-
web.groovymark@gmail.com
- November 20, 2024
Question 41
A company discovers a security vulnerability but decides to delay implementing a fix due to operational concerns. What type of risk management strategy is this?
a) Avoidance
b) Mitigation
c) Transference
d) Acceptance
Correct Answer: d) Acceptance
Explanation: Risk acceptance occurs when an organization decides to tolerate the potential risk of a security vulnerability rather than taking immediate action to address it.
Question 42
Which law requires websites that cater to children to provide privacy policies and obtain parental consent before collecting data?
a) COPPA
b) GDPR
c) HIPAA
d) CAN-SPAM Act
Correct Answer: a) COPPA
Explanation: The Children's Online Privacy Protection Act (COPPA) requires websites that collect information from children under 13 to provide privacy policies and obtain parental consent.
Question 43
Which technique helps ensure the confidentiality of a message by scrambling its contents?
a) Data mining
b) Encryption
c) Digital signatures
d) Firewalls
Correct Answer: b) Encryption
Explanation: Encryption scrambles data into an unreadable format that can only be deciphered by those with the proper encryption key, ensuring the confidentiality of the message.
Question 44
What is the ethical issue raised when a company continues to use outdated software that exposes users to security vulnerabilities?
a) Lack of transparency
b) Data integrity
c) Breach of duty
d) Conflict of interest
Correct Answer: c) Breach of duty
Explanation: Failing to update software and exposing users to security risks can be considered a breach of duty, as it neglects the organization's responsibility to protect users.
Question 45
A company decides to sell its customer database to a third party without notifying the customers. Which principle of data privacy does this violate?
a) Data availability
b) User consent
c) Data integrity
d) Accountability
Correct Answer: b) User consent
Explanation: Selling customer data without their consent violates the privacy principle that users must agree to how their data is shared and used by third parties.
Question 46
A manager asks employees to use the company’s system to send personal emails during work hours. What type of ethical issue does this raise?
a) Misrepresentation
b) Conflict of interest
c) Data integrity
d) Lack of transparency
Correct Answer: b) Conflict of interest
Explanation: Asking employees to use company resources for personal purposes during work hours creates a conflict of interest between the company's goals and the employees' personal activities.
Question 47
Which technique can help a company prevent unauthorized access to its system by verifying the identity of users before granting access?
a) Encryption
b) Data mining
c) Two-factor authentication
d) Firewalls
Correct Answer: c) Two-factor authentication
Explanation: Two-factor authentication requires users to provide two forms of identification before gaining access to a system, enhancing security and preventing unauthorized access.
Question 48
A company fails to adequately protect its network from cyberattacks and suffers a data breach. What principle of the CIA triad has been compromised?
a) Confidentiality
b) Integrity
c) Accountability
d) Availability
Correct Answer: a) Confidentiality
Explanation: When a data breach occurs, confidentiality is compromised because unauthorized individuals gain access to sensitive information that should have been protected.
Question 49
Which type of cyberattack involves sending fraudulent emails to a targeted individual to trick them into revealing personal information?
a) Smishing
b) Spear phishing
c) Vishing
d) Logic bomb
Correct Answer: b) Spear phishing
Explanation: Spear phishing is a targeted phishing attack that uses fraudulent emails to trick specific individuals into revealing sensitive information, such as passwords or financial details.
Question 50
Which component of the CIA triad ensures that authorized individuals can access data when needed?
a) Integrity
b) Availability
c) Confidentiality
d) Accountability
Correct Answer: b) Availability
Explanation: Availability ensures that authorized users can access data and systems when needed, maintaining system uptime and ensuring business continuity.
