Section 23-24

Question 1

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

a.
Impact analysis.
b.
Scheduled downtime.
c.
Backout plan.
d.
Change management boards.

Answer 1

b.
Scheduled downtime.Your Answer: Correct
Scheduled downtime allows administrators to plan and perform system maintenance or updates during a designated time, minimizing disruption to business operations and ensuring system availability.

Question 2

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

a.
End of business.
b.
End of testing.
c.
End of support.
d.
End of life.

Answer 2

c.
End of support.Correct Answer
End of support refers to the point when a manufacturer no longer provides updates, patches, or technical assistance for a product, making it vulnerable to security risks.

Question 3

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Choose two.)

a. The device has been moved from a production environment to a test environment.
b. The device is configured to use cleartext passwords.
c. The device is moved to an isolated segment on the enterprise network.
d. The device is moved to a different location in the enterprise.
e. The device’s encryption level cannot meet organizational standards.
f. The device is unable to receive authorized updates.

Answer 3

e. The device’s encryption level cannot meet organizational standards.Your Answer: Correct
Devices that cannot meet required encryption standards pose a security risk and should be decommissioned.

f. The device is unable to receive authorized updates.Your Answer: Correct
Devices that cannot receive updates are vulnerable to new threats and should be decommissioned.

Question 4

Which of the following is the best reason to complete an audit in a banking environment?

a.
Regulatory requirement.
b.
Organizational change.
c.
Self-assessment requirement.
d.
Service-level requirement.

Answer 4

a.
Regulatory requirement.Correct
Ensures compliance with laws and regulations specific to the banking industry.

Question 5

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

a.
Compromise.
b.
Retention.
c.
Analysis.
d.
Transfer.
e.
Inventory.

Answer 5

b.
Retention.Your Answer: Correct
Ensuring data is kept for a required period for legal and regulatory compliance.

Question 6

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?

a.
Block access to cloud storage websites.
b.
Create a rule to block outgoing email attachments.
c.
Apply classifications to the data.
d.
Remove all user permissions from shares on the file s

Answer 6

c.
Apply classifications to the data.Your Answer: Correct
Identifies and categorizes data to implement appropriate protection measures.

Question 7

Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

a.
ARO.
b.
RTO.
c.
RPO.
d.
ALE.
e.
SLE.

Answer 7

d.
ALE.Your Answer: Correct
ALE (Annualized Loss Expectancy) helps quantify the expected loss from a risk over a year, making it useful for comparing the cost of mitigating or transferring the risk to the potential impact.

Question 8

Which of the following is the most likely to be included as an element of communication in a security awareness program?

a.
Reporting phishing attempts or other suspicious activities.
b.
Detecting insider threats using anomalous behavior recognition.
c.
Verifying information when modifying wire transfer data.
d.
Performing social engineering as part of third-party penetration testing.

Answer 8

a.
Reporting phishing attempts or other suspicious activities.Your Answer: Correct
Encourages identifying and reporting potential threats.

Question 9

Which of the following allows for the attribution of messages to individuals?

a.
Adaptive identity.
b.
Non-repudiation.
c.
Authentication.
d.
Access logs.

Answer 9

b.
Non-repudiation.Your Answer: Correct
Non-repudiation ensures that a sender cannot deny the authenticity of their message

Question 10

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

a.
Local data protection regulations.
b.
Risks from hackers residing in other countries.
c.
Impacts to existing contractual obligations.
d.
Time zone differences in log correlation.

Answer 10

a.
Local data protection regulations.Your Answer: Correct
When expanding to new international locations, understanding and complying with local data protection regulations is crucial.

Question 11

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

a.
Enumeration.
b.
Sanitization.
c.
Destruction.
d.
Inventory.

Answer 11

b.
Sanitization.Your Answer: Correct
Sanitization refers to the process of securely and thoroughly removing data from storage devices to ensure that the data cannot be recovered.

Question 12

A client demands at least 99.99% uptime from a service provider’s hosted security services. Which of the following documents includes the information the service provider should return to the client?

a.
MOA.
b.
SOW.
c.
MOU.
d.
SLA.

Answer 12

d.
SLA.Your Answer: Correct
A Service Level Agreement (SLA) is a contract that specifies the expected level of service, including uptime guarantees, between a service provider and a client

Question 12

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

a.
A. Send out periodic security reminders.
b.
B. Update the content of new hire documentation.
c.
C. Modify the content of recurring training.
d.
D. Implement a phishing campaign.

Answer 12

c.
C. Modify the content of recurring training.Your Answer: Correct
This option ensures that all employees, not just new hires, receive up-to-date and relevant information about the changes in their working environment. Recurring training can be tailored to address specific situational and environmental awareness issues that may arise during the transition back to the office.

Question 12

A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?

a.
Certification.
b.
Inventory list.
c.
Classification.
d.
Proof of ownership.

Answer 12

a.
Certification.Your Answer: Correct
Certification ensures that the vendor has properly disposed of the storage array in compliance with legal and regulatory requirements, providing documentation that the disposal was handled securely.

