CC Question [PDF]

Zitiervorschau

Chapter 1:

Muhammad Rashid Sattar (username: [email protected]) Attempt 1 Written: Dec 1, 2022 4:36 AM - Dec 1, 2022 4:45 AM

Submission View

Your quiz has been submitted successfully. 1 / 1 point

A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of a: (D1, L1.3.1) Question options: A) Management/Administrative control

B) Technical control C) Physical control D) Cloud control View question 1 feedback 1 / 1 point

Is it possible to avoid risk? (D1, L1.2.1) Question options: A) Yes B) No C) Sometimes D) Never View question 2 feedback 0 / 1 point

What is meant by non-repudiation?  (D1, L1.1.1) Question options: A) If a user does something, they can't later claim that they didn't do it.

B) Controls to protect the organization's reputation from harm due to inappropriate social media postings time.    C) It is part of the rules set by administrative controls.  D) It is a security feature that prevents session replay attacks. 

View question 3 feedback 1 / 1 point

Which of the following is NOT one of the four typical ways of managing risk?  (D1, L1.2.1) Question options: A) Avoid

B) Accept

C) Mitigate D) Conflate View question 4 feedback 1 / 1 point

Siobhan is deciding whether to make a purchase online; the vendor wants Siobhan to create a new user account, and is requesting Siobhan's full name, home address, credit card number, phone number, email address, the ability to send marketing messages to Siobhan, and permission to share this data with other vendors. Siobhan decides that the item for sale is not worth the value of Siobhan's personal information, and decides to not make the purchase.   What kind of risk management approach did Siobhan make? (D1, L1.2.2) Question options: A) Avoidance B) Acceptance C) Mitigation

D) Transfer View question 5 feedback 1 / 1 point

Guillermo is the system administrator for a midsized retail organization. Guillermo has been tasked with writing a document that describes, step-by-step, how to securely install the operating system on a new laptop. This document is an example of a ________. (D1, L1.4.1) Question options: A) Policy

B) Standard C) Procedure D) Guideline View question 6 feedback 1 / 1 point

Lankesh is the security administrator for a small food-distribution company. A new law is published by the country in which Lankesh's company operates; the law conflicts with the company's policies. Which governance element should Lankesh's company follow? (D1, L1.4.2) Question options: A) The law B) The policy C) Any procedures the company has created for the particular activities affected by the law

D) Lankesh should be allowed to use personal and professional judgment to make the determination of ho View question 7 feedback 0 / 1 point

Kristal is the security administrator for a large online service provider. Kristal learns that the company is harvesting personal data of its customers and sharing the data with local governments where the company operates, without the knowledge of the users, to allow the governments to persecute users on the basis of their political and philosophical beliefs. The published user agreement states that the company will not share personal user data with any entities without the users' explicit permission.  According to the (ISC) 2 Code of Ethics, to whom does Kristal ultimately owe a duty in this situation? (D1, L1.5.1) Question options: A) The governments of the countries where the company operates  B) The company Kristal works for 

C) The users D) (ISC)2  View question 8 feedback 1 / 1 point

While taking the certification exam for this certification, you notice another candidate for the certification cheating. What should you do? (D1, L1.5.1) Question options:

A) Nothing—each person is responsible for their own actions. B) Yell at the other candidate for violating test security. C) Report the candidate to (ISC)2. 

D) Call local law enforcement. View question 9 feedback 1 / 1 point

The concept of "secrecy" is most related to which foundational aspect of security? (D1, L1.1.1) Question options: A) Confidentiality B) Integrity

C) Availability D) Plausibility View question 10 feedback

Congratulations, you passed the quiz! You've achieved an overall grade of 70% or higher and completed this activity.

80 % Chapter 2:

Muhammad Rashid Sattar (username: [email protected] Attempt 1 Written: Dec 1, 2022 5:21 AM - Dec 1, 2022 5:30 AM

Submission View

Your quiz has been submitted successfully. Question 1

1 / 1 point

You are working in your organization's security office. You receive a call from

network several times with the correct credentials, with no success. This is an Question options: A) Emergency B) Event C) Policy D) Disaster

View question 1 feedback Question 2

1 / 1 point

You are working in your organization's security office. You receive a call from

network several times with the correct credentials, with no success. After a br

user's account has been compromised. This is an example of a(n)_______. (D2, Question options: A) Risk management

B) Incident detection C) Malware D) Disaster View question 2 feedback Question 3

1 / 1 point

An external entity has tried to gain access to your organization's IT environme example of a(n) _________. (D2, L2.1.1) Question options: A) Exploit B) Intrusion

C) Event D) Malware View question 3 feedback Question 4

0 / 1 point

When responding to a security incident, your team determines that the vulner

known to the security community, and that there are no currently known defin databases or collections. This vulnerability and exploit might be called ______ Question options: A) Malware B) Critical C) Fractal

D) Zero-day View question 4 feedback Question 5

1 / 1 point

True or False? The IT department is responsible for creating the organization's Question options: True False View question 5 feedback Question 6

