StudyXY
RegisterLog in
Information Technology /CompTIA Security+ 701 Practice Test 2

CompTIA Security+ 701 Practice Test 2

Information Technology86 CardsCreated about 2 months ago

These flashcards cover fundamental security principles and controls, including the CIA triad (Confidentiality, Integrity, Availability), types of controls like managerial, operational, and deterrent controls, and their application in maintaining secure systems and practices.

PrintEmbedImportReport

Which of the following is a primary goal of the CIA triad?

A. Integrity
B. Non-repudiation
C. Authentication
D. Authorization

Integrity

A component of the CIA triad, which stands for Confidentiality, Integrity, and Availability.

Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/86

Key Terms

Term
Definition

Which of the following is a primary goal of the CIA triad?

A. Integrity
B. Non-repudiation
C. Authentication
D. Authorization

Integrity

A component of the CIA triad, which stands for Confidentiality, Integrity, and Availability.

What is the main purpose of managerial controls?

A. To detect anomalies or intrusions
B. To mandate specific actions or processes
C. To physically secure assets
D. To establish policies and procedures

To establish policies and procedures

Managerial controls establish policies, procedures, and governance.

Which of the following is an example of an operational control?

A. Incident response plan
B. Security policy
C. Access badge
D. Firewall

Incident response plan

An operational control as it involves day-to-day security operations.

Which type of control is primarily focused on discouraging potential attacks?

A. Corrective
B. Deterrent
C. Detective
D. Directive

Deterrent

Deterrent controls focus on discouraging potential attacks.

What type of security control is a biometric authentication system?

A. Physical
B. Managerial
C. Technical
D. Operational

Technical

As it involves hardware or software.

Which of the following is NOT a component of the Zero Trust model?

A. Policy Enforcement Point
B. Policy Engine
C. Policy Administrator
D. Policy Execution Point

Policy Execution Point

Not a component of the Zero Trust model.

Log in to view all terms

Related Flashcard Decks

Information Technology

Security+ (SY0-701): Additional Knowledge

This flashcard set explores various cybersecurity topics including credential-stuffing attacks, data classification (e.g., private data), and key disaster recovery metrics like RTO. It also highlights protective measures such as hashing for data integrity, automation support challenges, and the use of URL scanning in web filtering to prevent malware infections.

10 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice: 5.0 Security Program Management and Oversight

This flashcard set covers key concepts in cybersecurity governance frameworks, including centralized governance, data stewardship roles, and compliance laws like SOX. It also addresses environments supporting development and change management, as well as recovery strategies like Recovery Point Objective (RPO) to minimize data loss during system failures.

8 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice: 4.0 Security Operations

This flashcard set explores advanced cybersecurity practices including refining SIEM alert handling, email security protocols (DKIM, DMARC), secure authentication methods, and strategic threat-hunting. It emphasizes how to enhance incident response efficiency and leverage proactive defense techniques like maneuvering to counteract potential threats.

11 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice; 2.0 Threats, Vulnerabilities, and Mitigations

This deck covers key concepts related to threats, vulnerabilities, and mitigations in cybersecurity, focusing on virtual machine security.

1 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice; 1.0 General Security Concepts

This flashcard deck covers key concepts from the Security+ (SY0-701) exam, focusing on general security concepts such as technical and operational controls, policy enforcement, and tokenization.

6 cards
View Deck
Information Technology

Security+ (SY0-701): Lesson 16: Summarize Data Protection Part 2

This flashcard deck covers key concepts from the Security+ (SY0-701) Lesson 16, focusing on data protection methods, DLP components, and security awareness training.

25 cards
View Deck

Study Tips

  • Press F to enter focus mode for distraction-free studying
  • Review cards regularly to improve retention
  • Try to recall the answer before flipping the card
  • Share this deck with friends to study together
CompTIA Security+ 701 Practice Test 2
TermDefinition

Which of the following is a primary goal of the CIA triad?

A. Integrity
B. Non-repudiation
C. Authentication
D. Authorization

Integrity

A component of the CIA triad, which stands for Confidentiality, Integrity, and Availability.

What is the main purpose of managerial controls?

