窗体顶端

Question 1: Incorrect
Who was responsible for enacting the General Data Protection Regulation
(GDPR)?

United Nations (UN)


World Health Organization (WHO)


European Union (EU)

(Correct)


North Atlantic Treaty Organization (NATO)


Question 2: Correct
What are two likely options for an organization's data center ownership?

Sole proprietorship and partnership


Government owned and privately leased


Community owned and shareholder-managed


Company owned and outsourced

(Correct)


Question 3: Correct
What characterizes an enrollment process in the context of cybersecurity?

Issuance of a badge containing the employee's identifiers

(Correct)


Regular security audits


Password policy updates


System patching


Question 4: Correct
What term describes a weakness in a computer system that can be exploited
by potential threats?

Security measure


Vulnerability (Correct)


Encryption method


Authentication process

窗体底端
窗体顶端
Question 5: Incorrect
Before the usage of data in the data handling lifecycle, what critical step
should take place?

Data storage (Correct)


Data analysis


Data transmission


Data encryption
 窗体底端
窗体顶端
Question 6:
Skipped
What is the primary objective of access controls?

Enhance network performance


Facilitate communication between users


Restrict access to authorized individuals and prevent unauthorized access
(Correct)


Improve system aesthetics

窗体底端
窗体顶端
Question 7:
Skipped
What is a subject in access control?

A computer program responsible for managing access permissions


A security mechanism that monitors user activities


An entity that requests access to assets (Correct)


A network protocol used for secure data transmission

窗体底端
窗体顶端
 Question 8:
Skipped
What is an object in access control?

Any entity that a subject attempts to access (Correct)


Authentication token


Firewall rule


Encryption key

窗体底端
窗体顶端
Question 9:
Skipped
When selecting an access control method, what is the primary consideration?

User convenience


Cost-effectiveness


Safety (Correct)


System performance

窗体底端
窗体顶端
Question 10:
 Skipped
What term describes an instruction designed to authorize or deny a subject's
access to an object based on validation from an access control list?

Rule (Correct)


Token


Cipher


Firewall

窗体底端
窗体顶端
Question 11:
Skipped
How many classifications are considered to be a challenge to manage within
an organization?

Three


Four


More than four (Correct)


Two

窗体底端
窗体顶端
Question 12:
Skipped
What is the most accurate characterization of data with a "highly restricted"
classification?

It may be shared with external vendors under certain circumstances.


Unauthorized access may result in legal consequences.


It is subject to routine public disclosure.


Compromise may place the survival of the organization at risk. (Correct)

窗体底端
窗体顶端
Question 13:
Skipped
During the verification stage in a biometric authentication process, what
occurs?

The system generates a random passphrase for the user.


The user's presented biometric data is compared to the stored data.

(Correct)


The user provides a username and password for authentication.


The system sends a one-time passcode to the user's email.

Explanation
Correct Answer. The user's presented biometric data is compared to the
stored data. During the verification stage of biometric authentication, the
system compares the biometric data presented by the user (such as
fingerprints, facial features, or voice patterns) with the stored biometric data
associated with the user's identity. This comparison is essential to validate the
user's identity and grant access.
Incorrect Answer. The system generates a random passphrase for the
user. This option does not accurately describe the verification stage in
biometric authentication. Passphrases are typically associated with
knowledge-based authentication methods, not biometric verification.
Incorrect Answer. The user provides a username and password for
authentication. While username and password authentication is a common
method, it does not align with the verification stage in biometric
authentication, which relies on unique physiological or behavioral
characteristics.
 Incorrect Answer. The system sends a one-time passcode to the user's
email. This option describes a method commonly used in two-factor
authentication but is not representative of the verification stage in biometric
authentication, where the focus is on comparing biometric data.
窗体底端
窗体顶端
Question 14:
Skipped
What is a critical factor to consider when designing cybersecurity controls?

