Practice Exam Flashcards
Intro Pre-Assessment
(ISC)² publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to refer to. Certifications can be issued for demonstrating expertise in this Common Body of Knowledge. What kind of document is the Common Body of Knowledge?
Standard
(The Common Body of Knowledge is used throughout the industry, recognized among many people, countries and organizations. This is a standard)
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma’s colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do?
Explain the style and format of the questions, but no detail
Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do?
Pay the parking ticket
In risk management concepts, a(n) _________ is something a security practitioner might need to protect.
Asset
Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do?
Stop participating in the group
Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction?
Administrative
Hoshi is an (ISC)2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi’s cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do?
disclose the relationship, but recommend the vendor/product
Olaf is a member of (ISC)² and a security analyst for Triffid Corporation. During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid. What should Olaf do?
Tell the auditors the truth
Which of the following is an example of a “something you know” authentication factor?
-Fingerprint
-Iris scan
-Password
-User ID
Password
Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don’t collide with pedestrians. What is probably the most effective type of control for this task?
Physical
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do?
Inform Triffid management
The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is this?
Technical
The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a _________.
Procedure
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do?
Inform (ISC)²
In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset.
Threat
A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control.
Technical
(A software firewall is a technical control because it is a part of the IT environment)
Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________.
Law, procedure
(The municipal code was created by a governmental body and is a legal mandate; this is a law. The Triffid checklist is a detailed set of actions which must be used by Triffid employees in specific circumstances; this is a procedure)
A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________.
Non-repudiation
A bollard is a post set securely in the ground in order to prevent a vehicle from entering an area or driving past a certain point. Bollards are an example of ______ controls.
Physical
Druna is a security practitioner tasked with ensuring that laptops are not stolen from the organization’s offices. Which sort of security control would probably be best for this purpose?
Physical
(Because laptops are tangible objects, and Druna is trying to ensure that these objects are not moved from a certain place, physical controls are probably best for the purpose)
Who approves the incident response policy?
Senior management
What is the risk associated with delaying resumption of full normal operations after a disaster?
The impact of running alternate operations for extended periods
(Alternate operations are typically more costly than normal operations)
What is the risk associated with resuming full normal operations too soon after a DR effort?
The danger posed by the disaster might still be present
True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs.
False