1. Which of the following is an action that could damage an asset?
2. Which law requires all types of financial institutions to protect customers’ private financial information?
3. An AUP is part of a layered approach to security, and it supports confidentiality. What else supports confidentiality?
4. Which of the following is a detailed written definition of how software and hardware are to be used?
5. Which of the following is not a common type of data classification standard?
6. What does a lapse in a security control or policy create?
7. Which of the following is any weakness in a system that makes it possible for a threat to cause it harm?
8. Which of the following terms refers to the likelihood of exposure to danger?
9. Which type of attacker intends to be helpful?
10. Which domain is primarily affected by weak endpoint security on a VPN client?
11. Identify two phases of the access control process.
12. You log onto a network and are asked to present a combination of elements, such as user name, password, token, smart card, or biometrics. This is an example of which of the following?
13. Which of the following is a type of authentication?
14. Identify an example of an access control formal model.
15. Which of the following access control models is based on a mathematical theory published in 1989 to ensure fair competition?
16. Which of the following are primary categories of rules that most organizations must comply with?
17. Which of the following is not a part of an ordinary IT security policy framework?
18. Which of the following helps you determine the appropriate access to classified data?
19. Which of the following refers to the management of baseline settings for a system device?
20. Identify a primary step of the SDLC.
21. Which of the following is a process to verify policy compliance?
22.