assignment quiz module 14 cybersecurity resilience

Quiz: Module 14 Cybersecurity Resilience

Mary Alice has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?

There's no tags or description

Looks like no one added any tags here yet for you.

a. Disaster recovery planning

Which of the following is NOT an element that should be part of a BCP?

d. Robustness

Which of the following is a federal initiative that is designed to encourage organizations to address how critical operations will continue under a broad range of negative circumstances?

A BIA can be a foundation for which of the following?

d. Functional recovery plan

Which of the following will a BIA NOT help determine?

c. Percentage availability of systems

Which of these is NOT a factor in determining restoration order?

d. Speed of implementation

What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?

Which of the following is NOT true about RAID?

b. It is designed primarily to backup data.

Linnea is researching a type of storage that uses a single storage device to serve files over a network and is relatively inexpensive. What type of storage is Linnea researching?

Which of the following is a document that outlines specific requirements or rules that must be met?

What device is always running off its battery while the main power runs the battery charger?

a. Online UPS

Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?

a. Hot site

Which of the following can a UPS NOT perform?

b. Prevent certain applications from launching that will consume too much power

What is a definition of RPO?

d. The maximum length of time that can be tolerated between backups

What does an incremental backup do?

a. Copies all files changed since the last full or incremental backup

Molly needs to access a setting in Microsoft Windows Group Policy to change the type of a network to which a computer is attached. Which setting must Molly change?

a. Network Location

Thea has received a security alert that someone in London attempted to access the email account of Sigrid, who had accessed it in Los Angeles one hour before. What feature determined an issue and send this alert to Thea?

a. Impossible Travel

Which of the following is NOT used to identify or enforce what mobile devices can do based on the location of the device?

d. Geo-spatial

Margaux is reviewing the corporate policy that stipulates the processes to be followed for implementing system changes. Which policy is she reviewing?

a. Change control policy

Which commercial data classification level would be applied to a data set of the number of current employees at an organization and would only cause a small amount of harm if disclosed?

Explore top notes

Explore top flashcards.

Pardon Our Interruption

As you were browsing something about your browser made us think you were a bot. There are a few reasons this might happen:

• You've disabled JavaScript in your web browser.
• You're a power user moving through this website with super-human speed.
• You've disabled cookies in your web browser.
• A third-party browser plugin, such as Ghostery or NoScript, is preventing JavaScript from running. Additional information is available in this support article .

To regain access, please make sure that cookies and JavaScript are enabled before reloading the page.

• Find Flashcards
• Why It Works
• Tutors & resellers
• Content partnerships
• Teachers & professors
• Employee training

Brainscape's Knowledge Genome TM

Entrance exams, professional certifications.

• Foreign Languages
• Medical & Nursing

Humanities & Social Studies

Mathematics, health & fitness, business & finance, technology & engineering, food & beverage, random knowledge, see full index.

IT & Data Assurance I (IST293) > Module 15: Risk Management & Data Privacy Q > Flashcards

Module 15: Risk Management & Data Privacy Q Flashcards

Which control discourages security violations before their occurrence?

Deterrent control

A deterrent control attempts to discourage security violations before they occur

The risk of DDoS attacks, SQL injection attacks, phishing, etc., is classified under which threat category?

Technical threats are events that affect information technology systems

Which of the following types of risk would organizations being impacted by an upstream organization’s vulnerabilities be classified as?

Multiparty risk

Multiparty risk is the impact that one organization’s vulnerabilities can have on other organizations connected to it

You are the cybersecurity chief of an enterprise. A risk analyst new to your company has come to you about a recent report compiled by the team’s lead risk analyst. According to the new analyst, the report overemphasizes the risk posed by employees who currently have broad network access and puts too much weight on the suggestion to immediately limit user access as much as possible. According to the new analyst, not only does the report not mention the risk posed by a hacktivist group that has successfully attacked other companies in the same industry, it doesn’t mention data points related to those breaches and your company’s risk of being a future target of the group.

How should you address this issue so that future reports and risk analyses are more accurate and cover as many risks as needed?

You should implement risk control self-assessment

Risk control self-assessment (RCSA) is an “empowering” methodology that limits unconscious biases by having management and staff at all levels collectively work to identify and evaluate risks

Which of the following can be done to obfuscate sensitive data?

Data masking involves creating a copy of the original data by obfuscating any sensitive elements

Your company has hired a contractor to build fences surrounding the office building perimeter and install signs that say “premises under 24-hour video surveillance.” When do these controls occur?

The fence and the signs should both be installed before an attack

Perimeter fences are physical control, and surveillance camera warnings are deterrent control. Both of these control types occur before an attack

Several quantitative tools like mean time between failure (MTBF), mean time to recovery (MTTR), mean time to failure (MTTF), and failure in time (FIT) can be used to predict the likelihood of the risk. Which of these tools perform similar functions?

MTBF and FIT

The mean time between failure (MTBF) calculates the average (mean) amount of time until a component fails, cannot be repaired, and must be replaced. The failure in time (FIT) calculation is another way of reporting MTBF. FIT can report the number of expected failures per one billion hours of operation for a device

In a security review meeting, you are asked to calculate the single loss expectancy (SLE) of an enterprise building worth $100,000,000, 75% of which is likely to be destroyed by a flood. Flood insurance data suggest that a severe flood is likely to occur once every 100 years. Which formula should you use to calculate the SLE?

100,000,000 * 0.75

Single loss expectancy is calculated when the asset value (100,000,000) is multiplied by the exposure factor (0.75)

Which of the following types of risk control occurs during an attack?

Detective control

Detective control is used to identify an attack while the attack is occurring

Which risk remains after additional controls are applied?

Residual risk

Residual risk is the risk level that remains after additional controls are applied

In a security review meeting, you are asked to implement a detective control to ensure enhanced security during an attack. Which of the following actions should you take?

Install motion detection sensors in strategic areas

Installing motion detection sensors is a detective control that can identify threats that have reached the system

In 2016, your enterprise issued an end-of-life notice for a product. In 2020, an end-of-service notice was issued for the same product. What does this mean?

Your company stopped manufacturing a product in 2016, and all maintenance services for the product stopped in 2020

An end-of-life notice is issued when a company stops manufacturing a product, and an end-of-service notice is issued when a company stops all support for the product

In an interview, you are asked to explain how gamification contributes to enterprise security. How should you reply?

Instructional gaming can train employees on the details of different security risks while keeping them engaged

Gamification is the process of using game-based scenarios for instruction. Security training can often include gamification in an attempt to heighten the interest and retention of the learner

You are the chief security administrator in your enterprise. You are asked to train every employee, from top-level officers to front gate security officers, to make them aware of various security risks. Which of the following training techniques should you use?

Role-based awareness training

Role-based training involves specialized training customized to the specific role that an employee holds in the organization. This technique best fits in this scenario because so many different levels of employees are involved

What does the end-of-service notice indicate?

The enterprise will no longer offer support services for a product

End-of-service (EOS) indicates the end of support when the manufacturer quits selling a piece of equipment and no longer provides maintenance services or updates after a specific date

Your enterprise’s employees prefer a kinesthetic learning style for increasing their security awareness. How should you train them?

Give employees a hands-on experience of various security constraints

Hands-on approaches are good for kinesthetic learning, which is preferred by the employees

How do phishing simulations contribute to enterprise security?

Phishing simulations train employees on how to recognize phishing attacks

Phishing simulations can be used to help employees recognize phishing emails and counteract phishing attacks

In an interview, you are asked to differentiate between data protection and data privacy. How should you differentiate between data protection and data privacy?

Data protection involves securing data against unauthorized access, while data privacy is concerned with authorized data access

Data protection secures data against unauthorized access, and data privacy makes data accessible only to authorized persons

You were hired by a social media platform to analyze different user concerns regarding data privacy. After conducting a survey, you found that the concern of a majority of users is personalized ads. Which of the following should you mention in your report as a major concern?

Individual inconveniences

User concerns with using personal data for personalized ads are individual inconveniences

Why can the accuracy of data collected from users not be verified?

Users have no right to correct or control the information gathered

The accuracy of data cannot be verified because the users have no right to correct or control what information is gathered

Which data category can be accessed by any current employee or contractor?

Proprietary

Proprietary data belongs to the enterprise and can be made available to any current employee or contractor

In a security review meeting, you are asked to appropriately handle the enterprise’s sensitive data. How should you configure the security of the data?

Give access only to employees who need and have been approved to access it

Access to sensitive data is only given to employees who have a business need for accessing the data and have been approved

The protection of which of the following data type is mandated by HIPAA?

Health information

The Health Insurance Portability and Accountability Act (HIPAA) mandates that protected health information is kept secure

Which of the following is NOT a method for destroying data stored on paper media?

Degaussing permanently destroys an entire magnetic drive by reducing or eliminating the magnetic field

When your enterprise’s collected data information life cycle ended, you were asked to destroy the data stored on magnetic storage devices. Which of the following techniques should you use to destroy the data?

Degauss the data

Degaussing permanently destroys the entire magnetic drive by reducing or eliminating the magnetic field

You are assigned to destroy the data stored in electrical storage by degaussing. You need to ensure that the drive is destroyed. What should you do before degaussing so that the destruction can be verified?

You should wipe the data before degaussing

Wiping overwrites the disk space with zeroes or random data. It will destroy the entirety of the data, which can verify its destruction

How does pseudo-anonymization contribute to data privacy?

Pseudo-anonymization obfuscates sensitive data elements

Pseudo-anonymization obfuscates sensitive data elements so that sensitive information is not exposed

After reviewing the data collection procedures in your organization, a court ordered you to issue a document that specifies how the organization uses the collected personal information. This document must be displayed to the user before allowing them to share personal data. Which of the following documents should you prepare?

Privacy notice

A privacy notice that outlines how an organization uses the personal information it collects

Which of the following methods can be used to destroy data on paper?

Pulping breaks paper back into wood cellulose fibers after the ink is removed

What should be done when the information life cycle of the data collected by an organization ends?

Destroy the data

When the information life cycle ends, data should be destroyed

IT & Data Assurance I (IST293) (15 decks)

• Module 1 - Introduction to Security
• Module 2: Threat Management & Cybersecurity Resources
• Module 4: Endpoint & Application Development Security
• Module 5 - Mobile, Embedded, & Specialized Device Security
• Module 11 - Wireless Network Security Q
• Module 12 - Authentication Q
• Module 13: Incident Preparation, Response, & Investigation Q
• Module 14: Cybersecurity Resilience Q
• Module 15: Risk Management & Data Privacy Q
• Module 1: Introduction to Security Q
• Module 2: Threat Management & Cybersecurity Resources Q
• Module 3: Threats & Attacks on Endpoints Q
• Module 4: Endpoint & Application Development Security Q
• Module 5: Mobile, Embedded, & Specialized Device Security Q
• Module 6: Basic Cryptography Q
• Corporate Training
• Teachers & Schools
• Android App
• Help Center
• Law Education
• All Subjects A-Z
• All Certified Classes
• Earn Money!

assignment quiz module 14 cybersecurity resilience