Section 1: Cybersecurity Introduction

Question 1

The following factors can affect information security except:

a. Business plans
b. Server environment
c. Available information technology
d. Security process or system

Answer 1

b. Business environment, not server environment, can affect information security.

Question 2

The following are drivers when evaluating business plans and general business environment except:

a. Nature of business
b. Risk tolerance
c. Security profile
d. User community and capabilities

Answer 2

d. User community and capabilities is a factor that can impact security. It is not a driver for evaluating business plan and general business environment.

Question 3

With respect to technology, the following factors can impact security except:

a. Platforms and tools used
b. Network connectivity
c. Level of IT complexity
d. Risk tolerance
e. New or emerging security tools
f. Operational support for security

Answer 3

d. Risk tolerance is not a factor that can impact security with respect to technology. It is a driver for evaluating business plan and general business environment.

Question 4

There are an estimated 410,000 to 510,000 information security professionals worldwide. By 2018, jobs are expected to increase by how much:

a. 50%
b. 65%
c. 53%
d. 47%

Answer 4

c. 53%

Question 5

Deals with information, regardless of its format and encompasses paper documents, digital and intellectual property in people’s minds, and verbal and visual communications.

Answer 5

Information Security

Question 6

Defined as protecting information assets by addressing threats to information processed, stored, and transported by internetworked information systems.

Answer 6

Cybersecurity

Question 7

The following activities are identified as key functions necessary for the protection of digital assets except:

a. Recover
b. Detect
c. Respond
d. Prevent
e. Identify

Answer 7

d. Prevent

Five functions (in order) are:

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

Question 8

The protection of information from unauthorized access or disclosure.

Answer 8

Confidentiality

Question 9

Protection from improper disclosure according to its sensitivity and applicable legal requirements.

Answer 9

Integrity

Question 10

Ensures the timely and reliable access to and use of information and systems.

Answer 10

Availability

Question 11

Loss of confidentiality can result in the following except:

a. Loss of productive time
b. Disclosure of information protected by privacy laws
c. Loss of public confidence
d. Loss of competitive advantage

Answer 11

a. Loss of productive time is a consequence of loss of availability.

Question 12

Loss of integrity can result in the following except:

a. Inaccuracy
b. Legal action against the enterprise
c. Erroneous decisions
d. Fraud

Answer 12

b. Legal action against the enterprise is a consequence of loss of confidentiality.

Question 13

Loss of availability can result in the following except:

a. Loss of functionality and operational effectiveness
b. Loss of productive time
c. Loss of competitive advantage
d. Interference with enterprise’s objectives

Answer 13

c. Loss of competitive advantage is a consequence of loss of confidentiality.

Question 14

Confidentiality can be preserved using the following methods except:

a. Access controls
b. File permissions
c. Digital signatures
d. Encryption

Answer 14

c. Digital signature is a method used to preserve integrity.

Question 15

Integrity can be preserved using the following methods except:

a. Access controls
b. File permissions
c. Logging
d. Hashes

Answer 15

b. File permissions is a method used to preserve confidentiality.

Question 16

Availability can be preserved using the following methods except:

a. Redundancy
b. Backups
c. Access controls
d. File permissions

Answer 16

d. File permissions is a method used to preserve confidentiality.

Question 17

The responsibility of the board of directors and senior management of the organization.

Answer 17

Governance

Question 18

The process by which an organization manages risk to acceptable levels.

Answer 18

Risk management

Question 19

The act of adhering to, and the ability to demonstrate adherence to, mandated requirements defined by laws and regulations.

Answer 19

Compliance

Question 20

Cybersecurity is the responsibility of:

a. senior management
b. IT security manager
c. employees
d. entire organization

Answer 20

d. Cybersecurity is the responsibility of the entire organization at every level.

Question 21

The following are the goals of a governance program except:

a. Provide strategic direction
b. Ensure objectives are achieved
c. Ascertain whether the risk is managed appropriately
d. Verify that the IT budget is sufficient

Answer 21

d. One of the governance program goals is to verify that the organization’s resources are used responsibly.

Question 22

True or false: A cybersecurity professional may be a practitioner but not part of senior management.

Answer 22

False. A cybersecurity professional may be a practitioner or part of senior management.

Question 23

Responsible for ensuring that needed organization functions, resources, and supporting infrastructure are available and properly utilized to fulfill the directives of the board, regulatory compliance, and other demands.

Answer 23

Executive management

Question 24

The cybersecurity manager will be responsible for the following except:

a. Developing security strategy
b. Designing and implementing processes and controls
c. Developing risk mitigation strategies
d. Directing and monitoring security activities

Answer 24

b. Designing and implementing processes and controls is a function of a cybersecurity practitioner.

Question 25

The cybersecurity manager will be responsible for the following except:

a. Overseeing security program and initiatives
b. Responding to events and incidents
c. Enforcing policy and regulatory compliance
d. Ensuring that risk and BIAs are conducted

Answer 25

b. Responding to events and incidents is is a function of a cybersecurity practitioner.

Managing incidents and remediation is a function of the cybersecurity manager.