Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

CPCU 500 Exam & Practice Exam Questions and Answers Practice Questions with Solutions Newest | Already Graded A+

Puntuación
-
Vendido
-
Páginas
70
Grado
A+
Subido en
10-06-2026
Escrito en
2025/2026

CPCU 500 Exam & Practice Exam Questions and Answers Practice Questions with Solutions Newest | Already Graded A+

Institución
CPCU 500
Grado
CPCU 500

Vista previa del contenido

CPCU 500 Exam & Practice Exam Questions and
Answers Practice Questions with Solutions Newest |
Already Graded A+


1. Which software development vulnerability arises when multiple processes control or share
access to a resource, and the correct handling of that resource depends on the proper ordering or
timing of transactions?

A. Deadlocks
B. Buffer overflows
C. SQL injection
D. Race conditions

Answer: D
Rationale: Race conditions occur when the behavior of software depends on the timing or sequence of
uncontrollable events, such as thread scheduling. The correct answer is 'Race conditions' because they
specifically involve multiple processes competing for shared resources, leading to unpredictable
outcomes if not properly synchronized.


2. Which type of tool is specifically designed to identify vulnerabilities in source code that arise
from improper handling of user input?
A. Static analysis tool
B. Code linter
C. Fuzzer
D. Debugger

Answer: C
Rationale: A fuzzer is a testing tool that injects malformed or unexpected input into a program to detect
vulnerabilities such as buffer overflows or injection flaws, which often result from improper input
handling. Unlike static analysis tools, debuggers, or linters, fuzzers actively test runtime behavior with
varied inputs to uncover these specific issues.


3. A petroleum company uses a group of computers to monitor material flow in its refining process.
These computers are never connected to the internet or any other corporate network, and they host
proprietary monitoring software that the company has registered as a trade secret. Which type of
security is most effective in protecting this software from theft?

A. Endpoint
B. Physical
C. Network
D. Application

Answer: B



Page 1

,Rationale: Physical security is the correct answer because the computers are isolated from networks, so the primary threat
is unauthorized physical access. Network, application, and endpoint security are irrelevant or insufficient when the system is
air-gapped and the software is a trade secret.


4. Which of the following steps in the access control process involves tracking and logging user
actions to ensure responsibility for actions taken?
A. Authentication
B. Identification
C. Authorization
D. Accountability

Answer: D
Rationale: The sequence 1-Identification, 2-Authentication, 3-Authorization, 4-Access corresponds to the
IAAA model, where Accountability is the fourth step after Access, not part of the sequence. However,
among the options, Accountability is the closest match to the given list, as it is often associated with
access control.


5. Confidential Services Inc. is a military-support organization with 1,400 internet-connected
computers and 250 servers. All employees must hold security clearances. Which access control
model is most appropriate for this environment?

A. Mandatory access control
B. Role-based access control
C. Discretionary access control
D. Rule-based access control

Answer: C
Rationale: Discretionary access control (DAC) allows data owners to set permissions, which is suitable
here because employees with clearances can be trusted to manage access to sensitive information.
Mandatory access control would be too rigid for a military-support branch, while role-based and
rule-based models are less flexible for this context.


6. What term describes the proper attribution to the owner or creator of data?
A. Integrity
B. Availability
C. Confidentiality
D. Authenticity

Answer: D
Rationale: Attribution refers to giving proper credit to the owner or creator of data, which is a key
principle in data ethics and copyright. The other options do not directly relate to ownership or credit.


7. A security awareness training module depicts an employee using a hardware token for
two-factor authentication. Which specific security weakness is this module designed to address?
A. Weak passwords
B. Malware infections




Page 2

,C. Insider threats
D. Phishing attacks

Answer: A
Rationale: Two-factor authentication adds an extra layer of security beyond just a password, directly
mitigating the risk of weak or compromised passwords. Phishing, insider threats, and malware are not
directly addressed by the use of a hardware token.


8. What is the definition of competitive intelligence?
A. The use of intuition and experience to predict market trends
B. The process of gathering and analyzing information to support business decisions
C. The practice of spying on competitors to obtain trade secrets
D. The collection of historical financial data for annual reports

Answer: B
Rationale: Competitive intelligence specifically focuses on gathering and analyzing information about
competitors and the market to gain a strategic advantage. Option C accurately defines this, while option
A is too broad and could apply to general business intelligence.


9. Which organization audits other companies for licensing requirements?
A. BSA
B. SEC
C. ISO
D. FTC

Answer: A
Rationale: The BSA (Business Software Alliance) is known for conducting audits to ensure software
licensing compliance. ISO sets standards but does not audit for licensing, the FTC enforces consumer
protection laws, and the SEC regulates securities markets.


10. Which authentication factor can prevent a man-in-the-middle attack?
A. Something you know
B. Somewhere you are
C. Something you have
D. Something you are

Answer: A
Rationale: A man-in-the-middle attack intercepts communication between two parties. 'Something you
know' (e.g., a password) is vulnerable to interception, but when combined with other factors in
multi-factor authentication, it helps prevent such attacks. However, the question asks which factor can
prevent it, and 'something you know' alone is the correct answer because it is the only factor listed that
is directly involved in authentication protocols that can resist MITM when used properly.


11. Which term describes the existence of evidence that prevents an individual from denying that
they made a statement or took an action?
A. Confidentiality



Page 3

, B. Authentication
C. Nonrepudiation
D. Integrity

Answer: C
Rationale: Nonrepudiation ensures that an individual cannot deny having made a statement or taken an
action, often through digital signatures or logs. The other options relate to verifying identity,
permissions, and data accuracy, but not to denying actions.


12. What is the definition of information security?
A. Guaranteeing the confidentiality, integrity, and availability of data at all times.
B. Preventing all forms of cyber attacks on network infrastructure.
C. Protecting information and information systems from unauthorized access, use, disclosure, disruption,
modification, or destruction.
D. Ensuring that only authorized users can access physical documents.

Answer: C
Rationale: The correct answer encompasses the full scope of information security, including protection
against various threats like unauthorized access, use, disclosure, disruption, modification, or
destruction. The distractors are incomplete or overly specific; for example, the third distractor mentions
CIA triad but omits the broader range of protective measures.


13. Which of the following options includes all three types of physical security controls: deterrent,
detective, and preventive?
A. fence with barbed wire
B. motion-activated light
C. security camera
D. guard dog

Answer: D
Rationale: A guard dog serves as a deterrent (its presence discourages intruders), a detective control (it
barks to alert of an intrusion), and a preventive control (it can physically stop an intruder). Security
cameras are primarily detective, fences are preventive, and motion-activated lights are deterrent and
detective but not preventive.


14. Something that has the potential to cause harm to our assets is known as a(n):
A. Risk
B. Impact
C. Hazard
D. Peril

Answer: B
Rationale: In risk management, 'impact' refers to the potential harm or loss that could affect assets. A
hazard is a condition that increases the likelihood of a loss, a peril is the direct cause of a loss, and risk
is the uncertainty about a loss. Thus, impact is the correct term for potential harm.




Page 4

Escuela, estudio y materia

Institución
CPCU 500
Grado
CPCU 500

Información del documento

Subido en
10 de junio de 2026
Número de páginas
70
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$20.49
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor
Seller avatar
Goldenpass

Conoce al vendedor

Seller avatar
Goldenpass Arizona university of allied health
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
-
Miembro desde
2 año
Número de seguidores
1
Documentos
134
Última venta
-

0.0

0 reseñas

5
0
4
0
3
0
2
0
1
0

Recientemente visto por ti

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes