Dan has written a policy that prohibits employees from sharing their passwords with their coworkers, family members, or others. What type of credential policy has he created?

An administrative account policy

Adam is concerned about malware infecting machines on his network. One of his concerns is that malware would be able to access sensitive system functionality that requires administrative access. What technique would best address this issue?

Using a nonadministrative account for normal activities

Implementing host-based antimalware

Implementing full-disk encryption (FDE)

Making certain the operating systems are patched

What key difference separates pseudonymization and anonymization?

Pseudonymization requires additional data to reidentify the data subject

Anonymization can be reversed using a hash

Pseudonymization uses randomized tokens

Alaina wants to map a common set of controls for cloud services between standards like COBIT (Control Objectives for Information and Related Technology), FedRAMP (Federal Risk and Authorization Management Program), HIPAA (the Health Insurance Portability and Accountability Act of 1996), and others. What can she use to speed up that process?

The CSA's reference architecture

Isaac has been asked to write his organization's security policies. What policy is commonly put in place for service accounts?

They cannot use interactive logins

They must be issued only to system administrators

They must use multifactor authentication

How is asset value determined?

Any of the above based on organizational preference

The depreciated cost of the item

Which of the following is a common security policy for service accounts?

Implementing frequent password expiration

Which of the following does not minimize security breaches committed by internal employees?

Nondisclosure agreements signed by employees

Why are diversity of training techniques an important concept for security program administrators?

Each person responds to training differently

It allows for multiple funding sources

It avoids a single point of failure in training compliance

It is required for compliance with PCI-DSS

CompTIA Security+ Book Practice Test 5

Authored by blackpanther300 blackpanther300

Computers

12th Grade

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

36 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A security administrator is reviewing the company's continuity plan, and it specifies an RTO of four hours and an RPO of one day. Which of the following is the plan describing?

Systems should be restored within one day and should remain operational for at least four hours.

Systems should be restored within four hours and no later than one day after the incident.

Systems should be restored within one day and lose, at most, four hours' worth of data.

Systems should be restored within four hours with a loss of one day's worth of data at most.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following statements is true regarding a data retention policy?

Regulations require financial transactions to be stored for seven years.

Employees must remove and lock up all sensitive and confidential documents when not in use.

It describe a formal process of managing configuration changes made to a network.

It is a legal document that describes a mutual agreement between parties.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

What type of information does a control risk apply to?

Health information

Personally identifiable information (PII)

Financial information

Intellectual property

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You are the IT manager and one of your employees asks who assigns data labels. Which of the following assigns data labels?

Owner

Custodian

Privacy officer

System administrator

MULTIPLE CHOICE QUESTION

1 min • 1 pt

As part of the response to a credit card breach, Sally discovers evidence that individuals in her organization were actively working to steal credit card information and personally identifiable information (PII). She calls the police to engage them for the investigation. What has she done?

Escalated the investigation

Public notification

Outsourced the investigation

Tokenized the data

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following is not a common security policy type?

Acceptable use policy

Social media policy

Password policy

Parking policy

MULTIPLE CHOICE QUESTION

1 min • 1 pt

What law or regulation requires a DPO in organizations?

FISMA

COPPA

PCI-DSS

GDPR

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

35 questions

Code.org Unit 2 Web Development

Quiz

•

6th - 12th Grade

40 questions

MS office 2016

Quiz

•

1st Grade - Professio...

33 questions

Fortnite

Quiz

•

1st Grade - Professio...

40 questions

Computer Network

Quiz

•

12th Grade - University

40 questions

SOALAN PERCUBAAN TEORI (SET 1)

Quiz

•

12th Grade

40 questions

SCRATCH TEST 2

Quiz

•

9th - 12th Grade

37 questions

Computer Terms

Quiz

•

6th - 12th Grade

31 questions

Computer System

Quiz

•

12th Grade - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

10 questions

Probability Practice

Quiz

•

4th Grade

15 questions

Probability on Number LIne

Quiz

•

4th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

6 questions

Appropriate Chromebook Usage

Lesson

•

7th Grade

10 questions

Greek Bases tele and phon

Quiz

•

6th - 8th Grade

Discover more resources for Computers

14 questions

[AP CSP] JavaScript Programming Quiz

Quiz

•

9th - 12th Grade

10 questions

Understanding Computers and Computer Engineering

Interactive video

•

7th - 12th Grade

37 questions

Python - Tuples, Lists, and List Methods

Quiz

•

9th - 12th Grade

CompTIA Security+ Book Practice Test 5

A security administrator is reviewing the company's continuity plan, and it specifies an RTO of four hours and an RPO of one day. Which of the following is the plan describing?

Which of the following statements is true regarding a data retention policy?

What type of information does a control risk apply to?

You are the IT manager and one of your employees asks who assigns data labels. Which of the following assigns data labels?

As part of the response to a credit card breach, Sally discovers evidence that individuals in her organization were actively working to steal credit card information and personally identifiable information (PII). She calls the police to engage them for the investigation. What has she done?

Which of the following is not a common security policy type?

What law or regulation requires a DPO in organizations?

Which of the following techniques attempts to predict the likelihood a threat will occur and assigns monetary values should a loss occur?

The website that Brian is using shows part of his Social Security number, not all of it, and replacing the rest of the digits with asterisks, allowing him to verify the last four digits. What technique is in use on the website?

Nick is following the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and has completed the prepare and categorize steps. Which step in the risk management framework is next?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers