Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA CASP+ > Policies, Procedures, and Incident Response > Flashcards

Policies, Procedures, and Incident Response Flashcards

1
Q 
Which of the following controls requires two employees working together to complete an action? 
A. Two-man process 
B. Job rotation 
C. Principle of least privilege 
D. Dual control
A

D. Dual control requires two employees working together to complete a task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
As the security administrator for your organization, you have decided to restrict access to the Internet to only those who have an approved need. Which practice does this describe? 
A. Two-man process 
B. Job rotation 
C. Principle of least privilege 
D. Dual control
A

C. The principle of least privilege is the practice of limiting access to the minimum level that is needed for an employee or contractor to complete their work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Your company started moving individuals in sensitive positions from one set of job tasks to another every six months. This type of control is known as which one of the following? 
A. Two-man process 
B. Job rotation 
C. Principle of least privilege 
D. Dual control
A

B. Job rotation is the practice of moving employees from one area to another. It provides cross-training and also makes it harder for an employee to hide their actions. In addition, it decreases the chance that an area of the company could be seriously and negatively affected if someone leaves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
A manager at your organization is interviewing potential employees and has asked you to find out some background information. Which of the following should you not research? 
A. Education 
B. References 
C. Marriage status 
D. Claimed certifications
A

C. Although some items are acceptable for questions, others such as race, marital status, and religious preference are not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When is the best time to terminate an employee’s access?
A. At the time of dismissal
B. At the end of the day
C. One week after termination
D. At the beginning of the worker’s shift before dismissal

A

A. There are many theories about the best day of the week and time of day to terminate an employee, but whenever it is done, access needs to be restricted at the time of dismissal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
Which of the following documents is used to support an SLA? 
A. MOU 
B. OLA 
C. MBA 
D. NDA
A

B. OLAs work in conjunction with SLAs in that they support the SLA process. The OLA defines the responsibilities of each partner’s internal support group. So, whereas the SLA may promise no more than five minutes of downtime, the OLA defines what group and resources are used to meet the specified goal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
Your company recently changed firewalls and is now using another vendor’s product. Which document would see the most change? 
A. Policy 
B. Procedure 
C. Guideline 
D. Baseline
A

B. If your company changed from one firewall to another, the document that would change the most would be the procedure. Procedures offer step-by-step instructions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
Which of these documents is considered high-level and communicates the wishes of management? 
A. Policy 
B. Procedure 
C. Guideline 
D. Baseline
A

A. Policy is high level and communicates management’s wishes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Which of the following groups is ultimately responsible for a security policy? 
A. Employees 
B. Managers 
C. CSO 
D. Senior management
A

D. Senior management is ultimately responsible. In cases of neglect, these individuals may potentially face criminal or civil charges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
In relation to the incident response process, what term best describes noticing the occurrence of a false positive trigger of an IDS? 
A. Trigger 
B. Incident 
C. Event 
D. Alarm
A

C. An event is described as a noticeable occurrence, whereas an incident is a violation of law, policy, or standard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
Which of the following is a forensic process best described as the actions taken to guard, control, and secure evidence? 
A. Locking 
B. Analysis 
C. Tracking 
D. Chain of custody
A

D. Chain of custody must be followed for evidence to be legally admissible in court. This phrase describes the documentation of the seizure, custody, control, transfer, analysis, and disposition of evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q 
Which of the following is the last step in the incident response process? 
A. Containment and mitigation 
B. Lessons learned 
C. Identification and evaluation 
D. Eradication and recovery
A

B. The last step of the incident response process is lessons learned. No one wants to repeat bad events, and as such, the lessons of the incident should be applied to attempt to prevent the incident from happening again.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
You have been asked to work on a team responsible for a forensic analysis. Which of the following is the best order of analysis? 
A. RAM, hard drive, DVD 
B. Hard drive, thumb drive, RAM 
C. Hard drive, CD, DVD, RAM 
D. Hard drive, RAM, DVD, CD
A

A. During a forensic investigation, the process should always move from most volatile to least volatile. As such, the proper process would be RAM, hard drive, and DVD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q 
Which of the following documents best fits the description of a step-by-step guide? 
A. Baseline 
B. Policy 
C. Procedure 
D. Guideline
A

C. A procedure is best described as a step-by-step guide.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
Which of the following audits is performed to verify the protection mechanisms provided by information systems and related systems? 
A. Operational audit 
B. Information system audit 
C. Security audit 
D. Forensic audit
A

B. An information security audit is performed to verify the protection mechanisms provided by information systems and related systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is not a defense against dumpster diving?
A. Having a corporate policy regarding data destruction
B. Shredding sensitive documents
C. Locking and securing trash receptacles and areas
D. Having trash removed by authorized personnel

A

D. While having trash removed by authorized personnel is a good idea, by itself it does not offer a valid defense.

17
Q

Which of the following would an organization’s security policy statement not define?
A. The high-level view of management
B. The security goals of the organization
C. Step-by-step instructions on how to encrypt data
D. What areas of IT security the organization considers important

A

C. The organization’s security policy statement provides a broad overview of objectives and does not address low-level topics such as what technology is used to encrypt data.

18
Q

Your company is considering a policy on social engineering and how employees can avoid phishing attacks. Which of the following techniques would you not recommend?
A. Anti-phishing software
B. Digital certificates
C. Having the policy state that employees should never respond to emails requesting personal information
D. Advising employees to avoid using public Wi-Fi and free Internet

A

D. Although it could be seen as good policy to advise employees to practice caution when using free wireless Internet, this would do little to prevent a phishing attack.

19
Q 
Which of the following is the best example of an attack that cannot be defended against by end-user policies and education? 
A. Dumpster diving 
B. Buffer overflow 
C. Shoulder surfing 
D. Social engineering
A

B. Buffer overflows cannot be defended against by end-user policies and education.

20
Q

Which of the following is not a reason companies implement mandatory vacations?
A. To decrease the ability to commit fraud undetected
B. To decrease the chance that an area could be seriously and negatively affected if someone leaves the organization
C. To ensure that employees are well-rested
D. To allow for times to perform audits and reviews in the employee’s absence

A

C. There are many reasons a security professional would want an employee to take a vacation, but the least important would be to ensure that the employee is well rested.

21
Q 
Which of the following agreements serves as a top-level baseline for project-specific agreements? 
A. Operating level agreement (OLA) 
B. Service level agreement (SLA) 
C. Master service agreement (MSA) 
D. Business partnership agreement (BPA)
A

C. The master service agreement (MSA) is a top-level set of terms that serves as a baseline for all future work as well as more specific agreements.

CompTIA CASP+ (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions