Sybex Book Review 4 Flashcards
Which security principle involves the knowledge and possession of sensitive material as an aspect of one’s occupation?
A. Principle of least privilege
B. Separation of duties
C. Need to know
D. As-needed basis
C. The need-to-know policy operates on the basis that any given system user should be granted access only to portions of sensitive information or materials necessary to perform some task. The principle of least privilege ensures that personnel are granted only the permissions they need to perform their job and no more. Separation of duties ensures that no single person has total control over a critical function or system. There isn’t a standard principle called “as-needed basis.”
An organization ensures that users are granted access to only the data they need to perform specific work tasks. What principle are they following?
A. Principle of least permission
B. Separation of duties (SoD)
C. Need to know
D. Job rotation
C. Need to know is the requirement to have access to, knowledge about, or possession of data to perform specific work tasks, but no more. The principle of least privilege includes both rights and permissions, but the term principle of least permission is not valid within IT security. Separation of duties (SoD) ensures that a single person doesn’t control all the elements of a process. A separation of duties policy ensures that no single person has total control over a critical function. A job rotation policy requires employees to rotate to different jobs periodically.
What concept is used to grants users only the rights and permissions they need to complete their job responsibilities?
A. Need to know
B. Mandatory vacations
C. Least privilege principle
D. Service-level agreement (SLA)
C. An organization applies the least privilege principle to ensure employees receive only the access they need to complete their job responsibilities. Need to know refers to permissions only, whereas privileges include both rights and permissions. A mandatory vacation policy requires employees to take a vacation in one- or two-week increments. An SLA identifies performance expectations and can include monetary penalties.
A large organization using a Microsoft domain wants to limit the amount of time users have elevated privileges. Which of the following security operation concepts can be used to support this goal?
A. Principle of least permission
B. Separation of duties
C. Need to know
D. Privileged account management
D. Microsoft domains include a privileged account management solution that grants administrators elevated privileges when they need them but restrict the access using a time-limited ticket. The principle of least privilege includes both rights and permissions, but the term principle of least permission is not valid within IT security. Separation of duties ensures that a single person doesn’t control all the elements of a process or a critical function. Need to know is the requirement to have access to, knowledge about, or possession of data to perform specific work tasks, but no more.
An administrator is granting permissions to a database. What is the default level of access the administrator should grant to new users in the organization?
A. Read
B. Modify
C. Full access
D. No access
D. The default level of access should be no access. The principle of least privilege dictates that users should only be granted the level of access they need for their job, and the question doesn’t indicate that new users need any access to the database. Read access, modify access, and full access grants users some level of access, which violates the principle of least privilege.
You want to apply the least privilege principle when creating new accounts in the software development department. Which of the following should you do?
A. Create each account with only the rights and permissions needed by the employee to perform their job.
B. Give each account full rights and permissions to the servers in the software development department.
C. Create each account with no rights and permissions.
D. Add the accounts to the local Administrators group on the new employee’s computer.
A. Each account should have only the rights and permissions needed to perform their job when following the least privilege policy. New employees would not need full rights and permissions to a server. Employees will need some rights and permissions in order to do their jobs. Regular user accounts should not be added to the Administrators group.
Your organization has divided a high-level auditing function into several individual job tasks. These tasks are divided between three administrators. None of the administrators can perform all of the tasks. What does this describe?
A. Job rotation
B. Mandatory vacation
C. Separation of duties
D. Least privilege
C. Separation of duties ensures that no single entity can perform all the tasks for a job or function. A job rotation policy moves employees to different jobs periodically. A mandatory vacation policy requires employees to take vacations. A least privilege policy ensures users have only the privileges they need, and no more.
A financial organization commonly has employees switch duty responsibilities every 6 months. What security principle are they employing?
A. Job rotation
B. Separation of duties
C. Mandatory vacations
D. Least privilege
A. A job rotation policy has employees rotate jobs or job responsibilities and can help detect collusion and fraud. A separation of duties policy ensures that a single person doesn’t control all elements of a specific function. Mandatory vacation policies ensure that employees take an extended time away from their jobs, requiring someone else to perform their job responsibilities, which increases the likelihood of discovering fraud. Least privilege ensures that users have only the permissions they need to perform their jobs and no more.
Which of the following is one of the primary reasons an organization enforces a mandatory vacation policy?
