





Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
(ISC)2 Practice Exam 3 WITH ANSWERS
Typology: Exams
1 / 9
This page cannot be seen from the preview
Don't miss anything!






What is meant by non-repudiation? (D1, L1.1.1) - ANSWER - If a user does something, they can't later claim that they didn't do it. The concept of "secrecy" is most related to which foundational aspect of security? (D1, L1.1.1) - ANSWER - Confidentiality Siobhan is deciding whether to make a purchase online; the vendor wants Siobhan to create a new user account, and is requesting Siobhan's full name, home address, credit card number, phone number, email address, the ability to send marketing messages to Siobhan, and permission to share this data with other vendors. Siobhan decides that the item for sale is not worth the value of Siobhan's personal information, and decides to not make the purchase. What kind of risk management approach did Siobhan make? (D1, L1.2.2) - ANSWER - avoidance Which of the following is NOT one of the four typical ways of managing risk? (D1, L1.2.1) - ANSWER - Conflate
Is it possible to avoid risk? (D1, L1.2.1) - ANSWER - Yes A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of a: (D1, L1.3.1) - ANSWER
You are working in your organization's security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. This is an example of a(n)_______. (D2, L2.1.1) - ANSWER - event The Business Continuity effort for an organization is a way to ensure critical ______ functions are maintained during a disaster, emergency, or interruption to the production environment. (D2, L 2.2.1) - ANSWER - business True or False? The IT department is responsible for creating the organization's business continuity plan. (D2, L2.2.1) - ANSWER - False Which of the following is often associated with DR planning? (D2, L 2.3.1) - ANSWER - checklists Which of these components is very likely to be instrumental to any disaster recovery (DR) effort? (D2, L2.3.1) - ANSWER - backups Which of the following is very likely to be used in a disaster recovery (DR) effort? (D2, L 2.3.1) - ANSWER - data backups
Which of these activities is often associated with DR efforts? (D2, L2.3.1) - ANSWER - employees returning to the primary production location Which of the following is a subject? (D3, L3.1.1) - ANSWER - a user Duncan and Mira both work in the data center at Triffid, Inc. There is a policy in place that requires both of them to be present in the data center at the same time; if one of them has to leave for any reason, the other has to step out, too, until they can both re-enter. This is called ________. (D3, L3.1.1) - ANSWER - two-person integrity Lia works in the security office. During research, Lia learns that a configuration change could better protect the organization's IT environment. Lia makes a proposal for this change, but the change cannot be implemented until it is approved, tested, and then cleared for deployment by the Change Control Board. This is an example of __________. (D3, L3.1.1) - ANSWER - segregation of duties Clyde is the security analyst tasked with finding an appropriate physical control to reduce the possibility that unbadged people will follow badged employees through the entrance of the organization's facility. Which of the following can address this risk? (D3, L3.2.1) - ANSWER - turnstiles
A common network device used to filter traffic. (D4.1 L4.1.1) - ANSWER
The common term used to describe the mechanisms that control the temperature and humidity in a data center. (D4.3 L4.3.1) - ANSWER - HVAC (heating, ventilation and air conditioning) A cloud arrangement whereby the provider owns and manages the hardware, operating system, and applications in the cloud, and the customer owns the data. (D4.3 L4.3.2) - ANSWER - platform as a service (PaaS) A portion of the organization's network that interfaces directly with the outside world; typically, this exposed area has more security controls and restrictions than the rest of the internal IT environment. (D4. L4.3.3) - ANSWER - demilitarized zone (DMZ) Which of the following can be used to map data flows through an organization and the relevant security controls used at each point along the way? (D5.1, L5.1) - ANSWER - data life cycle Which of the following is always true about logging? (D5.1.3, L5.1.3) - ANSWER - logs should be stored separately from the systems they're logging A mode of encryption for ensuring confidentiality efficiently, with a minimum amount of processing overhead (D5.1.2, L5.1.2) - ANSWER - symmetric