Which one of the following is a common risk with network configuration management?

A.

Patches on the network are difficult to keep current.

B.

It is the responsibility of the systems administrator.

C.

User ID and passwords are never set to expire.

D.

Network diagrams are not up to date.

Which of the following explains why record destruction requirements are included in a data retention policy?

A.

To comply with legal and business requirements

B.

To save cost for storage and backup

C.

To meet destruction guidelines

D.

To validate data ownership

Which of the following questions can be answered using user and group entitlement reporting?

A.

When a particular file was last accessed by a user

B.

Change control activities for a particular group of users

C.

The number of failed login attempts for a particular user

D.

Where does a particular user have access within the network

The PRIMARY outcome of a certification process is that it provides documented

A.

system weaknesses for remediation.

B.

standards for security assessment, testing, and process evaluation.

C.

interconnected systems and their implemented security controls.

D.

security analyses needed to make a risk-based decision.

Which of the following analyses is performed to protect information assets?

A.

Business impact analysis

B.

Feasibility analysis

C.

Cost benefit analysis

D.

Data analysis

Which of the following controls is the FIRST step in protecting privacy in an information
system?

A.

Data Redaction

B.

Data Minimization

C.

Data Encryption

D.

Data Storage

Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

A.

A strong breach notification process

B.

Limited collection of individuals' confidential data

C.

End-to-end data encryption for data in transit

D.

Continuous monitoring of potential vulnerabilities

Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?

A.

Data Custodian

B.

Executive Management

C.

Chief Information Security Officer

D.

Data/Information/Business Owners

In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?

A.

Application Layer

B.

Physical Layer

C.

Data-Link Layer

D.

Network Layer

Data remanence refers to which of the following?

A.

The remaining photons left in a fiber optic cable after a secure transmission.

B.

The retention period required by law or regulation.

C.

The magnetic flux created when removing the network connection from a server or personal computer.

D.

The residual information left on magnetic storage media after a deletion or erasure.

In order for a security policy to be effective within an organization, it MUST include

A.

strong statements that clearly define the problem.

B.

a list of all standards that apply to the policy.

C.

owner information and date of last revision.

D.

disciplinary measures for non compliance.

What type of encryption is used to protect sensitive data in transit over a network?

A.

Payload encryption and transport encryption

B.

Authentication Headers (AH)

C.

Keyed-Hashing for Message Authentication

D.

Point-to-Point Encryption (P2PE)