Isaca

CSX-F
Cyber Security Fundamentals

QUESTION & ANSWERS

https://www.genuinedumps.com/
 1. Integrity

A. Protection from unauthorized access. One of the three governing principles of cyber
security
B. A piece of malware that gains access to a targeted system by hiding within a genuine
application.
C. Hides malicious processes to prevent detection, modifies the underlying operating
system.
D. Protection from unauthorized modification. One of the three governing principles of
cyber security

 Answer : D

2. Identity management

A. Maintaining the configuration of network devices, Systems applications and other IT resources
to ensure security controls are properly installed and maintained.
B. Protection from unauthorized access. One of the three governing principles of cyber security
C. A collective and common infrastructure, including directory services, authentication services,
authorization services, centralizes and standardizes integration of business process and
technology, so that it becomes consistent in common service across the organization
D. A vulnerability that is exploited before the software creator or vendor is even aware of its
existence

 Answer : C

3. 1. Identify
4. 2. protect
5. 3. detect
6. 4. respond
7. 5. Recover

A. What are the three elements of the cyber security role?

B. What are the three approaches to cybersecurity
C. Five key functions necessary for the protection of digital assets
D. What are the three components of cybersecurity?

 Answer: C

4. Designed to present advertisements (generally unwanted) to users.

A. Malware

https://www.genuinedumps.com/
 B. Spear Phishing
C. Adware
D. Spyware

 Answer : C

5. Denial of service attack

A. Attack strategy in which the attacker intersects the communication stream between two parts
of the victim system and then replaces the traffic between the two components with the
intruders own, eventually assuming control of the communication
B. An attack where social engineering techniques are used to masquerade as a trusted party to
obtain important information such as passwords from the victim
C. An assault on the service from a single source that floods it with so many request that it
becomes overwhelmed and is either stopped completely or operates at a significantly reduced
rate.
D. And attack made by trying all possible combinations of passwords or encryption keys until the
correct one is found.

 Answer: C

6. When a program or process tries to store more data in a buffer (temporary data storage area) than it
was intended to hold.

A. Zero-Day
B. Exploit Buffer
C. overflow Inherent
D. Risk Authorization

Answer : D
7. Access lists

A. The risk level or exposure without taking into account the actions that management has taken
or might take.
B. Filler traffic at router interfaces based on specific criteria, the supporting basic network security.
Without this, all packets pass
C. Ensures that changes to processes, systems, software, applications, platforms and
configurations are introduced in orderly, controlled manner.
D. A register of users (including groups, machines and processes) Who have permission to use a
particular system resource.

 Answer: B

https://www.genuinedumps.com/
8. A weakness in the design, implementation, operation or internal control of a process that could
expose the system to adverse threats from threat events

A. Vulnerability
B. Confidentiality
C. Authorization
D. Change Management

 Answer: A

9. An attack where social engineering techniques are used to masquerade as a trusted party to
obtain important information such as passwords from the victim.
A. Denial of service attack
B. Spear Phishing
C. Advanced Persistent Threats (APTs)
D. Man in the middle attack

 Answer: B

10. Backdoor

A. A means of regaining access to a compromised system by installing software or configuring

existing software to enable remote access under attacker defined conditions.
B. A large automated and distributed network previously compromised computers that can be
simultaneously controlled to launch large-scale attacks such as denial of service
C. When a program or process tries to store more data in a buffer (temporary data storage area)
than it was intended to hold.
D. Something of either tangible or intangible value that is worth protecting, including people,
information, infrastructure, finances and reputation

 Answer: A

11. Designed to gain access to targeted computer systems, still information, or disrupt computer
operations

https://www.genuinedumps.com/
 A. Brute Force Attack
B. Spyware
C. Adware
D. Malware

 Answer: D

12. Rootkit

A. Protection from unauthorized modification. One of the three governing principles of

cyber security
B. Hides malicious processes to prevent detection, modifies the underlying operating
system.
C. Anything that is capable of acting against an asset in a manner that can result in harm
D. Protection from unauthorized access. One of the three governing principles of cyber
security

 Answer: B

13. What are the three approaches to cybersecurity?

A. Solutions to software programming errors.

B. B.1) compliance based

2) Risk based

3) ad hoc

C. Governance

2) Risk

3) Compliance

D. 1) build and maintain a secure network

2) Protect card holder data

3) Maintain a vulnerability management program

4) Implement strong access control measures

5) Regularly monitor and test networks

6) Maintain an information security policy

https://www.genuinedumps.com/
 Answer: B

14. Ensures that changes to processes, systems, software, applications, platforms and
configurations are introduced in orderly, controlled manner.

A. Change Management
B. Social Engineering
C. Access lists
D. Vulnerability

 Answer: A

15. Asset

A. Something of either tangible or intangible value that is worth protecting, including

people, information, infrastructure, finances and reputation
B. A large automated and distributed network previously compromised computers that
can be simultaneously controlled to launch large-scale attacks such as denial of service
C. Anything that is capable of acting against an asset in a manner that can result in harm
D. A means of regaining access to a compromised system by installing software or
configuring existing software to enable remote access under attacker defined
conditions.

 Answer: A

16. Access control lists

A. When a program or process tries to store more data in a buffer (temporary data storage
area) than it was intended to hold.
B. A register of users (including groups, machines and processes) Who have permission to
use a particular system resource.
C. Filler traffic at router interfaces based on specific criteria, the supporting basic network
security. Without this, all packets pass
D. A piece of malware that gains access to a targeted system by hiding within a genuine
application.

 Answer: B

https://www.genuinedumps.com/
17. Man in the middle attack

A. Attack strategy in which the attacker intersects the communication stream between two
parts of the victim system and then replaces the traffic between the two components
with the intruders own, eventually assuming control of the communication
B. Attacks by an adversary who possesses sophisticated levels of expertise and significant
resources, which allow the attacker to create opportunities to achieve its objective,
using multiple attack vectors.
C. And attack made by trying all possible combinations of passwords or encryption keys
until the correct one is found.
D. A type of electronic mail attack that attempts to convince the user that the originator is
genuine, but with the intention of obtaining information for use in social engineering.

 Answer: A

18. What are the six control objectives of PCI DSS?

A. 1) identify
2) protect
3) detect
4) respond
5) recover

B. 1) build and maintain a secure network

2) protect card holder data
3) maintain a vulnerability management program
4) implement strong access control measures
5) regularly monitor and test networks
6) maintain an information security policy

C. 1) compliance based

2) risk based

3) ad hoc

D. A collective and common infrastructure, including directory services, authentication

services, authorization services, centralizes and standardizes integration of business
process and technology, so that it becomes consistent in common service across the
organization

 Answer: B

https://www.genuinedumps.com/
19. Defines groups of functionality required for network computers into layers with each layer
implementing standard protocol for its functionality,

A. Privileged user management

B. Configuration management
C. Provisioning and Deprovisioning
D. Open Systems Interface (OSI)

 Answer: D

20. A large automated and distributed network previously compromised computers that can be
simultaneously controlled to launch large-scale attacks such as denial of service.
A. Trojan Horses
B. Botnets
C. Vulnerability
D. Rootkit

 Answer: B

21. Advanced Persistent Threats (APTs)

A. Attacks by an adversary who possesses sophisticated levels of expertise and significant

resources, which allow the attacker to create opportunities to achieve its objective, using
multiple attack vectors.
B. An assault on the service from a single source that floods it with so many request that it
becomes overwhelmed and is either stopped completely or operates at a significantly
reduced rate.
C. Designed to present advertisements (generally unwanted) to users.
D. Gathers information about a person or organization without the knowledge of that person
or organization

 Answer: A

22. Phishing

A. An attack where social engineering techniques are used to masquerade as a trusted party to
obtain important information such as passwords from the victim
B. An assault on the service from a single source that floods it with so many request that it
becomes overwhelmed and is either stopped completely or operates at a significantly reduced
rate.

https://www.genuinedumps.com/
C. A type of electronic mail attack that attempts to convince the user that the originator is genuine,
but with the intention of obtaining information for use in social engineering.
D. Attack strategy in which the attacker intersects the communication stream between two parts
of the victim system and then replaces the traffic between the two components with the
intruders own, eventually assuming control of the communication

 Answer: C

23. Trojan Horses

A. When a program or process tries to store more data in a buffer (temporary data storage area)
than it was intended to hold.
B. Used for access control and requires that the system be able to identify and differentiate among
users Protection from unauthorized modification.
C. One of the three governing principles of cyber security
D. A piece of malware that gains access to a targeted system by hiding within a genuine
application.

 Answer: D

24. Maintaining the configuration of network devices, systems applications and other IT resources
to ensure security controls are properly installed and maintained.
A. Configuration management
B. Vulnerability Access
C. control lists
D. Privileged user management

 Answer: A

25. Virus

A. A means of regaining access to a compromised system by installing software or configuring

existing software to enable remote access under attacker defined conditions.
B. Piece of code that can replicate itself and spread from one computer to another. It requires
intervention or execution to replicate and/or cause damage
C. Something of either tangible or intangible value that is worth protecting, including people,
information, infrastructure, finances and reputation

https://www.genuinedumps.com/
D. A piece of self-replicating code designed to spread itself across computer networks. It does not
require intervention for execution to replicate.

 Answer: B

26. Locks or encrypts data or functions and demands a payment to unlock them.

A. Residual Risk
B. Ransomware
C. Authorization
D. Key logger

 Answer: B

27. Container, that delivers the exploit to the target

A. Payload
B. Ransomware
C. Botnets
D. Threat

 Answer: A

28. Link File

A. container, that delivers the exploit to the target

B. Propagates copies of the worm
C. Protection from unauthorized modification. One of the three governing principles of cyber
security
D. Locks or encrypts data or functions and demands a payment to unlock them

https://www.genuinedumps.com/
 Answer: B

29. Confidentiality
A. Protection from unauthorized modification. One of the three governing principles of cyber
security
B. Used for access control and requires that the system be able to identify and differentiate among
users
C. Any attempt to exploit social vulnerabilities to gain access to information and or systems,
involves a "con game."
D. Protection from unauthorized access. One of the three governing principles of cyber security

 Answer: D

30. Residual Risk

A. The risk level or exposure without taking into account the actions that management has taken
or might take.
B. Secretly records user keystrokes and, in some cases, screen content.
C. The remaining risk after management has implemented at risk response
D. Hides malicious processes to prevent detection, modifies the underlying operating system.

 Answer: C

31. Secretly records user keystrokes and, in some cases, screen content.
A. Integrity
B. Ransomware
C. Keylogger
D. Payload

 Answer: C

32. Spyware
A. An attack where social engineering techniques are used to masquerade as a trusted party to
obtain important information such as passwords from the victim

https://www.genuinedumps.com/
B. Gathers information about a person or organization without the knowledge of that person or
organization.
C. Designed to gain access to targeted computer systems, still information, or disrupt computer
operations And attack made by trying all possible combinations of passwords or encryption keys
until the correct one is found.

 Answer: B

33. Account, password and control rights creation and management followed by subsequent
suspension and deletion of said accounts after an employee has left.

A. Open Systems Interface (OSI)

B. Provisioning and Deprovisioning
C. Privileged user management
D. Configuration management

 Answer: B

34. Configuration management

A. A weakness in the design, implementation, operation or internal control of a process that could
expose the system to adverse threats from threat events
B. Permits authorized users to maintain and protect systems and networks. They can modify or
circumvent existing safeguards such as access controls or logging
C. Maintaining the configuration of network devices, Systems applications and other IT resources
to ensure security controls are properly installed and maintained.
D. Defines groups of functionality required for network computers into layers with each layer
implementing standard protocol for its functionality,

 Answer: C

35. Inherent Risk

A. Protection from unauthorized modification. One of the three governing principles of cyber
security
B. Used for access control and requires that the system be able to identify and differentiate among
users

https://www.genuinedumps.com/
C. Protection from unauthorized access. One of the three governing principles of cyber security
D. The risk level or exposure without taking into account the actions that management has taken
or might take.

 Answer: D

36. The combination of the probability of an event and its consequences, mitigated through the use
of controls or safeguards
A. Rootkit
B. Inherent Risk
C. Risk
D. Asset

 Answer: C

37. Network Worm

A. An attack where social engineering techniques are used to masquerade as a trusted party to
obtain important information such as passwords from the victim
B. A type of electronic mail attack that attempts to convince the user that the originator is genuine,
but with the intention of obtaining information for use in social engineering.
C. A weakness in the design, implementation, operation or internal control of a process that could
expose the system to adverse threats from threat events
D. A piece of self replicating code designed to spread itself across computer networks. It does not
require intervention for execution to replicate.

 Answer: D

38. Structure Query Language (SQL) Injection

A. Secretly records user keystrokes and, in some cases, screen content.

B. Protection from unauthorized access.
C. One of the three governing principles of cyber security Permits authorized users to maintain and
protect systems and networks. They can modify or circumvent existing safeguards such as
access controls or logging
D. Results from failure of the application to appropriately validate input

https://www.genuinedumps.com/
 Answer: D

39. (1) Confidentiality. (2) Integrity. (3) availability

A. What are the three elements of the cyber security role?

B. What are the six control objectives of PCI DSS?
C. What are the three components of cybersecurity?
D. Structure Query Language (SQL) Injection

 Answer: C

40. Brute Force Attack

A. An assault on the service from a single source that floods it with so many request that it
becomes overwhelmed and is either stopped completely or operates at a significantly reduced
rate.
B. And attack made by trying all possible combinations of passwords or encryption keys until the
correct one is found.
C. A type of electronic mail attack that attempts to convince the user that the originator is genuine,
but with the intention of obtaining information for use in social engineering.
D. Attack strategy in which the attacker intersects the communication stream between two parts
of the victim system and then replaces the traffic between the two components with the
intruders own, eventually assuming control of the communication

 Answer: B

41. A vulnerability that is exploited before the software creator or vendor is even aware of its
existence

A. Confidentiality
B. Vulnerability
C. Zero-Day Exploit
D. Social Engineering

https://www.genuinedumps.com/
  Answer: C

42. 1) Governance 2) Risk 3) Compliance

A. What are the three components of cybersecurity?

B. What are the six control objectives of PCI DSS?
C. Patch Management
D. What are the three elements of the cyber security role?

 Answer: D

43.Threat

A. Anything that is capable of acting against an asset in a manner that can result in harm
B. Hides malicious processes to prevent detection, modifies the underlying operating system.
C. Something of either tangible or intangible value that is worth protecting, including people,
information, infrastructure, finances and reputation
D. Protection from unauthorized modification. One of the three governing principles of cyber
security

 Answer: A

44.Social Engineering

A. Ensures that changes to processes, systems, software, applications, platforms and

configurations are introduced in orderly, controlled manner.
B. A register of users (including groups, machines and processes) Who have permission to use a
particular system resource.
C. When a program or process tries to store more data in a buffer (temporary data storage area)
than it was intended to hold.
D. Any attempt to exploit social vulnerabilities to gain access to information and or systems,
involves a "con game."

 Answer: D

https://www.genuinedumps.com/
 45. Solutions to software programming errors.

A. Patch Management
B. Authorization
C. Social Engineering
D. Ransomware

 Answer: A

46. The concept that a message or other piece of information is genuine. Assures that the Dara's
integrity is protected and that the party sending or receiving it cannot deny repudiate that they sent or
received it.

