CERTMASTER CE SECURITY+ DOMAIN
5.0|QUESTION WITH 100% CORRECT
ANSWERS
A cyber team holds a conference to discuss newly designed requirements for compliance
reporting and monitoring after experiencing a recent breach of sensitive information. What are
the characteristics of compliance monitoring? (Select the two best options.) - ✔️✔️A. It is
primarily concerned with creating new compliance policies rather than monitoring existing
ones.
B. It conducts thorough investigations and assessments of third parties. (Incorrect)
C. It aims to assess and disclose an organization's compliance status. (Correct)
D. It uses automation to improve accuracy and streamline observation activities.
The IT department at a governmental agency ensures the organization's information security.
When a new employee joins or leaves the organization, the department sets up and terminates
the user accounts, grants and revokes appropriate access permissions, and provides and
collects necessary resources. These procedures are critical for maintaining the security and
integrity of the organization's data and systems. What is one of the critical responsibilities of
the IT department related to information security in this agency? - ✔️✔️B. Managing employee
onboarding and offboarding procedures
A company is considering expanding into new markets. While the leadership understands there
are potential risks, they believe the potential rewards are worth taking on greater risks than
usual. What is a strategic assessment of what level of residual risk is tolerable and is considered
broad in scope? - ✔️✔️C. Risk tolerance (Incorrect)
An organization performs a business impact analysis to identify potential effects of business
interruptions. It is trying to identify the amount of time it takes to identify that there is a
problem and then perform recovery. What is the organization attempting to determine? -
✔️✔️C. Recovery Time Objective (RTO)
, A company identifies a potential security risk with the implementation of a new system. After
assessing the risk, the company decides to halt deployment and not to proceed with the
system's introduction to avoid the risks altogether. Which risk management strategy is the
company employing? - ✔️✔️D. Avoidance
A newly developed company wants to shock the industry by offering products that others deem
as having more risks than other products. In understanding risk appetite, which best describes
the level of appetite for the company launching new products, entering new markets, or
making major corporate acquisitions? - ✔️✔️A. Expansionary
A healthcare organization is developing its data privacy and security strategy. The leadership
team is exploring different methods to monitor, evaluate, and improve security practices to
ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). What
would be the MOST appropriate measure to maintain and oversee its privacy and security
controls? - ✔️✔️A. Establishing an audit committee
A recent attack on an organizational desktop, involving an international threat actor, prompts
the security team to set up recurring penetration testing exercises. The HR and IT team are
asked to participate in the exercise as the team that operates on response and recovery
controls while the security team plays the role of the intruder. What team does the HR and IT
team represent in this scenario? - ✔️✔️C. White team (Incorrect)
What describes the impacts associated with contractual noncompliance? - ✔️✔️C. Breach or
termination of an agreement or indemnification
An organization has recently implemented new security standards as part of its strategy to
enhance its information systems security. The security team monitors the implementation of
these standards and revises them as necessary. Considering the given scenario, what is the
primary purpose of the security team monitoring and revising the security standards? - ✔️✔️D.
Ensuring the standards remain effective and relevant
A cybersecurity team plans to launch awareness programs to educate employees about
potential security threats. They are in the process of defining objectives, selecting tools, and
5.0|QUESTION WITH 100% CORRECT
ANSWERS
A cyber team holds a conference to discuss newly designed requirements for compliance
reporting and monitoring after experiencing a recent breach of sensitive information. What are
the characteristics of compliance monitoring? (Select the two best options.) - ✔️✔️A. It is
primarily concerned with creating new compliance policies rather than monitoring existing
ones.
B. It conducts thorough investigations and assessments of third parties. (Incorrect)
C. It aims to assess and disclose an organization's compliance status. (Correct)
D. It uses automation to improve accuracy and streamline observation activities.
The IT department at a governmental agency ensures the organization's information security.
When a new employee joins or leaves the organization, the department sets up and terminates
the user accounts, grants and revokes appropriate access permissions, and provides and
collects necessary resources. These procedures are critical for maintaining the security and
integrity of the organization's data and systems. What is one of the critical responsibilities of
the IT department related to information security in this agency? - ✔️✔️B. Managing employee
onboarding and offboarding procedures
A company is considering expanding into new markets. While the leadership understands there
are potential risks, they believe the potential rewards are worth taking on greater risks than
usual. What is a strategic assessment of what level of residual risk is tolerable and is considered
broad in scope? - ✔️✔️C. Risk tolerance (Incorrect)
An organization performs a business impact analysis to identify potential effects of business
interruptions. It is trying to identify the amount of time it takes to identify that there is a
problem and then perform recovery. What is the organization attempting to determine? -
✔️✔️C. Recovery Time Objective (RTO)
, A company identifies a potential security risk with the implementation of a new system. After
assessing the risk, the company decides to halt deployment and not to proceed with the
system's introduction to avoid the risks altogether. Which risk management strategy is the
company employing? - ✔️✔️D. Avoidance
A newly developed company wants to shock the industry by offering products that others deem
as having more risks than other products. In understanding risk appetite, which best describes
the level of appetite for the company launching new products, entering new markets, or
making major corporate acquisitions? - ✔️✔️A. Expansionary
A healthcare organization is developing its data privacy and security strategy. The leadership
team is exploring different methods to monitor, evaluate, and improve security practices to
ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). What
would be the MOST appropriate measure to maintain and oversee its privacy and security
controls? - ✔️✔️A. Establishing an audit committee
A recent attack on an organizational desktop, involving an international threat actor, prompts
the security team to set up recurring penetration testing exercises. The HR and IT team are
asked to participate in the exercise as the team that operates on response and recovery
controls while the security team plays the role of the intruder. What team does the HR and IT
team represent in this scenario? - ✔️✔️C. White team (Incorrect)
What describes the impacts associated with contractual noncompliance? - ✔️✔️C. Breach or
termination of an agreement or indemnification
An organization has recently implemented new security standards as part of its strategy to
enhance its information systems security. The security team monitors the implementation of
these standards and revises them as necessary. Considering the given scenario, what is the
primary purpose of the security team monitoring and revising the security standards? - ✔️✔️D.
Ensuring the standards remain effective and relevant
A cybersecurity team plans to launch awareness programs to educate employees about
potential security threats. They are in the process of defining objectives, selecting tools, and
