The acronym VPN stands for: ✔✔Virtual Private Network
Executives are responsible for managing and overseeing enterprise risk management. ✔✔True
The internal audit department is investigating a possible accounting breac
...
The acronym VPN stands for: ✔✔Virtual Private Network
Executives are responsible for managing and overseeing enterprise risk management. ✔✔True
The internal audit department is investigating a possible accounting breach. One of the auditors
is sent to interview the following employees: Employee A works in the accounts receivable
office and is in charge of entering data into the finance system; Employee B works in the
accounts payable office and is in charge of approving purchase orders; Employee C is the
manager of the finance department, supervises Employee A and Employee B, and can perform
the functions of both Employee A and Employee B. Which of the following should the auditor
suggest be done to avoid future security breaches? ✔✔The manager should only be able to
review the data and approve purchase orders.
An electrical utility has employed a consultant to perform a controls assessment of the personnel
system, backend business operations, and the SCADA system used in their facility. Which of the
following correctly states the risk management options that the consultant should use during the
assessment? ✔✔Avoid, transfer, mitigate, and accept.
The acronym SOA stands for: ✔✔Statement of Applicability
Which of the following are steps in the risk management process? ✔✔All of the AboveCybersecurity should be involved throughout the entire system development life cycle. ✔✔True
A Physical Security Manager is ready to replace 30 analog surveillance cameras with IP cameras
with built in web management. There are several security guard desks on different networks that
must be able to view the cameras without unauthorized people viewing the video as well. The
selected IP camera vendor does not have the ability to authenticate users at the camera level.
Which of the following should be used to BEST secure this environment? ✔✔Create an IP
camera network and deploy a proxy to authenticate users prior to accessing the cameras.
What is an advantage of cloud computing? ✔✔Improved performance
Cybersecurity is primarily about implementing a checklist of requirements. ✔✔False
A retail merchant has had a number of issues in regards to the integrity of sensitive information
across all of its customer databases. This has resulted in the merchants share price decreasing in
value by more than one third and the merchant has been threatened with losing their ability to
process credit card transactions. The new Chief Information Security Officer (CISO) as a result
has initiated a program of work to solve the issues. The business has specified that the solution
needs to be enterprise grade and meet the following requirements: Work across all major
platforms, applications and infrastructure; Tracks activity of all users, including administrators;
Operates without negatively impacting the performance of production platforms, applications,
and infrastructures; Provides real-time incident reporting; Displays incidents in a dashboard view
for easy recognition; Includes a report generator where business units are able to query against
companys system assets. In order to solve this problem, which of the following security solutions
will BEST meet the above requirements? ✔✔Implement an enterprise-based SIEM solution to
process the logs of the major platforms, applications, and infrastructure.Open source material is a good resource for gathering substantial information on a desired target.
✔✔True
The agile process emphasizes which of the following over processes and tools? ✔✔Individuals
and Interactions
Jurisdiction and Breach Notification are examples of what type of potential risk? ✔✔Legal
Which of the following is considered the necessary research done before launching a scan?
✔✔Network Reconnaissance
Cloud computing does NOT require a constant Internet connection. ✔✔False
Which of the following should be developed during the SDLC? ✔✔All of the Above
HTML5 is the latest version of the markup language. ✔✔True
Chain of Custody shows who controlled, secured and obtained a piece of evidence. ✔✔True
There should never be different levels of regulations within a single business unit. ✔✔FalseNew zero day attacks are being discovered on a regular basis against a broad range of IT
systems. Which of the following best practices should a security manager do to manage the risks
being faced through these attack vectors? ✔✔Maintain a list of critical systems.
Which of the following BEST explains SAML? ✔✔A security attestation model built on XML
and SOAP based services, which allows for the exchange of AandA data between systems and
supports Federated Identity Management.
An intrusion detection system logged an attack attempt from a remote IP address. One week
later, the attacker successfully compromised the network. Which of the following MOST likely
occurred? ✔✔No one was reviewing the IDS event logs.
A government agency has a major new initiative to virtualize as many servers as possible, due to
power and rack space capacity at its two data centers. The agency has prioritized virtualizing
older servers first as the hardware is nearing end of life. The two initial migrations include
Windows 2000 hosts (domain controllers and front-facing web servers) and open source Linux
hosts (front facing web servers). Which of the following should occur based on best practices?
✔✔Each data center should contain separate virtual environments for the web servers and for the
domain controllers.
Which of the following is an agreement between two or more organizations to work together to
allow information exchange? ✔✔Interoperability
The DoD has specific mandatory requirements for data encryption. ✔✔True
[Show More]