Domain1

Question 1

If its indicate best practices and it is discretionary

Answer 1

guideline

Question 2

the attacker pulled several pieces of generic info to determine a specific sensitive value

Answer 2

Inference attack

Question 3

siphon off minute of money to accumulate large amount of funds

Answer 3

Salami attack

Question 4

the attacker laters or change the contents of database

Answer 4

Data Diddling attack

Question 5

framework is broadly adopted by thread modeling and threat intelligence org and widely used in many software packages and tools

MITRE’s ATTACK
STRIDE
PASTA

Answer 5

MITRE’s ATTACK

Question 6

an individual should have the minimum set of permission to carry out their work

Answer 6

Least Privilege

Question 7

no single person should have the right to perform two distinct task

Answer 7

Separation of Duty

Question 8

notifications posted at each door reminding employees to be careful in allowing people

Answer 8

Directive control

Question 9

Used when controls like lock are not sufficient and people need to put another control like signs,alarms.

Answer 9

Compensating Control

Question 10

__ rely on a preponderance of evidence

Answer 10

Civil case

Question 11

must be proven beyond reasonable doubt

Answer 11

Criminal case

Question 12

How many years?
Patents
Copyright
Trademarks
Trade secret

Answer 12

Patents has shortest duration which is 20years; Copyright last 70years; Trademarks renewable indefintely and trade secret no expiration

Question 13

After risk acceptance strategy what is next?

Answer 13

After risk acceptance strategy

Question 14

Requiring callback authorizations on voice only requests are sample of

Answer 14

social engineering attack

Question 15

BCP training should be done

quarterly
semi annual
annually

Question 16

is a counter terrorism that expand ability of US LAW enforcement to use electronic monitoring with less judicial oversight

Answer 16

USA Patriotic ACT

Question 17

attempts to resolve dispute between two parties such as private individual or corporate entities

Answer 17

Civil investigation

Question 18

Occurs when an individual who otherwise has no intention of commiting a crime is lured in doing so at urge of law enforcement

Answer 18

Entrapment

Question 19

Occurs wen person is already planning to commit a crime is eventually lured into doing it

Answer 19

Enticement

Question 20

defines the technical aspect of a security program including hardware and software and it is mandatory

Answer 20

Standard document

Question 21

Policy should be review every

quarterly
semi annual
annually

Answer 21

Annually

Question 22

Gleaning information in printed documents

Answer 22

Dumpster diving

Question 23

registering a domain like well known domain(GOOOGEL.com) to make a mistake

Answer 23

Typosquating

Question 24

enables company in US to process info of individuals in EU member nation

Answer 24

EU US Privacy Sheild Framwork

Question 25

Usually supplements procedures and present more details on how to perform the procedures and it is mandatory

Answer 25

Standard

Question 26

protects the expression of the idea of the resource

Answer 26

Copyright

Question 27

Risk assessment methodology typically employed by small teams from IT and business areas to conduct risk analysis
and commonly used by private sector

Answer 27

OCTAVE

Question 28

Is used to discover complex failure modes that maybe involved multiple systems or subsystems

Answer 28

Fault tree analysis

Question 29

NIST 800-30 is use to?

Answer 29

to assess risk

Question 30

is a DNS poisoning attack that attempt to modify a DNS cache by providing invalid information to a DNS server

Answer 30

Pharming attack

Question 31

is using image; waterhole targets specific group of users infecting a website they like to visit

Answer 31

Clickjacking

Question 32

Data at rest protection?

RSA
SHA-256
AES 256
D-H

Answer 32

AES256 and Data custodians backing up data or doing maintenance