2-C-S-I

In risk management concepts, a ___________ is something or someone that poses a risk to an organization or asset. (D1, L1.2.1). fear. threat. check. asset.

A system that collects transactional information and stores it in a log to show which users performed which actions is an example of providing ________. (D1, L1.1.1). I do not repudiate. multifactor authentication. biometric data. privacy.

Within the organization, who can identify the risk? (D1, L1.2.2). the head of security. any member of the security team. high direction. to nobody.

Which of the following is an example of a "something you are" authentication factor? (D1, L1.1.1). a credit card presented at an ATM. your password and PIN. a user ID. a photograph of your face.

In risk management concepts, a _________ is something that a security professional might need to protect. (D1, L1.2.1). vulnerability. asset. threat. probability.

All other answers are examples of threats, as they all have the potential to cause an adverse impact on the organization and the organization's assets. Which of the following probably poses the greatest risk? (D1, L1.2.1). a high probability and high impact event. a high probability, low impact event. a low probability, high impact event. a low probability, low impact event.

Triffid Corporation publishes a strategic summary of the company's intent to protect all data in its possession. This document is signed by Triffid's senior management. What kind of document is this? (D1, L1.4.1). politics. procedure. standard. law.

Triffid Corporation publishes a policy stating that all personnel will act in a manner that protects human health and safety. The safety office is tasked with writing a detailed set of processes for how employees should wear protective gear, such as hard hats and gloves, when in hazardous areas. This detailed set of processes is a _________. (D1, L1.4.1). politics. procedure. standard. law.

Which of the following is an example of a "something you know" authentication factor? (D1, L1.1.1). keyword. fingerprint. a user ID. keyword.

Within the organization, who can identify the risk? (D1, L1.2.2). the head of security. any member of the security team. high direction. to nobody.

The city of Grampon wants to make sure that all of its citizens are protected from malware, so the city council makes a rule that anyone caught creating and releasing malware within the city limits will be fined and go to court. jail. What kind of rule is this? (D1, L1.4.1). politics. procedure. standard. law.

Grampon Municipal Code requires all businesses operating within the city limits to have a set of processes to ensure that employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities that employees must follow while working with hazardous materials within the Grampon city limits. The municipal code is a ______ and the Triffid checklist is a ________. (D1, L1.4.2). law, procedure. rule, law. law, rule. politics, law.

Tina is a member of (ISC) 2 and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some of the group's participants are sharing malware with each other to use against other organizations online. What should Tina do? (D1, L1.5.1). nothing. stop participating in the group. report the group to the police. report group to (ISC) 2.

Aphrodite is a member of (ISC) 2 and a data analyst for Triffid Corporation. While Aphrodite is reviewing the user's log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and viewing streaming video during work hours. What should Aphrodite do? (D1, L1.5.1). inform (ISC) 2. report to law enforcement. inform Triffid management. nothing.

Zarma is a member of (ISC) 2 and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in pursuing an (ISC) 2 certification and asks Zarma what the exam questions look like. What should Zarma do? (D1, L1.5.1). inform (ISC) 2. explain the style and format of the questions, but no details. report to colleague's supervisor. nothing.

A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. (D1, L1.3.1). physical. administrative. passive. technical.

Druna is a security professional tasked with ensuring that laptops are not stolen from the organization's offices. What kind of security check would probably be best for this purpose? (D1, L1.3.1). technical. obverse. physical. administrative.

Jengi is setting up security for a home network. Jengi decides to set up MAC address filtering on the router so that only specific devices can join the network. This is an example of a _______ control. (D1, L1.3.1). physical. administrative. substantial. technical.

Preenka works at an airport. There are red lines painted on the ground next to the track; Preenka has been instructed that no one may step on or cross a red line unless they request and obtain specific permission from the control tower. This is an example of a ______ control. (D1, L1.3.1). physical. administrative. critical. technical.