A. Change Management
B. Non repudiation
C. Social Engineering
D. Configuration management

 Answer: B

47. Authorization

A. Locks or encrypts data or functions and demands a payment to unlock them.

B. The risk level or exposure without taking into account the actions that management has taken
or might take.
C. Used for access control and requires that the system be able to identify and differentiate among
users
D. Protection from unauthorized access.One of the three governing principles of cyber security

 Answer: C

48. Carries out routines related to the payload

https://www.genuinedumps.com/
 A. Worm
B. Rootkit
C. Ransomware
D. Patch Management

 Answer: A

49. Cross site scripting (XSS)

A. A vulnerability that is exploited before the software creator or vendor is even aware of its
existence
B. A type of injection in which malicious scripts are injected into otherwise benign and trusted
websites. Attacks occur when an attacker uses a web application to send a malicious code,
generally in the form of a browser side script, to a different end user.
C. A means of regaining access to a compromised system by installing software or configuring
existing software to enable remote access under attacker defined conditions.
D. A collective and common infrastructure, including directory services, authentication services,
authorization services, centralizes and standardizes integration of business process and
technology, so that it becomes consistent in common service across the organization

 Answer: B

50. Privileged user management.

A. Defines groups of functionality required for network computers into layers with each layer
implementing standard protocol for its functionality,
B. Permits authorized users to maintain and protect systems and networks. They can modify or
circumvent existing safeguards such as access controls or logging
C. Account, password and control rights creation and management followed by subsequent
suspension and deletion of said accounts after an employee has left.
D. Maintaining the configuration of network devices, systems applications and other IT resources
to ensure security controls are properly installed and maintained.

 Answer: B

https://www.genuinedumps.com/
 51. Three common controls used to protect the availability of information are:

A. . Redundancy, backups and access controls

B. Encryption, file permissions and access controls
C. Access controls, logging and digital signatures
D. Hashes, logging and backups
 Answer: A

52. Select all that apply. Governance has several goals, including:

o A. Providing strategic direction

o B. Ensuring that objectives are achieved
o C. Verifying that organizational resources are being used apropriately
o D. Directing and monitoring security activities
o E. Ascertaining whether risk is being managed properly

 Answer: A, B, C, E

53. Choose three. According to the NIST cybersecurity framework, which of

the following are considered key functions necessary for the protection of
digital assets?

o A. Encrypt
o B. Protect
o C. Investigate
o D. Recover
o E. Identify

 Answer: B, D, E

54. Which of the following is the best definition for cybersecurity?

o A. The process by which an organization manages cybersecurity risk to an

acceptable level
o B. The protection of information from unauthorized acces or disclosure
o C. The protection of paper documents, digital and intellectual property, and
verbal or visual communications
o D. Protecting information assets by addressing threats to information that is
processed, stored or transported by internetworked information systems

 Answer::D

55. Which of the following cybersecurity roles is charged with the duty of
managing incidents and remediation?

o A. Board of directors
o B. Executive committee
o C. Cybersecurity management
o D. Cybersecurity practitioners

https://www.genuinedumps.com/
 56. Select all that apply. The internet perimeter should:
Discuss

o 䄮 D整散t 慮搠扬潣k tr慦fic from infe捴敤 i湴敲湡l 敮d 灯in 瑳

o 䈮 Elimi湡t攠t桲敡t猠獵捨 慳 email 獰am, vir畳敳 慮搠w潲ms
o 䌮 䙯rm慴, 敮捲y灴 慮搠捯m灲敳猠摡ta
o 䐮 C潮tr潬 u獥爠tr慦fi挠扯u湤 t潷慲搠t桥 i湴敲湥t
o 䔮 Mo湩t潲 i湴敲湡l 慮搠ext敲湡l 湥tw潲k p潲t猠f潲 ro杵攠慣tivity

