Network Operations (8) Flashcards
Which of the following data loss prevention terms is used to describe dangers pertaining to data while it is stored without being used?
Data in-use
Data at-rest
Data in-motion
Data at-rest
Data at-rest describes data that is currently in storage while not in use. Data in-motion is the term used to describe network traffic. Data in-use describes endpoint actions, and data on-disk is not one of the standard data loss prevention terms
Which of the following is not one of the standard terms used in data loss prevention?
Data on-line
Data at-rest
Data in-motion
Data on-line
Data on-line is not one of the standard data loss prevention terms. Data at-rest is a data loss prevention term that describes data that is currently in storage while not in use. Data in-motion is the term used to describe network traffic. Data in-use describes endpoint actions
The terms on-boarding and off-boarding are typically associated with which of the following policies?
Incident response
Inventory management
Identity management
Identity management
On-boarding and off-boarding are identity management processes in which users are added or removed from an organization’s identity and access management (IAM) system. This grants new users the privileges they need to use the network, modifies their privileges if they change positions, and revokes privileges when they leave the company. On-boarding and off-boarding are not data loss prevention, incident response, or inventory management processes
The term off-boarding refers to which of the following procedures?
Removing a node from a cluster
Disconnecting all cables from a switch
Revoking a user’s network privileges
Revoking a user’s network privileges
On-boarding and off-boarding are identity management processes in which users are added or removed from an organization’s identity and access management (IAM) system. Off-boarding revokes a user’s privileges when he or she leaves the company. The term off-boarding does not refer to cluster management, disconnecting a switch, or retiring workstations
Which of the following is most likely to be the last step in a change management procedure?
Documentation
Notification
Approval
Documentation
After a change is requested, approved, scheduled, and performed, everyone involved should be notified, and finally the entire process documented for future reference
Which of the following United States bodies are capable of imposing international export controls on software products? (Choose all correct answers.)
The company that created the software
Department of State
Department of Commerce
Department of the Treasury
Department of State
Department of Commerce
Department of the Treasury
The U.S. government controls exports of sensitive software and other technology as a means to maintain national security interests and foreign policy agreements. Three U.S. agencies have the authority to issue export licenses: the Department of State, the Department of Commerce, and the Department of the Treasury. Individual software developers do not have the authority to impose their own export controls
Which of the following is the primary result of an organization’s security incident response policies?
To know how to respond to a particular incident
To prevent an incident from occurring again
To identify the cause of an incident
To prevent an incident from occurring again
While incident response policies might include the process of responding to an incident and identifying and documenting its cause, the primary function of incident response policies is to ensure that the same incident does not happen again
You are an IT director, and a fire has broken out in the lower floors of your company’s office building. After the personnel are evacuated, the fire department asks you where they can find documentation about all chemicals and equipment used in the company’s datacenter, which is threatened by the fire. You direct them to the correct filing cabinet in your office, which contains which of the following document types?
NDA
BYOD
MSDS
MSDS
Material safety data sheets (MSDSs) are documents created by manufacturers of chemical, electrical, and mechanical products, which specify the potential risks and dangers associated with them, particularly in regard to flammability and the possibility of toxic outgassing. A properly documented network should have MSDS documents on file for all of the chemical and hardware products used to build and maintain it. MSDSs can be obtained from manufacturer or the Environmental Protection Agency (EPA). Electrostatic discharges (ESDs), nondisclosure agreements (NDAs), and Bring Your Own Device (BYOD) policies are not concerned with the dangers inherent in building contents
You have been asked to draft an acceptable use policy (AUP) for new hires at your company to sign, which specifies what they can and cannot do when working with the company’s computers and network. Which of the following is not one of the provisions typically found in this type of document?
