Risk Management (5) Flashcards
A SQL database server is scheduled for full backups on Sundays at 2:00 a.m. and incremental backups each weeknight at 11:00 p.m. Write verification is enabled, and backup tapes are stored off-site at a bank safety deposit box. Which of the following should be completed to ensure integrity and confidentiality of the backups? (Choose two.)
Use SSL to encrypt the backup data.
Encrypt the backup data before it is stored off-site.
Ensure that an employee other than the backup operator analyzes each day’s backup logs.
Ensure that the employee performing the backup is a member of the administrators’ group.
Encrypt the backup data before it is stored off-site.
Ensure that an employee other than the backup operator analyzes each day’s backup logs.
Encrypting the backup data before it is stored off-site ensures confidentiality. To avoid data tampering and ensure data integrity, a different employee should review the backup logs
You are planning to perform a security audit and would like to see what type of network traffic is transmitting within your company’s network. Which of the following tools would you use?
Port scanner
Protocol analyzer
Network intrusion detection system
Protocol analyzer
A protocol analyzer used with a promiscuous mode NIC can capture all network traffic
Your company has hired a new administrative assistant to a commercial lender named Leigh Ann. She will be using a web browser on a company computer at the office to access internal documents on a public cloud provider over the Internet. Which type of document should Leigh Ann read and sign?
Internet acceptable use policy
Audit policy
Password policy
Internet acceptable use policy
The correct answer is an Internet acceptable use policy. Leigh Ann will be using the company’s equipment to access the Internet, so she should read and sign this policy
During a conversation with another colleague, you suggest there is a single point of failure in the single load balancer in place for the company’s SQL server. You suggest implementing two load balancers in place with only one in service at a given time. What type of load balancing configuration have you described?
Active-active
Active directory
Active-passive
Active-passive
Active-passive is a configuration that involves two load-balancers. Traffic is sent to the primary node, and the secondary node will be in listening mode. When too much traffic is sent to the main server, the second server will handle some of the requests. This will prevent a single point of failure
Which of the following policies would you implement to help prevent the company’s users from revealing their login credentials for others to view?
Job rotation
Data owner
Clean desk
Clean desk
A clean desk policy ensures that all sensitive/confidential documents are removed from an end-user workstation and locked up when the documents are not in use
Which of the following are part of the chain of custody?
Delegating evidence collection to your manager
Capturing the system image to another hard drive
Preserving, protecting, and documenting evidence
Preserving, protecting, and documenting evidence
Chain of custody offers assurances that evidence has been preserved, protected, and handled correctly after it has been collected. Documents show who handled the evidence and when they handled it
Zackary has been assigned the task of performing a penetration test on a server and was given limited information about the inner workings of the server. Which of the following tests will he be performing?
White box
Gray box
Black box
Gray box
Gray-box testing uncovers any application vulnerabilities within the internal structure, devices, and components of a software application. During gray-box testing, limited information regarding the internal devices and structure is given to the testing team
Which of the following are considered administrative controls? (Choose two.)
Firewall rules
Personnel hiring policy
Separation of duties
Intrusion prevention system
Personnel hiring policy
Separation of duties
A personnel hiring policy and separation of duties are administrative controls. Administrative controls are defined through policies, procedures, and guidelines
Which of the following are examples of alternate business practices? (Choose two.)
The business’s point-of-sale terminal goes down, and employees use pen and paper to take orders and a calculator to determine customers’ bills.
The network system crashes due to an update, and employees are told to take time off until the company’s network system is restored.
Power is lost at a company’s site and the manager posts a closed sign until power is restored.
A bank location has lost power, and the employees are sent to another location to resume business.
The business’s point-of-sale terminal goes down, and employees use pen and paper to take orders and a calculator to determine customers’ bills.
A bank location has lost power, and the employees are sent to another location to resume business.
An alternate business practice is a temporary substitute for normal business activities. Having employees write down customers’ orders is a substitute for the point-of-sale system. Having employees work from another bank location means that the employees can continue using the computer system and phones to assist customers
Which of the following require careful handling and special policies for data retention and distribution? (Choose two.)
Personal electronic devices
MOU
PII
NDA
Personal electronic devices
PII
Personally identifiable information (PII) is personal information that can be used to identify an individual. PII must be carefully handled and distributed to prevent ID theft and fraud. Personal electronic devices, in a BYOD environment, should be protected and secured because these devices can be used for personal and business purposes
Matt is the head of IT security for a university department. He recently read articles about security breaches that involved malware on USB removable devices and is concerned about future incidents within the university. Matt reviews the past incident responses to determine how these occurrences may be prevented and how to improve the past responses. What type of document should Matt prepare?
MOU
After-action report
Nondisclosure agreement
After-action report
An after-action report examines a response to an incident or exercise and identifies its strengths that will be maintained and built on. Also, it helps recognize potential areas of improvement
Categorizing residual risk is most important to which of the following risk response techniques?
Risk mitigation
Risk acceptance
Risk avoidance
Risk acceptance
Risk acceptance is a strategy of recognizing, identifying, and accepting a risk that is sufficiently unlikely or has such limited impact that a corrective control is not warranted
You are the IT manager and one of your employees asks who assigns data labels. Which of the following assigns data labels?
Owner
Custodian
Privacy officer
Owner
Data owners assign labels such as top secret to data
Which of the following is the most pressing security concern related to social media networks?
Other users can view your MAC address.
Employees can leak a company’s confidential information.
Employees can express their opinion about their company.
Employees can leak a company’s confidential information.
Employees can leak a company’s confidential information. Exposing a company’s information could put the company’s security position at risk because hackers can use this information to gain unauthorized access to the company
You are a network administrator looking to test patches quickly and often before pushing them out to the production workstations. Which of the following would be the best way to do this?
Create a full disk image to restore the system after each patch installation.
Create a virtual machine and utilize snapshots.
Create an incremental backup of an unpatched workstation.
Create a virtual machine and utilize snapshots.
A snapshot is the state of a system at a particular point in time. Snapshots offer considerably easier and faster backups than any traditional backup system can
