Question 71: ____________ in HR recruiting platforms could be the reason your company is hiring more men than women.
A. False rejection
B. AI bias
Correct Answer:
B. AI bias
Explanation:
AI bias is caused by false assumptions made during the system’s machine learning process.
False rejection — also known as a type I error — is a mistake made by biometric security systems.
Since the field of AI is dominated by men, it is more likely for the engines to display biases toward men over women. This gender bias in AI algorithms is widespread, affecting most companies that use HR recruitment platforms. Understand how AI bias is impacting HR and discover how it might be possible to create unbiased AI.
Question 72: _____________ is used to assess employees’ execution of tasks and projects in real time.
A. Performance management software
B. Technology-assisted review (TAR)
Correct Answer:
A. Performance management software
Explanation:
Performance management software is designed to replace the annual performance review process by supplying real-time performance tracking, goal setting and feedback.
Technology-assisted review (TAR) — also known as computer-assisted review or predictive coding — refers to the use of software to search through relevant documents for the purposes of e-discovery.
Performance management software can benefit organizations and enable them to build a repository of employee skills, training and performance. These analytics can be used to detect workforce trends and better align talent with the bottom line. Explore some of the best practices for continuous performance management and learn why formal performance review processes are still important.
Question 73: VMware, Microsoft and Citrix are unifying their portfolios of end-user computing (EUC) products and marketing them as _______________.
A. WeWork workspaces
B. Digital workspaces
Correct Answer:
B. Digital workspaces
Explanation:
A digital workspace is the general term for a technology framework that centralizes the management of an enterprise’s applications, data and endpoints, allowing employees to collaborate and work remotely.
WeWork workspaces are physical office spaces that the WeWork company rents out to startup companies, small business and large enterprises.
Several major software companies, such as VMware, Microsoft and Citrix, are currently competing in the market with their digital workspace products. Workspaces are becoming more popular because they can potentially benefit companies by creating a more inspired and engaged workforce. Discover the challenges of a workspace platform deployment and take a look to the future and see what we expect to happen with digital workspaces in 2020.
Question 74: When conducting a user access review to prevent malicious attacks or internal mistakes, which is true of user responsibilities and privileges?
A. They cannot vary for two people hired at the same time.
B. They vary based on employee seniority.
C. They cannot vary for two people in the same role.
D. They can vary for two people in the same role.
Correct Answer:
D. They can vary for two people in the same role.
Explanation:
Responsibilities and privilege can vary for two people in the same role. Many access privileges are granted based on an individual’s role, department or responsibility. However, conducting user access reviews may reveal that a more granular approach is required to ensure database and application security.
Question 75: Which of the following is accepted as the strongest encryption algorithm currently available?
A. TLS
B. Advanced Encryption Standard (AES) 128
C. AES 256
D. AES 192
Correct Answer:
C. AES 256
Explanation:
Organizations with the most sensitive data to transmit and secure should opt for AES 256, which is accepted as the strongest encryption algorithm currently available. AES is the accepted standard based on NIST guidelines and can be used in 128- and 192-bit variants. These options are suitable for organizations with encryption speed and resource use priorities.
Question 76: Which of the following is not a key step in the process of properly testing applications for security vulnerabilities?
A. Determining which applications you have that are in scope and in need of testing
B. Assuming SaaS vendors or hosting providers conduct the necessary vulnerability and penetration testing
C. Understanding the specific requirements for the application security testing process
D. Performing or outsourcing the testing using known methodologies and proven tools
Correct Answer:
B. Assuming SaaS vendors or hosting providers conduct the necessary vulnerability and penetration testing
Explanation:
To properly test applications for security vulnerabilities, you must determine which apps are in need of testing, understand the requirements of the testing process and perform or outsource the test using known and proven tools. Never assume hosting providers of cloud applications are responsible for app testing.
Question 77: Since today’s applications will likely need to integrate with one or more databases, software developers can benefit by learning the following database language(s):
A. SQL
B. NoSQL
C. MySQL
D. Both SQL and NoSQL
Correct Answer:
D. Both SQL and NoSQL
Explanation:
Software developers can benefit from a preliminary understanding of data structures, algorithms and database languages, such as SQL and NoSQL. Those who acquire these database integration and management skills are better equipped to create applications that can process vast quantities of data.
Question 78: What is the best method to secure data in use (information that is being processed, accessed or read) and data in motion (information that is being transported between systems)?
A. Enforcing role-based access to the data
B. Encrypting data when it’s traversing internal or external networks
C. Obtaining proper visibility to detect breaches, assess damage and provide actionable remediation steps
D. All of the above
Correct Answer:
D. All of the above
Explanation:
To secure data in use and in motion, organizations should enforce role-based access and encrypt data traversing internal and external networks, as well as ensure visibility that enables timely network detection and response.
Question 79: To mitigate the damage of ransomware attacks and other incidents, organizations can incorporate the 3-2-1 method of backup into their data security strategy, consisting of:
A. Three types of storage, two copies of the data and one copy stored on premises
B. Three copies of the data, stored on two different types of storage and one copy stored off-site
C. Three copies of the data, using two-factor authentication to access and one copy stored off-site
D. Three copies of the data, using two-factor authentication to access and one tape backup stored offline
Correct Answer:
B. Three copies of the data, stored on two different types of storage and one copy stored off-site
Explanation:
One effective way to improve enterprise data security is to monitor where copies of data are by implementing the 3-2-1 method of data backup. This entails having three copies of the data — one primary and two backups — stored on two different types of storage and one copy of the data stored off-site.
Question 80: Voice ID, fingerprint scan and iris recognition are each examples of:
A. Data protected by PCI DSS
B. Biometric authentication factors
C. Security tokens
D. IoT technology
Correct Answer:
B. Biometric authentication factors
Explanation:
Voice ID, fingerprint and iris scans, and facial recognition are examples of biometric authentication factors. Biometrics are mostly used as one part of two- or multifactor authentication processes to improve an enterprise’s security posture.