21. Which of the following activities may be part of establishing security controls? Select three answers.
- Monitor and record user requests
- Collect and analyze security data regularly
- Evaluate whether current controls help achieve business goals
- Implement multi-factor authentication
22. A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?
- Increase in profits
- Damage to reputation
- Loss of identity
- Lack of engagement
23. In the Risk Management Framework (RMF), which step involves having effective security and privacy plans in place in order to minimize the impact of ongoing risks?
- Authorize
- Prepare
- Categorize
- Implement
24. What is the goal of business continuity?
- Reduce personnel
- Remove access to assets
- Destroy publicly available data
- Maintain everyday productivity
25. Shared responsibility is a core concept of which domain?
- Security and risk management
- Security architecture and engineering
- Asset security
Communication and network security
Â
26. How does security control testing enable companies to identify new and better ways to mitigate threats? Select two answers.
- By revising project milestones
- By evaluating whether the current controls help achieve goals
- By granting employee access to physical spaces
- By examining organizational goals and objectives
27. A business experiences an attack. As a result, its critical business operations are interrupted and it faces regulatory fines. What type of consequence does this scenario describe?
- Practical
- Reputation
- Financial
- Identity
28. In the Risk Management Framework (RMF), which step involves being aware of how systems are operating?
- Monitor
- Categorize
- Implement
- Authorize