The acronym VPN stands for:
Virtual Private Network
Executives are responsible for managing and overseeing enterprise risk
... [Show More] management.
True
The internal audit department is investigating a possible accounting breach. One of the auditors is sent to interview the following employees: Employee A works in the accounts receivable office and is in charge of entering data into the finance system; Employee B works in the accounts payable office and is in charge of approving purchase orders; Employee C is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B. Which of the following should the auditor suggest be done to avoid future security breaches?
The manager should only be able to review the data and approve purchase orders.
An electrical utility has employed a consultant to perform a controls assessment of the personnel system, backend business operations, and the SCADA system used in their facility. Which of the following correctly states the risk management options that the consultant should use during the assessment?
Avoid, transfer, mitigate, and accept.
The acronym SOA stands for:
Statement of Applicability
Which of the following are steps in the risk management process?
All of the Above
Cybersecurity should be involved throughout the entire system development life cycle.
True
A Physical Security Manager is ready to replace 30 analog surveillance cameras with IP cameras with built in web management. There are several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should be used to BEST secure this environment?
Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
What is an advantage of cloud computing?
Improved performance
Cybersecurity is primarily about implementing a checklist of requirements.
False
A retail merchant has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the merchants share price decreasing in value by more than one third and the merchant has been threatened with losing their ability to process credit card transactions. The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues. The business has specified that the solution needs to be enterprise grade and meet the following requirements: Work across all major platforms, applications and infrastructure; Tracks activity of all users, including administrators; Operates without negatively impacting the performance of production platforms, applications, and infrastructures; Provides real-time incident reporting; Displays incidents in a dashboard view for easy recognition; Includes a report generator where business units are able to query against companys system assets. In order to solve this problem, which of the following security solutions will BEST meet the above requirements?
Implement an enterprise-based SIEM solution to process the logs of the major platforms, applications, and infrastructure.
Open source material is a good resource for gathering substantial information on a desired target.
True
The agile process emphasizes which of the following over processes and tools?
Individuals and Interactions
Jurisdiction and Breach Notification are examples of what type of potential risk?
Legal
Which of the following is considered the necessary research done before launching a scan?
Network Reconnaissance
Cloud computing does NOT require a constant Internet connection.
False
Which of the following should be developed during the SDLC?
All of the Above
HTML5 is the latest version of the markup language.
True
Chain of Custody shows who controlled, secured and obtained a piece of evidence.
True
There should never be different levels of regulations within a single business unit.
False
New zero day attacks are being discovered on a regular basis against a broad range of IT systems. Which of the following best practices should a security manager do to manage the risks being faced through these attack vectors?
Maintain a list of critical systems.
Which of the following BEST explains SAML?
A security attestation model built on XML and SOAP based services, which allows for the exchange of AandA data between systems and supports Federated Identity Management.
An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred?
No one was reviewing the IDS event logs.
A government agency has a major new initiative to virtualize as many servers as possible, due to power and rack space capacity at its two data centers. The agency has prioritized virtualizing older servers first as the hardware is nearing end of life. The two initial migrations include Windows 2000 hosts (domain controllers and front-facing web servers) and open source Linux hosts (front facing web servers). Which of the following should occur based on best practices?
Each data center should contain separate virtual environments for the web servers and for the domain controllers.
Which of the following is an agreement between two or more organizations to work together to allow information exchange?
Interoperability
The DoD has specific mandatory requirements for data encryption.
True
A new IDS appliance is generating a very large number of events, most of which are not security-related. Select the approach which best resolves this issue.
Adjust IDS filters that are creating false positives.
Good metrics are SMART. The M in the acronym SMART stands for:
Measurable
Which of the following can be useful in information gathering?
All of the Above
File Transfer Protocol (FTP) is secure.
False
Impact measures are inherently organization specific.
True
A Security Manager is selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. All of the following should be priority issues for the security manager EXCEPT:
PBX integration of the service [Show Less]