Module 2-2 Challenge

Question 1

How do organizations use security frameworks to develop an effective security posture?

As a policy to support employee training initiatives
As a guide to identify threat actor strategies
As a policy to protect against phishing campaigns
As a guide to reduce risk and protect data and privacy

Answer 1

As a guide to reduce risk and protect data and privacy

Question 2

A security professional uses _____ to verify that an employee has permission to access a resource.

encryption
integrity
authorization
admission

Answer 2

authorization

Question 3

Question 3
A person’s fingerprint, eye or palm scan are examples of what?

Codes
Biometrics
Passwords
Statistics

Answer 3

Biometrics

Question 4

Which of the following statements accurately describe the CSF? Select all that apply.

Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.

Answer 4

Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

Question 5

You work as a security analyst for a supply chain organization and need to confirm all inventory data is correct, authentic, and reliable. Which core principle of the CIA triad are you using?

Confidentiality
Availability
Credibility
Integrity

Answer 5

Integrity

Question 6

A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?

Separation of duties
Keep security simple
Defense in depth
Principle of least privilege

Answer 6

Defense in depth

Question 7

What are some of the primary objectives of an internal security audit? Select all that apply.

Avoid fines due to a lack of compliance
Reduce the amount of data on a network
Determine what needs to be improved in order to achieve the desired security posture
Help security teams identify organizational risk

Answer 7

Avoid fines due to a lack of compliance
Determine what needs to be improved in order to achieve the desired security posture
Help security teams identify organizational risk

Question 8

In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.

conducting a risk assessment
communicating to stakeholders
assessing compliance
establishing the scope and goals

Answer 8

conducting a risk assessment

Question 9

A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?

Administrative controls
Communication controls
Technical controls
Physical controls

Answer 9

Physical controls

Question 10

What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

A summary of the goals
Existing risks that need to be addressed now or in the future
Detailed data about past cybersecurity incidents
Strategies for improving security posture

Answer 10

A summary of the goals
Existing risks that need to be addressed now or in the future
Strategies for improving security posture