Quix4 - D1 - 50Q

Descrição

Good Luck!
Requiemdust Sheena
Quiz por Requiemdust Sheena, atualizado more than 1 year ago
Requiemdust Sheena
Criado por Requiemdust Sheena mais de 4 anos atrás
786
0

Resumo de Recurso

Questão 1

Questão
Which one of the following is not an example of a technical control?
Responda
  • A. Router ACL
  • B. Firewall rule
  • C. Encryption
  • D. Data classification

Questão 2

Questão
Which one of the following stakeholders is not typically included on a business continuity planning team?
Responda
  • A. Core business function leaders
  • B. Information technology staff
  • C. CEO
  • D. Support departments

Questão 3

Questão
Ben is designing a messaging system for a bank and would like to include a feature that allows the recipient of a message to prove to a third party that the message did indeed come from the purported originator. What goal is Ben trying to achieve?
Responda
  • A. Authentication
  • B. Authorization
  • C. Integrity
  • D. Nonrepudiation

Questão 4

Questão
What principle of information security states that an organization should implement overlapping security controls whenever possible?
Responda
  • A. Least privilege
  • B. Separation of duties
  • C. Defense in depth
  • D. Security through obscurity

Questão 5

Questão
Which one of the following is not a goal of a formal change management program?
Responda
  • A. Implement change in an orderly fashion.
  • B. Test changes prior to implementation.
  • C. Provide rollback plans for changes.
  • D. Inform stakeholders of changes after they occur.

Questão 6

Questão
Ben is responsible for the security of payment card information stored in a database. Policy directs that he remove the information from the database, but he cannot do this for operational reasons. He obtained an exception to policy and is seeking an appropriate compensating control to mitigate the risk. What would be his best option?
Responda
  • A. Purchasing insurance
  • B. Encrypting the database contents
  • C. Removing the data
  • D. Objecting to the exception

Questão 7

Questão
The Domer Industries risk assessment team recently conducted a qualitative risk assessment and developed a matrix similar to the one shown here. Which quadrant contains the risks that require the most immediate attention?
Responda
  • A. I
  • B. II
  • C. III
  • D. IV

Questão 8

Questão
Tom is planning to terminate an employee this afternoon for fraud and expects that the meeting will be somewhat hostile. He is coordinating the meeting with Human Resources and wants to protect the company against damage. Which one of the following steps is most important to coordinate in time with the termination meeting?
Responda
  • A. Informing other employees of the termination
  • B. Retrieving the employee’s photo ID
  • C. Calculating the final paycheck
  • D. Revoking electronic access rights

Questão 9

Questão
Rolando is a risk manager with a large-scale enterprise. The firm recently evaluated the risk of California mudslides on its operations in the region and determined that the cost of responding outweighed the benefits of any controls it could implement. The company chose to take no action at this time. What risk management strategy did Rolando’s organization pursue?
Responda
  • A. Risk avoidance
  • B. Risk mitigation
  • C. Risk transference
  • D. Risk acceptance

Questão 10

Questão
You discover that a user on your network has been using the Wireshark tool, as shown here. Further investigation revealed that he was using it for illicit purposes. What pillar of information security has most likely been violated?
Responda
  • A. Integrity
  • B. Denial
  • C. Availability
  • D. Confidentiality

Questão 11

Questão
Alan is performing threat modeling and decides that it would be useful to decompose the system into the key elements shown here. What tool is he using?
Responda
  • A. Vulnerability assessment
  • B. Fuzzing
  • C. Reduction analysis
  • D. Data modeling

Questão 12

Questão
Which one of the following tools is most often used for identification purposes and is not suitable for use as an authenticator?
Responda
  • A. Password
  • B. Retinal scan
  • C. Username
  • D. Token

Questão 13

Questão
Which type of business impact assessment tool is most appropriate when attempting to evaluate the impact of a failure on customer confidence?
Responda
  • A. Quantitative
  • B. Qualitative
  • C. Annualized loss expectancy
  • D. Reduction

