13.2.5 Practice Questions Flashcards
Question 1.
Correct
An organization recently experienced a security breach due to the actions of an employee who engaged in an activity that posed a risk to the company’s information systems. The employee downloaded unverified software onto the company device, resulting in a malware infection.
Following this incident, the company plans to implement a policy to prevent similar occurrences in the future.
Which of the following policies is MOST suitable for addressing this specific issue?
answer
Change management policy
Disaster recovery policy
Business continuity and continuity of operations plans (COOP)
Acceptable use policy (AUP)
Correct Answer:
Acceptable use policy (AUP)
Question 2.
Incorrect
A company had data for an upcoming project stolen and leaked online. The investigation implies that social engineering is the cause.
Which policy can prevent such an incident from occurring?
answer
Standard operating procedure (SOP)
Fair use
Clean desk
Non-disclosure agreement (NDA)
Correct Answer:
Clean desk
Question 3.
Which policy outlines the processes to follow after a security breach or cyberattack occurs and includes procedures for identifying, investigating, controlling, and mitigating the impact of incidents?
answer
Acceptable use policy (AUP)
Change management policy
Disaster recovery policy
Incident response policy
Correct Answer:
Incident response policy
Question 4.
Incorrect
An organization has hired an HR director to improve the performance of the HR division. The director first noted the lack of an offboarding process for employees or contractors.
What are some IT security areas an offboarding process should focus on? (Select three.)
answer
Physical security
Account management
Incorrect answer:
Personal assets
Clean desk
Asset allocation
Acceptable use
Company assets
Correct Answer:
Physical security
Correct Answer:
Account management
Correct Answer:
Company assets
Question 5.
As the security awareness training manager at your company, you have recently completed a round of training sessions on the company’s security policies.
However, a few weeks later, you notice that some employees are not adhering to the policies, particularly those related to secure email practices.
What should you do?
answer
-Discipline the employees by restricting their access to certain company resources.
-Implement ongoing reinforcement strategies, such as regular reminders, mini-training sessions, and visual aids around the office, to keep the secure email practices fresh in employees’ minds.
-Immediately fire the employees who are not following the secure email practices.
-Ignore the issue, assuming that employees will eventually learn from their mistakes.
Correct Answer:
Implement ongoing reinforcement strategies, such as regular reminders, mini-training sessions, and visual aids around the office, to keep the secure email practices fresh in employees’ minds.
Question 6.
A system administrator implemented encryption across the organization’s IT infrastructure. The infrastructure includes various types of data storage methods.
Which of the following data storage methods can the system administrator encrypt to increase the security of data at rest? (Select three.)
answer
Cloud repository synchronization:
Partition
File
Volume
Website traffic
Remote access
User interface
Correct Answer:
Cloud repository synchronization:
Correct Answer:
Partition
Correct Answer:
File
Question 7.
Incorrect
After a recent breach, an organization mandates increased monitoring of corporate email accounts.
What can the organization use that mediates the copying of tagged data to restrict it to authorized media and services and monitors statistics for policy violations?
answer
Data loss prevention
Simple Network Management Protocol (SNMP) trap
Antivirus (A-V)
Security content automation protocol
Correct Answer:
Data loss prevention
Question 8.
A software technician develops a new procedure to safeguard privacy data and ensure all groups adhere to compliance mandates.
What BEST describes due diligence?
answer
It is an established timeline that requires organizations to keep documentation.
It provides a comprehensive overview of the types of handled data.
It is the comprehensive assessment and evaluation of an organization’s data protection practices.
It requires individuals or entities to formally announce their understanding of compliance obligations.
Correct Answer:
It is the comprehensive assessment and evaluation of an organization’s data protection practices
Question 9.
In a high-security environment, which of the following is the MOST important concern when removable media is no longer needed?
answer
Purging
Reuse
Destruction
Labeling
Correct Answer:
Destruction
Question 10.
Which of the following is a correct interpretation of data sovereignty?
answer
-The physical location of a data center has no bearing on the jurisdiction and laws applicable to the data stored within it.
-A jurisdiction can restrict or prevent processing and storage of data on systems that do not physically reside within that jurisdiction.
-All data is inherently owned by the organization or individual who created it, regardless of where it is stored or processed.
-Data can freely move across borders with no restrictions or regulations.
Correct Answer:
A jurisdiction can restrict or prevent processing and storage of data on systems that do not physically reside within that jurisdiction.