Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

ISC2 CC Exam Questions With 100% Correct And Verified Answers, Exams of Advanced Education

ISC2 CC Exam Questions With 100% Correct And Verified Answers Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe? (D1, L1.3.1) A) Administrative B) Tangential C) Physical D) Technical - Correct Answer-A is the correct answer. The process itself is an administrative control; rules and practices are administrative. The safe itself is physical, but the question asked specifically about process, not the safe, so C is incorrect. Neither the safe nor the process

Typology: Exams

2023/2024

Available from 07/02/2024

professoraxel
professoraxel 🇺🇸

3.7

(26)

9.4K documents

1 / 24

Toggle sidebar

Related documents


Partial preview of the text

Download ISC2 CC Exam Questions With 100% Correct And Verified Answers and more Exams Advanced Education in PDF only on Docsity! ISC2 CC Exam Questions With 100% Correct And Verified Answers Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe? (D1, L1.3.1) A) Administrative B) Tangential C) Physical D) Technical - Correct Answer-A is the correct answer. The process itself is an administrative control; rules and practices are administrative. The safe itself is physical, but the question asked specifically about process, not the safe, so C is incorrect. Neither the safe nor the process is part of the IT environment, so this is not a technical control; D is incorrect. B is incorrect; "tangential" is not a term commonly used to describe a particular type of security control, and is used here only as a distractor. A vendor sells a particular operating system (OS). In order to deploy the OS securely on different platforms, the vendor publishes several sets of instructions on how to install it, depending on which platform the customer is using. This is an example of a ________. (D1, L1.4.2) A)Law B)Procedure C)Standard D)Policy - Correct Answer-B is correct. This is a set of instructions to perform a particular task, so it is a procedure (several procedures, actually—one for each platform). A is incorrect; the instructions are not a governmental mandate. C is incorrect, because the instructions are particular to a specific product, not accepted throughout the industry. D is incorrect, because the instructions are not particular to a given organization. The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a _________. (D1, L1.4.1) A)Policy B)Procedure C)Standard D)Law - Correct Answer-B is correct. A detailed set of processes used by a specific organization is a procedure. A is incorrect; the policy is the overarching document that requires the procedure be created and implemented. C is incorrect. The procedure is not recognized and implemented throughout the industry; it is used internally. D is incorrect; the procedure was created by Triffid Corporation, not a governmental body. Chad is a security practitioner tasked with ensuring that the information on the organization's public website is not changed by anyone outside the organization. This task is an example of ensuring _________. (D1, L1.1.1) A)Confidentiality B)Integrity C)Availability D)Confirmation - Correct Answer-B is correct. Preventing unauthorized modification is the definition of integrity. A is incorrect because the website is not meant to be secret; it is open to the public. C is incorrect because Chad is not tasked with ensuring the website is accessible, only that the information on it is not changed. D is incorrect because "confirmation" is not a typical security term, and is used here only as a distractor. The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers' personal data. This set of rules is a _____. (D1, L1.4.2) A)Law B)Policy C)Standard D)Procedure - Correct Answer-C is correct. This set of rules is known as the Data Security Standard, and it is accepted throughout the industry. A is incorrect, because this set of rules was not issued by a governmental body. B is incorrect, because the set of rules is not a strategic, internal document published by senior leadership of a single organization. D is incorrect, because the set of rules is not internal to a given organization and is not limited to a single activity. Olaf is a member of (ISC)² and a security analyst for Triffid Corporation. During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid. What should Olaf do? (D1, L1.5.1) A)Tell the auditors the truth B)Ask supervisors for guidance C)Ask (ISC)² for guidance D)Lie to the auditors - Correct Answer-A is the best answer. The (ISC)² Code of Ethics requires that members "act honorably, honestly, justly, responsibly" and also "advance The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is this? (D1, L1.3.1) A)Administrative B)Entrenched C)Physical D)Technical - Correct Answer-D is correct. A GPS unit is part of the IT environment, so this is a technical control. A is incorrect. The GPS unit itself is not a rule or a policy or a process; it is part of the IT environment, so D is a better answer. B is incorrect; "entrenched" is not a term commonly used to describe a particular type of security control, and is used here only as a distractor. C is incorrect; while a GPS unit is a tangible object, it is also part of the IT environment, and it does not interact directly with other physical objects in order to prevent action, so "technical" is a better descriptor, and D is a better answer. Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1) A)Administrative B)Finite C)Physical D)Technical - Correct Answer-A is correct. Both the policy and the instruction are administrative controls; rules and governance are administrative. B is incorrect; "finite" is not a term commonly used to describe a particular type of security control, and is used here only as a distractor. C is incorrect; training is not a tangible object, so this is not a physical control. D is incorrect; training is not part of the IT environment, so it is not a technical control. The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company's commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security. The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2) A)Law, policy B)Policy, standard C)Policy, law D)Procedure, procedure - Correct Answer-B is the correct answer. The Triffid document is a strategic, internal rule published by senior management; this is a policy. The SANS documents are industry best practices recognized globally; these are standards. A and C are incorrect, because neither document was issued by a governmental body, so they are not laws. D is incorrect because neither document is a detailed set of instructions, so they are not procedures. Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________. (D1, L1.2.2) A)Risk tolerance B)Risk inversion C)Threat D)Vulnerability - Correct Answer-A is correct. Phrenal has decided there is an acceptable level of risk associated with the online sale of the laptop; this is within Phrenal's risk tolerance. B is incorrect; "risk inversion" is a term with no actual meaning, and is used here only as a distractor. C is incorrect; a threat is something or someone that poses risk—the sale of the laptop does not pose risk to Phrenal, only a lesser or greater benefit. D is incorrect; the sale of the laptop is not an avenue of attack against Phrenal. A bollard is a post set securely in the ground in order to prevent a vehicle from entering an area or driving past a certain point. Bollards are an example of ______ controls. (D1, L1.3.1) A)Physical B)Administrative C)Drastic D)Technical - Correct Answer-A is correct. A bollard is a tangible object that prevents a physical act from occurring; this is a physical control. B and D are incorrect because the bollard is a physical control, not administrative or technical. C is incorrect: "drastic" is not a term commonly used to describe a particular type of security control, and is used here only as a distractor. Of the following, which would probably not be considered a threat? (D1, L1.2.1) A)Natural disaster B)Unintentional damage to the system caused by a user C)A laptop with sensitive data on it D)An external attacker trying to gain unauthorized access to the environment - Correct Answer-C is correct. A laptop, and the data on it, are assets, not threats. All the other answers are examples of threats, as they all have the potential to cause adverse impact to the organization and the organization's assets. Jengi is setting up security for a home network. Jengi decides to configure MAC address filtering on the router, so that only specific devices will be allowed to join the network. This is an example of a(n)_______ control. (D1, L1.3.1) A)Physical B)Administrative C)Substantial D)Technical - Correct Answer-D This is a difficult question, because it may seem as if there are two possible answers: the router enforces a set of rules as to which MAC addresses may be included on the network, so that sounds like an administrative control. However, the router is an IT system, so that seems as if it is a technical control. In fact, it is considered the latter. In general, it is best to consider the matter this way: if it has a power cord, or electricity running through it, it's a technical control. So D is the correct answer. A is incorrect; while the router is a tangible object, it does not act on the physical realm, affecting other tangible objects; it's an electronic device that is part of the IT environment. C is incorrect; "substantial" is not a term commonly used to describe a particular type of security control, and is used here only as a distractor. Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel. This is an example of _________. (D1, L1.2.2) A)Acceptance B)Avoidance C)Mitigation D)Transference - Correct Answer-A is correct. Sophia is accepting the risk that the money will be lost, even though the likelihood is high; Sophia has decided that the potential benefit (winning the bet), while low in likelihood, is worth the risk. B is incorrect; if Sophia used avoidance, Sophia would not place the bet. C is incorrect; mitigation involves applying a control to reduce the risk. There is no practical (or legal) way to reduce the risk that Sophia will lose the bet. D is incorrect; if Sophia wanted to transfer the risk, Sophia might ask some friends to each put up a portion of the bet, so that they would all share the loss (or winnings) from the bet. What is the goal of an incident response effort? (D2, L2.1.1) A)No incidents ever happen B)Reduce the impact of incidents on operations C)Punish wrongdoers D)Save money - Correct Answer-B is correct. The overall incident response effort is to reduce the impact incidents might have on the organization's operations. A is incorrect; there is no such thing as "zero risk" or "100% security." C is incorrect; security practitioners are neither law enforcers nor superheroes. D is incorrect; incident response efforts may actually cost the organization more money than the impact of a given incident or set of incidents - "impact" can be measured in other ways than monetary results. What is the overall objective of a disaster recovery (DR) effort? (D2, L2.3.1) A)Save money Guillermo logs onto a system and opens a document file. In this example, Guillermo is: (D3, L3.1.1) A)The subject B)The object C)The process D)The software - Correct Answer-A is correct. Guillermo is the subject in this example. B is incorrect; in this example, the file is the object. C is incorrect; in this example, the process is logging on and opening the file. D is incorrect; in this example, the application used to open the file is the software. Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the ACL? (D3, L3.1.1) A)The subject B)The object C)The rule D)The firmware - Correct Answer-C is correct. The ACL, in this case, acts as the rule in the subject-object-rule relationship. It determines what Prachi is allowed to do, and what Prachi is not permitted to do. A and B are incorrect, because the ACL is the rule in this case. D is incorrect, because firmware is not typically part of the subject-object-rule relationship, and the ACL is not firmware in any case. Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that Suvid has to reset the password. What may have occurred to cause this? A)Suvid broke the law B)Suvid's password has expired C)Suvid made the manager angry D)Someone hacked Suvid's machine - Correct Answer-Typically, users are required to reset passwords when the password has reached a certain age. Permanent passwords are more likely to be compromised or revealed. B is the correct answer. A, C and D are incorrect; these are not likely reasons to require password refresh. Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina's selection and determine whether to approve the purchase. This is a description of: (D3, L3.1.1) A)Two-person integrity B)Segregation of duties C)Software D)Defense in depth - Correct Answer-B is correct. Segregation of duties, also called separation of duties, is used to reduce the potential for corruption or fraud within the organization. More than one person must be involved in a given process in order to complete that process. A is incorrect; Trina and the manager are not both required to be present for the transaction. C is incorrect; software is a term used to describe programs and applications. D is incorrect; defense in depth is the use of multiple (and multiple types of) overlapping security controls to protect assets. Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the database? (D3, L3.1.1) A)The object B)The rule C)The subject D)The site - Correct Answer-A is correct. Prachi is manipulating the database, so the database is the object in the subject-object-rule relationship in this case. B and C are incorrect, because the database is the object in this situation. D is incorrect because "site" has no meaning in this context. Which of the following is a biometric access control mechanism? (D3, L3.2.1) A)A badge reader B)A copper key C)A fence with razor tape on it D)A door locked by a voiceprint identifier - Correct Answer-D is correct. A lock that opens according to a person's voice is a type of biometric access control. A, B and C are all access control mechanisms, but none of them are based on unique physiological characteristics of a person, so they are not biometric systems. Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachis logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. Which security concept is being applied in this situation? (D3, L3.1.1) A)Defense in depth B)Layered defense C)Two-person integrity D)Least privilege - Correct Answer-D is correct. This is an example of least privilege; Prachi needs to be able to add or delete users from the database in order to perform as a database administrator, but does not need to view or modify the data in the database itself in order to perform the job. A and B are incorrect; "defense in depth" and "layered defense" are two terms that mean the same thing: multiple (and multiple types of) overlapping controls to protect assets. Nothing in the question describes multiple controls. C is incorrect; no second person is involved in Prachi's activity. Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a "classification." Every person in the agency is assigned a "clearance" level, which determines the classification of data each person can access. What is the access control model being implemented in Tekila's agency? (D3, L3.3.1) A)MAC (mandatory access control) B)DAC (discretionary access control) C)RBAC (role-based access control) D)FAC (formal access control) - Correct Answer-This is an example of how MAC can be implemented. A is the correct answer. B is incorrect; in discretionary access control, operational managers are granted authority to determine which personnel have access to assets the manager controls. C is incorrect; in RBAC, personnel might not have clearance levels, and assets might not have classifications. D is incorrect; FAC is not a term used in this context, and is only included here as a distractor. Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why? (D3, L3.3.1) A)Gary is being punished B)The network is tired C)Users remember their credentials if they are given time to think about it D)Gary's actions look like an attack - Correct Answer-Repeated login attempts can resemble an attack on the network; attackers might try to log in to a user's account multiple times, using different credentials, in a short time period, in an attempt to determine the proper credentials. D is correct. A is incorrect; security policies and processes are not intended to punish employees. B is incorrect; IT systems do not get tired. C is incorrect; the delay is not designed to help users remember credentials. A _____ is a record of something that has occurred. (D3, L3.2.1) A)Biometric B)Law C)Log D)Firewall - Correct Answer-C is correct. This is a description of a log. A is incorrect; "biometrics" is a term used to describe access control systems that use physiological traits of individuals in order to grant/deny access. B is incorrect; laws are legal mandates. D is incorrect; a firewall is a device for filtering traffic. For biometric security to function properly, an authorized person's physiological data must be ______. (D3, L3.2.1) A)Broadcast C)Anti-malware D)Badge system - Correct Answer-Firewalls can often identify hostile inbound traffic, and potentially counter it. A is the correct answer. B and D are incorrect; these are physical controls and aren't effective in identifying/countering communications attacks. C is incorrect; anti-malware is not typically useful in countering attacks that employ excess traffic as an attack mechanism. To adequately ensure availability for a data center, it is best to plan for both resilience and _______ of the elements in the facility. (D4.3 L4.3.1) A)Uniqueness B)Destruction C)Redundancy D)Hue - Correct Answer-C is correct. Availability is enhanced by ensuring that elements of the data center are replicated, in case any given individual element fails. A is incorrect; this is the opposite of redundancy—is any single element is unique, that could become a single point of failure and affect the overall operation. B is incorrect; while secure destruction is worth planning for, that will come at the end of the system life cycle and is not part of ensuring availability. D is incorrect; we generally don't care what color the elements of a data center are. "Wiring _____" is a common term meaning "a place where wires/conduits are often run, and equipment can be placed, in order to facilitate the use of local networks." (D4.3 L4.3.1) A)Shelf B)Closet C)Bracket D)House - Correct Answer-"Wiring closet" is the common term used to described small spaces, typically placed on each floor of a building, where IT infrastructure can be placed. A, C and D are incorrect; these are not common terms used in this manner. Which of the following would be best placed in the DMZ of an IT environment? (D4.3 L4.3.3) A)User's workplace laptop B)Mail server C)Database engine D)SIEM log storage - Correct Answer-B is correct; devices that must often interact with the external environment (such as a mail server) are typically best situated in the DMZ. A, C and D are incorrect; devices that contain sensitive or valuable information are typically best placed well inside the perimeter of the IT environment, away from the external world and the DMZ. An IoT (Internet of Things) device is typified by its effect on or use of the _____ environment. (D4.3 L4.3.3) A)Philosophical B)Remote C)Internal D)Physical - Correct Answer-IoT devices typically have some interaction with the physical realm, either by having some physical effect (a vacuum cleaner, refrigerator, light) or by monitoring the physical environment itself (a camera, sensor, etc.). A, B and C are incorrect; IoT