Security - Tq topic answers
Q1. Company A acquired Company B and they realize that their standard security policy documents do not match. They escalate this issue to the company's central Security team, who implements a plan to formalize security strategy, high-level responsibilities, policies and procedures around security of both companies. Which security principle is illustrated in this example?
2) Compliance
3) Availability
4) Governance
Q2. What is Accenture's approach when it comes to helping our clients with security?
1) Address the client's security risks only after they arrive. A data breach opens all doors on selling new security deals.
2) Help the client create a secure, in-house data center, that follows international regulations such as ISO 27001.
4) Create a universal security solution to fit the needs of all clients. Accenture's unique platform can be embedded in any client architecture.
Q3. How does a Red Team versus Blue Team exercise help an organization?
1) by redefining their security strategies to be more effective and proactive for the future integrations
2) by evaluating potential risks and assessing the business impacts from a nation sponsored threat
4) by creating policies to manage access levels for sensitive data and processes in the Cloud
Q4. Accenture is working with a client to improve their current security infrastructure. The client wants to redefine the security programs, create long-term plans for effective audits, and proactively plan against future threats. What might Accenture recommend to this client?
1) Develop a long-term security strategy which includes a risk management plan.
2) Create an improved operational technical security practice that leverages new and improved practices.
3) Use a complete offshore security practice of security experts to monitor security events. - ans
4) Create a cybersecurity team of internal, client team experts who partner with external experts whose focus is strictly internal audits.
Q5. An Accenture team working on a website development project grants access to its internal SharePoint site to several Software Developers. Following completion of the project, the Developers still have access to the team's content, posing the risk of a confidential data leak. What should the team do in such instances to avoid data leaks?
1) Provide all Accenture developers with access to the information and metrics even after project completion.
3) Move the confidential data to a new location.
4) Require users to sign a Non-Disclosure Agreement before granting permanent access to confidential data.
Q6. What is the first step to understand the potential impact to the business about a Security threat?
1) Have HR update the total number of employees per region.
2) Update the list of all assets, including the number of computers.
3) Perform a risk impact analysis.
4) Update all cloud related policies within the organization.
Q7. Accenture's iDefense team of Cyber Defense Analysts work tirelessly to gather the data needed to help clients make the best possible decisions about their security strategy and operations. Which Accenture service does this describe?
1) Applied Cybersecurity Services
2) Threat Intelligence Service
4) Data Security Service
Q8. When companies study the possibility of moving to the Cloud, they often perceive that security is a roadblock to making things happen quickly. What should Accenture tell a client about their capabilities?
1) Once an incident occurs, Accenture establishes controls to block accidental or malicious activities.
2) Accenture's security solution is so robust that it can be deployed on top of an existing system on the Cloud with no impact.
3) After monitoring the security solution, Accenture can provide a few additional personnel to develop workarounds.
Q9. Which term refers to the fraudulent practice of using email communication to induce individuals to divulge confidential or personal information?
2) Penetration testing
3) Financial fraud
4) Malware
Q10. A client wishes to update their legacy system even though there have been no security breaches since its implementation five years ago. If the client has not suffered any attacks, why is it still necessary to update their system?
1) Because only businesses with older systems are targeted by attackers.
2) Because new security threats emerge all the time.
3) Because all security updates are mandated by law.
4) Because implementing updates will speed up the system.
Q11. What is the goal of a Red versus Blue Team exercise?
2) To assess the capabilities of a prospective new hire for the security team.
3) To assess an existing security team's performance (people, process, and technologies in place) during an on-going cyber-attack.
4) To assess the effectiveness of a recent security inclusion and diversity training program.
Q12. Which action is appropriate for an organization to consider when integrating a new application or platform that deals with sensitive information?
1) Build all applications in the same programming language to enhance security.
2) Include security specialists at the beginning and throughout the process.
3) Copy the best practices of other organizations and implement them without changes.
4) Follow only proprietary best practices when designing an application to mitigate threats.
Q13. The European Union (EU)'s General Data Privacy Regulation (GDPR)) places a broad number of restrictions on the collection and transfer of individuals' personal data. A company based in the US that does business with several clients in the EU realizes that not all of its current security practices align with GDPR standards. The company drafts an action plan to address these issues and resolve them accordingly. Which security principle is illustrated in this example?
