Operations and Incident Response

Question 1

What should you identify about a user before implementing the principle of least privilege?

Answer 1

User’s job function

Question 2

To provide checks and balances and to prevent one person from gaining too much power over a system, which type of security policy should you implement?

Answer 2

Separation of duties

Question 3

What are the three basic questions answered by the chain of custody?

Answer 3

• Who controlled the evidence
• Who secured the evidence
• Who obtained the evidence

Question 4

Which policy should be reviewed by the security administrator to determine what data is allowed to be collected from users of the corporate Internet-facing Web application?

Answer 4

Company’s privacy policy

Question 5

What document lists the steps to take in case of a disaster to your main IT site?

Answer 5

Disaster Recovery Plan (DRP)

Question 6

Why should a first responder be familiar with the incident response plan?

Answer 6

To ensure that the appropriate procedures are followed

Question 7

What is the proper life cycle of evidence steps?

Answer 7

Collection, analysis, storage, court presentation, and return to owner

Question 8

What must you do for an effective security auditing policy, besides creating security logs?

Answer 8

Analyze the logs

Question 9

Which assessment examines whether network security practices follow a company’s security policy?

Answer 9

Audit

Question 10

Who is responsible for most security incidents in an organization?

Answer 10

Employees

Question 11

What is meant by the term legal hold?

Answer 11

A process that an organization uses to preserve all forms of relevant information when preservation is needed for litigation

Question 12

Why should the proper chain of custody be ensured?

Answer 12

So that evidence will be admissible in court

Question 13

What is wireshark?

Answer 13

A protocol analyzer or packet sniffer

Question 14

Which policy defines the technical means that are used to protect data on a network?

Answer 14

Security policy

Question 15

According to the CompTIA Security+ blueprint, what are the six steps in the incident response process?

Answer 15

1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery

Question 16

Which log in Event View should you open to view events that are generated based on your auditing settings?

Answer 16

Security log

Question 17

When evidence is seized, which principle should be emphasized?

Answer 17

Chain of custody

Question 18

What is the primary goal of business continuity planning?

Answer 18

Maintain the organization

Question 19

Which document is used when it is necessary to invoke legal action against an employee for inappropriate use of computer resources?

Answer 19

Acceptable use policy

Question 20

What is the name of the process for removing only the incriminating data from the audit logs

Answer 20

Scrubbing

Question 21

What are correlation engines

Answer 21

Applications that examine relationships between entries in firewall logs to understand possible attacks

Question 22

What is the name of the group of people appointed to respond to security incidents?

Answer 22

Incident response team

Question 23

Which security measure prevents fraud by reducing the chances of collision?

Answer 23

Separation of duties

Question 24

Which team is responsible for restoring critical business functions at an alternate site in the event of disruption?

Answer 24

Recovery team

Question 25

Which principle ensures that users are given the most restrictive user rights to complete their authorized job duties?

Answer 25

The principle of least privilege

Question 26

Which tool should you use to retrieve the contents of a FET request: a protocol analyzer or port scanner?

Answer 26

A protocol analyzer

Question 27

What is the name of the security process that involves recognition, verification, classification, containment, and analysis?

Answer 27

An incident response

Question 28

What is incident management?

Answer 28

The activities of an organization to identify, analyze, and correct risks as they are identified