Network Operations (8) Flashcards
Which of the following data loss prevention terms is used to describe dangers pertaining to data while it is stored without being used?
Data in-use
Data at-rest
Data in-motion
Data at-rest
Data at-rest describes data that is currently in storage while not in use. Data in-motion is the term used to describe network traffic. Data in-use describes endpoint actions, and data on-disk is not one of the standard data loss prevention terms
Which of the following is not one of the standard terms used in data loss prevention?
Data on-line
Data at-rest
Data in-motion
Data on-line
Data on-line is not one of the standard data loss prevention terms. Data at-rest is a data loss prevention term that describes data that is currently in storage while not in use. Data in-motion is the term used to describe network traffic. Data in-use describes endpoint actions
The terms on-boarding and off-boarding are typically associated with which of the following policies?
Incident response
Inventory management
Identity management
Identity management
On-boarding and off-boarding are identity management processes in which users are added or removed from an organization’s identity and access management (IAM) system. This grants new users the privileges they need to use the network, modifies their privileges if they change positions, and revokes privileges when they leave the company. On-boarding and off-boarding are not data loss prevention, incident response, or inventory management processes
The term off-boarding refers to which of the following procedures?
Removing a node from a cluster
Disconnecting all cables from a switch
Revoking a user’s network privileges
Revoking a user’s network privileges
On-boarding and off-boarding are identity management processes in which users are added or removed from an organization’s identity and access management (IAM) system. Off-boarding revokes a user’s privileges when he or she leaves the company. The term off-boarding does not refer to cluster management, disconnecting a switch, or retiring workstations
Which of the following is most likely to be the last step in a change management procedure?
Documentation
Notification
Approval
Documentation
After a change is requested, approved, scheduled, and performed, everyone involved should be notified, and finally the entire process documented for future reference
Which of the following United States bodies are capable of imposing international export controls on software products? (Choose all correct answers.)
The company that created the software
Department of State
Department of Commerce
Department of the Treasury
Department of State
Department of Commerce
Department of the Treasury
The U.S. government controls exports of sensitive software and other technology as a means to maintain national security interests and foreign policy agreements. Three U.S. agencies have the authority to issue export licenses: the Department of State, the Department of Commerce, and the Department of the Treasury. Individual software developers do not have the authority to impose their own export controls
Which of the following is the primary result of an organization’s security incident response policies?
To know how to respond to a particular incident
To prevent an incident from occurring again
To identify the cause of an incident
To prevent an incident from occurring again
While incident response policies might include the process of responding to an incident and identifying and documenting its cause, the primary function of incident response policies is to ensure that the same incident does not happen again
You are an IT director, and a fire has broken out in the lower floors of your company’s office building. After the personnel are evacuated, the fire department asks you where they can find documentation about all chemicals and equipment used in the company’s datacenter, which is threatened by the fire. You direct them to the correct filing cabinet in your office, which contains which of the following document types?
NDA
BYOD
MSDS
MSDS
Material safety data sheets (MSDSs) are documents created by manufacturers of chemical, electrical, and mechanical products, which specify the potential risks and dangers associated with them, particularly in regard to flammability and the possibility of toxic outgassing. A properly documented network should have MSDS documents on file for all of the chemical and hardware products used to build and maintain it. MSDSs can be obtained from manufacturer or the Environmental Protection Agency (EPA). Electrostatic discharges (ESDs), nondisclosure agreements (NDAs), and Bring Your Own Device (BYOD) policies are not concerned with the dangers inherent in building contents
You have been asked to draft an acceptable use policy (AUP) for new hires at your company to sign, which specifies what they can and cannot do when working with the company’s computers and network. Which of the following is not one of the provisions typically found in this type of document?
Privacy
Illegal use
Upgrades
Upgrades
Software and hardware upgrades are typically not part of an AUP because they are handled by the company’s IP personnel. An AUP for a company typically includes a clause indicating that users have no right to privacy for anything they do using the company’s computers, including email and data storage. An AUP usually specifies that the company is the sole owner of the computer equipment and any proprietary company information stored on it or available through it. The AUP prohibits the use of its computers or network for any illegal practices, typically including spamming, hacking, or malware introduction or development
You are starting a new job, and the company’s Human Resources person has asked you to sign an acceptable use policy (AUP) regarding computer and network use. The document includes a privacy clause. Which of the following are specifications you can expect to find in this clause? (Choose all correct answers.)
Any emails you send or receive can be monitored by the company at any time.
All files and data that you store on company computers must be accessible to the company for scanning and monitoring.
All work that you perform for the company becomes the sole property of the company, including copyrights and patents.
All hardware, software, and any proprietary data stored on the company’s computers remains the property of the company.
Any emails you send or receive can be monitored by the company at any time.
All files and data that you store on company computers must be accessible to the company for scanning and monitoring.
Clauses regarding company property, including the copyrights and patents for the work performed for the company, typically do appear in an AUP but not in the privacy clause. This information would be more likely to appear in an ownership clause. The privacy clause commonly explains that the company has the right to access and monitor anything stored on its computers
Which of the following tasks is not considered to be part of an IT department’s incident response policy?