A. To rotate job responsibilities
B. To detect fraud
C. To increase employee productivity
D. To reduce employee stress levels
B. Mandatory vacation policies help detect fraud. They require employees to take an extended time away from their jobs, requiring someone else to perform their job responsibilities, which increases the likelihood of discovering fraud. It does not rotate job responsibilities. Although mandatory vacations might help employees reduce their overall stress levels and increase productivity, these are not the primary reasons for mandatory vacation policies.
Your organization has contracted with a third-party provider to host cloud-based servers. Management wants to ensure there are monetary penalties if the third party doesn’t meet their contractual responsibilities related to uptimes and downtimes. Which of the following is the best choice to meet this requirement?
A. MOU
B. ISA
C. SLA
D. SED
C. A service-level agreement (SLA) can provide monetary penalties if a third-party provider doesn’t meet its contractual requirements. Neither a memorandum of understanding (MOU) nor an interconnection security agreement (ISA) includes monetary penalties. Separation of duties is sometimes shortened to SED, but this is unrelated to third-party relationships.
Which one of the following is a cloud-based service model that gives an organization the most control and requires the organization to perform all maintenance on operating systems and applications?
A. Infrastructure as a service (IaaS)
B. Platform as a service (PaaS)
C. Software as a service (SaaS)
D. Public
A. The IaaS service model provides an organization with the most control compared to the other models, and this model requires the organization to perform all maintenance on operating systems and applications. The SaaS model gives the organization the least control, and the cloud service provider (CSP) is responsible for all maintenance. The PaaS model splits control and maintenance responsibilities between the CSP and the organization.
Which one of the following is a cloud-based service model that allows users to access email via a web browser?
A. Infrastructure as a service (IaaS)
B. Platform as a service (PaaS)
C. Software as a service (SaaS)
D. Public
C. The SaaS service model provides services such as email available via a web browser. IaaS provides the infrastructure (such as servers), and PaaS provides a platform (such as an operating system and application installed on a server). Public is a deployment method, not a service model.
The IT department routinely uses images when deploying new systems. Of the following choices, what is a primary benefit of using images?
A. Provides a baseline for configuration management
B. Improves patch management response times
C. Reduces vulnerabilities from unpatched systems
D. Provides documentation for changes
A. When images are used to deploy systems, the systems start with a common baseline, which is important for configuration management. Images don’t necessarily improve the evaluation, approval, deployment, and audits of patches to systems within the network. Although images can include current patches to reduce their vulnerabilities, this is because the image provides a baseline. Change management provides documentation for changes.
A server administrator recently modified the configuration for a server to improve performance. Unfortunately, when an automated script runs once a week, the modification causes the server to reboot. It took several hours of troubleshooting to ultimately determine the problem wasn’t with the script but instead with the modification. What could have prevented this?
A. Vulnerability management
B. Patch management
C. Change management
D. Blocking all scripts
C. An effective change management program helps prevent outages from unauthorized changes. Vulnerability management helps detect weaknesses but wouldn’t block the problems from this modification. Patch management ensures systems are kept up to date. Blocking scripts removes automation, which would increase the overall workload.
Which of the following steps would be included in a change management process? (Choose three.)
A. Immediately implement the change if it will improve performance.
B. Request the change.
C. Create a rollback plan for the change.
D. Document the change.
B, C, D. Change management processes include requesting a change, creating a rollback plan for the change, and documenting the change. Changes should not be implemented immediately without evaluating the change.
A new CIO learned that an organization doesn’t have a change management program. The CIO insists one be implemented immediately. Of the following choices, what is a primary goal of a change management program?
A. Personnel safety
B. Allowing rollback of changes
C. Ensuring that changes do not reduce security
D. Auditing privilege access
C. Change management aims to ensure that any change does not result in unintended outages or reduce security. Change management doesn’t affect personnel safety. A change management plan will commonly include a rollback plan, but that isn’t a specific goal of the program. Change management doesn’t perform any type of auditing.
Systems within an organization are configured to receive and apply patches automatically. After receiving a patch, 55 of the systems automatically restarted and booted into a stop error. What could have prevented this problem without sacrificing security?
A. Disable the setting to apply the patches automatically.
B. Implement a patch management program to approve all patches.
C. Ensure systems are routinely audited for patches.
D. Implement a patch management program that tests patches before deploying them.
D. An effective patch management program evaluates and tests patches before deploying them and would have prevented this problem. Approving all patches would not prevent this problem because the same patch would be deployed. Systems should be audited after deploying patches, not to test for the impact of new patches.
