Q: What are some of the primary purposes of security frameworks? Select three answers.
- Aligning security with business goals
- Identifying security weaknesses
- Securing financial information
- Safeguarding specific individuals
Q: Which of the following are core components of security frameworks?
Select two answers.
- Establishing regulatory compliance measures
- Implementing security processes
- Managing data requests
- Monitoring and communicating results
Explanation: This involves putting in place and maintaining efficient security controls and processes to safeguard the assets of the company. To facilitate informed decision-making, it is necessary to continuously monitor the efficiency of security measures and communicate the results to the appropriate stakeholders.
Q: Fill in the blank: A security professional implements encryption and
multi-factor authentication (MFA) to better protect customers’ private data.
This is an example of using _____
- security teams
- security controls
- organizational upgrades
- networking regulations
Explanation: To provide a higher level of protection for the confidential information of consumers, a security specialist will use encryption and multi-factor authentication (MFA). This is an illustration of the use of security measures.
Q: You are helping your security team consider risk when setting up a new
software system. Using the CIA triad, you focus on confidentiality,
availability, and what else?
- Information
- Intelligence
- Inconsistencies
- Integrity
Q: Fill in the blank: A key aspect of the CIA triad is ensuring that only
______ can access specific assets.
- social media sites
- business competitors
- authorized users
- internet providers
Q: Which of the following statements accurately describe the NIST CSF?
Select all that apply.
- It is only effective at managing long-term risk.
- Security teams use it as a baseline to manage risk.
- It consists of standards, guidelines, and best practices.
- Its purpose is to help manage cybersecurity risk.
Q: For what reasons might disgruntled employees be some of the most
dangerous threat actors? Select two answers.
- They know where to find sensitive information.
- They have access to sensitive information.
- They have advanced technical skills.
- They are less productive than other employees.
Q: A security professional overhears two employees discussing an exciting
new product that has not been announced to the public. The security
professional chooses to follow company guidelines concerning
confidentiality and does not share the information about the new product with
friends. Which concept does this scenario describe?
- Security controls
- Preserving evidence
- Security ethics
- Data encryption
Q: Fill in the blank: The ethical principle of ______ involves safeguarding
a company database that contains sensitive information about employees.
- honesty
- privacy protection
- unrestricted access
- non-bias
Q: Which ethical principle describes the rules that are recognized by a
community and enforced by a governing entity?
- Guidelines
- Protections
- Restrictions
- Laws
Q: Fill in the blank: A security professional has been tasked with
implementing strict password policies on workstations to reduce the risk of
password theft. This is an example of
- hardware changes
- security teams
- networking regulations
- security controls
Q: You are helping your security team consider risk when setting up a new
software system. Using the CIA triad, you focus on integrity, availability, and
what else?
- Communication
- Confidentiality
- Conformity
Q: Fill in the blank: As a security professional, you monitor the potential
threats associated with _____ because they often have access to sensitive
information, know where to find it, and may have malicious intent.
- disgruntled employees
- external vendors
- existing customers
- governing agencies
Q: A security professional is updating software on a coworker’s computer
and happens to see a very interesting email about another employee. The
security professional chooses to follow company guidelines with regards to
privacy protections and does not share the information with coworkers. Which
concept does this scenario describe?
- Business email compromise
- Preserving evidence
- Security ethics
- Security control
Q: A security professional working at a bank is running late for a meeting.
They consider saving time by leaving files on their desk that contain client
account numbers. However, after thinking about company guidelines with regards
to compliance, the security professional takes the time to properly store the
files. Which concept does this scenario describe?
- Security controls
- Public finance
- Preserving evidence
- Security ethics
Q: You are a security professional working for a state motor vehicle agency
that stores drivers’ national identification numbers and banking information.
Which ethical principle involves adhering to rules that are intended to protect
these types of data?
- Investigations
- Restrictions
- Laws
- Guidelines