CS4451 Module 14

Which of the following statements best describes governance?

It is the structures, systems, and practices put in place to assign, oversee, and report.

Publilius is the chief information security officer at an organization. He needs to fill a position relating to governance. When advertising the position, which of the following words is he most likely to include in the job posting? Select three.

Integrity

Accountability

Transparency

Idalia works at a government agency responsible for issuing certain security directives. In addition, there are other members of the office responsible for enforcing those directives. Which of the following best describes the type of entity where Idalia works?

Regulatory

A technician is adding a computer to the network. The technician issues the ping command to verify the newly installed system has connectivity with the printer. Which of the following statements is NOT true regarding the object, subject, and operation in the context of the actions just described?

The printer is the subject

Which of the following governance roles, in relation to system and data resources, determines the level of security needed for the data and delegates security duties as needed?

Owner

A senior official at an organization is part of a team writing a set of documents that defines the organization's philosophy of how to safeguard its information. Which set of documents are they producing?

Policies

Galina is implementing a series of changes that were ratified by the governance board in the organization where she works. Included in the changes is updating the password policy for all users. Which document is Galina most likely to use when implementing the change?

Procedures

A recent college graduate was hired. Part of the onboarding process includes reading a series of documents. One of the documents states that vulnerability scans conducted after network changes may be performed by internal staff. Which of the following types of documents is the college graduate most likely to be reading?

Standards

Which of the following is likely to have the least severe of consequences if not complied with?

Guidleines

A clinic's network is breached, and patient data is stolen. Upon investigation, the authorities determined they had very poor security practices and levied a fine against them. Which of the following best describes how the clinic was in violation?

They did not meet the compliance standards.

Which of the following statements is true regarding internal compliance monitoring?

Automation compliance tools can generate an internal compliance report for auditors.

You are hired by a company to examine the protections they have adopted. Upon completion, you write a report verifying their performance. The report also includes a statement indicating the company recognizes their responsibility in maintaining effective controls. Which of the following best describes the activity in which you are involved?

External compliance monitoring.

Two cousins connect through a "get to know your friend" app that asks both cousins a series of questions about the other person. Person A answers the question about Person B and vice versa. They then indicate whether the question was answered correctly. The app also has multiple trackers as noted in the End User License Agreement. What type of data collection is the app most likely to be performing?

Questionable

Which of the following statements is true regarding current data protections when securing data privacy through compliance?

Different states have different privacy laws so that they are local/regional data protections.

Omar works as a security defender at a security operations center. Which of the following best describes or represents tasks Omar may need to perform? Select three.

Coordination

Proactive monitoring

Compliance

Parisa is responsible for researching and deploying security automation software to help reduce the likelihood of false positives. Which of the following best describes how automation will help?

It will be able to find correlations from external and internal data sources.

Quisha, an IT security manager, is a strong proponent of security automation. However, Quisha wants to temper reliance on automation by implementing certain controls. Which of the following best describes what Quisha is trying to prevent?

A single point of failure

A software developer implements an enhancement to one of the features for which they are responsible. The changes are merged into the main branch, a build is created, and automated tests are executed to validate the changes. This activity represents what element of the automated software development process?

Continuous integration

An investment firm is planning on writing an app to offer an interface that is more user friendly and intuitive. However, instead of rewriting their entire code base they want to access some of the capabilities of their legacy code base as well as the data feeds available on a subscription basis. How should they proceed?

They should use API integration as it will allow them to develop the app more rapidly.

You are a software test engineer at a company that develops enterprise backup solutions. You need to write a few scripts to automate the iterative testing of the new features being introduced. Which of the following are you NOT likely to use? Select two.

C++

Java

Ukya is part of a team that develops automations to find deviations from desired baselines and automatically fix certain issues in a cloud environment. Which of the following best describes the type of system Ukya's team develops?

Guardrails

An employee at a manufacturing facility gets promoted from supervisor to manager. Once the change is made in the system, the employee is automatically assigned the proper credentials and given more privileges relative to the resources they can access. Which of the following best describes the mechanism that facilitates this capability?

User automation provisioning

Westin is a cloud engineer who needs to configure a cloud feature that controls inbound and outbound traffic at the network interface level. What should Westin configure?

Security group

A company is targeted in a distributed denial-of-service attack. However, they have systems in place that automatically detect, respond, and mitigate the negative effects of the attack. What type of platform has the company deployed?

SOAR

A security professional assumes the network is under siege and is searching for evidence to see if it has indeed been breached. What is the security professional doing?

Threat hunting

Zipporah develops a hypothesis and is threat hunting to see whether it is true. After testing the hypothesis, it is found to be false. If you were her manager, what would you tell her about the findings? Select two.

She should look for evidence of the threat elsewhere.

There is no indication of an infiltration based on the specifics of the hypothesis.

Which of the following statements are true when defining artificial intelligence (AI) in a broader scope versus in isolation? Select two.

ML is a subset of AI and can create refined algorithms rather than being explicitly programmed.

Data analytics relies on human interaction to query data, identify trends, and test assumptions.

A law firm encourages their paralegals to use AI to help improve the efficiency of their research. What type of AI system is the firm encouraging?

Assisted intelligence

A security firm is researching AI capabilities that can help address many of the challenges related to information security. What are some of the challenges they are seeking to mitigate, and/or how? Select two.

Shortage of trained security professionals

Amount of security-related data produced daily

What are some of the risks or challenges associated with AI in cybersecurity? Select two.

Attackers can use AI to develop mutating malware.

Malicious actor could try to alter the training data used by ML.