my class Flashcards by Calvin R

A __________ consists of multiple servers using ______________.

web farm, network load balancing

How well did you know this?

Not at all

Perfectly

Bob is the project manager for his company’s security countermeasure implementation project. Michael informs Bob that task #12 (implementing a failover cluster) will not finish on time. Because task #12 is on the project’s __________, Bob knows that the project will not complete on time and sets up a meeting to inform the stakeholders.

critical path

How well did you know this?

Not at all

Perfectly

Which of the following is not commonly included in a cost-benefit analysis (CBA)?

A business continuity plan (BCP)

How well did you know this?

Not at all

Perfectly

All of the following would be specified in a password policy, except:

password management.

How well did you know this?

Not at all

Perfectly

Which tool is most commonly used to prioritize mitigation efforts?

Threat likelihood/impact matrix

How well did you know this?

Not at all

Perfectly

What are overlapping countermeasures?

Different countermeasures that attempt to mitigate the same risk

How well did you know this?

Not at all

Perfectly

What is the primary tool used to ensure countermeasures are implemented?

Plan of action and milestones (POAM)

How well did you know this?

Not at all

Perfectly

Which approach to firewall rules starts off by blocking all traffic and then adding rules to allow approved traffic?

Implicit deny

How well did you know this?

Not at all

Perfectly

After being fired, an employee becomes disgruntled. The managers never disabled his login information, and his best friend still works at the company. The disgruntled employee gives his friend his login information for the company’s private network and convinces the friend to delete important files from the company’s database. You are confused when you review the audit logs and see that the disgruntled employee has been logging in from within the office every day for the past week. What has been lost in this scenario?

Nonrepudiation

How well did you know this?

Not at all

Perfectly

Which of the following terms is best defined as a weakness?

Vulnerability

How well did you know this?

Not at all

Perfectly

___________ prevents individuals from denying they took an action.

Nonrepudiation

How well did you know this?

Not at all

Perfectly

What is the purpose of a risk mitigation plan?

To implement countermeasures

How well did you know this?

Not at all

Perfectly

The National Institute of Standards and Technology (NIST) publishes SP 800-53. This document describes a variety of IT security controls, such as access control, incident response, and configuration management. Controls are grouped into families. Which NIST control family helps an organization recover from failures and disasters?

Contingency Planning (CP)

How well did you know this?

Not at all

Perfectly

Which of the following is a physical control that is most likely to be used with a proximity card?

A locked door

How well did you know this?

Not at all

Perfectly

Purchasing insurance is the primary way for an organization to __________ or ___________ risk.

share, transfer

How well did you know this?

Not at all

Perfectly

Which of the following is not a true statement about AES?

AES is the primary asymmetric encryption protocol used today.

How well did you know this?

Not at all

Perfectly

A hacker wants to launch an attack on an organization. The hacker uses a tool to capture data sent over the network in cleartext, hoping to gather information that will help make the attack successful. What tool is the hacker using?

A packet analyzer

How well did you know this?

Not at all

Perfectly

What changes plaintext data to ciphered data?

Encryption

How well did you know this?

Not at all

Perfectly

__________ provide the detailed steps needed to carry out ___________.

Procedures, policies

How well did you know this?

Not at all

Perfectly

Which of the following is not one of the three primary objectives of controls?

Eliminate

How well did you know this?

Not at all

Perfectly

What is the purpose of nonrepudiation techniques?

To prevent people from denying they took actions

How well did you know this?

Not at all

Perfectly

Some controls are identified based on the function they perform. What are the broad classes of controls based on function?

Preventative, detective, corrective

How well did you know this?

Not at all

Perfectly

Which of the following is most likely to describe how to perform test restores?

A backup plan

How well did you know this?

Not at all

Perfectly

A business continuity plan (BCP) is an example of a(n):

security plan.

How well did you know this?

Not at all

Perfectly

Lower recovery time objectives (RTOs) are __________ but __________.

achievable, costly

What is the primary hazard of attempting to recover without a business impact analysis (BIA)?

Wasted effort due to a lack of direction as to which resources are most critical

ABC Wholesale Pet Supply sells pet supplies to retailers. Every transaction results in a duplicate hardcopy paper shipping document and invoice. The person picking up the order signs the documents and takes one copy. Two other copies stay at the warehouse. How would using multiple hardcopies of each transaction affect ABC's recovery point objective (RPO)?

Duplicate hardcopies of transactions increase complexity and decrease tolerable data loss.

A business impact analysis (BIA) identifies an impact that can result from a:

disruption in a business.

What are critical resources?

Those that are required to support critical business functions (CBFs)

After developing a business impact analysis (BIA) for her organization, Maria was asked by her manager to update the BIA recommendations with a higher recovery time objective (RTO). What is the most likely reason management would argue for a higher RTO?

Lower RTOs are more expensive.

What is the primary purpose of identifying critical resources in the business impact analysis (BIA) process?

Identify all IT assets that support critical business functions (CBFs).

By identifying critical business functions (CBFs) first, you use a ________ approach.

top-down

Which term is sometimes referred to as the maximum tolerable period of disruption (MTPD)?

Maximum acceptable outage (MAO)

What are the first two steps in the business impact analysis (BIA) process?

Identify the environment and identify stakeholders

Which of the following is not a direct cost?

Costs to regain market share

Which of the following is not an indirect cost?

Cost to re-create or recover data

Which of the following can determine that a business function is critical?

Any stakeholder

Your team is developing a business impact analysis (BIA). You have identified the critical business functions (CBFs) and associated processes. What should you do next?

Map processes to IT systems.

A business continuity plan (BCP) program manager within a large organization:

usually manages multiple BCP projects.

Which business continuity plan (BCP) test type brings all participants together in a conference room or similar environment to walk through BCP scenarios?

Tabletop exercise

Which key planning principle guides the development of a business continuity plan (BCP)?

Length of time expected before returning to normal operations

What is the overall goal of business continuity plan (BCP) exercises?

To demonstrate how the BCP will work

Having supplies on hand for continued production:

may conflict with other organizational planning principles.

Who is the most common person to authorize business continuity plan (BCP) activation in the order of succession if the chief executive officer (CEO) is unavailable?

Chief information officer (CIO)

What is the primary difference between a functional exercise and a full-scale exercise?

A full-scale exercise is more realistic than a functional exercise.

What step of a business continuity plan (BCP) comes after providing training?

Testing and exercising plans

What is the primary determination as to whether an incident is included in a business continuity plan (BCP)?

Probability of occurrence and impact

Which of the following is a business continuity plan (BCP) phase that focuses on returning to normal operations?

Reconstitution phase

When an emergency is declared, the ____________ contact(s) appropriate teams or team leads.

business continuity plan (BCP) coordinator

Regarding business continuity, what is the first phase of activity if a disruption occurs?

The notification and activation phase

What business continuity plan (BCP) team is responsible for declaring the severity of an incident?

DAT

Functional descriptions of systems are often used for documenting:

critical business functions (CBFs).

What is the primary benefit of a business continuity plan (BCP)?

To better prepare the organization to respond to an interruption

In a business continuity plan (BCP), if a system houses data, the data must be protected according to:

its level of classification.

How are business continuity plans (BCPs) and disaster recovery plans (DRPs) related?

A DRP is a part of the larger BCP.

Which of the following is not one of the three commonly used business continuity plan (BCP) teams?

Critical contractor

Who is responsible for activating the business continuity plan (BCP)?

BCP coordinator

What is the purpose of a business continuity plan (BCP)?

To ensure that mission-critical elements of an organization continue to operate during and after a disruption

Which of the following mainly applies to any organization that handles health information?

HIPAA

What is a service level agreement (SLA)?

A document that identifies an expected level of performance

Which of the following is a significant part of control evaluation to determine which controls to implement?

Cost-benefit analysis (CBA)

Devaki is the office manager for a small medical practice in California. Part of her duties is to ensure the practice is in compliance with any relevant regulations or standards. Self-pay patients pay for services via cash, check, or payment card. Which of the following does Devaki need to ensure compliance with?

HIPAA and PCI DSS

The primary risks associated with the User Domain of a typical IT infrastructure are related to:

social engineering.

The Remote Access Domain of a typical IT infrastructure allows __________ to access the ________ network.

remote users, private

Health Insurance Portability and Accountability Act (HIPAA) fines for mistakes can be as high as __________ a year.

$25,000

Wen is performing a cost-benefit analysis (CBA). He needs to determine whether the organization should move workloads from the in-house data center to the cloud. The projected benefit is $50,000. The cost of the control is $1,500. What is the control value?

$48,500

Tonya has been asked to research compliance and then provide a report to upper management. Management wants to know what the organization must do to comply with a regulation that protects the privacy of citizens in the European Union. Which of the following will Tonya research?

General Data Protection Regulation (GDPR)

__________ is the biggest problem you can face if you do not identify the scope of your risk management project.

Scope creep

MAO is sometimes referred to as:

MTPOD.

Which of the following is not true of the WAN Domain of a typical IT infrastructure?

Internal-facing servers are configured in the demilitarized zone between two firewalls.

