Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-CompTIA Security+ Practice Tests: Exam SY0-501 > Risk Management (3) > Flashcards

Risk Management (3) Flashcards

1
Q

Which of the following are considered inappropriate places to store backup tapes? (Choose two.)

Near a workstation

Near a speaker

Near a CRT monitor

Near an LCD screen

A

Near a speaker

Near a CRT monitor

Backup tapes should not be stored near power sources such as CRT monitors and speakers. These devices can cause the tapes to be degaussed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are a member of your company’s security response team and have discovered an incident within your network. You are instructed to remove and restore the affected system. You restore the system with the original disk image and then install patches and disable any unnecessary services to harden the system against any future attacks. Which incident response process have you completed?

Eradication

Preparation

Containment

A

Eradication

The eradication process involves removing and restoring affected systems by reimaging the system’s hard drive and installing patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You are a security administrator and have decided to implement a unified threat management (UTM) appliance within your network. This appliance will provide antimalware, spam filtering, and content inspection along with other protections. Which of the following statements best describes the potential problem with this plan?

The protections can only be performed one at a time.

This could create the potential for a single point of failure.

You work with a single vendor and its support department.

A

You work with a single vendor and its support department.

A unified threat management (UTM) appliance is a single console a security administrator can monitor and manage easily. This could create a single point of failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are attending a risk analysis meeting and are asked to define internal threats. Which of the following is not considered an internal threat?

Employees accessing external websites through the company’s hosts

Embezzlement

Threat actors compromising a network through a firewall

A

Threat actors compromising a network through a firewall

Unauthorized access of a network through a firewall by a threat actor is considered an external threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are the network director and are creating the following year’s budget. You submit forensic dollar amounts for the cyber incident response team. Which of the following would you not submit? (Choose two.)

ALE amounts

SLE amounts

Training expenses

Man-hour expenses

A

ALE amounts

SLE amounts

ALE (annual loss expectancy) is the product of the ARO (annual rate of occurrence) and the SLE (single loss expectancy) and is mathematically expressed as ALE = ARO × SLE. Single loss expectancy is the cost of any single loss and it is mathematically expressed as SLE = AV (asset value) × EF (exposure factor)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Computer evidence of a crime is preserved by making an exact copy of the hard disk. Which of the following does this demonstrate?

Chain of custody

Order of volatility

Capture system image

A

Capture system image

Capturing the system image involves making an exact image of the drive so that it can be referenced later in the investigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which option is an example of a workstation not hardened?

Risk

Threat

Exposure

A

Risk

Risk is defined as the likelihood of occurrence of a threat and the corresponding loss potential. Risk is the probability of a threat actor to exploit vulnerability. The purpose of system hardening is to remove as many security risks as possible. Hardening is typically performed by disabling all nonessential software programs and utilities from the workstation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following elements should not be included in the preparation phase of the incident response process?

Policy

Lesson learned documentation

Response plan/strategy

A

Lesson learned documentation

Lessons learned documentation is a phase of the incident response process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following does not minimize security breaches committed by internal employees?

Job rotation

Separation of duties

Nondisclosure agreements signed by employees

A

Nondisclosure agreements signed by employees

Nondisclosure agreements (NDAs) are signed by an employee at the time of hiring, and they impose a contractual obligation on employees to maintain the confidentiality of information. Disclosure of information can lead to legal ramifications and penalties. NDAs cannot ensure a decrease in security breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You find one of your employees posting negative comments about the company on Facebook and Twitter. You also discover the employee is sending negative comments from their personal email on the company’s computer. You are asked to implement a policy to help the company avoid any negative reputation in the marketplace. Which of the following would be the best option to fulfill the request?

Account policy enforcement

Change management

Security policy

A

Security policy

Security policy defines how to secure physical and information technology assets. This document should be continuously updated as technology and employee requirements change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following statements best describes a differential backup?

Only the changed portions of files are backed up.

All files are copied to storage media.

Files that have changed since the last full backup are backed up.

A

Files that have changed since the last full backup are backed up.

A differential backup copies files that have changed since the last full backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

During which step of the incident response process does root cause analysis occur?

Preparation

Lessons learned

Containment

A

Lessons learned

Lessons learned process is the most critical phase because it is the phase to complete any documentation that may be beneficial in future incidents. Documentation should include information such as when the problem was first detected and by whom, how the problem was contained and eradicated, the work that was performed during the recovery, and areas that may need improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following types of testing can help identify risks? (Choose two.)

Quantitative

Penetration testing

Vulnerability testing

Qualitative

A

Penetration testing

Vulnerability testing

Penetration and vulnerability testing can help identify risk. Before a tester performs these tests, they should receive written authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What can a company do to prevent sensitive data from being retrieved by dumpster diving?

Degaussing

Capture system image

Shredding

A

Shredding

Shredding is the process of reducing the size of objects so the information is no longer usable. Other practices includes burning, pulping, and pulverizing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You are a network administrator and have been asked to send a large file that contains PII to an accounting firm. Which of the following protocols would it be best to use?

Telnet

FTP

SFTP

A

SFTP

SFTP (secure FTP) encrypts data that is transmitted over the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Zackary is a network backup engineer and performs a full backup each Sunday evening and an incremental backup Monday through Friday evenings. One of the company’s network servers crashes on Thursday afternoon. How many backups will Zack need to do to restore the server?

Two

Three

Four

A

Four

Zackary will need four backups to restore the server if it crashes on Thursday afternoon. The four backups are Sunday evening full backup, Monday evening incremental backup, Tuesday evening incremental backup, and Wednesday evening incremental backup. Incremental backups require the full backup and all the incremental backups in order

17
Q

Your company website is hosted by an Internet service provider. Which of the following risk response techniques is in use?

