16. In the Payment Card Industry Data Security Standard (PCI DSS), which of these goals would benefit from encrypted data transmission?
- Implementing strong access control measures
- Maintaining a vulnerability management program
- Monitoring and testing networks regularly
- Protecting cardholder data
17. What tools can be used to discover vulnerabilities or dangerous misconfigurations in systems and networks?
- Vulnerability scanners
- Bastion hosts
- Firewalls
- Antimalware software
18. _____ is the practice of attempting to break into a system or network for the purpose of verifying the systems in place.
- Network probing
- Penetration testing
- Security assessment
- Vulnerability scanning
19. Which of the following should be part of an access data request? Select all that apply.
- Specify exact data needed
- Provide justification
- Time limit
- A second signature
20. Which of the following is recommended to secure authentication?
- Password rotation
- Strong encryption
- 2-factor authentication
- Vulnerability scanning
21. When thinking about credential theft, what is one of the greatest workplace cybersecurity risks?
- Keylogging
- Credential stealing text messages
- Phishing emails
- Blackmail
22. Which of the following actions should be included when conducting a vendor risk review? Select all that apply.
- Ask the vendor for a cost comparison
- Talk to the vendor’s employees
- Ask the vendor to fill out a security questionnaire
- Test the vendor’s hardware or software
23. What are some things that are generally included on a third party security assessment report? Select all that apply
- User reviews
- Third party security audit results
- Penetration testing results
- Customer feedback scores
24. Management wants to build a culture where employees keep security in mind. Employees should be able to access information freely and provide feedback or suggestions without worry. Which of these are great ideas for this type of culture? Select all that apply.
- Designated mailing list
- Posters promoting good security behavior
- Desktop monitoring software
- Bring your own device
25. Once the scope of the incident is determined, the next step would be _____.
- escalation
- containment
- documentation
- remediation
Shuffle Q/A 1
26. In the Payment Card Industry Data Security Standard (PCI DSS), what are the requirements for the “regularly monitor and test networks” objective? Select all that apply
- Develop and maintain secure systems and applications
- Regularly test security systems and processes
- Track and monitor all access to network resources and cardholder data
- Encrypt the transmission of cardholder data across open public networks
27. What characteristics are used to assess the severity of found vulnerabilities? Select all that apply.
- Remotely exploitable or not
- Use of encryption or not
- Type of access gained
- Chance of exploitation
