Please choose the correct answer from the followingWhat does the attack surface of an organization comprise?Only unpatched vulnerabilitiesOnly user risk factorsOnly entry pointsEntry points, unpatched vulnerabilities, misconfigurations, and user risk factors

7.Question 7Which of the following are types of attack surfaces? Select three answers.1 pointNetwork routersComputer workstationsCloud serversMalicious software

Please choose the correct answer from the followingWhat is a characteristic feature of the attack surface in terms of its size and opportunities for attackers?Smaller attack surface, fewer opportunities for attackersLarger attack surface, fewer opportunities for attackersLarger attack surface, more opportunities for attackersThe size of the attack surface does not affect attacker opportunities

Please choose the correct answer from the followingWhich of the following is NOT typically considered part of an enterprise’s attack surface?Web ApplicationsEmail SystemsEmployee behaviorCorporate financial policies

1.Question 1Fill in the blank: Security posture refers to an organization’s ability to react to _____ and manage its defense of critical assets and data.1 pointcompetitionsustainabilitytaskschange2.Question 2Which of the following examples are key focus areas of the security and risk management domain? Select three answers.1 pointConduct control testingDefine security goalsFollow legal regulationsMaintain business continuity3.Question 3What term describes an organization's ability to maintain its everyday productivity by establishing risk disaster recovery plans?1 pointRecoveryBusiness continuityMitigationDaily defense4.Question 4What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?1 pointRemote servicesEmployee retention Secure codingShared responsibility 5.Question 5A security analyst verifies users and monitors employees’ login attempts. The goal is to keep the business’s assets secure. Which security domain does this scenario describe?1 pointCommunication and network securitySecurity assessment and testingSecurity operationsIdentity and access management 6.Question 6A security analyst is asked to conduct a security audit to identify vulnerabilities. Which security domain is this task related to?1 pointSoftware development securitySecurity architecture and engineeringSecurity assessment and testingCommunication and network security7.Question 7Fill in the blank: When working in the software development security domain, security team members can use each phase of the software development _____ to conduct security reviews and ensure that security can be fully integrated into software products.1 pointsequencinglifecyclehandlingoperations8.Question 8Which of the following statements accurately describe risk? Select all that apply.1 pointIf compromised, a low-risk asset would not require ongoing monitoring or action.Determining whether a risk is low, medium, or high depends on the possible threat and the asset involved.If compromised, a medium-risk asset may cause some damage to an organization's reputation. Assets with SPII, PII, or intellectual property are examples of high-risk assets.9.Question 9A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?1 pointLoss of identityIncrease in profitsLack of engagementDamage to reputation10.Question 10Fill in the blank: In the Risk Management Framework (RMF), the _____ step might involve implementing a plan to change password requirements in order to reduce requests to reset employee passwords.1 pointimplementauthorizecategorizeprepare

Question 6Which domain involves optimizing data security by ensuring that effective tools, systems, and processes are in place?1 point Security architecture and engineeringSecurity and risk managementCommunication and network securityIdentity and access management