Professional Documents
Culture Documents
CC1
CC1
Question 1: Incorrect
Who was responsible for enacting the General Data Protection Regulation
(GDPR)?
United Nations (UN)
World Health Organization (WHO)
European Union (EU)
(Correct)
North Atlantic Treaty Organization (NATO)
Question 2: Correct
What are two likely options for an organization's data center ownership?
Sole proprietorship and partnership
Government owned and privately leased
Community owned and shareholder-managed
Company owned and outsourced
(Correct)
Question 3: Correct
What characterizes an enrollment process in the context of cybersecurity?
Issuance of a badge containing the employee's identifiers
(Correct)
Regular security audits
Password policy updates
System patching
Question 4: Correct
What term describes a weakness in a computer system that can be exploited
by potential threats?
Security measure
Vulnerability (Correct)
Encryption method
Authentication process
窗体底端
窗体顶端
Question 5: Incorrect
Before the usage of data in the data handling lifecycle, what critical step
should take place?
Data storage (Correct)
Data analysis
Data transmission
Data encryption
窗体底端
窗体顶端
Question 6:
Skipped
What is the primary objective of access controls?
Enhance network performance
Facilitate communication between users
Restrict access to authorized individuals and prevent unauthorized access
(Correct)
Improve system aesthetics
窗体底端
窗体顶端
Question 7:
Skipped
What is a subject in access control?
A computer program responsible for managing access permissions
A security mechanism that monitors user activities
An entity that requests access to assets (Correct)
A network protocol used for secure data transmission
窗体底端
窗体顶端
Question 8:
Skipped
What is an object in access control?
Any entity that a subject attempts to access (Correct)
Authentication token
Firewall rule
Encryption key
窗体底端
窗体顶端
Question 9:
Skipped
When selecting an access control method, what is the primary consideration?
User convenience
Cost-effectiveness
Safety (Correct)
System performance
窗体底端
窗体顶端
Question 10:
Skipped
What term describes an instruction designed to authorize or deny a subject's
access to an object based on validation from an access control list?
Rule (Correct)
Token
Cipher
Firewall
窗体底端
窗体顶端
Question 11:
Skipped
How many classifications are considered to be a challenge to manage within
an organization?
Three
Four
More than four (Correct)
Two
窗体底端
窗体顶端
Question 12:
Skipped
What is the most accurate characterization of data with a "highly restricted"
classification?
It may be shared with external vendors under certain circumstances.
Unauthorized access may result in legal consequences.
It is subject to routine public disclosure.
Compromise may place the survival of the organization at risk. (Correct)
窗体底端
窗体顶端
Question 13:
Skipped
During the verification stage in a biometric authentication process, what
occurs?
The system generates a random passphrase for the user.
The user's presented biometric data is compared to the stored data.
(Correct)
The user provides a username and password for authentication.
The system sends a one-time passcode to the user's email.
Explanation
Correct Answer. The user's presented biometric data is compared to the
stored data. During the verification stage of biometric authentication, the
system compares the biometric data presented by the user (such as
fingerprints, facial features, or voice patterns) with the stored biometric data
associated with the user's identity. This comparison is essential to validate the
user's identity and grant access.
Incorrect Answer. The system generates a random passphrase for the
user. This option does not accurately describe the verification stage in
biometric authentication. Passphrases are typically associated with
knowledge-based authentication methods, not biometric verification.
Incorrect Answer. The user provides a username and password for
authentication. While username and password authentication is a common
method, it does not align with the verification stage in biometric
authentication, which relies on unique physiological or behavioral
characteristics.
Incorrect Answer. The system sends a one-time passcode to the user's
email. This option describes a method commonly used in two-factor
authentication but is not representative of the verification stage in biometric
authentication, where the focus is on comparing biometric data.
窗体底端
窗体顶端
Question 14:
Skipped
What is a critical factor to consider when designing cybersecurity controls?
The latest technological trends
The number of controls implemented
The cost of implementing the control relative to the value it protects
(Correct)
The level of complexity in control deployment
Explanation
Correct Answer. The cost of implementing the control relative to the value it
protects. When designing cybersecurity controls, it is essential to consider the
cost-effectiveness of implementation in relation to the value it safeguards.
This ensures that resources are allocated efficiently, and the security measures
align with the organization's risk appetite. By evaluating the cost relative to
the protected assets, organizations can strike a balance between security and
operational efficiency.
Incorrect Answer. The latest technological trends. While staying informed
about the latest technological trends is important in cybersecurity, it is not the
critical factor when designing controls. The focus should be on addressing
specific risks and protecting valuable assets rather than blindly adopting the
latest technologies.
Incorrect Answer. The number of controls implemented. The sheer quantity of
controls is not the primary consideration in designing effective cybersecurity
measures. Quality and relevance of controls play a more significant role in
providing robust security against potential threats.
Incorrect Answer. The level of complexity in control deployment. Although
control deployment complexity is a consideration, it is not the critical factor.
The primary concern should be the effectiveness of the control in mitigating
risks and protecting valuable assets, rather than solely focusing on
deployment intricacies.
窗体底端
窗体顶端
Question 15:
Skipped
What is a practical example of implementing defense in depth?
Intrusion Detection System
Firewall
Antivirus Software
Multifactor authentication
(Correct)
窗体底端
窗体顶端
Question 16:
Skipped
What encryption method involves replacing every plaintext letter in the
message with another letter that is positioned further along the alphabet?
Substitution cipher
(Correct)
RSA encryption
Diffie-Hellman key exchange
Elliptic curve cryptography
Question 17:
Skipped
What is the most effective method to address data remanence on an unused
disk?
Overwriting the data multiple times
Encrypting the disk
Formatting the disk
Physically destroying the disk (Correct)
窗体底端
窗体顶端
Question 18:
Skipped
What primary service is delivered through Software as a Service (SaaS)?
Cloud storage
Software application access (Correct)
Network infrastructure
Hardware maintenance
Question 19:
Skipped
Which of the following represents the primary concept underlying cloud
computing?
Accessing highly available and scalable computing resources on-demand from
anywhere. (Correct)
Centralized data storage
Virtual reality integration
Peer-to-peer networking
Question 20:
Skipped
Which of the following represents a cyberattack?
Installing a new antivirus software on a computer
Unauthorized access to a web application via stolen passwords (Correct)
Regularly updating firewall rules
Conducting a routine vulnerability scan
Question 21:
Skipped
Which malicious attack involves encrypting files on a computer and
demanding a payment for the decryption key?
Phishing
Ransomware (Correct)
DDoS attack
SQL injection
窗体底端
窗体顶端
Question 22:
Skipped
What is the definition of an endpoint in the context of cybersecurity?
The ends of a communication link in a network. (Correct)
The central server in a network
A software application used for secure communication
The process of encrypting data during transmission
窗体底端
窗体顶端
Question 23:
Skipped
Which role is expected to have a privileged user account?
Help Desk (Correct)
End User
Marketing Specialist
Board Member
Question 24:
Skipped
What is a drawback of asymmetric cryptography?
High key management complexity
Limited key length
Fast processing speed
Slow speed and computationally heavy (Correct)
Question 25:
Skipped
What aspect is typically included in a privacy policy to ensure the protection of
sensitive information?
Company history and background
Appropriate procedures used to handle PII and ePHI (Correct)
Marketing strategies and promotions
Employee training programs
Question 26:
Skipped
Which of the following represents the initial step in the change management
process in cybersecurity?
Request for Change (RFC) (Correct)
Risk assessment
Incident response
Configuration management
Question 27:
Skipped
What does the delay rate refer to in a keystroke dynamics system?
The force applied while pressing a key.
The time taken between pressing and releasing a key.
The speed of typing.
The length of time an individual presses down a key. (Correct)
Question 28:
Skipped
During which stage of the cybersecurity incident response process is the
identification of critical data, systems, and single points of failure most crucial?
Preparation (Correct)
Detection
Analysis
Eradication
窗体底端
窗体顶端
Question 29:
Skipped
Which type of malware deceives users by posing as a benign or legitimate
application but harbors a malicious payload in the background?
Ransomware
Trojan (Correct)
Spyware
Worm
Question 30:
Skipped
Which of the following depicts the most effective multi-layered control
scenario for defense in depth?
IDS → IPS → Firewall
Bollard → Biometric Access Door → Camera
AUP Policy → Security Policy → Security Training
Door Lock → Network Access Rule → Data Access Policy (Correct)
Question 31:
Skipped
What is the most accurate characterization of data classified as "moderately
restricted"?
