CSX EXAM UPDATED QUESTIONS and
CORRECT Answers
Who has the greatest influence over access security in a password authentication environment? -
CORRECT ANSWER - Users
Which of the following interpret requirements and apply them to specific situations? -
CORRECT ANSWER - Standards
Business continuity plans (BCPs) associated with organizational information systems should be
developed primarily on the basis of: - CORRECT ANSWER - Business needs
A segmented network: - CORRECT ANSWER - Consists of two or more security zones
Which cybersecurity principle is most important when attempting to trace the source of
malicious activity? - CORRECT ANSWER - Nonrepudiation
Which of the following offers the strongest protection for wireless network traffic? - CORRECT
ANSWER - Wireless Protected Access 2 (WPA2)
Outsourcing poses the greatest risk to an organization when it involves: - CORRECT
ANSWER - Core business functions
Risk assessments should be performed: - CORRECT ANSWER - on a regular basis
Maintaining a high degree of confidence regarding the integrity of evidence requires a(n): -
CORRECT ANSWER - Chain of custody
A firewall that tracks open connection-oriented protocol sessions is said to be: - CORRECT
ANSWER - Stateful
, During which phase of the system development lifecycle (SDLC) should security first be
considered? - CORRECT ANSWER - Planning
A cybersecurity architecture designed around the concept of a perimeter is said to be: -
CORRECT ANSWER - System-centric
A passive network hub operates at which layer of the OSI model? - CORRECT
ANSWER - Physical
Updates in cloud-computing environments can be rolled out quickly because the environment is:
- CORRECT ANSWER - homogeneous
During which phase of the six-phase incident response model is the root cause determined? -
CORRECT ANSWER - Eradication
The attack mechanism directed against a system is commonly called a(n): - CORRECT
ANSWER - Payload
Where should an organization's network terminate virtual private network (VPN) tunnels? -
CORRECT ANSWER - At the perimeter, to allow for effective internal monitoring
In practical applications: - CORRECT ANSWER - Asymmetric key encryption is used to
securely obtain symmetric keys
Which two factors are used to calculate the likelihood of an event? - CORRECT
ANSWER - Threat and vulnerability
What kind of anti-malware program evaluates system processes based on their observed
behaviors? - CORRECT ANSWER - Heuristic
CORRECT Answers
Who has the greatest influence over access security in a password authentication environment? -
CORRECT ANSWER - Users
Which of the following interpret requirements and apply them to specific situations? -
CORRECT ANSWER - Standards
Business continuity plans (BCPs) associated with organizational information systems should be
developed primarily on the basis of: - CORRECT ANSWER - Business needs
A segmented network: - CORRECT ANSWER - Consists of two or more security zones
Which cybersecurity principle is most important when attempting to trace the source of
malicious activity? - CORRECT ANSWER - Nonrepudiation
Which of the following offers the strongest protection for wireless network traffic? - CORRECT
ANSWER - Wireless Protected Access 2 (WPA2)
Outsourcing poses the greatest risk to an organization when it involves: - CORRECT
ANSWER - Core business functions
Risk assessments should be performed: - CORRECT ANSWER - on a regular basis
Maintaining a high degree of confidence regarding the integrity of evidence requires a(n): -
CORRECT ANSWER - Chain of custody
A firewall that tracks open connection-oriented protocol sessions is said to be: - CORRECT
ANSWER - Stateful
, During which phase of the system development lifecycle (SDLC) should security first be
considered? - CORRECT ANSWER - Planning
A cybersecurity architecture designed around the concept of a perimeter is said to be: -
CORRECT ANSWER - System-centric
A passive network hub operates at which layer of the OSI model? - CORRECT
ANSWER - Physical
Updates in cloud-computing environments can be rolled out quickly because the environment is:
- CORRECT ANSWER - homogeneous
During which phase of the six-phase incident response model is the root cause determined? -
CORRECT ANSWER - Eradication
The attack mechanism directed against a system is commonly called a(n): - CORRECT
ANSWER - Payload
Where should an organization's network terminate virtual private network (VPN) tunnels? -
CORRECT ANSWER - At the perimeter, to allow for effective internal monitoring
In practical applications: - CORRECT ANSWER - Asymmetric key encryption is used to
securely obtain symmetric keys
Which two factors are used to calculate the likelihood of an event? - CORRECT
ANSWER - Threat and vulnerability
What kind of anti-malware program evaluates system processes based on their observed
behaviors? - CORRECT ANSWER - Heuristic
