Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

(ISC)2 Practice Exam 1 Questions with 100% Correct Answers | Verified | Updated 2024, Exams of Advanced Education

(ISC)2 Practice Exam 1 Questions with 100% Correct Answers | Verified | Updated 2024 The process of verifying or proving the user's identification is known as: - Correct Answer-Authentication Which of the following properties is NOT guaranteed by Digital Signatures? - Correct Answer-Confidentiality Which of the following Cybersecurity concepts guarantees that information is accessible only to those authorized to access it? - Correct Answer-Confidentiality Sensitivity is a measure of the ...: - Correct Answer-... importance assigned to information by its owner, or the purpose of representing its need for protection. Which of the following areas is the most distinctive property of PHI? - Correct Answer-Confidentiality Which of the following areas

Typology: Exams

2023/2024

Available from 07/11/2024

professoraxel
professoraxel 🇺🇸

3.9

(22)

7K documents

1 / 16

Toggle sidebar

Related documents


Partial preview of the text

Download (ISC)2 Practice Exam 1 Questions with 100% Correct Answers | Verified | Updated 2024 and more Exams Advanced Education in PDF only on Docsity! (ISC)2 Practice Exam 1 Questions with 100% Correct Answers | Verified | Updated 2024 The process of verifying or proving the user's identification is known as: - Correct Answer-Authentication Which of the following properties is NOT guaranteed by Digital Signatures? - Correct Answer-Confidentiality Which of the following Cybersecurity concepts guarantees that information is accessible only to those authorized to access it? - Correct Answer-Confidentiality Sensitivity is a measure of the ...: - Correct Answer-... importance assigned to information by its owner, or the purpose of representing its need for protection. Which of the following areas is the most distinctive property of PHI? - Correct Answer-Confidentiality pg. 1 professoraxe l Which of the following areas is connected to PII? - Correct Answer-Confidentiality An exploitable weakness or flaw in a system or component is a: - Correct Answer-Vulnerability The magnitude of the harm expected as a result of the consequences of an unauthorized disclosure, modification, destruction, or loss of information, is known as the: - Correct Answer-Impact Risk Management is: - Correct Answer-The identification, evaluation and prioritization of risk In risk management, the highest priority is given to a risk where: - Correct Answer-The frequency of occurrence is low, and the expected impact value is high An entity that acts to exploit a target organization's system vulnerabilities is a: - Correct Answer-Threat Actor Which of the following is an example of a technical security control? - Correct Answer-Access Control Lists pg. 2 professoraxe l Which of these has the PRIMARY objective of identifying and prioritizing critical business processes? - Correct Answer- Business Impact Analysis The predetermined set of instructions or procedures to sustain business operations after a disaster is commonly known as: - Correct Answer-Business Continuity Plan Which of these is the most efficient and effective way to test a business continuity plan? - Correct Answer-Simulations After an earthquake disrupting business operations, which document contains the procedures required to return business to normal operation? - Correct Answer-The Disaster Recovery Plan Which of these is the PRIMARY objective of a Disaster Recovery Plan? - Correct Answer-Restore company operation to the last-known reliable operation state In the event of a disaster, which of these should be the PRIMARY objective? (★) - Correct Answer-Guarantee the safety of people pg. 5 professoraxe l Which of the following is less likely to be part of an incident response team? - Correct Answer-Human Resources Which are the components of an incident response plan? - Correct Answer-Preparation -> Detection and Analysis -> Containment, Eradication and Recovery -> Post-Incident Activity In incident terminology, the meaning of Zero Day is: - Correct Answer-A previously unknown system vulnerability In which of the following phases of an Incident Recovery Plan are incident responses prioritized? - Correct Answer-Detection and Analysis Which of the following is NOT a possible model for an Incident Response Team (IRT)? - Correct Answer-Pre-existing Which security principle states that a user should only have the necessary permission to execute a task? - Correct Answer- Least Privilege pg. 6 professoraxe l Which concept describes an information security strategy that integrates people, technology and operations in order to establish security controls across multiple layers of the organization? - Correct Answer-Defense in Depth Which of these types of user is LESS likely to have a privileged account? - Correct Answer-External Worker Which of the following principles aims primarily at fraud detection? - Correct Answer-Separation of Duties Which of the following is a detection control? - Correct Answer-Smoke sensors Which of the following is an example of 2FA? - Correct Answer-One-Time Passwords (OTA) If an organization wants to protect itself against tailgating, which of the following types of access control would be most effective? - Correct Answer-Turnstiles Which access control is more effective at protecting a door against unauthorized access? - Correct Answer-Locks pg. 7 professoraxe l Which type of attack has the PRIMARY objective of encrypting devices and their data, and then demanding a ransom payment for the decryption key? - Correct Answer- Ransomware Malicious emails that aim to attack company executives are an example of: - Correct Answer-Whaling Which type of attack has the PRIMARY objective controlling the system from outside? - Correct Answer-Backdoors What does SIEM mean? - Correct Answer-Security Information and Event Manager Which of these is not an attack against an IP network? - Correct Answer-Side-Channel Attack Which devices have the PRIMARY objective of collecting and analyzing security events? - Correct Answer-SIEM pg. 10 professoraxe l Which type of attack attempts to trick the user into revealing personal information by sending a fraudulent message? - Correct Answer-Phishing Which type of attack attempts to gain information by observing the device's power consumption? (★) - Correct Answer-Side channels Which type of attack PRIMARILY aims to make a resource inaccessible to its intended users? - Correct Answer-Denials of Service What is the consequence of a Denial Of Service attack? - Correct Answer-Exhaustion of device resources Which type of attack embeds malicious payload inside a reputable or trusted software? - Correct Answer-Trojans Which of the following attacks take advantage of poor input validation in websites? - Correct Answer-Cross-Site Scripting In which cloud model does the cloud customer have LESS responsibility over the infrastructure? - Correct Answer-SaaS pg. 11 professoraxe l The cloud deployment model where a company has resources on-premise and in the cloud is known as: - Correct Answer- Hybrid cloud The SMTP protocol operates at OSI Level: - Correct Answer-7 A web server that accepts requests from external clients should be placed in which network? - Correct Answer-DMZ Which of these would be the best option if a network administrator needs to control access to a network? - Correct Answer-NAC Which of these tools is commonly used to crack passwords? (★) - Correct Answer-John the Ripper Which tool is commonly used to sniff network traffic? (★) - Correct Answer-Wireshark pg. 12 professoraxe l What is an effective way of hardening a system? - Correct Answer-Patch the system A device found not to comply with the security baseline should be: - Correct Answer-Disabled or isolated into a quarantine area until it can be checked and updated. Which of the following is a data handling policy procedure? - Correct Answer-Destroy Which of these is NOT a change management component? - Correct Answer-Governance The process that ensures that system changes do not adversely impact business operations is known as: - Correct Answer-Change Management In Change Management, which component addresses the procedures needed to undo changes? - Correct Answer- Rollback Which regulations address data protection and privacy in Europe? - Correct Answer-GDPR pg. 15 professoraxe l Which of the following is NOT a type of learning activity used in Security Awareness? - Correct Answer-Tutorial Security posters are an element PRIMARILY employed in: (★) - Correct Answer-Security Awareness Which of the following is NOT a social engineering technique? - Correct Answer-Double-dealing Which of the following is NOT an element of System Security Configuration Management? - Correct Answer-Audit logs pg. 16 professoraxe l