Domain 7: (Security Operations)

Question 1

What used to create a threat model using entity behavior and enables analysis to uncover more details around anomalous events?

Answer 1

User and Entity Behavior Analytics
UEBA

Question 2

What IT security principles help prevents security incidents, limit the scope of incidents when they occur and is implemented in secure networks?

Answer 2

Need-to-Know
Principle of Least Privilege

Question 3

What helps prevents collusion within an org?

Answer 3

Separation of Duties
Job Rotation

Question 4

What stipulate performance expectations such as maximum downtimes and often include penalties if the vendor doesn’t meet expectations?

Answer 4

Service-Level Agreements

Question 5

What includes ensuring that resources are deployed in a secure manner and maintained in a secure manner throughout their lifecycles?

Answer 5

Secure Provisioning

Question 6

What are the primary component that manages virtual assets, but also provide attackers with an additional target?

Answer 6

Hypervisors

Question 7

What provides the least amount of maintenance and security in the IaaS model?

Answer 7

Cloud Service Provider
CSP

Question 8

In a IaaS, what is the cloud service provider responsible for?

Answer 8

Networking
Storage
Servers
Virtualization

Question 9

In a PaaS, what is the cloud service provider responsible for?

Answer 9

Networking
Storage
Servers
Virtualization
OS
Middleware
Runtime

Question 10

In an SaaS what is the cloud service provider responsible for?

Answer 10

Everything

Question 11

What uses a labeling or numbering system to track changes in updated versions of software?

Answer 11

Versioning

Question 12

What verifies the deployment of approved patches to systems?

Answer 12

System Audits

Question 13

What is the patch management process?

Answer 13

Evaluate Patches
Test Patches
Approve the Patches
Deploy the Patches
Verify the patches are deployed

Question 14

What are the steps in incident response?

Answer 14

Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons Learned

Question 15

What are common DoS attacks?

Answer 15

SYN flood attacks
Smurf attacks
Ping of Death attacks

Question 16

What attack disrupts the TCP three-way handshake?

Answer 16

SYN flood attack

Question 17

What attack employs an amplification network to send numerous response packets to a victim?

Answer 17

Smurf attack

Question 18

What attack sends numerous oversized ping packets to the victim, causing the victim to freeze, crash, or reboot.

Answer 18

Ping of Death attack

Question 19

What is a collection of compromised computing devices often called bots or zombies.

Answer 19

Botnet

Question 20

What describes a criminal who uses a command-and-control server to remotely control the zombies, often use the botnet to launch attacks on other systems.

Answer 20

Bot Herder

Question 21

What is the process of extracting elements from a large body of data to construct a meaningful representation of summary of the whole?

Answer 21

Sampling

Question 22

What uses precise mathematical functions to extract meaningful information from a large volume of data?

Answer 22

Statistical Sampling

Question 23

What is a form of nonstatistical sampling that records only events that exceed a threshold?

Answer 23

Clipping

Question 24

What are key elements in displaying due care?

Answer 24

Security Audits and effectiveness reviews

Question 25

What ensures that the principle of least privilege is followed and often focused on privileged accounts?

Answer 25

User Entitlement Audit

Question 26

What is the process where orgs expecting lawsuit have a duty to preserve digital evidence?

Answer 26

eDiscovery

Question 27

What is the eDiscovery process?

Answer 27

Information identification and governance
Preservation and collection
Processing, review, analysis
Production and presentation

Question 28

What type of evidence is considered best evidence?

Answer 28

The original evidence

Question 29

What is considered secondary evidence?

Answer 29

A copy of the original evidence

Question 30

What is direct evidence?

Answer 30

Proves or disproves an act based on the five senses

Question 31

What is considered conclusive evidence?

Answer 31

Incontrovertible, overrides all other evidence types

Question 32

What is considered circumstantial evidence?

Answer 32

Inference from other information

Question 33

What is considered corroborative evidence?

Answer 33

Supporting evidence but cannot stand on its own

Question 34

What is opinionated evidence?

Answer 34

Expert and non-expert opinions

Question 35

What is hearsay evidence?

Answer 35

Not based on first-hand knowledge

Question 36

What types of evidence may be used in a criminal or civil trial?

Answer 36

Real
Documentary
Testimonial

Question 37

What are the requirements for evidence to be admissible in a court of law?

Answer 37

Evidence must be relevant
Evidence must be material to the case
Evidence must be competent or legally collected

Question 38

What are the three recovery site types?

Answer 38

Cold
Warm
Hot

Question 39

What type of recovery site is just a data center space, power, and network connectivity that’s ready and waiting for whenever you might need it.

Answer 39

Cold

Question 40

What type of recovery site has low cost but high effort?

Answer 40

Cold

Question 41

What type of recovery site allows you to pre-install your hardware and pre-configure your bandwidth needs?

Answer 41

Warm

Question 42

What type of recovery site has medium cost and medium effort?

Answer 42

Warm

Question 43

What type of recovery site allows you to keep servers and a live backup site up and running in the event of a disaster?

Answer 43

Hot

Question 44

What type of recovery site has high cost but low effort?

Answer 44

Hot

Question 45

What describes a company that leases computer time and owns large server farms and often fields or workstations, and may be onsite or remote?

Answer 45

Service Bureau

Question 46

What is a nonmainstream alternative to traditional recovery sites, and consists of self-contained trailers or other easily relocated units?

Answer 46

Mobile Site

Question 47

What describes the age of files that must be recovered from backup storage for normal ops to resume if sys or network goes down?

Answer 47

Recovery Point Objective
RPO

Question 48

What is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity?

Answer 48

Recovery Time Objective
RTO

Question 49

What provides an inexpensive alternative to disaster recovery sites but are difficult to enforce and raises confidentiality concerns?

Answer 49

Mutual Assistance Agreements
MAA

Question 50

What are the four main steps of business continuity planning?

Answer 50

Project scope and Planning
Business Impact Assessment
Continuity Planning
Approval and Implementation

Question 51

What plan describes how to move from the disaster recovery site back to your business environment or back to normal ops?

Answer 51

Business Resumption Plan
BRP

Question 52

What describes the time determination for how long a piece of IT infrastructure will continue to work before it fails?

Answer 52

Mean Time Between Failures
MTBF

Question 53

What describes a time determination for how long it will take to get a piece of hardware/software repaired and back on-line?

Answer 53

Mean Time to Repair
MTTR

Question 54

What describes the amount of time we can be without the asset that is unavailable BEFORE we must declare a disaster and initiate the DRP?

Answer 54

Max Tolerable Downtime
MTD

Question 55

What are the core goals of the disaster recovery plan?

Answer 55

Improving responsiveness by the employees in different situations
Easing confusion by providing written procedures and participation in drills
Helping make logical decisions during a crisis

Question 56

What are the five types of disaster recovery plan tests?

Answer 56

Read-Through
Structures Walk-Through
Simulation
Test
Parallel Test

Question 57

What DRP test is where you distribute copies of disaster recovery plans to the members of the disaster recovery team for review?

Answer 57

Read-Through Test

Question 58

What describes members of the DRP team gathering in a large conference room and role-playing a disaster scenario?

Answer 58

Table-top Exercise/Structured Walk-Through

Question 59

What involved relocating personnel to the alternate recovery site and implementing site activation procedures. The employees to the site perform their disaster recovery responsibilities just as they would for an actual disaster.

Answer 59

Parallel Test

Question 60

What is the name of the team who is used to return the primary site to normal processing conditions?

Answer 60

Salvage Team

Question 61

What is the name of the team used to get critical business functions running at the alternate site?

Answer 61

Recovery Team

Question 62

What are three different backup strategies?

Answer 62

Electronic Vaulting
Remote Journaling
Remote Mirroring

Question 63

What is used to transfer database backups to a remote site as part of a bulk transfer?

Answer 63

Electronic Vaulting

Question 64

What transmits only the journal or transaction logs to the off-site facility and not the actual files?

Answer 64

Remote Journaling

Question 65

What is a live database sever maintained at a backup site and is the most advanced database backup solution and also the most expensive?

Answer 65

Remote Mirroring