Which of the following is NOT a best practice in access management?

Give only the right amount of permission

Periodically assess if user permissions still apply

Request a justification when upgrading permission

As an (ISC)² member, you are expected to perform with due care. What does 'due care' specifically mean?

Do what is right in each situation you encounter on the job

Give continuity to the legacy of security practices of your company

Researching and acquiring the knowledge to do your job right

Which of these is NOT a best practice in access management?

Periodically assessing whether user permissions still apply

Requesting a justification when upgrading permission

Giving only the right amount of permission

What does the term 'data remanence' refer?

Data left over after routine removal and deletion

Data in use that can't be encrypted

Files saved locally that can't be remoted accessed

Which of these is NOT a characteristic of an MSP implementation?

Manage all in-house company infrastructure

Monitor and respond to security incidents

Mediate, execute and decide top-level decisions

Utilize expertise for the implementation of a product or service

Which of these is NOT a typical component of a comprehensive business continuity plan (BCP)?

A cost prediction of the immediate response procedures

Immediate response procedures and checklists

Notification systems and call trees for alerting personnel

Acting ethically is mandatory for (ISC)² members. Which of these is NOT considered unethical?

Having fake social media profiles and accounts

Disrupting the intended use of the internet

Seeking to gain unauthorized access to resources on the internet

Compromising the privacy of users

In the context of risk management, which information does ALE outline?

The expected cost per year of not performing a given risk-mitigating action

The percentage of Asset Lost Efficiency

The probability of a risk coming to pass in a given year

Which of these is an example of a privacy breach?

Access of private information by an unauthorized person

Any observable occurrence in a network or system

Being exposed to the possibility of attack

Unavailability of critical systems

While performing background checks on new employees, which of these can NEVER be an attribute for discrimination?

References, education, political affiliation, employment history

Employment history, references, criminal records

Credit history, employment history, references

Criminal Records, credit history, references

What is the PRIMARY objective of a degaussing?

Preventing magnetic side-channel attacks

Which of these is part of the canons (ISC)² code of ethics?

Advance and protect the profession

Provide diligent and competent services to stakeholders

Prevent and detect unauthorized use of digital assets in a society

Act always in the best interest of your client

Which of these is NOT one of the (ISC)² ethics canons?

Consider the social consequences of the systems you are designing

Act honorably, honestly, justly, responsibly, and legally

Protect society, the common good, necessary public trust and confidence, and the infrastructure

Provide diligent and competent service to principals

Which of these is the PRIMARY objective of the PCI-DSS standard?

Personally Identifiable Information (PII)

Protected Health Information (PHI)

The PRIMARY objective of a business continuity plan is:

To sustain business operations while recovering from a disruption

To regularly verify whether the organization complies with applicable regulations

To assess the impact of disruption to the business

To restore the business to the full last-known reliable state of operations

146. When an incident occurs, which of these is not a PRIMARY responsibility of an organization's response team?

d) Communicating with top management regarding the circumstances of the cybersecurity event

a) Determining the scope of the damage caused by the incident

b) Implementing the recovery procedures necessary to restore security and recover from any incident-related damage

c) Determining whether any confidential information has been compromised over the course of the entire incident

147. What is the PRIMARY objective of a rollback in the context of the change management process?

c. Restore the system to its last state before the change was made

a. Identify the required changes needed

b. Validate the system change process

d. Establish a minimum understood and acceptable level of security requirements

150. The PRIMARY objective of a security baseline is to establish ...

b. a minimum understood and acceptable level of security

a. a minimum understood and a good level of security requirements

c. security and configuration requirements

d. a maximum understood and an acceptable level of security requirements

PART2

Authored by Ayomide Oluwaga

Computers

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

50 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In the event of a disaster, what should be the PRIMARY objective?

Apply disaster communication

Protect the production database

Guarantee the safety of people

Guarantee the continuity of critical systems

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A security professional should report violations of a company's security policy to:

The ISC Ethics Committee

Company management

National authorities

A court of law

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which department in a company is NOT regularly involved in a DRP?

Executives

Public Relations

Financial

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is included in an SLA document?

A plan to prepare the organization for the continuation of critical business functions

A plan to keep business operations going while recovering from a significant disruption

Instructions to detect, respond to, and limit the consequences of a cyber-attack

Instructions on data ownership and destruction

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the most important difference between MAC and DAC?

In MAC, security administrators set the roles for the users; in DAC, roles are set at the object owner’s discretion

In MAC, security administrators assign access permissions; in DAC, security administrators set user roles

In MAC, security administrators assign access permissions; in DAC, access permissions are set at the object owner’s discretion

In MAC, access permissions are set at the object owner’s discretion; in DAC, it is up to security administrators to assign access permissions

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Requiring a specific user role to access resources is an example of:

MAC

ABAC

RBAC

DAC

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which type of document outlines the procedures ensuring that vital company systems keep running during business disrupting events?

Business Impact Plan

Business Impact Analysis

Disaster Recovery Plan

Business Continuity Plan

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

Midterm Exam Review (Business concepts) S2

Quiz

•

Professional Development

50 questions

Quizz Compition Round 5(Computer Generation & Type of computer)

Quiz

•

Professional Development

48 questions

Randy's Networking Quiz 3

Quiz

•

Professional Development

52 questions

Desainer Grafis Muda

Quiz

•

Professional Development

50 questions

word processor Quiz

Quiz

•

Professional Development

50 questions

AWS Cloud Practitioner 1.1

Quiz

•

Professional Development

50 questions

Computer Hardware and Software - Networking

Quiz

•

Professional Development

48 questions

Quiz Active Directory (AD)

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Grade 3 Simulation Assessment 1

Quiz

•

3rd Grade

22 questions

HCS Grade 4 Simulation Assessment_1 2526sy

Quiz

•

4th Grade

16 questions

Grade 3 Simulation Assessment 2

Quiz

•

3rd Grade

19 questions

HCS Grade 5 Simulation Assessment_1 2526sy

Quiz

•

5th Grade

17 questions

HCS Grade 4 Simulation Assessment_2 2526sy

Quiz

•

4th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

24 questions

HCS Grade 5 Simulation Assessment_2 2526sy

Quiz

•

5th Grade

20 questions

Math Review

Quiz

•

3rd Grade

Discover more resources for Computers

20 questions

Block Buster Movies

Quiz

•

10th Grade - Professi...

40 questions

Flags of the World

Quiz

•

KG - Professional Dev...

10 questions

Lead Awareness Health Hazards

Quiz

•

Professional Development

PART2

In the event of a disaster, what should be the PRIMARY objective?

A security professional should report violations of a company's security policy to:

Which department in a company is NOT regularly involved in a DRP?

Which of the following is included in an SLA document?

What is the most important difference between MAC and DAC?

Requiring a specific user role to access resources is an example of:

Which type of document outlines the procedures ensuring that vital company systems keep running during business disrupting events?

Which of the following is NOT a best practice in access management?

If a company collects PII, which policy is required?

Which of these is LEAST likely to be installed by an infection?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers