WGU 178 comptia CE Security+ Domain 5.0
certmaster Certification Exam Questions
Review and Answers 2024/2025
A technician prepares a presentation to the board of directors on the variances between
compliance reporting and monitoring after the board receives word that the company did
poorly on its last assessment. What are the tenets of compliance reporting? (Select the
two best options.) - correct answer A. It aims to assess and disclose an organization's
compliance status.
B. It promotes accountability, transparency, and effective compliance management.
A healthcare organization is developing its data privacy and security strategy. The
leadership team is exploring different methods to monitor, evaluate, and improve
security practices to ensure compliance with the Health Insurance Portability and
Accountability Act (HIPAA). What would be the MOST appropriate measure to maintain
and oversee its privacy and security controls? - correct answer A. Establishing an audit
committee
The IT department in a technology company is finalizing an agreement with a cloud
service provider to host sensitive customer data. The company's legal team is drafting
the contract, which includes a service level agreement (SLA) and a non-disclosure
agreement (NDA). Which of the following explanations MOST accurately demonstrates
the primary purpose of including an NDA in the contract with the cloud service provider?
- correct answer B. To protect the confidentiality of the company's data and proprietary
information
An organization is restructuring its IT governance framework to improve its
cybersecurity strategy. The organization has several distributed offices across various
geographical regions, each having a unique set of IT policies and infrastructure. The
cybersecurity lead aims to increase control and consistency over the security practices
in each office while retaining some autonomy for the individual offices to manage their
specific risks. Which governance structure aligns with the objectives of the cybersecurity
lead and effectively mitigates risks associated with the security practices at each office?
- correct answer A. Change Control Board (CCB) (incorrect)
, A tech start-up company is considering deploying a new email system. The start-up is
currently identifying risks associated with the potential downtime of the new system and
considering the costs for each event. What metric should the company utilize during this
process? - correct answer B. Single Loss Expectancy
A medium-sized organization is undergoing an audit for its information security
practices. As a security analyst, the auditor seeks to assess the organization's use of an
Acceptable Use Policy (AUP). What crucial aspect of the AUP should the auditor focus
on to ensure the organization meets the standards set for information security? -
correct answer A. The AUP includes clear consequences for noncompliance.
In a cybersecurity firm, the IT department is preparing for a penetration testing
engagement to assess the organization's security posture. The team has decided to
conduct an external penetration test on the company's public-facing web applications
and networks. The primary goal is to identify vulnerabilities and potential entry points for
attackers. To ensure a smooth testing process and avoid misunderstandings, the IT
team has collaborated with the company's management and relevant stakeholders to
establish the assessment's rules of engagement (ROE). What is the purpose of
establishing ROE in a penetration testing engagement? - correct answer A. To define
the scope of the assessment, testing methods, and timeframe for conducting the test
The IT department at a governmental agency is actively responsible for ensuring the
security of the agency's sensitive information and physical assets. Recently, concerns
have arisen about unauthorized access to certain restricted areas within the building. To
address this issue, the IT team is implementing access control measures to enhance
physical security. The main objective is to restrict entry to authorized personnel only and
prevent unauthorized individuals from gaining access to sensitive areas. What access
control measures could the IT department implement in the office building to enhance
physical security and prevent unauthorized access to restricted areas? - correct
answer A. Biometric authentication system using fingerprint scanning
The IT department at a multinational organization is evaluating potential risks
associated with implementing a new network infrastructure. This includes identifying
potential vulnerabilities, estimating potential downtime, and assessing the financial
impact of potential cyberattacks. Which type of risk assessment BEST suits the
organization's requirements? - correct answer B. Quantitative risk assessment
certmaster Certification Exam Questions
Review and Answers 2024/2025
A technician prepares a presentation to the board of directors on the variances between
compliance reporting and monitoring after the board receives word that the company did
poorly on its last assessment. What are the tenets of compliance reporting? (Select the
two best options.) - correct answer A. It aims to assess and disclose an organization's
compliance status.
B. It promotes accountability, transparency, and effective compliance management.
A healthcare organization is developing its data privacy and security strategy. The
leadership team is exploring different methods to monitor, evaluate, and improve
security practices to ensure compliance with the Health Insurance Portability and
Accountability Act (HIPAA). What would be the MOST appropriate measure to maintain
and oversee its privacy and security controls? - correct answer A. Establishing an audit
committee
The IT department in a technology company is finalizing an agreement with a cloud
service provider to host sensitive customer data. The company's legal team is drafting
the contract, which includes a service level agreement (SLA) and a non-disclosure
agreement (NDA). Which of the following explanations MOST accurately demonstrates
the primary purpose of including an NDA in the contract with the cloud service provider?
- correct answer B. To protect the confidentiality of the company's data and proprietary
information
An organization is restructuring its IT governance framework to improve its
cybersecurity strategy. The organization has several distributed offices across various
geographical regions, each having a unique set of IT policies and infrastructure. The
cybersecurity lead aims to increase control and consistency over the security practices
in each office while retaining some autonomy for the individual offices to manage their
specific risks. Which governance structure aligns with the objectives of the cybersecurity
lead and effectively mitigates risks associated with the security practices at each office?
- correct answer A. Change Control Board (CCB) (incorrect)
, A tech start-up company is considering deploying a new email system. The start-up is
currently identifying risks associated with the potential downtime of the new system and
considering the costs for each event. What metric should the company utilize during this
process? - correct answer B. Single Loss Expectancy
A medium-sized organization is undergoing an audit for its information security
practices. As a security analyst, the auditor seeks to assess the organization's use of an
Acceptable Use Policy (AUP). What crucial aspect of the AUP should the auditor focus
on to ensure the organization meets the standards set for information security? -
correct answer A. The AUP includes clear consequences for noncompliance.
In a cybersecurity firm, the IT department is preparing for a penetration testing
engagement to assess the organization's security posture. The team has decided to
conduct an external penetration test on the company's public-facing web applications
and networks. The primary goal is to identify vulnerabilities and potential entry points for
attackers. To ensure a smooth testing process and avoid misunderstandings, the IT
team has collaborated with the company's management and relevant stakeholders to
establish the assessment's rules of engagement (ROE). What is the purpose of
establishing ROE in a penetration testing engagement? - correct answer A. To define
the scope of the assessment, testing methods, and timeframe for conducting the test
The IT department at a governmental agency is actively responsible for ensuring the
security of the agency's sensitive information and physical assets. Recently, concerns
have arisen about unauthorized access to certain restricted areas within the building. To
address this issue, the IT team is implementing access control measures to enhance
physical security. The main objective is to restrict entry to authorized personnel only and
prevent unauthorized individuals from gaining access to sensitive areas. What access
control measures could the IT department implement in the office building to enhance
physical security and prevent unauthorized access to restricted areas? - correct
answer A. Biometric authentication system using fingerprint scanning
The IT department at a multinational organization is evaluating potential risks
associated with implementing a new network infrastructure. This includes identifying
potential vulnerabilities, estimating potential downtime, and assessing the financial
impact of potential cyberattacks. Which type of risk assessment BEST suits the
organization's requirements? - correct answer B. Quantitative risk assessment
