____________ refers to keeping information confidential that is personally identifiable or which might
cause harm, embarrassment, or disgrace to someone if revealed. - ✔ ✔ Privacy
A main objective of awareness training is: - ✔ ✔ Provide understanding of responsibilities
A portion of the ______________ is the logical and practical investigation of business pro- cesses and
organizational policies. This process/policy review ensures that the stated and implemented business
tasks, systems, and methodologies are practical, efficient, cost-effec- tive, but most of all (at least in
relation to security governance) that they support security through the reduction of vulnerabilities and
the avoidance, reduction, or mitigation of risk. - ✔ ✔ Risk aversion process
A risk management project may be subject to overlooking certain types of threats. What can assist the
risk management team to prevent that? - ✔ ✔ Automated tools
A security program cannot address which of he following business goals? - ✔ ✔ Accuracy of
Information
A Type B fire extinguisher may use all except which of the following suppression mediums? - ✔ ✔
Water
Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to
convert from RSA to an elliptic curve cryptosystem. If it wants to maintain the same cryptographic
strength, what ECC key length should it use? - ✔ ✔ 160 bits
Alice would like to send a message to Bob using an asymmetric cryptography algorithm. What key
should she use to encrypt the message? - ✔ ✔ Bob's public key
All but which of the following items requires awareness for all individuals affected? - ✔ ✔ The
backup mechanism used to retain email messages
An information security policy does NOT usually include: - ✔ ✔ Guidelines for how to implement
policy
An organization has a datacenter manned 24 hours a day that processes highly sensi- tive information.
The datacenter includes email servers, and administrators purge email older than six months to comply
with the organization's security policy. Access to the datacenter is controlled, and all systems that
process sensitive information are marked. Administrators routinely back up data processed in the
datacenter. They keep a copy of the backups on site and send an unmarked copy to one of the company
ware- houses. Warehouse workers organize the media by date, and they have backups from the last 20
,years. Employees work at the warehouse during the day and lock it when they leave at night and over
the weekends. Recently a theft at the warehouse resulted in the loss of all of the offsite backup tapes.
Later, copies of their data, including sensitive emails from years ago, began appearing on Internet sites,
exposing the org - ✔ ✔ Mark the tapes before sending them to the warehouse.
An organization has a datacenter manned 24 hours a day that processes highly sensi- tive information.
The datacenter includes email servers, and administrators purge email older than six months to comply
with the organization's security policy. Access to the datacenter is controlled, and all systems that
process sensitive information are marked. Administrators routinely back up data processed in the
datacenter. They keep a copy of the backups on site and send an unmarked copy to one of the company
ware- houses. Warehouse workers organize the media by date, and they have backups from the last 20
years. Employees work at the warehouse during the day and lock it when they leave at night and over
the weekends. Recently a theft at the warehouse resulted in the loss of all of the offsite backup tapes.
Later, copies of their data, including sensitive emails from years ago, began appearing on Internet sites,
exposing the org - ✔ ✔ Record retention
An organization has a datacenter manned 24 hours a day that processes highly sensi- tive information.
The datacenter includes email servers, and administrators purge email older than six months to comply
with the organization's security policy. Access to the datacenter is controlled, and all systems that
process sensitive information are marked. Administrators routinely back up data processed in the
datacenter. They keep a copy of the backups on site and send an unmarked copy to one of the company
ware- houses. Warehouse workers organize the media by date, and they have backups from the last 20
years. Employees work at the warehouse during the day and lock it when they leave at night and over
the weekends. Recently a theft at the warehouse resulted in the loss of all of the offsite backup tapes.
Later, copies of their data, including sensitive emails from years ago, began appearing on Internet sites,
exposing the org - ✔ ✔ Use a secure offsite storage facility.
An organization is implementing a preselected baseline of security controls, but finds not all of the
controls apply. What should they do? - ✔ ✔ Tailor the baseline to their needs
At what voltage level can static electricity cause destruction of data stored on hard drives? - ✔ ✔
1,500
Bob receives a message from Alice that she sent using an asymmetric cryptography algorithm. What key
should he use to decrypt the message? - ✔ ✔ Bob's private key
Data classification can assist an organization in: - ✔ ✔ Reducing costs for protecting data
Data classifications are used to focus security controls over all but which of the following? - ✔ ✔
Layering
Dave is developing a key escrow system that requires multiple people to retrieve a key but does not
depend on every participant being present. What type of technique is he using? - ✔ ✔ M of N
control
, Ensure important datasets are developed, maintained, and accessible within their defined specifications.
- ✔ ✔ Data custodians
Entails analyzing the data that the organization retains, determining its importance and value, and then
assigning it to a category. - ✔ ✔ Data classification
For what type of information system security accreditation are the applications and systems at a
specific, self-contained location evaluated? - ✔ ✔ Site accreditation
Gina is sending an encrypted message to her colleague, Eric. She would like to ensure that the message
is confidential and also that Eric can prove that the message came from her. Therefore, she would like to
both encrypt the message content and apply a digital signature to the message.
What goal of cryptography is Gina seeking to achieve by applying the digital signature? - ✔ ✔ Non-
repudiation
Gina is sending an encrypted message to her colleague, Eric. She would like to ensure that the message
is confidential and also that Eric can prove that the message came from her. Therefore, she would like to
both encrypt the message content and apply a digital signature to the message.
What key should Eric use to validate the digital signature? - ✔ ✔ Gina's public key
Gina is sending an encrypted message to her colleague, Eric. She would like to ensure that the message
is confidential and also that Eric can prove that the message came from her. Therefore, she would like to
both encrypt the message content and apply a digital signature to the message.
What key should Gina use to create the digital signature? - ✔ ✔ Gina's private key
Gina is sending an encrypted message to her colleague, Eric. She would like to ensure that the message
is confidential and also that Eric can prove that the message came from her. Therefore, she would like to
both encrypt the message content and apply a digital signature to the message.
What key should Gina use to encrypt the message payload? - ✔ ✔ Eric's public key
Gina is sending an encrypted message to her colleague, Eric. She would like to ensure that the message
is confidential and also that Eric can prove that the message came from her. Therefore, she would like to
both encrypt the message content and apply a digital signature to the message.
