21. A security analyst performs an internal security audit. They review their company’s existing assets, then evaluate potential risks to those assets. Which aspect of a security audit does this scenario describe?

  • Completing a controls assessment
  • Assessing compliance
  • Establishing the scope and goals
  • Communicating results

22. What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

  • Strategies for improving security posture
  • A summary of the goals
  • Detailed data about past cybersecurity incidents
  • Existing risks that need to be addressed now or in the future

23. How do organizations use security frameworks to develop an effective security posture?

  • As a policy to protect against phishing campaigns
  • As a policy to support employee training initiatives
  • As a guide to identify threat actor strategies
  • As a guide to reduce risk and protect data and privacy

24. Fill in the blank: An employee using multi-factor authentication to verify their identity is an example of the _____ process.

  • confidentiality
  • integrity
  • authentication
  • encryption

25. You work as a security analyst for a supply chain organization and need to confirm all inventory data is correct, authentic, and reliable. Which core principle of the CIA triad are you using?

  • Confidentiality
  • Availability
  • Credibility
  • Integrity

26. A security team considers how to avoid unnecessarily complicated solutions when implementing security controls. Which OWASP principle does this scenario describe?

  • Fix security issues correctly
  • Keep security simple
  • Defense in depth
  • Principle of least privilege

27. What are some of the primary objectives of an internal security audit? Select all that apply.

  • Help security teams correct compliance issues
  • Enable security teams to assess controls
  • Limit traffic on an organization’s firewall
  • Identify any security gaps or weaknesses within an organization

28. A security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?

  • Physical controls
  • Technical controls
  • Administrative controls
  • Compliance controls

Shuffle Q/A 3

29. What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

  • A list of existing risks
  • Results and recommendations
  • Questions about specific controls
  • A summary of the scope

30. What is the purpose of a security framework?

  • Create security controls to protect marketing campaigns
  • Develop procedures to help identify productivity goals
  • Establish policies to expand business relationships

  • Build plans to help mitigate risks and threats to data and privacy

Previous
Next

Leave a Reply