Marcus, a cybersecurity manager, wants to perform random audits on user systems. He knows that a
complete audit of one system could take an entire day or more. Which of the following might he
implement to allow him to accomplish these random audits?
a. Mandatory vacation
b. Succession planning
c. Separation of duties
d. SIEM - ANS>>> a. Mandatory vacation
Tonia has just completed an audit of the accounts payable system and discovered what appears to be
the embezzlement of funds by a clerk. The clerk was able to create entries of payments to be made and
was also allowed to approve the payments. Which of the following might have prevented this situation
from occurring and should be implemented immediately?
a. Dual control
b. Cross-training
c. Succession planning
d. Separation of duties - ANS>>> d. Separation of duties
Muhammed is a cybersecurity engineer for a quickly growing organization. He is concerned that his
team may not be able to keep up with the growth, and that a system might remain vulnerable to certain
exploits. He is considering taking advantage of the cloud to help accommodate the growth. Which of the
following might he choose to use?
a. SaaS
b. SECaaS
c. SIEM
d. IaaS - ANS>>> b. SECaaS
A growing organization has recently created a policy that everyone in upper management must train
each other in various aspects of their jobs. They must also train one of their direct reports to perform
key parts of their jobs. The object is to establish continuity of the organization's operations if something
catastrophic happens to a manager. Which of the following terms best describes the type of policy that
has been implemented?
a. Succession planning
b. Job rotation
, c. Dual control
d. Separation of duties - ANS>>> a. Succession planning
Samara needs to retrieve the private key from the key escrow service her company uses. Upon trying to
retrieve the key, she is advised that at least two authorized personnel must request the key before it can
be released. Which of the following has been implemented by the key escrow service?
a. Job rotation
b. Separation of duties
c. Dual control
d. Succession planning - ANS>>> c. Dual control
Falik has just returned from a cybersecurity conference where he learned about a UTM that provides
some new features he would like to implement within his network. Which of the following best
describes what he would like to implement?
a. SIEM
b. Next-generation firewall
c. Security appliance
d. Event logger - ANS>>> c. Security appliance
Paris is designing the logical configuration for the company's new headquarters building. He knows that
several departments, including Human Resources and the research and development group, should not
be able to communicate with each other. Which of the following should he include as part of the
network design requirements?
a. ICS
b. Obfuscation
c. Automated reporting systems
d. Subnetting - ANS>>> d. Subnetting
Hannah has just been hired to review a large organization's formal IT processes and procedures. She
finds that the company's backup methods create unacceptable risks because of potential data loss in a
disaster, such as a fire. She recommends backing up the company's data to the cloud instead of storing
magnetic tapes on site. Which of the following best describes Hannah's recommendations?
a. Non-repudiation
b. Succession planning