Security, Part 1 & 2 2026
Which of the following is a correct statement about the balance among prevention,
detection, and response (PDR)?
a) If preventive measures are in place, it is not necessary to have measures focused
on detection and response.
b) If detection and response measures are in place, it is not necessary to have
measures devoted to prevention.
c) The greater the sensitivity and quantity of the data at issue, the more carefully the
balance among these three must be evaluated.
d) Organizations have no discretion in deciding their levels of security practice. -
answerc) The greater the sensitivity and quantity of the data at issue, the more
carefully the balance among these three must be evaluated
Which of these is not generally a good practice for telephone use?
a) Whenever possible, telephone conversations involving sensitive information are
conducted in non-public areas, where they cannot be overheard.
b) When discussing confidential information on the phone, the other person's identity
is confirmed before proceeding with the conversation.
c) Using voicemail systems and answering machines that do not require a password
or PIN for access.
d) Only names and callback numbers are left on voicemail or answering machines --
or with the person that takes the message -- if someone cannot be reached directly. -
answerc) Using voicemail systems and answering machines that do not require a
password or PIN for access.
Security measures are sometimes described as a combination of physical, technical,
and administrative (PTA) safeguards. Which of these would be considered a
technical safeguard?
a) Locked doors and other physical barriers.
b) Policies about who is granted access to what types of data.
c) Measures including device data encryption, anti-malware software, and
communications encryption.
d) Legal-regulatory requirements. - answerc) Measures including device data
encryption, anti-malware software, and communications encryption.
Information security's goals are sometimes described by the letters "CIA." Which of
the following is correct definition of C, I, or A?
a) I is for Integrity, which refers to the accuracy of the data for its intended use, the
security-equivalent of terms like validity and reliability.