C726 - REVIEW EXAM QUESTIONS WITH COMPLETE
SOLUTIONS GUARANTEED PASS
Nonrepudiation - ANSWER ->Use of digital signatures
Standards - ANSWER ->Document stating that employees who
..... must .....
Guideline - ANSWER ->example: security documentation offers
recommendations and suggestions on creating a strong
password
Noncompete agreement - ANSWER ->Agreements that restrict
employees from competing with the employer following
termination of employment.
Accountability - ANSWER ->security concept includes the
process of reviewing the activities of an identity
Identification - ANSWER ->(username)
CIA plus AAA - ANSWER ->
A company plans to implement a new authentication system for
customers accessing the company website. When customers
log on, the website indicates that it sent a text message that
includes a code to the customer's mobile phone. To complete
,the log-on process, the customer is required to enter the
appropriate code within five minutes. - ANSWER ->
Time-Based one-time password
Which security concept controls access to the network? -
ANSWER ->Provide individuals access after they supply a
username and password
Risk management - ANSWER ->process identifies factors that
could damage or disclose data, evaluates those factors
considering data value and countermeasure cost, and
implements cost-effective solutions
purpose of threat modeling tools - ANSWER ->To consider the
range of compromise concerns and focus on the end result of
an attack
SLE - ANSWER ->
Asset value - ANSWER ->
Deterrence - ANSWER ->A company discovers that employees
are accessing restricted areas. To discourage employees, the
security manager posts restricted access signs
Avoidance - ANSWER ->A company hires a consulting group to
perform a security audit on its network. The audit finds that the
,email servers are vulnerable to SMTP relay attacks. The
company decides to migrate email services to a cloud-based
provider and decommission the email servers.
Rejection - ANSWER ->A private company identifies a risk with a
high-value asset. A threat has been reported to be attacking
only government entities. The company's board of directors has
concluded that the threat will likely never materialize for
private companies, and that nothing should be done about it.
Risk Assessment Life Cycle (steps) - ANSWER ->Security
categorization
Security control selection
Security control implementation
Security control assessment
Information system authorization
Security control monitoring
risk management framework - ANSWER ->A guideline or recipe
for how risk is to be assessed, resolved, and monitored
Private - ANSWER ->Which data classification would cause
serious damage to the mission of an organization, is less
damaging than
its highest classification, and is the label used by most
organizations for the classification of PII and PHI data?
, Public - ANSWER ->The document policy of an organization is
that there is no negative impact if documents are released
outside the organization.
smart card - ANSWER ->Logical /Technical control
honeypot - ANSWER ->Deterctive control
Locks - ANSWER ->Physical
Background checks - ANSWER ->Administrative controls
Open Authentication (OAuth 2.0) - ANSWER ->identity
technology is an open request for comments (RFC) standard
that provides access delegation of online websites
Federated identity management (FIM) - ANSWER ->identity
management solution allows multiple organizations to share
identities based on a common method
credential management system - ANSWER ->solution that
allows employees to store usernames and passwords
Discretionary - ANSWER ->The vice president of a company
distributes corporate policies by emailing employees links to
the files. An IT professional needs to implement a solution that
SOLUTIONS GUARANTEED PASS
Nonrepudiation - ANSWER ->Use of digital signatures
Standards - ANSWER ->Document stating that employees who
..... must .....
Guideline - ANSWER ->example: security documentation offers
recommendations and suggestions on creating a strong
password
Noncompete agreement - ANSWER ->Agreements that restrict
employees from competing with the employer following
termination of employment.
Accountability - ANSWER ->security concept includes the
process of reviewing the activities of an identity
Identification - ANSWER ->(username)
CIA plus AAA - ANSWER ->
A company plans to implement a new authentication system for
customers accessing the company website. When customers
log on, the website indicates that it sent a text message that
includes a code to the customer's mobile phone. To complete
,the log-on process, the customer is required to enter the
appropriate code within five minutes. - ANSWER ->
Time-Based one-time password
Which security concept controls access to the network? -
ANSWER ->Provide individuals access after they supply a
username and password
Risk management - ANSWER ->process identifies factors that
could damage or disclose data, evaluates those factors
considering data value and countermeasure cost, and
implements cost-effective solutions
purpose of threat modeling tools - ANSWER ->To consider the
range of compromise concerns and focus on the end result of
an attack
SLE - ANSWER ->
Asset value - ANSWER ->
Deterrence - ANSWER ->A company discovers that employees
are accessing restricted areas. To discourage employees, the
security manager posts restricted access signs
Avoidance - ANSWER ->A company hires a consulting group to
perform a security audit on its network. The audit finds that the
,email servers are vulnerable to SMTP relay attacks. The
company decides to migrate email services to a cloud-based
provider and decommission the email servers.
Rejection - ANSWER ->A private company identifies a risk with a
high-value asset. A threat has been reported to be attacking
only government entities. The company's board of directors has
concluded that the threat will likely never materialize for
private companies, and that nothing should be done about it.
Risk Assessment Life Cycle (steps) - ANSWER ->Security
categorization
Security control selection
Security control implementation
Security control assessment
Information system authorization
Security control monitoring
risk management framework - ANSWER ->A guideline or recipe
for how risk is to be assessed, resolved, and monitored
Private - ANSWER ->Which data classification would cause
serious damage to the mission of an organization, is less
damaging than
its highest classification, and is the label used by most
organizations for the classification of PII and PHI data?
, Public - ANSWER ->The document policy of an organization is
that there is no negative impact if documents are released
outside the organization.
smart card - ANSWER ->Logical /Technical control
honeypot - ANSWER ->Deterctive control
Locks - ANSWER ->Physical
Background checks - ANSWER ->Administrative controls
Open Authentication (OAuth 2.0) - ANSWER ->identity
technology is an open request for comments (RFC) standard
that provides access delegation of online websites
Federated identity management (FIM) - ANSWER ->identity
management solution allows multiple organizations to share
identities based on a common method
credential management system - ANSWER ->solution that
allows employees to store usernames and passwords
Discretionary - ANSWER ->The vice president of a company
distributes corporate policies by emailing employees links to
the files. An IT professional needs to implement a solution that