A. To detect anomalies or intrusions
B. To mandate specific actions or processes
C. To physically secure assets
D. To establish policies and procedures

To establish policies and procedures

Managerial controls establish policies, procedures, and governance.

Which of the following is an example of an operational control?

A. Incident response plan
B. Security policy
C. Access badge
D. Firewall

Incident response plan

An operational control as it involves day-to-day security operations.

Which type of control is primarily focused on discouraging potential attacks?

A. Corrective
B. Deterrent
C. Detective
D. Directive

Deterrent

Deterrent controls focus on discouraging potential attacks.

What type of security control is a biometric authentication system?

A. Physical
B. Managerial
C. Technical
D. Operational

Technical

As it involves hardware or software.

Which of the following is NOT a component of the Zero Trust model?

A. Policy Enforcement Point
B. Policy Engine
C. Policy Administrator
D. Policy Execution Point

Policy Execution Point

Not a component of the Zero Trust model.

What is the primary purpose of key stretching?

A. To revoke digital certificates.
B. To encrypt data for secure transmission.
C. To hide data within other data.
D. To increase the computational effort required to brute force a password.

To increase the computational effort required to brute force a password.

Key stretching is a technique used to make brute force attacks more computationally intensive and time-consuming by repeatedly hashing a password.

What is the primary purpose of a backout plan in the change management process?

A. To schedule a specific time frame for performing maintenance or changes to the IT systems.
B. To keep track of changes made to documents, code, or other collections of information.
C. To identify and analyze the impact of the change on various stakeholders.
D. To define the steps to revert to the original state if the change is unsuccessful.

To define the steps to revert to the original state if the change is unsuccessful.

A backout plan is a plan that defines the steps to revert to the original state if the change is unsuccessful or causes unforeseen problems.

What is the primary purpose of salting in cryptographic solutions?

A. To verify the integrity and authenticity of a digital message or document.
B. To replace sensitive data with non-sensitive placeholders.
C. To add randomness to a password before hashing it.
D. To securely store a copy of cryptographic keys.

To add randomness to a password before hashing it.

Salting is the process of adding random data, called a salt, to a password before hashing it. This ensures that the same password will produce different hash values, making it more resistant to rainbow table attacks.

What is the primary purpose of a certificate revocation list (CRL)?

A. To securely generate, store, and manage cryptographic keys.
B. To issue digital certificates.
C. To list digital certificates that have been revoked by the certificate authority (CA).
D. To encrypt data for secure transmission.

To list digital certificates that have been revoked by the certificate authority.

A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the certificate authority (CA) and are no longer valid.

Which of the following is a form of obfuscation?

A. Data masking
B. Key escrow
C. Key stretching
D. Key exchange

Data masking

A form of obfuscation where sensitive data is replaced with fictitious or non-sensitive data.

Which of the following best describes the motivations of a threat actor involved in data exfiltration?

A. Espionage
B. Service disruption
C. Ethical
D. Philosophical/political beliefs

Espionage

Involves collecting, processing, and analyzing information that is of strategic or tactical value, which includes data exfiltration.

An attacker tricks a user into visiting a malicious website that appears to be identical to a legitimate site. Once on the site, the user unknowingly enters their login credentials, which the attacker captures. This type of attack is known as:

A. Watering hole
B. Typosquatting
C. Pretexting
D. Phishing

Phishing

Involves tricking a target into revealing sensitive information, often by creating fake websites that appear to be legitimate.

Which of the following best describes the attributes of an internal threat actor?

A. Level of sophistication/capability
B. Resources/funding
C. Insider threat
D. Organized crime

Insider threat

This directly refers to an internal threat actor as it’s someone within the organization.

Which of the following motivations is most commonly associated with shadow IT activities?

A. Disruption/chaos
B. Philosophical/political beliefs
C. War
D. Blackmail

Disruption/chaos

Shadow IT involves using unauthorized devices or software within an organization, which can lead to disruption or chaos due to lack of control and potential security risks.

