251-300 Flashcards
A security administrator plans on replacing a critical business application in five years. Recently, there was a security flaw discovered in the application that will cause the IT department to manually re-enable user accounts each month at a cost of $2,000. Patching the application today would cost $140,000 and take two months to implement.
Which of the following should the security administrator do in regards to the application?
D.
Accept the risk and continue to enable the accounts each month saving money
This is a risk acceptance measure that has to be implemented since the cost of patching would be too high compared to the cost to keep the system going as is. Risk acceptance is often the choice you must make when the cost of implementing any of the other four choices (i.e. risk deterrence, mitigation, transference or avoidance) exceeds the value of the harm that would occur if the risk came to fruition.
Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for problem resolution.
Which of the following MUST be considered prior to sending data to a third party?
C.
This may violate data ownership and non-disclosure agreements
With sending your data to a third party is already a risk since the third party may have a different policy than yours. Data ownership and non-disclosure is already a risk that you will have to accept since the data will be sent for debugging /troubleshooting purposes which will result in definite disclosure of the data.
An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame.
Which of the following strategies would the administrator MOST likely implement?
A.
Full backups on the weekend and incremental during the week
A security administrator needs to update the OS on all the switches in the company.
Which of the following MUST be done before any actual switch configuration is performed?
C.
The request needs to be approved through the change management process.
Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. Thus, the actual switch configuration should first be subject to the change management approval.
Developers currently have access to update production servers without going through an approval process.
Which of the following strategies would BEST mitigate this risk?
D.
Change management
Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. This structured approach involves policies that should be in place and technological controls that should be enforced.
Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems?
C.
Change management
Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. In this case ‘performing updates to business critical systems.
The network administrator is responsible for promoting code to applications on a DMZ web server.
Which of the following processes is being followed to ensure application integrity?
C.
Application change management
Change management is the structured approach that is followed to secure a company’s assets.
Promoting code to application on a SMZ web server would be change management.
Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages?
B.
Change management
Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. In this case ‘scheduled system patching’.
A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel.
Which of the following should be in place to meet these two goals? (Choose two.)
B.
Change Control Policy
D.
Regression Testing Policy
A backout (regression testing) is a reversion from a change that had negative consequences. It could be, for example, that everything was working fine until you installed a service pack on a production machine, and then services that were normally available were no longer accessible. The backout, in this instance, would revert the system to the state that it was in before the service pack was applied. Backout plans can include uninstalling service packs, hotfixes, and patches, but they can also include reversing a migration and using previous firmware. A key component to creating such a plan is identifying what events will trigger your implementing the backout.
A change control policy refers to the structured approach that is followed to secure a company’s assets in the event of changes occurring.
A user has received an email from an external source which asks for details on the company’s new product line set for release in one month. The user has a detailed spec sheet but it is marked “Internal Proprietary Information”.
Which of the following should the user do NEXT?
B.
Contact the help desk and/or incident response team to determine next steps
Which of the following is BEST carried out immediately after a security breach is discovered?
D.
Incident management
Incident management is the steps followed when security incident occurs.
A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information.
Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?
D.
Incident management
Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The events that could occur include security breaches.
Requiring technicians to report spyware infections is a step in which of the following?
C.
Incident management
Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets).
Which of the following is the BEST approach to perform risk mitigation of user access control rights?
B.
Perform routine user permission reviews.
Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so on. User permissions may be the most basic aspect of security and is best coupled with a principle of least privilege. And related to permissions is the concept of theaccess control list (ACL). An ACL is literally a list of who can access what resource and at what level. Thus, the best risk mitigation steps insofar as access control rights are concerned, is the regular/routine review of user permissions.
An internal auditor is concerned with privilege creep that is associated with transfers inside the company.
Which mitigation measure would detect and correct this?
A.
User rights reviews
A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. This means that a user rights review will reveal whether user accounts have been assigned according to their ‘new’ job descriptions, or if there are privilege creep culprits after transfers has occurred.
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation.
Which of the following BEST describes the procedure and security rationale for performing such reviews?
A.
Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
Reviewing user permissions and group memberships form part of a privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation.
Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy.
Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?
A.
User rights and permissions review
Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation and their job descriptions. Also, reviewing user rights and permissions will afford the security analyst the opportunity to put the principle of least privilege in practice as well as update the security policy
After an audit, it was discovered that the security group memberships were not properly adjusted for employees’ accounts when they moved from one role to another.
Which of the following has the organization failed to properly implement? (Choose two.)
B.
User rights and permission reviews.
E.
Management controls over account management.
Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation andtheir job descriptions since they were all moved to different roles.
Control over account management would have taken into account the different roles that employees have and adjusted the rights and permissions of these roles accordingly.
The security administrator is currently unaware of an incident that occurred a week ago.
Which of the following will ensure the administrator is notified in a timely manner in the future?
D.
Routine auditing
Routine audits are carried out after you have implemented security controls based on risk. These audits include aspects such as user rights and permissions and specific events.
The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture.
Which of the following risk mitigation strategies is MOST important to the security manager?
C.
Routine audits
After you have implemented security controls based on risk, you must perform routine audits. These audits should include reviews of user rights and permissions as well as specific events. You should pay particular attention to false positives and negatives.