A bollard is a post placed securely in the ground to prevent a vehicle from entering an area or passing a certain point. Bollards are an example of ______ controls. (D1, L1.3.1). physical. administrative. drastic. technical.

Olaf is a member of (ISC) 2 and a security analyst for Triffid Corporation. During an audit, Olaf is asked if Triffid currently follows a particular security practice. Olaf knows that Triffid doesn't adhere to that standard in that particular situation, but saying this to the auditors will reflect badly on Triffid. What should Olaf do? (D1, L1.5.1). you all hear the truth. ask supervisors for guidance. seek guidance from (ISC) 2. lie to auditors.

Which of the following would probably not be considered a threat? (D1, L1.2.1). natural disaster. unintentional damage to the system caused by a user. to laptop with sensitive data. an external attacker attempting to gain unauthorized access to the environment.

When should a business continuity plan (BCP) be activated? (D2, L2.2.1). as soon as possible. at the beginning of a disaster. when senior management decides. when so directed by regulators.

Which of the following is not typically involved in incident detection? (D2, L2.1.1). users. security analysts. automated tools. regulators.

What is the goal of Business Continuity efforts? (D2, L2.2.1). save money. impress customers. ensure all IT systems continue to function. keep critical business functions operational.

What is the most important goal of a business continuity effort? (D2, L2.2.1). ensure that all IT systems function during a potential outage. ensure all business activities are sustained during a potential disaster. ensure the organization survives a disaster. preserves human health and safety.

What is the overall goal of a disaster recovery (DR) effort? (D2, L2.3.1). save money. back to normal, operations complete. preserve critical business functions during a disaster. improve public perception of the organization.

What is the risk associated with resuming full normal operations too soon after a disaster recovery effort? (D2, L2.3.1). the hazard posed by the disaster could still be present. investors might be upset. regulators could disapprove. the organization could save money.

Who approves the incident response policy? (D2, L2.1.1). (ISC)2. senior management. the head of security. investors.

Handel is a senior manager at Triffid, Inc. and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that operational managers have maximum personal choice in determining which employees have access to which systems/data. Which method should Handel select? (D3, L3.3.1). role-based access controls (RBAC). Mandatory Access Controls (MAC). Discretionary Access Controls (DAC). security policy.

Handel is a senior manager at Triffid, Inc. and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees transferring from department to department, being promoted or cross-trained for new roles can access the various assets they will need for their new roles in the most efficient way. Which method should Handel select? (d3, L3.3.1). role-based access controls (RBAC). Mandatory Access Controls (MAC). discretionary access controls (DAC). barbed wire.

Which of the following roles does not typically require access to a privileged account? (D3, L3.1.1). security administrator. data entry professional. system administrator. help desk technician.

All visitors to a secure facility must be _______. (D3, L3.2.1). fingerprints. photographed. escorted. required to wear protective equipment.

Which of these is an example of a physical access control mechanism? (D3, L3.2.1). software-based firewall at the network perimeter. a lock on a door. network switches that filter based on MAC addresses. a process that requires two people to act at the same time to perform a function.

Which of the following statements is true? (D3, L3.3.1). logical access controls can perfectly protect the IT environment; there is no reason to implement other controls. physical access controls can perfectly protect the IT environment; there is no reason to implement other controls. administrative access controls can perfectly protect the IT environment; there is no reason to implement other controls. it is best to use a combination of controls to provide optimal security.

For a biometric security to work properly, the physiological data of an authorized person must be ______. (D3, L3.2.1). transmission. stored. removed. odified.

Visitors to a secure facility need to be monitored. Controls useful for managing visitors include all of the following except: (D3, L3.2.1). record sheet/track record. municipality. badges that differ from employee badges. receptionist.

Gelbi is a Technical Support Analyst for Triffid, Inc. Gelbi is sometimes required to install or remove software. Which of the following could be used to describe Gelbi's account? (D3, L3.1.1). privileged. internal. external. user.

