ISC2 Pre-Course Assessment 2023 with complete solution
Steve is a security practitioner assigned to come up with a protective measure for
ensuring cars don't collide with pedestrians. What is probably the most effective
type of control for this task?
Physical
A system that collects transactional information and stores it in a record in order
to show which users performed which actions is an example of providing
________.
Non-repudiation
Of the following, which would probably not be considered a threat?
A laptop with sensitive data on it
The city of Grampon wants to know where all its public vehicles (garbage trucks,
police cars, etc.) are at all times, so the city has GPS transmitters installed in all
the vehicles. What kind of control is this?
Technical
Guillermo logs onto a system and opens a document file. In this example,
Guillermo is:
The subject
Gary is unable to log in to the production environment. Gary tries three times and
is then locked out of trying again for one hour. Why?
Gary's actions look like an attack
Which type of fire-suppression system is typically the least expensive?
Water
An IoT (Internet of Things) device is typified by its effect on or use of the _____
environment.
Physical
The concept that the deployment of multiple types of controls provides better
security than using a single type of control.
Defense in depth
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of
Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma
what the test questions are like. What should Zarma do?
Explain the style and format of the questions, but no detail
(ISC)² publishes a Common Body of Knowledge (CBK) that IT security
practitioners should be familiar with; this is recognized throughout the industry
as a set of material that is useful for practitioners to refer to. Certifications can be
issued for demonstrating expertise in this Common Body of Knowledge. What
kind of document is the Common Body of Knowledge?
Standard
Hoshi is an (ISC)2 member who works for the Triffid Corporation as a data
manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend
a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall
vendor; that vendor happens to make the best firewall available. What should
Hoshi do?
disclose the relationship, but recommend the vendor/product
, Sophia is visiting Las Vegas and decides to put a bet on a particular number on a
roulette wheel. This is an example of _________.
Acceptance
In risk management concepts, a(n) _________ is something a security practitioner
might need to protect.
Asset
A _____ is a record of something that has occurred.
Log
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add
or delete users, but is not allowed to read or modify the data in the database
itself. When Prachi logs onto the system, an access control list (ACL) checks to
determine which permissions Prachi has.
In this situation, what is the database?
The object
Larry and Fern both work in the data center. In order to enter the data center to
begin their workday, they must both present their own keys (which are different)
to the key reader, before the door to the data center opens.
Which security concept is being applied in this situation?
Dual control
All of the following are typically perceived as drawbacks to biometric systems,
except:
Lack of accuracy
Which of the following is one of the common ways potential attacks are often
identified?
Users report unusual systems activity/response to Help Desk or the security office
The section of the IT environment that is closest to the external world; where we
locate IT systems that communicate with the Internet.
DMZ (demilitarized zone)
The logical address of a device connected to the network or Internet.
Internet Protocol (IP) address
Which of the following activities is usually part of the configuration management
process, but is also extremely helpful in countering potential attacks?
Updating and patching systems
Which common cloud deployment model typically features only a single
customer's data/functionality stored on specific systems/hardware?
Private
Triffid, Inc., has many remote workers who use their own IT devices to process
Triffid's information. The Triffid security team wants to deploy some sort of
sensor on user devices in order to recognize and identify potential security
issues. Which of the following is probably most appropriate for this specific
purpose?
HIDS (host-based intrusion-detection systems)
Triffid, Inc., has deployed anti-malware solutions across its internal IT
environment. What is an additional task necessary to ensure this control will
function properly?
Update the anti-malware solution regularly
Steve is a security practitioner assigned to come up with a protective measure for
ensuring cars don't collide with pedestrians. What is probably the most effective
type of control for this task?
Physical
A system that collects transactional information and stores it in a record in order
to show which users performed which actions is an example of providing
________.
Non-repudiation
Of the following, which would probably not be considered a threat?
A laptop with sensitive data on it
The city of Grampon wants to know where all its public vehicles (garbage trucks,
police cars, etc.) are at all times, so the city has GPS transmitters installed in all
the vehicles. What kind of control is this?
Technical
Guillermo logs onto a system and opens a document file. In this example,
Guillermo is:
The subject
Gary is unable to log in to the production environment. Gary tries three times and
is then locked out of trying again for one hour. Why?
Gary's actions look like an attack
Which type of fire-suppression system is typically the least expensive?
Water
An IoT (Internet of Things) device is typified by its effect on or use of the _____
environment.
Physical
The concept that the deployment of multiple types of controls provides better
security than using a single type of control.
Defense in depth
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of
Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma
what the test questions are like. What should Zarma do?
Explain the style and format of the questions, but no detail
(ISC)² publishes a Common Body of Knowledge (CBK) that IT security
practitioners should be familiar with; this is recognized throughout the industry
as a set of material that is useful for practitioners to refer to. Certifications can be
issued for demonstrating expertise in this Common Body of Knowledge. What
kind of document is the Common Body of Knowledge?
Standard
Hoshi is an (ISC)2 member who works for the Triffid Corporation as a data
manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend
a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall
vendor; that vendor happens to make the best firewall available. What should
Hoshi do?
disclose the relationship, but recommend the vendor/product
, Sophia is visiting Las Vegas and decides to put a bet on a particular number on a
roulette wheel. This is an example of _________.
Acceptance
In risk management concepts, a(n) _________ is something a security practitioner
might need to protect.
Asset
A _____ is a record of something that has occurred.
Log
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add
or delete users, but is not allowed to read or modify the data in the database
itself. When Prachi logs onto the system, an access control list (ACL) checks to
determine which permissions Prachi has.
In this situation, what is the database?
The object
Larry and Fern both work in the data center. In order to enter the data center to
begin their workday, they must both present their own keys (which are different)
to the key reader, before the door to the data center opens.
Which security concept is being applied in this situation?
Dual control
All of the following are typically perceived as drawbacks to biometric systems,
except:
Lack of accuracy
Which of the following is one of the common ways potential attacks are often
identified?
Users report unusual systems activity/response to Help Desk or the security office
The section of the IT environment that is closest to the external world; where we
locate IT systems that communicate with the Internet.
DMZ (demilitarized zone)
The logical address of a device connected to the network or Internet.
Internet Protocol (IP) address
Which of the following activities is usually part of the configuration management
process, but is also extremely helpful in countering potential attacks?
Updating and patching systems
Which common cloud deployment model typically features only a single
customer's data/functionality stored on specific systems/hardware?
Private
Triffid, Inc., has many remote workers who use their own IT devices to process
Triffid's information. The Triffid security team wants to deploy some sort of
sensor on user devices in order to recognize and identify potential security
issues. Which of the following is probably most appropriate for this specific
purpose?
HIDS (host-based intrusion-detection systems)
Triffid, Inc., has deployed anti-malware solutions across its internal IT
environment. What is an additional task necessary to ensure this control will
function properly?
Update the anti-malware solution regularly
