Question 1

1. ___________________ is the act of protecting information and the systems that store and
process it.
Information systems security
Policy framework
Change management
Policy principles document
2 points

Question 2
1. Which of the following situations best illustrates the process of authentication?
A Web site sets users’ passwords to expire every 90 days
Using an electronic signature on official documentation
When an application sets a limit on the amount of payment a user can approve
When a service is made unavailable to a user due to a server crash
2 points

Question 3
1. A vulnerability is a human-caused or natural event that could impact the system, whereas
a risk is a weakness in a system that can be exploited.
True

False

2 points

Question 4
1. Integrity ensures that only authorized individuals are able to access information.
True

False

2 points

Question 5
1. Availability ensures information is available to authorized users and devices. Initially, the
information owner must determine availability requirements. The owner must determine who
needs access to the data and when.
True

False

2 points

Question 6
1. Policies, which can be a process or a method for implementing a solution, often become the
measuring stick by which an organization is evaluated for compliance.
True
 False

2 points

Question 7
1. Data exists generally in one of two states: data at rest, such as on a backup tape, or data in
transit, such as when traveling across a network.
True

False

2 points

Question 8
1. If human action is required, the control is considered _______________.
corrective
automated
manual
preventative
2 points

Question 9
1. A(n) ___________________ is a confirmed event that compromises the confidentiality,
integrity, or availability of information.
breach
residual risk
operational deviation
threat
2 points

Question 10
1. The most senior leader responsible for managing an organization’s risks is the chief privacy
officer (CPO). Which of the following is not one of the responsibilities of the CPO?
The CPO is responsible for keeping up with privacy laws.
The CPO also needs to understand how the laws impact business.
The CPO must be a lawyer.
The CPO must work closely with a technology team to create strong security policies.
2 points

Question 11
1. The _______________ domain refers to any endpoint device used by end users, which includes
but is not limited to mean any smart device in the end user’s physical possession and any device
accessed by the end user, such as a smartphone, laptop, workstation, or mobile device
workstation
user
remote access
 system/application

2 points

Question 12
1. Authentication of a workstation and encryption of wireless traffic are issues that belong to which
of the following two domains?
LAN and WAN
workstation and LAN
LAN-WAN and remote access
workstation and WAN
2 points

Question 13
1. In recent years, ___________________ has emerged as major technology. It provides a way of
buying software, infrastructure, and platform services on someone else’s network.
remote access domain
social networking
cloud computing
web graffiti
2 points

Question 14
1. Which backup type provides the quickest restore time but the slowest backup time?
Full

Incremental

Differential

Mirror

2 points

Question 15
1. Which backup type only processes new or modified files and folders?
Full

Incremental

Differential

Mirror

2 points

Question 16
1. Which backup type has a fast restore time and processes a backup for all data changed since the last full backup?
Full

Incremental

Differential
 Mirror

2 points

Question 17
1. Data mirroring is the process of reflecting data in order to increase disk access speeds.

True

False

2 points

Question 18
1. In order to have a successful backup plan, backups must be tested regularly.

True

False

2 points

Question 19
1. A door lock is damaged and in need of repair. What type of control does the door lock represent?
Physical

Administrative/Procedural

Technical

Backup

2 points

Question 20
1. A policy defining security awareness training has recently been drafted by your organization. What type of control does this respresent?
Physical

Administrative/Procedural

Technical

Backup

2 points

Question 21
1. Your team is in charge of implementing and maintaining a network firewall. What type of control does the firewall represent?
Physical

Administrative/Procedural

Technical

Backup

2 points

Question 22
1. Backups can be an example of a corrective control when used for restoration purposes.

True

False
 2 points

Question 23
1. A firewall can be an example of a preventative control.

True

False

2 points

Question 24
1. An admin is assigned to review logs on a daily basis. This is an example of a detective control.

True

False

2 points

Question 25
1. Locard's Exchange Principle states that "when a crime is committed, the perpetrators leave something behind and take something with them".