Prina is a database administrator. Prina can add new users to the database, remove current users, and create new usage roles for users. Prina cannot read the data in the fields of the database itself. This is an example of: (D3, L3.3.1). role-based access controls (RBAC). Mandatory Access Controls (MAC). discretionary access controls (DAC). alleviate threat access controls (ATAC).

Handel is a senior manager at Triffid, Inc. and is in charge of implementing a new access control scheme for the company. Handel wants to make sure that employees who are assigned to new positions at the company don't retain the access they had in their old positions. Which method should Handel select? (D3, L3.3.1). role-based access controls (RBAC). Mandatory Access Controls (MAC). discretionary access controls (DAC). record.

At Parvi's workplace, the perimeter of the property is enclosed by a fence; there is a gate with a guard at the entrance. All internal doors admit badged personnel only and cameras monitor hallways. Sensitive data and media are kept in safes when not in use. (D3, L3.1.1) This is an example of: integrity of two people. segregation of functions. defense in depth. penetration tests.

Trina is a security professional at Triffid, Inc. Trina has been assigned the task of selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina's selection and determine if she approves of the purchase. This is a description of: (D3, L3.1.1). integrity of two people. segregation of duties. software. defense in depth.

Prachi works as a database administrator for Triffid, Inc. Prachi can add or delete users, but cannot read or modify the data in the database. When Prachi logs into the system, an access control list (ACL) checks to determine what permissions Prachi has. In this situation, what is the ACL? (D3, L3.1.1). the subject. the object. Rule. the firmware.

Which of the following is a biometric access control mechanism? (D3, L3.2.1). a card reader. a copper key. a fence with razor tape on it. a door locked by a voice print identifier.

All of the following are typically perceived as drawbacks of biometric systems except: (D3, L3.2.1). lack of precision. potential privacy issues. retention of physiological data beyond the point of use. legality.

Which of the following is probably most useful in the perimeter of a property? (D3, L3.2.1). a safe. a fence. a data center. a centralized log storage facility.

What common cloud deployment model typically features only a single customer's data or functionality stored on specific systems or hardware? (D4.3 L4.3.2). public. private. community. hybrid.

Which common cloud service model offers the customer the most control of the cloud environment? (D4.3 L4.3.2). Lunch as a Service (LaaS). Infrastructure as a Service (IaaS). Platform as a Service (PaaS). Software as a Service (SaaS).

The section of the IT environment that is closest to the outside world; where we locate the computer systems that communicate with the Internet. (D4.3 L4.3.3). VLAN. DMZ. MAC. RBAC.

Gary is an attacker. Gary is able to gain access to the communication cable between Dauphine's machine and Linda's machine and is then able to monitor the traffic between the two when they communicate. What kind of attack is this? (D4.2 L4.2.1). side channel. DDoS. on the way. physical.

Cyril wants to make sure that all the devices in his company's internal IT environment are correctly synchronized. Which of the following protocols would help in this effort? (D4.1, L4.1.2). FTP (File Transfer Protocol). NTP (Network Time Protocol). SMTP (Simple Mail Transfer Protocol). HTTP (Hyper Text Transfer Protocol).

Incoming traffic from an external source seems to indicate much higher than normal communication rates, to the point where internal systems can be overwhelmed. What security solution can often identify and potentially counter this risk? (D4.2 L4.2.2). firewall. tourniquet. antimalware. badge system.

A means of allowing remote users secure access to the internal IT environment. (D4.3 L4.3.3). Internet. VLAN. MAC. VPN.

Bert wants to add a flashlight feature to a smartphone. Bert searches the internet for a free flashlight app and downloads it to his phone. The app allows Bert to use the phone as a flashlight, but it also steals Bert's contact list. What kind of app is this? (D4.2 L4.2.1). DDoS. trojan. side channel. on the way.

