Scribd Logo
Upload

Welcome to Scribd!

  • 741 views

    Mid-Test 1

    Uploaded by

    Aneu Nurbayanti
    This document contains 20 multiple choice practice questions for the ISC2 Certified in Cybersecurity certification exam. The questions cover topics like authentication methods, risk identification, security controls, policies vs procedures, mandatory access control models, and principles of confidentiality, integrity and availability. Sample questions test knowledge of concepts like authentication factors, risk assessment approaches, security solutions, and governance rules and frameworks.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Mid-Test 1

    Uploaded by

    Aneu Nurbayanti
    741 views13 pages
    This document contains 20 multiple choice practice questions for the ISC2 Certified in Cybersecurity certification exam. The questions cover topics like authentication methods, risk identification, security controls, policies vs procedures, mandatory access control models, and principles of confidentiality, integrity and availability. Sample questions test knowledge of concepts like authentication factors, risk assessment approaches, security solutions, and governance rules and frameworks.

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document contains 20 multiple choice practice questions for the ISC2 Certified in Cybersecurity certification exam. The questions cover topics like authentication methods, risk identification, security controls, policies vs procedures, mandatory access control models, and principles of confidentiality, integrity and availability. Sample questions test knowledge of concepts like authentication factors, risk assessment approaches, security solutions, and governance rules and frameworks.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    741 views13 pages

    Mid-Test 1

    Uploaded by

    Aneu Nurbayanti
    This document contains 20 multiple choice practice questions for the ISC2 Certified in Cybersecurity certification exam. The questions cover topics like authentication methods, risk identification, security controls, policies vs procedures, mandatory access control models, and principles of confidentiality, integrity and availability. Sample questions test knowledge of concepts like authentication factors, risk assessment approaches, security solutions, and governance rules and frameworks.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 13

    https://quizlet.

    com/852334995/isc2-certified-in-cybersecurity-cc-
    practice-exam-questions-flash-cards/

    1. Which of the following is an example of a "something you know"


    authentication factor?

    User ID
    Password
    Fingerprint

    2. Within the organization, who can identify risk?


    1 point

    The security manager


    Any security team member
    Senior management
    Anyone

    A vendor sells a particular operating system (OS). In order to deploy


    the OS securely on different platforms, the vendor publishes several
    sets of instructions on how to install it, depending on which platform
    the customer is using. This is an example of a .......
    1 point

    Law
    Procedure
    Standard
    Policy

    Of the following, which would probably not be considered a threat?


    1 point

    Natural disaster
    Unintentional damage to the system caused by a user
    A laptop with sensitive data on it
    An external attacker trying to gain unauthorized access to the environment

    For which of the following assests is integrity probably the most


    important security aspect?
    1 point
    One frame of a streaming video
    The file that contains passwords used to authenticate users
    The color scheme of a marketing website
    Software that checks the spelling of product descriptions for a retail website

    Kerpak works in the security office of a medium-sized entertainment


    company. Kerpak is asked to assess a particular threat, and he
    suggests that the best way to counter this threat would be to
    purchase and implement a particular security solution. This is an
    example of ......
    1 point

    Acceptance
    Avoidance
    Mitigation
    Transference

    The Triffid Corporation publishes a policy that states all personnel will
    act in a manner that protects health and human safety. The security
    office is tasked with writing a detailed set of processes on how
    employees should wear protective gear such a hardhat and gloves
    when in haradous areas. This detailed set of process is a ......
    1 point

    Policy
    Procedure
    Standard
    Law

    The city of Grampon wants to know where all its public vehicles
    (garbage trucks, police cars, etc.) are at all times, so the city has GPS
    transmitters installed in all the vehicles. What kind of control is this?
    1 point

    Administrative
    Entrenched
    Physical
    Technical

    The Payment Card Industry (PCI) Council is a committee made up of


    representatives from major credit card providers (Visa, Mastercard,
    American Express) in the United States. The PCI Council issues rules
    that merchants must follow if the merchants choose to accept
    payment via credit card. These rules describe best practices for
    securing credit card processing technology, activities for securing
    credit card information, and how to protect customers' personal data.
    This set of rules is a _____.
    1 point

    Law
    Policy
    Standard
    Procedure

    Grampon municipal code requires that all companies that operate


    within city limits will have a set of processes to ensure employees are
    safe while working with hazardous materials. Triffid Corporation
    creates a checklist of activities employees must follow while working
    with hazardous materials inside Grampon city limits. The municipal
    code is a ______, and the Triffid checklist is a ________.
    1 point

