C727 – Study Guide Q”s and A”s for a
pass
Which security principle uses countermeasures such as encryption and data
classification?
-Confidentiality
-Integrity
-Availablity
-Accountability - ANSWERSConfidentiality
A company is concerned about unauthorized alteration of data in a customer database.
Which security principle is implicated?
-Confidentiality
-Integrity
-Availablity
-Accountability - ANSWERS-Integrity
Which integrity measure should be applied to enforce nonrepudiation of emails sent
from internal users?
-Use digital signatures on emails
-Ensure emails contain accurate data
-Hold users accountable for emails
-Scan attachments for viruses - ANSWERSUse digital signatures on emails
A company is headquartered in a region that has frequent internet connectivity issues
due to inclement weather. The company's primary reporting servers are located in this
office and are critical to the sales team in the field for accurate product pricing.
Employees require 24/7 access to the most up-to-date information, as the data
frequently changes.
Which solution will ensure a higher availability of these servers outside this company?
-Develop a mechanism to publish the necessary pricing information to a cloud location
for sales teams to access anytime
-Open a direct virtual private network (VPN) access connection between the servers
and the sales team's computers
-Implement a secondary internet connectivity solution at headquarters, which fails over
when the primary connection is unavailable
-Create a cloud-based web service that queries a cloud database and replicates the
product pricing data periodically - ANSWERSImplement a secondary internet
connectivity solution at headquarters, which fails over when the primary connection is
unavailable
, Research department members encrypt their Office 365 files by using keys residing in
an on-premises key store. Due to a failure of on-premises network connectivity, the files
cannot be decrypted.
What should be done to maintain the availability of these files without compromising
their confidentiality and integrity?
-Set up redundant internet connectivity
-Copy files to an on-premises file server
-Maintain files in an unencrypted format
-Maintain keys with Office 365 files - ANSWERS-Set up redundant internet connectivity
The management team of an organization creates a document stating employees who
access the company's enterprise resource planning (ERP) system must use a certain
browser and are required to have antivirus installed on their machines.
Which type of document is this?
-Standards
-Policy
-Proicedure
-Guidance - ANSWERSStandards
Which type of security documentation offers recommendations and suggestions on
creating a strong password?+
-Standards
-Policy
-Proicedure
-Guidance - ANSWERSGuidance
On an employee's first day of work, she notices a large number of file shares available,
most of which do not pertain to her position. The employee went to her manager about
the level of access. The employee's manager said she has the same level of access as
her predecessor.
Which principle does this level of access violate?
-Role-based access
-Job rotation
-Rule-based access
-Least Privilege - ANSWERS-Least Privilege
A company wants to enforce strict penalties on a former employee who uploaded
sensitive company technical schematics onto a personal website.
, Which type of document will this company use to enforce penalties?
-Nondisclosure Agreement.
-Employment agreement
-Noncompete agreement
-Personnel security agreement - ANSWERSNondiscrosure Ag
Which security concept includes the process of reviewing the activities of an identity?
-Accountability
-Authentication
-Authoriztion
-Identification - ANSWERSAccountability
Which security concept includes comparing a user's fingerprint against authorized
fingerprints stored in a database?
-Accountability
-Authentication
-Authoriztion
-Identification - ANSWERSAuthentication
An information security manager has been asked to develop security policies and to
deploy security solutions for an organization.
Which security principles must be considered in addition to CIA triad principles?
-Encryption
-AAA
-Abstraction
-Layering - ANSWERSAAA
How would you minimalize data loss due to ransomware?
-IPS
-Firewall
-Data Backups
-Anti Virus - ANSWERSData Backups
In addition to AAA in CIA triad, what are the 2 additional parts
-Confidentiality
-Auditing
-Accountability
-Integrity
-Identification - ANSWERS-Auditing
-Identity
You may have heard of the concept of AAA services. The three A's in this abbreviation
refer to authentication, authorization, and accounting (or sometimes auditing). However,
what is not as clear is that although there are three letters in the acronym, it actually
pass
Which security principle uses countermeasures such as encryption and data
classification?
