Domain 5

Question 1

What is the most important aspect of security awareness/training?

Answer 1

Protecting health and human safety

Question 2

Degaussing is

Answer 2

The process of reducing or eliminating an unwanted magnetic field (or data) stored on tape and disk media

Question 3

Which of the following can be used to map data flows through an organization and the relevant security controls used at each point along the way?

Answer 3

Data life cycle

Question 4

Which of the following is the life cycle of data handling?

Answer 4

Create, store, use, share, archive, destroy

Question 5

What do integrity services, provided by hash functions and digital signatures, allow a recipient to verify?

Answer 5

That a message has not been altered by malice or error

Question 6

What is the purpose of security awareness training?

Answer 6

To align information security goals with the organization’s mission and vision

Question 7

What is the primary purpose of storing passwords as hash values or digests?

Answer 7

To check if a password matches without revealing the password itself

Question 8

What is the role of security engineers in data security?

Answer 8

Security engineers figure out who is trying to log in and assess security codes

Question 9

How long does it take to crack a 10-number password using software with cryptographic calculation?

Answer 9

5 seconds

Question 10

What is something that every security policy should have?

Answer 10

Consequences for non-compliance

Question 11

Whaling attacks are

Answer 11

Phishing attacks that attempt to trick
highly placed officials or private individuals
with sizable assets into authorizing large
fund wire transfers to previously unknown
entities

Question 12

What does the term “whaling attacks” refer to in the context of phishing?

Answer 12

Attacks against highly placed officials or individuals with sizable assets

Question 13

What task is recommended for employees to practice what they’ve learned?

Answer 13

Sending simulated phishing emails

Question 14

What solution is recommended for users who struggle to remember multiple passwords for different systems?

Answer 14

Encourage the use of a recommended password management solution

Question 15

Why is asymmetric encryption considered more secure?

Answer 15

It involves a unique code for the sender and receiver

Question 16

How does hashing respond to minor changes in the input, such as misspellings or changes in letter case?

Answer 16

It generates a different hash digest for each input

Question 17

What is meant by the term rollback?

Answer 17

Restoring the system to its previous state before a change

Question 18

Who is often tasked with coordinating the change management effort?

Answer 18

Information Security professionals

Question 19

What is the first step in the change management process?

Answer 19

Request for Change (RFC)

Question 20

Application Server

Answer 20

A computer responsible for hosting applications to user workstations

Question 21

Asymmetric Encryption

Answer 21

An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext

Question 22

Checksum

Answer 22

A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.

Question 23

Classification

Answer 23

Classification identifies the degree of harm to the organization, its stakeholders or others that might result if an information asset is divulged to an unauthorized person, process or organization. In short, classification is focused first and foremost on maintaining the confidentiality of the data, based on the data sensitivity

Question 24

Configuration management

Answer 24

A process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated

Question 25

Data Loss Prevention (DLP)

Answer 25

System capabilities designed to detect and prevent the unauthorized use and transmission of information.

Question 26

Degaussing

Answer 26

A technique of erasing data on disk or tape (including video tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to reconstruct data

Question 27

Digital Signature

Answer 27

The result of a cryptographic transformation of data which, when properly implemented, provides the services of origin authentication, data integrity, and signer non-repudiation.

Question 28

Egress Monitoring

Answer 28

Monitoring of outgoing network traffic.

Question 29

Hardening

Answer 29

A reference to the process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems, and software, including operating system, web server, application server, application, etc. Hardening is normally performed based on industry guidelines and benchmarks, such as those provided by the Center for Internet Security (CIS)

Question 30

Hash Function

Answer 30

An algorithm that computes a numerical value (called the hash value) on a data file or electronic message that is used to represent that file or message and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message

Question 31

Hashing

Answer 31

The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data.

Question 32

Information Sharing

Answer 32

The requirements for information sharing by an IT system with one or more other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs

Question 33

Ingress Monitoring

Answer 33

Monitoring of incoming network traffic

Question 34

Message Digest

Answer 34

A digital signature that uniquely identifies data and has the property such that changing a single bit in the data will cause a completely different message digest to be generated

Question 35

Operating System

Answer 35

Operating System
The software “master control application” that runs the computer. It is the first program loaded when the computer is turned on, and its main component, the kernel, resides in memory at all times. The operating system sets the standards for all application programs (such as the Web server) that run in the computer. The applications communicate with the operating system for most user interface and file management operations.

Question 36

Patch

Answer 36

A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component

Question 37

Patch Management

Answer 37

The systematic notification, identification, deployment, installation and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs

Question 38

Records Retention

Answer 38

A practice based on the records life cycle, according to which records are retained as long as necessary, and then are destroyed after the appropriate time interval has elapsed.

Question 39

Remanence

Answer 39

Residual information remaining on storage media after clearing

Question 40

Request for change (RFC)

Answer 40

The first stage of change management, wherein a change in procedure or product is sought by a stakeholder

Question 41

Security Governance

Answer 41

The entirety of the policies, roles, and processes the organization uses to make security decisions in an organization.

Question 42

Social engineering

Answer 42

Tactics to infiltrate systems via email, phone, text, or social media, often impersonating a person or agency in authority or offering a gift. A low-tech method would be simply following someone into a secure building

Question 43

Symmetric encryption

Answer 43

An algorithm that uses the same key in both the encryption and the decryption processes

Question 44

Web Server

Answer 44

A computer that provides World Wide Web (WWW) services on the Internet. It includes the hardware, operating system, Web server software, and Web site content (Web pages). If the Web server is used internally and not by the public, it may be known as an “intranet server.”

Question 45

Whaling Attack

Answer 45

Phishing attacks that attempt to trick highly placed officials or private individuals with sizable assets into authorizing large fund wire transfers to previously unknown entities.