1) Business impact analysis is performed to best identify what?
Exposure to loss the organization faces
Impacts of a threat to the organization operations
Cost-effcient way to eliminate threats
Impacts of a risk to the organization
2) In the OSI reference model, on which layer is Ethernet?
Layer 1 - Physical layer
Layer 2 - Data-link layer
Layer 3 - Network layer
Layer 4 - Transport layer
3) What is the CIA triad?
Confidentiality, Integrity, and Availability
Confidentiality, Integrity, and Awesomeness
Confidentiality, Inaudible, and Availability
Capacity, Integrity, and Availability
4) A disadvantage of single sign-on is?
Consistent time-out enforcement across platforms
A compromised password exposes all authorized resources
Use of multiple passwords to remember
Password change control
5) Triage encompasses which of the following incident response sub-phases?
Collection, transport, testimony
Traceback, feedback, loopback
Detection, identification, notification
Confidentiality, integrity, availability
6) Which phase best defines a business disaster recovery plan?
An approved set of preparations and procedures for responding to a disaster
A set of plans for preventing a disaster
The adequate preparation and procedures for the continuation of all organization functions
A set of preparations and procedures for responding to a disaster without management approval
7) When sensitive information is no longer critical but still within the scope of a record retention policy , that information is BEST?
Destroyed
Re-categorized
Degaussed
Released
8) The process used in most block ciphers to increase their strength is what?
Step function
Diffusion
SP-network
Confusion
9) What is the right time to plan for security?
Pre-deployment
Post-deployment
Testing Phase
Monitoring Phase
10) A SOC Type 2 report commonly covers what?
9-month period
12-month period
18-month period
Minimum of 6-month period
11) A botnet can be characterized as?
An network used solely for internal communications
An automatic security alerting tool for corporate networks
A group of dispersed, compromised machines controlled remotely for illicit reasons
A type of virus
12) What best describes two-factor authentication?
A hard token and a smart card
A user name and a PIN
A password and a PIN
A PIN and a hard token
13) Which is concerned with identifying the root cause but also addressing the underlying issue?
Change management
Incident management
Configuration management
Problem management
14) Who should receive business continuity plan training in an organization?
Those with specific business continuity roles
First responders
Senior executives
Everyone
15) The elements of risk are?
Threats, assets and vulnerabilities
Risk and business impact analysis
Business impact analysis and mitigating controls
Natural disasters and man-made disasters
16) Which of the following is not addressed by the data retention policy?
What data to keep
For whom data is kept
How long data is kept
Where data is kept
17) Which of the following best determines access of an individual?
Role
Clearance
Partnership with security team
Job rank or title
18) When selecting a security testing method or tool, the practitioner needs to consider many different things, such as:
Surface and supported technology
Security roles and responsibilities for staff
Culture of the organization and likelihood of exposure
Local annual frequency estimate and standard annual frequency estimate
19) What is the term for the act of secretly observing and recording someone's keystrokes on a computer?
Keystroking
Keylogging
Logkeying
Stokelogs
20) Security is likely to be most expensive when addressed in which phase?
Implementation
Testing
Design
Prototyping