Question 1

What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?&#10;A)incident reporting&#10;B)incident management&#10;C)incident handling&#10;D)incident planning

Accepted Answer

Incident management refers to the framework and set of functions required to handle and respond to incidents within an organization. This includes tasks such as identifying and assessing incidents, coordinating response efforts, and reporting and documenting incidents for future reference. Incident reporting, incident handling, and incident planning are all components of incident management but do not encompass the entire framework.

Question 2

The classification designation of government documents is typically Top Secret,Secret,Unusual,Confidential,and Unclassified.

Accepted Answer

The classification designations of government documents are typically Top Secret, Secret, Confidential, and Unclassified. "Unusual" is not a standard classification designation.

Question 3

Select the option that best describes an asset:&#10;A)any item that is used by all employees&#10;B)any item that is owned by an enterprise&#10;C)any item that has a positive economic value&#10;D)any item that is used by management

Accepted Answer

An asset is any item that has a positive economic value. This means that it is something that can be owned, controlled or used to produce goods or services that can be sold for a profit. Simply being used by all employees or owned by an enterprise does not necessarily make something an asset.

Question 4

Risk avoidance involves identifying the risk and making the decision to engage in the activity.

Accepted Answer

Risk avoidance involves identifying the risk and making the decision not to engage in the activity, therefore avoiding the risk altogether.

Question 5

A subject's privilege over an object should follow the principle of least privilege.

Accepted Answer

This principle suggests that the subject should have only the minimum level of privilege necessary to perform its tasks effectively and efficiently, which prevents unauthorized access to objects and reduces the risk of any potential harm or damage.

Question 6

Distributive allocation refers to &#34;eliminating&#34; the risk.

Accepted Answer

Distributive allocation refers to dividing or sharing risks, resources, or rewards among different individuals, groups, or entities. It is not about eliminating the risk, but rather ensuring that it is distributed in a fair and equitable manner.

Question 7

A collection of suggestions that should be implemented is referred to as a:&#10;A)security policy&#10;B)baseline&#10;C)guideline&#10;D)security procedure

Accepted Answer

A collection of suggestions is typically referred to as guidelines. Security policy refers to an organization's documented approach to managing security, while a baseline refers to a set of minimum security requirements. Security procedures, on the other hand, are step-by-step instructions for executing a particular security task.

Question 8

Many cloud providers allow customers to perform penetration tests and vulnerability scans without permission and whenever is necessary.

Accepted Answer

Most cloud providers require customers to obtain permission before conducting penetration tests or vulnerability scans, as these activities can cause disruptions to other users and the overall system. Additionally, some providers may have specific guidelines or procedures for conducting such tests to ensure the safety and security of the cloud environment.

Question 9

A physical control attempts to discourage security violations before they occur.

Accepted Answer

Physical controls are designed to prevent unauthorized access to facilities, equipment, and resources, and to protect personnel from physical harm, rather than to discourage security violations before they occur. Preventive controls, not specifically physical controls, aim to discourage violations before they happen.

Question 10

What term can be described as a function of threats,consequences of those threats,and the resulting vulnerabilities?&#10;A)threat&#10;B)mitigation&#10;C)risk&#10;D)management

Accepted Answer

Risk can be defined as the combination of threats, consequences, and vulnerabilities. It is a measure of the potential for harm to an asset or organization. Risk management involves identifying, assessing, and mitigating risks to minimize their potential impact.

Question 11

A security control is any device or process that is used to reduce risk.

Accepted Answer

The answer of A security control is any device or...

Question 12

Vendor-specific guides are useful for configuring web servers,operating systems,applications servers,and network infrastructure devices.

Accepted Answer

The answer of Vendor-specific guides are useful for configuring web...

Question 13

What can be defined as the planning,coordination,and communications functions that are needed to resolve an incident in an efficient manner?&#10;A)incident reporting&#10;B)incident management&#10;C)incident handling&#10;D)incident planning

Accepted Answer

The answer of What can be defined as the planning,coordination,and...

Question 14

What kind of policy defines the actions users may perform while accessing systems and networking equipment?&#10;A)VPN access policy&#10;B)network use policy&#10;C)privacy use policy&#10;D)acceptable use policy

Accepted Answer

The answer of What kind of policy defines the actions...

Question 15

The FIT calculation is another way of reporting MTTF.

Accepted Answer

The answer of The FIT calculation is another way of...

Question 16

A written document that states how an organization plans to protect the company's information technology assets is a:&#10;A)security policy&#10;B)guideline&#10;C)security procedure&#10;D)standard

Accepted Answer

The answer of A written document that states how an...

Question 17

Due to the potential impact of changes that can affect all users in an organization,and considering that security vulnerabilities can arise from uncoordinated changes,what should an organization create to oversee changes?

A)change management team
B)incident response team
C)security control team
D)compliance team

Accepted Answer

The answer of Due to the potential impact of changes...

Question 18

Assessing risk should include testing of technology assets to identify any vulnerabilities.

Accepted Answer

The answer of Assessing risk should include testing of technology...

Question 19

Generally considered to be the most important information security policies,what item below defines the actions a user may perform while accessing systems and networking equipment?&#10;A)acceptable use policies&#10;B)encryption policies&#10;C)data loss policies&#10;D)VPN policies

Accepted Answer

The answer of Generally considered to be the most important...

Question 20

Select the option that best describes a policy:&#10;A)A collection of requirements specific to the system or procedure that must be met by everyone&#10;B)A collection of suggestions that should be implemented&#10;C)A list of all items that have a positive economic value&#10;D)A document that outlines specific requirements or rules that must be met

Accepted Answer

The answer of Select the option that best describes a...

Question 21

Which of the following is an agreement that is intended to minimize security risks for data transmitted across a network?&#10;A)MOU&#10;B)SLA&#10;C)BPA&#10;D)ISA

Accepted Answer

The answer of Which of the following is an agreement...

Question 22

Which of the following is a basic measure of reliability for systems that cannot be repaired?&#10;A)mean time to recovery&#10;B)mean time to failure&#10;C)mean time to operate&#10;D)failure in time

Accepted Answer

The answer of Which of the following is a basic...

Question 23

Which threat category impacts the daily business of the organization?&#10;A)operational&#10;B)compliance&#10;C)strategic&#10;D)managerial

Accepted Answer

The answer of Which threat category impacts the daily business...

Question 24

What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?&#10;A)visual&#10;B)auditory&#10;C)kinesthetic&#10;D)spatial

Accepted Answer

The answer of What type of learner tends to sit...

Question 25

What type of control is designed to provide an alternative to normal controls that for some reason cannot be used.?&#10;A)preventive control&#10;B)compensating control&#10;C)detective control&#10;D)deterrent control

Accepted Answer

The answer of What type of control is designed to...

Question 26

What type of risk calculation uses an &#34;educated guess&#34; based on observation?&#10;A)quantitative risk calculation&#10;B)environmental risk calculation&#10;C)qualitative risk calculation&#10;D)observational risk calculation

Accepted Answer

The answer of What type of risk calculation uses an...

Question 27

Which of the following refers to the start-up relationship between partners?&#10;A)partner on-boarding&#10;B)partner trust&#10;C)partner beginning&#10;D)starting partner agreement

Accepted Answer

The answer of Which of the following refers to the...

Question 28

Which term below describes the art of helping an adult learn?&#10;A)andragogical&#10;B)pedagogical&#10;C)deontological&#10;D)metagogical

Accepted Answer

The answer of Which term below describes the art of...

Question 29

What describes an agreement between two or more parties and demonstrates a &#34;convergence of will&#34; between the parties?so that they can work together?&#10;A)MOU&#10;B)NDA&#10;C)BPA&#10;D)ISA

Accepted Answer

The answer of What describes an agreement between two or...

