Cybersecurity Analyst Certification Exam
Questions and Correct Answers (Verified
Answers)|| GRADED A+|| GUARANTEED
PASS
Mark is attempting to evaluate the potential impact of a firewall breach at his company.
He is only looking at the relationship between the threats, vulnerabilities, and controls to
evaluate the impact of a hypothetical breach. What type of approach to risk analysis is
this? -CORRECTANSWER Qualitative
Mark is using the qualitative approach which uses descriptions and words to measure
the likelihood and impact of a risk. Examining the relationships between threats,
vulnerabilities, and controls without quantitative measurements is a qualitative
approach. Because some aspects of security can be difficult to measure, the qualitative
approach is commonly used.
If SLE of a risk is $25,000 and ARO occurs once every four years, then what will be the
ALE? -CORRECTANSWER $6,250
The ALE (annual loss expectancy) value is calculated by multiplying an SLE by its ARO
to determine the financial magnitude of a risk on an annual basis.
,ALE (annual loss expectancy) = SLE (single loss expectancy) X ARO (annual rate of
occurrence)
If SLE of a risk is $25,000 and ARO occurs once every four years, then ALE is $6,250
($25,000*0.25).
Rose, a security administrator, implements screen savers that lock the PC after five
minutes of inactivity to help prevent unauthorized access to PC. Which of the following
controls is being described in this situation? -CORRECTANSWER Technical
The controls described in this scenario such as preventing unauthorized access to PCs
and applying screensavers that lock the PC after five minutes of inactivity is a type of a
technical control. Technical controls, also called logical controls, are hardware or
software installations implemented to monitor and prevent threats and attacks to
computer systems and services. It also includes controls such as identification and
authentication, access control, audit and accountability as well as system and
communication protection
Rosy wants to implement a security control to monitor and prevent threats and attacks
to computer systems and services. Which of the following security controls should she
implement to accomplish the task? -CORRECTANSWER Technical
,Rosy should implement technical controls to accomplish the task. Technical controls,
also called logical controls, are hardware or software installations implemented to
monitor and prevent threats and attacks to computer systems and services.
Rena works as a security analyst for a company. She determines that an overseas
branch office within the company has more technical and non-technical security
incidents than other parts of the company. Which of the following management controls
she can use to improve the security of the branch office? -CORRECTANSWER
Continuous monitoring processes
Rena should perform continuous monitoring processes to improve the security of the
branch office. Continuous monitoring involves regular measurements of network traffic
levels, routine evaluations for regulatory compliance, and checks of network security
device configurations. It defines exactly what events and environments should be
monitored based on a prior risk analysis. It also points toward the never-ending review
of what resources a user actually accesses, which is critical for preventing insider
threats.
A company is hiring a penetration tester and wants to exclude social engineering from
the list of authorized activities. Which of the following documents should include these
details? -CORRECTANSWER SLA
, SLA (Service-level Agreement) document includes all of these details. SLA defines what
services are to be provided to the client, and what support, if any, will be provided.
Services may include everything from hardware and software to human resources. A
strong SLA will outline basic service expectations for liability purposes. The document
may include timeframes within which failures will be repaired or serviced; guarantees of
uptime; or, in the case of a network provider, guarantees of data upload and download
rates.
A company has purchased a new system, but security personnel are spending a lot of
time on system maintenance. A new third party vendor has been appointed for
maintaining the company's system. Which of the following documents should be created
before assigning the job to the vendor? -CORRECTANSWER SLA
The SLA (Service Level Agreement) should be created before assigning the job to the
vendor. This document is a one way to obtain guarantee as to what level of service the
third-party vendor is agreeing to provide. It also specifies the uptime, response time,
and maximum outage time that both parties are agreeing to.
To gain more insights into the processes of a company, the company changes the
positions of employees. Which of the following is an example of this practice? -
CORRECTANSWER Job rotation
Questions and Correct Answers (Verified
Answers)|| GRADED A+|| GUARANTEED
PASS
Mark is attempting to evaluate the potential impact of a firewall breach at his company.
He is only looking at the relationship between the threats, vulnerabilities, and controls to
evaluate the impact of a hypothetical breach. What type of approach to risk analysis is
this? -CORRECTANSWER Qualitative
Mark is using the qualitative approach which uses descriptions and words to measure
the likelihood and impact of a risk. Examining the relationships between threats,
vulnerabilities, and controls without quantitative measurements is a qualitative
approach. Because some aspects of security can be difficult to measure, the qualitative
approach is commonly used.
If SLE of a risk is $25,000 and ARO occurs once every four years, then what will be the
ALE? -CORRECTANSWER $6,250
The ALE (annual loss expectancy) value is calculated by multiplying an SLE by its ARO
to determine the financial magnitude of a risk on an annual basis.
,ALE (annual loss expectancy) = SLE (single loss expectancy) X ARO (annual rate of
occurrence)
If SLE of a risk is $25,000 and ARO occurs once every four years, then ALE is $6,250
($25,000*0.25).
Rose, a security administrator, implements screen savers that lock the PC after five
minutes of inactivity to help prevent unauthorized access to PC. Which of the following
controls is being described in this situation? -CORRECTANSWER Technical
The controls described in this scenario such as preventing unauthorized access to PCs
and applying screensavers that lock the PC after five minutes of inactivity is a type of a
technical control. Technical controls, also called logical controls, are hardware or
software installations implemented to monitor and prevent threats and attacks to
computer systems and services. It also includes controls such as identification and
authentication, access control, audit and accountability as well as system and
communication protection
Rosy wants to implement a security control to monitor and prevent threats and attacks
to computer systems and services. Which of the following security controls should she
implement to accomplish the task? -CORRECTANSWER Technical
,Rosy should implement technical controls to accomplish the task. Technical controls,
also called logical controls, are hardware or software installations implemented to
monitor and prevent threats and attacks to computer systems and services.
Rena works as a security analyst for a company. She determines that an overseas
branch office within the company has more technical and non-technical security
incidents than other parts of the company. Which of the following management controls
she can use to improve the security of the branch office? -CORRECTANSWER
Continuous monitoring processes
Rena should perform continuous monitoring processes to improve the security of the
branch office. Continuous monitoring involves regular measurements of network traffic
levels, routine evaluations for regulatory compliance, and checks of network security
device configurations. It defines exactly what events and environments should be
monitored based on a prior risk analysis. It also points toward the never-ending review
of what resources a user actually accesses, which is critical for preventing insider
threats.
A company is hiring a penetration tester and wants to exclude social engineering from
the list of authorized activities. Which of the following documents should include these
details? -CORRECTANSWER SLA
, SLA (Service-level Agreement) document includes all of these details. SLA defines what
services are to be provided to the client, and what support, if any, will be provided.
Services may include everything from hardware and software to human resources. A
strong SLA will outline basic service expectations for liability purposes. The document
may include timeframes within which failures will be repaired or serviced; guarantees of
uptime; or, in the case of a network provider, guarantees of data upload and download
rates.
A company has purchased a new system, but security personnel are spending a lot of
time on system maintenance. A new third party vendor has been appointed for
maintaining the company's system. Which of the following documents should be created
before assigning the job to the vendor? -CORRECTANSWER SLA
The SLA (Service Level Agreement) should be created before assigning the job to the
vendor. This document is a one way to obtain guarantee as to what level of service the
third-party vendor is agreeing to provide. It also specifies the uptime, response time,
and maximum outage time that both parties are agreeing to.
To gain more insights into the processes of a company, the company changes the
positions of employees. Which of the following is an example of this practice? -
CORRECTANSWER Job rotation
