You are evaluating the compliance and effectiveness of measures that mitigate the effect of uncertainty on security objectives. Which of the following best describes what you are doing? (Wentz QOTD)
A. Risk assessment
B. Threat assessment
C. Security assessment
D. Vulnerability assessment
As a security professional, you are promoting security awareness, helping HR staff review recruiting processes, and implementing Intrusion detection systems to respond to security incidents and biometric-based access control. Which of the following best describes what you are doing? (Wentz QOTD)
B. Complete mediation
C. Top-down security strategy
D. Risk-based access control
Which of the following is the best role to classify enterprise proprietary data?
A. Data controller
B. Data processor
C. Data steward
D. System owner
As a software developer, you are signing the code using a certificate to protect it from being tampered with and authenticate your identity to users. Which of the following is the best implementation?
A. Hash the code and encrypt the result using your private key
B. Digest the code using your public key as the digital signature
C. Encrypt the fingerprint of the code using your public key
D. Encrypt the code and its fingerprint using your private key
Your organization is developing a new information system. Which of the following should be conducted first?
A. Assess risk to the system
B. Identify the data types processed by the system
C. Scope and tailor security controls
D. Prepare the authorization package
Which of the following is the most common instrument to generate key pairs and certificate signing requests, manage keys, and convert and package certificates? (Wentz QOTD)
A. TPM (Trusted Platform Module)
B. TCB (Trusted Computing Base)
C. HSM (Hardware security module)
D. The OpenSSL utility
As an information system owner, you are responsible for the overall procurement, development, integration, modification, operation, and maintenance of the information system. Which of the following is the first document you should develop to gain the authorization to operate for the information system? (Wentz QOTD)
A. Authorization package.
B. Security and privacy plans.
C. Plans of action and milestones.
D. Security and privacy assessment reports.