Domain 1 Flashcards
Dorian automatically backed up a smart phone nightly to the cloud. Does this represent safety confidential Aliti integrity or availability
Availability
Aisha just received an International information system security certification consortium certification. Her primary service as per the code of ethics is to:
Shareholders
Management
Users
Humanity
Humanity
Ian‘s private data has been attacked and leaked onto the Internet. Which of the following is not his personally identifiable information?
Password
Facial photo
Media access control MAC address
Internet protocol address (ip)
Password
Someone who completes all the backups for their cloud subscribers. What is the role at their company?
Data owner
Data subject
Data custodian
Data professor
Data custodian
Her user has lost their login and password for a sass solution that was set up a 1999. The system is so old The user no longer has the email account to recover the password the company‘s policy is to not provide credentials via tech-support what is the next step?
Scour the darn web for the credentials
Recovers the login details from 1999 backups
Continue emailing tech support
Give up
Scour the dark web for the Credentials
When you discover that two employees you work with colluded and a harm to contractor how should you report this ethics violation to ISC
In a typed or hand written letter
Installing firewalls to protect users from outside attacks is a good example of what
Due care
What is recommended to follow only?
Policies, procedures, standards are guidelines
Guidelines
Wait is required to rebuild the organization and build an IT help test infrastructure for customer support. Which framework and standards and help him best facilitate this
The IT infrastructure library ITIL
Montrie Is required to stray card verification value codes after transactions have been completed. She is complying with which standard
The Payment card industry data security standard PCI – DSS
David is reviewing frameworks that would help him with the types of controls that should be in place to secures organization. What standard should he use?
ISO 27002
This focuses on security controls being put in place
Nina a forensic accountant suspects fried within the organization and implemented separation of duties to medicate the issues. Later investigation shows a fraud has appeared to continue. What is most likely occurring
Collusion
Do you know a forensic accountant suspects far within the organization implemented Separation of duties to medicate issues. Later investigation shows Fred has appeared to continue what is her next best step
Implement job rotation
What represents the indirect costs, direct cost, replacement cost and upgrade cost for the entire life cycle of a asset
TCO
Total cost of ownership
Negligence uses a reasonable person standard in cyber security measures showing necessary do you care when working with PII. this is known as
Prudent person principal
This is a standard of care that a reasonably prudent person would follow in certain situation
What should be combined with a PIN To recover detail records of a loan agreement
Common access card (CAC)
This is the best authentication type to go find some thing that you know authentication with. Since your password, mothers maiden name and birthday or or something you know these combine with a pen with simply be single factor authentication
Randy is an engineering manager who hires Perseus senior engineer to manage the corporation account in Cleveland. But also a senior in engineer here’s complaints from customers and report them to Randy’s of Percy. What is Randy’s best next step
Follow corporate policies on staff management
Ya a is selling Covid 19 masks online to the EU. Which regulation is the most important for her to consider
GFPR
General data protection regulation
Which fender neutral certification helps validate at the club provider has good security quality assurance
CSA Star
cloud security allowance security trust assurance and risk
Credit card information was stolen, and the victim believes that the owner should go to prison what is most likely to occur
The PCI – DSS is a contractual agreement between the store owner and the credit card provider. At worse the owner will lose the right to except credit cards
What would be used when IT services are outsourced
SLA
SLAs are used to monitor the effectiveness of the service provider
Tara’s computer started performing very slowly, and then a pop-up blocker computer I notified her that unless she paid $300 she would never have access to date again. What type of attack is this
Ransomware 
Alexis is a security engineer my secure network from the outside attackers
Implement security harden standards which would include disabling telling an FTP services, installing the latest cutie patches and updates are moving default login passwords.
Koopa security manager practices decrypting secure documents. He is plain text of some of the files and needs to keep the rest. What a tech should he use
Known plaintext attack
Which is not a directive control type?
A Privacy policy, terms of services, guard dog or beware of guard dog
Guard dog
David  Has purchased tablets for the staff for $2000 each. Insurance will cover 50% of their loss stolen or damaged. On an average here five laptops or less dollar damage. What would be the annualize lost expectancy calculation
5000
Zulian has spent weeks collecting pricing performance and turning data to conduct her risk assessment meetings now that she has all the data, Our team will perform which type of risk analysis
Quantitative
Zhenjiang advises on security matters, helps drafts security policies and sits on the config management board. What is his role
Security director
DMCA
a
Digital millennium copyright act
This is used if there is copyrighted material and it is not removed
EAC
Email account compromise
This happens when attack or use this phishing, spearphishing, wailing, password attacks, malware and so on to compromise a sea level executive email account for the purpose of tricking targets to send sons
A systems administrator notices that Spam and phishing attacks are increasing what’s the next best step
Implement training on spam and phishing attacks
What represents an acceptable amount of data loss measured in time
RPO and backup should be taken for the amount of time that the RPO set
Individuals from all departments of the organization meet to prioritize risk space on impact, likelihood, and exposure what process is this
Business impact analysis
What is a non-technical method to engage a victim and gather information to help exploit An attack
Social engineering
What is the formula used to calculate risk
Risk = threat * vulnerability
Kyung has been assigned to find recovery size result the deer planning meeting. Her job is to find sites with heating cooling electricity Internet access and power. The site will require no computers. Whatever recovery site is this
Cold
Mr. Billings is the chief security officer of the organization in this designing a policy that includes fences secured parking security policies farewells account management and patch management. This is example of what strategy
Defense in depth
Form sites are which type of control functionality
Recovery
What type of laws are invoked when a person violates government laws
Criminal laws
Gail and his team have developed the perfect advertising algorithm so that when users search on his website it leads them in exactly to the information they need to reach. What is his best approach to us during the secrecy of his algorithm
Copyright
Mr. billing uses the Linux operating system in for the copies and gives it to his friends. He is allowed to do this because of which of the following licenses
End user license agreement
EULA
The area of the United States copyright law that makes it crime to copy and distribute Stolen software is called
DCMA
A document that has step-by-step instructions
Procedures
What is not used to calculate the total cost of ownership
Cost to replace the item
TCO uses
Support costs , maintenance costs and assets cost

When calculating TCO what won’t be used?
Support costs
Cost to replace unit
Cost maintenance
Asset cost
Cost to replace unit
When figuring out the percentage of risk and org would suffer if an asset is compromised, what signifies the aspect of risk?
Safeguards
Vulnerabilities
Exposure factor
Vulnerabilities
Security management is Developing and updating policies for staff and vendors in security are considered which of the following ?
Management
Operational
Technical
Logical
Management
True or false
Procedures are the same as written directives
True
True or false
Strategic documents would be considered policies
True
True or false
Guidelines contain step by step instructions that must be followed
False
True or false
Standards can define KPIs
True
A project engineer puts together a project, and she adds security according to the lifecycle. What is the life cycle
Planning Requirements Design Develop Test Production Disposal
Which is not a PCI-DSS requirement
Configure switch settings
Maintain firewall
Encrypt transmission of cc data
Use anti virus software
Configure switch settings
If an employee signed a REP(reasonable expectation of privacy agreement) but her boss has been reading her emails and listening to calls, what step should the employee take next?
Nothing, she waived her rights to phone privacy while at work
An employee doesn’t want to loose their job if their employer finds out they have cancer. They don’t want what to leak?
PHI
HIPAA
HHS
HITECH
PHI
Boris is working to complete a design project. He decides to hire a contractor to help complete the project on time. What type of risk response is he using?
Acceptance
What is critical for proper IR?
Having an IRP
Quests is preparing a DR exercise and emails emergency task lists tot eh DR teams for review. What type of exercises?
Checklist
Quests is a space Flight Lieutenant putting together classifications for her computer system which of the following sensitivity system so she follow
Top-secret, secret, confidential, unclassified
This is because she is in the military
Andre provided his phone number, email address, and home address to the delivery place so they can deliver the groceries, he is considered what?
Data owner
Data custodian
Data subject
Data auditor 
Data subject
Venus needs an administrative co tell to enhance the confidentiality of data, what should she implement?
NDA
Juan plans to perform testing on his website and generate random input to see if it is vulnerable to what type of attack?
Fuzzing
Dos
Malware
Input validation
Fuzzing
Fuzz Testing applications low tons of random and put in the fields.
Stan wishes to set up more secure authentication for Caesars which of the following is not best for authentication
Retinal scan, username, Palm V scan, or CAC
User name
What is not part of an SLA
Financial credit for downtime, office services, coverage service, service level objects
Alpha services
Noncompete agreements are generally unenforceable because
Courts value as citizens right to earn a reasonable income
Which is best represented as the product of a threat and vulnerability?
Risk
What represents the product of the assets value and exposure factor!?
Single loss expectancy (SLE)
And organization is initiating the qualitative risk analysis process which is not part of the process
Cost versus benefit analysis
Qualitative research depends more on rankings in judgment rather than numbers
What is the number one source of cyber fatigue
Password management
