1 - Today's Security Professional

Question 1

Matt is updating the organization’s threat assessment process. What category of control is Matt implementing?

Answer 1

Managerial

Question 2

Jade’s org recently suffered a breach that affected stored credit card data. Jade’s primary concern is the fact that the organization is subject to sanctions for violating the provisions of the Payment Card Industry Data Security Standard. What category of risk is concerning Jade?

Answer 2

Compliance

Question 3

Chris believes that attackers defaced one or more pages on his org’s website. What cybersecurity objective did this attack violate?

Answer 3

Integrity

Question 4

Tonya is searching for a control that would discourage the attacker from attempting to gain access. What type of security control is she seeking to implement?

Answer 4

Deterrent

Question 5

Greg would like to ensure that his data loss prevention system protects against transmission of sensitive information by guests on his wireless network. What DLP tech would best meet this goal?

Answer 5

Network-based

Question 6

What term best describes data that is being sent between two systems over a network connection?

Answer 6

Data in Motion

Question 7

Tina is tuning her org’s intrusion prevention system to prevent false positive alerts. What type of control is Tina implementing?

Answer 7

Technical Control

Question 8

Tony believes a compromise of his org’s file server could reveal info that would prevent the company from continuing to do business. What term BEST describes the risk that Tony is considering?

Answer 8

Strategic

Question 9

What term best describes an organization’s desired security state?

Answer 9

Control Objectives

Question 10

What tech uses mathematical algorithms to render info unreadable to those lacking the required key?

Answer 10

Data Encryption

Question 11

Greg recently discovered a potential gap in his org’s security controls. The org does not use full-disk encryption on laptops. What type of control gap exists in this case?

Answer 11

Preventative

Question 12

What compliance regulation most directly affects the operations of a healthcare provider?

Answer 12

HIPPA

Question 13

Nolan is writing an after-action report on a security breach. The attackers stole thousands of customer records from the org’s database. What cybersecurity principle was the most impacted in this breach?

Answer 13

Confidentiality

Question 14

What are the three main objectives InfoSec professionals must achieve to protect their orgs?

Answer 14

Confidentiality, Integrity, and Availability (CIA)

Question 15

What data protection technique is reversible when conducted properly?

Answer 15

Tokenization

Question 16

What data elements (numbers) are commonly associated with Identity Theft?

Answer 16

Social Security Number, Driver’s License Number, and Passport Number

Question 17

What kind of control is a fence/sign around a protected compound?

Answer 17

Deterrent

Question 18

What are the three primary goals for cybersecurity attackers?

Answer 18

Disclosure, Alteration, and Denial (DAD)

Question 19

Data minimization that is typically used with credit card numbers (usually with asterisks) is called… what?

Answer 19

Masking

Question 20

True or False: Compensating controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement.

Answer 20

FALSE: PCI DSS compensating controls must go “above and beyond” other PCI DSS requirements