IT Certification Exam Questions

Play an AI-generated podcast conversation about this lesson

What is the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

Supply a duress alarm for personnel exposed to the public

Hire a guard to protect the public area (correct)

Enclose the personnel entry area with polycarbonate plastic

Install mantraps at the building entrances

Which of the following is a PRIMARY element in achieving information security according to the principle of defense in depth?

People, technology, and operations (correct)

Certification, accreditation, and monitoring

Prevention, detection, and remediation

Development, testing, and deployment

What poses the GREATEST risk to data confidentiality?

Network redundancies are not implemented

Backup tapes are generated unencrypted (correct)

Security awareness training is not completed

Users have administrative privileges

From a data security perspective, what is the MOST important consideration when an organization plans to relocate?

Ensure fire prevention and detection systems are sufficient to protect personnel Signup and view all the answers

What is an essential measure to enhance personnel safety in public areas?

Establishing emergency response protocols Signup and view all the answers

Which factor contributes most significantly to preventing unauthorized access to sensitive information?

Implementing role-based access control measures Signup and view all the answers

Which destruction method provides the BEST assurance that data has been removed?

Shredding Signup and view all the answers

Aside from potential records viewed, what should be the PRIMARY concern regarding unauthorized access to a database with financial information?

Unauthorized database changes Signup and view all the answers

Which of the following is a detective access control mechanism?

Log review Signup and view all the answers

In the context of data destruction, what method is NOT typically used for ensuring data removal?

Knurling Signup and view all the answers

When considering student access to university resources from home, what approach would require the most effort from students but still enable access?

Purchasing VPN-capable routers Signup and view all the answers

What is the main purpose of ensuring that unauthorized persons cannot access the computers?

To ensure management knows what users are logged on Signup and view all the answers

Which method is effective for avoiding magnetic media data remanence?

Degaussing Signup and view all the answers

What is the MOST important purpose of testing the Disaster Recovery Plan (DRP)?

Validating the effectiveness of the plan Signup and view all the answers

Including a Trusted Platform Module (TPM) in a computer system design is a technique for achieving what?

Establish a secure initial state Signup and view all the answers

After completing a Business Impact Analysis (BIA), what should a security professional do next following BCP/DRP best practices?

Identify and select recovery strategies Signup and view all the answers

What is the PRIMARY purpose of a security awareness program?

Ensure that everyone understands the organization's policies and procedures. Signup and view all the answers

What is the primary goal of having a Disaster Recovery Plan (DRP) in place?

To enable the organization to recover from disasters efficiently Signup and view all the answers

What should Passive Infrared Sensors (PIR) used in a non-climate controlled environment do?

Automatically compensate for variance in background temperature. Signup and view all the answers

Why is documenting business processes important in Business Continuity Planning (BCP)?

Provides an understanding of the organization's interdependencies. Signup and view all the answers

What should individuals with access to the system do according to the text?

Sign Non-Disclosure Agreements (NDA). Signup and view all the answers

Why is it important to communicate that access to information will be granted on a need-to-know basis?

To restrict unnecessary access and protect sensitive information. Signup and view all the answers

What do Passive Infrared Sensors (PIR) detect in a non-climate controlled environment?

Objects of a specific temperature independent of the background temperature. Signup and view all the answers

What is the most likely cause of the inconsistent application of server security controls resulting in vulnerabilities on critical systems?

A lack of baseline standards Signup and view all the answers

What is the best first step for determining if the appropriate security controls are in place for protecting data at rest?

Conduct a risk assessment Signup and view all the answers

What should an organization ensure when outsourcing a portion of their IT organization to a third-party provider's facility?

The third party's physical security controls are in place and as rigorous as the original controls Signup and view all the answers

Which step should be taken first when classifying information?

Ensure information is labeled with appropriate sensitivity levels Signup and view all the answers

What is a common issue that can arise due to improper documentation of security guidelines?

Difficulty in enforcing security policies Signup and view all the answers

Why might host-based Intrusion Prevention System (HIPS) policies be ineffective in ensuring server security?

They lack integration with other security controls Signup and view all the answers