Questão 14

Questão
Which one of the following is the first step in developing an organization’s vital records program?
Responda
  • A. Identifying vital records
  • B. Locating vital records
  • C. Archiving vital records
  • D. Preserving vital records

Questão 15

Questão
Which one of the following security programs is designed to provide employees with the knowledge they need to perform their specific work tasks?
Responda
  • A. Awareness
  • B. Training
  • C. Education
  • D. Indoctrination

Questão 16

Questão
Which one of the following security programs is designed to establish a minimum standard common denominator of security understanding?
Responda
  • A. Training
  • B. Education
  • C. Indoctrination
  • D. Awareness

Questão 17

Questão
Ryan is a security risk analyst for an insurance company. He is currently examining a scenario in which a malicious hacker might use a SQL injection attack to deface a web server due to a missing patch in the company’s web application. In this scenario, what is the threat?
Responda
  • A. Unpatched web application
  • B. Web defacement
  • C. Malicious hacker
  • D. Operating system

Questão 18

Questão
Henry is the risk manager for Atwood Landing, a resort community in the midwestern United States. The resort’s main data center is located in northern Indiana in an area that is prone to tornados. Henry recently undertook a replacement cost analysis and determined that rebuilding and reconfiguring the data center would cost $10 million. Henry consulted with tornado experts, data center specialists, and structural engineers. Together, they determined that a typical tornado would cause approximately $5 million of damage to the facility. The meteorologists determined that Atwood’s facility lies in an area where they are likely to experience a tornado once every 200 years. Based upon the information in this scenario, what is the exposure factor for the effect of a tornado on Atwood Landing’s data center?
Responda
  • A. 10%
  • B. 25%
  • C. 50%
  • D. 75%

Questão 19

Questão
Henry is the risk manager for Atwood Landing, a resort community in the midwestern United States. The resort’s main data center is located in northern Indiana in an area that is prone to tornados. Henry recently undertook a replacement cost analysis and determined that rebuilding and reconfiguring the data center would cost $10 million. Henry consulted with tornado experts, data center specialists, and structural engineers. Together, they determined that a typical tornado would cause approximately $5 million of damage to the facility. The meteorologists determined that Atwood’s facility lies in an area where they are likely to experience a tornado once every 200 years. Based upon the information in this scenario, what is the annualized rate of occurrence for a tornado at Atwood Landing’s data center?
Responda
  • A. 0.0025
  • B. 0.005
  • C. 0.01
  • D. 0.015

Questão 20

Questão
Henry is the risk manager for Atwood Landing, a resort community in the midwestern United States. The resort’s main data center is located in northern Indiana in an area that is prone to tornados. Henry recently undertook a replacement cost analysis and determined that rebuilding and reconfiguring the data center would cost $10 million. Henry consulted with tornado experts, data center specialists, and structural engineers. Together, they determined that a typical tornado would cause approximately $5 million of damage to the facility. The meteorologists determined that Atwood’s facility lies in an area where they are likely to experience a tornado once every 200 years. Based upon the information in this scenario, what is the annualized loss expectancy for a tornado at Atwood Landing’s data center?
Responda
  • A. $25,000
  • B. $50,000
  • C. $250,000
  • D. $500,000

Questão 21

Questão
John is analyzing an attack against his company in which the attacker found comments embedded in HTML code that provided the clues needed to exploit a software vulnerability. Using the STRIDE model, what type of attack did he uncover?
Responda
  • A. Spoofing
  • B. Repudiation
  • C. Information disclosure
  • D. Elevation of privilege

Questão 22

Questão
Which one of the following is an administrative control that can protect the confidentiality of information?
Responda
  • A. Encryption
  • B. Nondisclosure agreement
  • C. Firewall
  • D. Fault tolerance

Questão 23

Questão
Chris is worried that the laptops that his organization has recently acquired were modified by a third party to include keyloggers before they were delivered. Where should he focus his efforts to prevent this?
Responda
  • A. His supply chain
  • B. His vendor contracts
  • C. His post-purchase build process
  • D. The original equipment manufacturer (OEM)

