Module 2-02 Challenge Flashcards
How do organizations use security frameworks to develop an effective security posture?
- As a policy to support employee training initiatives
- As a guide to identify threat actor strategies
- As a policy to protect against phishing campaigns
- As a guide to reduce risk and protect data and privacy
As a guide to reduce risk and protect data and privacy
A security professional uses _____ to verify that an employee has permission to access a resource.
- encryption
- integrity
- authorization
- admission
authorization
A person’s fingerprint, eye or palm scan are examples of what?
- Codes
- Biometrics
- Passwords
- Statistics
Biometrics
Which of the following statements accurately describe the CSF? Select all that apply.
- Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
- The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
- The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
- The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.
- Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
- The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
- The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
You work as a security analyst for a supply chain organization and need to confirm all inventory data is correct, authentic, and reliable. Which core principle of the CIA triad are you using?
- Confidentiality
- Availability
- Credibility
- Integrity
Integrity
A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?
- Separation of duties
- Keep security simple
- Defense in depth
- Principle of least privilege
Defense in depth
What are some of the primary objectives of an internal security audit? Select all that apply.
- Avoid fines due to a lack of compliance
- Reduce the amount of data on a network
- Determine what needs to be improved in order to achieve the desired security posture
- Help security teams identify organizational risk
- Limit traffic on an organization’s firewall
- Help security teams correct compliance issues
- Enable security teams to assess controls
- Identify any security gaps or weaknesses within an organization
- Avoid fines due to a lack of compliance
- Determine what needs to be improved in order to achieve the desired security posture
- Help security teams identify organizational risk
- Help security teams correct compliance issues
- Enable security teams to assess controls
- Identify any security gaps or weaknesses within an organization
In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.
- conducting a risk assessment
- communicating to stakeholders
- assessing compliance
- establishing the scope and goals
conducting a risk assessment
A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?
- Administrative controls
- Communication controls
- Technical controls
- Physical controls
Physical controls
What information is typically communicated to stakeholders after completion of an internal security audit? Select all that apply.
- A summary of the goals
- Existing risks that need to be addressed now or in the future
- Detailed data about past cybersecurity incidents
- Strategies for improving security posture
- Results and recommendations
- Compliance regulations to be adhered to
- Comprehensive details about each part of the process
- A summary of the goals
- Existing risks that need to be addressed now or in the future
- Strategies for improving security posture
- Results and recommendations
- Compliance regulations to be adhered to
What is the purpose of a security framework?
- Develop procedures to help identify productivity goals
- Establish policies to expand business relationships
- Build plans to help mitigate risks and threats to data and privacy
- Create security controls to protect marketing campaigns
Build plans to help mitigate risks and threats to data and privacy
A security professional uses _____ to convert data from a readable format to an encoded format.
- authorization
- confidentiality
- authentication
- encryption
encryption
Which of the following characteristics are examples of biometrics? Select all that apply.
- Eye scan
- Password
- Palm scan
- Fingerprint
- Eye scan
- Palm scan
- Fingerprint
A security team considers how to avoid unnecessarily complicated solutions when implementing security controls. Which OWASP principle does this scenario describe?
- Keep security simple
- Fix security issues correctly
- Defense in depth
- Principle of least privilege
Keep security simple
The planning elements of an internal security audit include establishing scope and _____, then conducting a risk assessment.
- compliance
- goals
- controls
- limitations
goals
