(2) Play It Safe: Manage Security Risks Flashcards by Ho Sun Choe

Fill in the blank: The _____ domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.

asset security

communication and network security

security operations

identity and access management

The identity and access management domain is focused on access and authorization to keep data secure by making sure that users follow established policies to control and manage assets.

How well did you know this?

Not at all

Perfectly

What is the focus of the security and risk management domain?

Optimize data security by ensuring effective processes are in place

Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations

Manage and secure wireless communications

Secure physical networks and wireless communications

Define security goals and objectives, risk mitigation, compliance, business continuity, and regulations

The focus of the security and risk management domain is defining security goals and objectives, risk mitigation, compliance, business continuity, and regulations.

How well did you know this?

Not at all

Perfectly

In which domain would a security professional conduct security control testing; collect and analyze data; and perform security audits to monitor for risks, threats, and vulnerabilities?

Identity and access management

Communication and network engineering

Security assessment and testing

Security architecture and engineering

Security assessment and testing

In the security assessment and testing domain, a security professional conducts security control testing; collects and analyzes data; and performs security audits to monitor for risks, threats, and vulnerabilities.

How well did you know this?

Not at all

Perfectly

Fill in the blank: The _____ domain concerns conducting investigations and implementing preventive measures.

asset security

security operations

software development security

communications and networking engineering

security operations

The security operations domain concerns conducting investigations and implementing preventative measures.

How well did you know this?

Not at all

Perfectly

What is a vulnerability?

Any circumstance or event that can negatively impact assets

An organization’s ability to manage its defense of critical assets and data and react to change

Anything that can impact the confidentiality, integrity, or availability of an asset

A weakness that can be exploited by a threat

How well did you know this?

Not at all

Perfectly

Fill in the blank: Information protected by regulations or laws is a _____. If it is compromised, there is likely to be a severe negative impact on an organization’s finances, operations, or reputation.

high-risk asset

new-risk asset

low-risk asset

medium-risk asset

high-risk asset

Information protected by regulations or laws is a high-risk asset. If it is compromised, there is likely to be a severe negative impact on an organization’s finances, operations, or reputation.

How well did you know this?

Not at all

Perfectly

What are the key impacts of threats, risks, and vulnerabilities? Select three answers.

Damage to reputation

Identity theft

Employee retention

Financial damage

Damage to reputation

Identity theft

Financial damage

How well did you know this?

Not at all

Perfectly

Fill in the blank: The steps in the Risk Management Framework (RMF) are prepare, _____, select, implement, assess, authorize, and monitor.

categorize

communicate

reflect

produce

categorize

The steps in the RMF are prepare, categorize, select, implement, assess, authorize, and monitor. In the categorize step, security professionals develop risk-management processes and tasks.

How well did you know this?

Not at all

Perfectly

Fill in the blank: Security posture refers to an organization’s ability to react to change and manage its defense of _____ and critical assets.

data

domains

consequences

gaps

data

How well did you know this?

Not at all

Perfectly

Which of the following examples are key focus areas of the security and risk management domain? Select three answers.

Store data properly

Follow legal regulations

Maintain business continuity

Mitigate risk

Follow legal regulations

Maintain business continuity

Mitigate risk

How well did you know this?

Not at all

Perfectly

How does business continuity enable an organization to maintain everyday productivity?

By exploiting vulnerabilities

By ensuring return on investment

By outlining faults to business policies

By establishing risk disaster recovery plans

How well did you know this?

Not at all

Perfectly

Fill in the blank: According to the concept of shared responsibility, employees can help lower risk to physical and virtual security by _____. Select two answers.

recognizing and reporting security concerns

limiting their communication with team members

taking an active role

meeting productivity goals

recognizing and reporting security concerns

taking an active role

How well did you know this?

Not at all

Perfectly

A security analyst researches ways to improve access and authorization at their business. Their primary goal is to keep data secure. Which security domain does this scenario describe?

Identity and access management

Asset security

Communication and network security

Security assessment and testing

Identity and access management

How well did you know this?

Not at all

Perfectly

Which of the following activities may be part of establishing security controls? Select three answers.

Implement multi-factor authentication

Evaluate whether current controls help achieve business goals

Monitor and record user requests

Collect and analyze security data regularly

Implement multi-factor authentication

Evaluate whether current controls help achieve business goals

Collect and analyze security data regularly

How well did you know this?

Not at all

Perfectly

Fill in the blank: The software development security domain involves the use of the software development ___, which is an efficient process used by teams to quickly build software products and services.

lifecycle

functionality

staging

operations

lifecycle

How well did you know this?

Not at all

Perfectly

Which of the following statements accurately describe risk? Select all that apply.

A high-risk asset is any information protected by regulations or laws.

Another way to think of risk is the likelihood of a threat occurring.

If compromised, a low-risk asset would have a severe negative impact on an organization’s ongoing reputation.

If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.

A high-risk asset is any information protected by regulations or laws.

Another way to think of risk is the likelihood of a threat occurring.

If compromised, a medium-risk asset may cause some damage to an organization’s ongoing operations.

How well did you know this?

Not at all

Perfectly

A business experiences an attack. As a result, its critical business operations are interrupted and it faces regulatory fines. What type of consequence does this scenario describe?

Financial

Identity

Reputation

Practical

Financial

How well did you know this?

Not at all

Perfectly

Fill in the blank: In the Risk Management Framework (RMF), the _____ step might involve implementing a plan to change password requirements in order to reduce requests to reset employee passwords.

authorize

prepare

categorize

implement

How well did you know this?

Not at all

Perfectly

How do security frameworks enable security professionals to help mitigate risk?

They are used to establish laws that reduce a specific security risk.

They are used to create unique physical characteristics to verify a person’s identity.

They are used to establish guidelines for building security plans.

They are used to refine elements of a core security model known as the CIA triad.

They are used to establish guidelines for building security plans.

Security frameworks are used to establish guidelines for building security plans that enable security professionals to help mitigate risk.

How well did you know this?

Not at all

Perfectly

Competitor organizations are the biggest threat to a company’s security.

True

False

True

People are the biggest threat to a company’s security. This is why educating employees about security challenges is essential for minimizing the possibility of a breach.

How well did you know this?

Not at all

Perfectly

Fill in the blank: Security controls are safeguards designed to reduce _____ security risks.

broadscale

specific

general

public

specific

Security controls are safeguards designed to reduce specific risks.

How well did you know this?

Not at all

Perfectly

A security analyst works on a project designed to reduce the risk of vishing. They develop a plan to protect their organization from attackers who could exploit biometrics. Which type of security control does this scenario describe?

Encryption

Ciphertext

Classification

Authentication

This describes authentication, which is the process of implementing controls to verify who someone or something is before granting access to specific resources within a system.

How well did you know this?

Not at all

Perfectly

What is the CIA triad?

A foundational security model used to set up security policies and systems

A mandatory security framework involving the selection of appropriate controls

A set of security controls used to update systems and networks

Ongoing validation processes involving all employees in an organization

A foundational security model used to set up security policies and systems

The CIA triad is a foundational security model used to set up security policies and systems. The core principles of the model are confidentiality, integrity, and availability.

How well did you know this?

Not at all

Perfectly

Which element of the CIA triad specifies that only authorized users can access specific information?

Confidentiality

Confirmation

Integrity

Access

Confidentiality

Confidentiality specifies that only authorized users can access specific information.

How well did you know this?

Not at all

Perfectly

A security analyst discovers that certain data is inaccessible to authorized users, which is preventing these employees from doing their jobs efficiently. The analyst works to fix the application involved in order to allow for timely and reliable access. Which element of the CIA triad does this scenario describe? Applicability Capacity Integrity Availability

Availability This scenario describes availability. Availability specifies that data is accessible to authorized users.

Fill in the blank: According to the CIA triad, _____ refers to ensuring that an organization's data is verifiably correct, authentic, and reliable. Integrity Accuracy Credibility Availability

Integrity According to the CIA triad, integrity refers to ensuring that an organization's data is verifiably correct, authentic, and reliable.

What is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)? A set of security controls that help analysts determine what to do if a data breach occurs Standards, guidelines, and best practices that organizations follow voluntarily in order to manage cybersecurity risk A collection of security principles focused on maintaining confidentiality, integrity, and availability A required business framework for ensuring security updates and repairs are successful

Standards, guidelines, and best practices that organizations follow voluntarily in order to manage cybersecurity risk The NIST CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

Fill in the blank: The five core functions that make up the CSF are: identify, protect, detect, _____, and recover. reevaluate reflect regulate respond

respond The five core functions that make up the CSF are: identify, protect, detect, respond, and recover.

Fill in the blank: The CSF _____ function relates to monitoring systems and devices in an organization’s internal network to help security teams manage potential cybersecurity risks and their effects. protect identify respond recover

identify The CSF identify function relates to monitoring systems and devices in an organization’s internal network to help security teams manage potential cybersecurity risks and their effects.

What does a security analyst’s work involve during the CSF recover function? Return affected systems back to normal operation Protect an organization through the implementation of employee training Contain, neutralize, and analyze security incidents Pinpoint threats and improve monitoring capabilities

Return affected systems back to normal operation During the recover function, a security analyst’s work involves returning affected systems back to normal operation.

A security analyst disables certain software features to reduce the potential vulnerabilities that an attacker could exploit at their organization. Which OWASP security principle does this scenario describe? Minimize the attack surface Defense in depth Fix security issues correctly Separation of duties

Minimize the attack surface This scenario describes minimizing the attack surface.

Fill in the blank: A security _____ is a review of an organization's security controls, policies, and procedures against a set of expectations. survey classification audit examination

audit A security audit is a review of an organization's security controls, policies, and procedures against a set of expectations.

A security professional closely examines their organization’s network, then evaluates potential risks to the network. Their goal is to ensure internal safeguards and processes are effective. What security concept does this scenario describe? Controls assessment Communicating results Security recommendations Compliance regulations

Controls assessment This scenario describes a controls assessment. A controls assessment involves closely reviewing an organization’s existing assets, then evaluating potential risks to those assets in order to ensure internal controls and processes are effective.

A security professional is asked to communicate the results of an internal security audit to stakeholders. What should be included in that communication? Select three answers. A list of questions for stakeholders to answer A list of risks and compliance requirements that need to be addressed A recommendation about how to improve the organization’s security posture A summary of the audit's scope and goals

A list of risks and compliance requirements that need to be addressed A recommendation about how to improve the organization’s security posture A summary of the audit's scope and goals When communicating the results of an internal audit to stakeholders, the communication should include a summary of the audit's scope and goals; a list of risks and compliance requirements that need to be addressed; and a recommendation about how to improve the organization’s security posture.

What does a security professional use to create guidelines and plans that educate employees about how they can help protect the organization? Security posture Security hardening Security audit Security framework

Security framework

Fill in the blank: A security professional uses _____ to verify that an employee has permission to access a resource. admission authorization integrity encryption

authorization

What type of social engineering attack attempts to exploit biometrics? Spear phishing Cryptographic attack Vishing Whaling

Vishing

You work as a security analyst for a community organization that has large amounts of private data. Which core principle of the CIA triad do you use to ensure private information is kept safe? Integrity Availability Confidentiality Consistency

Confidentiality

Which of the following statements accurately describe the CSF? Select all that apply. The identify function of the CSF involves managing cybersecurity risk and its effects on an organization’s people and assets. The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk. The protect function of the CSF involves returning affected systems back to normal operation. Implementing improvements to a security process is part of the respond function of the CSF.

The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk. Implementing improvements to a security process is part of the respond function of the CSF.

A security team has just finished addressing a recent security incident. They now conduct tests to ensure that all of their repairs were successful. Which OWASP principle does this scenario describe? Separation of duties Principle of least privilege Fix security issues correctly Minimize attack surface area

Fix security issues correctly

What are some of the primary objectives of an internal security audit? Select all that apply. Help security teams correct compliance issues Enable security teams to assess controls Limit traffic on an organization’s firewall Identify any security gaps or weaknesses within an organization

Help security teams correct compliance issues Enable security teams to assess controls Identify any security gaps or weaknesses within an organization

Fill in the blank: The planning elements of an internal security audit include establishing scope and _____, then conducting a risk assessment. goals limitations compliance controls

goals

A security analyst performs an internal security audit. They determine that the organization needs to install surveillance cameras at various store locations. What are they working to establish? Technical controls Administrative controls Communication controls Physical controls

Physical controls

What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers. Results and recommendations A summary of the scope Questions about specific controls A list of existing risks

Results and recommendations A summary of the scope A list of existing risks

Which log source records events related to websites, emails, and file shares, as well as password and username requests? Network Receiving Server Firewall

Server Server logs record events related to websites, emails, and file shares. They include actions such as login requests, password and username requests, as well as the ongoing use of these services.

Fill in the blank: A security information and _____ management (SIEM) tool is an application that collects and analyzes log data to monitor critical activities in an organization. employee emergency event efficiency

event A security information and event management (SIEM) tool is an application that collects and analyzes log data to monitor critical activities in an organization. SIEM tools index and minimize the scope of logs a security professional should manually review and analyze.

A security professional evaluates a software application by reviewing key technical attributes including response time, availability, and failure rate. What are they using to assess performance? Models Metrics Cloud tools Index standards

Metrics They are using metrics. Metrics are key technical attributes including response time, availability, and failure rate, which are used to assess the performance of a software application. SIEM dashboards can be customized to display relevant metrics.

Fill in the blank: SIEM tools must be configured and _____ to meet each organization's unique security needs. customized centralized reviewed indexed

customized SIEM tools must be configured and customized to meet each organization's unique security needs.

A security team wants some of its services to be hosted on the internet instead of local devices. However, they also need to maintain physical control over certain confidential data. What type of SIEM solution should they select? Self-hosted Hybrid Remote Cloud-hosted

Hybrid They should select a hybrid solution. Hybrid solutions use a combination of both self- and cloud-hosted SIEM tools to leverage the benefits of the cloud while maintaining physical control over confidential data.

Security information and event management (SIEM) tools provide dashboards that help cybersecurity professionals organize and focus their security efforts. True False

True SIEM tools provide dashboards that help cybersecurity professionals organize and focus their security efforts. This allows analysts to reduce risk by identifying, analyzing, and remediating the highest priority items in a timely manner.

Fill in the blank: A _____ SIEM tool is specifically designed to take advantage of cloud computing capabilities including availability, flexibility, and scalability. cloud-native cloud-local cloud-hardware cloud-infrastructure

cloud-native A cloud-native SIEM tool, such as Chronicle, is specifically designed to take advantage of cloud computing capabilities including availability, flexibility, and scalability.

What are the different types of SIEM tools? Select three answers. Self-hosted Cloud-hosted Hybrid Physical

Self-hosted Cloud-hosted Hybrid

Which of the following statements correctly describe logs? Select three answers. A record of connections between devices and services on a network is part of a network log. SIEM tools rely on logs to monitor systems and detect security threats. A record of events related to employee logins and username requests is part of a server log. Actions such as username requests are recorded in a network log.

A record of connections between devices and services on a network is part of a network log. SIEM tools rely on logs to monitor systems and detect security threats. A record of events related to employee logins and username requests is part of a server log.

What are some of the key benefits of SIEM tools? Select three answers. Automatic updates customized to new threats and vulnerabilities Store all log data in a centralized location Monitor critical activities in an organization Provide visibility

Store all log data in a centralized location Monitor critical activities in an organization Provide visibility

Fill in the blank: To assess the performance of a software application, security professionals use _____, including response time, availability, and failure rate. metrics logs SIEM tools dashboards

metrics

A security team chooses to implement a SIEM tool that they will install, operate, and maintain using their own physical infrastructure. What type of tool are they using? Cloud-hosted Self-hosted Hybrid Log-hosted

Self-hosted

You are a security professional, and you want to save time by using a SIEM tool that will be managed by a provider and only be accessible through the internet. What type of tool do you choose? IT-hosted Self-hosted Hybrid Cloud-hosted

Cloud-hosted

Fill in the blank: SIEM tools are used to search, analyze, and _____ an organization's log data to provide security information and alerts in real-time. separate retain release modify

retain

A security analyst receives an alert about hundreds of login attempts from unusual geographic locations within the last few minutes. What can the analyst use to review a timeline of the login attempts, locations, and time of activity? A network protocol analyzer (packet sniffer) A playbook An operating system A SIEM tool dashboard

A SIEM tool dashboard

Fill in the blank: The wide exposure and immediate access to the source code of open-source tools makes it _____ likely that issues will occur. less equally more very

less

In the event of a security incident, when would it be appropriate to refer to an incident response playbook? Throughout the entire incident Only prior to the incident occurring At least one month after the incident is over Only when the incident first occurs

Throughout the entire incident In the event of a security incident, it is appropriate to refer to an incident response playbook throughout the entire incident. An incident response playbook is a guide with six phases used to help mitigate and manage security incidents from beginning to end.

Fill in the blank: During the _____ phase, security professionals use tools and strategies to determine whether a breach has occurred and to evaluate its potential magnitude. coordination containment preparation detection and analysis

detection and analysis During the detection and analysis phase, security professionals use tools and strategies to determine whether a breach has occurred and to evaluate its potential magnitude.

In which incident response playbook phase would a security team document an incident to ensure that their organization is better prepared to handle future security events? Eradication and recovery Coordination Post-incident activity Containment

Post-incident activity In the post-incident activity phase, a security team documents an incident to ensure that their organization is better prepared to handle future incidents.

What is the relationship between SIEM tools and playbooks? Playbooks collect and analyze data, then SIEM tools guide the response process. Playbooks detect threats and generate alerts, then SIEM tools provide the security team with a proven strategy. They work together to predict future threats and eliminate the need for human intervention. They work together to provide a structured and efficient way of responding to security incidents.

They work together to provide a structured and efficient way of responding to security incidents. SIEM tools and playbooks work together to provide a structured and efficient way of responding to security incidents.

Playbooks are permanent, best-practice documents, so a security team should not make changes to them. True False

False Playbooks are living documents, so a security team will make frequent changes, updates, and improvements to address new threats and vulnerabilities.

A business recently experienced a security breach. Security professionals are currently restoring the affected data using a clean backup that was created before the incident. What playbook phase does this scenario describe? Containment Eradication and recovery Post-incident activity Detection and analysis

Eradication and recovery This scenario describes eradication and recovery. This phase involves removing the incident's artifacts and restoring the affected environment to a secure state.

Fill in the blank: Once a security incident is resolved, security analysts perform various post-incident activities and _____ efforts with the security team. preparation detection coordination eradication

coordination Once a security incident is resolved, security analysts perform various post-incident activities and coordination efforts with the security team. Coordination involves reporting incidents and sharing information based on established standards.

Which action can a security analyst take when they are assessing a SIEM alert? Analyze log data and related metrics Isolate an infected network system Restore the affected data with a clean backup Create a final report

Analyze log data and related metrics An action that a security analyst can take when they are assessing a SIEM alert is to analyze log data and related metrics. This helps in identifying why the alert was generated by the SIEM tool and determining if the alert is valid.

Which of the following statements accurately describe playbooks? Select three answers. A playbook can be used to respond to an incident A playbook is an essential tool used in cybersecurity. A playbook is used to develop compliance regulations. A playbook improves efficiency when identifying and mitigating an incident.

A playbook can be used to respond to an incident A playbook is an essential tool used in cybersecurity. A playbook improves efficiency when identifying and mitigating an incident.

What does a security team do when updating and improving a playbook? Select all that apply. Refine response strategies for future incidents Discuss ways to improve security posture Improve antivirus software performance Consider learnings from past security incidents

Refine response strategies for future incidents Discuss ways to improve security posture Consider learnings from past security incidents

Fill in the blank: Incident response playbooks outline processes for communication and ______ of a security breach. documentation implementation iteration concealment

documentation

A security analyst reports to stakeholders about a security breach. They provide details based on the organization’s established standards. What phase of an incident response playbook does this scenario describe? Preparation Detection and analysis Eradication and recovery Coordination

Coordination

Which phase of an incident response playbook is primarily concerned with preventing further damage and reducing the immediate impact of a security incident? Preparation Post-incident activity Containment Detection and analysis

Containment

Fill in the blank: During the post-incident activity phase, organizations aim to enhance their overall _____ by determining the incident’s root cause and implementing security improvements. security posture security audit user experience employee engagement

security posture

A security analyst wants to set the foundation for successful incident response. They outline roles and responsibilities of each security team member. What phase of an incident response playbook does this scenario describe? Post-incident activity Detection and analysis Preparation Containment

Preparation

In what ways do SIEM tools and playbooks help security teams respond to an incident? Select all that apply. SIEM tools analyze data. SIEM alerts provide security teams with specific steps to identify and respond to security incidents. SIEM alerts inform security teams of potential threats. SIEM tools and playbooks work together to provide an efficient way of handling security incidents.

SIEM tools analyze data. SIEM alerts inform security teams of potential threats. SIEM tools and playbooks work together to provide an efficient way of handling security incidents.

(2) Play It Safe: Manage Security Risks Flashcards

(76 cards)