0 / 1 point

The Business Continuity effort for an organization is a way to ensure critical _

disaster, emergency, or interruption to the production environment. (D2, L 2.2 Question options: A) Business B) Technical C) IT D) Financial View question

6 feedback Question 7

1 / 1 point

Which of the following is very likely to be used in a disaster recovery (DR) effo Question options: A) Guard dogs

B) Data backups C) Contract personnel

D) Anti-malware solutions View question 7 feedback Question 8

1 / 1 point

Which of the following is often associated with DR planning? (D2, L 2.3.1) Question options: A) Checklists B) Firewalls C) Motion detectors D) Non-repudiation View question 8 feedback Question 9

0 / 1 point

Which of these activities is often associated with DR efforts? (D2, L2.3.1) Question options: A) Employees returning to the primary production location

B) Running anti-malware solutions

C) Scanning the IT environment for vulnerabilities

D) Zero-day exploits Hide question 9 feedback Incorrect. Zero-day exploits are a security threat, but not typically associated with DR efforts. Question 10

1 / 1 point

Which of these components is very likely to be instrumental to any disaster re Question options: A) Routers B) Laptops C) Firewalls D) Backups View question 10 feedback

Congratulations, you passed the quiz!

You've achieved an overall grade of 70% or higher and completed this activity.

70 %

Chapter 3:

Muhammad Rashid Sattar (username: [email protected] Attempt 4 Written: Dec 2, 2022 12:25 AM - Dec 2, 2022 12:26 AM

Submission View

Your quiz has been submitted successfully. Question 1

1 / 1 point

Which of the following is a subject? (D 3, L3.1.1) Question options: A) A file B) A fence C) A filename

D) A user View question 1 feedback Question 2

1 / 1 point

Lia works in the security office. During research, Lia learns that a configuratio

organization's IT environment. Lia makes a proposal for this change, but the c

approved, tested, and then cleared for deployment by the Change Control Boa __________. (D3, L3.1.1) Question options: A) Defense in depth

B) Holistic security C) Threat intelligence

D) Segregation of duties View question 2 feedback Question 3

1 / 1 point

Duncan and Mira both work in the data center at Triffid, Inc. There is a policy

present in the data center at the same time; if one of them has to leave for an until they can both re-enter. This is called ________. (D 3, L3.1.1) Question options: A) Blockade

B) Multifactor authentication C) Two-person integrity D) Defense in depth View question 3 feedback Question 4

1 / 1 point

Clyde is the security analyst tasked with finding an appropriate physical contr

people will follow badged employees through the entrance of the organization address this risk? (D3, L3.2.1) 

Question options: A) Fences

B) Dogs C) Bollards D) Turnstiles View question 4 feedback Question 5

1 / 1 point

Sinka is considering a physical deterrent control to dissuade unauthorized peo property. Which of the following would serve this purpose? (D3, L3.2.1) Question options: A) A wall

B) Razor tape C) A sign

D) A hidden camera View question 5 feedback Question 6

1 / 1 point

Which of these combinations of physical security controls share a single point Question options: A) Guards and fences B) Badge readers and walls

C) Dogs and bollards

D) High-illumination lighting and cameras View question 6 feedback Question 7

1 / 1 point

Lakshmi presents a userid and a password to a system in order to log on. Whi the userid  have? (D3, L3.3.1)  Question options: A) Confidential

B) Complex C) Unique D) Long View question 7 feedback Question 8

1 / 1 point

Lakshmi presents a userid and a password to a system in order to log on. Whi the password have? (D3, L3.3.1)  Question options: A) Confidential B) Unique C) Mathematical D) Shared View question

8 feedback Question 9

1 / 1 point

Derrick logs on to a system in order to read a file. In this example, Derrick is t Question options: A) Subject

B) Object C) Process

D) Predicate View question 9 feedback Question 10

1 / 1 point

Which is a physical control that prevents "piggybacking" or "tailgating"; that is authorized person into a controlled area? (D3, L3.2.1) Question options: A) Bollard B) Turnstile C) Fence D) Wall View question 10 feedback

Congratulations, you passed the quiz! You've achieved an overall grade of 70% or higher and completed this

activity.