A security administrator wants to verify the existing systems are up to date with current patches. Of the following choices, what is the best method to ensure systems have the required patches?
A. Patch management system
B. Patch scanner
C. Penetration tester
D. Fuzz tester
A. A patch management system ensures that systems have required patches. In addition to deploying patches, it would also check the systems to verify they accepted the patches. There is no such thing as a patch scanner. A penetration test will attempt to exploit a vulnerability, but it can be intrusive and cause an outage, so it isn’t appropriate in this scenario. A fuzz tester sends random data to a system to check for vulnerabilities but doesn’t test for patches.
A recent attack on servers within your organization caused an excessive outage. You need to check systems for known issues that attackers may use to exploit other systems in your network. Which of the following is the best choice to meet this need?
A. Versioning tracker
B. Vulnerability scanner
C. Security audit
D. Security review
B. Vulnerability scanners are used to check systems for known issues and are part of an overall vulnerability management program. Versioning is used to track software versions and is unrelated to detecting vulnerabilities. Security audits and reviews help ensure that an organization is following its policies but wouldn’t directly check systems for vulnerabilities.
Which one of the following processes is most likely to list all security risks within a system?
A. Configuration management
B. Patch management
C. Hardware inventory
D. Vulnerability scan
D. A vulnerability scan will list or enumerate all security risks within a system. None of the other answers will list security risks within a system. Configuration management systems check and modify configuration settings. Patch management systems can deploy patches and verify patches are deployed, but they don’t check for all security risks. Hardware inventories only verify the hardware is still present.
Which of the following are valid incident management steps or phases as listed in the CISSP objectives? (Choose all that apply.)
A. Prevention
B. Detection
C. Reporting
D. Lessons learned
E. Backup
B, C, D. Detection, reporting, and lessons learned are valid incident management steps. Prevention is done before an incident. Creating backups can help recover systems, but it isn’t one of the incident management steps. The seven steps (in order) are detection, response, mitigation, reporting, recovery, remediation, and lessons learned.
You are troubleshooting a problem on a user’s computer. After viewing the host-based intrusion detection system (HIDS) logs, you determine that the computer has been compromised by malware. Of the following choices, what should you do next?
A. Isolate the computer from the network.
B. Review the HIDS logs of neighboring computers.
C. Run an antivirus scan.
D. Analyze the system to discover how it was infected.
A. Your next step is to isolate the computer from the network as part of the mitigation phase. You might look at other computers later, but you should try to mitigate the problem first. Similarly, you might run an antivirus scan, but later. The lessons learned phase is last and will analyze an incident to determine the cause.
In the incident management steps identified by (ISC)2, which of the following occurs first?
A. Response
B. Mitigation
C. Remediation
D. Lessons learned
D. The first step is detection. The seven steps (in order) are detection, response, mitigation, reporting, recovery, remediation, and lessons learned.
Which of the following are basic security controls that can prevent many attacks? (Choose three.)
A. Keep systems and applications up to date.
B. Implement security orchestration, automation, and response (SOAR) technologies.
C. Remove or disable unneeded services or protocols.
D. Use up-to-date antimalware software.
E. Use WAFs at the border.
A, C, D. The three basic security controls listed are 1) keep systems and applications up to date, 2) remove or disable unneeded services or protocols, and 3) use up-to-date antimalware software. SOAR technologies implement advanced methods to detect and automatically respond to incidents. It’s appropriate to place a network firewall at the border (between the internet and the internal network), but web application firewalls (WAF) should only filter traffic going to a web server.
Security administrators are reviewing all the data gathered by event logging. Which of the following best describes this body of data?
A. Identification
B. Audit trails
C. Authorization
D. Confidentiality
B. Audit trails provide documentation on what happened, when it happened, and who did it. IT personnel create audit trails by examining logs. Authentication of individuals is also needed to ensure that the audit trails provide proof of identities listed in the logs. Identification occurs when an individual claims an identity, but identification without authentication doesn’t provide accountability. Authorization grants individuals access to resources based on their proven identity. Confidentiality ensures that unauthorized entities can’t access sensitive data and is unrelated to this question.
A file server in your network recently crashed. An investigation showed that logs grew so much that they filled the disk drive. You decide to enable rollover logging to prevent this from happening again. Which of the following should you do first?
