Risk Management (1) Flashcards
You are a manager of a bank and you suspect one of your tellers has stolen money from their station. After talking with your supervisor, you place the employee on leave with pay, suspend their computer account, and obtain their proximity card and keys to the building. Which of the following policies did you follow?
Mandatory vacations
Exit interviews
Adverse actions
Adverse actions
Adverse actions are administrative actions that are placed against employees. These actions include letters of reprimand, leave with or without pay, or termination. Along with these actions the policy should include actions such as disabling user accounts and revoking privileges, such as access to facilities to prevent data from being compromised. When an employee has been placed with administrative actions, the company shouldn’t worry about vindictive actions they will take against the company
Which of the following principles stipulates that multiple changes to a computer system should not be made at the same time?
Due diligence
Acceptable use
Change management
Change management
Change management is the process of documenting all changes made to a company’s network and computers. Avoiding making changes at the same time makes tracking any problems that can occur much simpler
Why are penetration test often not advised?
It can be disruptive for the business activities.
It’s able to find both known and unknown hardware or software weaknesses.
It permits the exploration of real risks and gives a precise depiction of a company’s IT infrastructure security posture at any given time.
It can be disruptive for the business activities.
The main reason to avoid penetration tests is answer A. It’s advised to perform vulnerability test often rather than penetration tests. Pentests can cause disruption to businesses. This is the main focus of the question
You are a security engineer and discovered an employee using the company’s computer systems to operate their small business. The employee installed their personal software on the company’s computer and is using the computer hardware, such as the USB port. What policy would you recommend the company implement to prevent any risk of the company’s data and network being compromised?
Acceptable use policy
Clean desk policy
Mandatory vacation policy
Acceptable use policy
Acceptable use policy is a document stating what a user may or may not have access to on a company’s network or the Internet
What should be done to back up tapes that are stored off-site?
Generate a file hash for each backup file.
Scan the backup data for viruses.
Encrypt the backup data.
Encrypt the backup data.
Encrypting the backup data before storing it off-site ensures data confidentiality
Which recovery site is the easiest to test?
Warm site
Cold site
Hot site
Hot site
A hot site contains all of the alternate computer and telecommunication equipment needed in a disaster. Testing this environment is simple
Katelyn is a network technician for a manufacturing company. She is testing a network forensic capturing software and plugs her laptop into an Ethernet switch port and begins capturing network traffic. Later she begins to analyze the data and notices some broadcast and multicast packets, as well as her own laptop’s network traffic. Which of the following statements best describes why Katelyn was unable to capture all network traffic on the switch?
Each port on the switch is an isolated broadcast domain.
Each port on the switch is an isolated collision domain.
Promiscuous mode must be enabled on the NIC.
Each port on the switch is an isolated collision domain.
Switches forwards data only to the devices that need to receive it, so when capturing network traffic the computer will see only broadcast and multicast packets along with traffic being sent and received to the connected computer
Which of the following is not a step of the incident response process?
Snapshot
Preparation
Recovery
Snapshot
A snapshot is the state of a system at a particular point in time. It’s also known as a system image and is not a step in the incident response process
Which of the following is another term for technical controls?
Access controls
Logical controls
Detective controls
Logical controls
Technical controls are used to restrict data access and operating system components, security applications, network devices, and encryption techniques. Logical controls use authentication mechanisms
You are a security manager for your company and need to reduce the risk of employees working in collusion to embezzle funds. Which of the following policies would you implement?
Mandatory vacations
Clean desk
NDA
Mandatory vacations
Companies will use mandatory vacations policies to detect fraud by having a second person, familiar with the duties, help discover any illicit activities
You are a security administrator, and your manager has asked you about protecting the privacy of personally identifiable information (PII) that is collected. Which of the following would be the best option to fulfill the request?
PIA
BIA
RTO
PIA
Privacy impact assessment (PIA) is a measurement of how a company can keep private information safe while the company is in possession of PII
Which of the following plans best identifies critical systems and components to ensure the assets are protected?
DRP
BCP
IT contingency plan
BCP
A business continuity plan is a policy that describes and approves the company’s overall business continuity strategy. This also includes identifying critical systems to protect
After your company implemented a clean desk policy, you have been asked to secure physical documents every night. Which of the following would be the best solution?
Department door lock
Locking cabinets and drawers
Proximity card
Locking cabinets and drawers
Locking cabinets and drawers is the best solution because the employee would be the only one with a key
Your manager has instructed the team to test certain systems based on the business continuity plan to ensure they are operating properly. The manager wants to ensure there are no overlaps in the plan before implementing the test. Which continuity of operation planning concept is your manager referring to?
After-action report
Eradication
Tabletop exercise
Tabletop exercise
The tabletop exercise test is considered a cost-effective and efficient way to identify areas of overlaps in a plan before implementing a test
Which of the following is an example of PHI?
Passport number
Criminal record
Fingerprints
Fingerprints
Fingerprints are considered PHI (Protected Health Information), according to HIPPA rules
Which of the following techniques attempts to predict the likelihood a threat will occur and assigns monetary values should a loss occur?
Vulnerability assessment
Qualitative risk assessment
Quantitative risk assessment
Quantitative risk assessment
Quantitative risk assessment is the process of assigning numerical values to the probability an event will occur and what the impact of the event will have
Your competitors are offering a new service that is predicted to sell strong. After much careful research, your company has decided not to launch a competing service due to the uncertainty of the market and the enormous investment required. Which of the following best describes the company’s decision?
Risk transfer
Risk avoidance
Risk acceptance
Risk avoidance
Risk avoidance is a strategy to deflect threats in order to avoid the costly and disruptive consequences of a damaging event. It also attempts to minimize vulnerabilities that can pose a threat
Which of the following agreements is less formal than a traditional contract but still has a certain level of importance to all parties involved?
BPA
ISA
MOU
MOU
A memorandum of understanding (MOU) is a type of agreement that is usually not legally binding. This agreement is intended to be mutually beneficial without involving courts or money
Your company is considering moving its mail server to a hosting company. This will help reduce hardware and server administrator costs at the local site. Which of the following documents would formally state the reliability and recourse if the reliability is not met?
MOU
SLA
ISA
SLA
A SLA (service level agreement) defines the level of service the customer expects from the service provider. The level of service definitions should be specific and measurable in each area
You have an asset that is valued at $16,000, the exposure factor of a risk affecting that asset is 35%, and the annualized rate of occurrence if 75%. What is the SLE?
$5,600
$5,000
$4,200
$5,600
The single loss expectancy (SLE) is the product of the value ($16,000) and the exposure factor (.35), or $5,600
During a meeting, you present management with a list of access controls used on your network. Which of the following controls is an example of a corrective control?
IDS
Audit logs
Antivirus software
Antivirus software
Antivirus is an example of a corrective control. A corrective control is designed to correct a situation
You are the new security administrator and have discovered your company lacks deterrent controls. Which of the following would you install that satisfies your needs? (Choose two.)
Lighting
Motion sensor
No trespassing signs
Antivirus scanner
Lighting
No trespassing signs
A deterrent control is used to warn a potential attacker not to attack. Lighting added to the perimeter and warning signs such as a “no trespassing” sign are deterrent controls
Your company’s security policy includes system testing and security awareness training guidelines. Which of the following control types is this?
Preventive technical control
Detective administrative control
Preventive administrative control
Preventive administrative control
Testing and training are preventative administrative controls. Administrative controls dictate how security policies should be executed to accomplish the company’s security goals
Which step of the incident response process occurs after containment?
Recovery
Identification
Eradication
Eradication
Eradication is the next step after containment
You are a security administrator for your company and you identify a security risk. You decide to continue with the current security plan. However, you develop a contingency plan in case the security risk occurs. Which of the following type of risk response technique are you demonstrating?
Accept
Transfer
Avoid
Accept
Risk acceptance is a strategy of recognizing, identifying, and accepting a risk that is sufficiently unlikely or has limited impact that a corrective control is not warranted
Which of the following best visually shows the state of a computer at the time it was collected by law enforcement?
Screenshots
Identification
Tabletop exercise
Screenshots
Taking screenshots gives an investigator a useful way to collect information on a computer screen. Screenshots can be acquired in many ways and allow the investigator to reproduce what happened on the screen
You are asked to protect the company’s data should a complete disaster occur. Which action would be the best option for this request?
Back up all data to tape, and store those tapes at an alternate location within the city.
Back up all data to tape, and store those tapes at an alternate location in another city.
Back up all data to disk, and store the disk in a safe in the company’s basement.
Back up all data to tape, and store those tapes at an alternate location in another city.
Storing backup data at an alternate site in another city will help protect the data if there were a complete disaster at the primary location. Storing backups outside of the original location is known as off-site backups. Also, the distance associated with an off-site backup can be a logistics challenge
Which of the following would not be a purpose of a privacy threshold analysis?
Identify programs and systems that are privacy-sensitive.
Demonstrate the inclusion of privacy considerations during the review of a program or system.
Identify systems that are considered a single point of failure.
Identify systems that are considered a single point of failure.
Identifying systems that are considered a single point of failure is not a purpose of PTA
You have purchased new laptops for your salespeople. You plan to dispose of the hard drives of the former laptops as part of a company computer sale. Which of the following methods would you use to properly dispose of the hard drives?
Destruction
Shredding
Purging
Purging
Purging removes all the data from a hard drive and the data cannot be rebuilt
You are the head of the IT department of a school and are looking for a way to promote safe and responsible use of the Internet for students. With the help of the teachers, you develop a document for students to sign that describes methods of accessing the Internet on the school’s network. Which of the following best describes this document?
Service level agreement
Acceptable use policy
Incident response plan
Acceptable use policy
An acceptable use policy describes the limits and guidelines for users to make use of an organization’s physical and intellectual resources. This includes allowing or limiting the use of personal email during work hours
