Chapter 1: Today's Security Professional Flashcards
Matt is updating the organization’s threat assessment process. What category of control is Matt implementing?
A. Operations
B. Technical
C. Corrective
D. Managerial
D. Managerial
Jade’s organization recently suffered a security breach that affected stored credit card data.Jade’s primary concern is the fact that the organization is subject to sanctions for violating the provisions of the Payment Card Industry Data Security Standard. What category of risk is concerning Jade?
A. Strategic
B. Compliance
C. Operational
D. Financial
B. Compliance
Chris is responding to a security incident that compromised one of his organizations web servers. He believes that the attacker defaced one or more pages on the website. What cybersecurity objective did this attack violate.
A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Availability
C. Integrity
Tonya is concerned about the risk that an attacker will attempt to gain access her organizations database server. She is searching for a control that would discourage the attacker from attempting to gain access. What type of security control is she seeking to implement?
A. Preventive
B. Detective
C. Corrective
D. Deterrent
D. Deterrent
Greg is implementing a data loss prevention system. He would like to ensure that it protects against transmission of sensitive information by guests on his wireless network. What DLP technology would best meet this goal?
A. Watermarking
B. Pattern recognition
C. Host-based
D. Network-based
D. Network-based
What term best describes data that is being sent between two systems over a network connection?
A. Data at rest
B. Data in motion
C. Data in processing
D. Data in use
B. Data in motion
Tina is tuning her organizations intrusion prevention system to prevent false positive alerts. What type of control is Tina implementing?
A. Technical control
B. Physical control
C. Managerial control
D. Operational control
A. Technical control
Which one of the following is not a common goal of cybersecurity attacker?
A. Disclosure
B. Denial
C. Alteration
D. Allocation
D. Allocation
Tony is reviewing the status of his organizations defenses against a breach of their file server. He believes that a compromise of the file server could reveal information that would prevent the company from continuing to do business. What term best describes the risk that Tony is considering?
A. Strategic
B. Reputational
C. Financial
D. Operational
A. Strategic
Which one of the following data elements is not commonly associated with identity theft?
A. Social Security number
B. Driver’s license number
C. Frequent flyer number
D. Passport number
C. Frequent flyer number
What term best describes an organization desired security state?
A. Control objectives
B. Security priorities
C. Strategic goals
D. Best practices
A. Control objectives
What technology uses mathematical algorithms to render Information unreadable to those lacking the required key?
A. Data loss prevention
B. Data obfuscation
C. Data minimization
D. Data encryption
D.Data encryption
Greg recently conducted an assessment of his organization’s security controls and discovered a potential gap: the organization does not use full-disk encryption on laptops. What type of control gap exists in this case?
A. Detective
B. Corrective
C. Deterrent
D. Preventive
D. Preventive
What compliance regulation most directly affects the operations of a healthcare provider?
A. HIPPA
B. PCI DSS
C. GLBA
D. SOX
A. HIPAA
Nolan is writing an after action report on a security breach that took place in his organization. The attackers stole thousands of customer records from the organization’s database. What cybersecurity principle was most impacted in this breach?
A. Availability
B. Nonrepudiation
C. Confidentiality
D. Integrity
C. Confidentiality