A. Configure the logs to overwrite old entries automatically.
B. Copy existing logs to a different drive.
C. Review the logs for any signs of attacks.
D. Delete the oldest log entries.
B. The first step should be to copy existing logs to a different drive so that they are not lost. If you enable rollover logging, you are configuring the logs to overwrite old entries. It’s not necessary to review the logs before copying them. If you delete the oldest log entries first, you may delete valuable data.
You suspect an attacker has launched a fraggle attack on a system. You check the logs and filter your search with the protocol used by fraggle. What protocol would you use in the filter?
A. User Datagram Protocol (UDP)
B. Transmission Control Protocol (TCP)
C. Internet Control Message Protocol (ICMP)
D. Security orchestration, automation, and response (SOAR)
A. Fraggle is a denial of service (DoS) attack that uses UDP. Other attacks, such as a SYN flood attack, use TCP. A smurf attack is similar to a fraggle attack, but it uses ICMP. SOAR is a group of technologies that provide automated responses to common attacks, not a protocol.
You are updating the training manual for security administrators and want to add a description of a zero-day exploit. Which of the following best describes a zero-day exploit?
A. An attack that exploits a vulnerability that doesn’t have a patch or fix
B. A newly discovered vulnerability that doesn’t have a patch or fix
C. An attack on systems without an available patch
D. Malware that delivers its payload after a user starts an application
A. A zero-day exploit is an attack that exploits a vulnerability that doesn’t have a patch or fix. A newly discovered vulnerability is only a vulnerability until someone tries to exploit it. Attacks on unpatched systems aren’t zero-day exploits. A virus is a type of malware that delivers its payload after a user launches an application.
Users in an organization complain that they can’t access several websites that are usually available. After troubleshooting the issue, you discover that an intrusion protection system (IPS) is blocking the traffic, but the traffic is not malicious. What does this describe?
A. A false negative
B. A honeynet
C. A false positive
D. Sandboxing
C. This is a false positive. The IPS falsely identified normal web traffic as an attack and blocked it. A false negative occurs when a system doesn’t detect an actual attack. A honeynet is a group of honeypots used to lure attackers. Sandboxing provides an isolated environment for testing and is unrelated to this question.
You are installing a new intrusion detection system (IDS). It requires you to create a baseline before fully implementing it. Which of the following best describes this IDS?
A. A pattern-matching IDS
B. A knowledge-based IDS
C. A signature-based IDS
D. An anomaly-based IDS
D. An anomaly-based IDS requires a baseline, and it then monitors traffic for any anomalies or changes when compared to the baseline. It’s also called behavior based and heuristics based. Pattern-based detection (also known as knowledge-based detection and signature-based detection) uses known signatures to detect attacks.
An administrator is implementing an intrusion detection system. Once installed, it will monitor all traffic and raise alerts when it detects suspicious traffic. Which of the following best describes this system?
A. A host-based intrusion detection system (HIDS)
B. A network-based intrusion detection system (NIDS)
C. A honeynet
D. A network firewall
B. An NIDS will monitor all traffic and raise alerts when it detects suspicious traffic. A HIDS only monitors a single system. A honeynet is a network of honeypots used to lure attackers away from live networks. A network firewall filters traffic, but it doesn’t raise alerts on suspicious traffic.
You are installing a system that management hopes will reduce incidents in the network. The setup instructions require you to configure it inline with traffic so that all traffic goes through it before reaching the internal network. Which of the following choices best identifies this system?
A. A network-based intrusion prevention system (NIPS)
B. A network-based intrusion detection system (NIDS)
C. A host-based intrusion prevention system (HIPS)
D. A host-based intrusion detection system (HIDS)
A. This describes an NIPS. It is monitoring network traffic, and it is placed in line with the traffic. An NIDS isn’t placed in line with the traffic, so it isn’t the best choice. Host-based systems only monitor traffic sent to specific hosts, not network traffic.
After installing an application on a user’s system, your supervisor told you to remove it because it is consuming most of the system’s resources. Which of the following prevention systems did you most likely install?
A. A network-based intrusion detection system (NIDS)
B. A web application firewall (WAF)
C. A security information and event management (SIEM) system
D. A host-based intrusion detection system (HIDS)
D. A drawback of some HIDSs is that they interfere with a single system’s normal operation by consuming too many resources. The other options refer to applications that aren’t installed on user systems.
