Exam simulator: Compliance and Assessment

Question 1 of 10

1. Question

Which of the following statements describe the difference between security and policy?

Security is about the safeguarding of user identity, whereas privacy is about the safeguarding of data
Security is about the safeguarding of data and user identity, whereas privacy is about the safeguarding of data
Security is about the safeguarding of data, whereas privacy is about the safeguarding of user identity
Security is about the safeguarding of data, whereas privacy is about the safeguarding of data and user identity

Question 2 of 10

2. Question

A company collects information from customers in all possible ways through the web. Afterward, the company separates the information based on demographics and interest and resell the customer’s data to third-party companies in different countries. Which of the following concepts does the company violate?

Data masking
Data enrichment
Data sovereignty
Data exfiltration

Question 3 of 10

3. Question

Your organization is working with a contractor to build a database. You need to find a way to hide the actual data from being exposed to the contractor. Which of the following technique will you use in order to allow the contractor to test the database environment without having access to actual sensitive customer information?

Data Masking
Tokenization
Encryption
Data at rest

Question 4 of 10

4. Question

A company hired an outside contractor to oversee the cyber defense competition and adjudicate the event. Which of the following cybersecurity testing exercise team MOST likely been hired.

Red team
Blue team
White team
Purple team

Question 5 of 10

5. Question

If an employee tried to forward a business email outside the corporate domain or upload a corporate file to a consumer cloud storage service like Google drive, the employee would be denied permission. Which of the following process is described in the above scenario?

Non-disclosure Agreement
Data Loss Prevention
Digital Rights Management
Tokenization

Question 6 of 10

6. Question

You have been hired as a penetration tester for conducting an assessment. The company wants to include ONLY cross-site scripting and SQL injection from the list of authorized activities. Which of the following documents would include this limitation?

Non-Disclosure Agreement
Code of Conduct
Rules of Engagement
Acceptable Use Policy

Question 7 of 10

7. Question

A company signs up a new contract with an Internet service provider (ISP). The ISP presents a document which states that the company agrees to adhere to stipulations such as:

Not using the service as part of violating any law
Not attempting to break the security of any computer network or user
Not posting commercial messages to Usenet groups without prior permission
Not attempting to send junk e-mail or spam to anyone who doesn't want to receive it
Not attempting to mail bomb a site with mass amounts of e-mail in order to flood their server

Which of the following documents is described in the above scenario?

General Data Protection Regulation
National Institute of Standards and Technology
International Organization for Standardization
Acceptable Use Policy

Question 8 of 10

8. Question

An author just published his new eBook on Amazon but he worries about copyright issues as the previous eBook was found on file-sharing websites without his permission. The author wants to prevent users from sharing his content online. Which of the following tools allows the author to prevent unauthorized use of his content?

NDA
DRM
DLP
AUP

Question 9 of 10

9. Question

Your agency has received various complaints about slow Internet access and that your web site is inaccessible. After further investigation, it is determined that your agency is a victim of a DNS amplification attack that is currently overwhelming your DNS server and network bandwidth. An overwhelmingly large number of Internet spoofed IP addresses are involved in the attack. The above scenario can be considered a tabletop exercise. (TRUE/FALSE)

TRUE
FALSE

Question 10 of 10

10. Question

Which of the following statements describes the difference between the Red team and the Blue team in a cybersecurity testing exercise?

A blue team imitates an attacker and attacks with characteristic tactics and techniques while a red team is there to find ways to defend the attack
A red team imitates an attacker and attacks with characteristic tactics and techniques while a blue team is there to find ways to both defend and attack
A red team imitates an attacker and attacks with characteristic tactics and techniques while a blue team is there to find ways to defend the attack
A blue team imitates an attacker and attacks with characteristic tactics and techniques while a red team is there to find ways to both defend and attack

Anastasia-Instructor August 31, 2022

Quiz Summary

Information

Results

Results

Categories

1. Question

Which of the following statements describe the difference between security and policy?

2. Question

3. Question

4. Question

A company hired an outside contractor to oversee the cyber defense competition and adjudicate the event. Which of the following cybersecurity testing exercise team MOST likely been hired.

5. Question

If an employee tried to forward a business email outside the corporate domain or upload a corporate file to a consumer cloud storage service like Google drive, the employee would be denied permission. Which of the following process is described in the above scenario?

6. Question

You have been hired as a penetration tester for conducting an assessment. The company wants to include ONLY cross-site scripting and SQL injection from the list of authorized activities. Which of the following documents would include this limitation?

7. Question

A company signs up a new contract with an Internet service provider (ISP). The ISP presents a document which states that the company agrees to adhere to stipulations such as:

Which of the following documents is described in the above scenario?

8. Question

9. Question

10. Question

Which of the following statements describes the difference between the Red team and the Blue team in a cybersecurity testing exercise?