Domain 1: Security Principles Flashcards
Which region enacted comprehensive legislation addressing personal privacy in 2016?
European Union
What is the purpose of implementing security controls in the risk management process?
To mitigate減輕 the risk to an acceptable level
If a pickpocket is a threat, what would be their attack vector?
Their technique and approach
How do companies that offer identity theft insurance manage their own financial risk?
By calculating premium payments against potential payouts
What term is used to refer to information that, when combined with other pieces of data, significantly narrows缩小 the possibility of association with more individuals?
Personally Identifiable Information (PII)个人身份信息
What potential risk can occur when a remote worker’s laptop is left unattended or unlocked?
Accidental introduction of unauthorized software with malware
In the United States, which act governs the privacy of medical information?
HIPAA
In e-commerce and electronic transactions, what does non-repudiation protect against?
Falsely虛假地 denying transactions
What is an “asset” in the context of risk management terminology?
Something in need of protection
Who is responsible for determining risk tolerance in an organization?
Executive management and board of directors
Executive management and board of directors
Evaluate the likelihood of the event and take appropriate actions to mitigate the risk
Which regulation grants data protection and control to individuals within the EU, regardless of citizenship?
General Data Protection Regulation (GDPR)
What role might security professionals play in risk assessment at a system level?
Assisting in risk assessment at a system level
Security professionals are likely to assist in risk assessment at a system level, focusing on process, control, monitoring, or incident response and recovery activities.
Who is responsible for identifying risks within an organization?
Employees at all levels of the organization
What is an example of a physical control?
Walls, fences, guards, locks
According to the code of ethics, what are information security professionals expected to uphold堅持?
Be honorable, honest, just and responsible within legal conduct
Multifactor authentication involves using two or more instances of different authentication factors.
Which of the following are considered a widely accepted factor for authentication?
Something you have
Something you are
Something you know
Kristal is the security administrator for a large online service provider. Kristal learns that the company is harvesting the personal data of its customers and sharing the data with local governments where the company operates, without the knowledge of the users, to allow the governments to persecute users on the basis of their political and philosophical beliefs.
The published user agreement states that the company will not share personal user data with any entities without the users’ explicit permission.
According to the ISC2 Code of Ethics, to whom does Kristal ultimately owe a duty in this situation?
The users
What is the primary purpose of the ISC2 Code of Ethics?
Ensuring the safety and welfare of society and the common good
While taking the certification exam for this certification, you notice another candidate for the certification cheating.
What should you do?
Report the candidate to ISC2
What type of authentication process is used at the bank with an ATM card?
Two-factor authentication
The use of an ATM card (something you have) and a PIN (something you know) at the bank, providing two different factors of authentication.
What type of cyber attack often targets the availability of data?
Ransomware attacks勒索軟體
Ransomware attacks often target the availability of data by locking up systems and blocking access to vital information and services. Access is typically restored only after a ransom is paid.
What does knowledge-based authentication involve?
Differentiating between authorized and unauthorized users using a passphrase or secret code
passphrase or secret code (e.g., PIN or password)
What is the purpose of using a risk matrix?
To prioritize risks based on likelihood and impact
What measures would a trauma center be most likely to take to ensure zero tolerance for power failure?
Redundancy in emergency power supplies, battery backup, and generators
Which of the following is NOT one of the four typical ways of managing risk?
Conflate 合併
typical ways of managing risk:
Avoidance
Acceptance
Mitigation
Transfer
When a company chooses to ignore a risk and proceed with a risky activity, which treatment is being applied by default?
Acceptance
What is risk tolerance often likened to?
Risk appetite
Siobhan is deciding whether to make a purchase online; the vendor wants Siobhan to create a new user account and is requesting Siobhan’s full name, home address, credit card number, phone number, email address, the ability to send marketing messages to Siobhan, and permission to share this data with other vendors.
Siobhan decides that the item for sale is not worth the value of Siobhan’s personal information, and decides to not make the purchase.
What kind of risk management approach did Siobhan make?
Avoidance
What is done with the result of the risk assessment process?
It is presented as a report or presentation to the management
A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff.
Management/Administrative control
Policies, standards, processes, procedures and guidelines set by corporate administrative entities (e.g., executive- and/or mid-level management) are management/administrative controls.
Software security practitioners seek to maintain the CIA of systems and software based on business needs.
Which aspect of the CIA is focused on guaranteeing that authorized subjects are granted uninterrupted access to objects in a timely fashion?
Availability
What is the correct sequence of the elements in governance, starting from the highest level?
Regulations, standards, policies, procedures
Guillermo is the system administrator for a midsized retail organization. Guillermo has been tasked with writing a document that describes, step-by-step, how to securely install the operating system on a new laptop.
This document is an example of a ________.
Procedure
Lankesh is the security administrator for a small food distribution company. A new law is published by the country in which Lankesh’s company operates; the law conflicts with the company’s policies.
Which governance element should Lankesh’s company follow?
