QUESTIONS AND CORRECT VERIFIED
ANSWERS|GRADED A| CYBER SECURITY MANAGEMENT
(GUARANTEED SUCCESS)
A business impact analysis (BIA) is an important part of a _____________, and it
can also be part of a __________. - ANSWER-business continuity plan, disaster
recovery plan
A technician in a large corporation fixes a printer that was not receiving an IP
address automatically by manually assigning it an address. The address was
assigned to a server that was offline and being upgraded. When the server was
brought online, it was no longer accessible. How could this problem have been
avoided? - ANSWER-Through change management
A(n) _________ is the likelihood that something unexpected is going to occur. -
ANSWER-risk
True or False? The amount spent on controls should be proportional to the risk,
which is known as the principle of proportionality - ANSWER-True
True or False? When system configuration is standardized, systems are easier to
troubleshoot and maintain. - ANSWER-True
True or False? A server's attack surface refers to how many services can be
attacked on a server. - ANSWER-True
,True or False? Malware cannot threaten the Workstation Domain of a typical IT
security infrastructure if the other domains are secure. - ANSWER-False
_________ are acts that are hostile to an organization. - ANSWER-Intentional
Threats
A(n) _________ is the likelihood that something unexpected is going to occur. -
ANSWER-Risk
Which of the following is often the weakest link in IT security? - ANSWER-
People
True or False? There is no difference between power of attorney and general power
of attorney. - ANSWER-False
Jonathan is a security professional. He is part of a small group of people launching
a startup company that will handle patient medical information. Jonathan is
attempting to determine threats the company may face, criteria that will allow each
threat to succeed, and the potential result. Which of the following would be most
useful to Jonathan? - ANSWER-Cause and Effect Diagram
The Family Educational Rights and Privacy Act (FERPA) applies to all of the
following, except: - ANSWER-a medical center that hired recent nursing graduates
True or False? The scope identifies the boundaries of a risk management plan. -
ANSWER-True
,Which of the following best describes the purpose of the Health Insurance
Portability and Accountability Act (HIPAA)? - ANSWER-It helps to protect health
information.
True or False? A locked door is an example of a technical control. - ANSWER-
False
Alice is a security professional. While writing a risk assessment report, she is
defining what the current email system does. She is using statements such as
"Accepting email from external email servers and routing to internal clients" and
"Scanning all email attachments and removing malware." Which of the following
is she most likely defining? - ANSWER-The mission of the system
True or False? All IT services and servers are equally critical. - ANSWER-False
A(n) ___________________ is performed to identify and evaluate risks. -
ANSWER-Risk Assessment
____________ is the process of determining fair market value of an asset. -
ANSWER-Asset Valuation
Carl is a security specialist. He is updating the organization's hardware inventory in
the asset management system. Which of the following would be least helpful to
record? - ANSWER-A competitors product
True or False? Risk can be shared or transferred by purchasing insurance. -
ANSWER-True
, True or False? Literary and artistic works are examples of intellectual property. -
ANSWER-True
Hajar is a security specialist. Her organization has about 500 systems that must be
tracked for inventory purposes. She is preparing an email to her manager that
describes the benefits of including specific details about software in the inventory,
as well as the use of an automated asset management system. Which of the
following is not one of those benefits? - ANSWER-The frequency of operating
system upgrades will be reduced.
The term "big data" is most closely associated with: - ANSWER-large databases
_________ is the process of creating a list of threats. - ANSWER-Threat
identification
_____________ is the likelihood that a threat will exploit a vulnerability. -
ANSWER-Probability
A ___________ plan can help you identify steps needed to restore a failed system.
- ANSWER-Disaster Recovery
A _____________ policy governs how patches are understood, tested, and rolled
out to systems and clients. - ANSWER-patch recovery
True or False? The primary mission of the United States Computer Emergency
Readiness Team (US-CERT) is to provide response support and defense against
cyberattacks. - ANSWER-True