1) Which of the following is not addressed by the data retention policy?
What data to keep
For whom data is kept
How long data is kept
Where data is kept
2) If speed is preferred over resilience, which of the following RAID configurations is best?
Raid 1
Raid 10
Raid 5
Raid 0
3) Tactical security plans are best used to do what?
Deploy new security technology
Enable enterprise security management
Establish high-level security policies
Reduce downtime
4) Which is concerned with identifying the root cause but also addressing the underlying issue?
Change management
Incident management
Configuration management
Problem management
5) What is the CIA triad?
Confidentiality, Integrity, and Availability
Confidentiality, Integrity, and Awesomeness
Confidentiality, Inaudible, and Availability
Capacity, Integrity, and Availability
6) The key to a successful physical protection system is the integration of what?
Technology, risk assessment and human interaction
Detection, deterrence and response
Protecting, offsetting and transferring rest
People, procedures and equipment
7) Single loss expectancy (SLE) is calculated by using?
Asset value and annualized rate of occurrence (ARO)
Asset value, local annual frequency estimate (LAFE), and standard annual frequency estimate (SAFE)
Asset value and exposure factor
Local annual frequency estimate and annualized rate of occurrence
8) Security awareness training includes?
Legislated security compliance objectives
Security roles and responsibilities for staff
The high-level outcome of vulnerability assessments
Specialized curriculum assignments, coursework and an accredited institution
9) Which factor is the most important item when it comes to ensuring security is successful in an organization?
Senior management support
Effective controls and implementation methods
Updated and relevant security policies and procedures
Security awareness by all employees
10) Business impact analysis is performed to best identify what?
Exposure to loss the organization faces
Impacts of a threat to the organization operations
Cost-effcient way to eliminate threats
Impacts of a risk to the organization
11) What is the process of making digital data unreadable to unauthorized users?
VPN
Encryption
FTP
Deserialization
12) What is an advantage of RSA over DSA?
It can provide digital signature and encryption functionality
It uses fewer resources and encrypts faster because it uses symmetric keys
It is a block cipher rather than a stream cipher
It employs a one-time encryption pad
13) Which of the following is not true about continuous monitoring?
It involves ad hoc processes that provide agility in responding to novel attacks
Its main goal is to support organizational risk management
It helps determine whether security controls remain effective
It relies on carefully chosen metrics and measurements
14) A botnet can be characterized as?
An network used solely for internal communications
An automatic security alerting tool for corporate networks
A group of dispersed, compromised machines controlled remotely for illicit reasons
A type of virus
15) Which phase best defines a business disaster recovery plan?
An approved set of preparations and procedures for responding to a disaster
A set of plans for preventing a disaster
The adequate preparation and procedures for the continuation of all organization functions
A set of preparations and procedures for responding to a disaster without management approval
16) Many privacy laws dictate which of the following rules?
Individuals have a right to remove any data they do not want others to know
Agencies do not need to ensure that the data is accurate
Agencies need to allow all government agencies access to the data
Agencies cannot use collected data for a purpose different from what they were collected for
17) A disadvantage of single sign-on is?
Consistent time-out enforcement across platforms
A compromised password exposes all authorized resources
Use of multiple passwords to remember
Password change control
18) The best way to ensure that no data remanence of sensitive information that was stored on a DVD-R media is by
Deletion
Destruction
Overwritting
Degaussing
19) Which one is the most common security threat with IoT devices?
Logical Network Segmentation
Lack of device management
Lack of system updates against a new vulnerability
Backdoor
20) The elements of risk are?
Threats, assets and vulnerabilities
Risk and business impact analysis
Business impact analysis and mitigating controls
Natural disasters and man-made disasters