    Law, procedure
    Standard, law
    Law, standard
    Policy, law

    For which of the following systems would the security concept of


    availability probably be most important?
    1 point

    Medical systems that store patient data


    Retail records of past transactions
    Online streaming of camera feeds that display historical works of art in museums around the world
    Medical systems that monitor patient condition in an intensive care unit

    A bollard is a post set securely in the ground in order to prevent a


    vehicle from entering an area or driving past a certain point. Bollards
    are an example of ______ controls.
    1 point
    Physical
    Administrative
    Drastic
    Technical

    A system that collects transactional information and stores it in a


    record in order to show which users performed which actions is an
    example of providing ________.
    1 point

    Non-repudiation
    Multifactor authentication
    Biometrics
    Privacy

    A software firewall is an application that runs on a device and


    prevents specific types of traffic from entering that device. This is a
    type of ________ control.
    1 point

    Physical
    Administrative
    Passive
    Technical

    In risk management concepts, a(n) _________ is something a security


    practitioner might need to protect.
    1 point

    Vulnerability
    Asset
    Threat
    Likelihood

    Which of the following is an example of a "something you are"


    authentication factor?
    1 point

    A credit card presented to a cash machine


    Your password and PIN
    A user ID
    A photograph of your face
    All of the following are important ways to practice an organization
    disaster recovery (DR) effort, which one is the most important?
    1 point

    Practice restoring data from backups


    Facility evacuation drills
    Desktop/tabletop testing of the plan
    Running the alternate operating site to determine if it could handle critical functions in times of
    emergency

    When should a business continuity plan (BCP) be activated?


    1 point

    As soon as possible
    At the very beginning of a disaster
    When senior management decides
    When instructed to do so by regulators

    An attacker outside the organization attempts to gain access to the


    organization's internal files. This is an example of a(n) ______.
    1 point

    Intrusion
    Exploit
    Disclosure
    Publication

    You are reviewing log data from a router; there is an entry that shows
    a user sent traffic through the router at 11:45 am, local time,
    yesterday. This is an example of a(n) _______.
    1 point

    Incident
    Event
    Attack
    Threat

    Who approves the incident response policy?


    1 point

    ISC
    Senior management
    The security manager
    Investor
    True of False? Business continuity planning is a reactive procedure
    that restores business operations after a disruption occurs.
    1 point

    TRUE
    FALSE

    Which of the following is likely to be included in the business


    continuity plan?
    1 point

    Alternate work areas for personnel affected by a natural disaster


    The organization's strategic security approach
    Last year's budget information
    Log data from all systems

    Tekila works for a government agency. All data in the agency is


    assigned a particular sensitivity level, called a "classification." Every
    person in the agency is assigned a "clearance" level, which
    determines the classification of data each person can access.
    What is the access control model being implemented in Tekila's
    agency?
    1 point

    MAC (mandatory access control)


    DAC (discretionary access control)
    RBAC (role-based access control)
    FAC (formal access control)

    In order for a biometric security to function properly, an authorized


    person's physiological data must be ______.
    1 point

    Broadcast
    Stored
    Deleted
    Modified

    Handel is a senior manager at Triffid, Inc., and is in charge of


    implementing a new access control scheme for the company. Handel
    wants to ensure that operational managers have the utmost personal
    choice in determining which employees get access to which
    systems/data. Which method should Handel select?
    1 point

    Role-based access controls (RBAC)


    Mandatory access controls (MAC)
    Discretionary access controls (DAC)
    Security policy

    Which of the following roles does not typically require privileged


    account access?
    1 point

    Security administrator
    Data entry professional
    System administrator
    Help Desk technician

    A human guard monitoring a hidden camera could be considered a


    ______ control.
    1 point

    Detective
    Preventive
    Deterrent
    Logical

    A _____ is a record of something that has occurred.


    1 point

    Biometric
    Law
    Log
    Firewall

    All of the following are typically perceived as drawbacks to biometric


    systems, except:
    1 point

    Lack of accuracy
    Potential privacy concerns
    Retention of physiological data past the point of employment
    Legality
    Prachi works as a database administrator for Triffid, Inc. Prachi is
    allowed to add or delete users, but is not allowed to read or modify the
    data in the database itself. When Prachi logs onto the system, an
    access control list (ACL) checks to determine which permissions
    Prachi has.
    In this situation, what is the database?
    1 point

    The object
    The role
    The subject
    The site

    Which of the following is not an appropriate control to add to


    privileged accounts?
    1 point

    Increased logging
    Multifactor authentication
    Increased auditing
    Security deposit

    Prachi works as a database administrator for Triffid, Inc. Prachi is


    allowed to add or delete users, but is not allowed to read or modify the
    data in the database itself. When Prachi logs onto the system, an
    access control list (ACL) checks to determine which permissions
    Prachi has.
    In this situation, what is the ACL?
    1 point