-Confidentiality
-Integrity
-Availablity
-Accountability - ANSWERSConfidentiality
A company is concerned about unauthorized alteration of data in a customer database.
Which security principle is implicated?
-Confidentiality
-Integrity
-Availablity
-Accountability - ANSWERS-Integrity
Which integrity measure should be applied to enforce nonrepudiation of emails sent
from internal users?
-Use digital signatures on emails
-Ensure emails contain accurate data
-Hold users accountable for emails
-Scan attachments for viruses - ANSWERSUse digital signatures on emails
A company is headquartered in a region that has frequent internet connectivity issues
due to inclement weather. The company's primary reporting servers are located in this
office and are critical to the sales team in the field for accurate product pricing.
Employees require 24/7 access to the most up-to-date information, as the data
frequently changes.
Which solution will ensure a higher availability of these servers outside this company?
-Develop a mechanism to publish the necessary pricing information to a cloud location
for sales teams to access anytime
-Open a direct virtual private network (VPN) access connection between the servers
and the sales team's computers
-Implement a secondary internet connectivity solution at headquarters, which fails over
when the primary connection is unavailable
-Create a cloud-based web service that queries a cloud database and replicates the
product pricing data periodically - ANSWERSImplement a secondary internet
connectivity solution at headquarters, which fails over when the primary connection is
unavailable
, Research department members encrypt their Office 365 files by using keys residing in
an on-premises key store. Due to a failure of on-premises network connectivity, the files
cannot be decrypted.
What should be done to maintain the availability of these files without compromising
their confidentiality and integrity?
-Set up redundant internet connectivity
-Copy files to an on-premises file server
-Maintain files in an unencrypted format
-Maintain keys with Office 365 files - ANSWERS-Set up redundant internet connectivity
The management team of an organization creates a document stating employees who
access the company's enterprise resource planning (ERP) system must use a certain
browser and are required to have antivirus installed on their machines.
Which type of document is this?
-Standards
-Policy
-Proicedure
-Guidance - ANSWERSStandards
Which type of security documentation offers recommendations and suggestions on
creating a strong password?+
-Standards
-Policy
-Proicedure
-Guidance - ANSWERSGuidance
On an employee's first day of work, she notices a large number of file shares available,
most of which do not pertain to her position. The employee went to her manager about
the level of access. The employee's manager said she has the same level of access as
her predecessor.
Which principle does this level of access violate?
-Role-based access
-Job rotation
-Rule-based access
-Least Privilege - ANSWERS-Least Privilege
A company wants to enforce strict penalties on a former employee who uploaded
sensitive company technical schematics onto a personal website.
, Which type of document will this company use to enforce penalties?
-Nondisclosure Agreement.
-Employment agreement
-Noncompete agreement
-Personnel security agreement - ANSWERSNondiscrosure Ag
Which security concept includes the process of reviewing the activities of an identity?
-Accountability
-Authentication
-Authoriztion
-Identification - ANSWERSAccountability
Which security concept includes comparing a user's fingerprint against authorized
fingerprints stored in a database?
-Accountability
-Authentication
-Authoriztion
-Identification - ANSWERSAuthentication
An information security manager has been asked to develop security policies and to
deploy security solutions for an organization.
Which security principles must be considered in addition to CIA triad principles?
-Encryption
-AAA
-Abstraction
-Layering - ANSWERSAAA
How would you minimalize data loss due to ransomware?
-IPS
-Firewall
-Data Backups
-Anti Virus - ANSWERSData Backups
In addition to AAA in CIA triad, what are the 2 additional parts
-Confidentiality
-Auditing
-Accountability
-Integrity
-Identification - ANSWERS-Auditing
-Identity
You may have heard of the concept of AAA services. The three A's in this abbreviation
refer to authentication, authorization, and accounting (or sometimes auditing). However,
what is not as clear is that although there are three letters in the acronym, it actually