Question 30

What term best describes the ability to continue to function as the size or volume of the enterprise data center expands to meet the growing demands?&#10;A)adaptability&#10;B)automation&#10;C)flexibility&#10;D)scalability

Accepted Answer

The answer of What term best describes the ability to...

Question 31

What type of learner learns best through hands-on approaches?&#10;A)visual&#10;B)auditory&#10;C)kinesthetic&#10;D)spatial

Accepted Answer

The answer of What type of learner learns best through...

Question 32

Websites that group individuals and organizations into clusters or groups based on some sort are considered to be what type of networks?&#10;A)social media network&#10;B)social engineering network&#10;C)social management network&#10;D)social control network

Accepted Answer

The answer of Websites that group individuals and organizations into...

Question 33

What is a service contract between a vendor and a client that specifies what services will be provided,the responsibilities of each party,and any guarantees of service?&#10;A)MOU&#10;B)SLA&#10;C)BPA&#10;D)ISA

Accepted Answer

The answer of What is a service contract between a...

Question 34

What control is designed to identify any threat that has reached the system?&#10;A)preventive control&#10;B)compensating control&#10;C)detective control&#10;D)deterrent control

Accepted Answer

The answer of What control is designed to identify any...

Question 35

Which of the following is considered to be a common security issue? (Choose all that apply. )&#10;A)management issues&#10;B)certificate issues&#10;C)encrypted credentials&#10;D)authentication issues

Accepted Answer

The answer of Which of the following is considered to...

Question 36

What type of threat is a threat related to the natural surroundings of an enterprise?&#10;A)external threat&#10;B)environmental threat&#10;C)internal threat&#10;D)biological threat

Accepted Answer

The answer of What type of threat is a threat...

Question 37

Which of the following is a network that moves a product from the supplier to the customer and is comprised of vendors that supply raw material,manufacturers who convert the material into products,warehouses that store products,distribution centers that deliver them to the retailers,and retailers who bring the product to the consumer?

A)supply chain
B)supply chain assessment
C)supply sphere
D)supply network

Accepted Answer

The answer of Which of the following is a network...

Question 38

Select the specific type of interview that is usually conducted when an employee leaves the company?&#10;A)last interview&#10;B)initial interview&#10;C)exit interview&#10;D)post interview

Accepted Answer

The answer of Select the specific type of interview that...

Question 39

Which threat category affects the long-term goals of the organization?&#10;A)operational&#10;B)compliance&#10;C)strategic&#10;D)managerial

Accepted Answer

The answer of Which threat category affects the long-term goals...

Question 40

What specific type of mechanism should be utilized by all types of training to provide input from participants on the training's effectiveness so that any needed modifications can be made for future training?

A)participant feedback mechanism
B)survey feedback mechanism
C)training mechanism
D)feedback mechanism

Accepted Answer

The answer of What specific type of mechanism should be...

Question 41

What are the two risk calculation formulas commonly used to calculate expected losses?

Accepted Answer

The answer of What are the two risk calculation formulas...

Question 42

Explain the concept of change management.

Accepted Answer

The answer of Explain the concept of change management....

Question 43

Why should authorization be obtained for penetration testing and vulnerability testing?

Accepted Answer

The answer of Why should authorization be obtained for penetration...

Question 44

What is a security control?

Accepted Answer

The answer of What is a security control?...

Question 45

Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.

Accepted Answer

The answer of Contrast the difference between a pedagogical approach...

Question 46

What is a risk register?

Accepted Answer

The answer of What is a risk register?...

Question 47

List and describe three of the six risk categories.

Accepted Answer

The answer of List and describe three of the six...

Question 48

What is mean time to recovery (MTTR)?

Accepted Answer

The answer of What is mean time to recovery (MTTR)?...

Question 49

What is privilege management?

Accepted Answer

The answer of What is privilege management?...

Question 50

Explain how continuous monitoring can benefit an IT enterprise's operations.

Accepted Answer

The answer of Explain how continuous monitoring can benefit an...

Deck 15: Risk Mitigation