CYSA EXAM QUESTIONS AND ANSWERS

Which one of the following objectives is not one of the three main objectives that information security professionals must achieve to protect their organizations against cybersecurity threats? - Answer-nonrepudiation Tommy is assessing the security database servers in his datacenter and realizes that one of them is missing a critical Oracle security patch. What type of situation has Tommy detected? - Answer-vulnerability Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to follow the standard process proposed by NIST, which one of the following steps would come first? - Answer-Identify threats Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure of her city's power grid might have on the organization. What type of threat is she considering? - Answer-environmental Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent and targeting of the threat source? - Answer-adversarial Vincent is responding to a security incident that compromised one of his organization's web servers. He does not believe that the attackers modified or stole any information, but they did disrupt access to the organization's website. What cybersecurity objective did this attack violate? - Answer-availability Which one of the following is an example of an operational security control? - Answer-penetration tests Encryption software, network firewalls, and antivirus software are all examples of _________________ security controls. - Answer-technical Paul recently completed a risk assessment and determined that his network was vulne