Credential - E Practice Exam, Exams of Technology

Similar in nature to Credential F, but covering a different specialization track. This exam emphasizes enterprise-wide application of professional knowledge, integration across business units, and leadership in implementing domain-specific best practices.

Typology: Exams

2024/2025

Available from 08/26/2025

BookVenture
BookVenture 🇮🇳

3.2

(20)

26K documents

1 / 186

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Credential - E Exam
Question 1. Which framework is most commonly used for establishing a
comprehensive cybersecurity program aligned with best practices?
A) ISO 27001
B) NIST Cybersecurity Framework
C) COBIT
D) ITIL
Answer: B
Explanation: The NIST Cybersecurity Framework provides a structured
approach for organizations to develop, implement, and improve their
cybersecurity programs by aligning them with industry best practices and
standards.
Question 2. What is a primary purpose of establishing security metrics and
KPIs for senior management?
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Credential - E Practice Exam and more Exams Technology in PDF only on Docsity!

Question 1. Which framework is most commonly used for establishing a comprehensive cybersecurity program aligned with best practices? A) ISO 27001 B) NIST Cybersecurity Framework C) COBIT D) ITIL Answer: B Explanation: The NIST Cybersecurity Framework provides a structured approach for organizations to develop, implement, and improve their cybersecurity programs by aligning them with industry best practices and standards. Question 2. What is a primary purpose of establishing security metrics and KPIs for senior management?

A) To comply with technical standards B) To measure security program effectiveness and inform decision-making C) To replace detailed technical reports D) To satisfy regulatory audits only Answer: B Explanation: Security metrics and KPIs help senior management understand the effectiveness of security initiatives, enabling informed strategic decisions and resource allocation. Question 3. Which activity is essential in conducting enterprise-wide risk assessments? A) Implementing firewalls B) Threat modeling to identify potential attack vectors C) Installing antivirus software

Explanation: Risk mitigation often involves transferring risk to a third party, such as through insurance, or reducing risk through controls, but transferring is a common mitigation strategy. Question 5. When communicating complex security risks to non-technical stakeholders, it is important to: A) Use technical jargon to be precise B) Focus solely on compliance requirements C) Simplify the risks using business impact language D) Avoid discussing risks altogether Answer: C Explanation: Communicating risks in terms of business impact helps non- technical stakeholders understand the significance and make informed decisions.

Question 6. Which regulation mandates data protection and privacy in the European Union? A) HIPAA B) GDPR C) PCI DSS D) CCPA Answer: B Explanation: The General Data Protection Regulation (GDPR) is the EU regulation that governs data privacy and protection for individuals within the EU. Question 7. What is a key component of a privacy program? A) Implementing encryption only at rest

Answer: A Explanation: ISO 27001 provides a systematic approach to managing sensitive company information, establishing an effective ISMS. Question 9. In secure network design, what does micro-segmentation primarily aim to achieve? A) Simplify network topology B) Isolate workloads and limit lateral movement of threats C) Increase network bandwidth D) Reduce the number of firewalls needed Answer: B Explanation: Micro-segmentation isolates workloads at a granular level, preventing attackers from moving freely within the network after a breach.

Question 10. Which architecture is most appropriate for implementing a Zero Trust model? A) Perimeter-based security with strong external firewalls B) Network segmentation with strict identity verification for each access request C) Open access networks with minimal controls D) VPN-only remote access Answer: B Explanation: Zero Trust architectures require continuous verification of identity and device posture before granting access, regardless of network location. Question 11. When designing secure cloud infrastructure, what is a key consideration for securing data at rest?

D) CaaS Answer: C Answer: C) IaaS Explanation: Infrastructure as a Service (IaaS) offers the most control over the underlying hardware, networking, and operating systems, allowing customization and security configurations. Question 13. What is a primary goal of implementing Privileged Access Management (PAM)? A) To enable all users to access sensitive data B) To restrict and monitor access of privileged accounts C) To replace multi-factor authentication D) To eliminate the need for user authentication Answer: B

Explanation: PAM controls and monitors privileged accounts to prevent misuse, reduce insider threats, and ensure accountability. Question 14. Which security control is most effective in preventing web application attacks? A) Network firewalls B) Web Application Firewall (WAF) C) Antivirus software D) Email filtering Answer: B Explanation: A WAF specifically filters, monitors, and blocks malicious traffic targeting web applications, protecting against common attacks like SQL injection and cross-site scripting.

B) To identify and address potential security vulnerabilities early in development C) To optimize application performance D) To comply with licensing agreements Answer: B Explanation: Threat modeling helps identify potential security issues during design, enabling developers to implement controls before deployment. Question 17. Which component is essential in deploying a Web Application Firewall (WAF)? A) Hardware router B) Application-layer filtering rules C) Network switch D) Database encryption

Answer: B Explanation: WAFs operate at the application layer, using filtering rules to block malicious web traffic and protect web applications. Question 18. In security operations, what is the role of a SIEM system? A) To perform vulnerability scans B) To collect, analyze, and correlate security event logs from across the enterprise C) To encrypt data at rest D) To manage user access rights Answer: B Explanation: SIEM systems aggregate and analyze security logs, enabling detection of suspicious activity and supporting incident response.

C) Disabling alerts to reduce noise D) Relying solely on antivirus signatures Answer: B Explanation: Threat hunting involves actively and proactively searching for threats within the environment, often through manual analysis of logs and network data. Question 21. What is a key step in developing an enterprise incident response plan? A) Defining roles, responsibilities, and communication protocols during an incident B) Installing antivirus software on all systems C) Conducting employee onboarding training D) Purchasing new hardware annually

Answer: A Explanation: An effective incident response plan clearly defines roles, responsibilities, and procedures to ensure a coordinated and efficient response to security incidents. Question 22. During incident handling, what is the primary goal of containment? A) To identify the attacker’s identity only B) To limit the spread of the incident and prevent further damage C) To notify law enforcement immediately D) To delete all affected data Answer: B Explanation: Containment aims to isolate the affected systems or networks to prevent the attack from escalating and causing further harm.

B) Internal employee misconduct C) Hardware failure within the organization D) Power outages at the data center Answer: A Explanation: Supply chain risks involve vulnerabilities in vendors, third-party services, or hardware that can impact overall security if not properly managed. Question 25. Which security standard emphasizes continuous improvement and risk management? A) ISO 27001 B) PCI DSS C) HIPAA D) GDPR

Answer: A Explanation: ISO 27001 promotes a cycle of continuous improvement in managing information security through risk assessment and controls. Question 26. What is a key benefit of implementing a Zero Trust architecture? A) Reduces the need for encryption B) Eliminates the need for user authentication C) Limits trust zones and verifies each access request continuously D) Allows open access within the network perimeter Answer: C Explanation: Zero Trust enforces strict identity verification and access control for every request, regardless of location, reducing insider and lateral threats.