9/24/23, 8:47 PM Chapter 5: Security Operations Quiz

Chapter 5: Security Operations Quiz

Your work has been saved and submitted

Written Sep 24, 2023 7:41 PM - Sep 24, 2023 7:45 PMAttempt 1 of Unlimited

Your quiz has been submitted successfully.

Attempt Score 70 %
Overall Grade (Highest Attempt) 70 %

Question 1 0 / 1 point

Which of the following can be used to map data flows through an

organization and the relevant security controls used at each point
along the way? (D5.1, L5.1.1)

A) Encryption

B) Hashing

C) Hard copy

D) Data life cycle

Hide question 1 feedback

Incorrect. Encryption is one type of control that can be used to protect data.

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Fsiteproxy.ruqli.workers.dev%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brig… 1/6
9/24/23, 8:47 PM Chapter 5: Security Operations Quiz

Question 2 1 / 1 point

Why is an asset inventory so important? (D5.2, L5.2.1)

A) It tells you what to encrypt

B) You can't protect what you don't know you have

C) The law requires it

D) It contains a price list

Hide question 2 feedback

Correct. The inventory records which assets the organization has, which gives
the organization the opportunity to protect those assets.

Question 3 1 / 1 point

Who is responsible for publishing and signing the organization's

policies? (D5.3, L5.3.1)

A) The security office

B) Human Resources

C) Senior management

D) The legal department

Hide question 3 feedback

Correct. Policies are direct organizational mandates from senior management.

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Fsiteproxy.ruqli.workers.dev%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brig… 2/6
9/24/23, 8:47 PM Chapter 5: Security Operations Quiz

Question 4 1 / 1 point

Which of the following is always true about logging? (D5.1, L5.1.3)

A) Logs should be very detailed

B) Logs should be in English

C) Logs should be concise

D) Logs should be stored separately from the systems they're logging

Hide question 4 feedback

Correct. It is important to store log data somewhere other than on the machine
where the data is gathered.

Question 5 0 / 1 point

A mode of encryption for ensuring confidentiality efficiently, with a

minimum amount of processing overhead (D5.1, L5.1.3)

A) Asymmetric

B) Symmetric

C) Hashing

D) Covert

Hide question 5 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Fsiteproxy.ruqli.workers.dev%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brig… 3/6
9/24/23, 8:47 PM Chapter 5: Security Operations Quiz

Incorrect. Hashing is not a form of encryption—it is a one-way conversion to

create a digest to ensure integrity.

Question 6 1 / 1 point

A ready visual cue to let anyone in contact with the data know what
the classification is. (D5.1, L5.1.1)

A) Encryption

B) Label

C) Graphics

D) Photos

Hide question 6 feedback

Correct. The label reflects the classification of a given piece of data.

Question 7 0 / 1 point

A set of security controls or system settings used to ensure

uniformity of configuration throughout the IT environment. (D5.2,
L5.2.1)

A) Patches

B) Inventory

C) Baseline

D) Policy

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Fsiteproxy.ruqli.workers.dev%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brig… 4/6
9/24/23, 8:47 PM Chapter 5: Security Operations Quiz

Hide question 7 feedback

Incorrect. Patches are updates or modifications to systems.

Question 8 1 / 1 point

What is the most important aspect of security awareness/training?

(D5.4, L5.4.1)

A) Protecting assets

B) Maximizing business capabilities

C) Ensuring the confidentiality of data

D) Protecting health and human safety

Hide question 8 feedback

Correct. There is nothing more important than health and human safety.

Question 9 1 / 1 point

Which entity is most likely to be tasked with monitoring and

enforcing security policy? (D5.3, L5.3.1)

A) The Human Resources office

B) The legal department

C) Regulators

D) The security office

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Fsiteproxy.ruqli.workers.dev%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brig… 5/6
9/24/23, 8:47 PM Chapter 5: Security Operations Quiz

Hide question 9 feedback

Correct. While the policy is dictated by senior management, the security office
is often tasked with monitoring/enforcing it.

Question 10 1 / 1 point

Which organizational policy is most likely to indicate which types of

smartphones can be used to connect to the internal IT
environment? (D5.3, L5.3.1)

A) The CM policy (change management)

B) The password policy

C) The AUP (acceptable use policy)

D) The BYOD policy (bring your own device)

Hide question 10 feedback

Correct. The BYOD policy typically describes which devices can be used to
process data and access networks belonging to the organization.

Congratulations, you passed the quiz!

You've achieved an overall grade of 70% or higher and completed this activity.

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Fsiteproxy.ruqli.workers.dev%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brig… 6/6