my class Flashcards
cram
A __________ consists of multiple servers using ______________.
web farm, network load balancing
Bob is the project manager for his company’s security countermeasure implementation project. Michael informs Bob that task #12 (implementing a failover cluster) will not finish on time. Because task #12 is on the project’s __________, Bob knows that the project will not complete on time and sets up a meeting to inform the stakeholders.
critical path
Which of the following is not commonly included in a cost-benefit analysis (CBA)?
A business continuity plan (BCP)
All of the following would be specified in a password policy, except:
password management.
Which tool is most commonly used to prioritize mitigation efforts?
Threat likelihood/impact matrix
What are overlapping countermeasures?
Different countermeasures that attempt to mitigate the same risk
What is the primary tool used to ensure countermeasures are implemented?
Plan of action and milestones (POAM)
Which approach to firewall rules starts off by blocking all traffic and then adding rules to allow approved traffic?
Implicit deny
After being fired, an employee becomes disgruntled. The managers never disabled his login information, and his best friend still works at the company. The disgruntled employee gives his friend his login information for the company’s private network and convinces the friend to delete important files from the company’s database. You are confused when you review the audit logs and see that the disgruntled employee has been logging in from within the office every day for the past week. What has been lost in this scenario?
Nonrepudiation
Which of the following terms is best defined as a weakness?
Vulnerability
___________ prevents individuals from denying they took an action.
Nonrepudiation
What is the purpose of a risk mitigation plan?
To implement countermeasures
The National Institute of Standards and Technology (NIST) publishes SP 800-53. This document describes a variety of IT security controls, such as access control, incident response, and configuration management. Controls are grouped into families. Which NIST control family helps an organization recover from failures and disasters?
Contingency Planning (CP)
Which of the following is a physical control that is most likely to be used with a proximity card?
A locked door
Purchasing insurance is the primary way for an organization to __________ or ___________ risk.
share, transfer
Which of the following is not a true statement about AES?
AES is the primary asymmetric encryption protocol used today.
A hacker wants to launch an attack on an organization. The hacker uses a tool to capture data sent over the network in cleartext, hoping to gather information that will help make the attack successful. What tool is the hacker using?
A packet analyzer
What changes plaintext data to ciphered data?
Encryption
__________ provide the detailed steps needed to carry out ___________.
Procedures, policies
Which of the following is not one of the three primary objectives of controls?
Eliminate
What is the purpose of nonrepudiation techniques?
To prevent people from denying they took actions
Some controls are identified based on the function they perform. What are the broad classes of controls based on function?
Preventative, detective, corrective
Which of the following is most likely to describe how to perform test restores?
A backup plan
A business continuity plan (BCP) is an example of a(n):
security plan.
Lower recovery time objectives (RTOs) are __________ but __________.
achievable, costly
What is the primary hazard of attempting to recover without a business impact analysis (BIA)?
Wasted effort due to a lack of direction as to which resources are most critical
ABC Wholesale Pet Supply sells pet supplies to retailers. Every transaction results in a duplicate hardcopy paper shipping document and invoice. The person picking up the order signs the documents and takes one copy. Two other copies stay at the warehouse. How would using multiple hardcopies of each transaction affect ABC's recovery point objective (RPO)?
Duplicate hardcopies of transactions increase complexity and decrease tolerable data loss.
A business impact analysis (BIA) identifies an impact that can result from a:
disruption in a business.
What are critical resources?
Those that are required to support critical business functions (CBFs)
After developing a business impact analysis (BIA) for her organization, Maria was asked by her manager to update the BIA recommendations with a higher recovery time objective (RTO). What is the most likely reason management would argue for a higher RTO?
Lower RTOs are more expensive.
What is the primary purpose of identifying critical resources in the business impact analysis (BIA) process?
Identify all IT assets that support critical business functions (CBFs).
By identifying critical business functions (CBFs) first, you use a ________ approach.
top-down
Which term is sometimes referred to as the maximum tolerable period of disruption (MTPD)?
Maximum acceptable outage (MAO)
What are the first two steps in the business impact analysis (BIA) process?
Identify the environment and identify stakeholders
Which of the following is not a direct cost?
Costs to regain market share
Which of the following is not an indirect cost?