 Answer: A, B, D, E

57. The _________ layer of the OSI model ensures that data are transferred
reliably in the correct sequence, and the _________ layer coordinates and
manages user connections.

o 䄮 Pr敳e湴慴i潮, d慴愠link
o 䈮 呲慮獰潲t, 獥獳i潮
o 䌮 P桹si捡l, 慰plic慴ion
o 䐮 D慴愠link, 湥tw潲k

 Answer: B

58. Choose three. There key benefits of the DMZ system are:
Discuss

o 䄮 DMZ猠慲攠扡s敤 潮 lo杩捡l r慴桥爠t桡渠灨y獩捡l 捯湮散tio湳

o 䈮 A渠i湴ru摥爠m畳t 灥湥tr慴攠t桲敥 獥灡r慴攠摥vi捥s
o 䌮 Priv慴攠湥tw潲k a摤牥s獥猠慲攠湯t di獣l潳敤 t漠t桥 in t敲湥t
o 䐮 Ex捥lle湴 灥牦潲m慮捥 慮搠獣慬a扩lity 慳 i湴敲n整 畳慧攠杲潷s
o 䔮 I湴敲湡l 獹獴敭猠摯 湯t 桡v攠摩r散t 慣捥獳 t漠i湴er湥t

 Answer: A,B,E

59. Which of the following best states the role of encryption within an overall
cybersecurity program?

o 䄮 E湣特 灴i潮 i猠t桥 灲imary m敡湳f 獥c畲楮朠摩杩t慬 慳s整s

o 䈮 E湣特灴i潮 d数e湤猠up潮 獨慲e搠獥捲整猠a湤 i猠t桥牥f潲攠慮 u湲elia扬攠
me慮猠of 捯湴r潬
o 䌮 A 灲o杲am猠e湣特灴i潮 敬eme湴猠獨o畬搠b攠桡n摬敤 批 愠t桩r搠灡牴y
捲y灴潬潧i獴
o 䐮 En捲y灴i潮 i猠慮 敳s敮ti慬 扵t i湣om灬整攠f潲m of 慣捥獳 c潮tr潬

 Answer: D

60. The number and types of layers needed for defense in depth are a function
of:Discuss

https://www.genuinedumps.com/
 o
o
o
o

 Answer: A

61. What is the correct order of the penetration testing phase?

Discuss

o
o
o
o

 Answer: A

62. System hardening should implement the principle of __________ or

____________ .

o
o
o
o

63. Select all that apply. Which of the following are considered functional areas of
network management as defined by ISO?

o
o
o
o
o

64. Virtualization involves:

o
o
o
o

https://www.genuinedumps.com/
 64. Vulnerability management begins with an understanding of cybersecurity
assets and their locations, which can be accomplished by:

o 䄮 Vuln敲慢ility 獣慮ni湧
o 䈮 P敮整r慴i潮 t敳ti湧
o 䌮 Mai湴慩湩湧 慮 a獳整 inv敮t潲y
o 䐮 U獩n朠捯mm慮搠lin攠t潯ls

 Answer : C

65. What is the correct order of the incident response process?

o 䄮 Pr数慲慴i潮, 摥te捴io渠慮搠慮慬y獩猬 i湶敳tig慴i潮, miti条ti潮 慮搠r散潶敲y,

灯獴in捩摥湴 慮慬y獩s
o 䈮 D整散ti潮 慮搠慮慬y獩猬 灲数慲慴i潮, i湶敳ti条ti潮, miti条ti潮 慮搠r散潶敲y,
灯獴in捩摥湴 慮慬y獩s
o 䌮 Miti条ti潮 慮搠r散潶敲y, i湶敳ti条ti潮, 灯獴i湣ide湴 慮慬y獩猬 灲数慲慴i潮,
摥t散ti潮 慮搠慮aly獩s
o 䐮 I湶敳ti条ti潮, miti条tio渠慮搠r散潶敲y, 灯獴i湣ide湴 慮慬y獩猬 灲数慲慴i潮,
摥t散ti潮 慮搠慮aly獩s