True

False

2 points

Question 26
1. Which of the following is not required for effective IDS managment.
Regular updates

Awareness
Technically knowledgeable staff

A list of all possible attacks

2 points

Question 27
1. Which of the following represent the three fundamental components of an alarm?
Housing, whistle, and light
Sensor, control and communication, and enunciator

Strobe, bell, and air horn

Pull box, control box, and signal horn

2 points

Question 28
1. An Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) function exactly the same but just have different terms associated to
them.

True

False

2 points

Question 29
1. Intrusion Detection Systems (IDS) are designed to alert the admin of a potential issue but do not make any proactive changes to the system.
 True

False

2 points

Question 30
1. Correctly order the steps of a physical security system.
5.

Respond

2.

Deter

1.

Assess

3.

Detect

4.

Delay

2 points

Question 31
1. Of these security card types, which is the least secure and oldest method?
Magnetic stripe

Proximity Card

Smart Card

Credit Card

2 points

Question 32
1. Which security card type employs a small radio transmitter to transfer a signal to a nearby reader?
Magnetic Stripe

Proximity Card

Smart Card

Credit Card

2 points

Question 33
1. CCTV stands for:
Circular Conduit TV

Closed Conduit TV
 Circular Circuit TV

Closed Circuit TV

2 points

Question 34
1. Which of the following drive types have no moving parts and therefore have a longer mean time between failures?
Legacy hard drive

Spindle hard drive

Solid state hard drive

Super state hard drive

2 points

Question 35
1. Which RAID level provides mirroring and requires at two drives?
1

2 points

Question 36
1. Which RAID level provides no redundancy or failure protection and is employs only striping?
6

2 points

Question 37
1. Which RAID level can survive two drive failures without the entire RAID failing?
0

2 points

Question 38
1. Which RAID level employs block-level striping and distributed parity, requires at least three disks, and can survive a single-disk failure.
0

6
 2 points

Question 39
1. RAID is important in small home/office computers but is not employed in large corporate datacenters.

True

False

2 points

Question 40
1. A SAN and a NAS are both types of network storage, but they function on the network in completely different ways.

True

False

2 points

Question 41
1. Match the fire classification letter to the fire type.

A. A A. Common Combustibles

B. Live Electrical Equipment

D. B
C. Cooking Media
B. C
D. Flammable Liquids and Gases

E. D E. Combustible Metals

C. K

2 points

Question 42
1. What fire classification would be the most likely culprit in a datacenter fire?
A

2 points

Question 43
1. Order the four stages of fire development.
2.

Visible smoke

1.

Incipient

4.

Heat

3.
 Fast flaming

2 points

Question 44
1. Which of the following is an early smoke detection system based on laser smoke detection?
VESDA

Simplex

Honeywell

First Alert

2 points

Question 45
1. After many years of service, your organizations HR director has retired. Since the director's machine was newly purchased, that
machine is going to be reallocated to another staff member and the new director will receive a new machine. As a security admin,
you are not aware of the transfer and no procedures are completed on the computer before the transfer. Which security standard
has been violated?
Recoverability
Intrusion prevention

Object reuse and/or contamination

Acceptable use policy

2 points

Question 46
1. You are in charge of a mission-critical data center. As part of your checklist, you ensure that backup generators have enough fuel to meet
standards. How many hours of fuel should the generator have at minimum?
12 hours

18 hours

24 hours

48 hours

2 points

Question 47
1. Which of the following items do HVAC systems not control?
Temperature

Humidity
Air pollution and contamination

Power protection

2 points

Question 48
1. A UPS is designed to provide clean and steady power to electronic equipment.

True

False

2 points
 Question 49
1. Degaussing requires a high strength magnetic field.

True

False

2 points

Question 50
1. An employee was recently terminated. After the termination, the hard drive from their workstation was retrieved for archival purposes per the
security policy guidelines. The maximum archival time has now elapsed and the drive should be destroyed. What is the most effective way to
destroy the data on the drive?
Degauss and physical destruction

Format using Windows format

Overwrite

Reuse the drive