Domain 2

Question 1

Filip installs and integrates a non discretionary system, which access control policy gets enforced?

Answer 1

Role based

The users gets their priv from their role

Question 2

Annette has decided to use a passphrase instead of a dictionary word password for better security. Her new password converts into?

Answer 2

Virtual password

Im system today convert the password into a hash so that if this system gets hacked attack her only has password hasshest instead of the actual password. The hash ax as a virtual password because his value authenticate the user not the password itself 

Question 3

Hubert desires the best and most expensive security protection for their firm. Which of the following should they select?

Passwords
Smart cards
Palm vein scanner
Fingerprinted reader

Answer 3

Palm vein scanner

Question 4

Control category that react after an incident is called

Answer 4

Corrective

Question 5

Allison is a security manager charged with investigating a recent preaching to the corporate network. What control category does this fall under

Answer 5

Detective

Question 6

O’Reillys performing a security audit for a customer and find several cases were users can access to data without a formal access approval procedure. Riley recommend a formal access approval process to fix the issue. Which grocery list that approves policies for users to gain access to data?

Answer 6

Data owner

Data owners are responsible for allowing access to data they owned. Data owners approve access policies and then operations implement some

Question 7

A company is setting up an idea that is rule-based. A rule based IDS does/contain which of the following

Answer 7

If statements

Question 8

Passive entities that subjects access are called what

Answer 8

Objects

Question 9

When it comes to providing a user with access to resources just that falls authentication is called

Answer 9

Authorization

Question 10

What type of risk exists when several Entities or orgs are involved in a project. The risk or threats are often due to the variations of objectives, expectations, timelines budgets and security priorities

Answer 10

Multiparty risk

Question 11

What is the weakness in a asset or absence of the weakness of a safeguard or countermeasure?

Answer 11

Vulnerability

Question 12

Anything used in a business process or task

Answer 12

Asset

Question 13

Being suspected to asset loss bc of a threat, there is a possibility that a vulnerability can or will be exploited

Answer 13

Exposure

Question 14

Then possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset and the severity of damage that could result

Answer 14

Risk

Question 15

Any potential Al occurrence that may cause an undesirable or unwanted outcome for an org or for specific asset

Answer 15

Threat

Question 16

When evaluating safeguards what is the rule that should be followed in most cases

Answer 16

The annual costs of safeguards should not exceed the expected annual cost of asset value loss

Question 17

What is a valid definition of risk

Answer 17

An assessment of probability, possibility or chance

Risk=threat*vulnerability

Every instance of exposure

Question 18

What is the level of natural, native or default risk that exists in an environment, system or product prior to any risk management efforts being performed

Answer 18

Inherent risk

Question 19

Phishing, hoax, watering hole and bushing are examples of social engineering attacks

Answer 19

True

Question 20

What is it when the behavior of users, objects, visitors, customers are analyzed for a specific goal or purpose

Answer 20

UEBA and UBA

Question 21

Should disabling them users account when they’re terminated as soon as possible

Answer 21

True

Question 22

What ensures that orgs providing services maintain an appropriate level of service agreed on by both the service providers, vendor or contractor and the customer org

Answer 22

SLA

Question 23

Are SLAs important when using any goer of third party services

Answer 23

True

Question 24

What is the detailed process of identifying factors that could damage or disclosure assets, evaluating those factors in light of asset value and countermeasure cost and implements ring cost effective shrinks for mitigating or reducing risk

Answer 24

Risk management

Question 25

What is the primary goal of risk management

Answer 25

Reduce risks to An acceptable level

Question 26

Risk management is composed of two primary elements

Answer 26

Risk assessment and risk response

Question 27

What occurs me could cause an undesirable or unwanted outcome for an org

Answer 27

Threat

Question 28

What intentionally exploits vulnerabilities

Answer 28

Threat agent/vectors

Question 29

Accidental occurrences and intentional exploitations of vulnerabilities

Answer 29

Threat events

Question 30

The path or means by which an attacker or attach gains access to a target in order to cause harm

Answer 30

Threat vector

Question 31

Weakness in an asset or the absence of the weakness of a safeguard

Answer 31

Vulnerability

Question 32

Susceptible to asset loss bc of a threat

Answer 32

Exposure

Question 33

Likelihood a threat will exploit a vulnerability

Answer 33

Risk

Question 34

Intentional attempted exploitation of a vulnerability

Answer 34

Attack

Question 35

Intrusion or penetration is the occurrence of a security mechanism being bypassed or thwarted by a threat agent

Answer 35

Breach

Question 36

What type of risk assessment is scenario based and not calculator based

Answer 36

Qualitative

Question 37

Quantitative risk analysis cost function s

Answer 37

AV 
EF
SLE
ARO
ALE

Question 38

What is the total amount of risk an org would Face ID no safe guards were implemented

Threats * vulnerabilities * asset value= Total risk

Answer 38

Total risks

Question 39

Total risk - control gap= residual risk

Question 40

The total cost of countermeasures should be less than the value of the asset

Answer 40

True

Question 41

The cost of countermeasures should be less that the benefit of the countermeasures

Answer 41

True

Question 42

What attacks

Exploits human behavior

Answer 42

Social engineering

It exploits human characteristics like being nice or scared