Privacy
Illegal use
Upgrades
Upgrades
Software and hardware upgrades are typically not part of an AUP because they are handled by the company’s IP personnel. An AUP for a company typically includes a clause indicating that users have no right to privacy for anything they do using the company’s computers, including email and data storage. An AUP usually specifies that the company is the sole owner of the computer equipment and any proprietary company information stored on it or available through it. The AUP prohibits the use of its computers or network for any illegal practices, typically including spamming, hacking, or malware introduction or development
You are starting a new job, and the company’s Human Resources person has asked you to sign an acceptable use policy (AUP) regarding computer and network use. The document includes a privacy clause. Which of the following are specifications you can expect to find in this clause? (Choose all correct answers.)
Any emails you send or receive can be monitored by the company at any time.
All files and data that you store on company computers must be accessible to the company for scanning and monitoring.
All work that you perform for the company becomes the sole property of the company, including copyrights and patents.
All hardware, software, and any proprietary data stored on the company’s computers remains the property of the company.
Any emails you send or receive can be monitored by the company at any time.
All files and data that you store on company computers must be accessible to the company for scanning and monitoring.
Clauses regarding company property, including the copyrights and patents for the work performed for the company, typically do appear in an AUP but not in the privacy clause. This information would be more likely to appear in an ownership clause. The privacy clause commonly explains that the company has the right to access and monitor anything stored on its computers
Which of the following tasks is not considered to be part of an IT department’s incident response policy?
Containing the damage caused by an incident
Repairing the damage caused by an incident
Rebuilding an infrastructure destroyed by an incident
Rebuilding an infrastructure destroyed by an incident
Once a network infrastructure has been partially or completely destroyed, it is no longer a matter of incident response; it passes over into disaster recovery, which requires a different set of policies. Stopping, containing, and remediating an incident are all considered incident response policies
Which of the following are occurrences that are typically addressed by an IT department’s incident response policies? (Choose all correct answers.)
Denial-of-service attack
Hard disk failure
Electrical fire
Server outage
Denial-of-service attack
Hard disk failure
Server outage
Attacks, hardware failures, and crashes are all events that can be addressed by incident response policies that define what is to be done to analyze and remediate the problem. An electrical fire is typically not something that would be addressed by an IT department’s incident response team; it is a job for trained firefighters. Once the fire is out, the company’s response falls under the heading of disaster recovery
Which of the following terms would apply to the procedure of adding a user’s personal smartphone to the network under a Bring Your Own Device (BYOD) policy?
Out-of-band
On-boarding
In-band
On-boarding
The process of adding a user’s personal device and allowing it to access the company network is called on-boarding. Removing the personal device from the network would be called off-boarding. In-band and out-of-band are terms defining methods for gaining administrative access to a managed network device
Your company has been acquired by another firm and, as IT director, you will have to comply with the new firm’s safety policies in your datacenter and other IT workspaces. One of the new requirements states that there must be a fail closed policy for the datacenter. Which of the following best describes what this policy dictates should occur in the event of an emergency?
All computers that are logged on should automatically log off.
All computers that are running should automatically shut down.
All doors that are normally open should lock themselves.
All doors that are normally open should lock themselves.
A fail closed policy for the datacenter specifies that any open doors should lock themselves in the event of an emergency. To support this policy, the datacenter will have to have a self-contained fire suppression system, which uses devices such fire detectors and oxygen-displacing gas systems.
You are the first responder to an incident of computer crime at your company. The datacenter’s security has been penetrated, a server accessed, and sensitive company data stolen. The company’s incident response policy lists the specific tasks that you are responsible for performing. Which of the following are likely to be among those tasks? (Choose all correct answers.)
Turn off the server.
Secure the area.
Document the scene.
Collect evidence.
Cooperate with the authorities.
Secure the area.
Document the scene.
Collect evidence.
Cooperate with the authorities.
While securing the area to prevent contamination of evidence, documenting the scene with photographs or video, collecting any evidence that might be visible, and cooperating with the authorities are tasks that are likely to be in the company’s incident response policy, turning off the server most certainly would not, because this could disturb or delete evidence of the crime