Carol is surfing the Internet. Which of the following ports are you probably using? (D4.1, L4.1.2). 12. 80. 247. 999.

The logical address of a device connected to the network or Internet. (D4.1 L4.1.1). media access control (MAC) address. Internet Protocol (IP) address. geophysical address. terminal address.

Cheryl is surfing the Internet. Which of the following protocols are you probably using? (D4.1, L4.1.2). SNMP (Simple Network Management Protocol). FTP (File Transfer Protocol). TFTP (Trivial File Transfer Protocol). HTTP (Hyper Text Transfer Protocol).

A tool that aggregates log data from various sources and typically analyzes it and reports potential threats. (D4.2 L4.2.2). HIDS. antimalware. router. SIEM.

An IoT (Internet of Things) device is characterized by its effect or use of the _____ environment. (D4.3 L4.3.3). philosophical. remote. internal. physical.

Barry wants to upload a series of files to a web-based storage service, so that people Barry has authorized can retrieve these files. Which of the following would be Barry's preferred communication protocol if he wanted this activity to be efficient and secure? (D4.1, L4.1.2). SMTP (Simple Mail Transfer Protocol). FTP (File Transfer Protocol). SFTP (Secure File Transfer Protocol). SNMP (Simple Network Management Protocol).

A tool that filters incoming traffic to reduce potential threats. (D4.2 L4.2.3). NIDS (Network Based Intrusion Detection Systems). antimalware. DLP (Data Loss Prevention). firewall.

What common cloud service model only provides client access to a given application? (D4.3 L4.3.2). Lunch as a Service (LaaS). Infrastructure as a Service (IaaS). Platform as a Service (PaaS). Software as a Service (SaaS).

A VLAN is a _____ method of network segmentation. (D4.3 L4.3.3). secret. physical. regulated. logical.

A device that filters network traffic to improve overall security/performance. (D4.1 L4.1.1). final point. laptop. MAC (media access control). firewall.

Security must be provided for ____ data. (D5.1, L5.1.1). restricted. illegal. private. all.

When the data has reached the end of the retention period, it should be _____. (D5.1, L5.1.1). destroyed. archived. improved. sold.

By far the most crucial element of any security training program (D5.4, L5.4.1). protect assets. preserves human health and safety. ensure the availability of IT systems. preserve shareholder value.

The output of any given hash algorithm is always _____. (D5.1, L5.1.3). the same length. the same characters. the same language. different for the same inputs.

Dieter wants to send a message to Lupa and wants to make sure that Lupa knows that the message has not been modified in transit. What technique/tool ​​could Dieter use to help in this effort? (D5.1, L5.1.3). hashing. clockwise rotation. symmetric encryption. asymmetric encryption.

Proper alignment of security policy and business objectives within the organization is important because: (D5.3, L5.3.1). security should always be as tight as possible. security policy that conflicts with business goals can inhibit productivity. a bad security policy can be illegal. safety is more important than business.

Data _____ is data that remains on systems/media after attempting normal deletion procedures. (D5.1, L5.1.1). fragments. packages. remanence. residue.

Records should be reviewed ______. (D5.1, L5.1.2). every Thursday. continually. once per calendar year. once per fiscal year.

An organization should always be prepared to ______ when applying a patch. (D5.2, L5.2.1). pay for updated content. buy a new system. settle lawsuits. Rollback.

Who dictates the policy? (D5.3, L5.3.1). the head of security. the human resources office. Senior management. auditors.

Probably the most important reason to provide security training to all employees. (D5.4, L5.4.1). reduce liability. provide due diligence. it is a moral imperative. an informed user is a safer user.

The organization must keep a copy of each signed Acceptable Use Policy (AUP) on file and provide a copy to _______. (D5.3, L5.3.1). the user who signed it. the regulators who oversee that industry. legislators. the public relations office.

Data retention periods apply to ____ data. (D5.1, L5.1.1). doctor. sensible. to all. secret.

