Practice Test Questions

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following industry standards describes a standard approach for setting up an information security management system? A. CIS B. ISO 27002 C. OWASP D. ISO 27001 Correct Answer: D ISO 27001 describes a standard approach for setting up an information security management system, making it our correct answer here. While ISO 27002 goes into more detail on the specifics of information security controls, which is not what we are looking for. The Center for Internet Security (CIS) produces a set of configuration benchmarks used to securely configure operating systems, applications, and devices, which is an incorrect answer. The Open Web Application Security Project (OWASP) provides advice and tools focused on web application security, another incorrect answer here.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. You experienced a power outage that disrupted access to your data center. What type of security concern occurred? A. Availability B. Confidentiality C. Non-Repudiation D. Integrity Correct Answer: A Availability concerns occur when legitimate users are unable to gain access to systems or information. The major types of availability disruptions are denial of service, power outages, hardware failures, destruction, and service outages. Confidentiality concerns occur when unauthorized individuals may be able to gain access to sensitive information. Making it an incorrect answer here. Integrity concerns occur when there is the potential for unauthorized modification of information. The major types of integrity attacks include man-in-the-middle attacks, replay attacks, impersonation and unauthorized information alteration. Making it another incorrect answer. Nonrepudiation is a security goal that prevents someone from claiming that they did not send a message or engage in an activity. Nonrepudiation is commonly implemented by using digital signatures. So that is another incorrect answer.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. What federal law requires the use of vulnerability scanning on information systems operated by federal government agencies? A. FISMA B. HIPAA C. GLBA D. FERPA Correct Answer: A The Health Insurance Portability and Accountability Act (HIPAA) applies only to organizations involved in healthcare, so it would not apply to all government agencies. The Gramm Leach Bliley Act (GLBA) applies to financial institutions, so it also wouldn't apply to government agencies. Similarly, the Family Educational Rights and Privacy Act (FERPA) applies to educational institutions, not government agencies. The Federal Information Security Management Act (FISMA) requires that federal agencies implement vulnerability management programs for federal information systems, so that's our correct answer.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...