Module 1-02 Challenge Flashcards
Security posture refers to an organization’s ability to react to _____ and manage its defense of critical assets and data.
- competition
- tasks
- sustainability
- change
change
Which of the following examples are key focus areas of the security and risk management domain? Select all that apply.
- Define security goals and objectives
- Follow legal regulations
- Maintain business continuity
- Conduct control testing
- Mitigate risk
- Be in compliance
- Define security goals and objectives
- Follow legal regulations
- Maintain business continuity
- Mitigate risk
- Be in compliance
What is the goal of business continuity?
- Remove access to assets
- Maintain everyday productivity
- Destroy publicly available data
- Reduce personnel
Maintain everyday productivity
What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?
Secure coding
Remote services
Employee retention
Shared responsibility
Shared responsibility
A security analyst researches ways to improve access and authorization at their business. Their primary goal is to keep data secure. Which security domain does this scenario describe?
Asset security
Communication and network security
Security assessment and testing
Identity and access management
Identity and access management
A security analyst is asked to conduct a security audit to identify vulnerabilities. Which security domain is this task related to?
- Security architecture and engineering
- Security assessment and testing
- Software development security
- Communication and network security
Security assessment and testing
When working in the software development security domain, security team members can use each phase of the software development _____ to conduct security reviews and ensure that security can be fully integrated into software products.
- handling
- lifecycle
- sequencing
- operations
lifecycle
Which of the following statements accurately describe risk? Select all that apply.
- If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.
- Another way to think of risk is the likelihood of a threat occurring.
- A high-risk asset is any information protected by regulations or laws.
- If compromised, a low-risk asset would have a severe negative impact on an organization’s ongoing reputation.
- Assets with SPII, PII, or intellectual property are examples of high-risk assets.
- Determining whether a risk is low, medium, or high depends on the possible threat and the asset involved.
- If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.
- Another way to think of risk is the likelihood of a threat occurring.
- A high-risk asset is any information protected by regulations or laws.
- Assets with SPII, PII, or intellectual property are examples of high-risk assets.
- Determining whether a risk is low, medium, or high depends on the possible threat and the asset involved.
A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?
- Lack of engagement
- Increase in profits
- Damage to reputation
- Loss of identity
Damage to reputation
In the Risk Management Framework (RMF), which step involves officially approving a system to operate and taking responsibility for its potential risks?
- Authorize
- Select
- Prepare
- Categorize
Authorize
What term describes an organization’s ability to maintain its everyday productivity by establishing risk disaster recovery plans?
- Business continuity
- Mitigation
- Daily defense
- Recovery
Business continuity
According to the concept of shared responsibility, employees can help lower risk to physical and virtual security by _____. Select two answers.
- meeting productivity goals
- recognizing and reporting security concerns
- limiting their communication with team members
- taking an active role
- recognizing and reporting security concerns
- taking an active role
A security analyst ensures that employees are able to review only the data they need to do their jobs. Which security domain does this scenario relate to?
- Identity and access management
- Security assessment and testing
- Communication and network security
- Software development security
Identity and access management
Which of the following are steps of implementing security controls? Select three answers.
- Regularly reviewing security information
- Setting up multi-factor authentication
- Assessing the effectiveness of current safeguards
- Tracking user actions
- Regularly reviewing security information
- Setting up multi-factor authentication
- Assessing the effectiveness of current safeguards
The software development security domain involves the use of the software development ___, which is an efficient process used by teams to quickly build software products and services.
- lifecycle
- functionality
- staging
- operations
lifecycle
