Page : 1/10
1. What is the primary purpose of a Recovery Point Objective (RPO) in business continuity planning?
2. Which of the following is the best example of a compensating control in security operations?
3. What is the primary advantage of conducting tabletop exercises in an organization's incident response program?
4. Which of the following is the best example of a detective control in security operations?
5. Which of the following best describes a hot site in disaster recovery planning?
Page : 2/10
6. What is the primary purpose of a warm site in disaster recovery planning?
7. Which of the following types of attacks can be detected using an Intrusion Detection System (IDS)?
8. What is the main difference between an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS)?
9. Which of the following is a primary purpose of implementing log retention policies in an organization?
10. What is the purpose of the concept of least privilege in security operations?
Page : 3/10
11. Which of the following is the best example of a preventive control?
12. Which of the following is a characteristic of a cold site in disaster recovery planning?
13. Which type of backup strategy only backs up data that has changed since the last backup of any type?
14. Which of the following types of plans focuses on the long-term recovery of business operations after a major disruption?
15. Which of the following is a primary function of a Security Information and Event Management (SIEM) system?
Page : 4/10
16. Which of the following best describes the purpose of conducting a root cause analysis after a security incident?
17. Which of the following controls is most effective in reducing the risk of insider threats?
18. What is the Recovery Time Objective (RTO) in disaster recovery planning?
19. Which of the following security controls is most effective in detecting unauthorized access to systems?
20. Which of the following actions is an example of a preventive control in security operations?
Page : 5/10
21. What is the primary security benefit of implementing separation of duties within an organization?
22. What is the primary role of a configuration management process in security operations?
23. Which of the following describes a warm site in disaster recovery planning?
24. Which of the following statements about a Business Continuity Plan (BCP) is correct?
25. Which of the following is the best description of a honeypot in a network environment?
Page : 6/10
26. Which of the following controls would best help prevent collusion between employees in a critical process?
27. What is the primary purpose of mandatory vacation as a security control?
28. Which of the following best describes the concept of "least privilege" in security operations?
29. Which of the following is considered a corrective control in security operations?
30. Which of the following activities is typically performed during the containment phase of an incident response?
Page : 7/10
31. What is the primary goal of business continuity planning (BCP)?
32. What is the main advantage of using a Security Operations Center (SOC) in an organization?
33. What is the main objective of conducting regular security audits in an organization?
34. Which of the following best describes log retention policies in security operations?
35. Which of the following disaster recovery strategies requires the longest time to become operational after a disaster?
Page : 8/10
36. What is the primary objective of forensics in the context of security operations?
37. Which of the following backup types only backs up data that has changed since the last full backup, regardless of any other backups taken?
38. What is the purpose of a configuration baseline in security operations?
39. What is the primary objective of implementing a Data Loss Prevention (DLP) solution in an organization?
40. Which of the following is an appropriate detective control to monitor employee behavior within an organization?
Page : 9/10
41. Which of the following security practices helps reduce collusion and insider threats?
42. Which of the following describes a corrective control?
43. In the context of backups, what does a differential backup do?
44. Which of the following is an example of a detective control in security operations?
45. What is the purpose of vulnerability management in security operations?
Page : 10/10
46. What is the purpose of a business impact analysis (BIA) in the context of business continuity planning?
47. Which of the following best describes job rotation as a security practice?
48. What is the primary purpose of logging and monitoring in security operations?
49. Which of the following disaster recovery strategies provides the fastest recovery time but is also the most expensive to maintain?
50. Which of the following activities is typically part of the change management process in security operations?