Exposure may result in minor inconveniences for individuals involved.
Compromise may lead to a temporary loss of income, market advantage, or
interruption of investment plans. (Correct)
Unauthorized access could lead to legal consequences and fines.
Breach may result in severe financial penalties and long-term damage to the
organization's reputation.
Question 32:
Skipped
How should policies be established within an organization's cybersecurity
framework?
By considering the organization's vision, mission, and needs. (Correct)
By copying industry best practices
Based on the latest cybersecurity trends
Through strict compliance with regulatory standards
Question 33:
Skipped
In a comprehensive cybersecurity strategy, what should the monitoring for
leakage of water or gas, sewer overflow, or failure of HVAC be integrated
with?
Network Security Controls
Physical Security Controls
Application Security Controls
Building Control Environment (Correct)
Question 34:
Skipped
Which of the following processes strongly limits the possibility of recovering
the original data on the drive from residual physical effects still being present
after clearing?
Encryption
Deletion
Purgin (Correct)
Overwriting
窗体底端
窗体顶端
Question 35:
Skipped
Which scenario best represents high availability and full redundancy in a
cybersecurity context?
Devices connected to a single power supply with a backup battery.
Devices connected to multiple power supplies that have diverse power sources,
backed up by redundant batteries and generators, consuming different fuel
types.
(Correct)
Devices connected to a single power supply with an uninterruptible power supply
(UPS).
Devices connected to multiple power supplies with the same power source.
Question 36:
Skipped
Which practice is not advised for Role-Based Access Control (RBAC)?
Assigning permissions based on job responsibilities
Implementing the principle of least privilege
Regularly reviewing and updating user permissions
Copying user profiles to create new user accounts with similar access rights
(Correct)
窗体底端
窗体顶端
Question 37:
Skipped
What critical element is considered a cornerstone in the development of a
robust business continuity plan?
Risk assessment
Communication (Correct)
Incident response
Policy development
Question 38:
Skipped
What is the primary objective for the development of the OSI model?
To standardize hardware components
To establish a universal programming language
To create a global network infrastructure
To provide a common description of the communication structure of
interconnected computer systems. (Correct)
窗体底端
窗体顶端
Question 39:
Skipped
Which protocol is commonly employed to assess the status and health of a
particular link or network?
TCP/IP
SNMP
HTTPS
ICMP (Correct)
Question 40:
Skipped
Which of the following is a private IP address range?
192.168.0.0 to 192.168.255.254 (Correct)
192.0.3.0 - 192.88.98.255
192.88.100.0 - 192.167.255.255
192.169.0.0 - 198.17.255.255
Question 41:
Skipped
What is a key advantage of symmetric encryption?
Secure key distribution
Bulk data encryption (Correct)
Public key authentication
Dynamic key generation
Question 42:
Skipped
What range of IPv6 addresses is reserved for documentation purposes?
2001:db8:: to 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
(Correct)
192.168.0.0 to 192.168.255.255
172.16.0.0 to 172.31.255.255
10.0.0.0 to 10.255.255.255
Question 43:
Skipped
Which of the following measures is a requirement for compliance with the
Payment Card Industry Data Security Standard (PCI DSS)?
Antivirus software (Correct)
Large buildings
Tiled flooring
Facial recognition
Question 44:
Skipped
In a scenario where a door is secured by two locks, with one person knowing
the code for one lock and another person knowing the code for the second
lock, but neither person knows both codes, which principle is being applied?
Single Authentication
Dual Control (Correct)
Shared Authorization
Mutual Authentication
Question 45:
Skipped
What is considered the best practice regarding data retention in
cybersecurity?
Keep all data indefinitely
Delete data immediately after use
Keep data only for as long as it is useful, no more or less. (Correct)
Retain data for a fixed time period, regardless of its usefulness
Question 46:
Skipped
What tool is commonly utilized to perform a network scan for open ports and
services?
Netstat
Wireshark
Maltego
Zenmap (Correct)
Question 47:
Skipped
What is a key advantage of utilizing cloud computing in the context of
cybersecurity?
Enhanced physical security measures
Increased latency in data transmission
Improved control over hardware infrastructure
Reduced cost of ownership (Correct)
Question 48:
Skipped
What is the primary process for capturing signals generated by events in a
cybersecurity context?
Threat detection
Logging (Correct)
Encryption
Patch management
Question 49:
Skipped
In a Keystroke Dynamics system, what does the term "transfer rate" refer to?
The number of key presses per minute
The time it takes for a key press to register
The speed at which an individual moves between the keys (Correct)
The interval between consecutive key presses
Question 50:
Skipped
Which disaster recovery site option is specifically designed to ensure high
availability with minimal to no downtime in the event of a disaster?
Cold site
Warm site
Hot site (Correct)
Mobile site
0Question 51:
Skipped
Which of the following characterizes data with a "low sensitivity"
classification?
Compromise may cause minimal disruption, impacts, or delays. (Correct)
Compromise may cause significant disruption, impacts, or delays.
Compromise may lead to moderate disruption, impacts, or delays.
Compromise has no potential for disruption, impacts, or delays.
Question 52:
Skipped
What presents a challenge for symmetric encryption?
Key distribution (Correct)
Algorithm strength
Data confidentiality
Encryption speed
Question 53:
Skipped
What is the port number commonly associated with LDAPS?
3389
389
636 (Correct)
8080
Question 54:
Skipped
Which type of access controls are employed to regulate, guide, or hinder the
movement of individuals and equipment within a designated physical space?
Logical
Administrative
Physical (Correct)
Technical
Question 55:
Skipped
Which of the following measures is most effective in reducing the risk of
cybersecurity threats?
Holding regular team-building workshops
Changing the office layout for improved collaboration
Conducting daily physical security patrols
Keeping applications and systems updated (Correct)
Question 56:
Skipped
What is the primary purpose of the loopback address?
Network communication
Self-diagnosis and troubleshooting at the device level (Correct)
Remote access
Load balancing
Question 57:
Skipped
How does a risk matrix aid in determining the prioritization of a risk event?
By conducting a vulnerability assessment
By identifying the intersection of the impact and likelihood of the risk event
taking place. (Correct)
By implementing access controls
By performing penetration testing
Question 58:
Skipped
Which of the following tools is considered a comprehensive Security
Information and Event Management (SIEM) solution?
Nessus
Snort
Wireshark
AlienVault (Correct)
Question 59:
Skipped
What is a common item that should be assessed for security risk?
Employee breakroom coffee maker
Office potted plants
Desktop computer backgrounds
Building catching fire (Correct)
Question 60:
Skipped
Why is it essential for organizations to conduct regular reviews of the records
they have retained?
To increase storage costs
To minimize the volume of data stored and ensure the preservation of only the
needed data.
To showcase their data management capabilities
To impress stakeholders with the quantity of data collected
To minimize the volume of data stored and ensure the preservation of only the
needed data.
(Correct)
.
窗体底端
窗体顶端
Question 61:
Skipped
Which role is expected to have a privileged user account?
Marketing Coordinator
Executive Assistant
IT Support
Cloud Vendor
IT Support (Correct)
Question 62:
Skipped
What aspect of network activity involves the continuous monitoring of real-
time events and recorded data to identify and capture irregular activities?
Firewall configuration
User authentication
Network segmentation
Intrusion Detection (Correct)
窗体底端
窗体顶端
Question 63:
Skipped
Which protocol plays a crucial role in enabling the exchange of directory
information between servers and clients?
LDAP
(Correct)
FTP
SNMP
DNS
Question 64:
Skipped
In a cybersecurity context, when might an enterprise's leadership team make
the decision to avoid a risk event?
When the risk event has no potential impact on the organization
When the likelihood of the risk event is extremely low
When the risk event is easily manageable with existing controls
When the impact or likelihood of the risk event is very high.
(Correct)
Question 65:
Skipped
In which of the following scenarios would an organization's management
likely consider accepting the risk event?
The risk event poses a minimal threat to the organization's assets.
The organization has not conducted a thorough risk assessment.
The organization lacks the resources to address the risk.
The benefit gained is great enough to offset the perceived risk.
(Correct)
Question 66:
Skipped
Which of the following best describes the practice involved in transitioning
from a current state to a future state in cybersecurity?
Risk assessment
Change Management (Correct)
Incident response
Configuration management
窗体底端
窗体顶端
Question 67:
Skipped
What is an example of a privacy invasion drawback in biometric systems?
Potential disclosure of sensitive medical information from retina scans (Correct)
Unauthorized access to fingerprint data
Facial recognition accuracy issues
Voice recognition software vulnerabilities
Question 68:
Skipped
What represents a significant weakness of FTP?
Limited file size support
Lack of encryptionv(Correct)
Incompatibility with modern firewalls
Slow data transfer speeds
窗体底端
窗体顶端
Question 69:
Skipped
Which of the following represents the three major activities of change
management in cybersecurity?
Proposing changes, implementing changes, and monitoring changes.
Identifying changes, approving changes, and documenting changes.
Reviewing changes, testing changes, and communicating changes.
Deciding to change, making the change, and confirming the change is successful.
(Correct)
窗体底端
窗体顶端
Question 70:
Skipped
What is an example of the principle of least privilege?
An individual who works at a health facility may access data of some patients
but not their own medical information (Correct)
An employee in a software development company has unrestricted access to all
client databases.
A system administrator can access and modify any file on the network without
restrictions.
A financial analyst is granted access to confidential HR documents.
窗体底端
窗体顶端
Question 71:
Skipped
What term is used to describe accounts with permissions exceeding those of
normal users?
Standard accounts
Advanced accounts
Privileged accounts (Correct)
Specialized accounts
窗体底端
窗体顶端
Question 72:
Skipped
What does RFC stand for in the context of change management?
Request for Comment
Request for Change (Correct)
Risk Factor Calculation
Revision Feedback Control
窗体底端
窗体顶端
Question 73:
Skipped
What is the long form for the Canadian privacy law "PIPEDA"?
Personal Information Protection and Electronic Documents Act (Correct)
Personal Information Privacy and Electronic Documentation Act
Privacy and Information Protection Electronic Documents Act
Privacy and Information Documentation Electronic Act
窗体底端
窗体顶端
Question 74:
Skipped
What does the abbreviation "GLBA" stand for?
General Licensing and Bonding Agreement
Global Leadership in Business Analytics
Gramm–Leach–Bliley Act (Correct)
Great Lakes Bioinformatics Association
窗体底端
窗体顶端
Question 75:
Skipped
What best describes data with an "unrestricted public data" classification?
Highly sensitive information
No sensitivity, and its compromise shall result in no damage as it is already
published. (Correct)
Moderate sensitivity information
Confidential information
窗体底端
窗体顶端
Question 76:
Skipped
What is the overall goal of education in an organization?
Increasing employee productivity
Enhancing organizational culture
Improving employee morale
Equipping learners to gain understanding of ideas and how to relate to them for
the application of learning. (Correct)
Question 77:
Skipped
Which protocol is associated with port 587?
SMTP with TLS (Correct)
HTTPS
SNMP
FTP
窗体底端
窗体顶端
Question 78:
Skipped
Which of the following is a recognized cybersecurity standard?
NIST SP 800-53 (Correct)
CVE
Microsoft Defender
AUP
窗体底端
窗体顶端
Question 79:
Skipped
What is an effective strategy for mitigating the risk of data loss during a
security incident?
Regular security awareness training
Encryption of all data at rest
Continuous monitoring of network traffic
Data backups tested for restoration (Correct)
窗体底端
窗体顶端
Question 80:
Skipped
What is the primary goal of an IDS?
Preventing cyber attacks
Detecting and alerting on unauthorized activities(Correct)
Encrypting network traffic
Enhancing system performance
Question 81:
Skipped
How many symmetric encryption keys would an organization with 1000
employees need to manage for secure communication with one another using
symmetric encryption?
1000
499,500 (Correct)
250,000
1,000,000
窗体底端
窗体顶端
Question 82:
Skipped
Which of the following options is an example of single-factor authentication?
Username, password, and PIN code (Correct)
Smart card and passphrase
Password and fingerprint
PIN code and security token
Question 83:
Skipped
Which of the following represents the primary cloud computing service
models?
SaaS, XaaS, FaaS
IaaS, MaaS, BaaS
DaaS, TaaS, CaaS
SaaS, PaaS, IaaS (Correct)
.
窗体底端
窗体顶端
Question 84:
Skipped
Which of the following represents the primary cloud deployment models?
