Module 1-2 Challenge

Question 1

Security posture refers to an organization’s ability to react to _____ and manage its defense of critical assets and data.

competition
tasks
sustainability
change

Answer 1

change

Question 2

Which of the following examples are key focus areas of the security and risk management domain? Select three answers.

Define security goals
Follow legal regulations
Maintain business continuity
Conduct control testing

Answer 2

Define security goals
Follow legal regulations
Maintain business continuity

Question 3

What is the goal of business continuity?

Remove access to assets
Maintain everyday productivity
Destroy publicly available data
Reduce personnel

Answer 3

Maintain everyday productivity

Question 4

What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?

Secure coding
Remote services
Employee retention
Shared responsibility

Answer 4

Shared responsibility

Question 5

A security analyst researches ways to improve access and authorization at their business. Their primary goal is to keep data secure. Which security domain does this scenario describe?

Asset security
Communication and network security
Security assessment and testing
Identity and access management

Answer 5

Identity and access management

Question 6

A security analyst is asked to conduct a security audit to identify vulnerabilities. Which security domain is this task related to?

Security architecture and engineering
Security assessment and testing
Software development security
Communication and network security

Answer 6

Security assessment and testing

Question 7

When working in the software development security domain, security team members can use each phase of the software development _____ to conduct security reviews and ensure that security can be fully integrated into software products.

handling
lifecycle
sequencing
operations

Answer 7

lifecycle

Question 8

Which of the following statements accurately describe risk? Select all that apply.

If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.
Another way to think of risk is the likelihood of a threat occurring.
A high-risk asset is any information protected by regulations or laws.
If compromised, a low-risk asset would have a severe negative impact on an organization’s ongoing reputation.

Answer 8

If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.
Another way to think of risk is the likelihood of a threat occurring.
A high-risk asset is any information protected by regulations or laws.

Question 9

A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?

Lack of engagement
Increase in profits
Damage to reputation
Loss of identity

Answer 9

Damage to reputation

Question 10

In the Risk Management Framework (RMF), which step involves officially approving a system to operate and taking responsibility for its potential risks?

Authorize
Select
Prepare
Categorize

Answer 10

Authorize