Cybersecurity Pre-Course Assessment

Question 1

Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe? (D1, L1.3.1)

A) Administrative
B) Tangential
C) Physical
D) Technical

Answer 1

A) Administrative

The process itself is an administrative control; rules and practices are administrative. The safe itself is physical, but the question asked specifically about process, not the safe, so C is incorrect.

Question 2

In risk management concepts, a(n) _________ is something a security practitioner might need to protect. (D1, L1.2.1)

A) Vulnerability
B) Asset
C) Threat
D) Likelihood

Answer 2

B) Asset

An asset is anything with value, and a security practitioner may need to protect assets. A, C, and D are incorrect because vulnerabilities, threats and likelihood are terms associated with risk concepts, but are not things that a practitioner would protect.