1) What is the CIA triad?
Confidentiality, Integrity, and Availability
Confidentiality, Integrity, and Awesomeness
Confidentiality, Inaudible, and Availability
Capacity, Integrity, and Availability
2) If speed is preferred over resilience, which of the following RAID configurations is best?
Raid 1
Raid 10
Raid 5
Raid 0
3) Single loss expectancy (SLE) is calculated by using?
Asset value and annualized rate of occurrence (ARO)
Asset value, local annual frequency estimate (LAFE), and standard annual frequency estimate (SAFE)
Asset value and exposure factor
Local annual frequency estimate and annualized rate of occurrence
4) Which one is the most common security threat with IoT devices?
Logical Network Segmentation
Lack of device management
Lack of system updates against a new vulnerability
Backdoor
5) A SOC Type 2 report commonly covers what?
9-month period
12-month period
18-month period
Minimum of 6-month period
6) What is the process of making digital data unreadable to unauthorized users?
VPN
Encryption
FTP
Deserialization
7) The process used in most block ciphers to increase their strength is what?
Step function
Diffusion
SP-network
Confusion
8) A disadvantage of single sign-on is?
Consistent time-out enforcement across platforms
A compromised password exposes all authorized resources
Use of multiple passwords to remember
Password change control
9) Business impact analysis is performed to best identify what?
Exposure to loss the organization faces
Impacts of a threat to the organization operations
Cost-effcient way to eliminate threats
Impacts of a risk to the organization
10) Which of the following is not true about continuous monitoring?
It involves ad hoc processes that provide agility in responding to novel attacks
Its main goal is to support organizational risk management
It helps determine whether security controls remain effective
It relies on carefully chosen metrics and measurements
11) Triage encompasses which of the following incident response sub-phases?
Collection, transport, testimony
Traceback, feedback, loopback
Detection, identification, notification
Confidentiality, integrity, availability
12) Formal acceptance of an evaluated system by management is known as what?
Authorization
Verification
Certification
Validation
13) Tactical security plans are best used to do what?
Deploy new security technology
Enable enterprise security management
Establish high-level security policies
Reduce downtime
14) Which of the following is a security risk of wireless LANs?
War driving
Demonstrable insecure standards
Lack of physical access control
Implementation weakness
15) Which of the following is not addressed by the data retention policy?
What data to keep
For whom data is kept
How long data is kept
Where data is kept
16) A way to defeat frequency analysis as a method to determine the key is to use what?
Inversion ciphers
Transposition ciphers
Substitution ciphers
Confusion
17) When receiving an email from an unknown contact that has an attachment, you should:
Open the attachment and view the contents
Delete the email
Report the email as Phishing
Forward to your personal email
18) Which of the following best determines access of an individual?
Role
Clearance
Partnership with security team
Job rank or title
19) Which item is not part of a Kerberos authentication implementation?
Message authentication code
Ticket granting service
Authentication service
Users, programs, and services
20) When sensitive information is no longer critical but still within the scope of a record retention policy , that information is BEST?
Destroyed
Re-categorized
Degaussed
Released