Question 13

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

a.
Fines.
b.
Audit findings.
c.
Sanctions.
d.
Reputation damage.

Answer 13

b.
Audit findings.Your Answer: Correct
Failing an internal PCI DSS compliance assessment typically results in audit findings. These findings highlight the specific areas where the bank is not meeting the required standards.

Question 14

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

a.
MSA.
b.
SLA.
c.
BPA.
d.
SOW.

Answer 14

SOW.Your Answer: Correct
A Statement of Work (SOW) is a document that outlines the specific project details, including the scope of work, project timeline, deliverables, costs, and completion time frame.

Question 15

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

a.
A. Disaster recovery plan.
b.
B. Incident response procedure.
c.
C. Business continuity plan.
d.
D. Change management procedure.

Answer 15

d.
D. Change management procedure.Your Answer: Correct
Change management procedures ensure that any modifications to the IT environment, including firewall rules, are made in a controlled and systematic way. This helps to minimize disruptions, ensure proper documentation, and maintain security and compliance.

Question 16

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

a.
A. Encrypted.
b.
B. Intellectual property.
c.
C. Critical.
d.
D. Data in transit.

Answer 16

b.
B. Intellectual property.Your Answer: Correct
Employees in the research and development (R&D) business unit are most likely to work with intellectual property, which includes proprietary information, designs, inventions, and other creative works. Protecting this type of data is crucial as it represents valuable assets that give the company a competitive edge.

Question 17

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

a.
IRP.
b.
DRP.
c.
RPO.
d.
SDLC.

Answer 17

b.
DRP.Your Answer: Correct
A Disaster Recovery Plan (DRP) outlines the procedures to restore critical systems and data in the event of a system failure, ensuring business continuity and minimizing downtime.

Question 18

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

a.
Mitigate.
b.
Accept.
c.
Transfer.
d.
Avoid.

Answer 18

a.
Mitigate.Your Answer: Correct
Mitigating risk involves taking actions to reduce the impact or likelihood of a risk. If a legacy application is critical and preventative controls are not yet in place, the enterprise should focus on implementing measures to mitigate the risk.

Question 19

A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe?

a.
Continuous.
b.
Ad hoc.
c.
Recurring.
d.
One time.

Answer 19

c.
Recurring.Your Answer: Correct
Recurring assessments are regularly scheduled to identify and mitigate risks.

Question 20

An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

a.
Recovery point objective.
b.
Mean time between failures.
c.
Recovery time objective.
d.
Mean time to repair.

Answer 20

d.
Mean time to repair.Correct
Mean time to repair (MTTR) measures the average time required to repair a failed component or device and restore it to operational status.

Question 21

Which of the following describes the maximum allowance of accepted risk?

a.
Risk indicator.
b.
Risk level.
c.
Risk score.
d.
Risk threshold.

Answer 21

d.
Risk threshold.Correct
Risk threshold defines the level of risk an organization is willing to accept.

Question 22

A company’s marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

a.
Processor.
b.
Custodian.
c.
Subject.
d.
Owner.

Answer 22

d.
Risk threshold.Your Answer: Correct
Risk threshold defines the level of risk an organization is willing to accept.

Question 23

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?

a.
MTTR.
b.
RTO.
c.
ARO.
d.
MTBF.

Answer 23

c.
ARO.Your Answer: Correct
ARO (Annualized Rate of Occurrence) assesses the frequency and impact of ransomware attacks, helping the company determine the cost-benefit of maintaining coverage.

Question 23

An accounting clerk sent money to an attacker’s bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future?

a.
Standardizing security incident reporting.
b.
Executing regular phishing campaigns.
c.
Implementing insider threat detection measures.
d.
Updating processes for sending wire transfers.

Answer 23

c.
Subject.Your Answer: Correct
The customer is the subject of the data being collected and secured.

Question 24

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

a.
Real-time recovery.
b.
Hot.
c.
Cold.
d.
Warm.

Answer 24

c.
Cold.Correct Answer
A cold site is the most cost-effective option, as it typically consists of just the physical space and basic infrastructure without active systems or data. Since the RTO and RPO are around two days, the organization can afford the time required to set up and activate the systems in the event of a disaster. This makes a cold site suitable for the given requirements while keeping costs lower than hot or warm sites.

Question 25

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

a.
Accept.
b.
Transfer.
c.
Mitigate.
d.
Avoid.

Answer 25

b.
Transfer.Your Answer: Correct
Purchasing cyber insurance to address items listed on the risk register represents the Transfer strategy. Transferring risk involves shifting the impact of a potential loss to a third party, such as an insurance provider, rather than bearing the full brunt of the risk internally.

Question 26

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

a.
Risk tolerance.
b.
Risk transfer.
c.
Risk register.
d.
Risk analysis.

Answer 26

c.
Risk register.Your Answer: Correct
A risk register is a tool used to document risks, their impact, the individuals responsible for managing them, and the thresholds or criteria for taking action. It is a key part of risk management processes.