Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > Domain 2.0 Compliance & Op Security > Flashcards

Domain 2.0 Compliance & Op Security Flashcards

0
Q

Which of the following is used to describe a situation where an alert is sent to an adminstrator when an event is mistakenly recognized as malicious?

A. True negative
B. True positive
C. False negative
D. False positive

A

D. False positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

Which of the following is implemented via technical control?

A. Business continuity planning
B. Principle of least privilige
C. Background checks
D. Perimeter breach detection

A

B. Principle of least privilige

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What business security policy focuses on directing subjects to perform business tasks and avoid wasting resources?

A. Acceptable Use Policy
B. Service Level Agreement
C. Retention Policy
D. Business Continuity Plan

A

A. Acceptable Use Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is a valid formula for calculating ALE?

A. Total risk + controls gap
B. Vulnerabilities & Asset Value & risk
C. AV x EF x ARO
D. 802.1x + x.500

A

C. AV x EF x ARO

This means
Annual Loss Expectancy =
Asset Value) x (Exposure Factor) x (Annual Rate of Occurence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is not a valid response to risk?

A. Outsourcing
B. Implementing a safeguard
C. Ignore it until the next budget year
D. Obtaining insurance

A

C. Ignore it until the next budget year

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

After the security policy is written, inventories are crafted, and maps of the physical and logical layouts are drawn, what must be performed in order to allow for reasonable recovery in the event of a disaster years after the initial implementation of the infrastructure?

A. Online access to procedures
B. Maintaining change documentation
C. Weekly backups stored onsite
D. Paper copies of policies

A

B. Maintaining change documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the greatest threat to organizations from removable media that is used as part of normal day-to-day work tasks?

A. Intellectual property theft
B. Spread of email hoaxes
C. Data corruption
D. Social Engineering

A

A. Intellectual property theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a primary goal of Auditing?

A. Check compliance with security policy
B. Prevent users from performing any personal tasks
C. Limiting information access to external entities
D. Training personal in regards to security

A

A. Check compliance with security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following forms of data is least volatile?

A. Data stored in cache
B. Network connections
C. Flash memory in a desk drawer
D. An internal hard drive

A

C. Flash memory in a desk drawer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the chain of custody?

A. Documentation of the owners since the original retail purchase date
B. An accounting of all responsible parties who handled or had access to the evidence
C. A computer lock used to prevent theft of portable devices
D. A forensic tool used to extract hidden data from hard drive slack space

A

B. An accounting of all responsible parties who handled or had access to the evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When an IDS alerts the administrator that an intrusion is taking place, what is often the first action the first responder should perform?

A. Containment
B. Reconstitution
C. Contact law enforcement
D. Restore files from backup

A

A. Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following does not represent PII?

A. Phone number
B. User name
C. Fingerprint
D. Favorite dessert

A

D. Favorite dessert

PII - Personally Identifiable Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

After awareness training, which of the following is the next best countermeasure against social engineering?

A. Implementing multi-factor authentication
B. Updating the disaster recovery plan
C. Restricting the flow of information through the use of security labels
D. Obtaining a certification through taking an exam

A

C. Restricting the flow of information through the use of security labels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does a clean desk policy require?

A. Desks are free from debris or overt signs of wear and use
B. Anti-bacterial wipes are used to prevent the spread of germs and disease
C. Paperwork is files away at the end of every work period
D. A user desktop must only contain OS elements

A

C. Paperwork is files away at the end of every work period

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Business impact analysis is the act of performing a risk assessment on what element or aspect of an organization?

A. SLAs
B. Processes
C. Assets
D. Finances

A

B. Processes

SLA - Service Level Agreements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When an organization experiences a security breach that results in a reduction but not interruption of throughput, what response is to be triggered?

A. Business continuity
B. Disaster recovery
C. Legal investigation
D. Privilege escalation

A

A. Business continuity

16
Q

What is succession planning?

A. Planning the roll out of incremental improvements in a product over multiple sequential version releases
B. The act of configuring a bridge trust between two root certificate servers
C. A form os DoS that involves crashing systems to trigger a domino effect
D. Prepping candidates for the replacement of a senior executive

A

D. Prepping candidates for the replacement of a senior executive

17
Q

Along with temperature, HVAC is used to manage what other important aspect of the environment?

A. Fire
B. Humidity
C. Magnetic fields
D. Capacitance

A

B. Humidity

18
Q

What is the HVAC implementation that alternates airway passages located between walls of rack mounted systems as air vent and air return commonly known as?

A. Cyclone circulation
B. RAID C/F
C. Hot and cold aisles
D. Convection systems

A

C. Hot and cold aisles

19
Q

Failing to manage humidity can result in condensation or what other problem?

A. Chip creep
B. ESD
C. Ionization and ozone accumulation
D. Overheating

A

B. ESD

ESD - Electrostatic Discharge

20
Q

High availability of a resource could be achieved through the implementation of what service?

A. SSD storage
B. Offsite backups
C. Clustering
D. Optical network links

A

C. Clustering

21
Q

Which of the following can be described as the amount of data loss that can be survived or accepted as measured in time?

A. Maximum tolerable downtime
B. Mean time between failures
C. Recovery time objective
D. Recovery point objective

A

D. Recovery point objective

22
Q

Which of the following provides the most likely option for organizations to recover in the event of a disaster, but which is not considered cost effective?

A. Cold site
B. Service bureau
C. Hot Site
D. Reciprocal agreement

A

C. Hot Site

23
Q

When malicious code corrupts data, what security service has been violated?

A. Privacy
B. Integrity
C. Confidentiality
D. Authentication

A

B. Integrity

Security+ (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions