Question 1

Which of the following IT security frameworks analyzes business requirements and then creates a "chain of traceability" through the concept, design, implementation, and continual phases of the business life cycle?
A) ISO
B) NIST
C) ISACA
D) SABSA

Accepted Answer

SABSA (Sherwood Applied Business Security Architecture) is an IT security framework that focuses on aligning security with business requirements and creates a "chain of traceability" through all phases of the business life cycle.

Question 2

Most U.S. organizations do not use a security framework.

Accepted Answer

Most U.S. organizations do use a security framework to guide their cybersecurity practices, such as NIST, ISO/IEC 27001, or others, to ensure they meet industry standards and protect their data effectively.

Question 3

Which of the following IT security frameworks is a global non-profit association that develops practices, guidance, and benchmarks, and uses a tool called Control Objectives for Information and Related Technology (COBIT)?
A) ISO
B) NIST
C) ISACA
D) SABSA

Accepted Answer

ISACA is a global non-profit association that develops practices, guidance, and benchmarks, and it is known for the COBIT framework.

Question 4

A(n) ________________ defines the actions users may perform while accessing devices and networks that belong to the organization.

Accepted Answer

The answer of A(n) ________________ defines the actions users may...

Question 5

Which of the following types of controls includes multifactor authentication, firewalls, and intrusion detection systems?
A) Administrative controls
B) Logical controls
C) Physical controls
D) Online controls

Accepted Answer

Logical controls are security measures that protect the systems and data, including multifactor authentication, firewalls, and intrusion detection systems.

Question 6

In social engineering _______________, a threat actor masquerades as a real or fictitious character and then plays out the role on a victim.

Accepted Answer

The answer of In social engineering _______________, a threat actor...

Question 7

In which of the following does an attacker secretly relay and possibly alter communications between two parties who believe that they are directly communicating with each other?
A) Session hijacking
B) Man-in-the-middle attack
C) Cross-site scripting
D) Privilege escalation

Accepted Answer

In a man-in-the-middle attack, an attacker secretly relays and possibly alters communications between two parties who believe that they are directly communicating with each other.

Question 8

To address security issues with directory services, many organizations are turning to what framework of business processes, policies, and technologies that facilitates the management of digital identities?

Accepted Answer

The answer of To address security issues with directory services,...

Question 9

In which of the following does a threat actor take advantage of web applications that accept user input without validating it before presenting it back to the user?
A) Session hijacking
B) Man-in-the-middle attack
C) Cross-site scripting
D) Privilege escalation

Accepted Answer

Cross-site scripting (XSS) occurs when a threat actor exploits web applications that accept user input without proper validation, allowing them to inject malicious scripts that are executed in the user's browser.

Question 10

Which of the following does not refer to the process of using a single authentication credential to access multiple accounts, networks, or applications?
A) TACACS+
B) Identity management
C) SSO
D) Federation

Accepted Answer

TACACS+ is a protocol for authentication, authorization, and accounting, not specifically for using a single credential across multiple systems.

Quiz 10: Security Structures and Identity and Access Management

Which of the following IT security frameworks analyzes business requirements and then creates a "chain of traceability" through the concept, design, implementation, and continual phases of the business life cycle?

Most U.S. organizations do not use a security framework.

Which of the following IT security frameworks is a global non-profit association that develops practices, guidance, and benchmarks, and uses a tool called Control Objectives for Information and Related Technology (COBIT) ?

A(n) ________________ defines the actions users may perform while accessing devices and networks that belong to the organization.

Which of the following types of controls includes multifactor authentication, firewalls, and intrusion detection systems?

In social engineering _______________, a threat actor masquerades as a real or fictitious character and then plays out the role on a victim.

In which of the following does an attacker secretly relay and possibly alter communications between two parties who believe that they are directly communicating with each other?

To address security issues with directory services, many organizations are turning to what framework of business processes, policies, and technologies that facilitates the management of digital identities?

In which of the following does a threat actor take advantage of web applications that accept user input without validating it before presenting it back to the user?

Which of the following does not refer to the process of using a single authentication credential to access multiple accounts, networks, or applications?