Module 14

Question 1

Which of the following is a document that outlines specific requirements or rules that must be met?

Policy
Guideline
Specification
Framework

Answer 1

Policy - Correct. A policy is a document that outlines specific requirements or rules that must be met.

Question 2

Which of the following is NOT an element that should be part of a BCP?

High availability
Diversity
Robustness
Scalability

Answer 2

Robustness - Correct. Robustness is not part of a BCP.

Question 3

Which of the following is NOT true about RAID?

• Nested levels can combine other RAID levels.
• It can be implemented in hardware or software.
• The most common levels of RAID are Level 0, 1, 5, 6, and 10.
• It is designed primarily to backup data.

Answer 3

It is designed primarily to backup data. - Correct. Although all levels of RAID except Level 0 can offer protection from a single drive failure, RAID is not intended to replace data backups but only to provide increased reliability and performance.

Question 4

Which of the following is a federal initiative that is designed to encourage organizations to address how critical operations will continue under a broad range of negative circumstances?

COOP
MTBF
DPPR
BIA

Answer 4

• Correct. Continuity of operation planning (COOP) is a federal initiative that is intended to encourage organizations (and departments with an organization) to address how critical operations will continue under a broad range of negative circumstances. A COOP plan addresses emergencies from an “all-hazards approach” instead of focusing more narrowly on a specific event.

Question 5

What do servers connected in a cluster use to communicate with each other?

• Shared disk connection
• Public cluster connection
• Private cluster connection
• Independent cluster connection

Answer 5

Correct. Servers in a cluster communicate through a private cluster connection to ensure a smooth user experience.

Question 6

You are a security admin for an enterprise, and you were asked to ensure high availability of data using redundancy. Which of the following action should you perform?

• Store the same data in different devices in a single location
• Store different types of data on different devices in a single location
• Store different types of data on different devices across different locations
• Store the same data in different devices across different locations

Answer 6

Correct. Storing the same data on different devices across different locations provides high availability of data through redundancy.

Question 7

You want to examine every future login attempt made on the enterprise devices. Which of the following windows group policy settings should you enable to make sure every login attempt is logged?

Network location
Account audits
Password history
Password reuse

Answer 7

Correct. Account audits log every login attempt when enabled.

Question 8

“Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts.” “All computers and laptops should be secured with a password-protected screensaver, setting the automatic activation feature set at 10 minutes or less, or logging off when the host is unattended.”

Which policy includes these directives?

• Onboarding and offboarding
• Least Privilege
• Separation of duties
• Acceptable use policy

Answer 8

Correct. An acceptable use policy (AUP) is a policy that defines the actions users may perform while accessing systems and networking equipment.

Question 9

Which of the following is an agreement that ensures an employee does not misuse enterprise data?

Data protection agreement
Impossible travel policy
Nondisclosure agreement
Acceptable use policy

Answer 9

Correct. New hires are often required to sign an employee nondisclosure agreement (NDA) to make it clear that they may not disclose trade secrets and confidential information without permission.

Question 10

You are asked to construct a server cluster to provide resilience to the webserver hosted by your enterprise. Which of the following clustering systems should you implement to ensure the standby server only works when the other server fails?

Symmetric
Independent
Asymmetric
Unique

Answer 10

• Correct. In asymmetric clustering systems, the standby server only works when the other server fails.

Question 11

You are working as a cybersecurity expert in an enterprise. While examining the newly established enterprise network, you found that when a request to write data to the drive is made, the controller sends that request to each drive. When a read action is required, the data is read twice, once from each drive. Which type of RAID is used in the newly established network?

RAID level 5
RAID level 6
RAID level 1
RAID level 0

Answer 11

Correct. RAID level 1 uses disk mirroring, which stores the same data on different drives, for fault tolerance.

Question 12

Which of the following can a UPS NOT perform?

• Disconnect users and shut down the server
• Prevent any new users from logging on
• Prevent certain applications from launching that will consume too much power
• Notify all users that they must finish their work immediately and log off

Answer 12

Correct. A UPS cannot prevent specific applications from launching to limit power consumption.

Question 13

Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?

Cold site
Hot site
Replicated site
Warm site

Answer 13

Correct. A hot site is generally run by a commercial disaster recovery service that allows a business to continue computer and network operations to maintain business continuity. A hot site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running, including office space and furniture, telephone jacks, computer equipment, and a live telecommunications link.

Question 14

What device is always running off its battery while the main power runs the battery charger?

Secure UPS
Backup UPS
Offline UPS
Online UPS

Answer 14

Correct. An online UPS is always running off its battery while the main power runs the battery charger. An advantage of an online UPS is that it is not affected by dips or sags in voltage. An online UPS can clean the electrical power before it reaches the server to ensure that a correct and constant level of power is delivered to the server. The online UPS also can serve as a surge protector, which keeps intense spikes of electrical current—common during thunderstorms—from reaching systems.