Containing the damage caused by an incident
Repairing the damage caused by an incident
Rebuilding an infrastructure destroyed by an incident
Rebuilding an infrastructure destroyed by an incident
Once a network infrastructure has been partially or completely destroyed, it is no longer a matter of incident response; it passes over into disaster recovery, which requires a different set of policies. Stopping, containing, and remediating an incident are all considered incident response policies
Which of the following are occurrences that are typically addressed by an IT department’s incident response policies? (Choose all correct answers.)
Denial-of-service attack
Hard disk failure
Electrical fire
Server outage
Denial-of-service attack
Hard disk failure
Server outage
Attacks, hardware failures, and crashes are all events that can be addressed by incident response policies that define what is to be done to analyze and remediate the problem. An electrical fire is typically not something that would be addressed by an IT department’s incident response team; it is a job for trained firefighters. Once the fire is out, the company’s response falls under the heading of disaster recovery
Which of the following terms would apply to the procedure of adding a user’s personal smartphone to the network under a Bring Your Own Device (BYOD) policy?
Out-of-band
On-boarding
In-band
On-boarding
The process of adding a user’s personal device and allowing it to access the company network is called on-boarding. Removing the personal device from the network would be called off-boarding. In-band and out-of-band are terms defining methods for gaining administrative access to a managed network device
Your company has been acquired by another firm and, as IT director, you will have to comply with the new firm’s safety policies in your datacenter and other IT workspaces. One of the new requirements states that there must be a fail closed policy for the datacenter. Which of the following best describes what this policy dictates should occur in the event of an emergency?
All computers that are logged on should automatically log off.
All computers that are running should automatically shut down.
All doors that are normally open should lock themselves.
All doors that are normally open should lock themselves.
A fail closed policy for the datacenter specifies that any open doors should lock themselves in the event of an emergency. To support this policy, the datacenter will have to have a self-contained fire suppression system, which uses devices such fire detectors and oxygen-displacing gas systems.
You are the first responder to an incident of computer crime at your company. The datacenter’s security has been penetrated, a server accessed, and sensitive company data stolen. The company’s incident response policy lists the specific tasks that you are responsible for performing. Which of the following are likely to be among those tasks? (Choose all correct answers.)
Turn off the server.
Secure the area.
Document the scene.
Collect evidence.
Cooperate with the authorities.
Secure the area.
Document the scene.
Collect evidence.
Cooperate with the authorities.
While securing the area to prevent contamination of evidence, documenting the scene with photographs or video, collecting any evidence that might be visible, and cooperating with the authorities are tasks that are likely to be in the company’s incident response policy, turning off the server most certainly would not, because this could disturb or delete evidence of the crime
Password policies frequently require users to specify complex passwords. Which of the following are characteristic of a complex password?
Passwords that contain mixed upper- and lowercase letters numbers, and symbols
Passwords that exceed a specific length
Passwords that do not duplicate a specific number of the user’s previous passwords
Passwords that contain mixed upper- and lowercase letters numbers, and symbols
Although all of the options are characteristics of a strong password, the definition of a complex password is one that expands the available character set by using a mixture of upper- and lowercase letters, numerals, and symbols. The larger the character set used to create passwords, the more difficult they are to guess
Password policies that contain a history requirement typically have which of the following limitations?
Users cannot reuse recent passwords.
Users cannot create passwords containing names of relatives.
Users cannot create passwords containing names of historical figures.
Users cannot reuse recent passwords.
A history requirement in a password policy prevents users from specifying any one of their most recently used passwords. Although creating passwords using the names of relatives and historical figures is not recommended, it is not something that is easy to prevent. Each user maintains his or her own password history; there is no conflict with the passwords of other users
Account lockout policies are designed to protect against which of the following types of attacks?
Social engineering
Spoofing
Brute force
Brute force
A brute-force password attack is one in which the perpetrator tries as many passwords as possible in an effort to guess or deduce the right one. Account lockout policies are intended to prevent this type of attack by limiting the number of incorrect password attempts
Which of the following types of password policy are designed to prevent brute-force attacks? (Choose all correct answers.)
Password length policies
Account lockout policies
Password history policies
Complex password policies
Password length policies
Account lockout policies
Complex password policies
A brute-force password attack is one in which the perpetrator tries as many passwords as possible in an effort to guess or deduce the right one. Password length and complexity policies produce passwords that are harder to guess, making the attack statistically less likely to succeed. Account lockout policies are intended to prevent brute-force attacks by limiting the number of incorrect password attempts. Password history policies do not help to prevent brute-force attacks
Which of the following is not likely to be a procedural element of an IP asset disposal policy?
Data deletion
Recycling
Data preservation
Data preservation
An IT asset disposal policy typically includes procedures to be performed on assets that have reached the end of their useful lives and that are ready for final processing. This includes the wiping of all data, the completion of inventory records, and the possible recycling of the asset. The policy assumes that all data requiring preservation has already been preserved before the asset is submitted for disposal. Therefore, data preservation procedures are not needed at this phase
