What is the threat modeling order using process for Attack simu-lation and threat analysis(PASTA)?

B. Application decomposition, threat analysis, vulnerability detection, attack enumeration,risk/impact analysis

A. Risk/impact analysis, application decomposition, threat analysis, vulnerability detection, attackenumeration

C. Application decomposition, threat analysis, risk/impact analysis, vulnerability detection, attackenumeration

D. Threat analysis, vulnerability detection, application decomposition, attack enumeration,risk/Impact analysis

<image: DeviceRGB, width: 1, height: 1, bpc: 8>

B. Implement access control on the web server.

A. Enforce the chmod of files to 755.

C. Enforce the control of file directory listings.

D. Implement Secure Sockets Layer (SSL) certificates throughout the web server.

When using Security Assertion markup language (SAML), it is assumed that the principal subject

B. enrolls with at least one identity provider.

A. allows Secure Sockets Layer (SSL) for data exchanges.

C. accepts persistent cookies from the system.

D. is on a system that supports remote authorization.

Which of the following would an information security professional use to recognize changes tocontent, particularly unauthorized changes?

A. Security information and event management (SIEM) system

D. Intrusion detection system (IDS)

Which of the following is a characteristic of a challenge/response authentication process?

B. Presenting distorted graphics of text for authentication

A. Transmitting a hash based on the user's password

C. Requiring the use of non-consecutive numeric characters

D. Using a password history blacklist

An organization has outsourced its financial transaction processing to a Cloud Service Provider(CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who isresponsible for monetary losses?

A. The Data Protection Authority (DPA)

C. The Cloud Service Provider (CSP)

Which of the following is used to ensure that data mining activities Will NOT reveal sensitivedata?

B. Implement two-factor authentication on the underlying infrastructure.

A. Preprocess the databases to see if inn ...... can be disclosed from the learned patterns.

C. Encrypt data at the field level and tightly control encryption keys.

D. Implement the principle of least privilege on data elements so a reduced number of users canaccess the database.

What is the MAIN purpose of conducting a business impact analysis (BIA)?

B. To determine the cost for restoration of damaged information system

A. To determine the controls required to return to business critical operations

C. To determine the critical resources required to recover from an incident within a specified timeperiod

D. To determine the effect of mission-critical information system failures on core businessprocesses

What is the GREATEST challenge of an agent-based patch management solution?

B. The consistency of distributing patches to each participating computer

A. Requires that software be installed, running, and managed on all participating computers

C. The significant amount of network bandwidth while scanning computers

D. Time to gather vulnerability information about the computers in the program

Which of the following vulnerability assessment activities BEST exemplifies the Examine methodof assessment?

B. Logging into a web server using the default administrator account and a default password

A. Asking the Information System Security Officer (ISSO) to describe the organization's patchmanagement processes

C. Performing Port Scans of selected network hosts to enumerate active services

D. Ensuring that system audit logs capture all relevant data fields required by the security controlsbaseline

Which of the following needs to be taken into account when assessing vulnerability?

D. Risk identification and validation

<image: DeviceRGB, width: 1, height: 1, bpc: 8>

B. They may have proprietary software installed to protect them.

A. They may contain cryptographic protection.

C. There are no forensics tools available for examination.

D. They have password-based security at logon.

What a patch management program?

B. Prioritize vulnerability remediation.

A. Perform automatic deployment of patches.

D. Monitor for vulnerabilities and threats.

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

B. To ensure Information Technology (IT) staff knows and performs roles assigned to each ofthem

A. To find out what does not work and fix it

C. To validate backup sites' effectiveness

D. To create a high level DRP awareness among Information Technology (IT) staff

A security practitioner is tasked with securing the organization's Wireless Access Points (WAP).Which of these is the MOST effective way of restricting this environment to authorized users?

B. Change the name of the Service Set Identifier (SSID) to a random value not associated withthe organization

A. Create Access Control Lists (ACL) based on Media Access Control (MAC) addresses

C. Enable Wi-Fi Protected Access 2 (WPA2) encryption on the wireless access point

D. Disable the broadcast of the Service Set Identifier (SSID) name

<image: DeviceRGB, width: 1, height: 1, bpc: 8>

A. Web application vulnerability scanners

C. Runtime application self-protection (RASP)

D. Security Assertion Markup Language (SAML)

An organization has implemented a protection strategy to secure the network from unauthorizedexternal access. The new Chief Information Security Officer (CISO) wants to increase security bybetter protecting the network from unauthorized internal access. Which Network Access Control(NAC) capability BEST meets this objective?

D. Two-factor authentication (2FA)

In which of the following programs is it MOST important to include the collection of securityprocess data?

D. Security continuous monitoring

Which of the following could be considered the MOST significant security challenge whenadopting DevOps practices compared to a more traditional control framework?

B. Maintaining segregation of duties.

A. Achieving Service Level Agreements (SLA) on how quickly patches will be released when asecurity flaw is found.

C. Standardized configurations for logging, alerting, and security metrics.

D. Availability of security teams at the end of design process to perform last-minute manual auditsand

When reviewing the security logs, the password shown for an administrative login event was ' OR' '1'='1' --. This is an example of which of the following kinds of attack?

D. Structured Query Language (SQL) Injection

Which of the following is the PRIMARY reason a sniffer operating on a network is collectingpackets only from its own host?

B. The network's firewall does not allow sniffing.

A. The network is connected using switches.

C. The network is connected using hubs.

D. An Intrusion Detection System (IDS) has dropped the packets.

Which of the following factors is a PRIMARY reason to drive changes in an Information SecurityContinuous Monitoring (ISCM) strategy?

B. Testing and Evaluation (TE) personnel changes

A. Increased Cross-Site Request Forgery (CSRF) attacks

C. Changes to core missions or business processes

D. Changes in Service Organization Control (SOC) 2 reporting requirements

Which of the following is an advantage of on-premise Credential Management Systems?

B. Improved credential interoperability

A. Reduced administrative overhead

C. Control over system configuration

D. Lower infrastructure capital costs

A security analyst for a large financial institution is reviewing network traffic related to an incident.The analyst determines the traffic is irrelevant to the investigation but in the process of the review,the analyst also finds that an applications data, which included full credit card cardholder data, istransferred in clear text between the server and user's desktop. The analyst knows this violatesthe Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is theanalyst's next step?

B. Include the full network traffic logs in the incident report

A. Send the log file co-workers for peer review

C. Follow organizational processes to alert the proper teams to address the issue.

D. Ignore data as it is outside the scope of the investigation and the analyst's role.

When designing a Cyber-Physical System (CPS), which of the following should be a securitypractitioner's first consideration?

B. Risk assessment of the system

A. Topology of the network used for the system

D. Detection of sophisticated attackers

Which one of the following is a threat related to the use of web-based client side input validation?

B. Users would be able to alter the input after validation has occurred

A. The web server would not be able to validate the input after transmission

C. The web server would not be able to receive invalid input from the client

D. The client system could receive invalid input from the web server

To minimize the vulnerabilities of a web-based application, which of the following FIRST actionswill lock down the system and minimize the risk of an attack?

B. Install an antivirus on the server

D. Apply the latest vendor patches and updates

<image: DeviceRGB, width: 1, height: 1, bpc: 8>

B. The risk executive (function)

In systems security engineering, what does the security principle of modularity provide?

B. Minimal access to perform a function

A. Secure distribution of programs and data

Data remanence refers to which of the following?

B. The residual information left on magnetic storage media after a deletion or erasure.

A. The magnetic flux created when removing the network connection from a server or personalcomputer.

C. The remaining photons left in a fiber optic cable after a secure transmission.

D. The retention period required by law or regulation.

testtest

Authored by Qiming Li

Life Skills

University

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

478 questions

Show all answers

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

Which is the MOST critical aspect of computer-generated evidence?

A. Integrity

B. Objectivity

C. Timeliness

D. Relevancy

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

What is the MAIN goal of information security awareness and training?

A. To inform users of information assurance responsibilities

B. To prepare students for certification

C. To inform users of the latest malware threats

D. To comply with the organization information security policy

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

Which of the following is a common measure within a Local Area Network (LAN) to provide enadditional level of security through segmentation?

A. Building Demilitarized Zones (DMZ)

B. Implementing an Intrusion Detection System (IDS)

C. Building Virtual Local Area Networks (VLAN)

D. Implementing a virus scanner

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

Which of the following are the three MAIN categories of security controls?

A. Confidentiality, integrity, availability

B. Preventative, corrective, detective

C. Corrective, detective, recovery

D. Administrative, technical, physical

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

An international medical organization with headquarters in the United States (US) and branchesin France wants to test a drug in both countries. What is the organization allowed to do with thetest subject's data?

A. Aggregate it into one database in the US

B. Process it in the US, but store the information in France

C. Share it with a third party

D. Anonymize it and process it in the US

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

Which of the following is a common characteristic of privacy?

A. Provision for maintaining an audit trail of access to the private data

B. Process for the subject to inspect and correct personal data on-site

C. Notice to the subject of the existence of a database containing relevant credit card data

D. Database requirements for integration of privacy data

MULTIPLE CHOICE QUESTION

20 sec • 1 pt

Which of the following is the key requirement for test results when implementing forensicprocedures?

A. The test results must be quantifiable.

B. The test results must be reproducible.

C. The test result must be authorized.

D. The test results must be cost-effective.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

20 questions

Math Review

Quiz

•

3rd Grade

15 questions

Fast food

Quiz

•

7th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

19 questions

Classifying Quadrilaterals

Quiz

•

3rd Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

10 questions

Identify Fractions, Mixed Numbers & Improper Fractions

Quiz

•

3rd - 4th Grade

Discover more resources for Life Skills

20 questions

Guess The App

Quiz

•

KG - Professional Dev...

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

19 questions

Minecraft

Quiz

•

6th Grade - Professio...

40 questions

8th Grade Math Review

Quiz

•

8th Grade - University

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

10 questions

Would you rather...

Quiz

•

KG - University

40 questions

Flags of the World

Quiz

•

KG - Professional Dev...

14 questions

Superhero

Quiz

•

1st Grade - University

testtest

Which is the MOST critical aspect of computer-generated evidence?

What is the MAIN goal of information security awareness and training?

Which of the following is a common measure within a Local Area Network (LAN) to provide enadditional level of security through segmentation?

Which of the following are the three MAIN categories of security controls?

An international medical organization with headquarters in the United States (US) and branchesin France wants to test a drug in both countries. What is the organization allowed to do with thetest subject's data?

Which of the following is a common characteristic of privacy?

Which of the following is the key requirement for test results when implementing forensicprocedures?

What is the BEST approach to anonymizing personally identifiable information (PII) in a testenvironment?

What is the threat modeling order using process for Attack simu-lation and threat analysis(PASTA)?

<image: DeviceRGB, width: 1, height: 1, bpc: 8>

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Life Skills