Cybersecurity Architecture and Engineering | Questions
and Answers | Grade A+ | 100% Correct (Verified
Solutions) Latest Update 2025
_____________________________________________________________________________________
Which of the following is not a method of network segmentation but instead defines how
communication channels are protected from infiltration and interception?
A. VLANs
B. Physical segmentation
C. Transmission control
D. Access control lists
C. Transmission control
What method is used to define permissions on a network or file but does not segment a network like
VLANs or physical segmentation?
A. Access control lists
B. Transmission control
C. VLANs
D. Physical segmentation
A. Access control lists
A disaster recovery manager wants to perform a qualitative analysis on intangible assets but is unsure
how to perform the calculations. Which departments should the manager bring on to help determine
metrics? (Select all that apply.)
1. Marketing
2. Sales
3. Human Resources
4. Communications
A) 1, 2, 3
B) 1, 2, 4
C) 2, 3, 4
D) 1, 3, 4
B) 1, 2, 4
Which department should be involved in a qualitative risk assessment to help determine the impact
of risks on an organization's reputation or brand image?
A. Sales
,B. Human Resources
C. Communications
D. Marketing
D. Marketing
Which department is well-suited to provide unique insights and assist in determining metrics during a
qualitative analysis of intangible assets?
A. Marketing
B. Sales
C. Human Resources
D. Communications
B. Sales
Which department can help a disaster recovery manager assess the value of intangible business assets
and the impact of various risk events on those assets?
A. Sales
B. Human Resources
C. Marketing
D. Communications
D. Communications
Which department does not necessarily need to participate in discussions regarding intangible metrics
during a qualitative risk assessment?
A. Marketing
B. Communications
C. Sales
D. Human Resources
D. Human Resources
A U.S. government agency has contracted a risk auditor to conduct a risk assessment. Which of the
following frameworks should the auditor use?
A. ISO 31000
B. COBIT (Control Objectives for Information and Related Technologies)
C. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
D. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
C. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
Which risk management framework is specifically designed for U.S. federal agencies to assess and
manage cybersecurity risks?
,A. COBIT (Control Objectives for Information and Related Technologies)
B. ISO 31000
C. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
D. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
C. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
Which organization is one of the largest developers of international standards, often adopted by
diverse industries to establish a common taxonomy?
A. COBIT (Control Objectives for Information and Related Technologies)
B. ISO
C. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
D. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
B. ISO
Which framework is maintained by ISACA and frames IT risk from a business leadership perspective?
A. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
B. ISO 31000
C. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
D. COBIT (Control Objectives for Information and Related Technologies)
D. COBIT (Control Objectives for Information and Related Technologies)
Which initiative involves collaboration among five private sector organizations to develop risk
management frameworks?
A. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
B. ISO 31000
C. COBIT (Control Objectives for Information and Related Technologies)
D. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
D. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
A security consultant is conducting a security assessment and is trying to communicate reasons that
flaws may exist. What are the primary categories in which these flaws exist? (Select all that apply.)
1. Communication
2. People
3. Process
4. Technology
A) 1, 2, 3
B) 1, 2, 4
C) 2, 3, 4
D) 1, 3, 4
, C) 2, 3, 4
In which major category of security flaws are people most directly impacted, making phishing one of
the most common forms of breaches?
A. Process
B. Technology
C. Communication
D. People
D. People
In which category can ambiguous processes allow attacks, such as using fraudulent emails to request
wire transfers, to occur?
A. Technology
B. Communication
C. People
D. Process
D. Process
Which major category relies on both people and processes to provide effective defenses against
security threats?
A. Communication
B. Technology
C. People
D. Process
B. Technology
Which of the following is a component of people and processes but is not considered a primary
category for finding security flaws?
A. Technology
B. People
C. Communication
D. Process
C. Communication
A security engineer works for a mid-sized retail company on the systems administration team. The
company wants to estimate the potential financial impact of a single occurrence of a web server going
down, which could lead to lost sales. What is this estimated financial impact per incident called?
