CERTMASTER CE SECURITY+ DOMAIN
5.0|QUESTION WITH CORRECT ANSWERS
A company identifies a potential security risk with the implementation of a new system. After
assessing the risk, the company decides to halt deployment and not to proceed with the
system's introduction to avoid the risks altogether. Which risk management strategy is the
company employing? - ✔️✔️D. Avoidance
A newly developed company wants to shock the industry by offering products that others deem
as having more risks than other products. In understanding risk appetite, which best describes
the level of appetite for the company launching new products, entering new markets, or
making major corporate acquisitions? - ✔️✔️A. Expansionary
A healthcare organization is developing its data privacy and security strategy. The leadership
team is exploring different methods to monitor, evaluate, and improve security practices to
ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). What
would be the MOST appropriate measure to maintain and oversee its privacy and security
controls? - ✔️✔️A. Establishing an audit committee
A recent attack on an organizational desktop, involving an international threat actor, prompts
the security team to set up recurring penetration testing exercises. The HR and IT team are
asked to participate in the exercise as the team that operates on response and recovery
controls while the security team plays the role of the intruder. What team does the HR and IT
team represent in this scenario? - ✔️✔️C. White team (Incorrect)
What describes the impacts associated with contractual noncompliance? - ✔️✔️C. Breach or
termination of an agreement or indemnification
An organization has recently implemented new security standards as part of its strategy to
enhance its information systems security. The security team monitors the implementation of
these standards and revises them as necessary. Considering the given scenario, what is the
primary purpose of the security team monitoring and revising the security standards? - ✔️✔️D.
Ensuring the standards remain effective and relevant
, A cybersecurity team plans to launch awareness programs to educate employees about
potential security threats. They are in the process of defining objectives, selecting tools, and
outlining the scope of the programs. What phase of the process are they in currently? - ✔️✔️C.
Initial phase
At a technology company, the IT department is finalizing an agreement with a cloud service
provider to host its sensitive customer data. The IT team has actively ensured the inclusion of a
Service Level Agreement (SLA) in the contract. What is the primary purpose of actively including
an SLA in the contract with the cloud service provider? - ✔️✔️B. To define the level of service the
cloud service provider must deliver
A technology company implements a backup strategy to mitigate data loss in case of a system
crash. The strategy focuses on defining the maximum acceptable age of data that the
organization can tolerate losing if the system crashes. Which principle should the company
apply to meet their needs? - ✔️✔️C. RPO
After reading an article online, a concerned stakeholder wishes to discuss the risk associated
with denial of service (DoS) attacks. The stakeholder requests information about the
possibilities of an attacker learning about the countermeasures in place. Where would the
security analyst look to find this information? - ✔️✔️A. Risk Register
A global finance company seeks to demonstrate to its stakeholders the effectiveness and
compliance of its cybersecurity protocols and practices. The company is contemplating various
measures to ensure its security posture. What would be the MOST effective method to achieve
this? - ✔️✔️D. Engaging a third party for attestation
A technician prepares a presentation to the board of directors on the variances between
compliance reporting and monitoring after the board receives word that the company did
poorly on its last assessment. What are the tenets of compliance reporting? (Select the two
best options.) - ✔️✔️A. It aims to assess and disclose an organization's compliance status.
B. It promotes accountability, transparency, and effective compliance management.
5.0|QUESTION WITH CORRECT ANSWERS
A company identifies a potential security risk with the implementation of a new system. After
assessing the risk, the company decides to halt deployment and not to proceed with the
system's introduction to avoid the risks altogether. Which risk management strategy is the
company employing? - ✔️✔️D. Avoidance
A newly developed company wants to shock the industry by offering products that others deem
as having more risks than other products. In understanding risk appetite, which best describes
the level of appetite for the company launching new products, entering new markets, or
making major corporate acquisitions? - ✔️✔️A. Expansionary
A healthcare organization is developing its data privacy and security strategy. The leadership
team is exploring different methods to monitor, evaluate, and improve security practices to
ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). What
would be the MOST appropriate measure to maintain and oversee its privacy and security
controls? - ✔️✔️A. Establishing an audit committee
A recent attack on an organizational desktop, involving an international threat actor, prompts
the security team to set up recurring penetration testing exercises. The HR and IT team are
asked to participate in the exercise as the team that operates on response and recovery
controls while the security team plays the role of the intruder. What team does the HR and IT
team represent in this scenario? - ✔️✔️C. White team (Incorrect)
What describes the impacts associated with contractual noncompliance? - ✔️✔️C. Breach or
termination of an agreement or indemnification
An organization has recently implemented new security standards as part of its strategy to
enhance its information systems security. The security team monitors the implementation of
these standards and revises them as necessary. Considering the given scenario, what is the
primary purpose of the security team monitoring and revising the security standards? - ✔️✔️D.
Ensuring the standards remain effective and relevant
, A cybersecurity team plans to launch awareness programs to educate employees about
potential security threats. They are in the process of defining objectives, selecting tools, and
outlining the scope of the programs. What phase of the process are they in currently? - ✔️✔️C.
Initial phase
At a technology company, the IT department is finalizing an agreement with a cloud service
provider to host its sensitive customer data. The IT team has actively ensured the inclusion of a
Service Level Agreement (SLA) in the contract. What is the primary purpose of actively including
an SLA in the contract with the cloud service provider? - ✔️✔️B. To define the level of service the
cloud service provider must deliver
A technology company implements a backup strategy to mitigate data loss in case of a system
crash. The strategy focuses on defining the maximum acceptable age of data that the
organization can tolerate losing if the system crashes. Which principle should the company
apply to meet their needs? - ✔️✔️C. RPO
After reading an article online, a concerned stakeholder wishes to discuss the risk associated
with denial of service (DoS) attacks. The stakeholder requests information about the
possibilities of an attacker learning about the countermeasures in place. Where would the
security analyst look to find this information? - ✔️✔️A. Risk Register
A global finance company seeks to demonstrate to its stakeholders the effectiveness and
compliance of its cybersecurity protocols and practices. The company is contemplating various
measures to ensure its security posture. What would be the MOST effective method to achieve
this? - ✔️✔️D. Engaging a third party for attestation
A technician prepares a presentation to the board of directors on the variances between
compliance reporting and monitoring after the board receives word that the company did
poorly on its last assessment. What are the tenets of compliance reporting? (Select the two
best options.) - ✔️✔️A. It aims to assess and disclose an organization's compliance status.
B. It promotes accountability, transparency, and effective compliance management.