You are replacing a failed switch. The configuration documentation for the original switch indicates a specific port needs to be configured as a mirrored port. Which of the following network devices would connect to this port?
A. An intrusion prevention system (IPS)
B. An intrusion detection system (IDS)
C. A honeypot
D. A sandbox
B. An IDS is most likely to connect to a switch port configured as a mirrored port. An IPS is placed in line with traffic, so it is placed before the switch. A honeypot doesn’t need to see all traffic going through a switch. A sandbox is an isolated area often used for testing and would not need all traffic from a switch.
A network includes a network-based intrusion detection system (NIDS). However, security administrators discovered that an attack entered the network and the NIDS did not raise an alarm. What does this describe?
A. A false positive
B. A false negative
C. A fraggle attack
D. A smurf attack
B. A false negative occurs when there is an attack but the IDS doesn’t detect it and raise an alarm. In contrast, a false positive occurs when an IDS incorrectly raises an alarm, even though there isn’t an attack. The attack may be a UDP-based fraggle attack or an ICMP-based smurf attack, but the attack is real, and since the IDS doesn’t detect it, it is a false negative.
Management wants to add an intrusion detection system (IDS) that will detect new security threats. Which of the following is the best choice?
A. A signature-based IDS
B. An anomaly detection IDS
C. An active IDS
D. A network-based IDS
B. An anomaly-based IDS (also known as a behavior-based IDS) can detect new security threats. A signature-based IDS only detects attacks from known threats. An active IDS identifies the response after a threat is detected. A network-based IDS can be both signature based and anomaly based.
Your organization recently implemented a centralized application for monitoring. Which of the following best describes this?
A. SOAR
B. SIEM
C. HIDS
D. Threat feed
B. A security information and event management (SIEM) system is a centralized application that monitors multiple systems. Security orchestration, automation, and response (SOAR) is a group of technologies that provide automated responses to common attacks. A host-based intrusion detection system (HIDS) is decentralized because it is on one system only. A threat feed is a stream of data on current threats.
After a recent attack, management decided to implement an egress monitoring system that will prevent data exfiltration. Which of the following is the best choice?
A. An NIDS
B. An NIPS
C. A firewall
D. A DLP system
D. A network-based data loss prevention (DLP) system monitors outgoing traffic (egress monitoring) and can thwart data exfiltration attempts. Network-based intrusion detection systems (NIDSs) and intrusion protection systems (IPSs) primarily monitor incoming traffic for threats. Firewalls can block traffic or allow traffic based on rules in an access control list (ACL), but they can’t detect unauthorized data exfiltration attacks.
Security administrators are regularly monitoring threat feeds and using that information to check systems within the network. Their goal is to discover any infections or attacks that haven’t been detected by existing tools. What does this describe?
A. Threat hunting
B. Threat intelligence
C. Implementing the kill chain
D. Using artificial intelligence
A. Threat hunting is the process of actively searching for infections or attacks within a network. Threat intelligence refers to the actionable intelligence created after analyzing incoming data, such as threat feeds. Threat hunters use threat intelligence to search for specific threats. Additionally, they may use a kill chain model to mitigate these threats. Artificial intelligence (AI) refers to actions by a machine, but the scenario indicates administrators are doing the work.
Administrators find that they are repeating the same steps to verify intrusion detection system alerts and perform more repetitive steps to mitigate well-known attacks. Of the following choices, what can automate these steps?
A. SOAR
B. SIEM
C. NIDS
D. DLP
A. Security orchestration, automation, and response (SOAR) technologies provide automated responses to common attacks, reducing an administrator’s workload. A security information and event management (SIEM) system is a centralized application that monitors log entries from multiple sources. A network-based intrusion detection system (NIDS) raises the alerts. A data loss prevention (DLP) system helps with egress monitoring and is unrelated to this question.
James is working with his organization’s leadership to help them understand the role that disaster recovery plays in their cybersecurity strategy. The leaders are confused about the differences between disaster recovery and business continuity. What is the end goal of disaster recovery planning?
A. Preventing business interruption
B. Setting up temporary business operations
C. Restoring normal business activity
D. Minimizing the impact of a disaster
C. Once a disaster interrupts the business operations, the goal of DRP is to restore regular business activity as quickly as possible. Thus, disaster recovery planning picks up where business continuity planning leaves off. Preventing business interruption is the goal of business continuity, not disaster recovery programs. Although disaster recovery programs are involved in restoring normal activity and minimizing the impact of disasters, this is not their end goal.
