Pre-Assessment
Fundamentals of Information
Security D430(70 questions
and answers)
A company's IT policy manual states that "All
company computers, workstations, application
servers, and mobile devices must have current
versions of antivirus software." Which principle or
concept of cybersecurity does this policy
statement impact? - answer Operating System
Security
An organization's procedures document states that
"All electronic communications should be
encrypted during transmission across networks
using encryption standards specified in the data
encryption policy." Which security principle is this
policy addressing? - answer Confidentiality
A company's website policy states that "To gain
access to the corporate website, each employee
must provide a valid user name and password, and
then answer one of six security questions
,accurately."Which type of security does the policy
address? - answer Operations
An organization notices unauthorized visitors
following employees through a restricted doorway.
Which vulnerability should be addressed in the
organization's security policy? - answer Tailgating
A company wants to update its access control
policy. The company wants to prevent hourly
employees from logging in to company computers
after business hours. Which type of access control
policy should be implemented? - answer Attribute-
based
A new software development company has
determined that one of its proprietary algorithms
is at a high risk for unauthorized disclosure. The
company's security up to this point has been fairly
lax. Which procedure should the company
implement to protect this asset? - answer Relocate
the algorithm to encrypted storage.
An accounting firm stores financial data for many
customers. The company policy requires that
employees only access data for customers they are
assigned to. The company implements a written
policy indicating an employee can be fired for
, violating this requirement. Which type of control
has the company implemented? - answer Deterrent
How can an operating system be hardened in
accordance to the principle of least privilege? -
answer Restrict account permissions
A company implements an Internet-facing web
server for its sales force to review product
information. The sales force can also update its
profiles and profile photos, but not the product
information. There is no other information on this
server. Which content access permissions should
be granted to the sales force based on the
principle of least privilege? - answer Read and
limited write access
A corporation has discovered that some
confidential personnel information has been used
inappropriately. How can the principle of least
privilege be applied to limit access to confidential
personnel records? - answer Only allow access to
those who need access to perform their job
A user runs an application that has been infected
with malware that is less than 24 hours old. The
malware then infects the operating system. Which
safeguard should be implemented to prevent this
Fundamentals of Information
Security D430(70 questions
and answers)
A company's IT policy manual states that "All
company computers, workstations, application
servers, and mobile devices must have current
versions of antivirus software." Which principle or
concept of cybersecurity does this policy
statement impact? - answer Operating System
Security
An organization's procedures document states that
"All electronic communications should be
encrypted during transmission across networks
using encryption standards specified in the data
encryption policy." Which security principle is this
policy addressing? - answer Confidentiality
A company's website policy states that "To gain
access to the corporate website, each employee
must provide a valid user name and password, and
then answer one of six security questions
,accurately."Which type of security does the policy
address? - answer Operations
An organization notices unauthorized visitors
following employees through a restricted doorway.
Which vulnerability should be addressed in the
organization's security policy? - answer Tailgating
A company wants to update its access control
policy. The company wants to prevent hourly
employees from logging in to company computers
after business hours. Which type of access control
policy should be implemented? - answer Attribute-
based
A new software development company has
determined that one of its proprietary algorithms
is at a high risk for unauthorized disclosure. The
company's security up to this point has been fairly
lax. Which procedure should the company
implement to protect this asset? - answer Relocate
the algorithm to encrypted storage.
An accounting firm stores financial data for many
customers. The company policy requires that
employees only access data for customers they are
assigned to. The company implements a written
policy indicating an employee can be fired for
, violating this requirement. Which type of control
has the company implemented? - answer Deterrent
How can an operating system be hardened in
accordance to the principle of least privilege? -
answer Restrict account permissions
A company implements an Internet-facing web
server for its sales force to review product
information. The sales force can also update its
profiles and profile photos, but not the product
information. There is no other information on this
server. Which content access permissions should
be granted to the sales force based on the
principle of least privilege? - answer Read and
limited write access
A corporation has discovered that some
confidential personnel information has been used
inappropriately. How can the principle of least
privilege be applied to limit access to confidential
personnel records? - answer Only allow access to
those who need access to perform their job
A user runs an application that has been infected
with malware that is less than 24 hours old. The
malware then infects the operating system. Which
safeguard should be implemented to prevent this
