Q: What is the purpose of a security framework?
- Create security controls to protect marketing campaigns
- Establish policies to expand business relationships
- Build plans to help mitigate risks and threats to data and privacy
- Develop procedures to help identify productivity goals
Q: Which of the following characteristics are examples of biometrics?
Select all that apply.
- Eye scan
- Fingerprint
- Palm scan
- Password
Q: Which of the following statements accurately describe the CSF? Select
all that apply.
- The protect function of the CSF involves returning affected systems back to normal operation.
- The identify function of the CSF involves managing cybersecurity risk and its effects on an organization’s people and assets.
- Implementing improvements to a security process is part of the respond function of the CSF.
- The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
Q: A security team establishes controls, including permission settings that
will be used to create multiple security points that a threat actor must get
through to breach their organization. Which OWASP principle does this scenario
describe?
- Defense in depth
- Separation of duties
- Principle of least privilege
- Keep security simple
Q: What are some of the primary objectives of an internal security audit?
Select all that apply.
- Help security teams identify organizational risk
- Avoid fines due to a lack of compliance
- Reduce the amount of data on a network
- Determine what needs to be improved in order to achieve the desired security posture
Q: Fill in the blank: In an internal security audit, _____ involves
identifying potential threats, risks, and vulnerabilities to decide
what security measures should be implemented.
- establishing the scope and goals
- conducting a risk assessment
- communicating to stakeholders
- assessing compliance
Q: A security analyst performs an internal security audit. They determine
that the organization needs to install surveillance cameras at various store
locations. What are they working to establish?
- Physical controls
- Technical controls
- Administrative controls
- Communication controls
Q: What information is typically communicated to stakeholders after
completion of an internal security audit? Select three answers.
- Comprehensive details about each part of the process
- Compliance regulations to be adhered to
- Strategies for improving security posture
- Results and recommendations
Q: How do organizations use security frameworks to develop an effective
security posture?
- As a guide to identify threat actor strategies
- As a policy to protect against phishing campaigns
- As a policy to support employee training initiatives
- As a guide to reduce risk and protect data and privacy
Q: Fill in the blank: A security professional uses _____ to convert data
from a readable format to an encoded format.
- authentication
- encryption
- authorization
- confidentiality
Q: You work as a security analyst for a community organization that has
large amounts of private data. Which core principle of the CIA triad do you use
to ensure private information is kept safe?
- Consistency
- Integrity
- Availability
- Confidentiality
Q: A security team considers how to avoid unnecessarily complicated
solutions when implementing security controls. Which OWASP principle does this
scenario describe?
- Principle of least privilege
- Keep security simple
- Defense in depth
- Fix security issues correctly
Q: Fill in the blank: The planning elements of an internal security audit
include establishing scope and _____, then conducting a risk assessment.
- goals
- limitations
- controls
- compliance
Q: What information is typically communicated to stakeholders after
completion of an internal security audit? Select three answers.
- Strategies for improving security posture
- Existing risks that need to be addressed now or in the future
- Detailed data about past cybersecurity incidents
- A summary of the goals
Q: What does a security professional use to create guidelines and plans
that educate employees about how they can help protect the organization?
- Security hardening
- Security posture
- Security framework
- Security audit
Q: Fill in the blank: An employee using multi-factor authentication to
verify their identity is an example of the _____ process.
- encryption
- integrity
- confidentiality
- authentication