Exam ALL ANSWERS 100% CORRECT AID GRADE ‘A’

• Question 1 One of the processes designed to eradicate maximum possible security risks is to , which limits access credentials to the minimum required to conduct any activity and ensures that access is authenticated to particular individuals. Selected Answer: hard en Correct Answer: hard en • Question 2 0 out of 2 points One of seven domains of a typical IT infrastructure is the user domain. Within that domain is a range of user types, and each type has specific and distinct access needs. Which of the following types of users has the responsibility of creating and putting into place a security program within an organization? Selected Answer: systems administrators Correct Answer: security personnel • Question 3 2 out of 2 points Which of the following user types is responsible for audit coordination and response, physical security and building operations, and disaster recovery and contingency planning? Selected Answer: security personnel Correct Answer: security personnel • Question 4 Imagine a scenario in which an employee regularly shirks the 0 out of 2 points organization’s established security policies in favor of convenience. What does this employee’s continued violation suggest about the culture of risk management in the organization? Selected Answer: that the employee requires further training to gain a deeper knowledge of the policies Correct Answer: that the organization lacks a good risk culture wherein employees have “buy in” • Question 5 0 out of 2 points Which of the following user groups has both the business needs of being able to access the systems, network, and application to complete contracted services, and access capability that is limited to particular sections of the systems, network, and application? Selected Answer: guests and general public Correct Answer: vendors • Question 6 2 out of 2 points Security policies that clarify and explain how rights are assigned and approved among employees can ensure that people have only the access needed for their jobs. Which of the following is not accomplished when prior access is removed? Selected Answer: minimizes future instances of human error Correct Answer: minimizes future instances of human error • Question 7 0 out of 2 points Aside from human user types, there are two other non-human user groups. Known as account types, are accounts implemented by the system for the purpose of supporting automated service, and are accounts that remain non-human until individuals are assigned access and can use them to recover a system following a major outage. Selected Answer: control partners, system accounts Correct Answer: system accounts, contingent IDs • Question 8 2 out of 2 points Which of the following is the most important reason why data needs to be both retrievable and properly stored? Selected Answer: Companies need to maintain data or the purpose of keeping an audit trail. Correct Answer: Companies need to maintain data or the purpose of keeping an audit trail. • Question 9 0 out of 2 points There are many different types of automated controls that are configured into devices for the purpose of enforcing a security policy. Which of the following is not an automated control? Selected Answer: network segmentation Correct Answer: log reviews • Question 10 0 out of 2 points One of the different manual controls necessary for managing risk is , which is a type of formal management verification. In the process, management confirms that a condition is present and that security controls and policies are in place. Selected Answer: background checks Correct Answer: attestation • Question 11 2 out of 2 points The information security organization performs a significant role in the implementation of solutions that mitigate risk and control solutions. Because the security organization institutes the procedures and policies to be executed, they occupy role of . Selected Answer: Correct subject matter expert (SME) Answer: subject matter expert (SME) • Question 12 0 out of 2 points are responsible for the monitoring of activities the pre, middle, and post stages of goal implementation, whereas are responsible for the monitoring of activities following the implementation and are called upon to evaluate whether or not the goals have been achieved. Selected Answer: Project committees, management committees Correct Answer: Management committees, government committees • Question 13 2 out of 2 points The executive management has the responsibility of connecting many lines of business to bring resolution to strategy business issues. However, their ultimate responsibility is to . Selected Answer: enforce policies at the executive and enterprise levels Correct Answer: enforce policies at the executive and enterprise levels • Question 14 0 out of 2 points There are number of issues to consider when composing security policies. One such issue concerns the use of security devices. One such device is a , which is a network security device with characteristics of a decoy that serves as a target that might tempt a hacker. Selected Answer: threat vector Correct Answer: honeypot • Question 15 0 out of 2 points A is an apparatus for risk management that enables the organization to comprehend its risks and how those risks might impact the business. Selected Answer: risk mitigation assess self-assessment (RMASA) Correct Answer: risk and control self-assessment (RCSA) • Question 16