CompTIA Cybersecurity Analyst (CySA+) - Module 4: Security Architecture and Tool Sets updated 2022

CompTIA Cybersecurity Analyst (CySA+) - Module 4: Security Architecture and Tool Sets updated 2022Which framework was designed to widen the focus of an organization to overall architecture? COBIT TOGAF SABSA ITIL TOGAF (The Open Group Architecture Framework) The procedures in place to test controls need to be examined only by internal parties to ensure security. True False False Which policies are responsible for securing employee profiles? Account Management Policy Acceptable Use Policy Data Ownership Policy Password Policy Account Management Policy & Password Policy Which type of control would a software in charge of managing who has access to the network be? Administrative Control Defined Parameters Logical Control Physical Control Logical Control Audits should be done by a third party to get a more accurate result. True False True What type of verification method is based on a judgement call? Assessments Audit Evaluation Certification Evaluation Which framework is distinguished by focusing exclusively on IT security? NIST TOGAF ISO ITIL NIST (National Institute of Standards and Technology) What procedure is responsible for supplementing a lack of controls? Patching Managing Exceptions Control Testing Procedures Compensation Control Development Compensation Control Development Which policy might govern how guests may use the companies WiFi? Data Retention Policy Account Management Policy Acceptable Use Policy Data Ownership Policy Acceptable Use Policy A guideline is an adamant step by step listing of actions to be completed for a given task. True False False In which procedure is everyone in the company told how to react and alert proper members of staff? Evidence Production Continuous Monitoring Remediation Plans Managing Exceptions Evidence Production Which framework is distinguished by providing information assurance and is driven by risk analysis? TOGAF ITIL NIST SABSA SABSA (Sherwood Applied Business Security Architecture) In which procedure do all factors need to be considered compared and tested before a decision is made? Managing Exceptions Remediation Plans Evidence Production Continuous Monitoring Remediation Plans What are reasons that data should be retained past it's first use? (Choose Several) Meeting legal and company policies Keeping the data from being abused Leverage Backups for frequently changed files Meeting legal and company policies & Backups for frequently changed files In which procedure are those involved given limited knowledge to develop from? Evidence Production Compensation Control Testing Procedures Managing Exceptions Testing Procedures An evaluation is scored against a benchmark or checklist. True False False Which procedure is typically put into place because it is virtually impossible to perfectly match an entire environment? Patching Continuous Monitoring Compensation Control Managing Exceptions Managing Exceptions Which of these frameworks are commercial and must be purchased? NIST ISO COBIT SABSA ISO (International Organization for Standardization) & COBIT (Control Objectives for Information and Related Technologies) The Data Ownership Policy includes both acquisition and destruction of data. True False False What policy determines how new users are provisioned/deprovisioned? Account Management Policy Data Ownership Policy Acceptable Use Policy Password Policy Account Management Policy What assesses how well developed an organization's security capabilities are? Audits Remediation Plans Maturity Model Maturity Model When attempting to provide defense in depth for personnel which of the following controls can be put into place? Choose all that apply. Dual Control Scheduled Review Training Cryptography Dual Control & Training Network segmentation can be used in addition to security appliances in order to protect a network. True False True Defense in depth is less of a necessity and more of a way for large companies who have extra funds to better secure their network True False False Any singular technology can fail which leads to the necessity of defense in depth True False True Which part of continual improvement is implemented to address old processes that are no longer efficient? Scheduled Review Manual Review Succession Planning Retirement of processes Retirement of processes Which of the following is the purpose of a mandatory vacation? To relieve employee stress To allow servers to be updated To prevent collusion between employees To audit employees while they are out of work To audit employees while they are out of work Job rotation and separation of duties should be paired with which of the following controls? Scheduled Review Mandatory Vacation Cross Training Dual Control Cross Training A good example of separation of duties is one person signing checks and another managing inventory. True False False Training should have a measurable metric to determine how effective it is such as certifications. True False True Which of the following situations call for proper succession planning to be implemented? Choose all that apply A new employee is hired An employee is unreachable during an incident An employee quits suddenly An employee is trying to move to a new project A new employee is hired & An employee quits suddenly