The latest technological trends


The number of controls implemented


The cost of implementing the control relative to the value it protects

(Correct)


The level of complexity in control deployment

Explanation
Correct Answer. The cost of implementing the control relative to the value it
protects. When designing cybersecurity controls, it is essential to consider the
cost-effectiveness of implementation in relation to the value it safeguards.
This ensures that resources are allocated efficiently, and the security measures
align with the organization's risk appetite. By evaluating the cost relative to
the protected assets, organizations can strike a balance between security and
operational efficiency.
Incorrect Answer. The latest technological trends. While staying informed
about the latest technological trends is important in cybersecurity, it is not the
critical factor when designing controls. The focus should be on addressing
specific risks and protecting valuable assets rather than blindly adopting the
latest technologies.
Incorrect Answer. The number of controls implemented. The sheer quantity of
controls is not the primary consideration in designing effective cybersecurity
measures. Quality and relevance of controls play a more significant role in
providing robust security against potential threats.
Incorrect Answer. The level of complexity in control deployment. Although
control deployment complexity is a consideration, it is not the critical factor.
The primary concern should be the effectiveness of the control in mitigating
risks and protecting valuable assets, rather than solely focusing on
deployment intricacies.
窗体底端
窗体顶端
 Question 15:
Skipped
What is a practical example of implementing defense in depth?

Intrusion Detection System


Firewall


Antivirus Software


Multifactor authentication

(Correct)

窗体底端
窗体顶端
Question 16:
Skipped
What encryption method involves replacing every plaintext letter in the
message with another letter that is positioned further along the alphabet?

Substitution cipher

(Correct)


RSA encryption


Diffie-Hellman key exchange


Elliptic curve cryptography


Question 17:
Skipped
What is the most effective method to address data remanence on an unused
disk?

Overwriting the data multiple times


Encrypting the disk


Formatting the disk


Physically destroying the disk (Correct)


窗体底端
窗体顶端
Question 18:
Skipped
What primary service is delivered through Software as a Service (SaaS)?

Cloud storage


Software application access (Correct)


Network infrastructure


Hardware maintenance


Question 19:
Skipped
Which of the following represents the primary concept underlying cloud
computing?

Accessing highly available and scalable computing resources on-demand from
anywhere. (Correct)


Centralized data storage


Virtual reality integration


Peer-to-peer networking


Question 20:
 Skipped
Which of the following represents a cyberattack?

Installing a new antivirus software on a computer


Unauthorized access to a web application via stolen passwords (Correct)


Regularly updating firewall rules


Conducting a routine vulnerability scan


Question 21:
Skipped
Which malicious attack involves encrypting files on a computer and
demanding a payment for the decryption key?

Phishing


Ransomware (Correct)


DDoS attack


SQL injection


窗体底端
窗体顶端
Question 22:
Skipped
What is the definition of an endpoint in the context of cybersecurity?

The ends of a communication link in a network. (Correct)


The central server in a network


A software application used for secure communication


The process of encrypting data during transmission
 窗体底端
窗体顶端
Question 23:
Skipped
Which role is expected to have a privileged user account?

Help Desk (Correct)


End User


Marketing Specialist


Board Member


Question 24:
Skipped
What is a drawback of asymmetric cryptography?

High key management complexity


Limited key length


Fast processing speed


Slow speed and computationally heavy (Correct)


Question 25:
Skipped
What aspect is typically included in a privacy policy to ensure the protection of
sensitive information?

Company history and background


Appropriate procedures used to handle PII and ePHI (Correct)


 Marketing strategies and promotions


Employee training programs


Question 26:
Skipped
Which of the following represents the initial step in the change management
process in cybersecurity?

Request for Change (RFC) (Correct)


Risk assessment


Incident response


Configuration management


Question 27:
Skipped
What does the delay rate refer to in a keystroke dynamics system?

The force applied while pressing a key.


The time taken between pressing and releasing a key.


The speed of typing.


The length of time an individual presses down a key. (Correct)


Question 28:
Skipped
During which stage of the cybersecurity incident response process is the
identification of critical data, systems, and single points of failure most crucial?

Preparation (Correct)


 Detection


Analysis


Eradication


窗体底端
窗体顶端
Question 29:
Skipped
Which type of malware deceives users by posing as a benign or legitimate
application but harbors a malicious payload in the background?

Ransomware


Trojan (Correct)


Spyware


Worm


Question 30:
Skipped
Which of the following depicts the most effective multi-layered control
scenario for defense in depth?

IDS → IPS → Firewall


Bollard → Biometric Access Door → Camera


AUP Policy → Security Policy → Security Training


Door Lock → Network Access Rule → Data Access Policy (Correct)


Question 31:
Skipped
 What is the most accurate characterization of data classified as "moderately
restricted"?

