Home > Articles

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Exam Prep Questions

  1. Which of the following levels best represents the military classification system?

    cir.jpg A. Confidential, private, sensitive, and public

    cir.jpg B. Top secret, secret, private, sensitive, and public

    cir.jpg C. Top secret, confidential, private, sensitive, and unclassified

    cir.jpg D. Top secret, secret, confidential, sensitive, and unclassified

  2. Which of the following standards describes how well a system or process is documented?

    cir.jpg A. ISO 27001

    cir.jpg B. ISO 9001

    cir.jpg C. ISO 27002

    cir.jpg D. ISO 17799

  3. Which of the following endpoint security controls could have been used to potentially prevent malware such as Stuxnet, Conficker, and Flame?

    cir.jpg A. Implementing disk encryption

    cir.jpg B. Hardening edge devices

    cir.jpg C. Blocking removable media

    cir.jpg D. Enforcing application whitelisting

  4. Place the following in their proper order:

    cir.jpg A. Determine SLE, ARO, and ALE, then asset value.

    cir.jpg B. Determine asset value, then ARO, SLE, and ALE.

    cir.jpg C. Determine asset value, then SLE, ALE, and SLE.

    cir.jpg D. Determine asset value, then SLE, ARO, and ALE.

  5. The downside of performing this type of assessment is that you are not working with dollar values, so it is sometimes harder to communicate the results of the assessment to management. Which of the following assessment types does this describe?

    cir.jpg A. Qualitative

    cir.jpg B. Quantitative

    cir.jpg C. Numeric mitigation

    cir.jpg D. Red team

  6. Which of the following categories of control can include the logical mechanisms used to control access and authenticate users?

    cir.jpg A. Administrative

    cir.jpg B. Clerical

    cir.jpg C. Technical

    cir.jpg D. Physical

  7. Which of the following is incorrect when describing an SED?

    cir.jpg A. Eases compliance

    cir.jpg B. Slow performance

    cir.jpg C. Ease of use

    cir.jpg D. Strong security

  8. Which of the following is the top level of protection for commercial business classification?

    cir.jpg A. Secret

    cir.jpg B. Confidential

    cir.jpg C. Top secret

    cir.jpg D. Private

  9. Which of the following is the most specific of security documents?

    cir.jpg A. Procedures

    cir.jpg B. Standards

    cir.jpg C. Policies

    cir.jpg D. Baselines

  10. The last thing you want in an organization is that everyone is accountable but no one is responsible. Therefore, the data owner should be in which of the following groups?

    cir.jpg A. End users

    cir.jpg B. Technical managers

    cir.jpg C. Senior management

    cir.jpg D. Everyone is responsible; therefore, all groups are owners

  11. Which term best describes a symbol, word, name, sound, or thing that uniquely identifies a product or service?

    cir.jpg A. Trade secret

    cir.jpg B. Copyright

    cir.jpg C. Patent

    cir.jpg D. Trademark

  12. After opening a new branch in the Midwest your company is analyzing buying patterns to determine the relationship between various items purchased. Which of the following best describes this situation?

    cir.jpg A. Data mining

    cir.jpg B. Knowledge management

    cir.jpg C. Data warehouse

    cir.jpg D. Data standards

  13. Which ISO document is used for a standard for information security management?

    cir.jpg A. ISO 27001

    cir.jpg B. ISO 27002

    cir.jpg C. ISO 27004

    cir.jpg D. ISO 27799

  14. Which of the following SAN solutions is fast, rides on top of Ethernet, yet is non-routable?

    cir.jpg A. SCSI

    cir.jpg B. iSCSI

    cir.jpg C. HBA

    cir.jpg D. FCoE

  15. Who is ultimately responsible for the security of an asset?

    cir.jpg A. Asset owner

    cir.jpg B. Auditor

    cir.jpg C. Custodian

    cir.jpg D. Risk assessment team

  • + Share This
  • 🔖 Save To Your Account