1 - Today's Security Professional Flashcards

Explain the following: security concerns associated with different vulnerabilities; concepts and enterprise environments; and know how to compare and contrast different controls

1
Q

Matt is updating the organization’s threat assessment process. What category of control is Matt implementing?

A

Managerial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Jade’s org recently suffered a breach that affected stored credit card data. Jade’s primary concern is the fact that the organization is subject to sanctions for violating the provisions of the Payment Card Industry Data Security Standard. What category of risk is concerning Jade?

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Chris believes that attackers defaced one or more pages on his org’s website. What cybersecurity objective did this attack violate?

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Tonya is searching for a control that would discourage the attacker from attempting to gain access. What type of security control is she seeking to implement?

A

Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Greg would like to ensure that his data loss prevention system protects against transmission of sensitive information by guests on his wireless network. What DLP tech would best meet this goal?

A

Network-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What term best describes data that is being sent between two systems over a network connection?

A

Data in Motion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tina is tuning her org’s intrusion prevention system to prevent false positive alerts. What type of control is Tina implementing?

A

Technical Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Tony believes a compromise of his org’s file server could reveal info that would prevent the company from continuing to do business. What term BEST describes the risk that Tony is considering?

A

Strategic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What term best describes an organization’s desired security state?

A

Control Objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What tech uses mathematical algorithms to render info unreadable to those lacking the required key?

A

Data Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Greg recently discovered a potential gap in his org’s security controls. The org does not use full-disk encryption on laptops. What type of control gap exists in this case?

A

Preventative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What compliance regulation most directly affects the operations of a healthcare provider?

A

HIPPA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Nolan is writing an after-action report on a security breach. The attackers stole thousands of customer records from the org’s database. What cybersecurity principle was the most impacted in this breach?

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the three main objectives InfoSec professionals must achieve to protect their orgs?

A

Confidentiality, Integrity, and Availability (CIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What data protection technique is reversible when conducted properly?

A

Tokenization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What data elements (numbers) are commonly associated with Identity Theft?

A

Social Security Number, Driver’s License Number, and Passport Number

17
Q

What kind of control is a fence/sign around a protected compound?

A

Deterrent

18
Q

What are the three primary goals for cybersecurity attackers?

A

Disclosure, Alteration, and Denial (DAD)

19
Q

Data minimization that is typically used with credit card numbers (usually with asterisks) is called… what?

A

Masking

20
Q

True or False: Compensating controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement.

A

FALSE: PCI DSS compensating controls must go “above and beyond” other PCI DSS requirements