1) The elements of risk are?
Threats, assets and vulnerabilities
Risk and business impact analysis
Business impact analysis and mitigating controls
Natural disasters and man-made disasters
2) Which one is the most common security threat with IoT devices?
Logical Network Segmentation
Lack of device management
Lack of system updates against a new vulnerability
Backdoor
3) Which of the following is not true about continuous monitoring?
It involves ad hoc processes that provide agility in responding to novel attacks
Its main goal is to support organizational risk management
It helps determine whether security controls remain effective
It relies on carefully chosen metrics and measurements
4) Which of the following best determines access of an individual?
Role
Clearance
Partnership with security team
Job rank or title
5) Which item is not part of a Kerberos authentication implementation?
Message authentication code
Ticket granting service
Authentication service
Users, programs, and services
6) Formal acceptance of an evaluated system by management is known as what?
Authorization
Verification
Certification
Validation
7) When receiving an email from an unknown contact that has an attachment, you should:
Open the attachment and view the contents
Delete the email
Report the email as Phishing
Forward to your personal email
8) Who should receive business continuity plan training in an organization?
Those with specific business continuity roles
First responders
Senior executives
Everyone
9) Triage encompasses which of the following incident response sub-phases?
Collection, transport, testimony
Traceback, feedback, loopback
Detection, identification, notification
Confidentiality, integrity, availability
10) Business impact analysis is performed to best identify what?
Exposure to loss the organization faces
Impacts of a threat to the organization operations
Cost-effcient way to eliminate threats
Impacts of a risk to the organization
11) The process used in most block ciphers to increase their strength is what?
Step function
Diffusion
SP-network
Confusion
12) What is optimal placement for network based intrusion detection system (NIDS)?
External Service Provider
Network Operation Center (NOC)
Network segments with business critical systems (DMZ) and certain intranet segments
Network perimeter to alert network admins of suspicious traffic
13) What is the process of making digital data unreadable to unauthorized users?
VPN
Encryption
FTP
Deserialization
14) Many privacy laws dictate which of the following rules?
Individuals have a right to remove any data they do not want others to know
Agencies do not need to ensure that the data is accurate
Agencies need to allow all government agencies access to the data
Agencies cannot use collected data for a purpose different from what they were collected for
15) Security awareness training includes?
Legislated security compliance objectives
Security roles and responsibilities for staff
The high-level outcome of vulnerability assessments
Specialized curriculum assignments, coursework and an accredited institution
16) Before applying a software update to production systems, it is most important that
The patching is documented
The systems are backed up
Full information about the threat that the patch addresses is available
An independent third-party attests the validity of the patch
17) Technical evaluation of assurance to ensure that security requirements have been met is known as?
Accreditation
Evaluation
Validation
Verfication
18) A way to defeat frequency analysis as a method to determine the key is to use what?
Inversion ciphers
Transposition ciphers
Substitution ciphers
Confusion
19) Which of the following is a security risk of wireless LANs?
War driving
Demonstrable insecure standards
Lack of physical access control
Implementation weakness
20) What is the term for the act of secretly observing and recording someone's keystrokes on a computer?
Keystroking
Keylogging
Logkeying
Stokelogs