Risk Management (2)

Question 1

You are the security administrator and have discovered a malware incident. Which of the following responses should you do first?

Recovery

Eradication

Containment

Answer 1

Containment

After identifying the malware incident, the next step you would perform based on the incident response process is to contain the malware to further study the incident and prevent it from spreading across the network

Question 2

You are an IT administrator for a company and you are adding new employees to an organization’s identity and access management system. Which of the following best describes the process you are performing?

Onboarding

Offboarding

Adverse action

Answer 2

Onboarding

Onboarding is the process of adding an employee to a company’s identity and access management system

Question 3

Your company is partnering with another company and requires systems to be shared. Which of the following agreements would outline how the shared systems should be interfaced?

BPA

SLA

ISA

Answer 3

ISA

An interconnection security agreement (ISA) is an agreement that specifies technical and security requirements for planning, establishing, maintaining, and disconnecting a secure connection between at least two companies

Question 4

Mark is an office manager at a local bank branch. He wants to ensure customer information isn’t compromised when the deskside employees are away from their desks for the day. What security concept would Mark use to mitigate this concern?

Clean desk

Background checks

Continuing education

Answer 4

Clean desk

A clean desk policy ensures that all sensitive/confidential documents are removed from an end-user workstation and locked up when the documents are not in use

Question 5

You are a security administrator and advise the web development team to include a CAPTCHA on the web page where users register for an account. Which of the following controls is this referring to?

Deterrent

Detective

Compensating

Answer 5

Deterrent

As users register for an account, they enter letters and numbers they are given on the web page before they can register. This is an example of a deterrent control as it prevents bots from registering and proves this is a real person

Question 6

Which of the following is not a common security policy type?

Social media policy

Password policy

Parking policy

Answer 6

Parking policy

Parking policy generally outlines parking provisions for employees and visitors. This includes the criteria and procedures for allocating parking spaces for employees

Question 7

As the IT security officer, you are configuring data label options for your company’s research and development file server. Regular users can label documents as contractor, public, or internal. Which label should be assigned to company trade secrets?

High

Top secret

Proprietary

Answer 7

Proprietary

Proprietary data is a form of confidential information, and if the information is revealed, it can have severe effects on the company’s competitive edge

Question 8

Users are currently accessing their personal email through company computers, so you and your IT team have created a security policy for email use. What is the next step after creating and approving the email use policy?

Encrypt all user email messages.

Provide security user awareness training.

Provide every employee with their own device to access their personal email.

Answer 8

Provide security user awareness training.

Provide security user awareness training to all employees regarding the risk of using personal email through company computers. The ability to access personal email is a security risk because the company is unable to filter emails through the company’s Exchange server

Question 9

Which of the following is not a physical security control?

Motion detector

Fence

Antivirus software

Answer 9

Antivirus software

Antivirus software is used to protect computer systems from malware and is not a physical security control

Question 10

Which of the following might you find in a DRP?

Single point of failure

Prioritized list of critical computer systems

Exposure factor

Answer 10

Prioritized list of critical computer systems

A disaster recovery plan (DRP) is a plan that helps a company recover from an incident with minimal loss of time and money. It prioritizes critical computer systems

Question 11

Your security manager wants to decide which risks to mitigate based on cost. What is this an example of?

Quantitative risk assessment

Qualitative risk assessment

Business impact analysis

Answer 11

Quantitative risk assessment

Quantitative risk assessment is the process of assigning numerical values to the probability an event will occur and what the impact of the event will have

Question 12

Your company has outsourced its proprietary processes to Acme Corporation. Due to technical issues, Acme Corporation wants to include a third-party vendor to help resolve the technical issues. Which of the following must Acme Corporation consider before sending data to the third party?

This may constitute unauthorized data sharing.

This may violate the privileged user role-based awareness training.

This may violate a nondisclosure agreement.

Answer 12

This may violate a nondisclosure agreement.

A nondisclosure agreement (NDA) protects sensitive and intellectual data from getting into the wrong hands

Question 13

Zack is a security administrator who has been given permission to run a vulnerability scan on the company’s wireless network infrastructure. The results show TCP ports 21 and 23 open on most hosts. What port numbers do these refer to? (Choose two.)

FTP

SMTP

Telnet

DNS

Answer 13

FTP

Telnet

FTP (File Transport Protocol) uses port 21 and Telnet uses port 23. These protocols are considered weak and are not recommended for use. They are susceptible to eavesdropping

Question 14

Which of the following backup concepts is the quickest backup but slowest restore?

Incremental

Differential

Full

Answer 14

Incremental

Incremental backups are the quickest backup method but the slowest method to restore. Incremental backup backs up all new files and any files that have changed since the last full backup or incremental backup. To restore from incremental backups, you will need the full backup and every incremental backup in order

Question 15

Which of the following operations should you undertake to avoid mishandling of tapes, removal drives, CDs, and DVDs?

