Domain 1

Question 1

Dorian automatically backed up a smart phone nightly to the cloud. Does this represent safety confidential Aliti integrity or availability

Answer 1

Availability

Question 2

Aisha just received an International information system security certification consortium certification. Her primary service as per the code of ethics is to:

Shareholders
Management
Users
Humanity

Answer 2

Humanity

Question 3

Ian‘s private data has been attacked and leaked onto the Internet. Which of the following is not his personally identifiable information?

Password
Facial photo
Media access control MAC address
Internet protocol address (ip)

Answer 3

Password

Question 4

Someone who completes all the backups for their cloud subscribers. What is the role at their company?

Data owner
Data subject
Data custodian
Data professor

Answer 4

Data custodian

Question 5

Her user has lost their login and password for a sass solution that was set up a 1999. The system is so old The user no longer has the email account to recover the password the company‘s policy is to not provide credentials via tech-support what is the next step?

Scour the darn web for the credentials
Recovers the login details from 1999 backups
Continue emailing tech support
Give up

Answer 5

Scour the dark web for the Credentials

Question 6

When you discover that two employees you work with colluded and a harm to contractor how should you report this ethics violation to ISC

Answer 6

In a typed or hand written letter

Question 7

Installing firewalls to protect users from outside attacks is a good example of what

Answer 7

Due care

Question 8

What is recommended to follow only?

Policies, procedures, standards are guidelines

Answer 8

Guidelines

Question 9

Wait is required to rebuild the organization and build an IT help test infrastructure for customer support. Which framework and standards and help him best facilitate this

Answer 9

The IT infrastructure library ITIL

Question 10

Montrie Is required to stray card verification value codes after transactions have been completed. She is complying with which standard

Answer 10

The Payment card industry data security standard PCI – DSS

Question 11

David is reviewing frameworks that would help him with the types of controls that should be in place to secures organization. What standard should he use?

Answer 11

ISO 27002

This focuses on security controls being put in place

Question 12

Nina a forensic accountant suspects fried within the organization and implemented separation of duties to medicate the issues. Later investigation shows a fraud has appeared to continue. What is most likely occurring

Answer 12

Collusion

Question 13

Do you know a forensic accountant suspects far within the organization implemented Separation of duties to medicate issues. Later investigation shows Fred has appeared to continue what is her next best step

Answer 13

Implement job rotation

Question 14

What represents the indirect costs, direct cost, replacement cost and upgrade cost for the entire life cycle of a asset

Answer 14

TCO

Total cost of ownership

Question 15

Negligence uses a reasonable person standard in cyber security measures showing necessary do you care when working with PII. this is known as

Answer 15

Prudent person principal

This is a standard of care that a reasonably prudent person would follow in certain situation

Question 16

What should be combined with a PIN To recover detail records of a loan agreement

Answer 16

Common access card (CAC)

This is the best authentication type to go find some thing that you know authentication with. Since your password, mothers maiden name and birthday or or something you know these combine with a pen with simply be single factor authentication

Question 17

Randy is an engineering manager who hires Perseus senior engineer to manage the corporation account in Cleveland. But also a senior in engineer here’s complaints from customers and report them to Randy’s of Percy. What is Randy’s best next step

Answer 17

Follow corporate policies on staff management

Question 18

Ya a is selling Covid 19 masks online to the EU. Which regulation is the most important for her to consider

Answer 18

GFPR

General data protection regulation

Question 19

Which fender neutral certification helps validate at the club provider has good security quality assurance

Answer 19

CSA Star

cloud security allowance security trust assurance and risk

Question 20

Credit card information was stolen, and the victim believes that the owner should go to prison what is most likely to occur

Answer 20

The PCI – DSS is a contractual agreement between the store owner and the credit card provider. At worse the owner will lose the right to except credit cards

Question 21

What would be used when IT services are outsourced

Answer 21

SLA

SLAs are used to monitor the effectiveness of the service provider

Question 22

Tara’s computer started performing very slowly, and then a pop-up blocker computer I notified her that unless she paid $300 she would never have access to date again. What type of attack is this

Answer 22

Ransomware 

Question 23

Alexis is a security engineer my secure network from the outside attackers

Answer 23

Implement security harden standards which would include disabling telling an FTP services, installing the latest cutie patches and updates are moving default login passwords.

Question 24

Koopa security manager practices decrypting secure documents. He is plain text of some of the files and needs to keep the rest. What a tech should he use

Answer 24

Known plaintext attack

Question 25

Which is not a directive control type?

A Privacy policy, terms of services, guard dog or beware of guard dog

Answer 25

Guard dog

Question 26

David  Has purchased tablets for the staff for $2000 each. Insurance will cover 50% of their loss stolen or damaged. On an average here five laptops or less dollar damage. What would be the annualize lost expectancy calculation

Answer 26

5000

Question 27

Zulian has spent weeks collecting pricing performance and turning data to conduct her risk assessment meetings now that she has all the data, Our team will perform which type of risk analysis

Answer 27

Quantitative

Question 28

Zhenjiang advises on security matters, helps drafts security policies and sits on the config management board. What is his role

Answer 28

Security director

Question 29

DMCA

Answer 29

a
Digital millennium copyright act

This is used if there is copyrighted material and it is not removed

Question 30

EAC

Answer 30

Email account compromise

This happens when attack or use this phishing, spearphishing, wailing, password attacks, malware and so on to compromise a sea level executive email account for the purpose of tricking targets to send sons

