Domain 5: Security Program Management and Oversight Flashcards
Question 1 of 20
A company decides to conduct a risk assessment only once due to a specific change in its infrastructure. This decision to conduct the risk assessment is not part of its regular risk management process.
What type of risk assessment does this situation describe?
answer
Ad hoc
Recurring
Quantitative
Continuous
Correct Answer:
Ad hoc
Question 2 of 20
BackNext
A cybersecurity team plans to improve the resilience of their organization’s IT infrastructure.
The lead architect suggests implementing continuity of operations planning (COOP) to address potential disruptions and keep critical operations running during unexpected events.
What primary objective BEST describes the purpose of implementing COOP within an organization’s security architecture?
answer
=It ensures continuous critical operations during unexpected disruptions.
=It prevents unauthorized access to sensitive data.
=It provides immediate power backups during electrical outages.
=It monitors network traffic for malicious activities.
Correct Answer:
It ensures continuous critical operations during unexpected disruptions.
Question 3 of 20
Which type of audit is performed by either a consultant or an auditing firm employee?
answer
Financial audit
Internal audit
External audit
Usage audit
Correct Answer:
External audit
Question 4 of 20
As the business continuity manager of a large corporation, you are reviewing the company’s business continuity plan (BCP).
Which of the following elements is NOT typically included in a comprehensive BCP?
answer
=The company’s annual financial statements.
=A list of critical business functions and the resources needed to support them.
=Detailed recovery strategies and procedures.
=Contact information for key personnel and stakeholders.
Correct Answer:
The company’s annual financial statements.
Question 5 of 20
A tech startup has just suffered a data breach where sensitive customer financial data leaked.
The chief executive officer (CEO) has an immediate concern about the tangible penalty the company will face due to violating data protection regulations.
What is the CEO primarily concerned with in this situation?
answer
=Reputational damage
=Privacy policy updates
=Fines
=Security infrastructure overhaul
Correct Answer:
Fines
Question 6 of 20
As a security manager at a financial institution, you are reviewing the company’s access control measures. You have identified potential areas of improvement and are considering four options to enhance access control security.
Which of the following would be the MOST effective method to implement?
answer
=Increase password complexity requirements
=Implement a two-factor authentication
=Implement biometric authentication
=Improve session management
Correct Answer:
Improve session management
Question 7 of 20
The security team at a company is adopting a cybersecurity framework to standardize its security measures across different departments. The team lead wants to ensure that the selected framework encompasses all the critical aspects of cybersecurity.
What should the security team lead ensure the cybersecurity framework covers to provide a comprehensive security posture?
answer
=Threat intelligence and event correlation
=The technical controls and access management
=Procedures for incident response
=Risk assessment, incident response, access control, awareness, and training
Correct Answer:
Risk assessment, incident response, access control, awareness, and training
Question 8 of 20
You are the procurement manager in a large corporation. Your company is in the process of selecting a new software vendor.
One of the vendors in the running is a company where your cousin is a senior executive. Your cousin has shared some insider information about their upcoming product updates that could give them an edge over the competition.
What should you do?
answer
==Share the insider information with the other vendors to level the playing field.
Correct Answer:
=Disclose the relationship and the information received to your supervisor and remove yourself from the decision-making process.
=Keep the information to yourself and continue with the vendor selection process.
=Use the insider information to influence the vendor selection process in favor of your cousin’s company.
Correct Answer:
Disclose the relationship and the information received to your supervisor and remove yourself from the decision-making process.
Question 9 of 20
A board of directors receives a memorandum that two departments in the organization violate federal regulations.
What could the organization receive that would monetarily impact them if sanctioned?
answer
Indemnification
Loss of license
Reputational damage
Fines
Correct Answer:
Fines
Question 10 of 20
Any attack involving human interaction of some kind is referred to as what?
answer
Social engineering
Attacker manipulation
An opportunistic attack
A white hat hacker
Correct Answer:
Social engineering
Question 11 of 20
As a security analyst at a large corporation, you are tasked with reviewing and improving the company’s password security measures.