An attacker registers a domain that is a common misspelling of a legitimate domain. The attacker sets up a website on the malicious domain that appears to be identical to the legitimate site to deceive users into entering their login credentials. This type of attack is known as:

A. Phishing
B. Brand impersonation
C. Watering hole
D. Typosquatting

Typosquatting

Specifically involves registering domains that are similar to legitimate ones to deceive users, which matches the scenario described.

Which cryptographic solution ensures data remains unreadable if intercepted during transmission between two parties?

A. Digital signatures
B. Transport/communication encryption
C. Hashing
D. Key stretching

Transport/communication encryption

Ensures data confidentiality during transmission.

Which of the following vulnerabilities is specific to cloud infrastructure?

A. Side loading
B. Time-of-check (TOC)
C. Firmware
D. Cloud-specific

Cloud-specific

Pertains specifically to cloud infrastructures.

An attacker who gains access by leveraging a gap between when a vulnerability is found and when it’s fixed is exploiting:

A. Zero-day
B. End-of-life vulnerability
C. Misconfiguration
D. Legacy vulnerability

Zero-day

A vulnerability that is known but not yet fixed, giving attackers this window to exploit.

Malware designed to spread without user intervention and replicate itself is called:

A. Ransomware
B. Keylogger
C. Trojan
D. Worm

Worm

Designed to spread and replicate without user intervention.

In the context of Public Key Infrastructure (PKI), what is the main function of a Certificate Authority (CA)?

A. Issuing and verifying digital certificates
B. Generating a private key for end-users
C. Creating honeypots to trap attackers
D. Obfuscating data for storage

Issuing and verifying digital certificates

Certificate Authorities (CAs) are responsible for issuing digital certificates and validating the entities’ identities.

What is the primary goal of a Distributed Denial-of-Service (DDoS) attack?

A. To guess user passwords
B. To overwhelm resources and disrupt service availability
C. To intercept and modify data in transit
D. To introduce malicious code into a network

To overwhelm resources and disrupt service availability

DDoS attacks flood resources to disrupt services and make them unavailable.

In the context of vulnerabilities, what does “Time-of-use (TOU)” refer to?

A. The time an application is most actively used by employees.
B. The recommended usage time of an application for optimum performance.
C. The moment a resource is accessed in a race condition.
D. The duration a software has been in use in an organization.

The moment a resource is accessed in a race condition.

Time-of-use (TOU) is about accessing the resource, especially when discussing race conditions.

An administrator notices a sudden spike in system resource consumption, especially bandwidth, with no obvious reason. What might this indicate?

A. A scheduled backup process
B. Regular software updates
C. An ongoing Distributed Denial-of-Service (DDoS) attack
D. An impending hardware failure

An ongoing Distributed Denial-of-Service (DDoS) attack

Sudden and unexplained spikes in resource consumption, especially bandwidth, may indicate a DDoS attack.

A security consultant recommends restricting software that can run on systems to a known list of accepted programs. This is an example of:

A. Application allow list
B. Patching
C. Configuration enforcement
D. Decommissioning

Application allow list

Specifies approved applications that can run on systems.

Which of the following is NOT a mitigation technique used to secure an enterprise?

A. Least privilege
B. Access control
C. Side loading
D. Hardening techniques

Side loading

Related to mobile devices, not a mitigation technique.

What distinguishes a serverless architecture?

A. Offloading server management tasks to cloud providers and only focusing on application code.
B. Only using physical servers.
C. The complete absence of servers in the infrastructure.
D. The use of virtual machines instead of physical servers.

Offloading server management tasks to cloud providers and only focusing on application code.

Serverless architectures allow developers to focus on code, while the cloud provider manages server provisioning and scaling.

When designing a cloud infrastructure, which of the following best describes “Infrastructure as Code” (IaC)?

A. Applying real-time patches to cloud servers.
B. Utilizing third-party software for infrastructure management.
C. Managing and provisioning computing resources using machine-readable definition files.
D. The use of cloud services for database storage.

Managing and provisioning computing resources using machine-readable definition files.

Infrastructure as Code (IaC) allows for automatic setup, modification, and management of infrastructure using code.

A type of malware that holds user data hostage by encrypting it and demanding payment for the decryption key is known as:

A. Worm
B. Logic bomb
C. Spyware
D. Ransomware

Ransomware

Encrypts data and demands payment for decryption.

Which of the following best defines software-defined networking (SDN)?

A. It is a protocol used for web traffic encryption.
B. A networking approach where network control is decoupled from forwarding hardware and is given to a software application.
C. It involves the use of physical switches and routers only.
D. A network solely built for high availability.

A networking approach where network control is decoupled from forwarding hardware and is given to a software application.

SDN allows dynamic, programmatically efficient network configuration.

For an organization that needs to manage its own hardware and have complete control over its data, which architecture is most appropriate?

A. Microservices
B. Serverless
C. Hybrid
D. On-premises

On-premises

Solutions that give organizations complete control over their hardware and data.

A security engineer is trying to ensure a particular service is only active when needed and not continuously running. Which principle is he emphasizing?

A. Responsiveness
B. Cost-effectiveness
C. High availability
D. Scalability

Cost-effectiveness

By ensuring services only run when needed, the engineer can reduce unnecessary costs.

In securing an enterprise infrastructure, why is the concept of “Attack surface” critical?

A. It relates to the physical placement of network devices.
B. It represents all the potential vulnerabilities and entry points an attacker could exploit.
C. It determines the maximum traffic a network can handle.
D. It defines the list of approved devices for a network.

It represents all the potential vulnerabilities and entry points an attacker could exploit.

Minimizing the attack surface helps to reduce the potential risks and vulnerabilities.

Which of the following firewall types focuses specifically on the security of web applications by inspecting HTTP traffic?

A. Layer 4 firewall
B. Next-generation firewall (NGFW)
C. Unified threat management (UTM)
D. Web application firewall (WAF)

Web application firewall (WAF)

Specifically designed to inspect web traffic and protect web applications.

What primary security benefit does an Extensible Authentication Protocol (EAP) provide?

A. It actively blocks malicious web traffic.
B. It offers a framework for secure authentication on wireless networks and Point-to-Point connections.
C. It defines network zones.
D. It encrypts data at rest.

It offers a framework for secure authentication on wireless networks and Point-to-Point connections.

Extensible Authentication Protocol (EAP) provides support for multiple authentication mechanisms and is widely used in wireless networks.

A company needs a solution to ensure its remote workers can securely access the corporate network. Which of the following is best suited for this purpose?

A. Load balancer
B. Software-defined wide area network (SD-WAN)
C. Virtual private network (VPN)
D. Intrusion prevention system (IPS)

Virtual private network (VPN)

Allow remote workers to securely connect to corporate networks over the internet.

In the event of a network device failure, which mode ensures that no traffic is allowed through the device?

A. Inline
B. Tap/monitor mode
C. Fail-open
D. Fail-closed

Fail-closed

The device will stop all traffic when it fails to ensure security.

In a cloud environment, which practice ensures that only necessary services are running, limiting the potential attack surface?

A. Using heat maps for deployment.
B. Implementing a BYOD policy.
C. Establishing a secure baseline.
D. Enabling all available plugins.

Establishing a secure baseline.

Defines a standard for a secure state of systems and ensures only necessary services run.

Which wireless security protocol provides the strongest encryption and security capabilities as of the most recent standards?

A. WPA.
B. Open authentication.
C. WEP.
D. WPA3.

WPA3.

The latest and most secure version of the Wi-Fi Protected Access protocol.

Why might an organization opt for a Corporate-owned, personally enabled (COPE) model for mobile devices?

A. To maintain tighter control over device security while allowing personal use.
B. To completely restrict personal use of the device.
C. To ensure employees pay for their own devices.
D. To allow employees to pick any device they prefer.

To maintain tighter control over device security while allowing personal use.

COPE devices are company-owned but can still be used for personal tasks.

If a company needs to ensure that old hard drives are entirely unreadable, which process would be the most thorough?

A. Physical destruction.
B. Deleting all files.
C. Renaming the drive.
D. Formatting the drive.

Physical destruction.

Physically damaging the drive makes it virtually impossible to recover data.

Which process in software development aims to identify potential security flaws by examining the application’s code without executing it?

A. Static code analysis.
B. Penetration testing.
C. Dynamic analysis.
D. Input validation.

Static code analysis.

