Test Study 8

Question 1

What type of embedded OS is becoming more pervasive and has large public safety implications?

Answer 1

Vehicles

Question 2

What is a reference template?

Answer 2

The sample of bio-metric data used for comparison in authentication.

Question 3

What is the sample of bio-metric data used for comparison in authentication called?

Answer 3

Reference template

Question 4

What authentication server transmits authorization information in clear text?

Answer 4

Radius

Question 5

An employee is not performing per the standards of the company. Another employee has spent person time investigating this and proving it. What is the issue?

Answer 5

The other employee has not received authorization for an investigation.

Question 6

What items require:
Reasonable suspicion?
Probabl cause?

Answer 6

Reasonable suspicion - stopping someone

Probable cause - warrant, grand jury

Question 7

Which type of vendor fix is for a critical security issue?

Answer 7

Hot fix

Question 8

Which type of vendor fix is a solution for a single issue?

Answer 8

Patch

Question 9

Which type of vendor hot fix is a collection of fixes?

Answer 9

Service Pack

Question 10

What is poly-instantiation a defense against?

Answer 10

Inference attacks

Question 11

What is a defense against inference attacks?

Answer 11

Poly-instantiation

Question 12

What are system operating rings also known as?

Answer 12

Privilege domains

Question 13

What are the steps of PICERF?

Answer 13

Prepare
Identify
Contain
Eradicate
Recovery
Follow Up

Question 14

What are the steps for the CISSP incident response?

Answer 14

Detect
Respond
Mitigate
Report
Recover
Remediate
Lessons Learned

Question 15

In PICERF, what happens in the prepare phase?

Answer 15

Properly train employees
Incident response drills and scenarios
Have approval and funding

Question 16

In DRMRRRL, what happens in the detect phase?

Answer 16

Discover an incident, notify the security office.

Question 17

In PICERF, what happens in the Identify phase?

Answer 17

Determine whether you have been breached, how it was done, what the scope was, has root cause been found?

Question 18

In DRMRRRL, what happens in the response phase?

Answer 18

Determine the validity of detection, rule out false positives, determine if it still ongoing or over.
Formally declare an incident.

Question 19

In PICERF, what happens in the contain phase?

Answer 19

Contain the breach so it does not spread
Update and patch systems
Change passwords
Help restore from backup

Question 20

in DRMRRRL, what happens in the mitigate phase?

Answer 20

Immediate action upon declaration of the incident, dependent upon time, risk, and impact.
Stop the incident, take down servers, fix the damage.

Question 21

In PICERF, what happens in the eradication phase?

Answer 21

Eliminate the root cause
Patch systems
Re-image if necessary

Question 22

In DRMRRRL, what happens in the report phase?

Answer 22

Report to relevant stakeholders, management, regulators, and law enforcement about the incident

Question 23

In PICERF, what happens in the recovery phase?

Answer 23

Restore systems to production

Enable file integrity monitoring

Question 24

In DRMRRRL, what happens in the recovery phase?

Answer 24

Return the environment to normal operations

Question 25

In PICERF, what happens in the follow up phase?

Answer 25

After action meetings

Analyze and document everything bout the breach

Question 26

In DRMRRL, what happens in the remediate phase?

Answer 26

Address the root cause of the incident.