ISACA Cybersecurity Fundamentals practice quiz

Question 1

Who has the greatest influence over access security in a password authentication environment?
A. System administrators
B. Business executives
C. Users
D. Security managers

Answer 1

C. Users

Question 2

Which of the following interpret requirements and apply them to specific situations?
A. Policies
B. Standards
C. Guidelines
D. Procedures

Answer 2

B. Standards

Question 3

Business continuity plans (BCPs) associated with organizational information systems should be developed primarily on the basis of:
A. Available resources
B. Levels of effort
C. Projected costs
D. Business needs

Answer 3

D. Business needs

Question 4

A segmented network:
A. Offers defense in depth superior to a concentric-layers model
B. Consists of two or more security zones
C. Maximizes the delay experienced by an attacker
D. Delivers superior performance for internal applications

Answer 4

B. Consists of two or more security zones

Question 5

Which cybersecurity principle is most important when attempting to trace the source of malicious activity?
A. Availability
B. Integrity
C. Nonrepudiation
D. Confidentiality

Answer 5

C. Nonrepudiation

Question 6

Which of the following offers the strongest protection for wireless network traffic?
A. Wireless Protected Access 2 (WPA2)
B. Wireless Protected Access-Advanced Encryption Standard (WPA-AES)
C. Wired Equivalent Protection 128-bit (WEP-128)
D. Wireless Protected Access-Temporary Key Integrity Protocol (WPA-TKIP)

Answer 6

A. Wireless Protected Access 2 (WPA2)

Question 7

Outsourcing poses the greatest risk to an organization when it involves:
A. Business support services
B. Technology infrastructure
C. Cybersecurity capabilities
D. Core business functions

Answer 7

D. Core business functions

Question 8

Risk assessments should be performed:
A. At the start of a program
B. On a regular basis
C. When an asset changes
D. When a vulnerability is discovered

Answer 8

B. On a regular basis

Question 9

Maintaining a high degree of confidence regarding the integrity of evidence requires a(n):
A. Power of attorney
B. Sworn statement
C. Chain of custody
D. Affidavit

Answer 9

C. Chain of custody

Question 10

A firewall that tracks open connection-oriented protocol sessions is said to be:
A. State-sponsored
B. Stateless
C. Stateful
D. Stated

Answer 10

C. Stateful

Question 11

During which phase of the system development lifecycle (SDLC) should security first be considered?
A. Planning
B. Analysis
C. Design
D. Implementation

Answer 11

A. Planning

Question 12

A cybersecurity architecture designed around the concept of a perimeter is said to be:
A. Data-centric
B. User-centric
C. Integrated
D. System-centric

Answer 12

D. System-centric

Question 13

A passive network hub operates at which layer of the OSI model?
A. Data Link
B. Physical
C. Network
D. Transport

Answer 13

B. Physical

Question 14

Updates in cloud-computing environments can be rolled out quickly because the environment is:
A. Homogeneous
B. Distributed
C. Diversified
D. Secure

Answer 14

A. Homogeneous

Question 15

During which phase of the six-phase incident response model is the root cause determined?
A. Recovery
B. Identification
C. Containment
D. Eradication

Answer 15

D. Eradication

Question 16

The attack mechanism directed against a system is commonly called a(n):
A. Exploit
B. Vulnerability
C. Payload
D. Attack Vector

Answer 16

C. Payload

Question 17

Where should an organization’s network terminate virtual private network (VPN) tunnels?
A. At an interior router, to reduce network traffic congestion
B. At a dedicated “honey pot” system in the demilitarized zone (DMZ)
C. At the destination system, to prevent loss of confidentiality
D. At the perimeter, to allow for effective internal monitoring

Answer 17

D. At the perimeter, to allow for effective internal monitoring

Question 18

In practical applications:
A. Symmetric key encryption is used to securely distribute asymmetric keys
B. Asymmetric key encryption is used to securely obtain symmetric keys
C. Symmetric key encryption is used only for short messages, such as digital signatures
D. Asymmetric key encryption is used in cases where speed is important

Answer 18

B. Asymmetric key encryption is used to securely obtain symmetric keys

Question 19

Which two factors are used to calculate the likelihood of an event?
A. Threat and vulnerability
B. Vulnerability and asset value
C. Asset count and asset value
D. Threat and asset count

Answer 19

A. Threat and vulnerability

Question 20

What kind of anti-malware program evaluates system processes based on their observed behaviors?
A. Heuristic
B. Signature-based
C. Stateful
D. Polymorphic

Answer 20

A. Heuristic

Question 21

A business continuity plan (BCP) is not complete unless it includes:
A. Dedicated resources
B. Detailed procedures
C. Network diagrams
D. Critical processes

Answer 21

B. Detailed procedures

Question 22

Under the US-CERT model for incident categorization, a CAT-3 incident refers to which of the following?
A. Improper usage
B. Investigation
C. Denial of service (DoS)
D. Malicious code

Answer 22

D. Malicious code

Question 23

An interoperability error is what type of vulnerability?
A. Technical
B. Process
C. Emergent
D. Organizational

Answer 23

C. Emergent

Question 24

Securing Supervisory Control and Data Acquisition (SCADA) systems can be challenging because they:
A. Operate in specialized environments and often have non-standard design elements
B. Are subject to specialized requirements established for national security systems
C. Support critical infrastructure processes for which any risk of compromise is unacceptable
D. Cannot be replaced due to aging infrastructure and the complexity of included components

Answer 24

A. Operate in specialized environments and often have non-standard design elements

Question 25

Virtual systems should be managed using a dedicated virtual local area network (VLAN) because:
A. Network topologies do not always properly identify the locations of virtual servers
B. VLAN encryption provides a double layer of protection for virtual system data
C. Insecure protocols could result in a compromise of privileged user credentials
D. Segregation of management traffic and use traffic dramatically improves performance

Answer 25

C. Insecure protocols could result in a compromise of privileged user credentials