Module 2-02 Challenge Flashcards
How do organizations use security frameworks to develop an effective security posture?
- As a policy to support employee training initiatives
- As a guide to identify threat actor strategies
- As a policy to protect against phishing campaigns
- As a guide to reduce risk and protect data and privacy
As a guide to reduce risk and protect data and privacy
A security professional uses _____ to verify that an employee has permission to access a resource.
- encryption
- integrity
- authorization
- admission
authorization
A person’s fingerprint, eye or palm scan are examples of what?
- Codes
- Biometrics
- Passwords
- Statistics
Biometrics
Which of the following statements accurately describe the CSF? Select all that apply.
- Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
- The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
- The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
- The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.
- Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
- The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
- The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
You work as a security analyst for a supply chain organization and need to confirm all inventory data is correct, authentic, and reliable. Which core principle of the CIA triad are you using?
- Confidentiality
- Availability
- Credibility
- Integrity
Integrity
A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?
- Separation of duties
- Keep security simple
- Defense in depth
- Principle of least privilege
Defense in depth
What are some of the primary objectives of an internal security audit? Select all that apply.
- Avoid fines due to a lack of compliance
- Reduce the amount of data on a network
- Determine what needs to be improved in order to achieve the desired security posture
- Help security teams identify organizational risk
- Limit traffic on an organization’s firewall
- Help security teams correct compliance issues
- Enable security teams to assess controls
- Identify any security gaps or weaknesses within an organization
- Avoid fines due to a lack of compliance
- Determine what needs to be improved in order to achieve the desired security posture
- Help security teams identify organizational risk
- Help security teams correct compliance issues
- Enable security teams to assess controls
- Identify any security gaps or weaknesses within an organization
In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.
- conducting a risk assessment
- communicating to stakeholders
- assessing compliance
- establishing the scope and goals
conducting a risk assessment
A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?
- Administrative controls
- Communication controls
- Technical controls
- Physical controls
Physical controls
What information is typically communicated to stakeholders after completion of an internal security audit? Select all that apply.
- A summary of the goals
- Existing risks that need to be addressed now or in the future
- Detailed data about past cybersecurity incidents
- Strategies for improving security posture
- Results and recommendations
- Compliance regulations to be adhered to
- Comprehensive details about each part of the process
- A summary of the goals
- Existing risks that need to be addressed now or in the future
- Strategies for improving security posture
- Results and recommendations
- Compliance regulations to be adhered to
What is the purpose of a security framework?
- Develop procedures to help identify productivity goals
- Establish policies to expand business relationships
- Build plans to help mitigate risks and threats to data and privacy
- Create security controls to protect marketing campaigns
Build plans to help mitigate risks and threats to data and privacy
A security professional uses _____ to convert data from a readable format to an encoded format.
- authorization
- confidentiality
- authentication
- encryption
encryption
Which of the following characteristics are examples of biometrics? Select all that apply.
- Eye scan
- Password
- Palm scan
- Fingerprint
- Eye scan
- Palm scan
- Fingerprint
A security team considers how to avoid unnecessarily complicated solutions when implementing security controls. Which OWASP principle does this scenario describe?
- Keep security simple
- Fix security issues correctly
- Defense in depth
- Principle of least privilege
Keep security simple
The planning elements of an internal security audit include establishing scope and _____, then conducting a risk assessment.
- compliance
- goals
- controls
- limitations
goals
A security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?
- Physical controls
- Administrative controls
- Technical controls
- Compliance controls
Administrative controls
An employee using multi-factor authentication to verify their identity is an example of the _____ process.
- integrity
- authentication
- confidentiality
- encryption
authentication
What type of social engineering attack attempts to exploit biometrics?
- Cryptographic attack
- Vishing
- Whaling
- Spear phishing
Vishing