Which of the following is defined as a contract that prescribes the technical support or business parameters a provider will bestow to its client? ● Final audit report |
Service level agreement |
HIPAA is a set of federal regulations that define securiti guidelines. What do HIPAA guidelines protect? ● Availability |
Privacy |
What is a service level agreement (SLA)? ● A contract with a legal entity to limit your asset loss liability |
A guarantee of a specific level of service |
A Service Level Agreement (SLA) defines the relationship and contractual responsibilities of providers and service recipients. Which of the following characteristics are most important when designing an SLA? (Select two.) ☐ Clear and detailed descriptions of penalties if the level of service is not provided. |
☑ Clear and detailed descriptions of penalties if the level of service is not provided. ☑ Detailed provider responsibilities for all continuity and disaster recovery mechanisms. |
You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? ● Change management |
Change management |
When you inform an employee that they are being terminated, what is the most important activity? ● Allowing them to complete their current work projects |
Disabling their network access |
What is the most effective way to improve or enforce security in any environment? ● Enforcing account lockout |
Providing user-awareness training |
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. ● Write junk data over the discs seven times |
Shred the disks |
Which of the following best describes the concept of due care or due diligence? ● Reasonable precautions based on industry best practices are utilized and documented. |
Reasonable precautions based on industry best practices are utilized and documented. |
Which of the following is an example of a strong password? ● Robert694 |
a8bT11$yi |
Which of the following is a recommendation to use when a specific standard or procedure does not exist? ● Procedure |
Guideline |
Which of the following is the best protection against security violations? ● Defense in-depth |
Defense in-depth |
What is the primary purpose of source code escrow? ● To obtain change rights over software after the vendor goes out of business |
To obtain change rights over software after the vendor goes out of business |
Change control should be used to oversee and manage changes over what aspect of an organization? ● Physical environment |
Every aspect |
You have recently discovered that a network attack has compromised your database server. The attacker may have stolen customer credit card numbers. ● Implement training for employees who handle personal information |
Contact your customers to let them know about the security breach |
Which of the following is not an appropriate response to a risk discovered during a risk analysis? ● Denial |
Denial |
Which of the following best defines Single Loss Expectancy (SLE)? ● The monetary value of a single employee's loss of productivity due to a successful attack |
The total monetary loss associated with a single occurrence of a threat |
What is the average number of times that a specific risk is likely to be realized in a single year? ● Estimated maximum downtime |
Annualized rate of occurrence |
Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called? ● Risk |
Residual risk |
Which of the following statements is true regarding risk analysis? (Select two.) ☐ Don't implement a countermeasure if the cost is greater than loss. |
☑ Don't implement a countermeasure if the cost is greater than loss. ☑ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year. |
When would choosing to do nothing about an identified risk be acceptable? ● When the cost of protecting the asset is greater than the potential loss |
When the cost of protecting the asset is greater than the potential loss |
If an organization shows suffcient due care, which burden is eliminated in the event of a security breach? ● Negligence |
Negligence |
You have conducted a risk analysis to protect a key company asset. You identify the following values: ● 25 |
75 |
When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated? ● Multiply the Single Loss Expectancy (SLE) by the standard annual deviation. |
Through historical data provided by insurance companies and crime statistics. |
Purchasing insurance is what type of response to risk? ● Transference |
Transference |
To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used? ● Asset classification |
Delphi method |
You have conducted a risk analysis to protect a key company asset. You identify the following values: ● 100 |
300 |
Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies? ● Chinese Wall |
Network DLP |
Which type of data loss prevention system can be configured to block unauthorized email messages from being sent and, therefore, being subject to email retention rules? ● Network DLP |
Endpoint DLP |
Which of the following is not an accepted countermeasure to strengthen a cryptosystem? ● Implement long key spaces |
Keep the cryptosystem a secret |
When recovering from a disaster, which services should you stabilize first? ● Outside communications |
Mission-critical |
In business continuity planning, what is the primary focus of the scope? ● Company assets |
Business Processes |
What is the primary goal of business continuity planning? ● Minimize decision-making during the development process |
Maintaining business operations with reduced or restricted infrastructure capabilities or resources |
When is a BCP or DRP design and development actually completed? ● Only after testing and drilling |
Never |
As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan? ● Redefine all roles and responsibilities |
Collect and destroy all old plan copies |
You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuo Plan (BCP) with two other database professionals. ● Succession planning |
Tabletop exercise |
Match each Manageable Network Plan milestone on the left with the tasks that are associated with that milestone on the right. Each milestone may be used once, more than once, or not at all. ● Prepare to Document |
Make sure that remote access connections are secure ● Reach Your Network Create a list of all protocols being used on the network ● Map Your Network Identify the choke points on the network ● Protect Your Network Use timestamps on all documents ● Prepare to Document Create a list of all devices ● Map Your Network |
Match each Manageable Neüork Plan milestone on the left with the tasks that are associated with that milestone on the right. Each milestone may be used once, more than once, or not at all. ● Control Your Network |
Remove insecure protocols ● Reach Your Network Implement the principle of least privilege ● Control Your Network Segregate and isolate networks ● Protect Your Network Establish an update management process ● Manage Your Network Establish a baseline for all systems ● Manage Your Network |
You have recently been hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network plan for the network. ☐ Create an approved application list for each network device |
☑ Identify and document each user on the network ☑ Physically secure high-value systems |
You have hired 10 new temporary workers who will be with the company for three months. You want to make sure that after that time the user accounts cannot be used for login. What should you do? ● Configure day/time restrictions in the user accounts |
Configure account expiration in the user accounts |
As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same neüvork segment as the human resources department. ● Create a separate VLAN for each department |
Create a separate VLAN for each department |
What is the primary countermeasure to social engineering? ● Traffic filters |
Awareness |
How can an organization help prevent social engineering attacks? (Select two.) ☐ Educate employees on the risks and countermeasures. |
☑ Educate employees on the risks and countermeasures. ☑ Publish and enforce clearly-written security policies. |
Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online entity that the victim trusts? ● Session hijacking |
Phishing |
Match the social engineering description on the left with the appropriate attack type on the right. ● An attacker searches through an organization's trash looking for sensitive information. |
Phishing ● An attacker pretending to be from a trusted organization sends an email asking users to access a website to verify personal information. Whaling ● An attacker gathers personal information about the target individual, who is a CEO. Spear phishing ● An attacker gathers personal information about the target individual in an organization. Dumpster diving ● An attacker searches through an organization's trash looking for sensitive information. Piggybacking ● An attacker enters a secured building by following an authorized employee through a secure door without providing identification Vishing ● An attacker uses a telephone to convince target individuals to reveal their credit card information. |
Which of the following is a common social engineering attack? ● Using a sniffer to capture network traffic |
Distributing hoax virus information emails |
You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that, as part of a system upgrade, you are to go to a website and enter your user name and password at a new website so you can manage your email and spam using the new service. ● Open a web browser and type the URL included in the email. Follow the directions to enter pur login |
Verify that the email was sent by the administrator and that this new service is legitimate. |
Dumpster diving is a low-tech way to gathering information that may be useful in gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? ● Create a strong password policy |
Establish and enforce a document destruction policy |
Which of the following are examples of social engineering? (Select two.) ☐ War dialing |
☑ Dumpster diving ☑ Shoulder surfing |
Which of the following social engineering attacks use Voice over IP (VolP) to gain sensitive information? ● Spear phishing |
Vishing |
A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. ● MAC spoofing |
Whaling |
Identify and label the following attacks by dragging the term on the left to the definition on the right. Not all terms are used. ● Vishing |
An attacker convinces personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access. ● Masquerading An attacker pretending to be from a trusted organization sends emails to senior executives and high-profile personnel asking them to verify personal information or send money. ● Whaling Attackers use Voice over IP (VolP) to pretend to be from a trusted organization and ask victims to verify personal information or send money. ● Vishing Attackers send emails with specific information about the victim (such as which online banks they use) that ask them to verify personal information or send money. ● Spear phishing Attackers send unwanted and unsolicited text messages to many people with the intent to sell products or services. ● Spim |
The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering? ● Commitment |
Authority |
You've just received an email message explaining that a new and serious malicious code threat is ravaging across the internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a Victim of this threat by the presence of three files in the folder. As a countermeasure, the message suggests that you delete these three files from your system. ● Reboot the system |
Verify the information on well-known malicious code threat management websites |
What is the weakest point in an organization's security infrastructure? ● Physical structure |
People |
Which of the following is not a form of social engineering? ● A virus hoax email message |
Impersonating a user by logging on with stolen credentials |
What is another name for a back door that was accidentally left in a product by the manufacturer? ● Trojan horse |
Maintenance hook |
Which of the following is an action that must take place during the release stage of the SDLC? ● Testing of the software for bugs. |
Vendors develop and release patches in response to exploited vulnerabilities that have been discovered. |
Which of the following program writing development modes is a method that allows for optimal control over coherence, security, accuracy, and comprehensibility? ● Clean room |
Structured programming |
How often should change control management be implemented? ● Only when changes are made that affect senior management. |
Any time a production system is altered. |
In which phase of the system life cycle is a security integrated into the product? ● Software Development |
Project Initiation |
In which phase of the system life cycle is software testing performed? ● Functional design analysis and planning |
Software development and coding |
