1. Which of the following is the best description of the defense-in-depth strategy?
Hiding protected resources behind multiple firewalls
Using multiple layers of security controls to protect resources
Fully securing the most important resources first
Staying current on as many known attacks as possible
2. What is the main goal of information security?
Protect information from unauthorized use
Catch as many unauthorized users as possible
Protect information from unauthorized modification
Stop anonymous users from accessing information
3. Does turning off a computer make the information it contains secure?
Yes, because no unauthorized user can access information on a computer that is turned off.
No, because the information might be copied somewhere else.
Yes, because aggressive actions always result in more secure systems.
No, because secure data must still be available to authorized users.
4. Which of the following is the best description of a security control?
A mechanism to stop attacks before they occur
A rule that defines acceptable use of a computer
A mechanism that protects a resource
A device that detects unusual activity
5. Which of the following could be classified as a logical control?
Firewall
Fence
Acceptable use policy
Smoke detector
6. Which of the following could be classified as a detective control?
Password
Door
Acceptable use policy
Log monitor
7. Which of the tenets of information security most directly serves the needs of authorized users?
Availability
Integrity
Confidentiality
None of the above
8. Which of the tenets of information security is most related to the need-to-know property?
Availability
Integrity
Confidentiality
None of the above
9. Where is the most likely place a database management system would run?
Network device
Server
Thin client
Thick client
10. Which Microsoft Windows Server 2019 edition would be most appropriate for large-scale deployment using extensive virtualization?
Datacenter
HPC
Enterprise
Web
11. According to the Microsoft EULA, what is the extent of the damages that can be recovered due to a Windows fault?
Nothing
The price paid for the software license
Actual damages incurred
Actual damages incurred plus the cost of the software license
12. Which of the following is the best definition of a threat?
Any exposure to damage
A weakness that allows damage to occur
An action that exploits a weakness
Any action that could lead to damage
13. What ransomware was released in 2017 and exploited a weakness in SMB to propagate?
LockyA
Conficker
WannaCry
CryptoLocker
14. What term describes a malicious software program that users are tricked into running?
Trojan horse
Worm
Virus
Phishing message
15. Which of the following defines the cycle used to address Windows threats and vulnerabilities?
Plan-do-review
Discovery-analysis-remediation
Design-implementation-verification
Detection-containment-eradication
3.147.62.94