Академический Документы
Профессиональный Документы
Культура Документы
1. ___________________ is the act of protecting information and the systems that store and
process it.
Information systems security
Policy framework
Change management
Policy principles document
2 points
Question 2
1. Which of the following situations best illustrates the process of authentication?
A Web site sets users’ passwords to expire every 90 days
Using an electronic signature on official documentation
When an application sets a limit on the amount of payment a user can approve
When a service is made unavailable to a user due to a server crash
2 points
Question 3
1. A vulnerability is a human-caused or natural event that could impact the system, whereas
a risk is a weakness in a system that can be exploited.
True
False
2 points
Question 4
1. Integrity ensures that only authorized individuals are able to access information.
True
False
2 points
Question 5
1. Availability ensures information is available to authorized users and devices. Initially, the
information owner must determine availability requirements. The owner must determine who
needs access to the data and when.
True
False
2 points
Question 6
1. Policies, which can be a process or a method for implementing a solution, often become the
measuring stick by which an organization is evaluated for compliance.
True
False
2 points
Question 7
1. Data exists generally in one of two states: data at rest, such as on a backup tape, or data in
transit, such as when traveling across a network.
True
False
2 points
Question 8
1. If human action is required, the control is considered _______________.
corrective
automated
manual
preventative
2 points
Question 9
1. A(n) ___________________ is a confirmed event that compromises the confidentiality,
integrity, or availability of information.
breach
residual risk
operational deviation
threat
2 points
Question 10
1. The most senior leader responsible for managing an organization’s risks is the chief privacy
officer (CPO). Which of the following is not one of the responsibilities of the CPO?
The CPO is responsible for keeping up with privacy laws.
The CPO also needs to understand how the laws impact business.
The CPO must be a lawyer.
The CPO must work closely with a technology team to create strong security policies.
2 points
Question 11
1. The _______________ domain refers to any endpoint device used by end users, which includes
but is not limited to mean any smart device in the end user’s physical possession and any device
accessed by the end user, such as a smartphone, laptop, workstation, or mobile device
workstation
user
remote access
system/application
2 points
Question 12
1. Authentication of a workstation and encryption of wireless traffic are issues that belong to which
of the following two domains?
LAN and WAN
workstation and LAN
LAN-WAN and remote access
workstation and WAN
2 points
Question 13
1. In recent years, ___________________ has emerged as major technology. It provides a way of
buying software, infrastructure, and platform services on someone else’s network.
remote access domain
social networking
cloud computing
web graffiti
2 points
Question 14
1. Which backup type provides the quickest restore time but the slowest backup time?
Full
Incremental
Differential
Mirror
2 points
Question 15
1. Which backup type only processes new or modified files and folders?
Full
Incremental
Differential
Mirror
2 points
Question 16
1. Which backup type has a fast restore time and processes a backup for all data changed since the last full backup?
Full
Incremental
Differential
Mirror
2 points
Question 17
1. Data mirroring is the process of reflecting data in order to increase disk access speeds.
True
False
2 points
Question 18
1. In order to have a successful backup plan, backups must be tested regularly.
True
False
2 points
Question 19
1. A door lock is damaged and in need of repair. What type of control does the door lock represent?
Physical
Administrative/Procedural
Technical
Backup
2 points
Question 20
1. A policy defining security awareness training has recently been drafted by your organization. What type of control does this respresent?
Physical
Administrative/Procedural
Technical
Backup
2 points
Question 21
1. Your team is in charge of implementing and maintaining a network firewall. What type of control does the firewall represent?
Physical
Administrative/Procedural
Technical
Backup
2 points
Question 22
1. Backups can be an example of a corrective control when used for restoration purposes.
True
False
2 points
Question 23
1. A firewall can be an example of a preventative control.
True
False
2 points
Question 24
1. An admin is assigned to review logs on a daily basis. This is an example of a detective control.
True
False
2 points
Question 25
1. Locard's Exchange Principle states that "when a crime is committed, the perpetrators leave something behind and take something with them".
True
False
2 points
Question 26
1. Which of the following is not required for effective IDS managment.
Regular updates
Awareness
Technically knowledgeable staff
2 points
Question 27
1. Which of the following represent the three fundamental components of an alarm?
Housing, whistle, and light
Sensor, control and communication, and enunciator
2 points
Question 28
1. An Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) function exactly the same but just have different terms associated to
them.
True
False
2 points
Question 29
1. Intrusion Detection Systems (IDS) are designed to alert the admin of a potential issue but do not make any proactive changes to the system.
True
False
2 points
Question 30
1. Correctly order the steps of a physical security system.
5.
Respond
2.
Deter
1.
Assess
3.
Detect
4.
Delay
2 points
Question 31
1. Of these security card types, which is the least secure and oldest method?
Magnetic stripe
Proximity Card
Smart Card
Credit Card
2 points
Question 32
1. Which security card type employs a small radio transmitter to transfer a signal to a nearby reader?
Magnetic Stripe
Proximity Card
Smart Card
Credit Card
2 points
Question 33
1. CCTV stands for:
Circular Conduit TV
Closed Conduit TV
Circular Circuit TV
Closed Circuit TV
2 points
Question 34
1. Which of the following drive types have no moving parts and therefore have a longer mean time between failures?
Legacy hard drive
2 points
Question 35
1. Which RAID level provides mirroring and requires at two drives?
1
2 points
Question 36
1. Which RAID level provides no redundancy or failure protection and is employs only striping?
6
2 points
Question 37
1. Which RAID level can survive two drive failures without the entire RAID failing?
0
2 points
Question 38
1. Which RAID level employs block-level striping and distributed parity, requires at least three disks, and can survive a single-disk failure.
0
6
2 points
Question 39
1. RAID is important in small home/office computers but is not employed in large corporate datacenters.
True
False
2 points
Question 40
1. A SAN and a NAS are both types of network storage, but they function on the network in completely different ways.
True
False
2 points
Question 41
1. Match the fire classification letter to the fire type.
A. A A. Common Combustibles
E. D E. Combustible Metals
C. K
2 points
Question 42
1. What fire classification would be the most likely culprit in a datacenter fire?
A
2 points
Question 43
1. Order the four stages of fire development.
2.
Visible smoke
1.
Incipient
4.
Heat
3.
Fast flaming
2 points
Question 44
1. Which of the following is an early smoke detection system based on laser smoke detection?
VESDA
Simplex
Honeywell
First Alert
2 points
Question 45
1. After many years of service, your organizations HR director has retired. Since the director's machine was newly purchased, that
machine is going to be reallocated to another staff member and the new director will receive a new machine. As a security admin,
you are not aware of the transfer and no procedures are completed on the computer before the transfer. Which security standard
has been violated?
Recoverability
Intrusion prevention
2 points
Question 46
1. You are in charge of a mission-critical data center. As part of your checklist, you ensure that backup generators have enough fuel to meet
standards. How many hours of fuel should the generator have at minimum?
12 hours
18 hours
24 hours
48 hours
2 points
Question 47
1. Which of the following items do HVAC systems not control?
Temperature
Humidity
Air pollution and contamination
Power protection
2 points
Question 48
1. A UPS is designed to provide clean and steady power to electronic equipment.
True
False
2 points
Question 49
1. Degaussing requires a high strength magnetic field.
True
False
2 points
Question 50
1. An employee was recently terminated. After the termination, the hard drive from their workstation was retrieved for archival purposes per the
security policy guidelines. The maximum archival time has now elapsed and the drive should be destroyed. What is the most effective way to
destroy the data on the drive?
Degauss and physical destruction