Kevin is attempting to determine an appropriate backup frequency for his organization’s database server and wants to ensure that any data loss is within the organization’s risk appetite. Which one of the following security process metrics would best assist him with this task?
A. RTO
B. MTD
C. RPO
D. MTBF
C. The recovery point objective (RPO) specifies the maximum amount of data that may be lost during a disaster and should be used to guide backup strategies. The maximum tolerable downtime (MTD) and recovery time objective (RTO) are related to the duration of an outage, rather than the amount of data lost. The mean time between failures (MTBF) is related to the frequency of failure events.
Brian’s organization recently suffered a disaster and wants to improve their disaster recovery program based on their experience. Which one of the following activities will best assist with this task?
A. Training programs
B. Awareness efforts
C. BIA review
D. Lessons learned
D. The lessons learned session captures discoveries made during the disaster recovery process and facilitates continuous improvement. It may identify deficiencies in training and awareness or in the business impact analysis.
Adam is reviewing the fault-tolerance controls used by his organization and realizes that they currently have a single point of failure in the disks used to support a critical server. Which one of the following controls can provide fault tolerance for these disks?
A. Load balancing
B. RAID
C. Clustering
D. HA pairs
B. Redundant arrays of inexpensive disks (RAID) are a fault-tolerance control that allow an organization’s storage service to withstand the loss of one or more individual disks. Load balancing, clustering, and high-availability (HA) pairs are all fault-tolerance services designed for server compute capacity, not storage.
Brad is helping to design a disaster recovery strategy for his organization and is analyzing possible storage locations for backup data. He is not certain where the organization will recover operations in the event of a disaster and would like to choose an option that allows them the flexibility to easily retrieve data from any DR site. Which one of the following storage locations provides the best option for Brad?
A. Primary data center
B. Field office
C. Cloud computing
D. IT manager’s home
C. Cloud computing services provide an excellent location for backup storage because they are accessible from any location. The primary data center is a poor choice, since it may be damaged during a disaster. A field office is reasonable, but it is in a specific location and is not as flexible as a cloud-based approach. The IT manager’s home is a poor choice—the IT manager may leave the organization or may not have appropriate environmental and physical security controls in place.
Which of the following statements about business continuity planning and disaster recovery planning are correct? (Choose all that apply.)
A. Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes.
B. Organizations can choose whether to develop business continuity planning or disaster recovery planning plans.
C. Business continuity planning picks up where disaster recovery planning leaves off.
D. Disaster recovery planning guides an organization through recovery of normal operations at the primary facility.
A, B, D. The only incorrect statement here is that business continuity planning picks up where disaster recovery planning leaves off. In fact, the opposite is true: disaster recovery planning picks up where business continuity planning leaves off. The other three statements are all accurate reflections of the role of business continuity planning and disaster recovery planning. Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes. Organizations can choose whether to develop business continuity planning or disaster recovery planning plans, although it is highly recommended that they do so. Disaster recovery planning guides an organization through recovery of normal operations at the primary facility.
Tonya is reviewing the flood risk to her organization and learns that their primary data center resides within a 100-year flood plain. What conclusion can she draw from this information?
A. The last flood of any kind to hit the area was more than 100 years ago.
B. The odds of a flood at this level are 1 in 100 in any given year.
C. The area is expected to be safe from flooding for at least 100 years.
D. The last significant flood to hit the area was more than 100 years ago.
B. The term 100-year flood plain is used to describe an area where flooding is expected once every 100 years. It is, however, more mathematically correct to say that this label indicates a 1 percent probability of flooding in any given year.
Randi is designing a disaster recovery mechanism for her organization’s critical business databases. She selects a strategy where an exact, up-to-date copy of the database is maintained at an alternative location. What term describes this approach?
A. Transaction logging
B. Remote journaling
C. Electronic vaulting
D. Remote mirroring
D. When you use remote mirroring, an exact copy of the database is maintained at an alternative location. You keep the remote copy up to date by executing all transactions on both the primary and remote sites at the same time. Electronic vaulting follows a similar process of storing all data at the remote location, but it does not do so in real time. Transaction logging and remote journaling options send logs, rather than full data replicas, to the remote location.