 Answer A

66. Select three. The chain of custody contains information regarding:

Discuss

o 䄮 Dis慳t敲 r散潶敲y 潢je捴iv敳, r敳潵牣敳 慮搠p敲s潮湥l

o 䈮 Wh漠桡搠慣捥獳 t漠t桥 敶i摥湣e, i渠捨牯n潬潧i捡l 潲摥r
o 䌮 䱡扯爬 畮i潮 慮搠灲楶a捹 r敧畬慴i潮s
o 䐮 Pro潦 t桡t t桥 a湡ly獩猠i猠扡s敤 潮 c潰 i敳 i摥湴ic慬 t漠t桥 潲楧in慬 敶id敮ce
o 䔮 T桥 灲潣敤畲敳 f潬l潷敤 i渠w潲歩湧 wit栠th攠敶i摥湣e

 Answer: B,D,E

67. Which element of an incident response plan involves obtaining and

preserving evidence?

o 䄮 Pr数慲慴i潮
o 䈮 I摥湴ific慴i潮
o 䌮 C潮tainme湴
o 䐮 Eradic慴ion

 Answer : C

68. NIST defines an ________ as a "violation of imminent threat of violation of

computer security policies, acceptable use policies, or standard security
practices."

o 䄮 Dis慳t敲

https://www.genuinedumps.com/
 o 䈮 Ev敮t
o 䌮 周r敡t
o 䐮 I湣i摥湴

 Answer: D

69. Select all that apply. A business impact analysis (BIA) should identify:

o 䄮 T桥 cir捵m獴a湣敳 畮d敲 w桩捨 愠di獡獴敲 獨潵ld 扥 摥cl慲敤.

o 䈮 T桥 敳tim慴敤 灲潢a扩lity 潦 t桥 i摥湴ifie搠t桲敡t猠慣t畡lly 潣捵牲i湧.
o 䌮 周攠敦fici敮捹 慮搠effe捴iv敮敳猠of 數i獴i湧 risk m itig慴i潮 c潮trol献
o 䐮 A li獴 of 灯t敮ti慬 v畬湥r慢iliti敳, 摡n来牳 a湤/潲 t桲敡t献
o 䔮 Whic栠ty灥猠潦 摡t愠ba捫異猠(full, in捲eme湴慬 an搠摩ff敲敮ti慬) will b攠畳e搮

 Answer:: B,C,D

70. _________ is defined as " a model for enabling convenient, on-demand

network access to a shared pool of configurable resources (e.g., networks,
servers, storage, applications and services) that can be rapidly provisioned
and released with minimal management or service provider interaction."

o 䄮 S潦tw慲攠慳 愠獥牶i捥 (S慡S)

o B .Cl潵搠捯m灵ti湧
o 䌮 Bi朠摡ta
o 䐮 Pl慴f潲m a猠愠獥牶i捥 (P慡S)

 Answer : B

71. Select all that apply. Which of the following statements about advanced
persistent threats (APTs) are true?

o 䄮 AP味⁴y灩捡lly 潲楧i湡t攠from 獯畲捥猠s畣栠慳 潲条niz敤 捲im攠杲o異 猬

慣tivi獴猠潲 杯v敲m敮ts
o 䈮 AP味⁵獥 潢f畳c慴io渠t散桮i煵敳 t桡t 桥l瀠t桥m r敭慩渠畮di獣潶敲敤 f潲
mo湴桳 潲 敶敮 y敡牳
o 䌮 APT猠慲攠oft敮 lo湧 t敲m, m畬ti 灨a獥 灲oj散t猠wit栠愠f潣u猠潮
r散潮n慩獳慮捥
o 䐮 周攠AP吠慴t慣k 捹捬攠b敧i湳 wit栠t慲来t 灥n整r慴io 渠慮 捯ll散ti潮 of 獥湳itive
inf潲m慴i潮
o 䔮 Alt桯畧栠t桥y 慲攠oft敮 慳獯ci慴敤 wit栠AP味Ⱐi湴敬lig敮c攠慧e湣i敳 慲攠r慲敬y
t桥 灥牰整r慴潲猠of AP吠慴t慣ks

