Module 1-02 Challenge

Question 1

Security posture refers to an organization’s ability to react to _____ and manage its defense of critical assets and data.

• competition
• tasks
• sustainability
• change

Answer 1

change

Question 2

Which of the following examples are key focus areas of the security and risk management domain? Select all that apply.

• Define security goals and objectives
• Follow legal regulations
• Maintain business continuity
• Conduct control testing
• Mitigate risk
• Be in compliance

Answer 2

• Define security goals and objectives
• Follow legal regulations
• Maintain business continuity
• Mitigate risk
• Be in compliance

Question 3

What is the goal of business continuity?

• Remove access to assets
• Maintain everyday productivity
• Destroy publicly available data
• Reduce personnel

Answer 3

Maintain everyday productivity

Question 4

What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?

Secure coding
Remote services
Employee retention
Shared responsibility

Answer 4

Shared responsibility

Question 5

A security analyst researches ways to improve access and authorization at their business. Their primary goal is to keep data secure. Which security domain does this scenario describe?

Asset security
Communication and network security
Security assessment and testing
Identity and access management

Answer 5

Identity and access management

Question 6

A security analyst is asked to conduct a security audit to identify vulnerabilities. Which security domain is this task related to?

• Security architecture and engineering
• Security assessment and testing
• Software development security
• Communication and network security

Answer 6

Security assessment and testing

Question 7

When working in the software development security domain, security team members can use each phase of the software development _____ to conduct security reviews and ensure that security can be fully integrated into software products.

• handling
• lifecycle
• sequencing
• operations

Answer 7

lifecycle

Question 8

Which of the following statements accurately describe risk? Select all that apply.

• If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.
• Another way to think of risk is the likelihood of a threat occurring.
• A high-risk asset is any information protected by regulations or laws.
• If compromised, a low-risk asset would have a severe negative impact on an organization’s ongoing reputation.
• Assets with SPII, PII, or intellectual property are examples of high-risk assets.
• Determining whether a risk is low, medium, or high depends on the possible threat and the asset involved.

Answer 8

• If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.
• Another way to think of risk is the likelihood of a threat occurring.
• A high-risk asset is any information protected by regulations or laws.
• Assets with SPII, PII, or intellectual property are examples of high-risk assets.
• Determining whether a risk is low, medium, or high depends on the possible threat and the asset involved.

Question 9

A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?

• Lack of engagement
• Increase in profits
• Damage to reputation
• Loss of identity

Answer 9

Damage to reputation

Question 10

In the Risk Management Framework (RMF), which step involves officially approving a system to operate and taking responsibility for its potential risks?

• Authorize
• Select
• Prepare
• Categorize

Answer 10

Authorize

Question 11

What term describes an organization’s ability to maintain its everyday productivity by establishing risk disaster recovery plans?

• Business continuity
• Mitigation
• Daily defense
• Recovery

Answer 11

Business continuity

Question 12

According to the concept of shared responsibility, employees can help lower risk to physical and virtual security by _____. Select two answers.

• meeting productivity goals
• recognizing and reporting security concerns
• limiting their communication with team members
• taking an active role

Answer 12

• recognizing and reporting security concerns
• taking an active role

Question 13

A security analyst ensures that employees are able to review only the data they need to do their jobs. Which security domain does this scenario relate to?

• Identity and access management
• Security assessment and testing
• Communication and network security
• Software development security

Answer 13

Identity and access management

Question 14

Which of the following are steps of implementing security controls? Select three answers.

• Regularly reviewing security information
• Setting up multi-factor authentication
• Assessing the effectiveness of current safeguards
• Tracking user actions

Answer 14

• Regularly reviewing security information
• Setting up multi-factor authentication
• Assessing the effectiveness of current safeguards

Question 15

The software development security domain involves the use of the software development ___, which is an efficient process used by teams to quickly build software products and services.

• lifecycle
• functionality
• staging
• operations

Answer 15

lifecycle

Question 16

In the Risk Management Framework (RMF), the _____ step might involve implementing a plan to change password requirements in order to reduce requests to reset employee passwords.

• authorize
• implement
• categorize
• prepare

Answer 16

implement