- All Exams Instant Download
Which of the following should the CISO read and understand before writing the policies?
A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?A . PCI DSSB . GDPRC . NISTD . ISO 31000View AnswerAnswer: B Explanation: GDPR is...
Which of the following BEST describes this type of email?
Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe’s identity before sending him the prize. Which of the following BEST describes this type of email?A ....
Which of the following would be the BEST way to achieve this objective?
A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?A . OAuthB . SSOC . SAMLD . PAPView AnswerAnswer: C
Which of the following would mitigate the damage done by this type of data exfiltration in the future?
A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plan text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?A . Create DLP controls that prevent...
Which of the following is the MOST likely cause of the CRO’s concerns?
The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performed....
Which of the following should the administrator use?
A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee’s hard disk. Which of the following should the administrator use?A . ddB . chmodC . dnsenumD . loggerView AnswerAnswer: A
Which of the following would BEST meet this need?
A security analyst is looking for a solution to help communicate to the leadership team the seventy levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?A . CVEB . SIEMC . SOARD . CVSSView AnswerAnswer: D Explanation: The Common Vulnerability Scoring System (CVSS) is a...
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?A . InvestigationB . ContainmentC . RecoveryD . Lessons learnedView AnswerAnswer: B
Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?
Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?A . MOUB . MTTRC . SLAD . NDAView AnswerAnswer: C Explanation: Service level agreement (SLA). An SLA is an agreement between a company...
Which of the following describes what the manager is doing?
A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the...
