31. Fill in the blank: A security professional uses _____ to verify that an employee has permission to access a resource.

  • authorization
  • encryption
  • integrity
  • admission

32. Which of the following statements accurately describe the CSF? Select all that apply.

  • The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
  • The detect function of the CSF involves improving monitoring capabilities to increase the speed and efficiency of detections.
  • Restoring affected files or data is part of the recover function of the CSF.
  • The identify function of the CSF involves returning affected systems back to normal operation.

33. A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?

  • Defense in depth
  • Principle of least privilege
  • Keep security simple
  • Separation of duties

34. Fill in the blank: In an internal security audit, _____ involves identifying potential threats, risks, and vulnerabilities in order to decide what security measures should be implemented.

  • communicating to stakeholders
  • conducting a risk assessment
  • assessing compliance
  • establishing the scope and goals

35. A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish?

  • Communication controls
  • Administrative controls
  • Technical controls
  • Physical controls

36. A person’s fingerprint, eye or palm scan are examples of what?

  • Codes
  • Biometrics
  • Passwords
  • Statistics

37. Which of the following statements accurately describe the CSF? Select all that apply.

  • The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.
  • Investigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.
  • The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.
  • The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

38. What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.

  • Results and recommendations
  • Comprehensive details about each part of the process
  • Compliance regulations to be adhered to
  • Strategies for improving security posture
Previous

Leave a Reply