Degaussing

Acceptable use

Data labeling

Answer 15

Data labeling

Data labeling policy includes how data is labeled such as confidential, private, or public. It should also include how the data is handled and disposed of for all classifications of data. Before data can be disposed of, you will need to destroy it with a data sanitization tool

Question 16

Which of the following can be classified as a single point of failure?

A cluster

Load balancing

A configuration

Answer 16

A configuration

A single point of failure is a weakness in the design or configuration of a system in which one fault or malfunction will cause the whole system to halt operating

Question 17

Which of the following are considered detective controls?

Closed-circuit television (CCTV)

Firewall

IPS

Answer 17

Closed-circuit television (CCTV)

Detective controls detect intrusion as it happens and uncovers a violation

Question 18

Your CIO wants to move the company’s large sets of sensitive data to an SaaS cloud provider to limit the storage and infrastructure costs. Both the cloud provider and the company are required to have a clear understanding of the security controls that will be applied to protect the sensitive data. What type of agreement would the SaaS cloud provider and your company initiate?

BPA

SLA

ISA

Answer 18

ISA

An ISA (interconnection security agreement) is an agreement that specifies the technical and security requirements of the interconnection between organizations

Question 19

Which of the following is typically included in a BPA?

Clear statements detailing the expectation between a customer and a service provider

The agreement that a specific function or service will be delivered at the agreed-upon level of performance

Sharing of profits and losses and the addition or removal of a partner

Answer 19

Sharing of profits and losses and the addition or removal of a partner

Sharing of profits and losses and the addition or removal of a partner are typically included in a BPA (business partner agreement). Also included are the responsibilities of each partner

Question 20

Your team powered off the SQL database server for over 7 hours to perform a test. Which of the following is the most likely reason for this?

Business impact analysis

Succession plan

Continuity of operations plan

Answer 20

Continuity of operations plan

A continuity of operations plan focuses on restoring critical business functions after an outage to an alternate site. The plan will determine if a company can continue its operations during the outage

Question 21

Which of the following role-based positions should receive training on how to manage a particular system?

Users

Privileged users

System owners

Answer 21

System owners

System owner is a type of employee who would receive role-based training on how best to manage a particular system

Question 22

You maintain a network of 150 computers and must determine which hosts are secure and which are not. Which of the following tools would best meet your need?

Vulnerability scanner

Protocol analyzer

Port scanner

Answer 22

Vulnerability scanner

A vulnerability scanner attempts to identify weaknesses in a system

Question 23

You have been instructed to introduce an affected system back into the company’s environment and be sure that it will not lead to another incident. You test, monitor, and validate that the system is not being compromised by any other means. Which of the incident response processes have you completed?

Lessons learned

Preparation

Recovery

Answer 23

Recovery

Recovery process brings affected systems back into the company’s production environment carefully to avoid leading to another incident

Question 24

You discover that an investigator made a few mistakes during a recent forensic investigation. You want to ensure the investigator follows the appropriate process for the collection, analysis, and preservation of evidence. Which of the following terms should you use for this process?

Incident handling

Order of volatility

Chain of custody

Answer 24

Chain of custody

Chain of custody refers to the chronological documentation showing the custody, control, transfer, analysis, and disposition of physical or electronic evidence

Question 25

ou receive a call from the help desk manager stating that there has been an increase in calls from users reporting their computers are infected with malware. Which of the following incident response steps should be completed first?

Containment

Eradication

Identification

Answer 25

Identification

The first response from the incident response should be identification. The malware needs to be identified as well as the computers

Question 26

Which of the following are examples of custodian security roles? (Choose two.)

Human resources employee

Sales executive

CEO

Server backup operator

Answer 26

Human resources employee

Server backup operator

Custodians maintain access to data as well as the integrity

Question 27

You are the network administrator of your company, and the manager of a retail site located across town has complained about the loss of power to their building several times this year. The branch manager is asking for a compensating control to overcome the power outage. What compensating control would you recommend?

Firewall

Security guard

Backup generator

Answer 27

Backup generator

A backup generator is a compensating control—an alternate control that replaces the original control when it cannot be used due to limitations of the environment

Question 28

James is a security administrator and is attempting to block unauthorized access to the desktop computers within the company’s network. He has configured the computers’ operating systems to lock after 5 minutes of no activity. What type of security control has James implemented?

Preventive

Corrective

Deterrent

Answer 28

Preventive

Preventive controls stop an action from happening—in this scenario, preventing an unauthorized user from gaining access to the network when the user steps away

Question 29

Which of the following terms best describes sensitive medical information?

AES

PHI

PII

Answer 29

PHI

PHI (protected health information) is any data that refers to health status, delivery of health care, or payment for health care that is gathered by a health care provider and can be linked to an individual according to U.S. law

Question 30

An accounting employee changes roles with another accounting employee every 4 months. What is this an example of?

Separation of duties

Mandatory vacation

Job rotation

Answer 30

Job rotation

Job rotation allows individuals to see various parts of the organization and how it operates. It also eliminates the need for a company to rely on one individual for security expertise should the employee become disgruntled and decide to harm the company. Recovering from a disgruntled employee’s attack is easier when multiple employees understand the company’s security posture