CSIA 105 PRACTICE EXAM Q&A TESTED AND
APPROVED NEWLY MODIFIED
Which privacy protection uses four colors to indicate the expected sharing
limitations that are to be applied by recipients of the information?
a. PCII
b. TLP
c. CISA
d. FOIA -- ANSWER--b. TLP
Oskar has been receiving emails about critical threat intelligence information
from a public information sharing center. His team leader has asked him to look
into how the process can be automated so that the information can feed directly
into their technology security. What technology will Oskar recommend?
a. Bidirectional Security Protocol (BSP)
b. Linefeed Access
c. Lightwire JSON Control
d. Automated Indicator Sharing (AIS) -- ANSWER--d. Automated Indicator
Sharing (AIS)
Which of the following is an application protocol for exchanging cyberthreat
intelligence over HTTPS?
a. STIX
Page 1 of 30
,b. TAXII
c. AIP-TAR
d. TCP-Over-Secure (ToP) -- ANSWER--b. TAXII
What are the two limitations of private information sharing centers?
a. Government approval and cost
b. Access to data and participation
c. Bandwidth and CPU
d. Timing of reports and remote access -- ANSWER--b. Access to data and
participation
Which boot security mode sends information on the boot process to a remote
server?
a. Secure Boot
b. Measured Boot
c. UEFI Native Mode
d. Trusted Boot -- ANSWER--b. Measured Boot
Which of the following is NOT an important OS security configuration?
a. Restricting patch management
b. Disabling default accounts
c. Disabling unnecessary services
Page 2 of 30
, d. Employing least functionality -- ANSWER--a. Restricting patch
management
Which stage conducts a test that will verify the code functions as intended? a.
Production stage
b. Staging stage
c. Development stage
d. Testing stage -- ANSWER--b. Staging stage
What are the two concerns about using public information sharing centers?
a. Privacy and speed
b. Security and privacy
c. Regulatory approval and sharing
d. Cost and availability -- ANSWER--a. Privacy and speed
Which of the following is NOT a limitation of a threat map?
a. Threat actors usually mask their real locations so what is displayed on a
threat map is incorrect.
b. Many maps claim that they show data in real time, but most are simply a
playback of previous attacks.
c. Because threat maps show anonymized data it is impossible to know the
identity of the attackers or the victims.
Page 3 of 30
APPROVED NEWLY MODIFIED
Which privacy protection uses four colors to indicate the expected sharing
limitations that are to be applied by recipients of the information?
a. PCII
b. TLP
c. CISA
d. FOIA -- ANSWER--b. TLP
Oskar has been receiving emails about critical threat intelligence information
from a public information sharing center. His team leader has asked him to look
into how the process can be automated so that the information can feed directly
into their technology security. What technology will Oskar recommend?
a. Bidirectional Security Protocol (BSP)
b. Linefeed Access
c. Lightwire JSON Control
d. Automated Indicator Sharing (AIS) -- ANSWER--d. Automated Indicator
Sharing (AIS)
Which of the following is an application protocol for exchanging cyberthreat
intelligence over HTTPS?
a. STIX
Page 1 of 30
,b. TAXII
c. AIP-TAR
d. TCP-Over-Secure (ToP) -- ANSWER--b. TAXII
What are the two limitations of private information sharing centers?
a. Government approval and cost
b. Access to data and participation
c. Bandwidth and CPU
d. Timing of reports and remote access -- ANSWER--b. Access to data and
participation
Which boot security mode sends information on the boot process to a remote
server?
a. Secure Boot
b. Measured Boot
c. UEFI Native Mode
d. Trusted Boot -- ANSWER--b. Measured Boot
Which of the following is NOT an important OS security configuration?
a. Restricting patch management
b. Disabling default accounts
c. Disabling unnecessary services
Page 2 of 30
, d. Employing least functionality -- ANSWER--a. Restricting patch
management
Which stage conducts a test that will verify the code functions as intended? a.
Production stage
b. Staging stage
c. Development stage
d. Testing stage -- ANSWER--b. Staging stage
What are the two concerns about using public information sharing centers?
a. Privacy and speed
b. Security and privacy
c. Regulatory approval and sharing
d. Cost and availability -- ANSWER--a. Privacy and speed
Which of the following is NOT a limitation of a threat map?
a. Threat actors usually mask their real locations so what is displayed on a
threat map is incorrect.
b. Many maps claim that they show data in real time, but most are simply a
playback of previous attacks.
c. Because threat maps show anonymized data it is impossible to know the
identity of the attackers or the victims.
Page 3 of 30