The law
What term is sometimes used interchangeably可交替地 with “incident management”?
What is the purpose of a red book in the context of business continuity?
To serve as a hard copy backup accessible outside the facility , containing outlined procedures in case electronic access is unavailable.
Why are notification systems and call trees important in a business continuity plan?
To alert personnel when the BCP is being enacted實行
What is a key outcome of a Business Impact Analysis (BIA)?
Identification of functions and dependencies
In the United States, what type of networks can be used to maintain essential activity during a severe cyberattack that affects communications?
Military-grade networks
What is the first phase in the components of an incident response plan?
Preparation
The components of the incident response plan are:
Preparation,
Detection & Analysis,
Containment, Eradication根除 & Recovery, and
Post-Incident Activity.
What are the four primary responsibilities of a response team when an incident occurs?
Determining damage, assessing compromise, implementing recovery procedures, and supervising security measures
What is the next step after detection and analysis in the incident response process?
Finding the appropriate containment strategy
What is the key responsibility of the incident response team in the plan?
Assessing and scoping out damage
An external entity has tried to gain access to your organization’s IT environment without proper authorization.
This is an example of a(n) _________.
Intrusion
What is the key characteristic of a Zero Day vulnerability?
It does not fit recognized patterns, signatures, or methods
What is the primary distinction 不同between business continuity planning (BCP) and disaster recovery planning (DRP)?
DRP is about restoring IT, while BCP focuses on business operations
Which of the following is very likely to be used in a disaster recovery (DR) effort?
Data backups
What is the purpose of the Executive Summary in a Disaster Recovery Plan?
To offer a high-level overview of the plan
Who must provide support for business continuity planning efforts?
Executive management or an executive sponsor
Which of these components is very likely to be instrumental to any disaster recovery (DR) effort?
Backups
Why is it necessary to consider not only the server level but also the database and dependencies on other systems in disaster recovery plans for complex systems?
To address the intricate難理解的 dependencies of the systems
You are working in your organization’s security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success.
After a brief investigation, you determine that the user’s account has been compromised.
This is an example of a(n)_________.
Incident detection
Incident detection refers to the identification and recognition of a security incident, such as a compromised user account, within an organization’s network or information systems.
Which of the following is an example of security control?
Firewall
What is the definition of an object in the context of access controls?
An entity that responds to a request for service
Derrick logs on to a system to read a file.
In this example, Derrick is the ______.
Subject
Which of the following is a subject? -
User
What is the strategy that integrates people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of an organization?
Layered Defense
How does privileged access management implement the principle of least privilege?
By granting each user access only to the items they need
Which of the following is an example of a logical access control method?
Biometrics on a smartphone
Limiting access to data on the network would be considered which of the following controls?
Logical or technical controls
What would be considered an administrative control in the context of seat belt usage?
Passing a law requiring seat belt use
What alternative control could be used if biometric locks on multiple doors are not necessary and access does not need to be audited?
Replacing doors with deadbolt locks
Which of these combinations of physical security controls share a single point of failure?
High-illumination lighting 高照度照明and cameras
Both lighting and cameras require power. A power failure will disable both the cameras and the lights.
Which of the following is an example of a physical access control?
Motion detectors
What challenges do small and medium businesses face regarding technical controls in payroll 工資稅systems?
Insufficient personnel for duty separation
What does behavioral biometrics measure?
User actions, such as voiceprints and keystroke dynamics
Which is a physical control that prevents “piggybacking” or “tailgating,” 緊隨when an unauthorized person follows an authorized person into a controlled area?
Turnstile
In what type of environment does role-based access control work well?
High-staff turnover and similar access requirements
What is user provisioning in identity management?
Managing access to resources and information systems
What term is used to describe the situation where someone inherits expanded permissions that are not appropriate for their role in Role-based Access Control (RBAC)?
Privilege creep
What is the key feature of just-in-time privileged access management?
Role-based subsets of privileges
In Mandatory Access Control (MAC), what determines the level of access to certain areas in certain government agencies?
Government policy and security clearance
Who can modify security rules in a system governed by Mandatory Access Control (MAC)?
Trusted subjects designated as security administrators
Duncan and Mira work in the data center at Triffid, Inc. There is a policy in place that requires both to be present in the data center at the same time.
If one has to leave for any reason, the other must step out, too, until they can both re-enter.
This is called ________.
Two-person integrity
Why is Discretionary Access Control (DAC) not considered very scalable?
It relies on the discretion of individual object owners
What is the two-person rule in the context of security strategy?
Two people must be in an area together
Why is it recommended to disable accounts for a period before deletion when an employee leaves the company?
To preserve the integrity of audit trails or files
Lakshmi presents a user ID and a password to a system to log on.
Which of the following characteristics must the password have?
Confidential
Which of the following is an example of a monitoring tool?
Cameras
Which of the following is the responsibility of systems administrators who use privileged accounts?
Operating systems and applications
Systems administrators with privileged accounts have the principal responsibilities for operating systems, application deployment, and performance management.