A disaster recovery plan (DRP) simulation:

goes through the steps and procedures in a controlled manner.

What is the difference between fault tolerance and disaster recovery?

Fault tolerance mitigates component failures, and disaster recovery restores operations after a major loss.

Which type of alternate location is the hardest to test for disaster readiness?

Cold site

Which of the following is the most important consideration of a disaster recovery plan (DRP)?

Protecting personnel

What does the scope section of a disaster recovery plan (DRP) define?

What is and is not covered in the plan

What key element is necessary for a disaster recovery plan (DRP) to succeed in a time of crisis?

Management support

What communication elements are important to the success of a disaster recovery plan (DRP)?

Recall, users, customers, and a communication plan

The recovery time objective (RTO) is derived from what value from the business impact analysis (BIA)?

Maximum acceptable outage (MAO)

Which term is defined as the minimum level of services that are acceptable to an organization to meet its operational business needs?

Minimum business continuity objective (MBCO)

What causes a disaster recovery plan (DRP) to be activated?

Realizing criteria specified in the DRP

What is the primary purpose of a disaster recovery plan (DRP)?

To restore critical business processes or systems to operation

Critical business functions (CBFs) support:

mission-critical operations.

A redundant backup site is:

hosted by a third-party vendor.

What is critical data?

Data that supports critical business functions (CBFs)

Why should an organization regularly review and update its disaster recovery plan (DRP)?

To ensure the plan reflects changes to IT systems

Disaster recovery procedures begin after ___________ and ___________.

activating the disaster recovery plan (DRP), assessing the damage

What is the primary reason for testing a disaster recovery plan (DRP)?

To ensure it performs as expected

___________ increases the availability of systems even when an isolated outage occurs, while ___________ provides the procedures to recover systems after a major failure.

Fault tolerance, disaster recovery

Isabella is preparing to write a disaster recovery plan (DRP). What must she have before she proceeds with writing?

A clear idea of her primary concerns

Wren is defining the scope for his organization's disaster recovery plan (DRP). What items should he consider?

Hardware, software, data, and connectivity

True or False? Asymmetric encryption uses a public key and a private key.

True

True or False? A backup plan is often included as part of a business continuity plan (BCP).

False

True or False? Planned controls have been approved but not installed.

True

True or False? Certificates in a public key infrastructure (PKI) are used for decoding encrypted data.

False

True or False? Every control must meet all three primary objectives of controls: prevent, detect, and recover.

False

True or False? The term "rules of behavior" refers to an acceptable use policy (AUP).

True

True or False? True or False? The two primary terms related to recovery requirements are RTO and RPO.

True

True or False? Starting with clear objectives is a best practice for performing a business impact analysis (BIA).

True

True or False? Critical success factors (CSFs) include elements necessary to perform the mission of an organization.

True

True or False? In regards to system recovery, RPO stands for recovery policy objective.

False

True or False? In a small organization, a single person can be responsible for the planning, implementation, and execution of a business continuity plan (BCP).

False

True or False? Regarding business continuity, recovery planning often takes the format of a business impact analysis (BIA).

False

True or False? Scope creep can occur if the scope of a business continuity plan (BCP) is not defined.

True

True or False? Criticality of operations identifies the order of importance of each of the seven domains of the typical IT infrastructure.

False

True or False? The clear intent of a DRP should be mission-critical functions first and personnel next.

False

True or False? A disaster recovery plan (DRP) starts by identifying critical assets.

False

True or False? By addressing critical business functions (CBFs), disaster recovery plans (DRPs) help ensure that critical servers and services continue.

True

True or False? A warm site is a compromise between a hot site and a cold site.

True

True or False? Ensuring business impact analyses (BIAs) have been completed is a best practice when implementing a DRP.

True

True or False? A cost-benefit analysis (CBA) helps determine if a countermeasure should be used.

True

True or False? Planned countermeasures are the same as in-place countermeasures.

False

True or False? Because you have scheduled everything when you completed the risk assessment, there is no need to update the plan of action and milestones (POAM) during risk mitigation planning.

False

True or False? An implicit deny policy starts by allowing all traffic through a firewall.

False

True or False? The maximum tolerable period of disruption (MTPOD) directly impacts the maximum acceptable outage (MAO) time.

False

True or False? A service level agreement (SLA) often includes the minimum uptime or the maximum downtime of a service or system.

True

True or False? How an organization starts its risk mitigation process depends entirely on upper management preference.

False

True or False? Installing antivirus software is a primary protection implemented in the User Domain of a typical IT infrastructure.

False

my class Flashcards

cram