CSX EXAM UPDATED ACTUAL Questions and CORRECT Answers
Who has the greatest influence over access security in a
Users
password authentication environment?
Which of the following interpret requirements and apply
Standards
them to specific situations?
Business continuity plans (BCPs) associated with orga-
nizational information systems should be developed pri- Business needs
marily on the basis of:
A segmented network: Consists of two or more security zones
Which cybersecurity principle is most important when
Nonrepudiation
attempting to trace the source of malicious activity?
Which of the following offers the strongest protection for
Wireless Protected Access 2 (WPA2)
wireless network traflc?
Outsourcing poses the greatest risk to an organization
Core business functions
when it involves:
Risk assessments should be performed: on a regular basis
Maintaining a high degree of confidence regarding the
Chain of custody
integrity of evidence requires a(n):
A firewall that tracks open connection-oriented protocol
Stateful
sessions is said to be:
During which phase of the system development lifecycle
Planning
(SDLC) should security first be considered?
A cybersecurity architecture designed around the concept
System-centric
of a perimeter is said to be:
A passive network hub operates at which layer of the OSI
Physical
model?
Updates in cloud-computing environments can be rolled
homogeneous
out quickly because the environment is:
, During which phase of the six-phase incident response
Eradication
model is the root cause determined?
The attack mechanism directed against a system is com-
Payload
monly called a(n):
Where should an organization's network terminate virtual
At the perimeter, to allow for effective internal monitoring
private network (VPN) tunnels?
Asymmetric key encryption is used to securely obtain sym-
In practical applications:
metric keys
Which two factors are used to calculate the likelihood of
Threat and vulnerability
an event?
What kind of anti-malware program evaluates system
Heuristic
processes based on their observed behaviors?
A business continuity plan (BCP) is not complete unless it
detailed procedures
includes:
Under the US-CERT model for incident categorization, a
Malicious code
CAT-3 incident refers to which of the following?
An interoperability error is what type of vulnerability? Emergent
Securing Supervisory Control and Data Acquisition (SCA- Operate in specialized environments and often have
DA) systems can be challenging because they: non-standard design elements
Virtual systems should be managed using a dedicated Insecure protocols could result in a compromise of privi-
virtual local area network (VLAN) because: leged user credentials
Which of the following is the best definition for cyberse-
curity?
A. The protection of information from unauthorized access B. Protecting information assets by addressing threats to
or disclosure information that is processed, stored, or transported by
B. Protecting information assets by addressing threats to internet worked systems
information that is processed, stored, or transported by
internet worked systems
2/7
Who has the greatest influence over access security in a
Users
password authentication environment?
Which of the following interpret requirements and apply
Standards
them to specific situations?
Business continuity plans (BCPs) associated with orga-
nizational information systems should be developed pri- Business needs
marily on the basis of:
A segmented network: Consists of two or more security zones
Which cybersecurity principle is most important when
Nonrepudiation
attempting to trace the source of malicious activity?
Which of the following offers the strongest protection for
Wireless Protected Access 2 (WPA2)
wireless network traflc?
Outsourcing poses the greatest risk to an organization
Core business functions
when it involves:
Risk assessments should be performed: on a regular basis
Maintaining a high degree of confidence regarding the
Chain of custody
integrity of evidence requires a(n):
A firewall that tracks open connection-oriented protocol
Stateful
sessions is said to be:
During which phase of the system development lifecycle
Planning
(SDLC) should security first be considered?
A cybersecurity architecture designed around the concept
System-centric
of a perimeter is said to be:
A passive network hub operates at which layer of the OSI
Physical
model?
Updates in cloud-computing environments can be rolled
homogeneous
out quickly because the environment is:
, During which phase of the six-phase incident response
Eradication
model is the root cause determined?
The attack mechanism directed against a system is com-
Payload
monly called a(n):
Where should an organization's network terminate virtual
At the perimeter, to allow for effective internal monitoring
private network (VPN) tunnels?
Asymmetric key encryption is used to securely obtain sym-
In practical applications:
metric keys
Which two factors are used to calculate the likelihood of
Threat and vulnerability
an event?
What kind of anti-malware program evaluates system
Heuristic
processes based on their observed behaviors?
A business continuity plan (BCP) is not complete unless it
detailed procedures
includes:
Under the US-CERT model for incident categorization, a
Malicious code
CAT-3 incident refers to which of the following?
An interoperability error is what type of vulnerability? Emergent
Securing Supervisory Control and Data Acquisition (SCA- Operate in specialized environments and often have
DA) systems can be challenging because they: non-standard design elements
Virtual systems should be managed using a dedicated Insecure protocols could result in a compromise of privi-
virtual local area network (VLAN) because: leged user credentials
Which of the following is the best definition for cyberse-
curity?
A. The protection of information from unauthorized access B. Protecting information assets by addressing threats to
or disclosure information that is processed, stored, or transported by
B. Protecting information assets by addressing threats to internet worked systems
information that is processed, stored, or transported by
internet worked systems
2/7
