Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Course 002 - Play It Safe: Manage Security Risks > Module 2-02 Challenge > Flashcards

Module 2-02 Challenge Flashcards

1
Q

How do organizations use security frameworks to develop an effective security posture?

  • As a policy to support employee training initiatives
  • As a guide to identify threat actor strategies
  • As a policy to protect against phishing campaigns
  • As a guide to reduce risk and protect data and privacy
A

As a guide to reduce risk and protect data and privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security professional uses _____ to verify that an employee has permission to access a resource.

  • encryption
  • integrity
  • authorization
  • admission
A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A person’s fingerprint, eye or palm scan are examples of what?

  • Codes
  • Biometrics
  • Passwords
  • Statistics
A

Biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following statements accurately describe the CSF? Select all that apply.

  • Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
  • The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
  • The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
  • The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.
A
  • Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
  • The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
  • The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You work as a security analyst for a supply chain organization and need to confirm all inventory data is correct, authentic, and reliable. Which core principle of the CIA triad are you using?

  • Confidentiality
  • Availability
  • Credibility
  • Integrity
A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?

  • Separation of duties
  • Keep security simple
  • Defense in depth
  • Principle of least privilege
A

Defense in depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some of the primary objectives of an internal security audit? Select all that apply.

  • Avoid fines due to a lack of compliance
  • Reduce the amount of data on a network
  • Determine what needs to be improved in order to achieve the desired security posture
  • Help security teams identify organizational risk
  • Limit traffic on an organization’s firewall
  • Help security teams correct compliance issues
  • Enable security teams to assess controls
  • Identify any security gaps or weaknesses within an organization
A
  • Avoid fines due to a lack of compliance
  • Determine what needs to be improved in order to achieve the desired security posture
  • Help security teams identify organizational risk
  • Help security teams correct compliance issues
  • Enable security teams to assess controls
  • Identify any security gaps or weaknesses within an organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.

  • conducting a risk assessment
  • communicating to stakeholders
  • assessing compliance
  • establishing the scope and goals
A

conducting a risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?

  • Administrative controls
  • Communication controls
  • Technical controls
  • Physical controls
A

Physical controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What information is typically communicated to stakeholders after completion of an internal security audit? Select all that apply.

  • A summary of the goals
  • Existing risks that need to be addressed now or in the future
  • Detailed data about past cybersecurity incidents
  • Strategies for improving security posture
  • Results and recommendations
  • Compliance regulations to be adhered to
  • Comprehensive details about each part of the process
A
  • A summary of the goals
  • Existing risks that need to be addressed now or in the future
  • Strategies for improving security posture
  • Results and recommendations
  • Compliance regulations to be adhered to
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the purpose of a security framework?

  • Develop procedures to help identify productivity goals
  • Establish policies to expand business relationships
  • Build plans to help mitigate risks and threats to data and privacy
  • Create security controls to protect marketing campaigns
A

Build plans to help mitigate risks and threats to data and privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A security professional uses _____ to convert data from a readable format to an encoded format.

  • authorization
  • confidentiality
  • authentication
  • encryption
A

encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following characteristics are examples of biometrics? Select all that apply.

  • Eye scan
  • Password
  • Palm scan
  • Fingerprint
A
  • Eye scan
  • Palm scan
  • Fingerprint
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security team considers how to avoid unnecessarily complicated solutions when implementing security controls. Which OWASP principle does this scenario describe?

  • Keep security simple
  • Fix security issues correctly
  • Defense in depth
  • Principle of least privilege
A

Keep security simple

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The planning elements of an internal security audit include establishing scope and _____, then conducting a risk assessment.

  • compliance
  • goals
  • controls
  • limitations
A

goals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?

  • Physical controls
  • Administrative controls
  • Technical controls
  • Compliance controls
A

Administrative controls

17
Q

An employee using multi-factor authentication to verify their identity is an example of the _____ process.

  • integrity
  • authentication
  • confidentiality
  • encryption
A

authentication

18
Q

What type of social engineering attack attempts to exploit biometrics?

  • Cryptographic attack
  • Vishing
  • Whaling
  • Spear phishing

Course 002 - Play It Safe: Manage Security Risks (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions