Risk Management (5) Flashcards
A SQL database server is scheduled for full backups on Sundays at 2:00 a.m. and incremental backups each weeknight at 11:00 p.m. Write verification is enabled, and backup tapes are stored off-site at a bank safety deposit box. Which of the following should be completed to ensure integrity and confidentiality of the backups? (Choose two.)
Use SSL to encrypt the backup data.
Encrypt the backup data before it is stored off-site.
Ensure that an employee other than the backup operator analyzes each day’s backup logs.
Ensure that the employee performing the backup is a member of the administrators’ group.
Encrypt the backup data before it is stored off-site.
Ensure that an employee other than the backup operator analyzes each day’s backup logs.
Encrypting the backup data before it is stored off-site ensures confidentiality. To avoid data tampering and ensure data integrity, a different employee should review the backup logs
You are planning to perform a security audit and would like to see what type of network traffic is transmitting within your company’s network. Which of the following tools would you use?
Port scanner
Protocol analyzer
Network intrusion detection system
Protocol analyzer
A protocol analyzer used with a promiscuous mode NIC can capture all network traffic
Your company has hired a new administrative assistant to a commercial lender named Leigh Ann. She will be using a web browser on a company computer at the office to access internal documents on a public cloud provider over the Internet. Which type of document should Leigh Ann read and sign?
Internet acceptable use policy
Audit policy
Password policy
Internet acceptable use policy
The correct answer is an Internet acceptable use policy. Leigh Ann will be using the company’s equipment to access the Internet, so she should read and sign this policy
During a conversation with another colleague, you suggest there is a single point of failure in the single load balancer in place for the company’s SQL server. You suggest implementing two load balancers in place with only one in service at a given time. What type of load balancing configuration have you described?
Active-active
Active directory
Active-passive
Active-passive
Active-passive is a configuration that involves two load-balancers. Traffic is sent to the primary node, and the secondary node will be in listening mode. When too much traffic is sent to the main server, the second server will handle some of the requests. This will prevent a single point of failure
Which of the following policies would you implement to help prevent the company’s users from revealing their login credentials for others to view?
Job rotation
Data owner
Clean desk
Clean desk
A clean desk policy ensures that all sensitive/confidential documents are removed from an end-user workstation and locked up when the documents are not in use
Which of the following are part of the chain of custody?
Delegating evidence collection to your manager
Capturing the system image to another hard drive
Preserving, protecting, and documenting evidence
Preserving, protecting, and documenting evidence
Chain of custody offers assurances that evidence has been preserved, protected, and handled correctly after it has been collected. Documents show who handled the evidence and when they handled it
Zackary has been assigned the task of performing a penetration test on a server and was given limited information about the inner workings of the server. Which of the following tests will he be performing?
White box
Gray box
Black box
Gray box
Gray-box testing uncovers any application vulnerabilities within the internal structure, devices, and components of a software application. During gray-box testing, limited information regarding the internal devices and structure is given to the testing team
Which of the following are considered administrative controls? (Choose two.)
Firewall rules
Personnel hiring policy
Separation of duties
Intrusion prevention system
Personnel hiring policy
Separation of duties
A personnel hiring policy and separation of duties are administrative controls. Administrative controls are defined through policies, procedures, and guidelines
Which of the following are examples of alternate business practices? (Choose two.)
The business’s point-of-sale terminal goes down, and employees use pen and paper to take orders and a calculator to determine customers’ bills.
The network system crashes due to an update, and employees are told to take time off until the company’s network system is restored.
Power is lost at a company’s site and the manager posts a closed sign until power is restored.
A bank location has lost power, and the employees are sent to another location to resume business.
The business’s point-of-sale terminal goes down, and employees use pen and paper to take orders and a calculator to determine customers’ bills.
A bank location has lost power, and the employees are sent to another location to resume business.
An alternate business practice is a temporary substitute for normal business activities. Having employees write down customers’ orders is a substitute for the point-of-sale system. Having employees work from another bank location means that the employees can continue using the computer system and phones to assist customers
Which of the following require careful handling and special policies for data retention and distribution? (Choose two.)
Personal electronic devices
MOU
PII
NDA
Personal electronic devices
PII
Personally identifiable information (PII) is personal information that can be used to identify an individual. PII must be carefully handled and distributed to prevent ID theft and fraud. Personal electronic devices, in a BYOD environment, should be protected and secured because these devices can be used for personal and business purposes
Matt is the head of IT security for a university department. He recently read articles about security breaches that involved malware on USB removable devices and is concerned about future incidents within the university. Matt reviews the past incident responses to determine how these occurrences may be prevented and how to improve the past responses. What type of document should Matt prepare?
MOU
After-action report
Nondisclosure agreement
After-action report
An after-action report examines a response to an incident or exercise and identifies its strengths that will be maintained and built on. Also, it helps recognize potential areas of improvement
Categorizing residual risk is most important to which of the following risk response techniques?
Risk mitigation
Risk acceptance
Risk avoidance
Risk acceptance
Risk acceptance is a strategy of recognizing, identifying, and accepting a risk that is sufficiently unlikely or has such limited impact that a corrective control is not warranted
You are the IT manager and one of your employees asks who assigns data labels. Which of the following assigns data labels?
Owner
Custodian
Privacy officer
Owner
Data owners assign labels such as top secret to data
Which of the following is the most pressing security concern related to social media networks?
Other users can view your MAC address.
Employees can leak a company’s confidential information.
Employees can express their opinion about their company.
Employees can leak a company’s confidential information.
Employees can leak a company’s confidential information. Exposing a company’s information could put the company’s security position at risk because hackers can use this information to gain unauthorized access to the company
You are a network administrator looking to test patches quickly and often before pushing them out to the production workstations. Which of the following would be the best way to do this?
Create a full disk image to restore the system after each patch installation.
Create a virtual machine and utilize snapshots.
Create an incremental backup of an unpatched workstation.
Create a virtual machine and utilize snapshots.
A snapshot is the state of a system at a particular point in time. Snapshots offer considerably easier and faster backups than any traditional backup system can
You have instructed your junior network administrator to test the integrity of the company’s backed-up data. Which of the following is the best way to test the integrity of a backup?
Review written procedures.
Use software to recover deleted files.
Restore part of the backup.
Restore part of the backup.
To test the integrity of backed-up data, restore part of the backup
What concept is being used when user accounts are created by one employee and user permissions are configured by another employee?
Background checks
Job rotation
Separation of duties
Separation of duties
Separation of duties is the concept of having more than one person required to complete a task
Your company is requesting the installation of a fence around the property and cipher locks on all front entrances. Which of the following concepts is your company concerned about?
Integrity
Availability
Safety
Safety
Safety is a common goal of security that includes providing protection for personnel and other assets
Which of the following is an example of a vulnerability assessment tool?
Ophcrack
John the Ripper
Nessus
Nessus is considered a vulnerability scanner. It attempts to identify weaknesses in a system
A security analyst is analyzing the cost the company could incur if the customer database was breached. The database contains 2,500 records with PII. Studies show the cost per record would be $300. The likelihood that the database would be breached in the next year is only 5%. Which of the following would be the ALE for a security breach?
$15,000
$37,500
$150,000
$37,500
ALE (annual loss expectancy) = SLE (single loss expectancy) × ARO (annualized rate of occurrence). SLE equals $750,000 (2,500 records × $300), and ARO equals 5%, so $750,000 times 5% equals $37,500
Your team must perform a test of a specific system to be sure the system operates at the alternate site. The results of the test must be compared with the company’s live environment. Which test is your team performing?
Cutover test
Walk-through
Parallel test
Parallel test
A parallel test can test certain systems to confirm their operation at alternate sites. Compare the results of the test to the results of the original system to confirm that the alternate site operates as close to normal as possible
Which of the following concepts defines a company goal for system restoration and acceptable data loss?
MTTR
RPO
ARO
RPO
RPO (recovery point objective) specifies the allowable data loss. It is the amount of time that can pass during an interruption before the quantity of data lost during that period surpasses business continuity planning’s maximum acceptable threshold
Your IT team has created a disaster recovery plan to be used in case a SQL database server fails. What type of control is this?
Detective
Corrective
Preventive
Corrective
A corrective control is designed to correct a situation
Which of the following is not a step in the incident response process?
Snapshot
Preparation
Recovery
Snapshot
A snapshot is the state of a system at a particular point in time. It’s also known as a system image and is not a step in the incident response process
Which of the following threats is mitigated by shredding paper documents?
Shoulder surfing
Physical
Adware
Physical
Shredding documents can prevent physical threats such as theft of the documents or obtaining information from the documents
Your company hires a third-party auditor to analyze the company’s data backup and long-term archiving policy. Which type of organization document should you provide to the auditor?
Clean desk policy
Acceptable use policy
Data retention policy
Data retention policy
A data retention policy states how data should be stored based on various types; such as storage location, amount of time the data should be retained, and the type of storage medium should be used
You are a network administrator and have been given the duty of creating users accounts for new employees the company has hired. These employees are added to the identity and access management system and assigned mobile devices. What process are you performing?
Offboarding
System owner
Onboarding
Onboarding
Onboarding is the process of adding an employee to a company’s identity and access management system
Which of the following defines a standard operating procedure (SOP)? (Choose three.)
Standard
Privacy
Procedure
Guideline
Standard
Procedure
Guideline
The correct answer is standard, procedure, and guideline. A standard defines how to measure the level of adherence to the policy. A procedure contains the step-by-step instructions for implementing components of the policy. A guideline is a suggestion, recommendation, or best practices for how to meet the policy standard
Computer equipment was suspected to be involved in a computer crime and was seized. The computer equipment was left unattended in a corridor for 10 minutes while officers restrained a potential suspect. The seized equipment is no longer admissible as evidence because of which of the following violations?
Chain of custody
Order of volatility
Preparation
Chain of custody
Chain of custody refers to the chronological documentation showing the custody, control, transfer, analysis, and disposition of physical or electronic evidence
Which of the following should be performed when conducting a qualitative risk analysis? (Choose two.)
ARO
SLE
Asset estimation
Rating potential threats
Asset estimation
Rating potential threats
The correct answers are asset estimation and rating potential threats. Qualitative risk analysis measures the probability of risks that will hinder normal business operations and rate them relative to one another. Assets that are protected from risks must have assigned value to determine whether the cost of risk mitigation is justified
