CERTMASTER CE SECURITY+ DOMAIN 5.0
Questions with Correct Answers
100% Verified Graded A+
1. In a technology company, the IT department is evaluating potential vendors for a new
cloud-based service. The IT team has narrowed down its options
to three vendors, each offering various features and security measures. The company's
management is particularly concerned about data security and wants to ensure the right
to audit vendors' security practices. What is the significance of including a strong right-to-
audit clause in a vendor contract for a technology company?
Answer: C. Allows company to assess vendor's security controls regularly
2. The IT department in a technology company is finalizing an agreement with a cloud
service provider to host sensitive customer data.The company's legal team is drafting the
contract, which includes a service level agreement (SLA) and a non-disclosure agreement
(NDA). Which of the following explanations MOST accurately demonstrates the primary
purpose of including an NDA in the contract with the cloud service provider?
Answer: B. To protect the confidentiality of the company's data and proprietary
1/
16
,information
3. A cyber team evaluates areas that pose more risk of becoming noncom- pliant. What
is the ramification of indemnification?
Answer: D. unauthorized sharing or usage - INCORRECT
4. A company is evaluating its risk management approach. It wants to develop a strategy
that balances between mitigating risks and exploiting opportunities without bias toward
risk avoidance or risk acceptance. Which type of risk management strategy MOST
effectively meets their needs?
Answer: A. Neutral strategy
5. A company determines a certain level of risk that, once exceeded, requires immediate
action or reconsideration of the initiative.The company takes pride in its cautious
approach to business and generally avoids high-risk activities. Which of the following
should the company employ to align with its desired risk management approach?
Answer: A. Risk mitigation - INCORRECT
6. A cybersecurity team is investigating a complex cyber threat landscape for a large
financial institution.The team is aware of some potential threats due to previous
encounters and security measures in place, but the evolving nature of the landscape
presents new threats and challenges. What type of cyber environment is the team
2/
16
, dealing with?
Answer: D. Partially known ENVIRONMENT
7. As an integral part of compliance monitoring, what requires individuals or entities to
announce their understanding of compliance obligations formal- ly?
Answer: A. Attestation and acknowledgment
8. A company is evaluating the potential outcomes of a certain risk event. It estimates
that if the event occurs, it could lead to a financial loss measured in dollars.Which of the
following outcomes can the company conclude in this
scenario?
Answer: B. Risk tolerance - INCORRECT
A. Annualized Loss Expectancy - INCORRECT
9. A large organization protects sensitive data and prevents unauthorized access. The
management is implementing a robust security framework to ensure compliance with
industry regulations and safeguard critical assets. As part of this initiative, the IT
department is drafting a comprehensive set of guidelines and rules that outline the
acceptable use of company resources, including networks, computers, and data.These
guidelines will create a secure environment by defining the responsibilities and expected
behaviors of all employees regarding information security.What is the IT department
3/
16
Questions with Correct Answers
100% Verified Graded A+
1. In a technology company, the IT department is evaluating potential vendors for a new
cloud-based service. The IT team has narrowed down its options
to three vendors, each offering various features and security measures. The company's
management is particularly concerned about data security and wants to ensure the right
to audit vendors' security practices. What is the significance of including a strong right-to-
audit clause in a vendor contract for a technology company?
Answer: C. Allows company to assess vendor's security controls regularly
2. The IT department in a technology company is finalizing an agreement with a cloud
service provider to host sensitive customer data.The company's legal team is drafting the
contract, which includes a service level agreement (SLA) and a non-disclosure agreement
(NDA). Which of the following explanations MOST accurately demonstrates the primary
purpose of including an NDA in the contract with the cloud service provider?
Answer: B. To protect the confidentiality of the company's data and proprietary
1/
16
,information
3. A cyber team evaluates areas that pose more risk of becoming noncom- pliant. What
is the ramification of indemnification?
Answer: D. unauthorized sharing or usage - INCORRECT
4. A company is evaluating its risk management approach. It wants to develop a strategy
that balances between mitigating risks and exploiting opportunities without bias toward
risk avoidance or risk acceptance. Which type of risk management strategy MOST
effectively meets their needs?
Answer: A. Neutral strategy
5. A company determines a certain level of risk that, once exceeded, requires immediate
action or reconsideration of the initiative.The company takes pride in its cautious
approach to business and generally avoids high-risk activities. Which of the following
should the company employ to align with its desired risk management approach?
Answer: A. Risk mitigation - INCORRECT
6. A cybersecurity team is investigating a complex cyber threat landscape for a large
financial institution.The team is aware of some potential threats due to previous
encounters and security measures in place, but the evolving nature of the landscape
presents new threats and challenges. What type of cyber environment is the team
2/
16
, dealing with?
Answer: D. Partially known ENVIRONMENT
7. As an integral part of compliance monitoring, what requires individuals or entities to
announce their understanding of compliance obligations formal- ly?
Answer: A. Attestation and acknowledgment
8. A company is evaluating the potential outcomes of a certain risk event. It estimates
that if the event occurs, it could lead to a financial loss measured in dollars.Which of the
following outcomes can the company conclude in this
scenario?
Answer: B. Risk tolerance - INCORRECT
A. Annualized Loss Expectancy - INCORRECT
9. A large organization protects sensitive data and prevents unauthorized access. The
management is implementing a robust security framework to ensure compliance with
industry regulations and safeguard critical assets. As part of this initiative, the IT
department is drafting a comprehensive set of guidelines and rules that outline the
acceptable use of company resources, including networks, computers, and data.These
guidelines will create a secure environment by defining the responsibilities and expected
behaviors of all employees regarding information security.What is the IT department
3/
16