Open, closed, mixed, and collaborative
External, internal, combined, and collaborative
Shared, isolated, interconnected, and joint
Public, private, hybrid, and community (Correct)
窗体底端
窗体顶端
Question 85:
Skipped
In a security setup, which type of alarm system is designed to alert security
personnel or law enforcement when activated?
Panic Button (Correct)
Motion sensor
Fire alarm
Intrusion detection system
窗体底端
窗体顶端
Question 86:
Skipped
What term is used to describe an organization that oversees and manages
information technology assets on behalf of another organization?
ISP (Internet Service Provider)
MSP (Managed Service Provider) (Correct)
MSSP (Managed Security Service Provider)
CSP (Cloud Service Provider)
窗体底端
窗体顶端
Question 87:
Skipped
In which scenario might an organization's management choose to accept a
cybersecurity risk?
When there are unlimited resources available
When the likelihood of the risk event occurring or its impact is minimal.
(Correct)
When the organization has never experienced a cybersecurity incident
When the regulatory environment requires complete risk avoidance
窗体底端
窗体顶端
Question 88:
Skipped
What advantage does asymmetric encryption offer over symmetric
encryption?
Speed
Simplicity
Scalability (Correct)
Efficiency
窗体底端
窗体顶端
Question 89:
Skipped
What is the primary objective of training within an organization?
Boosting employee morale
Meeting regulatory requirements
Enhancing skill proficiency, perception, and judgments for decision making
(Correct)
Reducing operational costs
窗体底端
窗体顶端
Question 90:
Skipped
What does a Managed Detection and Response (MDR) service entail?
A software application that automatically detects and responds to cyber threats.
A service provider that monitors security tools for an organization and provides
triage expertise. (Correct)
A framework for managing digital risk through continuous monitoring and
analysis.
An open-source tool for penetration testing and vulnerability assessment.
窗体底端
窗体顶端
Question 91:
Skipped
Which protocol is associated with port 853?
HTTPS
SNMP
DNS over TLS (DoT) (Correct)
SSH
窗体底端
窗体顶端
Question 92:
Skipped
Where are data classifications derived from?
International standards
Best practices
Industry recommendations
Regulations, laws, organizational expectations, contract-specified standards
(Correct)
窗体底端
窗体顶端
Question 93:
Skipped
Which of the following represents the main types of Intrusion Detection
System (IDS) classes?
Endpoint-based and Cloud-based
Signature-based and Anomaly-based
Firewall-based and Antivirus-based
Host-based and Network-based (Correct)
窗体底端
窗体顶端
Question 94:
Skipped
Which of the following depicts the order of intelligence starting from the least
smart to the most smart network device?
Router → Hub → Switch
Hub → Switch → Router (Correct)
Switch → Hub → Router
Router → Switch → Hub
窗体底端
窗体顶端
Question 95:
Skipped
Which of the following represents the primary function of the network layer in
the TCP/IP model?
Ensuring data confidentiality
Managing physical connections
Defining how data shall traverse the network (Correct)
Authenticating users
窗体底端
窗体顶端
Question 96:
Skipped
What is the primary objective of all encryption systems?
Compression of data for efficient storage
Transformation of data into an unintelligible encrypted form (Correct)
Authentication of data sources
Acceleration of data transfer speeds
窗体底端
窗体顶端
Question 97:
Skipped
What is a critical success factor for an organization to effectively destroy data
that has reached the end of its retention period?
Accurate inventory with the location of the asset, requirements for the retention
period, and destruction (Correct)
Regular system updates
Data encryption
Employee awareness training
Question 98:
Skipped
What is the primary purpose of incorporating a checklist in a Business
Continuity Plan (BCP)?
Enhancing documentation
Streamlining communication
To ensure that vital elements are not missed during the implementation of the
plan. (Correct)
Facilitating legal compliance
窗体底端
窗体顶端
Question 99:
Skipped
What is a property of hashing?
Produces different outputs for the same input
Returns a variable-length output from an input set of data
Returns a fixed-length output from an input set of data (Correct)
Requires a secret key for computation
Question 100:
Skipped
What is the primary goal of awareness initiatives within an organization?
Generate revenue for the organization
Increase employee productivity
Enhance physical security measures
Attract and engage learners with aspects of issues, concerns, problems, or needs
(Correct)