Cost to re-create or recover data
Which of the following can determine that a business function is critical?
Any stakeholder
Your team is developing a business impact analysis (BIA). You have identified the critical business functions (CBFs) and associated processes. What should you do next?
Map processes to IT systems.
A business continuity plan (BCP) program manager within a large organization:
usually manages multiple BCP projects.
Which business continuity plan (BCP) test type brings all participants together in a conference room or similar environment to walk through BCP scenarios?
Tabletop exercise
Which key planning principle guides the development of a business continuity plan (BCP)?
Length of time expected before returning to normal operations
What is the overall goal of business continuity plan (BCP) exercises?
To demonstrate how the BCP will work
Having supplies on hand for continued production:
may conflict with other organizational planning principles.
Who is the most common person to authorize business continuity plan (BCP) activation in the order of succession if the chief executive officer (CEO) is unavailable?
Chief information officer (CIO)
What is the primary difference between a functional exercise and a full-scale exercise?
A full-scale exercise is more realistic than a functional exercise.
What step of a business continuity plan (BCP) comes after providing training?
Testing and exercising plans
What is the primary determination as to whether an incident is included in a business continuity plan (BCP)?
Probability of occurrence and impact
Which of the following is a business continuity plan (BCP) phase that focuses on returning to normal operations?
Reconstitution phase
When an emergency is declared, the ____________ contact(s) appropriate teams or team leads.
business continuity plan (BCP) coordinator
Regarding business continuity, what is the first phase of activity if a disruption occurs?
The notification and activation phase
What business continuity plan (BCP) team is responsible for declaring the severity of an incident?
DAT
Functional descriptions of systems are often used for documenting:
critical business functions (CBFs).
What is the primary benefit of a business continuity plan (BCP)?
To better prepare the organization to respond to an interruption
In a business continuity plan (BCP), if a system houses data, the data must be protected according to:
its level of classification.
How are business continuity plans (BCPs) and disaster recovery plans (DRPs) related?
A DRP is a part of the larger BCP.
Which of the following is not one of the three commonly used business continuity plan (BCP) teams?
Critical contractor
Who is responsible for activating the business continuity plan (BCP)?
BCP coordinator
What is the purpose of a business continuity plan (BCP)?
To ensure that mission-critical elements of an organization continue to operate during and after a disruption
Which of the following mainly applies to any organization that handles health information?
HIPAA
What is a service level agreement (SLA)?
A document that identifies an expected level of performance
Which of the following is a significant part of control evaluation to determine which controls to implement?
Cost-benefit analysis (CBA)
Devaki is the office manager for a small medical practice in California. Part of her duties is to ensure the practice is in compliance with any relevant regulations or standards. Self-pay patients pay for services via cash, check, or payment card. Which of the following does Devaki need to ensure compliance with?
HIPAA and PCI DSS
The primary risks associated with the User Domain of a typical IT infrastructure are related to:
social engineering.
The Remote Access Domain of a typical IT infrastructure allows __________ to access the ________ network.
remote users, private
Health Insurance Portability and Accountability Act (HIPAA) fines for mistakes can be as high as __________ a year.
$25,000
Wen is performing a cost-benefit analysis (CBA). He needs to determine whether the organization should move workloads from the in-house data center to the cloud. The projected benefit is $50,000. The cost of the control is $1,500. What is the control value?
$48,500
Tonya has been asked to research compliance and then provide a report to upper management. Management wants to know what the organization must do to comply with a regulation that protects the privacy of citizens in the European Union. Which of the following will Tonya research?
General Data Protection Regulation (GDPR)
__________ is the biggest problem you can face if you do not identify the scope of your risk management project.
Scope creep
MAO is sometimes referred to as:
MTPOD.
Which of the following is not true of the WAN Domain of a typical IT infrastructure?
Internal-facing servers are configured in the demilitarized zone between two firewalls.
A disaster recovery plan (DRP) simulation:
goes through the steps and procedures in a controlled manner.
What is the difference between fault tolerance and disaster recovery?
Fault tolerance mitigates component failures, and disaster recovery restores operations after a major loss.
Which type of alternate location is the hardest to test for disaster readiness?
Cold site
Which of the following is the most important consideration of a disaster recovery plan (DRP)?
