Practice Test 1 Flashcards
You have an asset that is valued at $1,000. The EF for this asset is 10 percent. The ARO is 2. What is the ALE?
The ALE is $200. The ALE is the ARO × SLE. The SLE is EF × AV. In this question, you have two equations to solve. The SLE is 10% × $1,000, which is $100. The ALE is 2 × $100.
You are a consultant for a cybersecurity firm and have been tasked with quantifying risks associated with information technology when validating the abilities of new security controls and countermeasures. What is the best way to identify the risks?
Threat and Risk Assessment. Threat and risk assessments are the best way to identify the risks this company is facing. Pentesting will come after the controls are in place.
Which security program is designed to provide employees with the knowledge they need to fulfill their job requirements and protect the organization?
Training. Training is the first line of defense against security risks. You cannot protect what you do not know exists. You will need training for compliance with regulatory requirements as well as organizational objectives. Awareness is achieved through cultural attitudes combined with training.
Alice discovered a meterpreter shell running a keylogger on the CFO’s laptop. What security tenet is the keylogger mostly likely to break?
Confidentiality. A keylogger, by its very nature, is meant to steal the keystrokes that the victim makes on the keyboard. Using this information, the attacker can replay websites, usernames, and passwords typed in by the victim.
You are a security administrator for a network that uses Fibre Channel over Ethernet (FCoE). The network administrator would like to access raw data from the storage array and restore it to yet another host. Which of the following might be an issue to availability?
The data might not be in the same format and not be able to be restored to a different application.
As a network administrator, you are asked to connect a server to a storage-attached network. If availability and access control are the most important, which of the following fulfills the requirements?
Installing an HBA in the server, creating a LUN on the SAN.HBA is a host bus adapter. It is a hardware device, like a circuit board, that provides connectivity between a server and storage-attached network used to improve performance. LUN storage is important to the configuration. A LUN is a unique identifier given to separate devices so that they can be accessed in a storage disk array.
Which of the following confidentiality security models ensures that a subject with clearance level of Secret can write only to objects classified as Secret or Top Secret?
Bell-LaPadula. The goal of the confidentiality model Bell–LaPadula is to keep secret data secret and share secret data when it is allowed to be shared.
Your organization needs a security model for integrity where the subject cannot send messages to object of higher integrity. Which of the following is unique to the Biba model and will accommodate that need?
Invocation. The Biba model is a state transition system for computer security. Data is grouped into ordered levels of integrity. The model was created so that subjects cannot corrupt the data. Invocation properties mean that a process from below cannot even request a higher access. It can only work with the same or lower levels. (Think of it as the inverse of Bell–LaPadula, which deals with security and people.)
You need to assign permissions so that users can access only the resources they need to complete specific tasks. Which security tenet did you use to meet the need?
Least Privilege. Least privilege is assigning permissions so that users can access only those resources required to do their job. Job rotation, need to know, and separation of duties are also important to security. Job rotation avoids single points of failure, need to know promotes confidentiality, and separation of duties gives clear and direct roles to employees.
You are tasked with hiring a third party to perform a security assessment of your manufacturing plant. What type of testing gives the most neutral review of your security profile?
Gray Box. A gray-box test is performed with limited knowledge. Gray-box testing is a good way of finding security flaws in programs. It can assist in discovering bugs or exploits due to incorrect code structure or incorrect use of applications. By combining white-box and black-box testing, gray-box testing tries to get the best out of the two techniques. A white-box test is performed with complete and full internal knowledge. Black-hat hackers have extensive knowledge about breaking into systems, which is usually for financial gain. Yes, there are blue-hat hackers. A blue-hat hacker is someone who typically tests systems before they launch, looking for bugs.
Alice needs some help developing security policy documentation. She turns to you for help in developing a document that contains instructions or information on how to remain in compliance with regulations. What document do you need to develop?
Standards. A standard is a kind of security policy that defines how to remain in compliance with best practices and industry standards. Procedures are the step-by-step instructions on how to implement those best practices. Guidelines are used to create the procedures. Policies are at the highest level and describe the mission and goals. Policies are usually nonspecific and goal-oriented.
Prioritization is an important part of your job as a security analyst. You are trying to calculate the ALE for all assets and risks. What purpose will this serve?
To prioritize countermeasures. The focus of ALE calculations is to prioritize countermeasures. A countermeasure is an action taken to counteract a danger or threat. The asset-risk pair with the largest ALE should be dealt with first.
One of the software developers made a change in code that unintentionally diminishes security. Which of the following change control processes will be most effective in this situation?
Rollback. A rollback is a change control process that makes it possible to roll back any change that has a negative effect.
Your external auditor submitted the final report to the board of directors and upper management. Who is responsible for implementing the recommendations in this report?
Senior Management. Senior management is always responsible for security within an organization. They are responsible for following the recommendations of the auditor.
A security vulnerability was discovered while a system went through the accreditation process. What action should come next?
A. Start the accreditation process over again once the issue is fixed.
B. Restart the accreditation process from when the issue was discovered.
C. Reimage the system and start the accreditation process from the beginning.
D. Reimage the system and start from the current point.
