Risk Management (3) Flashcards
Which of the following are considered inappropriate places to store backup tapes? (Choose two.)
Near a workstation
Near a speaker
Near a CRT monitor
Near an LCD screen
Near a speaker
Near a CRT monitor
Backup tapes should not be stored near power sources such as CRT monitors and speakers. These devices can cause the tapes to be degaussed
You are a member of your company’s security response team and have discovered an incident within your network. You are instructed to remove and restore the affected system. You restore the system with the original disk image and then install patches and disable any unnecessary services to harden the system against any future attacks. Which incident response process have you completed?
Eradication
Preparation
Containment
Eradication
The eradication process involves removing and restoring affected systems by reimaging the system’s hard drive and installing patches
You are a security administrator and have decided to implement a unified threat management (UTM) appliance within your network. This appliance will provide antimalware, spam filtering, and content inspection along with other protections. Which of the following statements best describes the potential problem with this plan?
The protections can only be performed one at a time.
This could create the potential for a single point of failure.
You work with a single vendor and its support department.
You work with a single vendor and its support department.
A unified threat management (UTM) appliance is a single console a security administrator can monitor and manage easily. This could create a single point of failure
You are attending a risk analysis meeting and are asked to define internal threats. Which of the following is not considered an internal threat?
Employees accessing external websites through the company’s hosts
Embezzlement
Threat actors compromising a network through a firewall
Threat actors compromising a network through a firewall
Unauthorized access of a network through a firewall by a threat actor is considered an external threat
You are the network director and are creating the following year’s budget. You submit forensic dollar amounts for the cyber incident response team. Which of the following would you not submit? (Choose two.)
ALE amounts
SLE amounts
Training expenses
Man-hour expenses
ALE amounts
SLE amounts
ALE (annual loss expectancy) is the product of the ARO (annual rate of occurrence) and the SLE (single loss expectancy) and is mathematically expressed as ALE = ARO × SLE. Single loss expectancy is the cost of any single loss and it is mathematically expressed as SLE = AV (asset value) × EF (exposure factor)
Computer evidence of a crime is preserved by making an exact copy of the hard disk. Which of the following does this demonstrate?
Chain of custody
Order of volatility
Capture system image
Capture system image
Capturing the system image involves making an exact image of the drive so that it can be referenced later in the investigation
Which option is an example of a workstation not hardened?
Risk
Threat
Exposure
Risk
Risk is defined as the likelihood of occurrence of a threat and the corresponding loss potential. Risk is the probability of a threat actor to exploit vulnerability. The purpose of system hardening is to remove as many security risks as possible. Hardening is typically performed by disabling all nonessential software programs and utilities from the workstation
Which of the following elements should not be included in the preparation phase of the incident response process?
Policy
Lesson learned documentation
Response plan/strategy
Lesson learned documentation
Lessons learned documentation is a phase of the incident response process
Which of the following does not minimize security breaches committed by internal employees?
Job rotation
Separation of duties
Nondisclosure agreements signed by employees
Nondisclosure agreements signed by employees
Nondisclosure agreements (NDAs) are signed by an employee at the time of hiring, and they impose a contractual obligation on employees to maintain the confidentiality of information. Disclosure of information can lead to legal ramifications and penalties. NDAs cannot ensure a decrease in security breaches
You find one of your employees posting negative comments about the company on Facebook and Twitter. You also discover the employee is sending negative comments from their personal email on the company’s computer. You are asked to implement a policy to help the company avoid any negative reputation in the marketplace. Which of the following would be the best option to fulfill the request?
Account policy enforcement
Change management
Security policy
Security policy
Security policy defines how to secure physical and information technology assets. This document should be continuously updated as technology and employee requirements change
Which of the following statements best describes a differential backup?
Only the changed portions of files are backed up.
All files are copied to storage media.
Files that have changed since the last full backup are backed up.
Files that have changed since the last full backup are backed up.
A differential backup copies files that have changed since the last full backup
During which step of the incident response process does root cause analysis occur?
Preparation
Lessons learned
Containment
Lessons learned
Lessons learned process is the most critical phase because it is the phase to complete any documentation that may be beneficial in future incidents. Documentation should include information such as when the problem was first detected and by whom, how the problem was contained and eradicated, the work that was performed during the recovery, and areas that may need improvement
Which of the following types of testing can help identify risks? (Choose two.)
Quantitative
Penetration testing
Vulnerability testing
Qualitative
Penetration testing
Vulnerability testing
Penetration and vulnerability testing can help identify risk. Before a tester performs these tests, they should receive written authorization
What can a company do to prevent sensitive data from being retrieved by dumpster diving?
Degaussing
Capture system image
Shredding
Shredding
Shredding is the process of reducing the size of objects so the information is no longer usable. Other practices includes burning, pulping, and pulverizing
You are a network administrator and have been asked to send a large file that contains PII to an accounting firm. Which of the following protocols would it be best to use?
Telnet
FTP
SFTP
SFTP
SFTP (secure FTP) encrypts data that is transmitted over the network
Zackary is a network backup engineer and performs a full backup each Sunday evening and an incremental backup Monday through Friday evenings. One of the company’s network servers crashes on Thursday afternoon. How many backups will Zack need to do to restore the server?
