- All Exams Instant Download
What is the residual risk?
A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50%of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?A . 25%B . 50%C . 75%D . 100%View AnswerAnswer: A
Mandatory Access Controls (MAC) are based on:
Mandatory Access Controls (MAC) are based on:A . security classification and security clearanceB . data segmentation and data classificationC . data labels and user access permissionsD . user roles and data encryptionView AnswerAnswer: A
Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?
Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?A . ConfidentialityB . IntegrityC . IdentificationD . AvailabilityView AnswerAnswer: A
Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?
Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?A . End-to-end data encryption for data in transitB . Continuous monitoring of potential vulnerabilitiesC . A strong breach notification processD . Limited collection of individuals’ confidential dataView AnswerAnswer: D
Which of the following BEST minimizes the risk of this happening again?
A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?A . Define additional security controls directly after the mergerB . Include a procurement officer in...
At a MINIMUM, audits of permissions to individual or group accounts should be scheduled
At a MINIMUM, audits of permissions to individual or group accounts should be scheduledA . annuallyB . to correspond with staff promotionsC . to correspond with terminationsD . continuallyView AnswerAnswer: A
What is the MAIN goal of information security awareness and training?
What is the MAIN goal of information security awareness and training?A . To inform users of the latest malware threatsB . To inform users of information assurance responsibilitiesC . To comply with the organization information security policyD . To prepare students for certificationView AnswerAnswer: B
When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?
When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?A . Log all activities associated with sensitive systemsB . Provide links to security policiesC . Confirm that confidentially agreements are signedD . Employ strong access controlsView AnswerAnswer: D
Which security access policy contains fixed security attributes that are used by the system to determine a user’s access to a file or object?
Which security access policy contains fixed security attributes that are used by the system to determine a user’s access to a file or object?A . Mandatory Access Control (MAC)B . Access Control List (ACL)C . Discretionary Access Control (DAC)D . Authorized user controlView AnswerAnswer: A
Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?
Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?A . Inert gas fire suppression systemB . Halon gas fire suppression systemC . Dry-pipe sprinklersD . Wet-pipe sprinklersView AnswerAnswer: C