    The subject
    The object
    The rule
    The firmware

    Visitors to a secure facility need to be controlled. Controls useful for


    managing visitors include all of the following except:
    1 point
    Sign-in sheet/tracking log
    Fence
    Badges that differ from employee badges
    Receptionist

    Which of the following will have the most impact on determining the
    duration of log retention?
    1 point

    Personal preference
    Applicable laws
    Industry standards
    Type of storage media

    Prachi works as a database administrator for Triffid, Inc. Prachi is


    allowed to add or delete users, but is not allowed to read or modify the
    data in the database itself. When Prachi logs onto the system, an
    access control list (ACL) checks to determine which permissions
    Prachi has.
    In this situation, what is Prachi?
    1 point

    The subject
    The rule
    The file
    The object

    Which of the following would be considered a logical access control?


    1 point

    An iris reader that allows an employee to enter a controlled area


    A fingerprint reader that allows an employee to enter a controlled area
    A fingerprint reader that allows an employee to access a laptop computer
    A chain attached to a laptop computer that connects it to furniture so it cannot be taken

    Trina is a security practitioner at Triffid, Inc. Trina has been tasked


    with selecting a new product to serve as a security control in the
    environment. After doing some research, Trina selects a particular
    product. Before that product can be purchased, a manager must
    review Trina's selection and determine whether to approve the
    purchase. This is a description of:
    1 point
    Two-person integrity
    Segregation of duties
    Software
    Defense in depth

    Larry and Fern both work in the data center. In order to enter the data
    center to begin their workday, they must both present their own keys
    (which are different) to the key reader, before the door to the data
    center opens.
    Which security concept is being applied in this situation?
    1 point

    Defense in depth
    Segregation of duties
    Least privilege
    Dual control

    At Parvi's place of work, the perimeter of the property is surrounded by


    a fence; there is a gate with a guard at the entrance. All inner doors
    only admit personnel with badges, and cameras monitor the hallways.
    Sensitive data and media are kept in safes when not in use.

    This is an example of:


    1 point

    Two-person integrity
    Segregation of duties
    Defense in depth
    Penetration testing

    To adequately ensure availability for a data center, it is best to plan


    for both resilience and _______ of the elements in the facility.
    1 point

    Uniqueness
    Destruction
    Redundancy
    Hue
    Triffid, Inc., has deployed anti-malware solutions across its internal IT
    environment. What is an additional task necessary to ensure this
    control will function properly?
    1 point

    Pay all employees a bonus for allowing anti-malware solutions to be run on their systems
    Update the anti-malware solution regularly
    Install a monitoring solution to check the anti-malware solution
    Alert the public that this protective measure has been taken

    "Wiring _____" is a common term meaning "a place where


    wires/conduits are often run, and equipment can be placed, in order to
    facilitate the use of local networks."
    1 point

    Shelf
    Closet
    Bracket
    House

    Barry wants to upload a series of files to a web-based storage service,


    so that people Barry has granted authorization can retrieve these files.
    Which of the following would be Barry's preferred communication
    protocol if he wanted this activity to be efficient and secure?
    1 point

    SMTP (Simple Mail Transfer Protocol)


    FTP (File Transfer Protocol)
    SFTP (Secure File Transfer Protocol)
    SNMP (Simple Network Management Protocol)

    Which of the following is not a typical benefit of cloud computing


    services?
    1 point

    Reduced cost of ownership/investment


    Metered usage
    Scalability
    Freedom from legal constraints

    Gary is an attacker. Gary is able to get access to the communication


    wire between Dauphine's machine and Linda's machine and can then
    surveil the traffic between the two when they're communicating. What
    kind of attack is this? (D4.2 L4.2.1)
    1 point

    Side channel
    DDOS
    On-path
    Physical

    The concept that the deployment of multiple types of controls provides


    better security than using a single type of control.
    1 point

    VPN
    Least privilege
    Internet
    Defense in depth

    Which common cloud service model only offers the customer access
    to a given application?
    1 point

    Lunch as a service (LaaS)


    Infrastructure as a service (IaaS)
    Platform as a service (PaaS)
    Software as a service

    Inbound traffic from an external source seems to indicate much higher


    rates of communication than normal, to the point where the internal
    systems might be overwhelmed. Which security solution can often
    identify and potentially counter this risk?
    1 point

    Firewall
    Turnstile
    Anti-malware
    Badge system

    A tool that filters inbound traffic to reduce potential threats.


    1 point

    NIDS (network-based intrusion-detection systems)


    Anti-malware
    DLP (data loss prevention)
    Firewall
    .

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy