(ISC)2 Practice Exam 3, Exams of Sales Management

(ISC)2 Practice Exam 3 WITH ANSWERS

Typology: Exams

2025/2026

Available from 06/03/2026

Prof.-Robert-Atkins
Prof.-Robert-Atkins 🇺🇸

5

(2)

14K documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
(ISC)2 Practice Exam 3
What is meant by non-repudiation? (D1, L1.1.1) - ANSWER -If a user
does something, they can't later claim that they didn't do it.
The concept of "secrecy" is most related to which foundational aspect
of security? (D1, L1.1.1) - ANSWER -Confidentiality
Siobhan is deciding whether to make a purchase online; the vendor
wants Siobhan to create a new user account, and is requesting
Siobhan's full name, home address, credit card number, phone number,
email address, the ability to send marketing messages to Siobhan, and
permission to share this data with other vendors. Siobhan decides that
the item for sale is not worth the value of Siobhan's personal
information, and decides to not make the purchase.
What kind of risk management approach did Siobhan make? (D1,
L1.2.2) - ANSWER -avoidance
Which of the following is NOT one of the four typical ways of managing
risk? (D1, L1.2.1) - ANSWER -Conflate
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download (ISC)2 Practice Exam 3 and more Exams Sales Management in PDF only on Docsity!

(ISC)2 Practice Exam 3

What is meant by non-repudiation? (D1, L1.1.1) - ANSWER - If a user does something, they can't later claim that they didn't do it. The concept of "secrecy" is most related to which foundational aspect of security? (D1, L1.1.1) - ANSWER - Confidentiality Siobhan is deciding whether to make a purchase online; the vendor wants Siobhan to create a new user account, and is requesting Siobhan's full name, home address, credit card number, phone number, email address, the ability to send marketing messages to Siobhan, and permission to share this data with other vendors. Siobhan decides that the item for sale is not worth the value of Siobhan's personal information, and decides to not make the purchase. What kind of risk management approach did Siobhan make? (D1, L1.2.2) - ANSWER - avoidance Which of the following is NOT one of the four typical ways of managing risk? (D1, L1.2.1) - ANSWER - Conflate

Is it possible to avoid risk? (D1, L1.2.1) - ANSWER - Yes A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of a: (D1, L1.3.1) - ANSWER

  • Management/Administrative control Guillermo is the system administrator for a midsized retail organization. Guillermo has been tasked with writing a document that describes, step-by-step, how to securely install the operating system on a new laptop. This document is an example of a ________. (D1, L1.4.1) - ANSWER - procedure Lankesh is the security administrator for a small food-distribution company. A new law is published by the country in which Lankesh's company operates; the law conflicts with the company's policies. Which governance element should Lankesh's company follow? (D1, L1.4.2) - ANSWER - the law While taking the certification exam for this certification, you notice another candidate for the certification cheating. What should you do? (D1, L1.5.1) - ANSWER - Report the candidate to (ISC)2.

You are working in your organization's security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. This is an example of a(n)_______. (D2, L2.1.1) - ANSWER - event The Business Continuity effort for an organization is a way to ensure critical ______ functions are maintained during a disaster, emergency, or interruption to the production environment. (D2, L 2.2.1) - ANSWER - business True or False? The IT department is responsible for creating the organization's business continuity plan. (D2, L2.2.1) - ANSWER - False Which of the following is often associated with DR planning? (D2, L 2.3.1) - ANSWER - checklists Which of these components is very likely to be instrumental to any disaster recovery (DR) effort? (D2, L2.3.1) - ANSWER - backups Which of the following is very likely to be used in a disaster recovery (DR) effort? (D2, L 2.3.1) - ANSWER - data backups

Which of these activities is often associated with DR efforts? (D2, L2.3.1) - ANSWER - employees returning to the primary production location Which of the following is a subject? (D3, L3.1.1) - ANSWER - a user Duncan and Mira both work in the data center at Triffid, Inc. There is a policy in place that requires both of them to be present in the data center at the same time; if one of them has to leave for any reason, the other has to step out, too, until they can both re-enter. This is called ________. (D3, L3.1.1) - ANSWER - two-person integrity Lia works in the security office. During research, Lia learns that a configuration change could better protect the organization's IT environment. Lia makes a proposal for this change, but the change cannot be implemented until it is approved, tested, and then cleared for deployment by the Change Control Board. This is an example of __________. (D3, L3.1.1) - ANSWER - segregation of duties Clyde is the security analyst tasked with finding an appropriate physical control to reduce the possibility that unbadged people will follow badged employees through the entrance of the organization's facility. Which of the following can address this risk? (D3, L3.2.1) - ANSWER - turnstiles

A common network device used to filter traffic. (D4.1 L4.1.1) - ANSWER

  • firewall Common network device used to connect networks. (D4.1 L4.1.1) - ANSWER - router Which port number is associated with the protocol typically used in this connection? (D4.1 L4.1.2) - ANSWER - 80 A security solution that detects, identifies and often quarantines potentially hostile software. (D4.2 L4.2.3) - ANSWER - anti-malware A security solution installed on an endpoint in order to detect potentially anomalous activity. (D4.2 L4.2.2) - ANSWER - host-based intrusion prevention system An attack against the availability of a network/system; typically uses many attacking machines to direct traffic against a given target. (D4. L4.2.1) - ANSWER - distributed-denial-of-service (DDOS) Which of the following tools can be used to grant remote users access to the internal IT environment? (D4.3 L4.3.3) - ANSWER - VPN (virtual private network)

The common term used to describe the mechanisms that control the temperature and humidity in a data center. (D4.3 L4.3.1) - ANSWER - HVAC (heating, ventilation and air conditioning) A cloud arrangement whereby the provider owns and manages the hardware, operating system, and applications in the cloud, and the customer owns the data. (D4.3 L4.3.2) - ANSWER - platform as a service (PaaS) A portion of the organization's network that interfaces directly with the outside world; typically, this exposed area has more security controls and restrictions than the rest of the internal IT environment. (D4. L4.3.3) - ANSWER - demilitarized zone (DMZ) Which of the following can be used to map data flows through an organization and the relevant security controls used at each point along the way? (D5.1, L5.1) - ANSWER - data life cycle Which of the following is always true about logging? (D5.1.3, L5.1.3) - ANSWER - logs should be stored separately from the systems they're logging A mode of encryption for ensuring confidentiality efficiently, with a minimum amount of processing overhead (D5.1.2, L5.1.2) - ANSWER - symmetric