Risk Management (3)

Question 1

Which of the following are considered inappropriate places to store backup tapes? (Choose two.)

Near a workstation

Near a speaker

Near a CRT monitor

Near an LCD screen

Answer 1

Near a speaker

Near a CRT monitor

Backup tapes should not be stored near power sources such as CRT monitors and speakers. These devices can cause the tapes to be degaussed

Question 2

You are a member of your company’s security response team and have discovered an incident within your network. You are instructed to remove and restore the affected system. You restore the system with the original disk image and then install patches and disable any unnecessary services to harden the system against any future attacks. Which incident response process have you completed?

Eradication

Preparation

Containment

Answer 2

Eradication

The eradication process involves removing and restoring affected systems by reimaging the system’s hard drive and installing patches

Question 3

You are a security administrator and have decided to implement a unified threat management (UTM) appliance within your network. This appliance will provide antimalware, spam filtering, and content inspection along with other protections. Which of the following statements best describes the potential problem with this plan?

The protections can only be performed one at a time.

This could create the potential for a single point of failure.

You work with a single vendor and its support department.

Answer 3

You work with a single vendor and its support department.

A unified threat management (UTM) appliance is a single console a security administrator can monitor and manage easily. This could create a single point of failure

Question 4

You are attending a risk analysis meeting and are asked to define internal threats. Which of the following is not considered an internal threat?

Employees accessing external websites through the company’s hosts

Embezzlement

Threat actors compromising a network through a firewall

Answer 4

Threat actors compromising a network through a firewall

Unauthorized access of a network through a firewall by a threat actor is considered an external threat

Question 5

You are the network director and are creating the following year’s budget. You submit forensic dollar amounts for the cyber incident response team. Which of the following would you not submit? (Choose two.)

ALE amounts

SLE amounts

Training expenses

Man-hour expenses

Answer 5

ALE amounts

SLE amounts

ALE (annual loss expectancy) is the product of the ARO (annual rate of occurrence) and the SLE (single loss expectancy) and is mathematically expressed as ALE = ARO × SLE. Single loss expectancy is the cost of any single loss and it is mathematically expressed as SLE = AV (asset value) × EF (exposure factor)

Question 6

Computer evidence of a crime is preserved by making an exact copy of the hard disk. Which of the following does this demonstrate?

Chain of custody

Order of volatility

Capture system image

Answer 6

Capture system image

Capturing the system image involves making an exact image of the drive so that it can be referenced later in the investigation

Question 7

Which option is an example of a workstation not hardened?

Risk

Threat

Exposure

Answer 7

Risk

Risk is defined as the likelihood of occurrence of a threat and the corresponding loss potential. Risk is the probability of a threat actor to exploit vulnerability. The purpose of system hardening is to remove as many security risks as possible. Hardening is typically performed by disabling all nonessential software programs and utilities from the workstation

Question 8

Which of the following elements should not be included in the preparation phase of the incident response process?

Policy

Lesson learned documentation

Response plan/strategy

Answer 8

Lesson learned documentation

Lessons learned documentation is a phase of the incident response process

Question 9

Which of the following does not minimize security breaches committed by internal employees?

Job rotation

Separation of duties

Nondisclosure agreements signed by employees

Answer 9

Nondisclosure agreements signed by employees

Nondisclosure agreements (NDAs) are signed by an employee at the time of hiring, and they impose a contractual obligation on employees to maintain the confidentiality of information. Disclosure of information can lead to legal ramifications and penalties. NDAs cannot ensure a decrease in security breaches

Question 10

You find one of your employees posting negative comments about the company on Facebook and Twitter. You also discover the employee is sending negative comments from their personal email on the company’s computer. You are asked to implement a policy to help the company avoid any negative reputation in the marketplace. Which of the following would be the best option to fulfill the request?

Account policy enforcement

Change management

Security policy

Answer 10

Security policy

Security policy defines how to secure physical and information technology assets. This document should be continuously updated as technology and employee requirements change

Question 11

Which of the following statements best describes a differential backup?

Only the changed portions of files are backed up.

All files are copied to storage media.

Files that have changed since the last full backup are backed up.

Answer 11

Files that have changed since the last full backup are backed up.

A differential backup copies files that have changed since the last full backup

Question 12

During which step of the incident response process does root cause analysis occur?

Preparation

Lessons learned

Containment

Answer 12

Lessons learned

Lessons learned process is the most critical phase because it is the phase to complete any documentation that may be beneficial in future incidents. Documentation should include information such as when the problem was first detected and by whom, how the problem was contained and eradicated, the work that was performed during the recovery, and areas that may need improvement

Question 13

Which of the following types of testing can help identify risks? (Choose two.)

Quantitative

Penetration testing

Vulnerability testing

Qualitative

Answer 13

Penetration testing

Vulnerability testing

Penetration and vulnerability testing can help identify risk. Before a tester performs these tests, they should receive written authorization

Question 14

What can a company do to prevent sensitive data from being retrieved by dumpster diving?

Degaussing

Capture system image

Shredding

Answer 14

Shredding

Shredding is the process of reducing the size of objects so the information is no longer usable. Other practices includes burning, pulping, and pulverizing

Question 15

You are a network administrator and have been asked to send a large file that contains PII to an accounting firm. Which of the following protocols would it be best to use?

Telnet

FTP

SFTP

Answer 15

SFTP

SFTP (secure FTP) encrypts data that is transmitted over the network

Question 16

Zackary is a network backup engineer and performs a full backup each Sunday evening and an incremental backup Monday through Friday evenings. One of the company’s network servers crashes on Thursday afternoon. How many backups will Zack need to do to restore the server?

Two

Three

Four

Answer 16

Four

Zackary will need four backups to restore the server if it crashes on Thursday afternoon. The four backups are Sunday evening full backup, Monday evening incremental backup, Tuesday evening incremental backup, and Wednesday evening incremental backup. Incremental backups require the full backup and all the incremental backups in order

Question 17

Your company website is hosted by an Internet service provider. Which of the following risk response techniques is in use?

Risk avoidance

Risk register

Risk acceptance

Answer 17

Risk avoidance

Risk avoidance is a strategy to deflect threats in order to avoid the costly and disruptive consequences of a damaging event. It also attempts to minimize vulnerabilities that can pose a threat

Question 18

A call center leases a new space across town, complete with a functioning computer network that mirrors the current live site. A high-speed network link continuously synchronizes data between the two sites. Which of the following describes the site at the new leased location?

Cold site

Warm site

Hot site

Answer 18

Hot site

A hot site, also known as an alternate processing site, contains all of the alternate computer and telecommunication equipment needed in a disaster. Testing this environment is simple

Question 19

A security administrator is reviewing the company’s continuity plan, and it specifies an RTO of 4 hours and an RPO of 1 day. Which of the following is the plan describing?

Systems should be restored within 4 hours and no later than 1 day after the incident.

Systems should be restored within 1 day and lose, at most, 4 hours’ worth of data.

Systems should be restored within 4 hours with a loss of 1 day’s worth of data at most.

Answer 19

Systems should be restored within 4 hours with a loss of 1 day’s worth of data at most.

Systems should be restored within four hours with a minimum loss of one day’s worth of data. RTO is the amount of time within which a process must be restored after a disaster to meet business continuity. It defines how much time it takes to recover after notification of process disruption. RPO specifies the allowable data loss. It is the amount of time that can pass during an interruption before the quantity of data lost during that period surpasses business continuity planning’s maximum acceptable threshold

Question 20

Which of the following statements is true regarding a data retention policy?

Regulations require financial transactions to be stored for 7 years.

Employees must remove and lock up all sensitive and confidential documents when not in use.

It describes a formal process of managing configuration changes made to a network.

Answer 20

Regulations require financial transactions to be stored for 7 years.

This statement refers to the data retention policy

Question 21

You are attending a meeting with your manager and he wants to validate the cost of a warm site versus a cold site. Which of the following reasons best justify the cost of a warm site? (Choose two.)

Small amount of income loss during long downtime

Large amount of income loss during short downtime

Business contracts enduring no more than 72 hours of downtime

Business contracts enduring no more than 8 hours of downtime

Answer 21

Large amount of income loss during short downtime

Business contracts enduring no more than 8 hours of downtime

Companies can lose a large amount of income in a short period of downtime. Companies can have business contracts that state a minimum amount of downtime can occur if a disaster occurs. These reasons can be used to support the reason for a warm site because the warm site relies on backups to recover from a disaster

Question 22

Recently, company data that was sent over the Internet was intercepted and read by hackers. This damaged the company’s reputation with its customers. You have been asked to implement a policy that will protect against these attacks. Which of the following options would you choose to help protect data that is sent over the Internet? (Choose two.)

Confidentiality

Safety

Availability

Integrity

Answer 22

Confidentiality

Integrity

Confidentiality allows authorized users to gain access to sensitive and protected data. Integrity ensures that the data hasn’t been altered and is protected from unauthorized modification

Question 23

How do you calculate the annual loss expectancy (ALE) that may occur due to a threat?

Exposure Factor (EF) / Single Loss Expectancy (SLE)

Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO)

Asset Value (AV) × Exposure Factor (EF)

Answer 23

Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO)

ALE (annual loss expectancy) is the product of the ARO (annual rate of occurrence) and the SLE (single loss expectancy) and is mathematically expressed as ALE = ARO × SLE. Single loss expectancy is the cost of any single loss and it is mathematically expressed as SLE = AV (asset value) × EF (exposure factor)

Question 24

Which of the following impact scenarios would include severe weather events? (Choose two.)

Life

Reputation

Salary

Property

Answer 24

Life

Property

The correct answer is life and property. Both of these impact scenarios include examples of severe weather events

Question 25

Which of the following outlines a business goal for system restoration and allowable data loss?

RPO

Single point of failure

MTTR

Answer 25

RPO

RPO (recovery point objective) specifies the allowable data loss. It is the amount of time that can pass during an interruption before the quantity of data lost during that period surpasses business continuity planning’s maximum acceptable threshold

Question 26

Which of the following is an example of a preventive control? (Choose two.)

Data backups

Security camera

Door alarm

Cable locks

Answer 26

Data backups

Cable locks

Preventive controls are proactive and are used to avoid a security breach or an interruption of critical services before they can happen

Question 27

You are a security administrator for your company and you identify a security risk that you do not have in-house skills to address. You decide to acquire contract resources. The contractor will be responsible for handling and managing this security risk. Which of the following type of risk response technique are you demonstrating?

Accept

Mitigate

Transfer

Answer 27

Transfer

Risk transfer is the act of moving the risk to hosted providers who assume the responsibility for recovery and restoration or by acquiring insurance to cover the costs emerging from a risk

Question 28

You are an IT manager and discovered your department had a break-in, and the company’s computers were physically damaged. What type of impact best describes this situation?

Life

Reputation

Property

Answer 28

Property

The correct answer is property. Physical damage to a building and the company’s computer equipment can be caused by intentional man-made attacks

Question 29

Which of the following would help build informed decisions regarding a specific DRP?

Business impact analysis

ROI analysis

RTO

Answer 29

Business impact analysis

A business impact analysis (BIA) helps identify the risks that would affect business operations such as finance impact. The will help a company recover from a disaster

Question 30

Each salesperson who travels has a cable lock to lock down their laptop when they step away from the device. Which of the following controls does this apply?

Compensating

Deterrent

Preventive

Answer 30

Preventive

A preventive control is used to avoid a security breach or an interruption of critical services before they can happen