Currently, the company uses a simple hashing algorithm to store passwords. You are considering four options to enhance password security.
Which of the following would be the MOST effective method to implement?
answer
=Implement password complexity requirements
Correct Answer:
=Implement password salting
=Increase the minimum password length requirement
=Implement a password expiration policy
Correct Answer:
Implement password salting
Question 12 of 20
An organization validates its security controls, processes, and adherence to industry standards and wants an unbiased evaluation to instill confidence among stakeholders.
Which method should it employ for this purpose?
answer
=Compliance assessment
=Audit committee
=Independent third-party audit
=Self-assessment
Correct Answer:
Independent third-party audit
Question 13 of 20
A large technology company has recently experienced a significant system failure due to a cyberattack. The chief information security officer (CISO) is conducting a post-incident review to identify ways to improve the organization’s resilience and recovery capabilities.
The CISO wants to focus on strategies that could have prevented the system downtime or minimized its duration and impact.
From a resilience and recovery standpoint in security architecture and continuity of operations planning (COOP), which of the following strategies would the CISO MOST likely recommend implementing to enhance the organization’s ability to prevent or quickly recover from similar incidents in the future? (Select two.)
answer
Implement a detailed incident response plan
Establish a redundant data center
Invest in a stronger firewall system
Expand the IT team with more developers
Establish strong password policies and standards
Correct Answer:
Implement a detailed incident response plan
Correct Answer:
Establish a redundant data center
Question 14 of 20
You are a software developer working on a new application. During the testing phase, you notice that the application crashes unexpectedly when certain unpredictable events occur, such as loss of network connectivity or invalid user input.
You need to ensure that the application handles these errors gracefully and does not reveal any sensitive information about the system or the code.
Which of the following would be the MOST effective solution to this problem?
answer
=Implement a structured exception handler (SEH).
=Ignore the errors as they are unpredictable and cannot be prevented.
=Use default error handlers provided by the application’s interpreter.
=Use a try-catch block without a catchall handler.
Correct Answer:
Implement a structured exception handler (SEH).
Question 15 of 20
Which of the following does a quantitative risk assessment include? (Select the three best options.)
answer
Key risk indicators (KRIs)
=Annual loss expectancy (ALE)
=Single loss expectancy (SLE)
=Annual rate of occurrence
=Risk register
=Recovery time objective
=Heat map
Correct Answer:
Annual loss expectancy (ALE)
Correct Answer:
Single loss expectancy (SLE)
Correct Answer:
Annual rate of occurrence
Risk register
Question 16 of 20
A company relies on a legacy system for a core business process, but the system’s vendor no longer provides security patches. To manage the risks associated with this system, the company decides to contract a third-party provider to take on this risk.
What strategy is the company using?
answer
Risk acceptance
Risk mitigation
Risk transference
Patch management
Correct Answer:
Risk transference
Question 17 of 20
An organization must hire nonaffiliated experts (consultants) to conduct an assessment. The organization expects the experts to provide a broad evaluation of their overall performance, practices, and capabilities, including specific focus areas, such as strategy, operational efficiency, risk management, cybersecurity, or compliance practices.
Which type of assessment meets the organization’s needs?
answer
Self-assessment
External assessment
Internal audit committee
Internal compliance assessment
Correct Answer:
External assessment
Question 18 of 20
Security governance relies heavily on specially designed and interdependent roles. Each role has unique responsibilities that contribute to effective security oversight and control.
What are some of these roles? (Select three.)
answer
=Technician
=Administrator
=Engineer
=Processor
=Maintenance custodian
=Controller
=Owner
Correct Answer:
=Processor
Correct Answer:
=Controller
Correct Answer:
=Owner
Question 19 of 20
Which of the following is the first step in the Waterfall application development model?
answer
Requirements
Design
Implementation
Maintenance
Correct Answer:
Requirements
Question 20 of 20
You have been promoted to team lead of one of the security operations teams.
Which security team are you now a part of?
answer
Blue
Red
Purple
White
Correct Answer:
White