Siobhan is a member of (ISC) 2 and works for Triffid Corporation as a Security Analyst. Yesterday Siobhan got a parking ticket while she was shopping after work. What should Siobhan do? (D1, L1.5.1). inform (ISC) 2. pay the parking ticket. report to supervisors in Triffid. quit Triffid's job.

Steve is a security professional assigned to devise a protective measure to ensure that cars do not collide with pedestrians. What is probably the most effective type of control for this task? (D1, L1.3.1). administrative. technical. physical. nuanced.

Chad is a security professional tasked with ensuring that no one outside the organization changes the information on the organization's public website. This task is an example of how to ensure _________. (D1, L1.1.1). confidentiality. Integrity. Availability. Confirmation.

True or false? Business continuity planning is a reactive procedure that restores business operations after an interruption occurs. (D2, L2.2.1). true. false.

An attacker outside the organization attempts to gain access to the organization's internal files. This is an example of a ______. (D2, L2.1.1). intrusion. blow. divulgation. publication.

When should a business continuity plan (BCP) be activated? (D2, L2.2.1). as soon as possible. at the beginning of a disaster. when top management decides. when so directed by regulators.

You are reviewing the log data of a router; there is an entry showing that a user sent traffic through the router at 11:45 am local time yesterday. This is an example of a _______. (D2, L2.1.1). incident. event. stroke. threat.

Suvid works at Triffid, Inc. When Suvid tries to log in to the production environment, a message appears stating that Suvid needs to reset the password. What could have happened to cause this? (D3, L3.3.1). suvid broke the law. Suvid's password has expired. Suvid made the manager angry. someone hacked Suvid's machine.

Gary can't log in to the production environment. Gary tries three times and then can't try again for an hour. Because? (D3, L3.3.1). Gary is being punished. the network is tired. Users remember their credentials if given time to think about it. Gary's actions look like an attack.

Bill logs into a system and opens a document file. In this example, William is: (D3, L3.1.1). the subject. the object. the process. the program.

Trina and Doug work at Triffid, Inc. Doug is having trouble logging on to the network. Trina offers to log in for Doug, using Trina's credentials, so Doug can do some work. doug is a bad person. If Trina logs in as Doug, Doug will never be encouraged to remember the credentials without help. Anything either of them does will be attributed to Trina. It's against the law.

Prachi works as a database administrator for Triffid, Inc. Prachi can add or delete users, but cannot read or modify the data in the database. When Prachi logs into the system, an access control list (ACL) checks to determine what permissions Prachi has. the subject. the object. Rule. the firmware.

Which of the following would be best located in the DMZ of an IT environment? (D4.3 L4.3.3). the user's workplace laptop. mail server. database engine. SIEM log storage.

Which of the following is one of the common ways that potential attacks are often identified? (D4.2 L4.2.2). attackers contact the target before the attack, to threaten and scare the target. victims notice excessive heat coming from their systems. The power utility company warns customers that the network will be down and the Internet will not be accessible. users report unusual activity/response from systems to the help desk or security office.

Log data security controls should reflect ________. (D5.1, L5.1.2). the organization's commitment to customer service. the local culture where the registration data is stored. storage device price. the sensitivity of the source device.

One of the benefits of computer-based training (CBT): (D5.4, L5.4.1). expensive. scalable. personal interaction with instructor. interact with other participants.

Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to multiple people and wants the recipients to know that the message definitely came from Bluga. What type of encryption should Bluga use? (D5.1, L5.1.3). symmetric encryption. asymmetric encryption. small scale encryption. hash.

(ISC)2 publishes a common body of knowledge (CBK) that IT security professionals should be familiar with; this is recognized throughout the industry as a body of material that is useful as a reference for professionals. Certifications may be issued to demonstrate expertise in this Common Body of Knowledge. What kind of document is the Common Body of Knowledge? (D1, L1.4.1). politics. procedure. standard. law.