21. Which of the following activities may be part of establishing security controls? Select three answers.

  • Monitor and record user requests
  • Collect and analyze security data regularly
  • Evaluate whether current controls help achieve business goals
  • Implement multi-factor authentication

22. A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?

  • Increase in profits
  • Damage to reputation
  • Loss of identity
  • Lack of engagement

23. In the Risk Management Framework (RMF), which step involves having effective security and privacy plans in place in order to minimize the impact of ongoing risks?

  • Authorize
  • Prepare
  • Categorize
  • Implement

24. What is the goal of business continuity?

  • Reduce personnel
  • Remove access to assets
  • Destroy publicly available data
  • Maintain everyday productivity

25. Shared responsibility is a core concept of which domain?

  • Security and risk management
  • Security architecture and engineering
  • Asset security

  • Communication and network security

     

26. How does security control testing enable companies to identify new and better ways to mitigate threats? Select two answers.

  • By revising project milestones
  • By evaluating whether the current controls help achieve goals
  • By granting employee access to physical spaces
  • By examining organizational goals and objectives

27. A business experiences an attack. As a result, its critical business operations are interrupted and it faces regulatory fines. What type of consequence does this scenario describe?

  • Practical
  • Reputation
  • Financial
  • Identity

28. In the Risk Management Framework (RMF), which step involves being aware of how systems are operating?

  • Monitor
  • Categorize
  • Implement
  • Authorize
Previous

Leave a Reply