Risk Management (2) Flashcards
You are the security administrator and have discovered a malware incident. Which of the following responses should you do first?
Recovery
Eradication
Containment
Containment
After identifying the malware incident, the next step you would perform based on the incident response process is to contain the malware to further study the incident and prevent it from spreading across the network
You are an IT administrator for a company and you are adding new employees to an organization’s identity and access management system. Which of the following best describes the process you are performing?
Onboarding
Offboarding
Adverse action
Onboarding
Onboarding is the process of adding an employee to a company’s identity and access management system
Your company is partnering with another company and requires systems to be shared. Which of the following agreements would outline how the shared systems should be interfaced?
BPA
SLA
ISA
ISA
An interconnection security agreement (ISA) is an agreement that specifies technical and security requirements for planning, establishing, maintaining, and disconnecting a secure connection between at least two companies
Mark is an office manager at a local bank branch. He wants to ensure customer information isn’t compromised when the deskside employees are away from their desks for the day. What security concept would Mark use to mitigate this concern?
Clean desk
Background checks
Continuing education
Clean desk
A clean desk policy ensures that all sensitive/confidential documents are removed from an end-user workstation and locked up when the documents are not in use
You are a security administrator and advise the web development team to include a CAPTCHA on the web page where users register for an account. Which of the following controls is this referring to?
Deterrent
Detective
Compensating
Deterrent
As users register for an account, they enter letters and numbers they are given on the web page before they can register. This is an example of a deterrent control as it prevents bots from registering and proves this is a real person
Which of the following is not a common security policy type?
Social media policy
Password policy
Parking policy
Parking policy
Parking policy generally outlines parking provisions for employees and visitors. This includes the criteria and procedures for allocating parking spaces for employees
As the IT security officer, you are configuring data label options for your company’s research and development file server. Regular users can label documents as contractor, public, or internal. Which label should be assigned to company trade secrets?
High
Top secret
Proprietary
Proprietary
Proprietary data is a form of confidential information, and if the information is revealed, it can have severe effects on the company’s competitive edge
Users are currently accessing their personal email through company computers, so you and your IT team have created a security policy for email use. What is the next step after creating and approving the email use policy?
Encrypt all user email messages.
Provide security user awareness training.
Provide every employee with their own device to access their personal email.
Provide security user awareness training.
Provide security user awareness training to all employees regarding the risk of using personal email through company computers. The ability to access personal email is a security risk because the company is unable to filter emails through the company’s Exchange server
Which of the following is not a physical security control?
Motion detector
Fence
Antivirus software
Antivirus software
Antivirus software is used to protect computer systems from malware and is not a physical security control
Which of the following might you find in a DRP?
Single point of failure
Prioritized list of critical computer systems
Exposure factor
Prioritized list of critical computer systems
A disaster recovery plan (DRP) is a plan that helps a company recover from an incident with minimal loss of time and money. It prioritizes critical computer systems
Your security manager wants to decide which risks to mitigate based on cost. What is this an example of?
Quantitative risk assessment
Qualitative risk assessment
Business impact analysis
Quantitative risk assessment
Quantitative risk assessment is the process of assigning numerical values to the probability an event will occur and what the impact of the event will have
Your company has outsourced its proprietary processes to Acme Corporation. Due to technical issues, Acme Corporation wants to include a third-party vendor to help resolve the technical issues. Which of the following must Acme Corporation consider before sending data to the third party?
This may constitute unauthorized data sharing.
This may violate the privileged user role-based awareness training.
This may violate a nondisclosure agreement.
This may violate a nondisclosure agreement.
A nondisclosure agreement (NDA) protects sensitive and intellectual data from getting into the wrong hands
Zack is a security administrator who has been given permission to run a vulnerability scan on the company’s wireless network infrastructure. The results show TCP ports 21 and 23 open on most hosts. What port numbers do these refer to? (Choose two.)
FTP
SMTP
Telnet
DNS
FTP
Telnet
FTP (File Transport Protocol) uses port 21 and Telnet uses port 23. These protocols are considered weak and are not recommended for use. They are susceptible to eavesdropping
Which of the following backup concepts is the quickest backup but slowest restore?
Incremental
Differential
Full
Incremental
Incremental backups are the quickest backup method but the slowest method to restore. Incremental backup backs up all new files and any files that have changed since the last full backup or incremental backup. To restore from incremental backups, you will need the full backup and every incremental backup in order
Which of the following operations should you undertake to avoid mishandling of tapes, removal drives, CDs, and DVDs?
Degaussing
Acceptable use
Data labeling
Data labeling
Data labeling policy includes how data is labeled such as confidential, private, or public. It should also include how the data is handled and disposed of for all classifications of data. Before data can be disposed of, you will need to destroy it with a data sanitization tool
Which of the following can be classified as a single point of failure?
A cluster
Load balancing
A configuration
A configuration
A single point of failure is a weakness in the design or configuration of a system in which one fault or malfunction will cause the whole system to halt operating
Which of the following are considered detective controls?
Closed-circuit television (CCTV)
Firewall
IPS
Closed-circuit television (CCTV)
Detective controls detect intrusion as it happens and uncovers a violation
Your CIO wants to move the company’s large sets of sensitive data to an SaaS cloud provider to limit the storage and infrastructure costs. Both the cloud provider and the company are required to have a clear understanding of the security controls that will be applied to protect the sensitive data. What type of agreement would the SaaS cloud provider and your company initiate?
BPA
SLA
ISA
ISA
An ISA (interconnection security agreement) is an agreement that specifies the technical and security requirements of the interconnection between organizations
Which of the following is typically included in a BPA?
Clear statements detailing the expectation between a customer and a service provider
The agreement that a specific function or service will be delivered at the agreed-upon level of performance
Sharing of profits and losses and the addition or removal of a partner
Sharing of profits and losses and the addition or removal of a partner
Sharing of profits and losses and the addition or removal of a partner are typically included in a BPA (business partner agreement). Also included are the responsibilities of each partner
Your team powered off the SQL database server for over 7 hours to perform a test. Which of the following is the most likely reason for this?
Business impact analysis
Succession plan
Continuity of operations plan
Continuity of operations plan
A continuity of operations plan focuses on restoring critical business functions after an outage to an alternate site. The plan will determine if a company can continue its operations during the outage
Which of the following role-based positions should receive training on how to manage a particular system?
Users
Privileged users
System owners
System owners
System owner is a type of employee who would receive role-based training on how best to manage a particular system
You maintain a network of 150 computers and must determine which hosts are secure and which are not. Which of the following tools would best meet your need?
Vulnerability scanner
Protocol analyzer
Port scanner
Vulnerability scanner
A vulnerability scanner attempts to identify weaknesses in a system
You have been instructed to introduce an affected system back into the company’s environment and be sure that it will not lead to another incident. You test, monitor, and validate that the system is not being compromised by any other means. Which of the incident response processes have you completed?
Lessons learned
Preparation
Recovery
Recovery
Recovery process brings affected systems back into the company’s production environment carefully to avoid leading to another incident
You discover that an investigator made a few mistakes during a recent forensic investigation. You want to ensure the investigator follows the appropriate process for the collection, analysis, and preservation of evidence. Which of the following terms should you use for this process?
Incident handling
Order of volatility
Chain of custody
Chain of custody
Chain of custody refers to the chronological documentation showing the custody, control, transfer, analysis, and disposition of physical or electronic evidence
ou receive a call from the help desk manager stating that there has been an increase in calls from users reporting their computers are infected with malware. Which of the following incident response steps should be completed first?
Containment
Eradication
Identification
Identification
The first response from the incident response should be identification. The malware needs to be identified as well as the computers
Which of the following are examples of custodian security roles? (Choose two.)
Human resources employee
Sales executive
CEO
Server backup operator
Human resources employee
Server backup operator
Custodians maintain access to data as well as the integrity
You are the network administrator of your company, and the manager of a retail site located across town has complained about the loss of power to their building several times this year. The branch manager is asking for a compensating control to overcome the power outage. What compensating control would you recommend?
Firewall
Security guard
Backup generator
Backup generator
A backup generator is a compensating control—an alternate control that replaces the original control when it cannot be used due to limitations of the environment
James is a security administrator and is attempting to block unauthorized access to the desktop computers within the company’s network. He has configured the computers’ operating systems to lock after 5 minutes of no activity. What type of security control has James implemented?
Preventive
Corrective
Deterrent
Preventive
Preventive controls stop an action from happening—in this scenario, preventing an unauthorized user from gaining access to the network when the user steps away
Which of the following terms best describes sensitive medical information?
AES
PHI
PII
PHI
PHI (protected health information) is any data that refers to health status, delivery of health care, or payment for health care that is gathered by a health care provider and can be linked to an individual according to U.S. law
An accounting employee changes roles with another accounting employee every 4 months. What is this an example of?
Separation of duties
Mandatory vacation
Job rotation
Job rotation
Job rotation allows individuals to see various parts of the organization and how it operates. It also eliminates the need for a company to rely on one individual for security expertise should the employee become disgruntled and decide to harm the company. Recovering from a disgruntled employee’s attack is easier when multiple employees understand the company’s security posture
