1.

<Easy/Mid question>

We want our employees to be able to access our internal network over the internet from an external connection. For this implementation we also want to make sure attackers are not able to gain access pretending to be authorized users. Which of these technologies would make it the MOST secure?

2.

<Easy/Mid question>

Which type of access control model is based on a subject’s clearance?

3.

<Hard question>

Natalie is performing a risk assessment. She has been given the list of assets and owners of each asset. Harry is developing the list of Exposure Factors for each identified threat that is realized. What does Natalie need to ask the asset owners, in order to derive the Single Loss Expectancy?

4.

<Easy/Mid question>

We are in a court where the evidence must be “the majority of the proof.” Which type of law does that relate to?

5.

<Hard question>

Our organization is spread across many smaller offices across the country. Which of these would present the LARGEST security risk?

6.

<Hard question>

Which of these is the MOST important ability we should look for when we are interviewing candidates for a new CISO (Chief Information Security Officer) for our organization?

7.

<Hard question>

We are a financial institution and changes are being made to some of the security aspects of the PCI-DSS standard. What should our Information Security manager do FIRST?

8.

<Easy/Mid question>

Which of these, if used right, is the MOST secure form of “something you have” authentication?

9.

Looking at the governance of our organization, we can use policies, standards, procedures, or other frameworks. Which of these characteristics would BEST describe our policies?

10.

<Hard question>

As configuration manager for an application, Francis checks the daily message digests of the files stored on ten production servers, and finds one server has different message digests for three configuration files. What is the BEST action Francis should do?