Security+ Practice Test 25
Which of the following answers can be used to describe the category of managerial security controls? (Select 3 answers) -Also known as administrative controls -Sometimes referred to as logical security controls -Focused on managing risk -Executed by computer systems (instead of people) -Documented in written policies -Focused on the day-to-day procedures of an organization
-Also known as administrative controls -Focused on managing risk -Documented in written policies
Which of the following answers refer to compensating security controls? (Select all that apply) -Backup power system -Sandboxing -Temporary port blocking -Fire suppression system -Security audits -Temporary service disablement
-Backup power system -Sandboxing -Temporary port blocking -Temporary service disablement
Which of the following examples fall into the category of operational security controls? (Select 3 answers) -Configuration management -Data backups -Authentication protocols -Awareness programs -Vulnerability assessments
-Configuration management -Data backups -Awareness programs
Which of the answers listed below refer to examples of technical security controls? (Select 3 answers) -Security audits -Encryption protocols -Organizational security policy -Configuration management -Firewall ACLs -Authentication protocols
-Encryption protocols -Firewall ACLs -Authentication protocols
Which of the following answers can be used to describe the category of operational security controls (Select 3 answers) -Also known as administrative controls -Focused on the day-to-day procedures of an organization -Executed by computer systems (instead of people) -Used to ensure that the equipment continues to work as specified -Focused on managing risk -Primarily implemented and executed by people (as opposed to systems)
-Focused on the day-to-day procedures of an organization -Used to ensure that the equipment continues to work as specified -Primarily implemented and executed by people (as opposed to systems)
Which of the following can be used to validate the origin (provenance) of digital evidence? (Select 2 answers) -Hashing -Tokenization -Salting -Metadata examination -Checksums
-Hashing -Checksums
Which of the following examples do not fall into the category of physical security controls? (Select 3 answers) -Lighting -Warning signs -Sensors -IDS/IPS -Security cameras -Alarms -Encryption protocols -Fences/bollards/barricades -Security guards -Firewall ACLs -Access control vestibules -Door locks/ cable locks
-IDS/IPS -Encryption protocols -Firewall ACLs
Which of the answers listed below refer to examples of corrective security controls? (Select all that apply) -IPS -Security guards -Backups and system recovery -Log monitoring -Alternate site -Fire suppression system
-IPS -Backups and system recovery -Alternate site -Fire suppression system
Which of the following answers refers to a family of standards providing principles and guidelines for risk management? -ISO/EIC 27001 -ISO/EIC 27002 -ISO/EIC 27701 -ISO/EIC 31000
-ISO/EIC 31000
Which of the following answers refer to examples of detective security controls (Select all that apply) -Lighting -Log monitoring -Sandboxing -Security audits -CCTV -IDS
-Log monitoring -Security audits -CCTV -IDS
Which of the following examples fall into the category of managerial security controls? (Select 3 answers) -Configuration management -Data backups -Organizational security policy -Risk assessments -Vulnerability assessments
-Organizational security policy -Risk assessments -Vulnerability assessments
What are the examples of preventive security controls? (Select 3 answers) -Security guards -Fire suppression system -System hardening -Login banners -CCTV -Separation of duties
-Security guards -System hardening -Separation of duties
Which of the following answers can be used to describe the category of technical security controls (Select 3 answers) -Focused on managing risk -Sometimes called logical security controls -Executed by computer systems (instead of people) -Also known as administrative controls -Implemented with technology -Primarily implemented and executed by people (as opposed to systems)
-Sometimes called logical security controls -Executed by computer systems (instead of people) -Implemented with technology
Examples of deterrent security controls include: (Select 3 answers) -Security audits -Warning signs -Authentication protocols -System hardening -Lighting -Login banners
-Warning signs -Lighting -Login banners
Which of the following answers refers to a nonprofit organization focused on developing globally-recognized best practices for securing IT systems and data against cyberattacks? -CIS -RMF -CSA -SSAE
CIS (Center for Internet Security)
Which of the following answers refers to a NIST's voluntary framework outlining best practices for computer security? -CSF -SSAE -CIS -RMF
CSF (Cyber Security Framework)
The purpose of PCI DSS is to provide protection for: -Credit cardholder data -Licensed software -User passwords -Personal health information (PHI)
Credit cardholder data
The process of searching, collecting, and securing electronic data with the intent of using it in a legal proceeding or investigation is known as: -OSINT -E-discovery -White-hat hacking -Active reconnaissance
E-discovery
The term "Non-repudiation" describes the inability to deny responsibility for performing a specific action. In the context of data security, non-repudiation ensures data confidentiality, provides the proof of data integrity, and proof of data origin. -True -False
False
Which of the following regulates personal data privacy of the European Union (EU) citizens? -PHI -HIPAA -PCI DSS -GDPR
GDPR
An ISO/IEC standard defining requirements for information security management systems is known as: -ISO/EIC 27001 -ISO/EIC 27002 -ISO/EIC 27701 -ISO/EIC 31000
ISO/EIC 27001
Which of the following answers refers to an ISO/IEC standard providing code of practice for information security controls? -ISO/EIC 27001 -ISO/EIC 27002 -ISO/EIC 27701 -ISO/EIC 31000
ISO/EIC 27002
An extension to the ISO/IEC 27001 standard that focuses on privacy data management is called: -ISO/EIC 27001 -ISO/EIC 27002 -ISO/EIC 27701 -ISO/EIC 31000
ISO/EIC 27701
A mandatory IT security and risk management framework for U.S. federal government developed by NIST is known as: -SSAE -CSF -RMF -CSA
RMF (Risk Management Framework)
The term "Forensic artifact" is used to describe an unintentional trace of an attacker activity that can be identified on a host or network. Forensic artifacts include information that can be extracted from (among other sources) registry keys (applies to MS Windows), event logs, timestamps, web browser search history, or files left in the system trash folder. -True -False
True
