

Which of these components is very likely to be instrumental to any disaster recovery (DR) effort? (D2, L2.3.1)

backups

A set of security controls or system settings used to ensure uniformity of configuration throughout the IT environment. (D5.2.1, L5.2.1)

baseline

The Business Continuity effort for an organization is a way to ensure critical ______ functions are maintained during a disaster, emergency, or interruption to the production environment. (D2, L 2.2.1)

business

Which of the following is often associated with DR planning? (D2, L 2.3.1)

checklists

Lakshmi presents a userid and a password to a system in order to log on. Which of the following characteristics must the password have? (D3, L3.3.1)

confidential

Which of the following is very likely to be used in a disaster recovery (DR) effort? (D2, L 2.3.1)

data backups

Which of the following can be used to map data flows through an organization and the relevant security controls used at each point along the way? (D5.1, L5.1)

data life cycle

A portion of the organization's network that interfaces directly with the outside world; typically, this exposed area has more security controls and restrictions than the rest of the internal IT environment. (D4.3 L4.3.3)

demilitarized zone (DMZ)

An attack against the availability of a network/system; typically uses many attacking machines to direct traffic against a given target. (D4.2 L4.2.1)

distributed-denial-of-service (DDOS)

Which of these activities is often associated with DR efforts? (D2, L2.3.1)

employees returning to the primary production location

You are working in your organization's security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. This is an example of a(n)_______. (D2, L2.1.1)

event

A common network device used to filter traffic. (D4.1 L4.1.1)

firewall

Which of these combinations of physical security controls share a single point of failure? (D3, L3.2.1)

high-illumination lighting and cameras

A security solution installed on an endpoint in order to detect potentially anomalous activity. (D4.2 L4.2.2)

host-based intrusion prevention system

You are working in your organization's security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. After a brief investigation, you determine that the user's account has been compromised. This is an example of a(n)_______. (D2, L2.1.1)

incident detection

An external entity has tried to gain access to your organization's IT environment without proper authorization. This is an example of a(n) _________. (D2, L2.1.1)

intrusion

A ready visual cue to let anyone in contact with the data know what the classification is. (D5.1.1, L5.1.1)

label

Lia works in the security office. During research, Lia learns that a configuration change could better protect the organization's IT environment. Lia makes a proposal for this change, but the change cannot be implemented until it is approved, tested, and then cleared for deployment by the Change Control Board. This is an example of __________. (D3, L3.1.1)

segregation of duties

Who is responsible for publishing and signing the organization's policies? (D5.3.1, L5.3.1)

senior management

Derrick logs on to a system in order to read a file. In this example, Derrick is the ______. (D3, L3.3.1)

subject

A mode of encryption for ensuring confidentiality efficiently, with a minimum amount of processing overhead (D5.1.2, L5.1.2)

symmetric

Which organizational policy is most likely to indicate which types of smartphones can be used to connect to the internal IT environment? (D5.3, L5.3.1)

the BYOD policy (bring your own device)

Lankesh is the security administrator for a small food-distribution company. A new law is published by the country in which Lankesh's company operates; the law conflicts with the company's policies. Which governance element should Lankesh's company follow? (D1, L1.4.2)

the law

Which entity is most likely to be tasked with monitoring and enforcing security policy? (D5.3, L5.3.1)

the security office

Kristal is the security administrator for a large online service provider. Kristal learns that the company is harvesting personal data of its customers and sharing the data with local governments where the company operates, without the knowledge of the users, to allow the governments to persecute users on the basis of their political and philosophical beliefs. The published user agreement states that the company will not share personal user data with any entities without the users' explicit permission. According to the (ISC)2 Code of Ethics, to whom does Kristal ultimately owe a duty in this situation? (D1, L1.5.1)

the users

Clyde is the security analyst tasked with finding an appropriate physical control to reduce the possibility that unbadged people will follow badged employees through the entrance of the organization's facility. Which of the following can address this risk? (D3, L3.2.1)

turnstiles

Duncan and Mira both work in the data center at Triffid, Inc. There is a policy in place that requires both of them to be present in the data center at the same time; if one of them has to leave for any reason, the other has to step out, too, until they can both re-enter. This is called ________. (D3, L3.1.1)

two-person integrity

Lakshmi presents a userid and a password to a system in order to log on. Which of the following characteristics must the userid have? (D3, L3.3.1)

unique

When responding to a security incident, your team determines that the vulnerability that was exploited was not widely known to the security community, and that there are no currently known definitions/listings in common vulnerability databases or collections. This vulnerability and exploit might be called ______.

zero-day


Set pelajaran terkait

Chapter 49 - Listening Guide Quiz 41: Debussy: Prelude to "The Afternoon of a Faun"

View Set

Chapter 4 - Entity Relationship (ER) Modeling

View Set

FP512 Insurance, Risk Management, Employee Benefits

View Set