Question 31

A systems administrator notices that Spam and phishing attacks are increasing what’s the next best step

Answer 31

Implement training on spam and phishing attacks

Question 32

What represents an acceptable amount of data loss measured in time

Answer 32

RPO and backup should be taken for the amount of time that the RPO set

Question 33

Individuals from all departments of the organization meet to prioritize risk space on impact, likelihood, and exposure what process is this

Answer 33

Business impact analysis

Question 34

What is a non-technical method to engage a victim and gather information to help exploit An attack

Answer 34

Social engineering

Question 35

What is the formula used to calculate risk

Answer 35

Risk = threat * vulnerability

Question 36

Kyung has been assigned to find recovery size result the deer planning meeting. Her job is to find sites with heating cooling electricity Internet access and power. The site will require no computers. Whatever recovery site is this

Answer 36

Cold

Question 37

Mr. Billings is the chief security officer of the organization in this designing a policy that includes fences secured parking security policies farewells account management and patch management. This is example of what strategy

Answer 37

Defense in depth

Question 38

Form sites are which type of control functionality

Answer 38

Recovery

Question 39

What type of laws are invoked when a person violates government laws

Answer 39

Criminal laws

Question 40

Gail and his team have developed the perfect advertising algorithm so that when users search on his website it leads them in exactly to the information they need to reach. What is his best approach to us during the secrecy of his algorithm

Answer 40

Copyright

Question 41

Mr. billing uses the Linux operating system in for the copies and gives it to his friends. He is allowed to do this because of which of the following licenses

Answer 41

End user license agreement

EULA

Question 42

The area of the United States copyright law that makes it crime to copy and distribute Stolen software is called

Answer 42

DCMA

Question 43

A document that has step-by-step instructions

Answer 43

Procedures

Question 44

What is not used to calculate the total cost of ownership

Answer 44

Cost to replace the item

TCO uses
Support costs , maintenance costs and assets cost

Question 45



Question 46

When calculating TCO what won’t be used?

Support costs
Cost to replace unit
Cost maintenance
Asset cost

Answer 46

Cost to replace unit

Question 47

When figuring out the percentage of risk and org would suffer if an asset is compromised, what signifies the aspect of risk?

Safeguards
Vulnerabilities
Exposure factor

Answer 47

Vulnerabilities

Question 48

Security management is Developing and updating policies for staff and vendors in security are considered which of the following ?

Management
Operational
Technical
Logical

Answer 48

Management

Question 49

True or false

Procedures are the same as written directives

Answer 49

True

Question 50

True or false

Strategic documents would be considered policies

Answer 50

True

Question 51

True or false

Guidelines contain step by step instructions that must be followed

Answer 51

False

Question 52

True or false

Standards can define KPIs

Answer 52

True

Question 53

A project engineer puts together a project, and she adds security according to the lifecycle. What is the life cycle

Answer 53

Planning 
Requirements 
Design 
Develop
Test
Production 
Disposal

Question 54

Which is not a PCI-DSS requirement

Configure switch settings
Maintain firewall
Encrypt transmission of cc data
Use anti virus software

Answer 54

Configure switch settings

Question 55

If an employee signed a REP(reasonable expectation of privacy agreement) but her boss has been reading her emails and listening to calls, what step should the employee take next?

Answer 55

Nothing, she waived her rights to phone privacy while at work

Question 56

An employee doesn’t want to loose their job if their employer finds out they have cancer. They don’t want what to leak?

PHI
HIPAA
HHS
HITECH

Answer 56

PHI

Question 57

Boris is working to complete a design project. He decides to hire a contractor to help complete the project on time. What type of risk response is he using?

Answer 57

Acceptance

Question 58

What is critical for proper IR?

Answer 58

Having an IRP

Question 59

Quests is preparing a DR exercise and emails emergency task lists tot eh DR teams for review. What type of exercises?

Answer 59

Checklist

Question 60

Quests is a space Flight Lieutenant putting together classifications for her computer system which of the following sensitivity system so she follow

Answer 60

Top-secret, secret, confidential, unclassified

This is because she is in the military

Question 61

Andre provided his phone number, email address, and home address to the delivery place so they can deliver the groceries, he is considered what?

Data owner
Data custodian
Data subject
Data auditor 

Answer 61

Data subject

Question 62

Venus needs an administrative co tell to enhance the confidentiality of data, what should she implement?

Answer 62

NDA

Question 63

Juan plans to perform testing on his website and generate random input to see if it is vulnerable to what type of attack?

Fuzzing
Dos
Malware
Input validation

Answer 63

Fuzzing

Fuzz Testing applications low tons of random and put in the fields.

Question 64

Stan wishes to set up more secure authentication for Caesars which of the following is not best for authentication

Retinal scan, username, Palm V scan, or CAC

Answer 64

User name

Question 65

What is not part of an SLA

Financial credit for downtime, office services, coverage service, service level objects

Answer 65

Alpha services

Question 66

Noncompete agreements are generally unenforceable because

Answer 66

Courts value as citizens right to earn a reasonable income

Question 67

Which is best represented as the product of a threat and vulnerability?

Answer 67

Risk

Question 68

What represents the product of the assets value and exposure factor!?

Answer 68

Single loss expectancy (SLE)

Question 69

And organization is initiating the qualitative risk analysis process which is not part of the process

Answer 69

Cost versus benefit analysis

Qualitative research depends more on rankings in judgment rather than numbers

Question 70

What is the number one source of cyber fatigue

Answer 70

Password management