1. What is the primary goal of Information Assurance (IA)? A) Ensuring that data is available only to authorized users B) Protecting the physical components of a computer network C) Guaranteeing that all data is stored in a centralized location D) Providing training for employees on cybersecurity threats Answer: A) Ensuring that data is available only to authorized users Rationale: The primary goal of IA is to ensure that information is accessible to authorized users when needed and protected from unauthorized access. 2. Which of the following best describes the concept of 'least privilege' in security management? A) Users should be granted the minimum levels of access—or permissions—needed to perform their job functions. B) Privileges should be given to the least number of users possible. C) The least sensitive data should be protected with the highest level of security. D) Users should have privileges that are reviewed at the least frequent intervals possible. Answer: A) Users should be granted the minimum levels of access—or permissions—needed to perform their job functions. Rationale: The principle of 'least privilege' aims to minimize risk by providing only the access necessary to perform required tasks. 3. In the context of incident handling, what is the FIRST step that should be taken after identifying a security incident? A) Eradication of the threat B) Containment of the incident C) Notification of stakeholders D) Recovery of affected systems Answer: B) Containment of the incident Rationale: Containment is crucial to prevent further damage or spread of the incident, and it precedes eradication, recovery, and notification in the incident response process. 4. Which legal act requires U.S. federal agencies to develop, document, and implement an agency-wide program to provide information security?