is typified by effects on or use of the physical environment. Cheryl is browsing the Web. Which of the following protocols is she probably using? (D4, L4.1.2) A)SNMP (Simple Network Management Protocol) B)FTP (File Transfer Protocol) C)TFTP (Trivial File Transfer Protocol) D)HTTP (Hypertext Transfer Protocol) - Correct Answer-D is correct; HTTP is designed for Web browsing. A, B and C are incorrect; these are not protocols designed to handle Web browsing. Which common cloud service model offers the customer the most control of the cloud environment? (D4.3 L4.3.2) A)Lunch as a service (LaaS) B)Infrastructure as a service (IaaS) C)Platform as a service (PaaS) D)Software as a service (SaaS) - Correct Answer-B is correct; IaaS offers the customer the most control of the cloud environment, in terms of common cloud service models. A is incorrect; this is not a common cloud service model. C and D are incorrect; IaaS offers the customer more control than any other common cloud service model. A device that filters network traffic in order to enhance overall security/performance. (D4.1 L4.1.1) A)Endpoint B)Laptop C)MAC (media access control) D)Firewall - Correct Answer-Firewalls filter traffic in order to enhance the overall security or performance of the network, or both. D is the correct answer. A is incorrect; "endpoint" is the term used to describe a device involved in a networked communication, at either "end" of a conversation. B is incorrect; laptops are not typically employed to filter network traffic. C is incorrect; MAC is the physical address of a device on a network. A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages. (D4.1 L4.1.1) A)Router B)Switch C)Server D)Laptop - Correct Answer-A server typically offers a specific service, such as hosting web pages or managing email, and is often accessed by multiple users. C is the correct answer. A and B are incorrect; routers and switches are used to vector network traffic, not to provide specific services. D is incorrect; a laptop is typically only assigned to a single user. A VLAN is a _____ method of segmenting networks. (D4.3 L4.3.3) A)Secret B)Physical C)Regulated D)Logical - Correct Answer-VLANs use logical mechanisms to segment networks. D is the correct answer. A, B and C are incorrect; VLANs use logical mechanisms to segment networks. Triffid, Inc., has many remote workers who use their own IT devices to process Triffid's information. The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize and identify potential security issues. Which of the following is probably most appropriate for this specific purpose? (D4.2 L4.2.2) A)HIDS (host-based intrusion-detection systems) B)NIDS (network-based intrusion-detection systems) C)LIDS (logistical intrusion-detection systems) D)Firewalls - Correct Answer-Host-based intrusion-detection systems are expressly designed for this purpose; each HIDS is installed on each endpoint machine. A is the correct answer. B is incorrect; NIDS are useful for monitoring internal traffic, but a HIDS would be better for distributed users/devices. C is incorrect; LIDS is not a term standard within our industry, and was just made up and used here as a distractor. D is incorrect; firewalls limit traffic, and can be used to identify potential threats, but a HIDS is specifically intended for this purpose. A means to allow remote users to have secure access to the internal IT environment. (D4.3 L4.3.3) A)Internet B)VLAN C)MAC D)VPN - Correct Answer-D is correct; a virtual private network protects communication traffic over untrusted media. A is incorrect; the internet is an untrusted medium. B is incorrect; VLANs are used to segment portions of the internal environment. C is incorrect; MAC is the physical address of a given networked device. A tool that filters inbound traffic to reduce potential threats. (D4.2 L4.2.3) B)Privacy C)Inverting D)Labeling - Correct Answer-Labeling is the practice of annotating assets with classification markings. D is the correct answer. A is incorrect; "secrecy" is too broad a term in this context, and not accurate—the markings are visible. B is incorrect; privacy is associated with information that identifies a specific person (or specific people). C is incorrect; this term has no meaning in this context, and is used here only as a distractor. Log data should be kept ______. (D5.1, L5.1.2) A)On the device that the log data was captured from B)In an underground bunker C)In airtight containers D)On a device other than where it was captured - Correct Answer-D is the correct answer. Log data can often be useful in diagnosing or investigating the device it was captured from; it is therefore useful to store the data away from the device where it was harvested, in case something happens to the source device. A is incorrect; if something happens to the source machine, the log data may be affected if it is stored on the source. B is incorrect; log data may be stored underground, aboveground, underwater, in