SECURITY+ Module 5

1. You need to manage cloud-based Windows virtual machines (VMs) from your on-premises network. Which option presents the most secure remote management solution?
2. Say that you work for a cloud service provider. Prior to signing off on a purchase order for a new security cloud service, a prospective customer wants to understand the nature of what you are providing and what levels of service in regard to performance and uptime your service offers. What should you provide the prospective customer?
3. Your organization is looking to move the internally developed and managed HR system to a SaaS vendor. Which of the following should you request from the vendor?
4. An organization is increasingly subject to compliance regulations and is making strong efforts to comply with them but is still concerned about issues that might occur. Management decides to buy insurance to help cover the costs of a potential breach. Which of the following risk response techniques is the organization using?
5. You are planning the secure management of servers and network infrastructure devices on your corporate LAN. Which design will best protect these devices from RDP and SSH attacks?
6. Which of the following are the most compelling reasons that secure configuration baselines have been established? (Select three.)
7. Which of the following legally binding controls should you consider in order to protect sensitive information from being improperly disclosed by a third-party vendor you are hiring for consulting work in the organization?
8. Which one of the following is responsible for implementing the data classification and security controls?
9. Your online retail business accepts PayPal and credit card payments. You need to ensure that your company is compliant with the relevant security standards. Which payment security standard should you focus on?
10. You have been tasked with creating a corporate security policy regarding smart phone usage for business purposes. What should you do first?
11. Your organization currently runs an operating system for which software developed after the end of last month may no longer work or even be installable. Which of the following best describes this milestone for the operating system?
12. Which of the following equations best represents the proper assessment of exposure to danger?
13. Which action will have the largest impact on mitigating against SQL injection attacks?
14. You have been hired to review security controls for a medical practice in rural Tennessee. Which of the following data privacy frameworks must the medical practice be compliant with?
15. Your manager needs to know, for budgetary purposes, the average life span for each of the firewall appliances. Which of the following should you provide?
16. A recent audit revealed that most of the organization is not properly handling sensitive data correctly. To address this shortcoming, your organization is implementing computer security awareness training. What type of control is this?
17. Which of the following are examples of PII? (Choose two.)
18. Which of the following statements are true? (Choose two.)
19. When determining how best to mitigate risk, which items should you consider? (Choose two.)
20. Which data classification type contains data that would have a severe impact to the organization were it exposed, that should not be broadly shared internally or externally, and that should be tightly controlled?
21. During customer support calls, customer service representatives periodically pull up customer details on their screens, including credit card numbers. What should be enabled to prevent the disclosure of credit card numbers?
22. Which of the following is the monetary loss that can be expected for an asset from risk over a year?
23. The Accounts Payable department notices large out-of-country purchases made using a corporate credit card. After discussing the matter with Juan, the employee whose name is on the credit card, they realize that somebody has illegally obtained the credit card details. You also learn that Juan recently received an e-mail from what appeared to be the credit card company asking him to sign in to their web site to validate his account, which he did. How could this have been avoided?
24. Your organization uses the private and public labels to classify data, as the internal security policy details how data should be protected based on the classification label. The decision was made to add an additional “proprietary” label. Which is the most likely reason this was done?
25. Which of the following are functional control types? (Select three.)
26. Christine is the server administrator for your organization. Her manager provided step-by-step security policies outlining how servers should be configured to maximize security. Which type of security policy will Christine be implementing?
27. Which of the following is an example of PHI?
28. Your company has decided to adopt a public cloud device management solution whereby all devices are centrally managed from a web site hosted on servers in a data center. Management has instructed you to ensure that the solution is reliable and always available. Which type of document should you focus on?
29. Your legal consulting services company is headquartered in Berlin with a branch office in Paris. You are determining how to comply with applicable data privacy regulations. Which of the following security standards must your company comply with?
30. You are a file server administrator for a health organization. Management has asked you to configure your servers appropriately to classify files containing unique manufacturing processes. What is an appropriate data classification for these types of files?
31. Which of the following best illustrates potential security problems related to social media sites?
32. You are configuring a password policy for users in the Berlin office. Passwords must be changed every 60 days. You must ensure that user passwords cannot be changed more than once within the 60-day interval. What should you configure?
33. After a lengthy background check and interviewing process, your company hired a new payroll clerk named Tammy. Tammy will be using a web browser on a company computer at the office to access the payroll application on a public cloud provider web site over the Internet. Which type of document should Tammy read and sign?
34. As the IT security officer, you establish a security policy requiring that users protect all paper documents so that sensitive client, vendor, or company data is not stolen. What type of policy is this?
35. Which of the following options best describe the proper use of PII? (Choose two.)
36. After identifying internal and external threats, you must determine how these potential risks will affect business operations. Which of the following terms best describes this?
37. You are listing preventative measures for potential risks. Which of the following would you document? (Choose three.)
38. You are identifying security threats to determine the likelihood of virus infection. Identify potential sources of infection. (Choose two.)
39. You are an IT security consultant. A client conveys her concern to you regarding malicious Internet users gaining access to corporate resources. What type of assessment would you perform to determine this likelihood?
40. You are responsible for ensuring that all company IT-related equipment and data are inventoried and given a value. Which term best describes this activity?
41. You are an IT consultant performing a risk analysis for a seafood company. The client is concerned with specific cooking and packaging techniques the company uses being disclosed to competitors. What type of security concern is this?
42. Margaret, the head of HR, conducts an exit interview with a departing IT server technician named Irving. The interview encompasses Irving’s view of the organization, such as the benefits of the job he held and suggestions of improvements that could be made. Which of the following issues should also be addressed in the exit interview? (Choose two.)
43. You are the network administrator for a legal firm. Users in Vancouver must be able to view trade secrets for patent submission. You have shared a network folder called Trade Secrets and allowed the following NTFS permissions:

Vancouver_Staff: Read, List Folder Contents
Executives: Write
IT_Admins: Full Control
Regarding Vancouver staff, which principle is being adhered to?
44. Which of the following is true regarding qualitative risk analysis?
45. What is the primary purpose of enforcing a mandatory vacation policy?
46. Your company restricts firewall administrators from modifying firewall rules unless they make the modifications with a member of the IT security team. What is this an example of?
47. During a risk analysis meeting, you are asked to specify internal threats being considered. Which item is not considered an internal threat?
48. Which values must be calculated to derive annual loss expectancy? (Choose two.)
49. Which term best describes monies spent to minimize the impact that threats and unfavorable conditions have on a business?
50. An insurance company charges an additional $200 monthly premium for natural disaster coverage for your business site. What figure must you compare this against to determine whether to accept this additional coverage?


Leave a comment