ITN 260 Module 12,13 & 15 Review | Questions and Answers

Document Content and Description Below

ITN 260 Module 12, 13, and 15 Review | Questions and Answers Which of the following threats would be classified as the actions of a hactivist? a. Environmental threat b. External threat c. Complian ... ce threat d. Internal threat Which of these is NOT a response to risk? a. Mitigation b. Transference c. Resistance d. Avoidance Which of the following is NOT a threat classification category? a. Financial b. Compliance c. Strategic d. Tactical In which of the following threat classifications would a power blackout be classified? a. Operational b. Technical c. Strategic d. Managerial Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (High, Medium, or Low) to represent a risk? a. Quantitative risk calculation b. Rule-based risk calculation c. Policy-based risk calculation d. Qualitative risk calculation What is a list of potential threats and associated risks? a. Risk matrix b. Risk portfolio c. Risk register d. Risk assessment Giovanni is completing a report on risks. To which risk option would he classify the action that the organization has decided not to construct a new a data center because it would be located in an earthquake zone? a. Transference b. Prevention c. Avoidance d. Rejection Which of the following control categories includes conducting workshops to help users resist phishing attacks? a. Technical b. Operational c. Managerial d. Administrative Emiliano needs to determine the expected monetary loss every time a risk occurs. Which formula will he use? a. ALE b. AV c. SLE d. ARO Enzo is reviewing the financial statements and has discovered a serious misstatement. What type of risk has he found? a. Financial risk b. Reporting risk c. Monetary risk d. Control risk Simona needs to research a control that attempts to discourage security violations before they occur. Which control will she research? a. Preventive control b. Detective control c. Deterrent control d. Corrective control Which of the following is not a legally enforceable agreement but is still more formal than an unwritten agreement? a. MOU b. BPA c. SLA d. MSA Angelo has received notification that a business partner will no longer sell or update a specific product. What type of notification is this? a. EOP b. EOL c. EOS d. EOA Which of the following is NOT a concern for users regarding the usage of their privacy data? a. Individual inconveniences and identity theft b. Statistical inferences c. Timeliness of data d. Associations with groups Which of the following is NOT a consequence to an organization that has suffered a data security breach? a. Reputation damage b. Monetary fine c. De-escalation of reporting requirements d. IP theft Which of the following data types has the highest level of data sensitivity? a. Sensitive b. Confidential c. Secure d. Private Sergio has been asked to make a set of data that was once restricted now available to any users. What data type will Sergio apply to this set of data? a. Unrestricted b. Open c. Public d. Available Which of the following uses data anonymization? a. Data masking b. Data minimization c. Tokenization d. Data obfuscation sanitization (DOS) Which of the following is NOT true about data sovereignty? a. Governments cannot force companies to store data within specific countries. b. Data sovereignty is a concept that until recently was less of an issue. c. Generally, data is subject to the laws of the country in which it is collected or processed. d. Regulations are not necessarily on where an organization is headquartered. Bob needs to create an agreement between his company and a third-party organization that demonstrates a "convergence of will" between the parties so that they can work together. Which type of agreement will Bob use? a. ISA b. SLA c. BPA d. MOU Which of the following is NOT part of the AAA framework? a. Authorization b. Authentication c. Accounting d. Access Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking? a. Data custodian/steward b. Data privacy officer c. Data processor d. Data controller Which access control scheme is the most restrictive? a. DAC b. MAC c. Role-Based Access Control d. Rule-Based Access Control Which type of access control scheme uses predefined rules that makes it the most flexible scheme? a. DAC b. ABAC c. NAC d. MAC Which statement about Rule-Based Access Control is true? a. It requires that a custodian set all rules. b. It is considered a real-world approach by linking a user's job function with security. c. It is no longer considered secure. d. It dynamically assigns roles to subjects based on rules. Which of these is a set of permissions that is attached to an object? a. Object modifier b. Entity attribute (EnATT) c. ACL d. SRE What can be used to provide both filesystem security and database security? a. LDAPs b. RBASEs c. CHAPs d. ACLs What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time? a. Daylight savings time b. Time offset c. Greenwich Mean Time (GMT) d. Civil time Cheryl has been asked to set up a user account explicitly to provide a security context for services running on a server. What type of account will she create? a. User account b. Service account c. Privilege account d. Generic account Which of these is NOT an incident response process step? a. Eradication b. Reporting c. Lessons learned d. Recovery Which of the following is typically a monthly discussion of a scenario conducted in an informal and stress-free environment to evaluate an incident response plan? a. Simulation b. Incident Response Plan Evaluation (IRP-E) c. Tabletop d. Walkthrough Ella wants to research an attack framework that incorporates adversary, infrastructure, capability, and victim. Which of the following would she choose? a. Cyber Kill Chain b. Mitre ATT&CK c. Basic-Advanced Incident (BAI) Framework d. Diamond Model of Intrusion Analysis Blaise needs to create a document that is a linear-style checklist of required manual steps and actions needed to successfully respond to a specific type of incident. What does she need to create? a. ARC Codebook b. Runbook c. Playbook d. SIEM-book Which of the following should be performed in advance of an incident? a. Isolation b. Capture c. Containment d. Segmentation What is a platform used to provide telephony, video, and web conferences that can serve as an entry point to a threat actor? a. SIP b. IP voice c. Call manager d. VoIP Which of the following is NOT a problem associated with log management? a. Different log formats [Show More]

Last updated: 9 months ago

Preview 4 out of 11 pages