Q: Which of the following threats are examples of malware? Select two answers.
- Error messages
- Viruses
- Worms
- Bugs
Q: Fill in the blank:
Social engineering is a ______ that exploits human error to gain
private information, access, or valuables.
- manipulation techniques
- replicating virus
- type of malware
- business breach
Q: Which of the
following threats are most likely to occur in the event of a phishing attack?
Select all that apply.
- Malicious software being deployed
- Theft of the organization’s hardware
- Employees inadvertently revealing sensitive data
- Overtaxing systems with too many internal emails
Q: Which domain
involves defining security goals and objectives, risk mitigation, compliance,
business continuity, and the law?
- Security architecture and engineering
- Security assessment and testing
- Identity and access management
- Security and risk management
Q: Which domain
involves optimizing data security by ensuring that effective tools, systems,
and processes are in place?
- Security architecture and engineering
- Communication and network security
- Identity and access management
- Security and risk management
Q: Which domain
involves securing digital and physical assets, as well as managing the storage,
maintenance, retention, and destruction of data?
- Security operations
- Communication and network security
- Security assessment and testing
- Asset security
Q: Which of the
following tasks may be part of the identity and access management domain?
Select three answers.
- Ensuring users follow established policies
- Managing and controlling physical and logical assets
- Setting up an employee’s access keycard
- Conducting security control testing
Q: Which domain
involves conducting investigations and implementing preventive measures?
- Security operations
- Security and risk management
- Identity and access management
- Asset security
Explanation: The day-to-day actions that are involved in monitoring, identifying, investigating, and reacting to security occurrences inside an organization are the primary emphasis of security operations. The implementation of preventative measures to limit the risk of security breaches and the effect of such breaches, as well as the performance of post-incident analysis to enhance security practices and resilience, are both included in this description.
Q: A security
professional is researching compliance and the law in order to define security
goals. Which domain does this scenario describe?
- Security assessment and testing
- Security architecture and engineering
- Security and risk management
- Identity and access management
Explanation: To effectively manage security and risks, it is necessary to have a comprehensive grasp of legal and regulatory requirements, conduct risk assessments, to formulate security policies and objectives based on these evaluations, and to guarantee compliance with all relevant laws and regulations. The strategic elements of managing security inside an organization are the focus of this area. These aspects include the establishment of objectives and the alignment of security activities with business goals and compliance needs.
Q: Which of the
following tasks may be part of the security architecture and engineering
domain? Select all that apply.
- Validating the identities of employees
- Ensuring that effective systems and processes are in place
- Configuring a firewall
- Securing hardware
Explanation: Security architecture and engineering about the process of creating and putting into action efficient security systems, procedures, and controls to safeguard assets and minimize risks. It is often considered to be within the purview of security architecture and engineering to configure security devices such as firewalls. This is because the configuration of these devices entails developing the network security infrastructure to guard against unauthorized access and threats. To verify the identification of the staff members: In most cases, this work is a component of identity and access management (IAM), which is the administration of procedures of access control and authentication.
Q: Which of the
following tasks may be part of the security assessment and testing domain?
Select all that apply.
- Conducting security audits
- Collecting and analyzing data
- Auditing user permissions
- Securing physical networks and wireless communications
Explanation: Conducting audits to evaluate the security posture of systems, networks, and applications in comparison to predetermined security standards and best practices is a common component of security testing and assessment techniques. Common tasks within the realm of security assessment and testing include reviewing and auditing user permissions to verify that access controls are effectively set and aligned with security rules. This is done to guarantee that security policies are adhered to. Processes of data collection and analysis: Although data collection and analysis are essential for a variety of areas of security operations and management, they are not exclusive to the domain of security assessment and testing, which is primarily concerned with analyzing and validating security controls and settings.
Q: Which domain
involves keeping data secure by ensuring users follow established policies to
control and manage physical assets?
- Security assessment and testing
- Security and risk management
- Communication and network security
- Identity and access management
Explanation: The term "identity and access management" (IAM) refers to the process of managing and limiting access to physical assets (also known as buildings, rooms, and equipment) based on predetermined rules and user IDs. Assuring that users have access rights and privileges that are suitable for their positions and responsibilities within the company is the primary emphasis of this security measure. Additional responsibilities in this area include the implementation of controls and procedures to enforce security regulations for the management of physical assets and access.
Q: Which of the
following tasks may be part of the security operations domain? Select all that
apply.
- Conducting investigations
- Implementing preventive measures
- Investigating an unknown device that has connected to an internal network
- Using coding practices to create secure applications
Q: Fill in the blank:
Social engineering is a manipulation technique that exploits______
error to gain access to private information.
- human
- computer
- coding
- network
Explanation: The term "social engineering" refers to a sort of manipulation that takes advantage of human mistakes to get access to confidential information.
Q: Which of the
following tasks are part of the security and risk management domain? Select all
that apply.
- Securing physical assets
- Defining security goals and objectives
- Business continuity
- Compliance
Explanation: It is common practice to identify the process of safeguarding physical assets with physical security measures rather than with the strategic management of security risks and goals. This is although securing physical assets is vital for overall security. It is common practice to view compliance with legal and regulatory requirements as a distinct but related area that overlaps with security and risk management practices. This is although compliance with these standards is significantly essential for security and risk management.
Q: Which of the
following tasks may be part of the asset security domain? Select all that
apply.
- Ensuring users follow established policies
- Data storage and maintenance
- Securing digital and physical assets
- Proper disposal of digital assets
Explanation: To ensure confidentiality, integrity, and availability, asset security entails the management and protection of data during its entire lifespan, including its storage and maintenance. The protection of assets includes safeguarding both digital assets (such as data, software, and intellectual property) and physical assets (such as hardware, facilities, and equipment) from illegal access, theft, loss, or damage. Physical assets include things like hardware, facilities, and equipment. An additional component of asset security is making certain that digital assets are disposed of properly when they are no longer required. This is done to avoid unwanted access or data breaches.
Q: A security
professional is asked to issue a keycard to a new employee. Which domain does
this scenario relate to?
- Security assessment and testing
- Identity and access management
- Security and risk management
- Communication and network security
Explanation: Managing and restricting access to resources inside an organization is what identity and access management takes care of. IAM is responsible for the process of furnishing access credentials, which includes the issuance of keycards to new employees. This procedure is part of the process of providing access credentials. Authentication, authorization, provisioning, and management of user identities and access privileges are some of the duties that fall under this domain. The purpose of this domain is to guarantee that workers have proper access to the organization's facilities and systems.