An IoT software startup company has hired Don to provide expertise on data security. Clients are very concerned about confidentiality. If confidentiality is stressed more than availability and integrity, which of the following scenarios is the best suited for the client?

The client is assigned virtual hosts running on shared hardware. Physical storage is partitioned with block cipher encryption.

Virtual servers in a highly available environment. The client will use redundant virtual storage and terminal services to access software.

Virtual servers in a highly available environment. The client will use a single virtual storage and terminal services to access software.

The client is assigned virtual hosts running on shared hardware. Physical storage is partitioned with streaming cipher encryption.

Tiffany works for a healthcare facility for the elderly that has made the decision to begin out-sourcing some IT systems. Which of the following statements is true?

All compliance and regulatory requirements are passed on to the provider

All outsourcing frees your organization from any rules or requirements

The IT systems are no longer configured, maintained, or evaluated by your organization

The outsourcing organization is free from any rules or regulations

Many organizations prepare for highly technical attacks and forget about the simple low-tech means of gathering information. Dumpster diving can be used by penetration testers in gaining access to unauthorized information. Which of these would the proactive detection team suggest to reduce risk?

Creating policies and procedures for document shredding

Data classification and printer restrictions of intellectual property

Purchasing shredders for the copy rooms

Bringing on an intern to shred all printed documentation

A vendor of new software that is deployed across your corporate network has announced a critical update is needed for a specific vulnerability. Your CIO wants to know what the vulnerability time has been. When can you give them that information?

After the patch is downloaded and installed in the affected system or device

When the patch is released and available to the public

When the patch is created by the vendor

When the vulnerability is discovered

due to time constraints and budget, Bradley's organization has opted to hire a third party organization to start working on a very important vulnerability management project. Which of these are the benefits of outsourcing your vulnerability management program?

Outsourcing vulnerability management can save time, increase visibility, prioritize remediation, and reduce dependency on internal resources

Outsourcing is a valid option and not much concern since any and all damage is the responsibility of the third party

If the company has an acceptable security record, then it makes perfect sense to outsource anything

You should never outsource. It will lead to legal and compliance issues

What is the concern with using the C language commands scanf(), strcpy(), bcopy(), vsprintf(), and gets()?

These commands don't check buffer size and lend themselves to buffer overflow attacks

These commands are no longer supported in C

There commands don't perform input validation and therefore lend themselves to injection attacks

There is no concern with using these commands

CASP+ Chapter 4 - Review

Authored by Timothy Courson

Professional Development

Used 3+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following BEST defines risk in IT?

You have a vulnerability with a known active threat.

You have a threat with a known vulnerability

You have a risk with a known threat

You have a threat with a known exploit

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Charles is a system manager. He is conducting a vulnerability assessment. Which of the following is not a requirement for him to know?

Access controls

Understanding of the systems to be evaluated

Potential threats

Passwords

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Gavin has been assigned to hire a third party to do a security assessment of his automotive manufacturing plant. What type of testing will give him the most neutral review of his company's security profile?

OSINT

Vulnerability scanning

No knowledge

Blue hat

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Olivia is the senior security analyst for a large online news organization. She was briefed by the incident response team that the organization has fallen victim to an XSS attack and malicious web scripting code had executed in a trusted web page. What does she do to prevent this from happening in the future?

Make sure the web application can validate and sanitize input

Implement patch management immediately

Request an external penetration test

There is no way to prevent this from happening on a publicly facing web server

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Alonso, a security administrator, has been contacted by a senior human resources manager to investigate a possible situation. They suspect that malicious activities are being caused by internal personnel and need to know if it is intentional or unintentional. After investigating, you believe it is unintentional and the most likely cause is which of the following?

Fraud

Espionage

Embezzlement

Social engineering

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

MaryAnn work for an insurance company. The company has experienced a natural disaster and used a hot site for three months an now is going to return to the primary site. What processes should be restored first?

Finance department

External communication

Mission critical

Least-business critical

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Paul has a mission-critical Windows server with the CVE-2021-24086 vulnerability in his network. It is the target of a distributed denial of service attack and has blue screened twice, Multiple systems are flooding the bandwidth of that system. Which information security goal is being impacted by this type of an attack?

Availability

Baselines

Integrity

Emergency Response

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

16 questions

Quizizz Comunicación en las relaciones empresariales

Quiz

•

KG - Professional Dev...

20 questions

Accent

Quiz

•

Professional Development

15 questions

Avaliação NR-10 Básico (ELE) - ECB 08 Celpe

Quiz

•

Professional Development

20 questions

Time and Tense 24 May

Quiz

•

Professional Development

20 questions

COVID-19 IPC Quiz

Quiz

•

Professional Development

20 questions

ILP 2021

Quiz

•

Professional Development

20 questions

MF1425 TEMA3 EXAMEN

Quiz

•

Professional Development

15 questions

Sports Analytics

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Grade 3 Simulation Assessment 1

Quiz

•

3rd Grade

22 questions

HCS Grade 4 Simulation Assessment_1 2526sy

Quiz

•

4th Grade

16 questions

Grade 3 Simulation Assessment 2

Quiz

•

3rd Grade

19 questions

HCS Grade 5 Simulation Assessment_1 2526sy

Quiz

•

5th Grade

17 questions

HCS Grade 4 Simulation Assessment_2 2526sy

Quiz

•

4th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

24 questions

HCS Grade 5 Simulation Assessment_2 2526sy

Quiz

•

5th Grade

20 questions

Math Review

Quiz

•

3rd Grade

Discover more resources for Professional Development

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

40 questions

Flags of the World

Quiz

•

KG - Professional Dev...

10 questions

Lead Awareness Health Hazards

Quiz

•

Professional Development

CASP+ Chapter 4 - Review

Which of the following BEST defines risk in IT?

Charles is a system manager. He is conducting a vulnerability assessment. Which of the following is not a requirement for him to know?

Gavin has been assigned to hire a third party to do a security assessment of his automotive manufacturing plant. What type of testing will give him the most neutral review of his company's security profile?

MaryAnn work for an insurance company. The company has experienced a natural disaster and used a hot site for three months an now is going to return to the primary site. What processes should be restored first?

An IoT software startup company has hired Don to provide expertise on data security. Clients are very concerned about confidentiality. If confidentiality is stressed more than availability and integrity, which of the following scenarios is the best suited for the client?

Pieter discovered a meterpreter shell running a keylogger on the CFO's laptop. What security tenet is the keylogger most likely to break?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development