What is the primary purpose of imposing software lifecycle management concepts? ● Increase interoperability |
Increase the quality of software |
What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year? ● To cut costs on travel |
To check for evidence of fraud |
A code of ethics does all but which of the following? ● Establishes a baseline for managing complex situations |
Clearly defines courses of action to take when a complex issue is encountered |
Which of the following are typically associated with human resource security policies? (Select two.) ☐ Termination |
☑ Termination ☑ Background checks |
Which of the following is not part of security awareness training? ● Establish reporting procedures for suspected security violations |
Employee agreement documents |
Over the last month, pu have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment? ● Reduce all employee permissions and privileges |
Improve and hold new awareness sessions |
As you help a user with a computer problem, pu notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down? ● Remove the complex password requirement |
Implement end-user training |
You have installed antivirus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she installed some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. ● Close unused firewall ports |
User awareness training |
Which of the following defines two-man control? ● For any task in which vulnerabilities exist, steps within the tasks are assigned to different positions with |
Certain tasks should be dual-custody in nature to prevent a security breach. |
Which of the following is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information? ● Employee monitoring agreement |
Non-disclosure agreement |
Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept? ● The system administrator configures remote access privileges and the security officer reviews and activates each account. |
The system administrator configures remote access privileges and the security officer reviews and activates each account. |
Which of the following is not a protection against collusion? ● Principle of least privilege |
Cross-training |
Which of the following is not an element of the termination process? ● Dissolution of the NDA |
Dissolution of the NDA |
When you inform an employee that they are being terminated, what is the most important activity? ● Allow them to collect their personal items |
Disable their network access |
The best way to initiate solid administrative control over an organization's employees is to have what element in place? ● An acceptable use policy |
Distinct job descriptions |
Match the employment process on the left with the task that should occur during each process on the ● Pre-employment |
Conduct role-based training ● Employment Verify an individual's job history ● Pre-employment Show individuals how to protect sensitive information ● Employment Disable a user's account ● Termination Remind individuals of NDA agreements ● Termination Obtain an individual's credit history ● Pre-employment |
A smart phone was lost at the airport. There is no way to recover the device. Which if the following will ensure data confidentiality on the device? ● Remote wipe |
Remote wipe |
Which of the following are not reasons to remote wipe a mobile device? ● The device is stolen or lost. |
The device is inactive for a period of time. |
Which of the following mobile device security considerations disables the ability to use the device after a short ● TPM |
Screen lock |
Most mobile device management (MOM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate. ● Wi-Fi triangulation |
Most accurate ● GPS More accurate ● Wi-Fi triangulation Less accurate ● Cell phone tower triangulation Least accurate ● IP address resolution |
Over the last several years, the use of mobile devices within your organization has increased dramatically. ● Require users to sign an acceptable use policy before allowing them to use mobile devices for work-related tasks. |
Implement a mobile endpoint management (MEM) solution. |
Your organization has recently purchased 20 tablet devices for the Human Resource department to use for training sessions. ☐ Configure a Group Policy object (GPO) containing mobile device-specific security settings. |
☑ Implement storage segmentation. ☑ Enable device encryption |
Match each Interoperability Agreement document on the left with the appropriate description on the right. Each document may be used once, more than once, or not at all. ● BPO |
Specifies exactly which services will be performed by each party ● SLA Creates an agreement with a vendor to provide services on an ongoing basis ● BPO Summarizes which party is responsible for performing specific tasks ● MOU Documents how the networks will be connected ● ISA Defines how disputes will be managed ● SLA Specifies a preset discounted pricing structure ● BPO |
Your organization entered into an Interoperability Agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain. ☐ Negotiate the BP● agreement |
☑ Conduct periodic vulnerability assessments ☑ Verify compliance with the IA documents |
Your organization is in the process of negotiating an Interoperability Agreement (IA) with another organization. As a part of this agreement, the partner organization proposes that a federated trust be established beüveen your domain and their domain. This configuration will allow users In their domain to access resources in your domain and vice versa. ☐ Identify how data will be shared. |
☑ Identify how data will be shared. ☑ Identify how data ownership will be determined. |
Match each third-party integration phase on the left With the tasks that need to be completed during that ● Onboarding |
Communicate vulnerability assessment findings with the other party ● Ongoing operations Disable VPN configurations that allow partner access to your network ● Off-boarding Compare your organization's security policies with the partner's policies ● Onboarding Disable the domain trust relationship between networks ● Off-boarding Identify how privacy will be protected ● Onboarding Draft an ISA ● Onboarding Conduct regular security audits ● Ongoing operations |
Your company is preparing to enter into a panner relationship with another organization. It will be necessary for the information systems used by each organization to connect and integrate with each other. ● Identify how data ownership will be determined |
Ensure that the integration process maintains the security of each organization's network |