Risk avoidance

Risk register

Risk acceptance

A

Risk avoidance

Risk avoidance is a strategy to deflect threats in order to avoid the costly and disruptive consequences of a damaging event. It also attempts to minimize vulnerabilities that can pose a threat

18
Q

A call center leases a new space across town, complete with a functioning computer network that mirrors the current live site. A high-speed network link continuously synchronizes data between the two sites. Which of the following describes the site at the new leased location?

Cold site

Warm site

Hot site

A

Hot site

A hot site, also known as an alternate processing site, contains all of the alternate computer and telecommunication equipment needed in a disaster. Testing this environment is simple

19
Q

A security administrator is reviewing the company’s continuity plan, and it specifies an RTO of 4 hours and an RPO of 1 day. Which of the following is the plan describing?

Systems should be restored within 4 hours and no later than 1 day after the incident.

Systems should be restored within 1 day and lose, at most, 4 hours’ worth of data.

Systems should be restored within 4 hours with a loss of 1 day’s worth of data at most.

A

Systems should be restored within 4 hours with a loss of 1 day’s worth of data at most.

Systems should be restored within four hours with a minimum loss of one day’s worth of data. RTO is the amount of time within which a process must be restored after a disaster to meet business continuity. It defines how much time it takes to recover after notification of process disruption. RPO specifies the allowable data loss. It is the amount of time that can pass during an interruption before the quantity of data lost during that period surpasses business continuity planning’s maximum acceptable threshold

20
Q

Which of the following statements is true regarding a data retention policy?

Regulations require financial transactions to be stored for 7 years.

Employees must remove and lock up all sensitive and confidential documents when not in use.

It describes a formal process of managing configuration changes made to a network.

A

Regulations require financial transactions to be stored for 7 years.

This statement refers to the data retention policy

21
Q

You are attending a meeting with your manager and he wants to validate the cost of a warm site versus a cold site. Which of the following reasons best justify the cost of a warm site? (Choose two.)

Small amount of income loss during long downtime

Large amount of income loss during short downtime

Business contracts enduring no more than 72 hours of downtime

Business contracts enduring no more than 8 hours of downtime

A

Large amount of income loss during short downtime

Business contracts enduring no more than 8 hours of downtime

Companies can lose a large amount of income in a short period of downtime. Companies can have business contracts that state a minimum amount of downtime can occur if a disaster occurs. These reasons can be used to support the reason for a warm site because the warm site relies on backups to recover from a disaster

22
Q

Recently, company data that was sent over the Internet was intercepted and read by hackers. This damaged the company’s reputation with its customers. You have been asked to implement a policy that will protect against these attacks. Which of the following options would you choose to help protect data that is sent over the Internet? (Choose two.)

Confidentiality

Safety

Availability

Integrity

A

Confidentiality

Integrity

Confidentiality allows authorized users to gain access to sensitive and protected data. Integrity ensures that the data hasn’t been altered and is protected from unauthorized modification

23
Q

How do you calculate the annual loss expectancy (ALE) that may occur due to a threat?

Exposure Factor (EF) / Single Loss Expectancy (SLE)

Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO)

Asset Value (AV) × Exposure Factor (EF)

A

Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO)

ALE (annual loss expectancy) is the product of the ARO (annual rate of occurrence) and the SLE (single loss expectancy) and is mathematically expressed as ALE = ARO × SLE. Single loss expectancy is the cost of any single loss and it is mathematically expressed as SLE = AV (asset value) × EF (exposure factor)

24
Q

Which of the following impact scenarios would include severe weather events? (Choose two.)

Life

Reputation

Salary

Property

A

Life

Property

The correct answer is life and property. Both of these impact scenarios include examples of severe weather events

25
Q

Which of the following outlines a business goal for system restoration and allowable data loss?

RPO

Single point of failure

MTTR

A

RPO

RPO (recovery point objective) specifies the allowable data loss. It is the amount of time that can pass during an interruption before the quantity of data lost during that period surpasses business continuity planning’s maximum acceptable threshold

26
Q

Which of the following is an example of a preventive control? (Choose two.)

Data backups

Security camera

Door alarm

Cable locks

A

Data backups

Cable locks

Preventive controls are proactive and are used to avoid a security breach or an interruption of critical services before they can happen

27
Q

You are a security administrator for your company and you identify a security risk that you do not have in-house skills to address. You decide to acquire contract resources. The contractor will be responsible for handling and managing this security risk. Which of the following type of risk response technique are you demonstrating?

Accept

Mitigate

Transfer

A

Transfer

Risk transfer is the act of moving the risk to hosted providers who assume the responsibility for recovery and restoration or by acquiring insurance to cover the costs emerging from a risk

28
Q

You are an IT manager and discovered your department had a break-in, and the company’s computers were physically damaged. What type of impact best describes this situation?

Life

Reputation

Property

A

Property

The correct answer is property. Physical damage to a building and the company’s computer equipment can be caused by intentional man-made attacks

29
Q

Which of the following would help build informed decisions regarding a specific DRP?

Business impact analysis

ROI analysis

RTO

A

Business impact analysis

A business impact analysis (BIA) helps identify the risks that would affect business operations such as finance impact. The will help a company recover from a disaster

30
Q

Each salesperson who travels has a cable lock to lock down their laptop when they step away from the device. Which of the following controls does this apply?

Compensating

Deterrent

Preventive

A

Preventive

A preventive control is used to avoid a security breach or an interruption of critical services before they can happen

ag-CompTIA Security+ Practice Tests: Exam SY0-501 (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions