As a security professional, there is a possibility to have access to sensitive data and assets. What is one item a security professional should understand in order to make informed ethical decisions?

Ethics in the security profession are extremely important because of the sensitivity of the data and assets. Compliance to government and state

requirements is needed in order to make good judgments.

An organization has implemented a private cloud infrastructure. In order to secure the infrastructure from potential threats. What three tactics can be implemented to protect the private cloud? (Choose three.)

Chapter 8 - Slides 13 - Private Cloud (WAN) Domain
Organizations can manage threats to the private cloud using the following methods:
1) Disable ping, probing, and port scanning.
2) Implement intrusion detection and prevention systems.
3) Monitor inbound IP traffic anomalies.
4) Update devices with security fixes and patches.
5) Conduct penetration tests post configuration.
6) Test inbound and outbound traffic.
7) Implement a data classification standard.
8) Implement file transfer monitoring and scanning for unknown file type.

Types of information security positions.

Chapter 8 - Slides 56 - Exploring the Cybersecurity Profession
Information security positions can be categorized as::
- definers
- builders
- monitors

A company is attempting to lower the cost in deploying commercial software and is considering a cloud based service. Which cloud based service would be best to host the software?

Chapter 8 - Slides 15 - Public Cloud Domain

Software as a service (SaaS) provides access to software that is centrally hosted and accessed by users via a web browser on the cloud.

Three different service models exist from which an organization may choose:

1) Software as a service (SaaS) – a subscription-based model that provides access to software that is centrally hosted and accessed by users via a web browser.

2) Platform as a service (PaaS) – provides a platform that allows an organization to develop, run, and manage its applications on the service’s hardware using tools that the service provides.

3) Infrastructure as a service (IaaS) – provides virtualized computing resources such as hardware, software, servers, storage and other infrastructure components over the Internet.

What are two potential threats to applications? (Choose two.)

Chapter 8 - Slides 19 - Application Domain
Threats to applications can include the following:
1) Unauthorized access to data centers, computer rooms, and wiring closets
2) Server downtime for maintenance purposes
3) Network operating system software vulnerability
4) Unauthorized access to systems
5) Data loss
6) Downtime of IT systems for an extended period
7) Client/server or web application development vulnerabilities

What three services does CERT provide? (Choose three.)

Chapter 8 - Slides 41/42 - Cybersecurity Information Websites
CERT provides multiple services, including:
1) helps to resolve software vulnerabilities

2) develops tools, products, and methods to conduct forensic examinations

3) develops tools, products, and methods to analyze vulnerabilities

4) develops tools, products, and methods to monitor large networks

5) helps organizations determine how effective their security-related practices are

A school administrator is concerned with the disclosure of student information due to a breach. Under which act is student information protected?

Chapter 8 - Slides 34 - Cyber Laws and Liability

The Family Education Records and Privacy Act (FERPA) prohibits the improper disclosure of personal education records