Examining the source code without running the application.

In vulnerability management, which component would provide real-time updates on emerging threats and vulnerabilities?

A. Static code analysis.
B. Penetration testing report.
C. Threat feed.
D. System/process audit.

Threat feed.

Provides continuous data streams about new and emerging threats and vulnerabilities.

How does the Common Vulnerability Scoring System (CVSS) assist organizations in vulnerability management?

A. It lists all software without vulnerabilities.
B. It identifies new vulnerabilities.
C. It offers a standardized method for rating the severity of vulnerabilities.
D. It provides patches for known vulnerabilities.

It offers a standardized method for rating the severity of vulnerabilities.

CVSS provides a framework for assessing vulnerability impact.

An organization that cannot immediately address a vulnerability due to operational requirements might issue a formal document to allow its temporary existence. What is this document called?

A. Exception.
B. Remediation protocol.
C. Validation report.
D. Risk appetite statement.

Exception.

A formal allowance for non-compliance or deviation from expected security controls.

What is the primary goal of a Responsible Disclosure Program?

A. To rank companies based on their security posture.
B. To provide a structured process for reporting vulnerabilities to organizations.
C. To publicly shame companies with vulnerabilities.
D. To monetize vulnerabilities.

To provide a structured process for reporting vulnerabilities to organizations.

Encourages ethical behavior in reporting and allows organizations to address them securely.

In order to enhance web security, a company wants to filter web traffic based on website reputation. Which tool or feature should they employ?

A. Email security gateway
B. Firewall rules
C. Network segmentation
D. Web filter reputation

Web filter reputation

Categorizes and filters web traffic based on the reputation of websites.

Given an application that regularly experiences performance degradation, which tool would be best suited to gather long-term performance data for analysis?

A. Simple Network Management Protocol (SNMP) traps
B. Antivirus
C. Security Content Automation Protocol (SCAP)
D. File integrity monitoring

Simple Network Management Protocol (SNMP) traps

Can provide alerts and gather data about performance and other system metrics.

When an organization allows employees to access corporate resources using their personal devices, which tool would be crucial to ensuring security and policy compliance for these devices?

A. Group Policy
B. File integrity monitoring
C. Network access control (NAC)
D. URL scanner

Network access control (NAC)

Determines which devices can connect to the network based on compliance with security policies.

In a scenario where you need to enforce security settings across multiple Windows machines in an enterprise, which tool would be most appropriate?

A. NAC
B. Group Policy
C. SNMP traps
D. Security Content Automation Protocol (SCAP)

Group Policy

Allows administrators to implement specific configurations for users and computers within an Active Directory environment.

Which of the following ensures that the sender of an email has permission to send emails on behalf of a domain and reduces the chance of spoofing?

A. Endpoint detection and response (EDR)
B. Sender Policy Framework (SPF)
C. Data loss prevention (DLP)
D. DMARC

Sender Policy Framework (SPF)

Verifies if the mail server sending the email is authorized to send emails for the domain.

A user has been given temporary elevated access to a database for a specific task. Which concept best describes this kind of permission granting?

A. Role-based access control
B. Multifactor authentication
C. Discretionary access control
D. Just-in-time permissions

Just-in-time permissions

Involves providing elevated permissions temporarily.

Which of the following is NOT a type of access control?

A. Rule-based access control
B. Traffic-based access control
C. Mandatory access control
D. Discretionary access control

Traffic-based access control

No common access control type with this name.

For which of the following reasons might an organization use a password vault?

A. To securely store multiple passwords
B. To monitor network traffic
C. To implement single sign-on
D. To enhance password complexity

To securely store multiple passwords

Designed to keep various passwords in an encrypted format.

An organization wishes to enable single sign-on (SSO) capabilities to streamline access to multiple applications. Which protocol is commonly associated with this functionality?

A. Security Assertions Markup Language (SAML)
B. Multifactor authentication
C. Lightweight Directory Access Protocol (LDAP)
D. DMARC

Security Assertions Markup Language (SAML)

Provides a standard for exchanging authentication and authorization data between parties and is commonly used for SSO.

Which of the following accurately describes the “Something you are” factor in multifactor authentication?

A. A security key
B. A password or PIN
C. A specific gesture or voice command
D. A fingerprint or retina scan

A fingerprint or retina scan

You are your fingerprint/retinal pattern.

When implementing multifactor authentication, what describes the “Something you have” factor?

A. Security key
B. PIN
C. Fingerprint
D. Password

Security key

A physical item or device a user possesses, relating to the “Something you have” factor.

When considering automation in security operations, which term refers to automatically granting a new user the appropriate access rights and resources?

A. Ticket creation
B. Continuous integration and testing
C. User provisioning
D. Guard rails

User provisioning

Refers to the creation and management of user accounts and access rights within systems.

In the incident response process, what is the primary objective during the “containment” phase?

A. Gathering digital evidence for legal actions
B. Analyzing the root cause of the incident
C. Preventing the incident from causing further damage
D. Restoring affected systems to their normal function

Preventing the incident from causing further damage

The containment phase aims to limit the spread of an incident.

When considering the benefits of automation in security operations, which advantage focuses on the ability of automation to replicate the workload of many employees with fewer resources?

A. Workforce multiplier
B. Scaling in a secure manner
C. Enforcing baselines
D. Efficiency/time saving

Workforce multiplier

Signifies achieving more with fewer resources due to automation.

Which of the following log types would provide the most direct insights into a suspicious application’s behavior on a specific host?

A. Application logs
B. Firewall logs
C. IPS/IDS logs
D. Network logs

Application logs

Provide detailed information about specific application behaviors and activities.

During a digital forensic investigation, ensuring that digital evidence remains intact and unchanged during collection is known as maintaining what?

A. Chain of custody
B. Legal hold
C. E-discovery
D. Reporting

Chain of custody

Ensures that evidence remains untouched and is transferred and stored correctly.

What aspect of automation can potentially introduce new challenges or issues if not managed properly?

A. Enforcing baselines
B. Workforce multiplier
C. Efficiency/time saving
D. Complexity

Complexity

Over-automation or poorly planned automation can introduce unnecessary complexities.

An organization is trying to understand the vulnerabilities present in their network. Which of the following data sources would be most appropriate for this purpose?

A. OS-specific security logs
B. Firewall logs
C. Network logs
D. Vulnerability scans

Vulnerability scans

Specifically identify and report potential vulnerabilities within a network.

In the context of governance structures, which of the following is responsible for ensuring the integrity, reliability, and accuracy of data within an organization?

A. Owner
B. Controller
C. Custodian/steward
D. Processor

Custodian/steward

Responsible for the day-to-day management and protection of data.

Which part of the incident response process involves a systematic process to identify and address the underlying cause of an incident?

A. Eradication
B. Containment
C. Detection
D. Recovery

Eradication

Removing the root cause of the incident.

Which document would an organization use to establish guidelines for acceptable behavior by users of the company’s IT resources?

A. Acceptable use policy (AUP)
B. Password policy
C. Onboarding/offboarding procedure
D. Change management procedure

Acceptable use policy (AUP)

Establishes what behaviors are acceptable when using the company’s IT resources.

When conducting a risk assessment, which method focuses on the potential financial losses associated with risks?

A. Qualitative
B. Recurring
C. Quantitative
D. Ad hoc

Quantitative

Evaluates risks based on numerical values, often representing financial figures.

Which risk management strategy is implemented when an organization buys insurance to cover potential losses from a specific risk?

A. Accept
B. Transfer
C. Mitigate
D. Avoid

Transfer

The organization is passing the financial burden of a risk to another entity, like an insurance company.

In third-party risk assessment, what term describes the explicit boundaries and behaviors that should be followed during a penetration test?

A. Right-to-audit clause
B. Questionnaires
C. Rules of engagement
D. Vendor selection criteria

Rules of engagement

Defines the scope, methods, and boundaries during assessments like penetration testing.

An organization has a predetermined level at which risks need immediate attention and possible action. This level is known as:

A. Risk analysis
B. Risk threshold
C. Risk identification
D. Risk appetite

Risk threshold

Represents a boundary beyond which risks require immediate attention.

When an organization decides to stop a project or close a business segment to avoid a potential risk, they are employing which risk management strategy?

A. Avoid
B. Transfer
C. Mitigate
D. Accept

Avoid

Taking action to ensure the risk doesn’t materialize.

In the context of third-party risk assessment, which document provides a detailed understanding between two organizations without a legally binding commitment?

A. Service-level agreement (SLA)
B. Memorandum of understanding (MOU)
C. Master service agreement (MSA)
D. Work order (WO)

Memorandum of understanding (MOU)

Signifies a mutual understanding between parties without legal obligations.

Which concept in risk management helps an organization to identify how much total financial loss they can expect over a year due to potential risks?

A. Risk scenario
B. Annualized loss expectancy (ALE)
C. Risk factor
D. Single loss expectancy (SLE)

Annualized loss expectancy (ALE)

Quantifies the expected financial loss over a year.

An organization has a policy that requires employees to lock their computer screens when they are away from their desks. This policy is primarily aimed at preventing which of the following?

A. Malware infections
B. Data breaches from external attackers
C. Unauthorized access by internal entities
D. Hardware theft

Unauthorized access by internal entities

Locking screens prevents opportunistic or malicious access by co-workers or other internal personnel.

A company wants to determine where personal data is stored, processed, and transmitted within its environment. This process is best described as:

A. Data inventory
B. Data categorization
C. Data masking
D. Data attestation

Data inventory

Identifying and cataloging data within an organization.

If an individual wants to ensure their personal data is deleted from an online service’s database, this is termed as:

A. Data retention
B. Right to be forgotten
C. Data masking
D. Data categorization

Right to be forgotten

An individual’s right to have their personal data deleted.

A third-party organization is employed by a bank to review its financial transactions to ensure there’s no fraud or anomalies. This is an example of:

A. Self-assessment
B. Attestation
C. Independent third-party audit
D. Internal audit

Independent third-party audit

An external party reviewing an organization’s operations.

An organization periodically sends its employees simulated phishing emails to test their ability to recognize malicious attempts. This is an example of:

A. Phishing campaigns
B. Data masking
C. Reporting and monitoring
D. Anomalous behavior recognition

Phishing campaigns

Simulated attempts to test users’ ability to recognize phishing.

During penetration testing, the testers only have knowledge about the specific IT systems they are supposed to test. This scenario is termed as:

A. Active reconnaissance
B. Unknown environment
C. Partially known environment
D. Known environment

Partially known environment

Testers have knowledge about certain systems but not everything.

What is the main goal of conducting external examinations in an organization?

A. To verify the organization’s compliance with external regulations.
B. To review the organization’s marketing strategies.
C. To promote employees internally.
D. To hire new employees.

To verify the organization’s compliance with external regulations.

External examinations aim to ensure compliance with regulations.

When an employee is taught the dangers of writing down passwords or storing them in easily accessible locations, this training is primarily to prevent which type of threat?

A. Social engineering
B. Insider threat
C. Phishing campaigns
D. Anomalous behavior

Insider threat

Encompasses threats posed by individuals within an organization, such as employees mishandling sensitive information.

In the context of privacy, which entity primarily determines how personal data is stored and for how long?

A. Processor
B. IT administrator
C. Controller
D. Data subject

Controller

Decide how personal data should be stored and the duration for the same.

During a security awareness session, employees are informed of the dangers of disclosing their work details in online forums or social media. This training aims to mitigate which of the following threats?

A. Password attacks
B. Operational security breaches
C. Insider threat
D. Phishing

Operational security breaches

Maintaining operational information, including non-disclosure of sensitive operational details.

If an organization is seeking to understand the potential consequences of not adhering to a newly implemented data protection regulation, they are primarily concerned with:

A. Privacy implications
B. Data inventory
C. Compliance reporting
D. Consequences of non-compliance

Consequences of non-compliance

Focuses on understanding the repercussions of not adhering to regulations.

Which cryptographic method involves hiding a message within another message or image, such that it’s not detectable?

A. Tokenization
B. Full-disk encryption
C. Steganography
D. Key exchange

Steganography

The technique of hiding data within other data.