final exam

Question 1

Which of the following concepts should be the most important consideration when determining how to budget properly for security controls?

Answer 1

Risk likelihood and impact

Question 2

What type of control assists and mitigates the risk an existing control is unable to mitigate?

Answer 2

Compensating control

Question 3

Jane’s company spends thousands of dollars a month managing user accounts inhouse. Jane wants to save money by hiring a cloud-based user account management provider. This is an example of risk _______.

Answer 3

transference

Question 4

For which of the following should employees receive training to establish how they are to treat information of differing sensitivity levels?

Answer 4

Information classification

Question 5

The ISO 27701 is an extension to the ISO 27001 standard that specifically deals with ____.

Answer 5

privacy management

Question 6

Which of the following processes uses auditing to ensure that users are traced to and held responsible for their actions?

Answer 6

Accountability

Question 7

Which of the following statements best defines the recovery point objective (RPO)?

Answer 7

The RPO is the maximum allowable amount of data (measured in terms of time) that the organization can afford to lose during a disaster or an incident.

Question 8

If a person knows a control exists, and this control keeps him or her from performing a malicious act, what type of control would this be classified as?

Answer 8

Deterrent control

Question 9

Your company’s t-shirt printer went down … again. The tech whose job it is to keep the printer running tells you that it’s going to take her about 30 minutes to repair the printer. This 30-minute period is best represented by which of the following answers?

Answer 9

MTTR

Question 10

What type of organizations are the main users of an interconnection service agreement (ISA)?

Answer 10

Telecommunication companies

Question 11

If a person does not know a control exists, and this control keeps her from performing a malicious act, what type of control would this be classified as?

Answer 11

Preventative control

Question 12

For which of the following should employees receive training to establish how to handle end-of-life and unnecessary data?

Answer 12

Data disposal

Question 13

Which of the following terms indicates the amount of time it takes for a hardware component to recover from failure?

Answer 13

Mean time to recovery

Question 14

Which of the following is the most common public-private key generation algorithm used in public key cryptography?

Answer 14

RSA

Question 15

Which of the following is a protocol used to obtain the status of digital certificates in public keys?

Answer 15

OCSP

Question 16

Which of the following is normally required to convert and read coded messages?

Answer 16

Codebook

Question 17

Which of the following methods of strengthening weak keys involves taking a weak initial key and feeding it to an algorithm that produces an enhanced key, which is much stronger?

Answer 17

key stretching

Question 18

All of the following are characteristics of hashing, except:

Answer 18

Hashes are decrypted using the same algorithm and key that encrypted them

Question 19

Which of the following algorithms was one of the five finalists for the U.S. government–sponsored competition to become the Advanced Encryption Standard (AES) competition, but did not win?

Answer 19

Twofish

Question 20

Before information is converted to an unreadable state using cryptography, in what form is the information?

Answer 20

Plaintext