Fundamentals of Information Security
C836 with 100% correct answers
Updated 2024
A bank wants to ensure user interactions with the online banking website are confidential.
Which security solution should be implemented? - ANSWER-SSL/TLS
A bank website accepts online loan applications. It requires applicants to review and sign a disclosure
document explaining the organization's information sharing practice.
Which federal law protects consumer's financial information? - ANSWER-GLBA
A company developing and distributing open-source applications realizes that attackers are copying
the publicly available, open-source code and inserting malware into the code.
Which type of cryptographic tool should the company use to protect the integrity of its open-source
applications? - ANSWER-Hash Functions
A company has an annual audit of installed software and data storage systems. During the audit, the
auditor asks how the company's most critical data is used. This determination helps the auditor
ensure that the proper defence mechanisms are in place to protect critical data.
Which principle of the Parkerian hexad is the auditor addressing? - ANSWER-Utility
A company has files stored on a server that are critical to the organization's viability. The
administrator has assigned the appropriate permissions to files.
How should the administrator provide additional confidentiality protection for the files at rest? -
ANSWER-File encryption
A company has had several successful denial of service attacks on its email server.
, Which security principle is being attacked? - ANSWER-Availability
A company has instituted a policy to prevent data leakage. The policy requires that any data stored
on USB storage devices must be encrypted with at least 256-bit encryption.
Which principle that is part of the Parkerian Hexad but not the CIA triad would be violated if one of
these devices was stolen? - ANSWER-Possession
A company has just completed an audit of disaster strategies. The company has decided it must keep
and be able to retrieve backup data for a period of 30 years. The company has implemented tape
backups using 8mm digital audio tapes.
Which factor could impact the company's ability to access information from the backup tapes? -
ANSWER-Technical obsolescence
A company implements an internet-facing web server for its sales force to review product
information. The sales force can also update its profiles and profile photos, but not the product
information. There is no other information on this server.
Which content access permissions should be granted to the sales force based on the principle of
least privilege? - ANSWER-Read and limited write access
A company institutes a new policy that "All office computer monitors must face toward employees
and must face away from doorways. The monitor screens must not be visible to people visiting the
office."
Which principle of the CIA triad is this company applying? - ANSWER-Confidentiality
A company is concerned about potential phishing attacks through email. As a result, a new company
policy dictates that all email must be digitally signed before it is sent to any customers or partners.
Which security principle that is part of Parkerian Hexad but not part of the CIA triad is precipitating
this policy change? - ANSWER-Authenticity
A company wants to update its access control policy. The company wants to prevent hourly
employees from logging in to company computers after business hours.
C836 with 100% correct answers
Updated 2024
A bank wants to ensure user interactions with the online banking website are confidential.
Which security solution should be implemented? - ANSWER-SSL/TLS
A bank website accepts online loan applications. It requires applicants to review and sign a disclosure
document explaining the organization's information sharing practice.
Which federal law protects consumer's financial information? - ANSWER-GLBA
A company developing and distributing open-source applications realizes that attackers are copying
the publicly available, open-source code and inserting malware into the code.
Which type of cryptographic tool should the company use to protect the integrity of its open-source
applications? - ANSWER-Hash Functions
A company has an annual audit of installed software and data storage systems. During the audit, the
auditor asks how the company's most critical data is used. This determination helps the auditor
ensure that the proper defence mechanisms are in place to protect critical data.
Which principle of the Parkerian hexad is the auditor addressing? - ANSWER-Utility
A company has files stored on a server that are critical to the organization's viability. The
administrator has assigned the appropriate permissions to files.
How should the administrator provide additional confidentiality protection for the files at rest? -
ANSWER-File encryption
A company has had several successful denial of service attacks on its email server.
, Which security principle is being attacked? - ANSWER-Availability
A company has instituted a policy to prevent data leakage. The policy requires that any data stored
on USB storage devices must be encrypted with at least 256-bit encryption.
Which principle that is part of the Parkerian Hexad but not the CIA triad would be violated if one of
these devices was stolen? - ANSWER-Possession
A company has just completed an audit of disaster strategies. The company has decided it must keep
and be able to retrieve backup data for a period of 30 years. The company has implemented tape
backups using 8mm digital audio tapes.
Which factor could impact the company's ability to access information from the backup tapes? -
ANSWER-Technical obsolescence
A company implements an internet-facing web server for its sales force to review product
information. The sales force can also update its profiles and profile photos, but not the product
information. There is no other information on this server.
Which content access permissions should be granted to the sales force based on the principle of
least privilege? - ANSWER-Read and limited write access
A company institutes a new policy that "All office computer monitors must face toward employees
and must face away from doorways. The monitor screens must not be visible to people visiting the
office."
Which principle of the CIA triad is this company applying? - ANSWER-Confidentiality
A company is concerned about potential phishing attacks through email. As a result, a new company
policy dictates that all email must be digitally signed before it is sent to any customers or partners.
Which security principle that is part of Parkerian Hexad but not part of the CIA triad is precipitating
this policy change? - ANSWER-Authenticity
A company wants to update its access control policy. The company wants to prevent hourly
employees from logging in to company computers after business hours.