100 %

Chapter 4:

Muhammad Rashid Sattar (username: [email protected]) Attempt 2 Written: Dec 2, 2022 1:34 AM - Dec 2, 2022 1:35 AM

Submission View Your quiz has been submitted successfully. 1 / 1 point

Common network device used to connect networks. (D4.1 L4.1.1)  Question options: A) Server

B) Endpoint C) Router D) Switch View question 1 feedback 1 / 1 point

A common network device used to filter traffic. (D4.1 L4.1.1)  Question options: A) Server

B) Endpoint C) Ethernet D) Firewall View question

2 feedback 1 / 1 point

endpoint  Web server    Which port number is associated with the protocol typically used in this connection?  (D 4.1 L4.1.2)   Question options: A) 21

B) 53

C) 80 D) 161 View question 3 feedback 1 / 1 point

An attack against the availability of a network/system; typically uses many attacking machines to direct traffic against a given target. (D4.2 L4.2.1) Question options: A) Worm

B) Virus C) Stealth D) Distributed-denial-of-service (DDOS) View question

4 feedback 1 / 1 point

A security solution installed on an endpoint in order to detect potentially anomalous activity. (D4.2 L4.2.2) Question options: A) Router B) Host-based intrusion prevention system

C) Switch D) Security incident and event management system (SIEM) View question 5 feedback 1 / 1 point

A security solution that detects, identifies and often quarantines potentially hostile software. (D4.2, L4.2.2) Question options: A) Firewall B) Guard

C) Camera D) Anti-malware View question 6 feedback 1 / 1 point

The common term used to describe the mechanisms that control the temperature and humidity in a data center. (D4.3 L4.3.1) Question options: A) VLAN (virtual local area network)

B) HVAC (heating, ventilation and air conditioning) C) STAT (system temperature and timing) D) TAWC (temperature and water control) View question 7 feedback 1 / 1 point

A cloud arrangement whereby the provider owns and manages the hardware, operating system, and applications in the cloud, and the customer owns the data. (D4.3 L4.3.2) Question options: A) Infrastructure as a service (IaaS)

B) Morphing as a service (MaaS) C) Platform as a service (PaaS) D) Software as a service (SaaS) View question 8 feedback 1 / 1 point

A portion of the organization's network that interfaces directly with the outside world; typically, this exposed area has more security controls

and restrictions than the rest of the internal IT environment. (D4.3 L4.3.3) Question options: A) National Institute of Standards and Technology (NIST)

B) Demilitarized zone (DMZ) C) Virtual private network (VPN) D) Virtual local area network (VLAN)  View question 9 feedback 1 / 1 point

Which of the following tools can be used to grant remote users access to the internal IT environment? (D 4.3 L4.3.3) Question options: A) VLAN (virtual local area network) B) VPN (virtual private network) C) DDOS (distributed denial-of-service) D) MAC (media access control) View question 10 feedback

Congratulations, you passed the quiz!

You've achieved an overall grade of 70% or higher and completed this activity.

100 %

Chapter 5:

Muhammad Rashid Sattar (username: [email protected]) Attempt 4 Written: Dec 2, 2022 2:32 AM - Dec 2, 2022 2:33 AM

Submission View Your quiz has been submitted successfully.

1 / 1 point

Which of the following can be used to map data flows through an organization and the relevant security controls used at each point along the way? (D5.1, L5.1.1) Question options: A) Encryption B) Hashing C) Hard copy

D) Data life cycle View question 1 feedback 1 / 1 point

Why is an asset inventory so important? (D5.2, L5.2.1) Question options: A) It tells you what to encrypt

B) You can't protect what you don't know you have C) The law requires it D) It contains a price list View question 2 feedback 1 / 1 point

Who is responsible for publishing and signing the organization's policies? (D5.3, L5.3.1) Question options:

A) The security office B) Human Resources C) Senior management

D) The legal department View question 3 feedback 1 / 1 point

Which of the following is always true about logging? (D5.1, L5.1.3) Question options: A) Logs should be very detailed B) Logs should be in English

C) Logs should be concise D) Logs should be stored separately from the systems they're logging View question 4 feedback 1 / 1 point

A mode of encryption for ensuring confidentiality efficiently, with a minimum amount of processing overhead (D5.1, L5.1.3) Question options: A) Asymmetric B) Symmetric

C) Hashing D) Covert View question 5 feedback 1 / 1 point

A ready visual cue to let anyone in contact with the data know what the classification is. (D5.1, L5.1.1) Question options: A) Encryption

B) Label C) Graphics D) Photos View question 6 feedback 1 / 1 point

A set of security controls or system settings used to ensure uniformity of configuration throughout the IT environment. (D5.2, L5.2.1) Question options: A) Patches B) Inventory C) Baseline D) Policy

View question 7 feedback 1 / 1 point

What is the most important aspect of security awareness/training? (D5.4, L5.4.1) Question options: A) Protecting assets

B) Maximizing business capabilities C) Ensuring the confidentiality of data

D) Protecting health and human safety View question 8 feedback 1 / 1 point

Which entity is most likely to be tasked with monitoring and enforcing security policy? (D5.3, L5.3.1) Question options: A) The Human Resources office B) The legal department

C) Regulators D) The security office View question 9 feedback 1 / 1 point

Which organizational policy is most likely to indicate which types of smartphones can be used to connect to the internal IT environment? (D5.3, L5.3.1) Question options: A) The CM policy (change management) B) The password policy C) The AUP (acceptable use policy)

D) The BYOD policy (bring your own device) View question 10 feedback

Congratulations, you passed the quiz! You've achieved an overall grade of 70% or higher and completed this activity.

100 %