CHAPTER 5

Question 1

Which activity can be used to ensure data confidentiality?

provide authenticity of the data by digitally signing it increase the data

privacy by encrypting it

use a two-factor authentication to authenticate the source of the data back up the data to an
offsite location

Question 2

What is a countermeasure that an organization can employ to improve the confidentiality of data
that is transmitted by users and devices?

update network cable to use shielded twisted pair cable

increase password complexity rules

use encryption between sending and receiving parties

make sure that operating systems have up-to-date software patches

Question 3

Which three are considered personally identifiable information (PII) data? (Choose three.)

passport number driver’s license office address birthplace

business email address

Question 4

What option does not contain a security risk?

a service that is deployed in the cloud data that are backed up

on a USB drive

a new unconfigured router that is not connected to the network an old hard
drive that is about to be scrapped

Question 5
What type of information does CVSS provide for a vulnerability?

risk transfer procedures risk severity risk management risk

mitigation

Question 6

What type of access control model is used to set up multiple accounts with different access
levels on a system?

access control list role-based access control mandatory access control

discretionary access control

Question 7

In addition to discretionary, non-discretionary, and mandatory access control, which two should
be part of an organization's access security plan? (Choose two.)

separation of duties account lock-outs physical security locks principle of least

privilege photo identification

Question 8

What are two goals of compliance regulations? (Choose two.)

punish organizations that do not comply

reduce an organization's security risk

create world-wide standards for all organizations to follow

protect the privacy of individuals in an organization

Question 9

What industry regulation criminalizes production and dissemination of technology, devices, or

services that are intended to circumvent digital rights management, or DRM, among other
things?

PIPEDA HIPPA PCI DSS DMCA

Question 10

What security management software/process is used to manage employees’ mobile devices?

MDM SIEM patch management log management

 configuration management

Question 11

What are three key components of a threat-centric SOC? (Choose three.)

people compliances processes regulations

technologies

Question 12

What best describes the Security Operations Center (SOC)?

The SOC is usually responsible for monitoring and maintaining the overall network infrastructure
—its primary function is to ensure uninterrupted network service.

A SOC is related to the people, processes, and technologies that are involved in providing
situational awareness through the detection, containment, and remediation of information
security threats.

The SOC is responsible for the physical security of a building or installation location.

The SOC and NOC are the same entity, with different names. They are responsible for the health
and security of the network infrastructure.