1. The principal problems associated with employee behavior related to security are errors and omissions, ____, and actions by disgruntled employees"

A: Absenteeism

B: Cursing

C: Indifference

D: Fraud

2. The results of the risk analysis should be documented in a___

A: none of the above

B: risk register

C: journal

D: consequence

3. is the amount of risk associated remaining after natural or inherent risks have been reduced by new risk controls___

A: Residual risk

B: Critical risk

C: Governance risk

D: Organizational risk

4. The ISO Security Management Model comprises of the following steps

A: Detect, Deflect, Check, Execute

B: Plan, Do, Check, Act

C: Protect, Deflect, Check, Attack

D: Prevent, Defend, Commit, Act

5. The goal of the _______ function is to ensure that all information destined for the incident handling service is channeled through a single focal point

A: Detection

B: Triage

C: Maintenance

D: Audit

6. __ makes sure that data is not changed when it is not supposed to be

A: Accounting

B: Integrity

C: Availability

D: Confidentiality

7. ____describes the probability that a threat to an IT system can materialize

A: Vulerability

B: Threat

C: Hole O

D: Risk

8. CSIRT is not responsible for______

A: Minimizing loss and destruction

B: Rapidly detecting incidents

C: Formulating policies

D: Mitigating the weaknesses that were exploited

9. Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.

A. cost analysis B. cost-benefit analysis C. benefit analysis D. quarantine exercise

10. A(n) ____is an action, device, procedure, or technique that reduces a threat by preventing it or by minimizing the harm it can cause.

A: protocol

B: attack

C: adversary

D: countermeasure

11. ________ need training on the development of risk management goals, means of measurement, and the need to lead by example in the area of security awareness.

A: Testers

B: Designers

C: Executives

D: Trainers

12. The risk treatment alternative that shares the responsibility for the risk with a third party is known as____

A: Risk Compliance

B: Risk Acceptance

C: Risk Transfer

D: Risk Avoidance

13. ____is a type of biometric authentication for identifying a person to access confidential data

A: Password

B: Fingerprint

C: Radiokey fob

D: Smartcard

14. You have implemented controls preserving authorized restrictions on information access. The purpose of the controls is to ensure____

A: Integrity

B: Copy Right

C: Authorization

D: Data Confidentiality

15. Security awareness programs can serve as a deter disgruntled employees by increasing the awareness of their_____ and of potential penalties

A: liability

B: regulations

C: accountability

D: incidents

16. The scope that the hacker can use to break into a system is also called as____

A: Defense in Depth

B: Risk Mitigation

C: Scope

D: Creep

17. The intent of the _____is to provide a clear overview of how an organizationOs IT infrastructure supports its overall business objectives

A: Threat assessment

B: Risk register

C: Corporate security policy

D: Vulnerability source

18. An individual is first___with the network before they are authorized to access resources on the network

A: Authenticated

B: Hardened

C: Screened

D: Blocked

19: The ______ prevents or inhibits the normal use or management of communications facilities

A: denial of service

B: passive attack

C: traffic encryption

D: masquerade

20: Attempt to prevent people from being able to see information is_____

A: Layering

B: Least Privilege

C: Open Design

D: Encapsulation