Chapter 1: Today's Security Professional Flashcards

1
Q

Matt is updating the organization’s threat assessment process. What category of control is Matt implementing?

A. Operations
B. Technical
C. Corrective
D. Managerial

A

D. Managerial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Jade’s organization recently suffered a security breach that affected stored credit card data.Jade’s primary concern is the fact that the organization is subject to sanctions for violating the provisions of the Payment Card Industry Data Security Standard. What category of risk is concerning Jade?

A. Strategic
B. Compliance
C. Operational
D. Financial

A

B. Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Chris is responding to a security incident that compromised one of his organizations web servers. He believes that the attacker defaced one or more pages on the website. What cybersecurity objective did this attack violate.

A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability

A

C. Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Tonya is concerned about the risk that an attacker will attempt to gain access her organizations database server. She is searching for a control that would discourage the attacker from attempting to gain access. What type of security control is she seeking to implement?

A. Preventive
B. Detective
C. Corrective
D. Deterrent

A

D. Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmission of sensitive information by guests on his wireless network. What DLP technology would best meet this goal?

A. Watermarking
B. Pattern recognition
C. Host-based
D. Network-based

A

D. Network-based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What term best describes data that is being sent between two systems over a network connection?

A. Data at rest
B. Data in motion
C. Data in processing
D. Data in use

A

B. Data in motion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Tina is tuning her organizations intrusion prevention system to prevent false positive alerts. What type of control is Tina implementing?

A. Technical control
B. Physical control
C. Managerial control
D. Operational control

A

A. Technical control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which one of the following is not a common goal of cybersecurity attacker?

A. Disclosure
B. Denial
C. Alteration
D. Allocation

A

D. Allocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Tony is reviewing the status of his organizations defenses against a breach of their file server. He believes that a compromise of the file server could reveal information that would prevent the company from continuing to do business. What term best describes the risk that Tony is considering?

A. Strategic
B. Reputational
C. Financial
D. Operational

A

A. Strategic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which one of the following data elements is not commonly associated with identity theft?

A. Social Security number
B. Driver’s license number
C. Frequent flyer number
D. Passport number

A

C. Frequent flyer number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What term best describes an organization desired security state?

A. Control objectives
B. Security priorities
C. Strategic goals
D. Best practices

A

A. Control objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What technology uses mathematical algorithms to render Information unreadable to those lacking the required key?

A. Data loss prevention
B. Data obfuscation
C. Data minimization
D. Data encryption

A

D.Data encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Greg recently conducted an assessment of his organization’s security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. What type of control gap exists in this case?

A. Detective
B. Corrective
C. Deterrent
D. Preventive

A

D. Preventive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What compliance regulation most directly affects the operations of a healthcare provider?

A. HIPPA
B. PCI DSS
C. GLBA
D. SOX

A

A. HIPAA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Nolan is writing an after action report on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization’s database. What cybersecurity principle was most impacted in this breach?

A. Availability
B. Nonrepudiation
C. Confidentiality
D. Integrity

A

C. Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which one of the following objectives is not one of the three main objectives that Information security professionals must achieve to protect their organizations against cybersecurity threats?

A. Integrity
B. Nonrepudiation
C. Availability
D. Confidentiality

A

B. Nonrepudiation

17
Q

Which one of the following data protection techniques is reversible when conducted properly?

A. Tokenization
B. Masking
C. Hashing
D. Shredding

A

A. Tokenization

18
Q

Which one of the following statements is not true about compensating controls under PCI DSS?

A. Controls used to fulfill one PCI DSS requirements may be used to compensate for the absence of a control needed to meet another requirement.
B. Controls must meet the intent of the original requirement.
C. Controls must meet the rigor of the original requirement.
D. Compensating controls must provide a similar level of defense as the original requirement

A

C. Controls must meet the rigor of the original requirement.