Security Operations

Question 1

The security admin should not report to the network admin. Why?

Answer 1

Conflict of interest

Network admins are more incentivized toward availability and performance

Question 2

Concentrates on the products’ architecture, embedded features, and functionality that enable a customer to continually obtain the necessary level of protection when using the product.

A. Production assurance
B. Implementation assurance
C. Life-cycle assurance
D. Operational assurance

Answer 2

D

Question 3

Takes place after the system shuts itself down in a controlled manner in response to a kernel failure.

A. system cold start
B. emergency system restart
C. system reload
D. system reboot

Answer 3

system reboot

Question 4

Takes place after a system failure happens in an uncontrolled manner.

A. system cold start
B. emergency system restart
C. system reload
D. system reboot

Answer 4

emergency system restart

Question 5

Takes place when an unexpected kernel or media failure happens and the regular recovery procedure cannot recover the system to a more consistent state. Intervention by the user or administrator may be required.

A. system cold start
B. emergency system restart
C. system reload
D. system reboot

Answer 5

system cold start

Question 6

Transactions should be __________, meaning that they cannot be interrupted between the input being provided and the generation of the output.

Answer 6

atomic

Question 7

Anti-virus and IDS signatures should be updated on a __________ basis.

A. Daily
B. Hourly
C. As-needed
D. Continual

Answer 7

D

Question 8

Which of the following is not a key aspect of operational security?

A. Resource Protection
B. Change Control
C. Incident Management
D. Hardware and software controls
E. Trusted System Recovery
D. Separation of duties
E. Least Privilege

Answer 8

C

Question 9

Intrusion detection devices include all but the following?

A. Vibration Sensors
B. Electromechanical devices
C. CCTVs
D. Lighting
E. Motion Detectors

Answer 9

D

Question 10

Which of the following is not a drawback to Intrusion detection systems?

A. Expensive to install and maintain
B. Require human response
C. Subject to false alarm
D. Fails to detect physical intrusions

Answer 10

D

Question 11

This type of secondary site does not have computers, but it does have some peripheral devices, such as disk drives, controllers, and tape drives.

Answer 11

Warm Site

Question 12

The maximum time period within which a business process must be restored to a designated service level after a disaster to avoid unacceptable consequences.

A. MTD
B. RPO
C. RTO
D MTTR

Answer 12

RTO

Question 13

The estimated amount of time it will take to get a device fixed and back into production after its failure.

A. MTD
B. RPO
C. RTO
D MTTR

Answer 13

MTTR

Question 14

The acceptable amount of data loss measured in time.

A. MTD
B. RPO
C. RTO
D MTTR

Answer 14

RPO

Question 15

When returning to the original site after a disaster, which organizational units should go back in first.

A. Most critical
B. Least Critical
C. Moderately critical

Answer 15

B

Question 16

A method of risk transference, _______________ covers the lost of income that an organization suffers after a disaster while it is in its recovery stage.

Answer 16

Business Interruption Insurance

Question 17

Which of the following might make evidence inadmissible in court? (Choose all that apply)

A. Proof of chain-of-custody
B. A document created specifically for the court case.
C. Documentation that the evidence was stored in a safe location.
D. Documentation that examination was performed on a copy of the evidence media. The copy is verifiable by a matching hash value.
E. The evidence is relevant, complete, sufficient, and reliable to the case at hand.
F. Evidence was not collected by an expert.
G. Evidence was taken without an employees permission or warrant from their personal cell phone.

Answer 17

B, G

Question 18

Backs up the files that have been modified since the last full backup.

Answer 18

Differential backup

Question 19

When data needs to be restored for from this backup type, the full backup is laid down, and then each other backup is laid down on top of it in the proper order.

Answer 19

Incremental backup

Question 20

When data needs to be restored for from this backup type, the full backup is laid down, and then the most recent backup is laid down on top of it.

Answer 20

Differential backup

Question 21

This is a secondary site that can be ready for operation within a few hours and is owned by the company.

A. Warm Site
B. Redundant Site
C. Reciprocal Site
D. Hot site

Answer 21

Redundant site

Hot sites are a subscription service.

Question 22

What are the 7 steps in the Cyber Kill Chain?

Answer 22

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control (C&C)
Actions on the Objective

Question 23

Which of the following is not a type of centralized patch management?

A. Agent Based
B. Agentless
C. Active
D. Passive

Answer 23

C

Agent Based - update agent is installed on each device and communicates with one or more update servers.

Agentless - a spin on this is to use Active Directory objects in a domain controller to manage patch levels.

Passive involves monitoring network traffic to infer patching levels. Least effective

Question 24

A fault-tolerant server technology that where each server takes part in processing services that are requested.

Answer 24

Clustering

Question 25

When data is written across all drives in a RAID, the technique is called __________.

A. Parity
B. Hot-swapping
C. Striping
D. Redundant Copying

Answer 25

C

Question 26

The most commonly used RAID mode today is RAID 5. Spreading control data across each disk in a RAID is called __________.

A. Parity
B. Hot-swapping
C. Striping
D. Redundant Control

Answer 26

A

Question 27

What does MAID stand for?

Answer 27

Massive Array of Inactive Disks

Question 28

A load-balanced parallel means of massive computation implemented with loosely coupled systems that may join and leave randomly.

Answer 28

Grid Computing

Question 29

Short focal length lenses provide _______ views, while long focal length lenses provide _________ views.

Answer 29

Wide-angle

Narrower

Question 30

In order to achieve a greater depth of focus so that there is not such a distinction between objects in the foreground and background, choose

A. Wide angle lense
B. Long focal length lense
C. Large lens opening
D. Small lens opening

Answer 30

D

Question 31

What part of the camera controls the amount of light that enters the lens?

A. Lens opening
B. Focal Length
C. Iris
D. Lux value

Answer 31

C

Question 32

What height of fence is used to deter casual trespassers?

Answer 32

3 to 4 feet high

Question 33

What height of fence is used to deter determined trespassers?

Answer 33

8 feet high

Question 34

Critical areas need to have at least _______ feet of illumination with the illumination of two foot-candles.

A. 6
B. 7
C. 8
D. 9

Answer 34

C

Question 35

A cipher lock that also logs a user’s unique code used to gain access is call what?

Answer 35

Smart Lock

Question 36

This is the small round locks you usually see on file cabinets.

Answer 36

Wafer tumbler

Question 37

A tumble lock fits within a cylinder and is susceptible to which of the following circumvention techniques? (Choose all that apply)

A. tension wrench
B. raking
C. bumping
D. slipping 
E. drilling

Answer 37

A, B, C, E

Question 38

System sensing access control readers are sometimes called this. They’re like the readers used at KIO Networks, but don’t require you to swipe anything. The reader sends out interrogating signals and obtains the access codes from the card.

Answer 38

Transponder

Question 39

This is a generic term used to describe proximity authentication devices, such as proximity readers, programmable locks, or biometric systems.

Answer 39

Electronic Access Control Tokens

EAC

Question 40

What does MOM stand for?

Answer 40

Motive, Opportunity, Means

Question 41

An act or omission that naturally and directly produces a consequence. It is the superficial or obvious cause for an occurrence. It can be seen as an element of negligence in a court of law.

Answer 41

Proximate cause

Question 42

It is common for organizations to develop GRC programs, which allow for the integration and alignment of the activities that take place in each silo of a security program. What does GRC stand for?

Answer 42

Governance, Risk, Compliance

Question 43

This term is commonly used by the U.S. govenment to denote BCP.

Answer 43

COOP