Podcast
Questions and Answers
What is the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
What is the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
- Supply a duress alarm for personnel exposed to the public
- Hire a guard to protect the public area (correct)
- Enclose the personnel entry area with polycarbonate plastic
- Install mantraps at the building entrances
Which of the following is a PRIMARY element in achieving information security according to the principle of defense in depth?
Which of the following is a PRIMARY element in achieving information security according to the principle of defense in depth?
- People, technology, and operations (correct)
- Certification, accreditation, and monitoring
- Prevention, detection, and remediation
- Development, testing, and deployment
What poses the GREATEST risk to data confidentiality?
What poses the GREATEST risk to data confidentiality?
- Network redundancies are not implemented
- Backup tapes are generated unencrypted (correct)
- Security awareness training is not completed
- Users have administrative privileges
From a data security perspective, what is the MOST important consideration when an organization plans to relocate?
From a data security perspective, what is the MOST important consideration when an organization plans to relocate?
What is an essential measure to enhance personnel safety in public areas?
What is an essential measure to enhance personnel safety in public areas?
Which factor contributes most significantly to preventing unauthorized access to sensitive information?
Which factor contributes most significantly to preventing unauthorized access to sensitive information?
Which destruction method provides the BEST assurance that data has been removed?
Which destruction method provides the BEST assurance that data has been removed?
Aside from potential records viewed, what should be the PRIMARY concern regarding unauthorized access to a database with financial information?
Aside from potential records viewed, what should be the PRIMARY concern regarding unauthorized access to a database with financial information?
Which of the following is a detective access control mechanism?
Which of the following is a detective access control mechanism?
In the context of data destruction, what method is NOT typically used for ensuring data removal?
In the context of data destruction, what method is NOT typically used for ensuring data removal?
When considering student access to university resources from home, what approach would require the most effort from students but still enable access?
When considering student access to university resources from home, what approach would require the most effort from students but still enable access?
What is the main purpose of ensuring that unauthorized persons cannot access the computers?
What is the main purpose of ensuring that unauthorized persons cannot access the computers?
Which method is effective for avoiding magnetic media data remanence?
Which method is effective for avoiding magnetic media data remanence?
What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?
What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?
Including a Trusted Platform Module (TPM) in a computer system design is a technique for achieving what?
Including a Trusted Platform Module (TPM) in a computer system design is a technique for achieving what?
After completing a Business Impact Analysis (BIA), what should a security professional do next following BCP/DRP best practices?
After completing a Business Impact Analysis (BIA), what should a security professional do next following BCP/DRP best practices?
What is the PRIMARY purpose of a security awareness program?
What is the PRIMARY purpose of a security awareness program?
What is the primary goal of having a Disaster Recovery Plan (DRP) in place?
What is the primary goal of having a Disaster Recovery Plan (DRP) in place?
What should Passive Infrared Sensors (PIR) used in a non-climate controlled environment do?
What should Passive Infrared Sensors (PIR) used in a non-climate controlled environment do?
Why is documenting business processes important in Business Continuity Planning (BCP)?
Why is documenting business processes important in Business Continuity Planning (BCP)?
What should individuals with access to the system do according to the text?
What should individuals with access to the system do according to the text?
Why is it important to communicate that access to information will be granted on a need-to-know basis?
Why is it important to communicate that access to information will be granted on a need-to-know basis?
What do Passive Infrared Sensors (PIR) detect in a non-climate controlled environment?
What do Passive Infrared Sensors (PIR) detect in a non-climate controlled environment?
What is the most likely cause of the inconsistent application of server security controls resulting in vulnerabilities on critical systems?
What is the most likely cause of the inconsistent application of server security controls resulting in vulnerabilities on critical systems?
What is the best first step for determining if the appropriate security controls are in place for protecting data at rest?
What is the best first step for determining if the appropriate security controls are in place for protecting data at rest?
What should an organization ensure when outsourcing a portion of their IT organization to a third-party provider's facility?
What should an organization ensure when outsourcing a portion of their IT organization to a third-party provider's facility?
Which step should be taken first when classifying information?
Which step should be taken first when classifying information?
What is a common issue that can arise due to improper documentation of security guidelines?
What is a common issue that can arise due to improper documentation of security guidelines?
Why might host-based Intrusion Prevention System (HIPS) policies be ineffective in ensuring server security?
Why might host-based Intrusion Prevention System (HIPS) policies be ineffective in ensuring server security?