the sky, or in orbit, as long as it is stored securely. C is incorrect; airtight seals do not affect log data positively or negatively. Security controls on log data should reflect ________. (D5.1, L5.1.2) A)The organization's commitment to customer service B)The local culture where the log data is stored C)The price of the storage device D)The sensitivity of the source device - Correct Answer-Log data should be protected with security as high, or higher, than the security level of the systems or devices that log was captured from. D is the correct answer. A, B and C are incorrect; these are not qualities that dictate security level of protection on log data. The output of any given hashing algorithm is always _____. (D5.1, L5.1.3) A)The same length B)The same characters C)The same language D)Different for the same inputs - Correct Answer-Hashing algorithms create output of a fixed length. A is the correct answer. B is incorrect; the characters in the output will change depending on the input. C is incorrect; hashing algorithms do not create output in any particular language—usually, the output is a mix of alphanumeric characters. D is incorrect; hash outputs should be the same when the same input is used. ______ is used to ensure that configuration management activities are effective and enforced. (D5.2, L5.2.1) A)Inventory B)Baseline C)Identification D)Verification and audit - Correct Answer-Verification and audit are methods we use to review the IT environment to ensure that configuration management activities have taken place and are achieving their intended purpose. D is the correct answer. A, B and C are incorrect; while these are terms related to configuration management, the answer is verification and audit. Data _____ is data left behind on systems/media after normal deletion procedures have been attempted. (D5.1, L5.1.1) A)Fragments B)Packets C)Remanence D)Residue - Correct Answer-C is correct. Data remanence is the term used to describe data left behind on systems/media after normal deletion procedures have been attempted. Archiving is typically done when _________. (D5.1, L5.1.1) A)Data is ready to be destroyed B)Data has lost all value C)Data is not needed for regular work purposes D)Data has become illegal - Correct Answer-Archiving is the action of moving data from the production environment to long-term storage. C is the correct answer. A, B and C are incorrect. Archived data still has value and is not ready to be destroyed; it is just not used on a regular basis. Illegal data should not be in the environment at all. Data retention periods apply to ____ data. (D5.1, L5.1.1) A)Medical B)Sensitive C)All D)Secret - Correct Answer-All data should have specific retention periods (even though retention periods may differ for various types of data). C is the correct answer. A, B and D are incorrect; retention periods affect all data Hashing is often used to provide _______. (D5.1, L5.1.3) A)Confidentiality B)Integrity C)Availability D)Value - Correct Answer-Hashing is used for integrity checks. B is the correct answer. A, C and D are incorrect; hashing only provides integrity. The organization should keep a copy of every signed Acceptable Use Policy (AUP) on file, and issue a copy to _______. (D5.3, L5.3.1) A)The user who signed it B)The regulators overseeing that industry C)Lawmakers D)The Public Relations office - Correct Answer-The AUP is an agreement between the user and the organization, so both parties need to keep a copy of it. A is the correct answer. B, C and D are incorrect; those entities are not party to the agreement, and should therefore not receive a copy. You are working in your organization's security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. This is an example of a(n)_______. (D2, L2.1.1) Question options: A)Emergency B)Event C)Policy D)Disaster - Correct Answer-B) The user has reported that something measurable has occurred; at this point, we are not sure what it might be (if it is a normal occurrence, or something that poses adverse impact), so the best description is "event." You are working in your organization's security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. After a brief investigation, you determine that the user's account has been compromised. This is an example of a(n)_______. (D2, L2.1.1) A)Risk management B)Incident detection C)Malware D)Disaster - Correct Answer-B) The user's report and the subsequent identification of the problem constitute incident detection. An external entity has tried to gain access to your organization's IT environment without proper authorization. This is an example of a(n) _________. (D2, L2.1.1) A)Exploit B)Intrusion C)Event D)Malware - Correct Answer-B) An intrusion is an attempt, successful or otherwise, to gain unauthorized access. When responding to a security incident, your team determines that the vulnerability that was exploited was not widely known to the security community, and that there are no