A. SLE (Single Loss Expectancy)
B. Annual Loss Expectancy (ALE)
and Answers | Grade A+ | 100% Correct (Verified
Solutions) Latest Update 2025
_____________________________________________________________________________________
Which of the following is not a method of network segmentation but instead defines how
communication channels are protected from infiltration and interception?
A. VLANs
B. Physical segmentation
C. Transmission control
D. Access control lists
C. Transmission control
What method is used to define permissions on a network or file but does not segment a network like
VLANs or physical segmentation?
A. Access control lists
B. Transmission control
C. VLANs
D. Physical segmentation
A. Access control lists
A disaster recovery manager wants to perform a qualitative analysis on intangible assets but is unsure
how to perform the calculations. Which departments should the manager bring on to help determine
metrics? (Select all that apply.)
1. Marketing
2. Sales
3. Human Resources
4. Communications
A) 1, 2, 3
B) 1, 2, 4
C) 2, 3, 4
D) 1, 3, 4
B) 1, 2, 4
Which department should be involved in a qualitative risk assessment to help determine the impact
of risks on an organization's reputation or brand image?
A. Sales
,B. Human Resources
C. Communications
D. Marketing
D. Marketing
Which department is well-suited to provide unique insights and assist in determining metrics during a
qualitative analysis of intangible assets?
A. Marketing
B. Sales
C. Human Resources
D. Communications
B. Sales
Which department can help a disaster recovery manager assess the value of intangible business assets
and the impact of various risk events on those assets?
A. Sales
B. Human Resources
C. Marketing
D. Communications
D. Communications
Which department does not necessarily need to participate in discussions regarding intangible metrics
during a qualitative risk assessment?
A. Marketing
B. Communications
C. Sales
D. Human Resources
D. Human Resources
A U.S. government agency has contracted a risk auditor to conduct a risk assessment. Which of the
following frameworks should the auditor use?
A. ISO 31000
B. COBIT (Control Objectives for Information and Related Technologies)
C. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
D. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
C. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
Which risk management framework is specifically designed for U.S. federal agencies to assess and
manage cybersecurity risks?
,A. COBIT (Control Objectives for Information and Related Technologies)
B. ISO 31000
C. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
D. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
C. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
Which organization is one of the largest developers of international standards, often adopted by
diverse industries to establish a common taxonomy?
A. COBIT (Control Objectives for Information and Related Technologies)
B. ISO
C. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
D. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
B. ISO
Which framework is maintained by ISACA and frames IT risk from a business leadership perspective?
A. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
B. ISO 31000
C. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
D. COBIT (Control Objectives for Information and Related Technologies)
D. COBIT (Control Objectives for Information and Related Technologies)
Which initiative involves collaboration among five private sector organizations to develop risk
management frameworks?
A. NIST RMF (National Institute of Standards and Technology Risk Management Framework)
B. ISO 31000
C. COBIT (Control Objectives for Information and Related Technologies)
D. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
D. COSO (Committee of Sponsoring Organizations of the Treadway Commission)
A security consultant is conducting a security assessment and is trying to communicate reasons that
flaws may exist. What are the primary categories in which these flaws exist? (Select all that apply.)
1. Communication
2. People
3. Process
4. Technology
A) 1, 2, 3
B) 1, 2, 4
C) 2, 3, 4
D) 1, 3, 4
, C) 2, 3, 4
In which major category of security flaws are people most directly impacted, making phishing one of
the most common forms of breaches?
A. Process
B. Technology
C. Communication
D. People
D. People
In which category can ambiguous processes allow attacks, such as using fraudulent emails to request
wire transfers, to occur?
A. Technology
B. Communication
C. People
D. Process
D. Process
Which major category relies on both people and processes to provide effective defenses against
security threats?
A. Communication
B. Technology
C. People
D. Process
B. Technology
Which of the following is a component of people and processes but is not considered a primary
category for finding security flaws?
A. Technology
B. People
C. Communication
D. Process
C. Communication
A security engineer works for a mid-sized retail company on the systems administration team. The
company wants to estimate the potential financial impact of a single occurrence of a web server going
down, which could lead to lost sales. What is this estimated financial impact per incident called?
A. SLE (Single Loss Expectancy)
B. Annual Loss Expectancy (ALE)
