- Threat
- Regulation
- Procedure
- Vulnerability
Q: Which of the following are examples of security vulnerabilities?
Select three answers.
- Unlocked doors at a business
- Weak password
- Suspended access card
- Unattended laptop
Q: Which of the following statements correctly describe security asset
management? Select two answers.
- It uncovers gaps in security.
- It decreases vulnerabilities.
- It helps identify risks.
- It is a one-time process.
Q: An employee is asked to email customers and request that they
complete a satisfaction survey. The employee must be given access to
confidential information in the company database to conduct the survey. What
types of confidential customer information should the employee be able to
access from the company’s database to do their job? Select two answers.
- Credit card data
- Home addresses
- E-mail addresses
- Customer names
Q: What are the characteristics of restricted information? Select two
answers.
- It is considered need-to-know.
- It is available to anyone in an organization.
- It is highly sensitive.
- It is protected with less defenses.
Q: Which of the following can be prevented with effective information
security? Select three answers.
- Reputational damage
- Compliance with regulations
- Identity theft
- Financial loss
Q: What is an example of data in use? Select three answers.
- Downloading a file attachment.
- Playing music on your phone.
- Reading emails in your inbox.
- Watching a movie on a laptop.
The email program is now accessing and displaying the data attached to the email.Spending time watching a movie on a laptop: The media player on the laptop is now processing and playing the movie file; it is currently playing.
Q: What are some key benefits of a security plan? Select three answers.
- Enhance business advantage by collaborating with key partners.
- Establish a shared set of standards for protecting assets.
- Outline clear procedures that describe how to protect assets and react to threats.
- Define consistent policies that address what’s being protected and why.
Q: An employee who has access to company assets abuses their privileges
by stealing information and selling it for personal gain. What does this
scenario describe?
- Procedure
- Regulation
- Threat
- Vulnerability
Q: Which of the following are examples of a vulnerability? Select two
answers.
- A malfunctioning door lock
- Malicious hackers stealing access credentials
- Attackers causing a power outage
- An employee misconfiguring a firewall
Q: Fill in the blank: Information security (InfoSec) is the practice of
keeping ____ in all states away from unauthorized users.
- documents
- files
- data
- processes
Q: What is an example of digital data at rest? Select two answers.
- Contracts in a file cabinet
- Email messages in an inbox
- Letters on a table
- Files on a hard drive
Q: Who should an effective security plan focus on protecting? Select
three answers.
- Employees
- Competitors
- Business partners
- Customers
Q: Which of the following are functions of the NIST Cybersecurity
Framework core? Select three answers.
- Protect
- Detect
- Implement
- Respond
Q: Fill in the blank: The NIST Cybersecurity Framework (CSF) is
commonly used to meet regulatory _____.
- procedures
- compliance
- fines
- restrictions
Q: A malicious hacker gains access to a company system in order to
access sensitive information. What does this scenario describe?
- Threat
- Procedure
- Vulnerability
- Regulation
Q: Which of the following are examples of internal-only information?
Select two answers.
- Intellectual property
- Employee records
- Business plans
- Credit card numbers
Q: Which of the following are components of the NIST Cybersecurity
Framework? Select three answers.
- Tiers
- Core
- Controls
- Profiles
Q: What is the first step of asset management?
- To classify assets based on value
- To assign a risk score to assets
- To make an asset inventory
- To address an asset’s vulnerabilities
Q: What is an example of confidential information? Select two answers.
- Marketing strategy
- Press release
- Project documents
- Employee contacts
Q: Fill in the blank: Most security plans address risks by breaking
them down into these categories: damage, disclosure, and _____.
- removal
- deletion
- loss of information
- leakage
Q: What NIST Cybersecurity Framework (CSF) tier is an indication that
compliance is being performed at an exemplary standard?
- Level-1
- Level-3
- Level-4
- Level-2
Q: Which component of the NIST Cybersecurity Framework (CSF) is used to
measure the performance of a security plan?
- Tiers
- Framework
- Respond
- Core
Q: Which of the following refers to the process of tracking assets and
the risks that affect them?
- Asset administration
- Asset inventory
- Asset classification
- Asset management
Q: What is an example of restricted information? Select three answers.
- Cardholder data
- Employee email addresses
- Intellectual property
- Health information