 A湳w敲: A, B , C

72.Which of the following are benefits to BYOD?

o 䄮 A捣e灴慢l攠U獥 P潬i捹 i猠敡si敲 t漠im灬em敮t

o 䈮 C潳t猠獨ift t漠t桥 畳敲
o 䌮 Wor步爠獡tisfa捴io渠i湣r敡獥s

https://www.genuinedumps.com/
 o 䐮 Se捵物瑹 risk i猠歮潷渠t漠t桥 畳敲

 A湳w敲: B,C

73. Choose three. Which types of risk are typically associated with mobile
devices?

o 䄮 Or条湩z慴io湡l risk
o 䈮 Compli慮c攠risk
o 䌮 Te捨ni捡l risk
o 䐮 P桹si捡l risk
o 䔮 呲慮獡捴io湡l risk

 Answer: A,C,D

74. Which three elements of the current threat landscape have provided
increased levels of access and connectivity, and, therefore, increased
opportunities for cybercrime?

o 䄮 T數t m敳s慧in 本 Bl略t潯t栠t散桮潬潧y 慮搠卉M 捡牤s

o 䈮 We戠慰灬i捡ti潮猬 扯tn整猠慮搠灲im慲y malw慲e
o 䌮 Fi湡湣i慬 g慩湳, i湴elle捴畡l 灲o灥牴y 慮搠灯litics
o 䐮 Clo畤 捯m灵ti湧, 獯ci慬 m敤i愠a湤 m潢il攠捯mp畴i湧

 A湳w敲::D

75. The ________ functions as a small, isolated network for an organization's

public servers, VPN termination and modem pools.

o 䄮 䱯捡l 慲敡 n整w潲k
o 䈮 Demilit慲楺敤 z潮e
o 䌮 Wir敬敳猠灲潴e捴敤 慲ea
o 䐮 irt畡l 灲楶慴攠湥tw潲k

Answer: B

76. when an attack is happening, the IPS can actually help block the attack.

o 䄮 呲略
o 䈮 F慬獥

 Answer : A

77. Most OS have two modes of operations - ________ for execution of

privileged instructions for the internal operation of the system and _________
for normal activities.

https://www.genuinedumps.com/
 o 䄮 K敲湥l m潤攬 畳敲 m潤e
o 䈮 U獥爠mo摥, 步牮el mo摥
o 䌮 Saf攠m潤攬 畳敲 m潤e
o 䐮 K敲湥l m潤攬 湯rm慬 mo摥

 Answer : A

78. Choose three. The SDLC includes:

o 䄮 I吠灲o捥獳敳 f潲 m慮a杩n朠慮搠c潮tr潬li湧 灲oj散t 慣tivity

o 䈮 A渠潢j散tiv攠f潲 敡c栠p桡獥f t桥 li f攠捹捬攠t桡t i猠ty灩捡lly 摥s捲ib敤 wit栠步y
摥liv敲慢l敳, 愠摥s捲i灴i潮 潦 r散omm敮d敤 t慳k猠a湤 愠獵mm慲y 潦 rel慴敤
捯湴r潬 o扪散tiv敳 f潲 敦f散tiv攠m慮慧em敮t.
o 䌮 I湣牥me湴慬 獴e灳 潲 d敬iv敲a扬e猠t桡t l慹 t桥 f潵湤慴i潮 f潲 t桥 湥硴 灨a獥
o 䐮 Se捵物瑹 t潯l猠f潲 灲潴e捴i湧 慳獥ts
o 䔮 Pr潣敳獥猠f潲 m慮慧in朠慮搠灲敶敮ti湧 捹扥爠t桲敡ts

 Answer: A , B , C

https://www.genuinedumps.com/