1) Governance
3) Risk Management
4) Confidentiality
Q14. An intruder with malicious intent breaks into an office and steals a hard drive containing sensitive information about the company's business. However, when attempting to access the drive's contents, the intruder is met with the company's authentication protocols and data encryption measures. What type of security is illustrated in this example?
1) Product Security
3) Cyber Intelligence
4) Governance
Q15. One of Accenture's clients is considering a major Cloud transformation project but is concerned about the time and costs associated with such an initiative. What should Accenture's security team focus on to address this particular client's concern?
1) Accenture will delay the migration if there are vulnerabilities present in the client's current systems.
2) Accenture is the only company that has the experience needed to implement major Cloud transformations.
3) Accenture's Information Security Team uses waterfall methodology to ensure the migration is fully documented.
Q16. An international airport approaches Accenture to help identify their existing security vulnerabilities. In which way can one of Accenture’s Red Team use its state-of-the-art tools and capabilities to help the client?
1) Brief the airlines about potential cyber threats in the market.
2) Hack into the air traffic control system to expose vulnerabilities and suggest remedies.
3) Create in-depth aviator simulations to help users steer clear of cyber security threats.
4) Work with the airport security team to ensure their employees know how to comply with international regulations.
Q17. A Development team begins work on a new software application and decides to involve the client's IT experts to ensure that security concerns are addressed on an ongoing basis throughout the project's lifecycle. Which security capability is responsible for securing the software?
1) Risk Management
2) Identity and Access Management
3) Application Security
4) Security Operations
Q18. Accenture's Security practice makes use of a number of accelerators when building solutions for our clients. What is the purpose of these accelerators?
1) to deploy and integrate security features in a shorter period of time
2) to reduce the turnaround time for investigating potential security incidents
3) to speed up connection times while accessing secure online applications
4) to decrease the length of the contracting process when selling to new security clients
Q19. What is the best-case scenario for employees to ensure the security standards in their virtual workspaces are the same as the physical office?
1) Use their enterprise password for their home devices for consistency with their work devices.
2) In a virtual environment such as a home, it's OK to leave the devices unlocked.
3) Use only company approved devices and software for business and client work.
4) Configure company applications to require single-factor authentication.
Q20. During the morning of a website launch for a new government sponsored healthcare portal, an unknown political rival, individual, or group gains access to the server. As a result, all individuals interested in accessing the website are unable to do so and instead are shown content for human rights campaigns. What was the likely reason for the attack?
1) A testing phase for what will be a larger threat to National Security.
2) A way to gain access to the server so the hacker can come back and request ransom.
3) Acts of cyberterrorism so that the hacker can highlight system failures.
4) Acts of hacktivism as a way for the hacker to spread messages for their own agenda.
Q21. What is one way new and relevant threats can be identified and documented?
1) by installing ransomware or malware
2) by searching for foreign government documents
3) by conducting threat intelligence research
4) by reading well-known malware books
Q22. An international pharmaceutical company is fully compliant with local and international regulations. However, they suffered a major data breach that exploited a six-month-old vulnerability. The CIO asked Accenture "How this can be possible?" How should Accenture respond?
1) Because compliance to local and international laws does not necessarily enforce security.
2) Because the local and international compliance laws conflict.
3) Because the security policy documentation was not kept up to date.
4) Because the Security Operations team does not handle compliance issues.
Q23. Following a client security incident, Accenture performs an in-depth analysis of every step taken by the attackers. Accenture can suggest permanent mitigations and then test the implementation. Which term describes this process?
1) Money Laundering
3) Firewall Performance Tuning.
4) Social Engineering
Q24. Why is it important for companies to plan for internal threats?
1) Because any employee with access to internal data represents a potential security risk.
2) Because internal threats are not considered as large of a risk as external risks.
3) Because internal attacks never make news headlines and are therefore underestimated.
4) Because an employee might not know how to exploit the company as effectively as an external hacker.
Q25. What do all Accenture's Cyber Fusion Centres (CFC) offer clients to help them think differently about the security journey ahead of them?
