Risk Management (1)

Question 1

You are a manager of a bank and you suspect one of your tellers has stolen money from their station. After talking with your supervisor, you place the employee on leave with pay, suspend their computer account, and obtain their proximity card and keys to the building. Which of the following policies did you follow?

Mandatory vacations

Exit interviews

Adverse actions

Answer 1

Adverse actions

Adverse actions are administrative actions that are placed against employees. These actions include letters of reprimand, leave with or without pay, or termination. Along with these actions the policy should include actions such as disabling user accounts and revoking privileges, such as access to facilities to prevent data from being compromised. When an employee has been placed with administrative actions, the company shouldn’t worry about vindictive actions they will take against the company

Question 2

Which of the following principles stipulates that multiple changes to a computer system should not be made at the same time?

Due diligence

Acceptable use

Change management

Answer 2

Change management

Change management is the process of documenting all changes made to a company’s network and computers. Avoiding making changes at the same time makes tracking any problems that can occur much simpler

Question 3

Why are penetration test often not advised?

It can be disruptive for the business activities.

It’s able to find both known and unknown hardware or software weaknesses.

It permits the exploration of real risks and gives a precise depiction of a company’s IT infrastructure security posture at any given time.

Answer 3

It can be disruptive for the business activities.

The main reason to avoid penetration tests is answer A. It’s advised to perform vulnerability test often rather than penetration tests. Pentests can cause disruption to businesses. This is the main focus of the question

Question 4

You are a security engineer and discovered an employee using the company’s computer systems to operate their small business. The employee installed their personal software on the company’s computer and is using the computer hardware, such as the USB port. What policy would you recommend the company implement to prevent any risk of the company’s data and network being compromised?

Acceptable use policy

Clean desk policy

Mandatory vacation policy

Answer 4

Acceptable use policy

Acceptable use policy is a document stating what a user may or may not have access to on a company’s network or the Internet

Question 5

What should be done to back up tapes that are stored off-site?

Generate a file hash for each backup file.

Scan the backup data for viruses.

Encrypt the backup data.

Answer 5

Encrypt the backup data.

Encrypting the backup data before storing it off-site ensures data confidentiality

Question 6

Which recovery site is the easiest to test?

Warm site

Cold site

Hot site

Answer 6

Hot site

A hot site contains all of the alternate computer and telecommunication equipment needed in a disaster. Testing this environment is simple

Question 7

Katelyn is a network technician for a manufacturing company. She is testing a network forensic capturing software and plugs her laptop into an Ethernet switch port and begins capturing network traffic. Later she begins to analyze the data and notices some broadcast and multicast packets, as well as her own laptop’s network traffic. Which of the following statements best describes why Katelyn was unable to capture all network traffic on the switch?

Each port on the switch is an isolated broadcast domain.

Each port on the switch is an isolated collision domain.

Promiscuous mode must be enabled on the NIC.

Answer 7

Each port on the switch is an isolated collision domain.

Switches forwards data only to the devices that need to receive it, so when capturing network traffic the computer will see only broadcast and multicast packets along with traffic being sent and received to the connected computer

Question 8

Which of the following is not a step of the incident response process?

Snapshot

Preparation

Recovery

Answer 8

Snapshot

A snapshot is the state of a system at a particular point in time. It’s also known as a system image and is not a step in the incident response process

Question 9

Which of the following is another term for technical controls?

Access controls

Logical controls

Detective controls

Answer 9

Logical controls

Technical controls are used to restrict data access and operating system components, security applications, network devices, and encryption techniques. Logical controls use authentication mechanisms

Question 10

You are a security manager for your company and need to reduce the risk of employees working in collusion to embezzle funds. Which of the following policies would you implement?

Mandatory vacations

Clean desk

NDA

Answer 10

Mandatory vacations

Companies will use mandatory vacations policies to detect fraud by having a second person, familiar with the duties, help discover any illicit activities

Question 11

You are a security administrator, and your manager has asked you about protecting the privacy of personally identifiable information (PII) that is collected. Which of the following would be the best option to fulfill the request?

PIA

BIA

RTO

Answer 11

PIA

Privacy impact assessment (PIA) is a measurement of how a company can keep private information safe while the company is in possession of PII

Question 12

Which of the following plans best identifies critical systems and components to ensure the assets are protected?

DRP

BCP

IT contingency plan

Answer 12

BCP

A business continuity plan is a policy that describes and approves the company’s overall business continuity strategy. This also includes identifying critical systems to protect

Question 13

After your company implemented a clean desk policy, you have been asked to secure physical documents every night. Which of the following would be the best solution?

Department door lock

Locking cabinets and drawers

Proximity card

Answer 13

Locking cabinets and drawers

Locking cabinets and drawers is the best solution because the employee would be the only one with a key

Question 14

Your manager has instructed the team to test certain systems based on the business continuity plan to ensure they are operating properly. The manager wants to ensure there are no overlaps in the plan before implementing the test. Which continuity of operation planning concept is your manager referring to?

After-action report

Eradication

Tabletop exercise

Answer 14

Tabletop exercise

The tabletop exercise test is considered a cost-effective and efficient way to identify areas of overlaps in a plan before implementing a test

Question 15

Which of the following is an example of PHI?

Passport number

Criminal record

Fingerprints

Answer 15

Fingerprints

Fingerprints are considered PHI (Protected Health Information), according to HIPPA rules

Question 16

Which of the following techniques attempts to predict the likelihood a threat will occur and assigns monetary values should a loss occur?

Vulnerability assessment

Qualitative risk assessment

Quantitative risk assessment

Answer 16

Quantitative risk assessment

Quantitative risk assessment is the process of assigning numerical values to the probability an event will occur and what the impact of the event will have

Question 17

Your competitors are offering a new service that is predicted to sell strong. After much careful research, your company has decided not to launch a competing service due to the uncertainty of the market and the enormous investment required. Which of the following best describes the company’s decision?

Risk transfer

Risk avoidance

Risk acceptance

Answer 17

Risk avoidance

Risk avoidance is a strategy to deflect threats in order to avoid the costly and disruptive consequences of a damaging event. It also attempts to minimize vulnerabilities that can pose a threat

Question 18

Which of the following agreements is less formal than a traditional contract but still has a certain level of importance to all parties involved?

BPA

ISA

MOU

Answer 18

MOU

A memorandum of understanding (MOU) is a type of agreement that is usually not legally binding. This agreement is intended to be mutually beneficial without involving courts or money

Question 19

Your company is considering moving its mail server to a hosting company. This will help reduce hardware and server administrator costs at the local site. Which of the following documents would formally state the reliability and recourse if the reliability is not met?

MOU

SLA

ISA

Answer 19

SLA

A SLA (service level agreement) defines the level of service the customer expects from the service provider. The level of service definitions should be specific and measurable in each area

Question 20

You have an asset that is valued at $16,000, the exposure factor of a risk affecting that asset is 35%, and the annualized rate of occurrence if 75%. What is the SLE?

$5,600

$5,000

$4,200

Answer 20

$5,600

The single loss expectancy (SLE) is the product of the value ($16,000) and the exposure factor (.35), or $5,600

Question 21

During a meeting, you present management with a list of access controls used on your network. Which of the following controls is an example of a corrective control?

IDS

Audit logs

Antivirus software

Answer 21

Antivirus software

Antivirus is an example of a corrective control. A corrective control is designed to correct a situation

Question 22

You are the new security administrator and have discovered your company lacks deterrent controls. Which of the following would you install that satisfies your needs? (Choose two.)

Lighting

Motion sensor

No trespassing signs

Antivirus scanner

Answer 22

Lighting

No trespassing signs

A deterrent control is used to warn a potential attacker not to attack. Lighting added to the perimeter and warning signs such as a “no trespassing” sign are deterrent controls

Question 23

Your company’s security policy includes system testing and security awareness training guidelines. Which of the following control types is this?

Preventive technical control

Detective administrative control

Preventive administrative control

Answer 23

Preventive administrative control

Testing and training are preventative administrative controls. Administrative controls dictate how security policies should be executed to accomplish the company’s security goals

Question 24

Which step of the incident response process occurs after containment?

Recovery

Identification

Eradication

Answer 24

Eradication

Eradication is the next step after containment

Question 25

You are a security administrator for your company and you identify a security risk. You decide to continue with the current security plan. However, you develop a contingency plan in case the security risk occurs. Which of the following type of risk response technique are you demonstrating?

Accept

Transfer

Avoid

Answer 25

Accept

Risk acceptance is a strategy of recognizing, identifying, and accepting a risk that is sufficiently unlikely or has limited impact that a corrective control is not warranted

Question 26

Which of the following best visually shows the state of a computer at the time it was collected by law enforcement?

Screenshots

Identification

Tabletop exercise

Answer 26

Screenshots

Taking screenshots gives an investigator a useful way to collect information on a computer screen. Screenshots can be acquired in many ways and allow the investigator to reproduce what happened on the screen

Question 27

You are asked to protect the company’s data should a complete disaster occur. Which action would be the best option for this request?

Back up all data to tape, and store those tapes at an alternate location within the city.

Back up all data to tape, and store those tapes at an alternate location in another city.

Back up all data to disk, and store the disk in a safe in the company’s basement.

Answer 27

Back up all data to tape, and store those tapes at an alternate location in another city.

Storing backup data at an alternate site in another city will help protect the data if there were a complete disaster at the primary location. Storing backups outside of the original location is known as off-site backups. Also, the distance associated with an off-site backup can be a logistics challenge

Question 28

Which of the following would not be a purpose of a privacy threshold analysis?

Identify programs and systems that are privacy-sensitive.

Demonstrate the inclusion of privacy considerations during the review of a program or system.

Identify systems that are considered a single point of failure.

Answer 28

Identify systems that are considered a single point of failure.

Identifying systems that are considered a single point of failure is not a purpose of PTA

Question 29

You have purchased new laptops for your salespeople. You plan to dispose of the hard drives of the former laptops as part of a company computer sale. Which of the following methods would you use to properly dispose of the hard drives?

Destruction

Shredding

Purging

Answer 29

Purging

Purging removes all the data from a hard drive and the data cannot be rebuilt

Question 30

You are the head of the IT department of a school and are looking for a way to promote safe and responsible use of the Internet for students. With the help of the teachers, you develop a document for students to sign that describes methods of accessing the Internet on the school’s network. Which of the following best describes this document?

Service level agreement

Acceptable use policy

Incident response plan

Answer 30

Acceptable use policy

An acceptable use policy describes the limits and guidelines for users to make use of an organization’s physical and intellectual resources. This includes allowing or limiting the use of personal email during work hours