Questão 24

Questão
STRIDE, PASTA, and VAST are all examples of what type of tool?
Responda
  • A. Risk assessment methodologies
  • B. Control matrices
  • C. Threat modeling methodologies
  • D. Awareness campaign tools

Questão 25

Questão
In her role as a developer for an online bank, Lisa is required to submit her code for testing and review. After it passes through this process and it is approved, another employee moves the code to the production environment. What security management does this process describe?
Responda
  • A. Regression testing
  • B. Code review
  • C. Change management
  • D. Fuzz testing

Questão 26

Questão
After completing the first year of his security awareness program, Charles reviews the data about how many staff completed training compared to how many were assigned the training to determine whether he hit the 95 percent completion rate he was aiming for. What is this type of measure called?
Responda
  • A. A KPI
  • B. A metric
  • C. An awareness control
  • D. A return on investment rate

Questão 27

Questão
Which of the following is not typically included in a prehire screening process?
Responda
  • A. A drug test
  • B. A background check
  • C. Social media review
  • D. Fitness evaluation

Questão 28

Questão
The (ISC)2 code of ethics applies to all CISSP holders. Which of the following is not one of the four mandatory canons of the code?
Responda
  • A. Protect society, the common good, the necessary public trust and confidence, and the infrastructure
  • B. Disclose breaches of privacy, trust, and ethics
  • C. Provide diligent and competent service to the principles
  • D. Advance and protect the profession

Questão 29

Questão
Greg’s company recently experienced a significant data breach involving the personal data of many of their customers. Which breach laws should they review to ensure that they are taking appropriate action?
Responda
  • A. The breach laws in the state where they are headquartered
  • B. The breach laws of states they do business in
  • C. Only federal breach laws
  • D. Breach laws only cover government agencies, not private businesses

Questão 30

Questão
Lawrence has been asked to perform vulnerability scans and a risk assessment of systems. Which organizational process are these more likely to be associated with?
Responda
  • A. A merger
  • B. A divestiture
  • C. A layoff
  • D. A financial audit

Questão 31

Questão
Which of the following is not typically part of a termination process?
Responda
  • A. An exit interview
  • B. Recovery of property
  • C. Account termination
  • D. Signing an NCA

Questão 32

Questão
Laura has been asked to perform an SCA. What type of organization is she most likely in?
Responda
  • A. Higher education
  • B. Banking
  • C. Government
  • D. Healthcare

Questão 33

Questão
After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?
Responda
  • A. Accept
  • B. Transfer
  • C. Reduce
  • D. Reject

Questão 34

Questão
What is the final step of a quantitative risk analysis?
Responda
  • A. Determine asset value.
  • B. Assess the annualized rate of occurrence.
  • C. Derive the annualized loss expectancy.
  • D. Conduct a cost/benefit analysis.

Questão 35

Questão
Under the Digital Millennium Copyright Act (DMCA), what type of offenses do not require prompt action by an internet service provider after it receives a notification of infringement claim from a copyright holder?
Responda
  • A. Storage of information by a customer on a provider’s server
  • B. Caching of information by the provider
  • C. Transmission of information over the provider’s network by a customer
  • D. Caching of information in a provider search engine

Questão 36

Questão
FlyAway Travel has offices in both the European Union (EU) and the United States and transfers personal information between those offices regularly. They have recently received a request from an EU customer requesting that their account be terminated. Under the General Data Protection Regulation (GDPR), which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?
Responda
  • A. The right to access
  • B. Privacy by design
  • C. The right to be forgotten
  • D. The right of data portability

Questão 37

Questão
Which one of the following is not one of the three common threat modeling techniques?
Responda
  • A. Focused on assets
  • B. Focused on attackers
  • C. Focused on software
  • D. Focused on social engineering

Questão 38

Questão
In 1991, the Federal Sentencing Guidelines formalized a rule that requires senior executives to take personal responsibility for information security matters. What is the name of this rule?
Responda
  • A. Due diligence rule
  • B. Personal liability rule
  • C. Prudent man rule
  • D. Due process rule

Questão 39

Questão
Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve multifactor authentication?
Responda
  • A. Username
  • B. Personal identification number (PIN)
  • C. Security question
  • D. Fingerprint scan

Questão 40

Questão
Chris is advising travelers from his organization who will be visiting many different countries overseas. He is concerned about compliance with export control laws. Which of the following technologies is most likely to trigger these regulations?
Responda
  • A. Memory chips
  • B. Office productivity applications
  • C. Hard drives
  • D. Encryption software

Questão 41

Questão
Bobbi is investigating a security incident and discovers that an attacker began with a normal user account but managed to exploit a system vulnerability to provide that account with administrative rights. What type of attack took place under the STRIDE threat model?
Responda
  • A. Spoofing
  • B. Repudiation
  • C. Tampering
  • D. Elevation of privilege

Questão 42

Questão
You are completing your business continuity planning effort and have decided that you wish to accept one of the risks. What should you do next?
Responda
  • A. Implement new security controls to reduce the risk level.
  • B. Design a disaster recovery plan.
  • C. Repeat the business impact assessment.
  • D. Document your decision-making process.

Questão 43

Questão
Which one of the following control categories does not accurately describe a fence around a facility
Responda
  • A. Physical
  • B. Detective
  • C. Deterrent
  • D. Preventive

Questão 44

Questão
Tony is developing a business continuity plan and is having difficulty prioritizing resources because of the difficulty of combining information about tangible and intangible assets. What would be the most effective risk assessment approach for him to use?
Responda
  • A. Quantitative risk assessment
  • B. Qualitative risk assessment
  • C. Neither quantitative nor qualitative risk assessment
  • D. Combination of quantitative and qualitative risk assessment

Questão 45

Questão
What law provides intellectual property protection to the holders of trade secrets?
Responda
  • A. Copyright Law
  • B. Lanham Act
  • C. Glass-Steagall Act
  • D. Economic Espionage Act

Questão 46

Questão
Which one of the following principles imposes a standard of care upon an individual that is broad and equivalent to what one would expect from a reasonable person under the circumstances?
Responda
  • A. Due diligence
  • B. Separation of duties
  • C. Due care
  • D. Least privilege

Questão 47

Questão
Darcy is designing a fault tolerant system and wants to implement RAID level 5 for her system. What is the minimum number of physical hard disks she can use to build this system?
Responda
  • A. One
  • B. Two
  • C. Three
  • D. Five

Questão 48

Questão
Which one of the following is an example of an administrative control?
Responda
  • A. Intrusion detection system
  • B. Security awareness training
  • C. Firewalls
  • D. Security guards

Questão 49

Questão
Keenan Systems recently developed a new manufacturing process for microprocessors. The company wants to license the technology to other companies for use but wishes to prevent unauthorized use of the technology. What type of intellectual property protection is best suited for this situation?
Responda
  • A. Patent
  • B. Trade secret
  • C. Copyright
  • D. Trademark

Questão 50

Questão
Which one of the following actions might be taken as part of a business continuity plan?
Responda
  • A. Restoring from backup tapes
  • B. Implementing RAID
  • C. Relocating to a cold site
  • D. Restarting business operations

Semelhante

COMO APRENDER MAIS RAPIDO
Nataniel Neto
Capitais do Mundo e curiosidades
Luiz Fernando
Processos PMBOK 5ª edição
Clenia Paradela
Plano de estudos ENEM - Parte 1 *Humanas
GoConqr suporte .
7 Tendências Educacionais
GoConqr suporte .
5 Ferramentas de Estudo para Melhorar sua Aprendizagem
GoConqr suporte .
EA-HSG-2013 Questões achadas no app QUIZADA na playstore
carloshenriquetorrez .
LICITAÇÕES (visão geral)
Priscila Franco Andrade
MAPA CONCEITUAL - ÁRVORE DOS SONHOS
ricardo santana
Mapa Mental - Exame de Certificação CTFL-AT
Larissa Trindade