1) They offer detailed technology presentations, with many vendor booths in each CFC.
3) They utilize innovative cyber strategists that can drive merge and acquisitions.
4) They approach the client security problems always in the same way.
Q26. What is the goal of Penetration (Pen) Testing?
1) to simulate an actual threat and track whether employees can identify it
2) to find and exploit vulnerabilities in the environment and report them
3) to measure the system performance before and after migrating to the cloud
4) to calculate time spent and expenditures in recovering from damage
Q27. What is an example of an internal threat?
1) A contractor visits people.accenture.com page from their phone, trying to research a consultant.
2) An employee deletes all files associated with an important project on an internal server
3) A Data Analyst accesses an Excel data file on a team webpage and creates a pivot table with survey responses.
4) A contractor resets their company login password by answering security questions sent to a personal email address.
Q28. A software firm hires a security consultant to test its newly built platform's vulnerability to hackers. As part of testing, the consultant deliberately tries to access systems without authorization, and discovers some security breach vulnerabilities. The results of the test enable the firm to fix the potential breaches before the platform's launch and boost its resistance against real-time hacking. Which type of cyber defense activity is described in this scenario?
1) User Acceptance Testing
2) Functional Testing
4) Smoke Testing
Q29. What is the primary method of protecting sensitive data?
2) Anonymity
3) Obfuscation
4) Encoding
Q30. A solar energy company learns of several recent cyber-attacks targeting other companies in their industry and realizes they could be next. The company initiates an analysis to weigh the measures needed to counter the potential threat and minimizing the impact to their business in case those are exploited. Which security principle is illustrated in this example?
1) Governance
3) Risk Management
4) Accessibility
Q31. ABC Accounting is a medium-sized business that handles $1-2M in tax filings annually. Recently, they learned of malicious actors planning cyber-attacks to gain access to their records and destroy tax filings. How should the potential business impacts from a cyber-attack be assessed?
1) by undergoing a Risk Impact Analysis (RIA) evaluation
2) by using data analysis to detect issues in the network
3) by rejecting new user creation until more details can be determined
4) by implementing automated user creation processes
Q32. A Security team is working with a client to evaluate the security of data and IT functions that are most critical to the operation and success of their organization. Which three security goals align and prioritize security efforts to the business goals?
1) Identity, Access, and Authorization
2) Risk, Vulnerabilities, and Exploits
3) Malware, Viruses, and Ransomware
4) Confidentiality, Integrity, and Availability
Q33. Which statement describes one action that employees can take to help strengthen an organization's defenses?
1) Use VPN when devices are left unattended.
2) Use similar passwords across systems.
3) Report phishing attempts promptly upon discovery.
4) Contact security before updating software applications.
Q34. A company's authentication system recognizes that a user account just logged in from a different region than previous logins, and on a different device. Which concept of Security does this relate to?
1) Product Security
2) Identity and Access Management
4) Data Security
Q35. A large banking client recently completed migrating their entire organization to cloud. They need Accenture to help them assess how secure they are. What benefit would the client get from involving/utilizing Accenture's security team?
1) avoid only bank specific attacks such as money laundering
2) implement physical security services to protect access to the Cloud data centers
3) industry regulations and legal constraints keep Accenture from helping banks move to the Cloud
Q36. Company A acquired Company B and they realize that their standard security policy documents do not match. They escalate this issue to the company's central Security team, who implements a plan to formalize security strategy, high-level responsibilities, policies and procedures around security of both companies. Which security principle is illustrated in this example?
1) Compliance
2) Availability
4) Risk Management
Q37. A Product Manager has been given responsibility for overseeing the development of a new software application that will be deployed to a group of Accenture clients. What would be the most time-saving and cost-effective way for the Product Manager to address the new application's security considerations?
1) Design the application's security features after the application's initial build is complete.
3) Contract with an external vendor to develop a security solution separately from the main application.
4) Schedule development of security features after the application's Initial release.
Q38. Accenture is helping a major retailer migrate to the Cloud. The client has aggressive timelines and is worried that security will be compromised. How can Accenture help the client?
2) Accenture recommends that the additional security controls are not needed since the Cloud is secure by default.
3) Accenture should develop a custom solution and suggest a timeline extension.
4) Accenture should advise the client to wait until the next phase to implement security controls.
Q39. A large global retail corporation has experienced a security breach, which includes personal data of employees and customers. What would Accenture offer as the best solution to ensure enhanced security in the future?
1) strategies to identify vulnerabilities and create defenses against them
2) strategies to implement a hash algorithm across multiple data systems
3) solutions for formalizing governance and ensuring compliance with laws
4) solutions for developing improved applications and installing them
Q40. Why is it a priority to ensure Accenture's employees are knowledgeable about maintaining corporate cybersecurity practices?
1) Fortune 100 companies are the most likely targets for security failure.
2) Humans are most often the weakest link in any security program.
3) It is important that Accenture employees finish their E&C training.
4) Employees must respond to auditors conducting risk and compliance reviews.
Q41. Accenture has engaged with a new financial client who is looking for a comprehensive, company-wide security solution, and has operations in Europe. When designing the client's solution, what should be prioritized between Confidentiality. Integrity, and Availability (CIA)?
1) Confidentiality because of the industry and regulations followed by Integrity, then Availability.
2) Availability to protect the lives of the operators followed by Confidentiality, then Integrity
3) Integrity to make sure money is transferred to the appropriate accounts followed by Availability then Confidentiality.
4) Confidentiality, Integrity and Availability are strictly controlled by the European government.
Q42. Which term refers to the process of creating and deploying applications that are secure from the start?
1) Risk Management
3) Compliance Assessment
4) Waterfall
Q43. What is "defense in depth"?
1) security designed with multiple levels of fail-safe practices
2) security defense that is confidential, integrous, and available
3) when security is an ongoing process rather than a one-and-donel
4) when security is part of the design process and built in from the start
Q44. Which term refers to a process that is deployed to ensure the confidentiality and integrity of data while being stored or when it is transmitted?
1) Cloud Computing
2) Access Management
4) Security Operations
Q45. For what reason can security risks never be fully eliminated?
1) The threat landscape is constantly evolving with new threats emerging all the time.
2) There is no secure way to ensure the integrity of data when it is in transit.
3) Implementing new security measures is not important.
4) New security regulations make it impossible for organizations to evaluate security risks.
Q46. Which principle is in effect when an analyst has a lower level of access than a Client Account Lead (CAL) working on the same project?
1) The Privileges and Immunities Principle
2) The Principle of Least Privilege
3) The Principle of Superposition
4) The Principle of Known Threat Management
Q47. A large retail corporation is trying to minimize the possibility of a cyberattack on customer data. What would be a recommended strategy for preventing an attack?
1) Engage in penetration testing to uncover ways hackers might access the data.
2) Ensure compliance with applicable security standards for the retail industry.
3) Focus full attention and corporate resources on addressing known threats.
4) Focus on one potential threat and become experts in that type of threat protection.
Q48. A company's authentication system recognizes that a user account just logged in from a different region than previous logins, and on a different device. Which concept of Security does this relate to?
1) Identity and Access Management
2) Cyber Intelligence
3) Product Security
4) Data Security
Q49. Why should even small-sized companies be vigilant about security?
1) Cyberattacks often come from commercial competitors.
2) Smaller companies are not often targets of cyberattacks.
3) Smaller companies are more vulnerable to social engineering.
4) Cyberattacks are opportunistic regardless of company size.
Q50. Why does Accenture make training on client security, data security, and internal security mandatory?
1) employees are currently preventing security breaches
2) to build the most vibrant workforce in the world
3) because security is everyone's business
4) to align business management with IT
Q51. In addition to innovation, which strength can Accenture apply to help a global telecom solve security problems?
1) legitimacy and commercial experience
2) governance and tenancy knowledge
3) cadence expertise and closing experience
4) global experience and industry expertise
Q52. Why are Accenture's internal security practices important to clients?
1) Clients want to document the chain of responsibility.
2) Clients want a partner that values secure practices for itself.
3) Clients want to reduce their own internal security budget.
4) Clients want to eliminate the need for physical security.
