Practice Questions 49-60 Flashcards
You need to calculate the ALE for a server. The value of the server is $3,000 and it has failed 10 times in the past year. Each time it failed, it resulted in 10% loss. What is the ALE? A. $300 B. $500 C. $3,000 D. $30,000
The ALE is 3,000 . The SLE (300) x ARO (10%) = 300 ALE
A recent vulnerability scan reported that a web application server is missing some patches. However, after inspecting the server, you realize that the patches are for protocol that administrators removed from the server. Which is the BEST explanation for this disparity? A. False negative B. False positive C. Lack of patch management tools D. The patch isn't applied.
A false positive on a vulnerability scan indicated that a vulnerability is positively detected but the vulnerability doesn’t actually exists.
You suspect that a database server is being used by a web application does not have current patches. Which is the BEST action to take to verify the server has up-to-date patches? A. Network mapping B. Port Scan C. Protocol analyzer D. Vulnerability scan
A vulnerability scan determines if the system has current patches.
You suspect that a user is running an unauthorized AP within the organization's building. Which tool is the BEST choice to see if an unauthorized AP is operating on the network? A. Rouge system B. Wireless scanner C. Password cracker D. Penetration test
A wireless scanner can detect all of the wireless access points (APs) running on a network.
Your organization outsourced a development of a software module to modify the functionality of an existing proprietary application. The developer completed the module and is now testing it with he entire application. What type of testing is the developer performing? A. White box B. Black box C. Gray box D. Black hat
Gray box because the tester needs some knowledge of the application such as input and output data to develop and test the module.
Your coworker tells you how recent attacks on the network has been disrupting services and network have been disrupting services and network connectivity. He suggests that you use Nmap to run a vulnerability scan on the network and identify vulnerabilities. Which should you do FIRST?
A. Create a network map
B.. Locate a network map
C. Obtain an administrative account to run a credentialed scan
D. Obtain authorization
You need make sure you obtain authorization to perform any type of network scan.
Your organization's security policy states that administrators should follow the principal of least privilege. Which tools can ensure that administrators are following the policy? A. Permission auditing B. Risk Assessment C. Vulnerability assessment D. Threat assessment
A permission auditing review verifies users that have permission they need for their job and no more.
You need to secure access to a data center. Which choice provides the BEST physical security to meet this need? A. Biometrics B. Cable locks C. Mantraps D. CCTV
A biometrics reader used for access control, a mantrap, and a CCTV system all provide strong physical security for accessing a data center.
Your company wants to control access to a restricted area of the building by adding an additional physical security control that includes facial recognition. What provides the BEST solution? A. Bollards B. Guards C. Retina scanners D. Cameras
Guards can protect access to restricted areas with facial recognition and by checking identities of personnel before letting them in.
An organization needs to improve fault tolerance to increase data availability. However, the organization has a limited budget. Which is the BEST choice to meet the organization's need? A. RAID B. Backup system C. Hot and cold aisles D. UPS
RAID systems would provide fault tolerance for disk drives and increase data availability if drives fail.
You need to modify the network infrastructure to increase availability of web-based application for Internet clients. Which choice provides the BEST solution? A. Loan balancing B. Proxy server C. UTM D. Content inspection
Loan balancing solutions increase the availability of web-based solutions by spreading the load among multiple servers.
