Security Operations Flashcards
The security admin should not report to the network admin. Why?
Conflict of interest
Network admins are more incentivized toward availability and performance
Concentrates on the products’ architecture, embedded features, and functionality that enable a customer to continually obtain the necessary level of protection when using the product.
A. Production assurance
B. Implementation assurance
C. Life-cycle assurance
D. Operational assurance
D
Takes place after the system shuts itself down in a controlled manner in response to a kernel failure.
A. system cold start
B. emergency system restart
C. system reload
D. system reboot
system reboot
Takes place after a system failure happens in an uncontrolled manner.
A. system cold start
B. emergency system restart
C. system reload
D. system reboot
emergency system restart
Takes place when an unexpected kernel or media failure happens and the regular recovery procedure cannot recover the system to a more consistent state. Intervention by the user or administrator may be required.
A. system cold start
B. emergency system restart
C. system reload
D. system reboot
system cold start
Transactions should be __________, meaning that they cannot be interrupted between the input being provided and the generation of the output.
atomic
Anti-virus and IDS signatures should be updated on a __________ basis.
A. Daily
B. Hourly
C. As-needed
D. Continual
D
Which of the following is not a key aspect of operational security?
A. Resource Protection B. Change Control C. Incident Management D. Hardware and software controls E. Trusted System Recovery D. Separation of duties E. Least Privilege
C
Intrusion detection devices include all but the following?
A. Vibration Sensors B. Electromechanical devices C. CCTVs D. Lighting E. Motion Detectors
D
Which of the following is not a drawback to Intrusion detection systems?
A. Expensive to install and maintain
B. Require human response
C. Subject to false alarm
D. Fails to detect physical intrusions
D
This type of secondary site does not have computers, but it does have some peripheral devices, such as disk drives, controllers, and tape drives.
Warm Site
The maximum time period within which a business process must be restored to a designated service level after a disaster to avoid unacceptable consequences.
A. MTD
B. RPO
C. RTO
D MTTR
RTO
The estimated amount of time it will take to get a device fixed and back into production after its failure.
A. MTD
B. RPO
C. RTO
D MTTR
MTTR
The acceptable amount of data loss measured in time.
A. MTD
B. RPO
C. RTO
D MTTR
RPO
When returning to the original site after a disaster, which organizational units should go back in first.
A. Most critical
B. Least Critical
C. Moderately critical
B
A method of risk transference, _______________ covers the lost of income that an organization suffers after a disaster while it is in its recovery stage.
Business Interruption Insurance
Which of the following might make evidence inadmissible in court? (Choose all that apply)
A. Proof of chain-of-custody
B. A document created specifically for the court case.
C. Documentation that the evidence was stored in a safe location.
D. Documentation that examination was performed on a copy of the evidence media. The copy is verifiable by a matching hash value.
E. The evidence is relevant, complete, sufficient, and reliable to the case at hand.
F. Evidence was not collected by an expert.
G. Evidence was taken without an employees permission or warrant from their personal cell phone.
B, G
Backs up the files that have been modified since the last full backup.
Differential backup
When data needs to be restored for from this backup type, the full backup is laid down, and then each other backup is laid down on top of it in the proper order.
Incremental backup
When data needs to be restored for from this backup type, the full backup is laid down, and then the most recent backup is laid down on top of it.
Differential backup
This is a secondary site that can be ready for operation within a few hours and is owned by the company.
A. Warm Site
B. Redundant Site
C. Reciprocal Site
D. Hot site
Redundant site
Hot sites are a subscription service.
What are the 7 steps in the Cyber Kill Chain?
Reconnaissance Weaponization Delivery Exploitation Installation Command and Control (C&C) Actions on the Objective
Which of the following is not a type of centralized patch management?
A. Agent Based
B. Agentless
C. Active
D. Passive
C
Agent Based - update agent is installed on each device and communicates with one or more update servers.
Agentless - a spin on this is to use Active Directory objects in a domain controller to manage patch levels.
Passive involves monitoring network traffic to infer patching levels. Least effective
A fault-tolerant server technology that where each server takes part in processing services that are requested.
Clustering
When data is written across all drives in a RAID, the technique is called __________.
A. Parity
B. Hot-swapping
C. Striping
D. Redundant Copying
C
The most commonly used RAID mode today is RAID 5. Spreading control data across each disk in a RAID is called __________.
A. Parity
B. Hot-swapping
C. Striping
D. Redundant Control
A
What does MAID stand for?
Massive Array of Inactive Disks
A load-balanced parallel means of massive computation implemented with loosely coupled systems that may join and leave randomly.
Grid Computing
Short focal length lenses provide _______ views, while long focal length lenses provide _________ views.
Wide-angle
Narrower
In order to achieve a greater depth of focus so that there is not such a distinction between objects in the foreground and background, choose
A. Wide angle lense
B. Long focal length lense
C. Large lens opening
D. Small lens opening
D
What part of the camera controls the amount of light that enters the lens?
A. Lens opening
B. Focal Length
C. Iris
D. Lux value
C
What height of fence is used to deter casual trespassers?
3 to 4 feet high
What height of fence is used to deter determined trespassers?
8 feet high
Critical areas need to have at least _______ feet of illumination with the illumination of two foot-candles.
A. 6
B. 7
C. 8
D. 9
C
A cipher lock that also logs a user’s unique code used to gain access is call what?
Smart Lock
This is the small round locks you usually see on file cabinets.
Wafer tumbler
A tumble lock fits within a cylinder and is susceptible to which of the following circumvention techniques? (Choose all that apply)
A. tension wrench B. raking C. bumping D. slipping E. drilling
A, B, C, E
System sensing access control readers are sometimes called this. They’re like the readers used at KIO Networks, but don’t require you to swipe anything. The reader sends out interrogating signals and obtains the access codes from the card.
Transponder
This is a generic term used to describe proximity authentication devices, such as proximity readers, programmable locks, or biometric systems.
Electronic Access Control Tokens
EAC
What does MOM stand for?
Motive, Opportunity, Means
An act or omission that naturally and directly produces a consequence. It is the superficial or obvious cause for an occurrence. It can be seen as an element of negligence in a court of law.
Proximate cause
It is common for organizations to develop GRC programs, which allow for the integration and alignment of the activities that take place in each silo of a security program. What does GRC stand for?
Governance, Risk, Compliance
This term is commonly used by the U.S. govenment to denote BCP.
COOP
