Blog

The three elements of a SETA program are security education, security training, and security awareness. Which statement BEST captures the key difference between training and awareness?

A vulnerability scanner identifies a critical CVE on a server that was classified as “acceptable risk” by a previous analyst 18 months ago. The current analyst seeks to reclassify it for immediate remediation. According to the “vulnerability assessment and remediation” domain of the Cybersecurity Maintenance Model, which of the following is the most appropriate perspective?

Organizations utilize several strategies to test their Contingency Plans (CP), ranging from desk checks to full-interruption tests. Which of the following statements CORRECTLY describes the trade-off between these testing approaches?

Organizations utilize various concepts to measure and maintain their security posture, including benchmarking, baselining, due care, and due diligence. Which of the following statements isINCORRECT?

Which of the following statements regarding the variables that shape an organization’s cybersecurity program is INCORRECT?

An organization’s primary data center is destroyed by a fire. The BC team activates a pre-arranged facility with power, network connectivity, and empty server racks, but no pre-loaded hardware or data. The team must install, configure, and restore all systems from backups before operations can resume. What type of alternate site is this? 

The Divine Comedy

Contingency planning (CP) consists of four primary components: the Business Impact Analysis (BIA), the Incident Response (IR) plan, the Disaster Recovery (DR) plan, and the Business Continuity (BC) plan. Which of the following statements regarding these components is INCORRECT?

The figure illustrates the Cybersecurity Maintenance Model and its five functional domains. Based on the illustrated data flow, which of the following statements is INCORRECT?

Access control is fundamentally built on four functions: Identification, Authentication, Authorization, and Accountability (IAAA). Which of the following statements about these functions is INCORRECT?