Q53. Which technology trend do most cyber risk managers believe has made organizations more vulnerable to security compromises?
1) Digitization
2) digital currency
3) quantum computing
4) tiny Artificial Intelligence (Al)
Q54. An employee at a large global firm is sending a document with sensitive information to a co-worker in another country. How should the contents of the document be protected?
1) by using a risk management tool to ensure the data will be safe before sending
2) by complying with external security requirements- when transferring data
3) by updating the company's security software on the co-worker's machine
4) by using encryption to ensure the data can only be seen by the co-worker
Q55. The Human Resources department of a large company has set up a payroll system that can only be accessed by high-level employees. What concept is this an example of?
1) asset management
2) compliance
3) defense in depth
4) confidentiality
Q56. What is one way that Accenture can ensure that the Cloud is secure for a client?
1) blocking insecure configurations before they're made
2) developing accelerators to deploy custom-designed workflows
3) utilizing special software to analyze all data transactions
4) using waterfall methodology for design improvements
Q57. Which goal is Accenture trying to achieve by investing in security training for Accenture people?
1) improving the state of the world with technology
2) keeping ourselves and our clients secure
3) empowering every person and organization
4) aligning IT with business management
Q58. An employee receives a phone call from someone saying they are from the bank. The person claims the purpose of the call is to verify online security information. including passwords and account numbers. What kind of call is this?
1) access management
2) threat intelligence
3) multifactor authentication
4) social engineering
Q59. What is the MOST important reason for businesses to treat security as an ongoing priority?
1) Internal corporate sabotage is the dominant form of attack.
2) Cyber attackers are getting smarter and more sophisticated.
3) Effective cyber defense requires the most cutting-edge technology.
4) Protecting against cyberattacks requires deep technical knowledge.
Q60. A company uses an application that controls who can connect to a sensitive database and what they can do. What is this security feature called?
1) program and product management
2) identity and access management
3) governance and compliance
4) penetration testing
Q61. What does the term DevSecOps refer to?
1) using risk management analysis to ensure improved security of operations
2) creating governance policies to direct development and operational compliance
3) integrating security measures into software development and operations from the start
4) conforming to external security requirements while improving internal operations
Q62. According to cyber risk managers, what role has digitization played in an organization's security?
1) It has compressed the size of databases, so they are easy to secure.
2) The Cloud has helped them prevent security compromises.
3) The impact has been neutral when data is kept in the Cloud.
4) It has made them more vulnerable to security compromises.
Q63. What is IT Company A ’s approach when it comes to helping our clients with security?
Ans: Create a universal security solution to fit the needs of all clients. IT Company A ‘s unique platform can be embedded in any client architecture.
Q64. What does “The Principle of Least Privilege” mean as applied to security?
Ans: Each user should have only the absolute minimum permissions necessary to complete their current responsibilities.
Q65. IT Company A ’s Security practice makes use of a number of accelerators when building solutions for our clients. What is the purpose of these accelerators?
Ans: to deploy and integrate security features in a shorter period of time
Q66. One of IT Company A ’s clients is considering a major Cloud transformation project but is concerned about the time and costs associated with such an initiative. What should IT Company A ’s security team focus on to address this particular client’s concern?
Ans: IT Company A has developed accelerators that can deploy specific security controls to Cloud environments in just a few hours, thereby reducing costs.
Q67. An IT Company A team working on a website development project grants access to its internal SharePoint site to several Software Developers. Following completion of the project, the Developers still have access to the team’s content, posing the risk of a confidential data leak. What should the team do in such instances to avoid data leaks?
Ans: Review user access to confidential data, and disable access following project completion which is an Identity and Access Management function.
Q68. IT Company A is working with a client to improve their current security infrastructure. The client wants to redefine the security programs, create long-term plans for effective audits, and proactively plan against future threats. What might IT Company A recommend to this client?
Ans: Develop a long-term security strategy which includes a risk management plan.
Q69. IT Company A is helping a major retailer migrate to the Cloud. The client has aggressive timelines and is worried that security will be compromised. How can IT Company A help the client?
Ans: IT company A has developed accelerators that can deploy specific security controls in hours, a task that used to take months.