Question 15

You are assigned to install multiple physical paths between devices and the SAN so that an interruption in one path will not affect communication. Which of the following techniques should you implement to manage the risk of interruption?

PDU
UPS
Multipath
NIC teaming

Answer 15

Correct. Multipath is a technique for creating more than one physical path between devices and a SAN. If one path is interrupted, multipath will simply redirect the broken connection to another path.

Question 16

Which of the following policies restrict employees from being in a position to manipulate security configurations by limiting the time they spend with control of those configurations?

Job rotation
Clean disk space
Mandatory vacation
Separation of duties

Answer 16

Correct. Job rotation limits the amount of time that individuals are in a position to manipulate security configurations.

Question 17

Dave is preparing a COOP for his company. In it, he included how and where employees and resources will be relocated in case of a natural disaster, how data will be recovered in case a terrorist attack shuts down public networks, and how the company’s critical services and processes will be affected by an IT system failure. Did Dave compile the COOP correctly?

• No. Dave’s COOP plan should not include how data will be recovered in case a terrorist attack shuts down public networks.
• Yes. Dave has successfully created a COOP plan using an “all-hazards approach.”
• No. Dave’s COOP plan should not include how and where employees and resources will be relocated in case of a natural disaster.
• No. Dave’s COOP plan should not include how critical services and processes will be affected by an IT system failure.

Answer 17

Correct. Dave’s COOP plan should not include how the company’s critical services and processes will be affected by an IT system failure. This information should be included in a BIA.

Question 18

Mary Alice has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?

• a. Business impact analysis planning
• b. IT contingency planning
• c. Disaster recovery planning
• d. Risk IT planning

Answer 18

• c. Disaster recovery planning

Question 19

A BIA can be a foundation for which of the following?

a. Functional recovery plan
b. Site risk assessment
c. Contingency reaction plan
d. Resumption assessment plan

Answer 19

a. Functional recovery plan

Question 20

Which of the following will a BIA NOT help determine?

a. Mission-essential functions
b. Identification of critical systems
c. Single point of failure
d. Percentage availability of systems

Answer 20

d. Percentage availability of systems

Question 21

Which of these is NOT a factor in determining restoration order?

a. Dependencies
b. Speed of implementation
c. Process of fundamental importance
d. Alternative business practices

Answer 21

b. Speed of implementation

Question 22

What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?

a. MTTR
b. RTO
c. RPO
d. MTBF

Answer 22

a. MTTR

Question 23

Linnea is researching a type of storage that uses a single storage device to serve files over a network and is relatively inexpensive. What type of storage is Linnea researching?

a. SAN
b. NAS
c. RAID
d. ARI

Answer 23

b. NAS

Question 24

What is a definition of RPO?

a. The maximum length of time that can be tolerated between backups
b. Length of time it will take to recover data that has been backed up
c. The frequency that data should be backed up
d. How a backup utility reads an archive bit

Answer 24

a. The maximum length of time that can be tolerated between backups

Question 25

What does an incremental backup do?

a. Copies all files changed since the last full or incremental backup
b. Copies only user-selected files
c. Copies all files
d. Copies all files since the last full backup

Answer 25

a. Copies all files changed since the last full or incremental backup

Question 26

Molly needs to access a setting in Microsoft Windows Group Policy to change the type of a network to which a computer is attached. Which setting must Molly change?

a. Wi-Fi/Wired Network Policy
b. Network Config
c. Network Type
d. Network Location

Answer 26

b. Network Config

Question 27

Thea has received a security alert that someone in London attempted to access the email account of Sigrid, who had accessed it in Los Angeles one hour before. What feature determined an issue and send this alert to Thea?

a. Impossible Travel
b. Incompatible Location
c. Remote IP address
d. Risky IP address

Answer 27

a. Impossible Travel

Question 28

Which of the following is NOT used to identify or enforce what mobile devices can do based on the location of the device?

a. Geo-spatial
b. Geolocation
c. Geo-tagging
d. Geofencing

Answer 28

a. Geo-spatial

Question 29

Margaux is reviewing the corporate policy that stipulates the processes to be followed for implementing system changes. Which policy is she reviewing?

a. Change management policy
b. Change format policy
c. Change modification policy
d. Change control policy

Answer 29

d. Change control policy

Question 30

Which commercial data classification level would be applied to a data set of the number of current employees at an organization and would only cause a small amount of harm if disclosed?

a. Public
b. Open
c. Private
d. Confidential

Answer 30

a. Public