21. Which of the following tasks may be part of the security architecture and engineering domain? Select all that apply.
- Securing hardware
- Ensuring that effective systems and processes are in place
- Configuring a firewall
- Validating the identities of employees
22. Which of the following tasks may be part of the security operations domain? Select all that apply.
- Implementing preventive measures
- Investigating an unknown device that has connected to an internal network
- Conducting investigations
- Using coding practices to create secure applications
23. A security professional conducts internal training to teach their coworkers how to identify a social engineering attack. What types of security issues are they trying to avoid? Select all that apply.
- Employees inadvertently revealing sensitive data
- Overtaxing systems with too many internal emails
- Phishing attacks
- Malicious software being deployed
24. Which of the following tasks are part of the security and risk management domain? Select all that apply.
- Securing physical assets
- Defining security goals and objectives
- Compliance
- Business continuity
25. Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?
- Communication and network security
- Security and risk management
- Identity and access management
- Security architecture and engineering
26. Which of the following tasks may be part of the security assessment and testing domain? Select all that apply.
- Auditing user permissions
- Securing physical networks and wireless communications
- Conducting security audits
- Collecting and analyzing data
27. A security professional is setting up access keycards for new employees. Which domain does this scenario describe?
- Identity and access management
- Communication and network security
- Security and risk management
- Security assessment and testing
28. A security professional is optimizing data security by ensuring that effective tools, systems, and processes are in place. Which domain does this scenario describe?
- Communication and network security
- Security architecture and engineering
- Security and risk management
- Identity and access management
29. Which of the following tasks may be part of the identity and access management domain? Select all that apply.
- Conducting security control testing
- Setting up an employee’s access keycard
- Ensuring users follow established policies
- Controlling physical assets