C725 Practice Test
Which groups typically report to the chief security officer (CSO)? - ✔✔Security
engineering and operations
A company is considering which controls to buy to protect an asset. What should the
price
...
C725 Practice Test
Which groups typically report to the chief security officer (CSO)? - ✔✔Security
engineering and operations
A company is considering which controls to buy to protect an asset. What should the
price of the controls be in relation to the cost of the asset? - ✔✔Less than the annual
loss expectancy
An employee uses a secure hashing algorithm for message integrity. The employee
sends a plain text message with the embedded hash to a colleague. A rogue device
receives and retransmits the message to its destination. Once received and checked by
the intended recipient, the hashes do not match.
Which STRIDE concept has been violated? - ✔✔Tampering
An attacker accesses private emails between the company's CISO and board members.
The attacker then publishes the emails online. Which type of an attack is this, according
to the STRIDE model? - ✔✔Information disclosure
A system data owner needs to give access to a new employee, so the owner formally
requests that the system administrator create an account and permit the new employee
to use systems necessary to the job. Which type of control does the system
administrator use to grant these permissions? - ✔✔Access
The chief information security officer (CISO) for an organization knows that the
organization's datacenter lacks the physical controls needed to adequately control
access to sensitive corporate systems. The CEO, CIO, and CFO feel that the current
physical access is within a tolerable risk level, and they agree not to pay for upgrades to
the facility.
Which risk management strategy has the senior leadership decided to employ? -
✔✔Acceptance
Which phase of the software development life cycle follows system design? -
✔✔Development
Which question relates to the functional aspect of computer security? - ✔✔Does the
system do the right things in the right way?
Which action is an example of a loss of information integrity based on the CIA triad? -
✔✔A security engineer accidentally scrambles information in a database.
What is included in quantitative risk analysis? - ✔✔Risk ranking
[Show More]
.png)
.png)
