Availability can be protected through the use of redundancy, backups, and business continuity management. This is because these measures help to ensure that systems, data, and services are accessible and functional at all times, even in the event of a disruption or disaster. The other options are not directly related to protecting availability, but rather focus on enhancing confidentiality (A), integrity C, or awareness (D).
Question 2
Which of the following is the GREATEST advantage of using a virtual private network (VPN) over dedicated circuits and dial-in servers?
Answer : D
The GREATEST advantage of using a virtual private network (VPN) over dedicated circuits and dial-in servers is that it is more cost effective. This is because a VPN is a technology that creates a secure and encrypted connection between a client and a server over an existing public network, such as the Internet. A VPN reduces the cost of establishing and maintaining a secure communication channel, as it does not require any additional hardware, software, or infrastructure, unlike dedicated circuits and dial-in servers, which require dedicated lines, modems, routers, switches, etc. The other options are not the greatest advantage of using a VPN over dedicated circuits and dial-in servers, because they either involve security (A), reliability (B), or speed C aspects that may not be significantly different or better than dedicated circuits and dial-in servers.
Question 3
Which phase typically occurs before containment of an incident?
Answer : A
The phase that typically occurs before containment in an incident response is Identification. This phase involves detecting and determining the nature of the incident. It's crucial to correctly identify an incident before it can be contained, as containment strategies may vary depending on the type of incident.
Question 4
he MOST significant limitation of vulnerability scanning is the fact that modern scanners only detect:
Answer : C
The MOST significant limitation of vulnerability scanning is the fact that modern scanners only detect known vulnerabilities. This is because vulnerability scanners rely on databases or repositories of known vulnerabilities, such as CVE (Common Vulnerabilities and Exposures), to compare and identify the weaknesses or flaws in systems or applications. Vulnerability scanners cannot detect unknown vulnerabilities, such as zero-day vulnerabilities, that have not been reported or disclosed yet, and may be exploited by attackers before they are patched or fixed. The other options are not the most significant limitation of vulnerability scanning, because they either involve detecting common (A), unknown (B), or zero-day (D) vulnerabilities, which are not the capabilities or limitations of modern scanners.
Question 5
In cloud computing, which type of hosting is MOST appropriate for a large organization that wants greater control over the environment?
Answer : A
In cloud computing, the type of hosting that is MOST appropriate for a large organization that wants greater control over the environment isprivate hosting. Private hosting is a type of cloud service model where the cloud infrastructure is dedicated to a single organization and hosted either on-premise or off-premise by a third-party provider. Private hosting offers more control over the security, performance, customization, and compliance of the cloud environment than other types of hosting.
Question 6
At which layer in the open systems interconnection (OSI) model does SSH operate?
Answer : C
SSH, or Secure Shell, is a network protocol that operates at the Application layer of the OSI model. This is the topmost layer, which allows users to interact with the network through applications. SSH provides a secure channel over an unsecured network in a client-server architecture, enabling users to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.
Question 7
Which of the following is MOST critical to guiding and managing security activities throughout an organization to ensure objectives are met?
Answer : C
The MOST critical thing to guiding and managing security activities throughout an organization to ensure objectives are met is establishing metrics to measure and monitor security performance. This is because metrics provide quantifiable and objective data that can be used to evaluate the effectiveness and efficiency of security activities, as well as identify gaps and areas for improvement. Metrics also enable communication and reporting of security performance to stakeholders, such as senior management, board members, auditors, regulators, customers, etc. The other options are not as critical as establishing metrics, because they either involve spending money without knowing the return on investment (A), adopting standards without customizing them to fit the organization's context and needs (B), or conducting training without assessing its impact on behavior change (D).
Page: 1
/ 14 Total 134 questions
Unlock Full Cybersecurity-Audit-Certificate Exam Features
All Official Question Types