Practice Exam Question 1 Flashcards

1
Q

The ASIS/ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017) Standard outlines a risk assessment process. Which of the following describes this process?

A. Threat identification; vulnerability assessment; risk analysis and risk evaluation
B. Threat identification; vulnerability assessment; risk assessment and risk evaluation
C. Asset identification; risk identification; risk analysis and risk evaluation
D. Asset identification; vulnerability assessment; threat assessment and risk evaluation

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This assessment is performed to establish a baseline of PPS effectiveness in meeting goals and objectives. The process is a method of identifying the weak points of a facility, entity, venue or person. This is BEST described as a:

A. Risk analysis
B. Risk assessment
C. Threat analysis
D. Vulnerability assessment

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of question is intended to help the person being asked the question to think more deeply about a subject or specific issue?

Probing question
Open question
Closed question
Leading question

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which strategy allows the investigator to re-evaluate and, if necessary, modify his/her opening hypothesis as new evidence is uncovered?

Stockholm strategy
Variable hypothesis strategy
Pygmalion strategy
Floating point strategy

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. You are the senior administrator for a bank. A user calls and says he was notified to contact you but couldn’t find your information on the company website. Two days ago, he received an email stating that there was something wrong with his account and he needed to click a link in the email to fix the problem. He clicked the link and filled in the information, but now his account is showing a large number of transactions that he did not authorize. The user was likely the victim of what type of attack?

Spoofing
Spamming
Phishing
BEC

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When dealing with suspected chemical or biological agents that are released from a suspicious package, what should be your FIRST goal?

Look after any staff exposed to the materials
Call security
Limit distribution of the material
Call the police

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Sally would like to forward some Personally Identifiable Information to her HR department by email, but she is worried about the confidentiality of the information. Which of the following will accomplish this task securely?

Encryption
Secret Key
Hashing
Digital Signatures

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which approach examines the linkages and interactions between the elements that compose the entirety of a system?

Systems approach
PDCA
Convergence
Security in depth

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

There are three information security system control objectives. Which of the following are these objectives?

Deterrence, detection and response
Deterrence, detection and recovery
Detection, response and recovery
Detection, recovery and compliance

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which CPTED measures would employ good space planning to reduce inhabitant conflicts by considering compatible circulation patterns, including a well-defined building entrance and arranging courtyards, patios and porches for unobstructed lines of sight?

Human Measures
Natural Measures
Mechanical Measures
Organizational Measures

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which person on an incident scene has the overall incident management responsibility?

Incident commander
Chief Security Officer
Most senior member of staff
Emergency responder

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The total exposed amount that an organization wishes to undertake on the basis of risk-return trade-offs for one or more desired and expected outcomes, is known as:

Cost-benefit
Risk appetite
Vulnerability
Risk acceptance

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

These are based on the investigative goals but are more specific and may be more short-lived. They are generally measurable and can be used to gauge the progress, success, or achievement of an investigative unit. They are BEST described as:

Ethics
Strategies
Objectives
Metrics

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following strategies is accomplished anytime you take steps to reduce the risk?

Risk avoidance
Risk acceptance
Risk deterrence
Risk mitigation

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is NOT a characteristic of morphine?

Its legal use is restricted primarily to hospitals
It is the principal constituent of opium
A significant part of the morphine obtained from opium is used medically
It is odorless, bitter tasting, and darkens with age

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The hallucinogen “mescaline” is derived from:

The peyote cactus
The coca plant
Mushrooms
The sage bush

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which type of alarms should be regarded as the highest priority level?

Duress alarm
Intruder alarm
Fire alarm
Proprietary alarm

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The main source of non-synthetic narcotics is:

Peyote
The laboratory
Papaver somniferum
The coca plant

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which terms would you associate with civil liabilities?

Administrative and criminal
Tort and Contract
Intent and Act
Res judicata and precedence

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The act of finding a safe location/refuge in a building one is occupying is known as:

Shelter in place
Operations security
Active response
Target hardening

A

A

21
Q

Which type of sensors are typically utilized to detect a tool attack?

Temperature sensors
Vibration sensors
Passive microwave
Passive infrared

A

B

22
Q

Which of the following terms BEST describes an investigator being objective when interviewing a witness to an incident?

The investigator seeks information specific to the incident scene.
The investigator avoids body language and facial expressions that may display prejudice.
The investigator seeks corroborative information to confirm the witnesses’ statement.
The investigator pressing the witness to remember more details of the incident.

A

B

23
Q

Which statement regarding security lighting is TRUE?

A benefit of security lighting is that auxiliary power is not needed
Lighting should not be used solely as a psychological deterrent
Lighting is relatively expensive to maintain
Lighting should not be integrated with surveillance systems

A

B

24
Q

Which of the following is the primary security concern when deploying a mobile device on a network?

Cloud storage technique
Data security
Strong authentication
Interoperability

A

B

25
Q

A compromised workstation utilized in a Distributed Denial of Service (DDoS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident?

Expert Witness
Chain of custody
Eye Witness
Data Analysis of the hard drive

A

B

26
Q

When an investigator is questioning an employee suspected of stealing funds from the organization, this is BEST defined as a(n):

Interview
Informational interview
Confrontational interview
Non-accusatory interview

A

C

27
Q

A metric used to evaluate factors that are crucial to the success of an organization or of a particular activity in which it engages.

Performance metrics
Key performance indicator
Activity metrics
Service level agreement

A

B

28
Q

Which recording method utilizes portable media for processing and recording of images directly at the camera?

Digital
Cloud
Linear
Edge

A

D

29
Q

Confidence in the risk assessment process is dependent on an impartial evaluation of the risk sources and management practices. Which of the following is not a threat to impartiality?

Familiarity
Independence
Intimidation
Habituation

A

B

30
Q

The adaptive capacity of an organization in a complex and changing environment is known as:

Awareness
Resilience
Business continuity
Leadership

A

B

31
Q

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future?

Mandatory Vacations
Job rotation
Least Privilege
Separation of duties

A

D

32
Q

Staff access to each facility area should be restricted based on:

Biometrics
Job requirements
Keys
Cards

A

B

33
Q

Mary claims that she didn’t make a phone call from her office to a competitor and tell them about developments her company is working on. Telephone logs, however, show that such a call was placed from her phone, and time clock records show she was the only person working at the time. What do these records provide?

Non-repudiation
Integrity
Confidentiality
Authentication

A

A

34
Q

This ratio examines the company’s ability to cover short-term obligations.

Debt to Equity Ratio
Return on Assets Ratio
Quick Ratio
Current Ratio

A

D

35
Q

This detector absorbs invisible light energy comparing actual energy to established background energy. What type of detector is this?

Passive Infrared
Active microwave
Active infrared
Passive microwave

A

A

36
Q

The care that a prudent person might be expected to exercise in the examination and evaluation of risks, is known as:

Ethics
Compliance
Due care
Due diligence

A

D

37
Q

A security administrator is reviewing the company’s continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?

Systems should be restored within two days and should remain operational for at least six hours
Systems should be restored within six hours and no later than two days after the incident
Systems should be restored within two days with a minimum of six hours’ worth of data
Systems should be restored within six hours with a minimum of two days’ worth of data

A

D

38
Q

A structure that brings together the Incident Commanders of the major organizations involved in an incident in order to coordinate an effective response, while at the same time allowing each to carry out their own jurisdictional, legal, and functional responsibilities, is referred to as:

Mutual Assistance
Incident command
Command structure
Unified command

A

D

39
Q

Which of the following is a correct statement concerning all-hazard emergency operation plans?

Emergency operations plans should only be stand-alone plans.
Business continuity plans should not be included in in the organization’s security operations plan.
Business continuity plans should be included in in the organization’s security operations plan.
Emergency operation plans should only be developed by internal personnel.

A

B

40
Q

Providing obstacles to deter, detect, delay, and deny access to a facility, asset, or operation utilizing both natural and manufactured means, is referred to as:

Site hardening
CPTED
Access control
Security in depth

A

A

41
Q

Which of the following is the process where frontline managers, who are involved in the day-to-day operations of their departments or divisions, are deemed their organizations’ best resource for realistic budget information and would thus set their own budget?

Zero based budgeting
Combination budgeting
Top-down budgeting
Bottom-up budgeting

A

D

42
Q

Which devices trigger alarms when air or surface temperature changes occur outside of predetermined limits?

Ionization sensors
Temperature sensors
Optic sensors
Heat Sensors

A

B

43
Q

One of your primary tasks as the chief security officer is to document everything related to security and create a manual that can be used to manage security in your absence. Which documents should be referenced in your manual as the ones that identify the methods used to accomplish a given task?

Standards
Policies
Guidelines
BIA

A

C

44
Q

What is the term used for the intentional or negligent destruction of evidence or significant and meaningful alteration of a document or instrument?

Fraud
Tampering
Spoilation
Larceny

A

C

45
Q

A system that enables emergency responders to enter a facility when no one is available to provide access, is known as a(n):

Fire system
Rapid entry system
Emergency entrance
Redundant system

A

B

46
Q

As part of your training program, you want to educate users on the importance of security. You explain to them that not every attack depends on implementing advanced technological methods. Some attacks, you explain, take advantage of human shortcomings to gain access that should otherwise be denied. What term do you use to describe attacks of this type?

Social engineering
IDS system
Biometrics
Perimeter security

A

A

47
Q

A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day basis?

Insufficient encryption methods
Lack of antivirus software
Corporate espionage
Large scale natural disasters

A

B

48
Q

Investigations, which often focus on conflict of interest, corporate resource abuse, employee theft, workplace violence and substance abuse, are types of _____________ investigations.

Criminal
Misconduct
Financial
Employee

A

B

49
Q

The Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO’s requirements?

USB token and PIN
Proximity badge and token
Username and password
Retina scan and fingerprint scan

A

A