Two
Three
Four
Four
Zackary will need four backups to restore the server if it crashes on Thursday afternoon. The four backups are Sunday evening full backup, Monday evening incremental backup, Tuesday evening incremental backup, and Wednesday evening incremental backup. Incremental backups require the full backup and all the incremental backups in order
Your company website is hosted by an Internet service provider. Which of the following risk response techniques is in use?
Risk avoidance
Risk register
Risk acceptance
Risk avoidance
Risk avoidance is a strategy to deflect threats in order to avoid the costly and disruptive consequences of a damaging event. It also attempts to minimize vulnerabilities that can pose a threat
A call center leases a new space across town, complete with a functioning computer network that mirrors the current live site. A high-speed network link continuously synchronizes data between the two sites. Which of the following describes the site at the new leased location?
Cold site
Warm site
Hot site
Hot site
A hot site, also known as an alternate processing site, contains all of the alternate computer and telecommunication equipment needed in a disaster. Testing this environment is simple
A security administrator is reviewing the company’s continuity plan, and it specifies an RTO of 4 hours and an RPO of 1 day. Which of the following is the plan describing?
Systems should be restored within 4 hours and no later than 1 day after the incident.
Systems should be restored within 1 day and lose, at most, 4 hours’ worth of data.
Systems should be restored within 4 hours with a loss of 1 day’s worth of data at most.
Systems should be restored within 4 hours with a loss of 1 day’s worth of data at most.
Systems should be restored within four hours with a minimum loss of one day’s worth of data. RTO is the amount of time within which a process must be restored after a disaster to meet business continuity. It defines how much time it takes to recover after notification of process disruption. RPO specifies the allowable data loss. It is the amount of time that can pass during an interruption before the quantity of data lost during that period surpasses business continuity planning’s maximum acceptable threshold
Which of the following statements is true regarding a data retention policy?
Regulations require financial transactions to be stored for 7 years.
Employees must remove and lock up all sensitive and confidential documents when not in use.
It describes a formal process of managing configuration changes made to a network.
Regulations require financial transactions to be stored for 7 years.
This statement refers to the data retention policy
You are attending a meeting with your manager and he wants to validate the cost of a warm site versus a cold site. Which of the following reasons best justify the cost of a warm site? (Choose two.)
Small amount of income loss during long downtime
Large amount of income loss during short downtime
Business contracts enduring no more than 72 hours of downtime
Business contracts enduring no more than 8 hours of downtime
Large amount of income loss during short downtime
Business contracts enduring no more than 8 hours of downtime
Companies can lose a large amount of income in a short period of downtime. Companies can have business contracts that state a minimum amount of downtime can occur if a disaster occurs. These reasons can be used to support the reason for a warm site because the warm site relies on backups to recover from a disaster
Recently, company data that was sent over the Internet was intercepted and read by hackers. This damaged the company’s reputation with its customers. You have been asked to implement a policy that will protect against these attacks. Which of the following options would you choose to help protect data that is sent over the Internet? (Choose two.)
Confidentiality
Safety
Availability
Integrity
Confidentiality
Integrity
Confidentiality allows authorized users to gain access to sensitive and protected data. Integrity ensures that the data hasn’t been altered and is protected from unauthorized modification
How do you calculate the annual loss expectancy (ALE) that may occur due to a threat?
Exposure Factor (EF) / Single Loss Expectancy (SLE)
Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO)
Asset Value (AV) × Exposure Factor (EF)
Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO)
ALE (annual loss expectancy) is the product of the ARO (annual rate of occurrence) and the SLE (single loss expectancy) and is mathematically expressed as ALE = ARO × SLE. Single loss expectancy is the cost of any single loss and it is mathematically expressed as SLE = AV (asset value) × EF (exposure factor)
Which of the following impact scenarios would include severe weather events? (Choose two.)
Life
Reputation
Salary
Property
Life
Property
The correct answer is life and property. Both of these impact scenarios include examples of severe weather events
Which of the following outlines a business goal for system restoration and allowable data loss?
RPO
Single point of failure
MTTR
RPO
RPO (recovery point objective) specifies the allowable data loss. It is the amount of time that can pass during an interruption before the quantity of data lost during that period surpasses business continuity planning’s maximum acceptable threshold
Which of the following is an example of a preventive control? (Choose two.)
Data backups
Security camera
Door alarm
Cable locks
Data backups
Cable locks
Preventive controls are proactive and are used to avoid a security breach or an interruption of critical services before they can happen
You are a security administrator for your company and you identify a security risk that you do not have in-house skills to address. You decide to acquire contract resources. The contractor will be responsible for handling and managing this security risk. Which of the following type of risk response technique are you demonstrating?
Accept
Mitigate
Transfer
Transfer
Risk transfer is the act of moving the risk to hosted providers who assume the responsibility for recovery and restoration or by acquiring insurance to cover the costs emerging from a risk
You are an IT manager and discovered your department had a break-in, and the company’s computers were physically damaged. What type of impact best describes this situation?
Life
Reputation
Property
Property
The correct answer is property. Physical damage to a building and the company’s computer equipment can be caused by intentional man-made attacks
Which of the following would help build informed decisions regarding a specific DRP?
Business impact analysis
ROI analysis
RTO
Business impact analysis
A business impact analysis (BIA) helps identify the risks that would affect business operations such as finance impact. The will help a company recover from a disaster
Each salesperson who travels has a cable lock to lock down their laptop when they step away from the device. Which of the following controls does this apply?
Compensating
Deterrent
Preventive
Preventive
A preventive control is used to avoid a security breach or an interruption of critical services before they can happen