Exposure may result in minor inconveniences for individuals involved.


Compromise may lead to a temporary loss of income, market advantage, or
interruption of investment plans. (Correct)


Unauthorized access could lead to legal consequences and fines.


Breach may result in severe financial penalties and long-term damage to the
organization's reputation.


Question 32:
Skipped
How should policies be established within an organization's cybersecurity
framework?

By considering the organization's vision, mission, and needs. (Correct)


By copying industry best practices


Based on the latest cybersecurity trends


Through strict compliance with regulatory standards


Question 33:
Skipped
In a comprehensive cybersecurity strategy, what should the monitoring for
leakage of water or gas, sewer overflow, or failure of HVAC be integrated
with?

Network Security Controls


Physical Security Controls


Application Security Controls


 Building Control Environment (Correct)


Question 34:
Skipped
Which of the following processes strongly limits the possibility of recovering
the original data on the drive from residual physical effects still being present
after clearing?

Encryption


Deletion


Purgin (Correct)


Overwriting

窗体底端
窗体顶端
Question 35:
Skipped
Which scenario best represents high availability and full redundancy in a
cybersecurity context?

Devices connected to a single power supply with a backup battery.


Devices connected to multiple power supplies that have diverse power sources,
backed up by redundant batteries and generators, consuming different fuel
types.

(Correct)


Devices connected to a single power supply with an uninterruptible power supply
(UPS).


Devices connected to multiple power supplies with the same power source.

 Question 36:
Skipped
Which practice is not advised for Role-Based Access Control (RBAC)?

Assigning permissions based on job responsibilities


Implementing the principle of least privilege


Regularly reviewing and updating user permissions


Copying user profiles to create new user accounts with similar access rights
(Correct)

窗体底端
窗体顶端
Question 37:
Skipped
What critical element is considered a cornerstone in the development of a
robust business continuity plan?

Risk assessment


Communication (Correct)


Incident response


Policy development


Question 38:
Skipped
What is the primary objective for the development of the OSI model?

To standardize hardware components


To establish a universal programming language


 To create a global network infrastructure


To provide a common description of the communication structure of
interconnected computer systems. (Correct)

窗体底端
窗体顶端
Question 39:
Skipped
Which protocol is commonly employed to assess the status and health of a
particular link or network?

TCP/IP


SNMP


HTTPS


ICMP (Correct)


Question 40:
Skipped
Which of the following is a private IP address range?

192.168.0.0 to 192.168.255.254 (Correct)


192.0.3.0 - 192.88.98.255


192.88.100.0 - 192.167.255.255


192.169.0.0 - 198.17.255.255


Question 41:
Skipped
What is a key advantage of symmetric encryption?

Secure key distribution


 Bulk data encryption (Correct)


Public key authentication


Dynamic key generation


Question 42:
Skipped
What range of IPv6 addresses is reserved for documentation purposes?

2001:db8:: to 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff

(Correct)


192.168.0.0 to 192.168.255.255


172.16.0.0 to 172.31.255.255


10.0.0.0 to 10.255.255.255


Question 43:
Skipped
Which of the following measures is a requirement for compliance with the
Payment Card Industry Data Security Standard (PCI DSS)?

Antivirus software (Correct)


Large buildings


Tiled flooring


Facial recognition


Question 44:
Skipped
 In a scenario where a door is secured by two locks, with one person knowing
the code for one lock and another person knowing the code for the second
lock, but neither person knows both codes, which principle is being applied?

Single Authentication


Dual Control (Correct)


Shared Authorization


Mutual Authentication


Question 45:
Skipped
What is considered the best practice regarding data retention in
cybersecurity?

Keep all data indefinitely


Delete data immediately after use


Keep data only for as long as it is useful, no more or less. (Correct)


Retain data for a fixed time period, regardless of its usefulness


Question 46:
Skipped
What tool is commonly utilized to perform a network scan for open ports and
services?

Netstat


Wireshark


Maltego


Zenmap (Correct)

 Question 47:
Skipped
What is a key advantage of utilizing cloud computing in the context of
cybersecurity?

Enhanced physical security measures


Increased latency in data transmission


Improved control over hardware infrastructure


Reduced cost of ownership (Correct)


Question 48:
Skipped
What is the primary process for capturing signals generated by events in a
cybersecurity context?