Protecting personnel
What does the scope section of a disaster recovery plan (DRP) define?
What is and is not covered in the plan
What key element is necessary for a disaster recovery plan (DRP) to succeed in a time of crisis?
Management support
What communication elements are important to the success of a disaster recovery plan (DRP)?
Recall, users, customers, and a communication plan
The recovery time objective (RTO) is derived from what value from the business impact analysis (BIA)?
Maximum acceptable outage (MAO)
Which term is defined as the minimum level of services that are acceptable to an organization to meet its operational business needs?
Minimum business continuity objective (MBCO)
What causes a disaster recovery plan (DRP) to be activated?
Realizing criteria specified in the DRP
What is the primary purpose of a disaster recovery plan (DRP)?
To restore critical business processes or systems to operation
Critical business functions (CBFs) support:
mission-critical operations.
A redundant backup site is:
hosted by a third-party vendor.
What is critical data?
Data that supports critical business functions (CBFs)
Why should an organization regularly review and update its disaster recovery plan (DRP)?
To ensure the plan reflects changes to IT systems
Disaster recovery procedures begin after ___________ and ___________.
activating the disaster recovery plan (DRP), assessing the damage
What is the primary reason for testing a disaster recovery plan (DRP)?
To ensure it performs as expected
___________ increases the availability of systems even when an isolated outage occurs, while ___________ provides the procedures to recover systems after a major failure.
Fault tolerance, disaster recovery
Isabella is preparing to write a disaster recovery plan (DRP). What must she have before she proceeds with writing?
A clear idea of her primary concerns
Wren is defining the scope for his organization's disaster recovery plan (DRP). What items should he consider?
Hardware, software, data, and connectivity
True or False? Asymmetric encryption uses a public key and a private key.
True
True or False? A backup plan is often included as part of a business continuity plan (BCP).
False
True or False? Planned controls have been approved but not installed.
True
True or False? Certificates in a public key infrastructure (PKI) are used for decoding encrypted data.
False
True or False? Every control must meet all three primary objectives of controls: prevent, detect, and recover.
False
True or False? The term "rules of behavior" refers to an acceptable use policy (AUP).
True
True or False? True or False? The two primary terms related to recovery requirements are RTO and RPO.
True
True or False? Starting with clear objectives is a best practice for performing a business impact analysis (BIA).
True
True or False? Critical success factors (CSFs) include elements necessary to perform the mission of an organization.
True
True or False? In regards to system recovery, RPO stands for recovery policy objective.
False
True or False? In a small organization, a single person can be responsible for the planning, implementation, and execution of a business continuity plan (BCP).
False
True or False? Regarding business continuity, recovery planning often takes the format of a business impact analysis (BIA).
False
True or False? Scope creep can occur if the scope of a business continuity plan (BCP) is not defined.
True
True or False? Criticality of operations identifies the order of importance of each of the seven domains of the typical IT infrastructure.
False
True or False? The clear intent of a DRP should be mission-critical functions first and personnel next.
False
True or False? A disaster recovery plan (DRP) starts by identifying critical assets.
False
True or False? By addressing critical business functions (CBFs), disaster recovery plans (DRPs) help ensure that critical servers and services continue.
True
True or False? A warm site is a compromise between a hot site and a cold site.
True
True or False? Ensuring business impact analyses (BIAs) have been completed is a best practice when implementing a DRP.
True
True or False? A cost-benefit analysis (CBA) helps determine if a countermeasure should be used.
True
True or False? Planned countermeasures are the same as in-place countermeasures.
False
True or False? Because you have scheduled everything when you completed the risk assessment, there is no need to update the plan of action and milestones (POAM) during risk mitigation planning.
False
True or False? An implicit deny policy starts by allowing all traffic through a firewall.
False
True or False? The maximum tolerable period of disruption (MTPOD) directly impacts the maximum acceptable outage (MAO) time.
False
True or False? A service level agreement (SLA) often includes the minimum uptime or the maximum downtime of a service or system.
True
True or False? How an organization starts its risk mitigation process depends entirely on upper management preference.
False
True or False? Installing antivirus software is a primary protection implemented in the User Domain of a typical IT infrastructure.
False
