Practice Questions Flashcards

1
Q

While working on a risk report, a security analyst in an IT firm didn’t report it. What type of risk response is this?

A. Risk rejection
B. Risk mitigation
C. Risk acceptance
D. Risk avoidance

A

A. Risk rejection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Under which category of cyber threat is ransomware?

A. Phishing attack
B. DoS attack
C. Worm
D. Malware

A

D. Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which category best describes an attack that compromises the confidentiality of data?

A. Alteration
B. Interception
C. Modification
D. Interruption

A

B. Interception

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Type of attack used for gaining access to the target system using a false identity.

A. Virus
B. Phishing
C. Spoofing
D. Replay

A

C. Spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of these attacks is related to network resource consumption with the goal of preventing legitimate activity/traffic on a specific system?

A. Side Channel
B. Denial of Service (DoS)
C. Man-in-the-Middle
D. Replay

A

B. Denial of Service (DoS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is not a common behavior between a virus & worm?

A. Spread throughout the network
B. Destructive
C. Human interaction required
D. Destructive

A

C. Human interaction required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What’s another name for a Man-in-the-Middle (MITM) attack?

A. On-path attack
B. Distributed Denial of Service (DDoS) attack
C. Phishing attack
D. Smishing Attack

A

A. On-path attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of threat is it when an employee downloads multiple company related documents before later joining a competitor company?

A. Market threat
B. Outsider threat
C. Competitor threat
D. Insider threat

A

D. Insider threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Of the following choices, which is the best way of dealing with an insider threat?

A. Actively monitoring a coworker’s daily routine
B. Solve any threats that you identify
C. Identify and report any suspicious activity
D. Implement mantraps

A

C. Identify and report any suspicious activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Wired connections for networked devices fall under which standard?

A. IEEE 802.1
B. IEEE 802.3
C. IEEE 802.5
D. IEEE 802.11

A

B. IEEE 802.3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

___________ are used to protect the network while managing and controlling network traffic.

A. Switches
B. Intrusion Prevention Systems
C. Firewalls
D. Routers

A

C. Firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which protocol should be used to securely transfer files?

A. SFTP
B. FTP
C. SMTP
D. SNMP

A

A. SFTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Someone gains access to your sensitive data and releases it on a public website. Which component of the CIA triad does this effect?

A. Availability
B. Confidentiality
C. Integrity
D. Authorization

A

B. Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

All of the following fall under the confidential category except?

A. PHI
B. Sensitive/Classified Information
C. PII
D. Email

A

D. Email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A security analyst recently found a threat and informed leadership of a security control to counter the threat. This is an example of risk __________.

A. Avoidance
B. Insurance
C. Mitigation
D. Transference

A

C. Mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An ISC2 member was recently invited to join an online webinar. After a few sessions, they realize a few of the participants were sharing malware within the group chat. What would be the best course of action?

A. Leave the group
B. Do Nothing
C. Report them to law enforcement
D. Report them to ISC2

A

A. Leave the group

17
Q

Any entity that requests access to an asset can be defined as a __________?

A. Rule
B. Subject
C. Object
D. Role

A

B. Subject

18
Q

The activities required to restore communication services for an organization during and/or after an outage or disruption is called _____________?

A. Event
B. Incident Response
C. Common Action Plan
D. Disaster Recovery

A

D. Disaster Recovery

19
Q

How often should an organization review its business continuity plan?

A. Routinely
B. Annually
C. Continually
D. Bi-annually

A

A. Routinely

20
Q

Which of the following is less likely to be part of the disaster recovery process?

A. IT Personnel
B. Clerk
C. Public relations
D. Upper level management

A

B. Clerk

21
Q
A