Security policies and Standards

Question 1

Which of the following is not part of the AAA framework?

Authentication
Access
Authorization
Accounting

Answer 1

Access

Question 2

Raul has been asked to serve as individuals to whom day-to-day actions have been assigned by the owner. What role is Raul taking?

Answer 2

Data custodian/steward

Question 3

Which access control scheme is the most restrictive?

Answer 3

MAC

Question 4

Which type of access control scheme uses predefined rules that makes it the most flexible scheme?

Answer 4

MAC

Question 5

Which statement about rule-based access control is true?
It requires that a custodian set all rules
it is no longer considered secure
it dynamically assigns roles to subjects based on rules
it is considered a real-world approach by linking a user’s job function with security

Answer 5

it dynamically assigns roles to subjects based on rules

Question 6

Which of these is a set of permission that is attached to an object?
ACL
SRE
Object modifier
Entity attribute (EnATT)

Answer 6

ACL

Question 7

What can be used to provide both filesystem security and database security?
RBASEs
LDAPs
CHAPs
ACLs

Answer 7

ACLs

Question 8

What is the amount of time added to or subtracted from Coordinated Universal time to determine local time?

Answer 8

Time offset

Question 9

Cheryl has been asked to set up a user account explicitly to provide a security context for services running on a server. What type of account will she create?

Answer 9

Service Account

Question 10

Which of these is not an incident response process step?
Recovery
Reporting
Eradication
Lessons learned

Answer 10

Reporting

Question 11

Which of the following is typically a monthly discussion of a scenario conducted in an informal and stress-free environment to evaluate an incident response plan?
Walkthrough
Simulation
Tabletop
Incident response plan evaluation (IRP-E)

Answer 11

tabletop

Question 12

Ella wants to research an attack framework that incorporates adversary, infrastructure, capability, and victim. Which of the following would she choose?
Diamond model of intrusion analysis
cyber kill chain
Mitre ATT&CK
basic-advanced incident (BAI) framework

Answer 12

diamond model of intrusion analysis

Question 13

Blaise needs to create a document that is linear-style checklist of required manual steps and action needed to successfully respond to a specific type of incident. What does she need to create?

Answer 13

playbook

Question 14

Which of the following should be performed in advance of an incident?
containment
segmentation
isolation
capture

Answer 14

segmentation

Question 15

What is a platform used to provide telephony, video, and web conferences that can serve as an entry point to a threat actor?

Answer 15

Call manager

Question 16

Which of the following is not a problem associated with log management?
multiple devices generating logs
large volume of log data
different log formats
time-stamped log data

Answer 16

time-stamped log data

Question 17

Which tool is an open source utility for UNIX devices that includes content filtering?

Answer 17

syslog-ng

Question 18

Which of the following is a packet sampling protocol that gives a statistical sample instead of the actual flow of packets? 
NetFlow
sFlow
IPFIX
journalctl

Answer 18

sFlow

Question 19

Which of the following is the most fragile and should be captured first in a forensics investigation?
ARP cache
kernel statistics
CPU cache
RAM

Answer 19

CPU cache

Question 20

Which of the following is a Linux utility that displays the contents of system memory?
Autopsy
winhex
dd
memdump

Answer 20

memdump