Module 2-02 Challenge Flashcards

Question 1

Q

How do organizations use security frameworks to develop an effective security posture?

As a policy to support employee training initiatives
As a guide to identify threat actor strategies
As a policy to protect against phishing campaigns
As a guide to reduce risk and protect data and privacy

Answer

A

As a guide to reduce risk and protect data and privacy

Question 2

Q

A security professional uses _____ to verify that an employee has permission to access a resource.

encryption
integrity
authorization
admission

Answer

A

authorization

Question 3

Q

A person’s fingerprint, eye or palm scan are examples of what?

Codes
Biometrics
Passwords
Statistics

Answer

A

Biometrics

Question 4

Q

Which of the following statements accurately describe the CSF? Select all that apply.

Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.

Answer

A

Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

Question 5

Q

You work as a security analyst for a supply chain organization and need to confirm all inventory data is correct, authentic, and reliable. Which core principle of the CIA triad are you using?

Confidentiality
Availability
Credibility
Integrity

Answer

A

Integrity

Question 6

Q

A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?

Separation of duties
Keep security simple
Defense in depth
Principle of least privilege

Answer

A

Defense in depth

Question 7

Q

What are some of the primary objectives of an internal security audit? Select all that apply.

Avoid fines due to a lack of compliance
Reduce the amount of data on a network
Determine what needs to be improved in order to achieve the desired security posture
Help security teams identify organizational risk
Limit traffic on an organization’s firewall
Help security teams correct compliance issues
Enable security teams to assess controls
Identify any security gaps or weaknesses within an organization

Answer

A

Avoid fines due to a lack of compliance
Determine what needs to be improved in order to achieve the desired security posture
Help security teams identify organizational risk
Help security teams correct compliance issues
Enable security teams to assess controls
Identify any security gaps or weaknesses within an organization

Question 8

Q

In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.

conducting a risk assessment
communicating to stakeholders
assessing compliance
establishing the scope and goals

Answer

A

conducting a risk assessment

Question 9

Q

A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?

Administrative controls
Communication controls
Technical controls
Physical controls

Answer

A

Physical controls

Question 10

Q

What information is typically communicated to stakeholders after completion of an internal security audit? Select all that apply.

A summary of the goals
Existing risks that need to be addressed now or in the future
Detailed data about past cybersecurity incidents
Strategies for improving security posture
Results and recommendations
Compliance regulations to be adhered to
Comprehensive details about each part of the process

Answer

A

A summary of the goals
Existing risks that need to be addressed now or in the future
Strategies for improving security posture
Results and recommendations
Compliance regulations to be adhered to

Question 11

Q

What is the purpose of a security framework?

Develop procedures to help identify productivity goals
Establish policies to expand business relationships
Build plans to help mitigate risks and threats to data and privacy
Create security controls to protect marketing campaigns

Answer

A

Build plans to help mitigate risks and threats to data and privacy

Question 12

Q

A security professional uses _____ to convert data from a readable format to an encoded format.

authorization
confidentiality
authentication
encryption

Answer

A

encryption

Question 13

Q

Which of the following characteristics are examples of biometrics? Select all that apply.

Eye scan
Password
Palm scan
Fingerprint

Answer

A

Eye scan
Palm scan
Fingerprint

Question 14

Q

A security team considers how to avoid unnecessarily complicated solutions when implementing security controls. Which OWASP principle does this scenario describe?

Keep security simple
Fix security issues correctly
Defense in depth
Principle of least privilege

Answer

A

Keep security simple

Question 15

Q

The planning elements of an internal security audit include establishing scope and _____, then conducting a risk assessment.

compliance
goals
controls
limitations

Question 16

Q

A security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?