Beruflich Dokumente
Kultur Dokumente
Question 1
Janet is identifying the set of privileges that should be assigned to a new employee in her organization.
Which phase of the access control process is she performing?
Identification
Authentication
Accountability
Authorization
0.5 points
QUESTION 2
1. Which of the following would NOT be considered in the scope of organizational compliance efforts?
Laws
Company policy
Internal audit
Corporate culture
0.5 points
QUESTION 3
1. Mark is considering outsourcing security functions to a third-party service provider. What benefit is
he most likely to achieve?
0.5 points
QUESTION 4
1. Biyu is making arrangements to use a third-party service provider for security services. She wants to
document a requirement for timely notification of security breaches. What type of agreement is most
likely to contain formal requirements of this type?
0.5 points
QUESTION 5
1. Which agreement type is typically less formal than other agreements and expresses areas of
common interest?
0.5 points
QUESTION 6
0.5 points
QUESTION 7
1. Which practice is NOT considered unethical under RFC 1087 issued by the Internet Architecture
Board (IAB)?
0.5 points
QUESTION 8
1. What is NOT a principle for privacy created by the Organization for Economic Cooperation and
Development (OECD)?
0.5 points
QUESTION 9
1. Karen is designing a process for issuing checks and decides that one group of users will have the
authority to create new payees in the system while a separate group of users will have the authority to
issue checks to those payees. The intent of this control is to prevent fraud. Which principle is Karen
enforcing?
Job rotation
Least privilege
Need-to-know
Separation of duties
0.5 points
QUESTION 10
0.5 points
QUESTION 11
1. Ann is creating a template for the configuration of Windows servers in her organization. It includes
the basic security settings that should apply to all systems. What type of document should she create?
Baseline
Policy
Guideline
Procedure
0.5 points
QUESTION 12
1. Roger's organization received a mass email message that attempted to trick users into revealing
their passwords by pretending to be a help desk representative. What category of social engineering is
this an example of?
Intimidation
Name dropping
Phishing
0.5 points
QUESTION 13
1. Aditya is attempting to classify information regarding a new project that his organization will
undertake in secret. Which characteristic is NOT normally used to make these type of classification
decisions?
Value
Sensitivity
Criticality
Threat
0.5 points
QUESTION 14
Configuration control
Change control
0.5 points
QUESTION 15
0.5 points
QUESTION 16
1. Marguerite is creating a budget for a software development project. What phase of the system
lifecycle is she undertaking?
0.5 points
QUESTION 17
1. Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which
method is NOT a good approach for destroying data?
Formatting
Degaussing
Physical destruction
Overwriting
0.5 points
QUESTION 18
1. In an accreditation process, who has the authority to approve a system for implementation?
Certifier
System owner
System administrator
0.5 points
QUESTION 19
1. In what type of attack does the attacker send unauthorized commands directly to a database?
Cross-site scripting
SQL injection
Database dumping
0.5 points
QUESTION 20
1. In what software development model does activity progress in a lock-step sequential process where
no phase begins until the previous phase is complete?
Spiral
Agile
Lean
Waterfall