Threat detection


Logging (Correct)


Encryption


Patch management

Question 49:
Skipped
In a Keystroke Dynamics system, what does the term "transfer rate" refer to?

The number of key presses per minute


The time it takes for a key press to register


The speed at which an individual moves between the keys (Correct)


The interval between consecutive key presses


Question 50:
Skipped
 Which disaster recovery site option is specifically designed to ensure high
availability with minimal to no downtime in the event of a disaster?

Cold site


Warm site


Hot site (Correct)


Mobile site

0Question 51:
Skipped
Which of the following characterizes data with a "low sensitivity"
classification?

Compromise may cause minimal disruption, impacts, or delays. (Correct)


Compromise may cause significant disruption, impacts, or delays.


Compromise may lead to moderate disruption, impacts, or delays.


Compromise has no potential for disruption, impacts, or delays.


Question 52:
Skipped
What presents a challenge for symmetric encryption?

Key distribution (Correct)


Algorithm strength


Data confidentiality


Encryption speed


Question 53:
Skipped
What is the port number commonly associated with LDAPS?

 3389


389


636 (Correct)


8080


Question 54:
Skipped
Which type of access controls are employed to regulate, guide, or hinder the
movement of individuals and equipment within a designated physical space?

Logical


Administrative


Physical (Correct)


Technical


Question 55:
Skipped
Which of the following measures is most effective in reducing the risk of
cybersecurity threats?

Holding regular team-building workshops


Changing the office layout for improved collaboration


Conducting daily physical security patrols


Keeping applications and systems updated (Correct)


Question 56:
Skipped
What is the primary purpose of the loopback address?

Network communication


Self-diagnosis and troubleshooting at the device level (Correct)


Remote access


Load balancing


Question 57:
Skipped
How does a risk matrix aid in determining the prioritization of a risk event?

By conducting a vulnerability assessment


By identifying the intersection of the impact and likelihood of the risk event
taking place. (Correct)


By implementing access controls


By performing penetration testing


Question 58:
Skipped
Which of the following tools is considered a comprehensive Security
Information and Event Management (SIEM) solution?

Nessus


Snort


Wireshark


AlienVault (Correct)


Question 59:
Skipped
What is a common item that should be assessed for security risk?

Employee breakroom coffee maker


Office potted plants


Desktop computer backgrounds


Building catching fire (Correct)


Question 60:
Skipped
Why is it essential for organizations to conduct regular reviews of the records
they have retained?

To increase storage costs


To minimize the volume of data stored and ensure the preservation of only the
needed data.



To showcase their data management capabilities


To impress stakeholders with the quantity of data collected


To minimize the volume of data stored and ensure the preservation of only the
needed data.

(Correct)

.
窗体底端
窗体顶端
 Question 61:
Skipped
Which role is expected to have a privileged user account?

Marketing Coordinator


Executive Assistant


IT Support

Cloud Vendor

IT Support (Correct)
 Question 62:
Skipped
What aspect of network activity involves the continuous monitoring of real-
time events and recorded data to identify and capture irregular activities?

Firewall configuration


User authentication


Network segmentation


Intrusion Detection (Correct)

窗体底端
窗体顶端
Question 63:
Skipped
Which protocol plays a crucial role in enabling the exchange of directory
information between servers and clients?

LDAP

(Correct)


FTP


SNMP


DNS


Question 64:
Skipped
In a cybersecurity context, when might an enterprise's leadership team make
the decision to avoid a risk event?

When the risk event has no potential impact on the organization


When the likelihood of the risk event is extremely low


When the risk event is easily manageable with existing controls


When the impact or likelihood of the risk event is very high.

(Correct)


Question 65:
Skipped
In which of the following scenarios would an organization's management
likely consider accepting the risk event?

The risk event poses a minimal threat to the organization's assets.


The organization has not conducted a thorough risk assessment.


The organization lacks the resources to address the risk.


The benefit gained is great enough to offset the perceived risk.

(Correct)


Question 66:
Skipped
 Which of the following best describes the practice involved in transitioning
from a current state to a future state in cybersecurity?

Risk assessment


Change Management (Correct)


Incident response


Configuration management

窗体底端
窗体顶端
Question 67:
Skipped
What is an example of a privacy invasion drawback in biometric systems?

Potential disclosure of sensitive medical information from retina scans (Correct)


Unauthorized access to fingerprint data


Facial recognition accuracy issues


Voice recognition software vulnerabilities


Question 68:
Skipped
What represents a significant weakness of FTP?

Limited file size support


Lack of encryptionv(Correct)


Incompatibility with modern firewalls


 Slow data transfer speeds

窗体底端
窗体顶端
Question 69:
Skipped
Which of the following represents the three major activities of change
management in cybersecurity?

Proposing changes, implementing changes, and monitoring changes.


Identifying changes, approving changes, and documenting changes.


Reviewing changes, testing changes, and communicating changes.


Deciding to change, making the change, and confirming the change is successful.
(Correct)

窗体底端
窗体顶端
Question 70:
Skipped
What is an example of the principle of least privilege?

An individual who works at a health facility may access data of some patients
but not their own medical information (Correct)


An employee in a software development company has unrestricted access to all
client databases.


A system administrator can access and modify any file on the network without
restrictions.


A financial analyst is granted access to confidential HR documents.
 窗体底端
窗体顶端
Question 71:
Skipped
What term is used to describe accounts with permissions exceeding those of
normal users?

Standard accounts


Advanced accounts


Privileged accounts (Correct)


Specialized accounts

窗体底端
窗体顶端
Question 72:
Skipped
What does RFC stand for in the context of change management?

Request for Comment


Request for Change (Correct)


Risk Factor Calculation


Revision Feedback Control
 窗体底端
窗体顶端
Question 73:
Skipped
What is the long form for the Canadian privacy law "PIPEDA"?

Personal Information Protection and Electronic Documents Act (Correct)


Personal Information Privacy and Electronic Documentation Act


Privacy and Information Protection Electronic Documents Act


Privacy and Information Documentation Electronic Act

窗体底端
窗体顶端
Question 74:
Skipped
What does the abbreviation "GLBA" stand for?

General Licensing and Bonding Agreement


Global Leadership in Business Analytics


Gramm–Leach–Bliley Act (Correct)


Great Lakes Bioinformatics Association

窗体底端
窗体顶端
Question 75:
Skipped
What best describes data with an "unrestricted public data" classification?

 Highly sensitive information


No sensitivity, and its compromise shall result in no damage as it is already
published. (Correct)


Moderate sensitivity information


Confidential information

窗体底端
窗体顶端
Question 76:
Skipped
What is the overall goal of education in an organization?

Increasing employee productivity


Enhancing organizational culture


Improving employee morale


Equipping learners to gain understanding of ideas and how to relate to them for
the application of learning. (Correct)

Question 77:
Skipped
Which protocol is associated with port 587?

SMTP with TLS (Correct)


HTTPS


SNMP


FTP
 窗体底端
窗体顶端
Question 78:
Skipped
Which of the following is a recognized cybersecurity standard?

NIST SP 800-53 (Correct)


CVE


Microsoft Defender


AUP

窗体底端
窗体顶端
Question 79:
Skipped
What is an effective strategy for mitigating the risk of data loss during a
security incident?

Regular security awareness training


Encryption of all data at rest


Continuous monitoring of network traffic


Data backups tested for restoration (Correct)
 窗体底端
窗体顶端
Question 80:
Skipped
What is the primary goal of an IDS?

Preventing cyber attacks


Detecting and alerting on unauthorized activities(Correct)


Encrypting network traffic


Enhancing system performance

Question 81:
Skipped
How many symmetric encryption keys would an organization with 1000
employees need to manage for secure communication with one another using
symmetric encryption?

1000


499,500 (Correct)


250,000


1,000,000

窗体底端
窗体顶端
Question 82:
Skipped
Which of the following options is an example of single-factor authentication?

 Username, password, and PIN code (Correct)


Smart card and passphrase


Password and fingerprint


PIN code and security token


Question 83:
Skipped
Which of the following represents the primary cloud computing service
models?

SaaS, XaaS, FaaS


IaaS, MaaS, BaaS


DaaS, TaaS, CaaS


SaaS, PaaS, IaaS (Correct)

.
窗体底端
窗体顶端
Question 84:
Skipped
Which of the following represents the primary cloud deployment models?

Open, closed, mixed, and collaborative


External, internal, combined, and collaborative


Shared, isolated, interconnected, and joint


Public, private, hybrid, and community (Correct)
 窗体底端
窗体顶端
Question 85:
Skipped
In a security setup, which type of alarm system is designed to alert security
personnel or law enforcement when activated?

Panic Button (Correct)


Motion sensor


Fire alarm


Intrusion detection system

窗体底端
窗体顶端
Question 86:
Skipped
What term is used to describe an organization that oversees and manages
information technology assets on behalf of another organization?

ISP (Internet Service Provider)


MSP (Managed Service Provider) (Correct)


MSSP (Managed Security Service Provider)


CSP (Cloud Service Provider)

窗体底端
窗体顶端
Question 87:
Skipped
In which scenario might an organization's management choose to accept a
cybersecurity risk?

When there are unlimited resources available


When the likelihood of the risk event occurring or its impact is minimal.
(Correct)


When the organization has never experienced a cybersecurity incident


When the regulatory environment requires complete risk avoidance
 窗体底端
窗体顶端
Question 88:
Skipped
What advantage does asymmetric encryption offer over symmetric
encryption?

Speed


Simplicity


Scalability (Correct)


Efficiency

窗体底端
窗体顶端
Question 89:
Skipped
What is the primary objective of training within an organization?

Boosting employee morale


Meeting regulatory requirements


Enhancing skill proficiency, perception, and judgments for decision making
(Correct)


Reducing operational costs

窗体底端
窗体顶端
Question 90:
Skipped
What does a Managed Detection and Response (MDR) service entail?

A software application that automatically detects and responds to cyber threats.


A service provider that monitors security tools for an organization and provides
triage expertise. (Correct)


A framework for managing digital risk through continuous monitoring and
analysis.


An open-source tool for penetration testing and vulnerability assessment.

窗体底端
窗体顶端
Question 91:
Skipped
Which protocol is associated with port 853?

HTTPS


SNMP


DNS over TLS (DoT) (Correct)


SSH

窗体底端
窗体顶端
Question 92:
Skipped
Where are data classifications derived from?

International standards


Best practices


Industry recommendations


Regulations, laws, organizational expectations, contract-specified standards
(Correct)

窗体底端
窗体顶端
Question 93:
Skipped
Which of the following represents the main types of Intrusion Detection
System (IDS) classes?

Endpoint-based and Cloud-based


Signature-based and Anomaly-based


Firewall-based and Antivirus-based


Host-based and Network-based (Correct)

窗体底端
窗体顶端
Question 94:
Skipped
Which of the following depicts the order of intelligence starting from the least
smart to the most smart network device?

Router → Hub → Switch


Hub → Switch → Router (Correct)


Switch → Hub → Router


Router → Switch → Hub

窗体底端
窗体顶端
Question 95:
Skipped
Which of the following represents the primary function of the network layer in
the TCP/IP model?

Ensuring data confidentiality


Managing physical connections


 Defining how data shall traverse the network (Correct)


Authenticating users

窗体底端
窗体顶端
Question 96:
Skipped
What is the primary objective of all encryption systems?

Compression of data for efficient storage


Transformation of data into an unintelligible encrypted form (Correct)


Authentication of data sources


Acceleration of data transfer speeds

窗体底端
窗体顶端
Question 97:
Skipped
What is a critical success factor for an organization to effectively destroy data
that has reached the end of its retention period?

Accurate inventory with the location of the asset, requirements for the retention
period, and destruction (Correct)


Regular system updates


Data encryption


Employee awareness training

Question 98:
Skipped
What is the primary purpose of incorporating a checklist in a Business
Continuity Plan (BCP)?

Enhancing documentation


Streamlining communication


To ensure that vital elements are not missed during the implementation of the
plan. (Correct)


Facilitating legal compliance

窗体底端
窗体顶端
Question 99:
Skipped
What is a property of hashing?

Produces different outputs for the same input


Returns a variable-length output from an input set of data


Returns a fixed-length output from an input set of data (Correct)


Requires a secret key for computation


Question 100:
Skipped
What is the primary goal of awareness initiatives within an organization?

Generate revenue for the organization


Increase employee productivity


Enhance physical security measures


Attract and engage learners with aspects of issues, concerns, problems, or needs
(Correct)