Ch.9 Resilience and Physical Security Flashcards by Joe Park

Naomi wants to handle increasing load by scaling cloud-hosted resources as needed while having the change remain transparent to users. She also wants to allow for upgrades and system replacements transparently. What solution should she select?

A. Load balancing
B. Clustering
C. Geographic diversity
D. A hot site

✅ A. Load balancing
📄 Load balancing distributes traffic across multiple systems to ensure scalability and fault tolerance. It can also redirect users away from systems being upgraded.
❌ B. Clustering is for redundancy but doesn’t manage load distribution or traffic direction.
❌ C. Geographic diversity is for disaster recovery, not load handling.
❌ D. A hot site is a backup site, not a scaling method.

✅ Security+ Tip: If a question focuses on transparent scaling, the answer is almost always load balancing.

How well did you know this?

Not at all

Perfectly

Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed?

A. A new full backup
B. A snapshot
C. An incremental backup
D. A differential backup

✅ D. A differential backup
📄 Differential backups copy everything that changed since the last full backup.
❌ C. Incremental backups copy changes since the last backup of any type (incremental or full).

✅ Security+ Tip: “Since last full” = differential. “Since last backup” = incremental.

How well did you know this?

Not at all

Perfectly

What type of recovery site has some or most systems in place but does not have the data needed to take over operations?

A. A hot site
B. A warm site
C. A cloud site
D. A cold site

✅ B. A warm site
📄 A warm site has infrastructure ready but lacks current data.
❌ A. Hot site has systems and live data.
❌ D. Cold site has power/network but no systems or data.

✅ Security+ Tip: Warm = mid-cost, mid-speed. Know the difference between hot, warm, and cold sites.

How well did you know this?

Not at all

Perfectly

Ben wants to test his warm site to verify that it will take over operations successfully. What type of testing is this?

A. Parallel processing
B. Simulation
C. Failover
D. A tabletop exercise

✅ C. Failover
📄 Failover testing involves switching operations entirely to the backup site (in this case, the warm site) to validate that it can fully operate on its own.
❌ A. Parallel processing runs both primary and backup simultaneously but does not involve switching over.
❌ B. Simulation and ❌ D. Tabletop exercises are theoretical/planning methods and do not execute the actual system change.

✅ Security+ Tip:
If the test involves actually switching to the backup or secondary site — even temporarily — that is a failover.

How well did you know this?

Not at all

Perfectly

Felix wants to clone a virtual machine. What should he do to capture a live machine, including the machine state?

A. A full backup
B. A snapshot
C. A differential backup
D. Live boot media

✅ B. A snapshot
📄 Snapshots capture the exact state of a system or VM, allowing cloning or rollback.
❌ A. Full backups don’t include live system memory/state

✅ Security+ Tip: Snapshots are best for cloning or quick rollback in virtual environments.

How well did you know this?

Not at all

Perfectly

Mike wants to stop vehicles from traveling toward the entrance of his building. What physical security control should he implement?

A. An air gap
B. A hot aisle
C. A robotic sentry
D. A bollard

✅ D. A bollard
📄 Bollards are sturdy posts that block vehicles from crashing into structures.

✅ Security+ Tip: Vehicles = bollards. People = fences, doors, guards.

How well did you know this?

Not at all

Perfectly

Sally is working to restore her organization’s operations after a disaster took her datacenter offline. What critical document should she refer to as she restarts systems?

A. The restoration order documentation
B. The TOTP documentation
C. The HOTP documentation
D. The last-known good configuration documentation

✅ A. The restoration order documentation
📄 This doc lists critical services and systems in recovery order.
❌ D. Last-known good config is used during patch rollback, not full disaster recovery.
❌ B,C. TOTP and HOTP are types of one-time password technology

✅ Security+ Tip: Restoration order is crucial when recovering from site-wide or datacenter failure.

How well did you know this?

Not at all

Perfectly

Alecia wants to ensure that her backups cannot be accessed by third parties while stored in an offsite storage location. What should she do to secure her backups?

A. Hash the backup data.
B. Avoid the use of offsite storage locations.
C. Employ security guards.
D. Encrypt the backup data.

✅ D. Encrypt the backup data
📄 Encryption protects data at rest and in transit.
❌ A. Hashing ensures integrity, not confidentiality.

✅ Security+ Tip: Offsite + secure = encrypt your backups.

How well did you know this?

Not at all

Perfectly

Fred wants to be able to recover his database transactions at any point in time if a physical disaster occurs involving his datacenter. His organization uses daily backups. What additional solution should he select to support this need?

A. Onsite journaling
B. Onsite snapshots
C. Offsite journaling
D. Offsite snapshots

✅ C. Offsite journaling
📄 Journaling logs every transaction, allowing point-in-time recovery even if the primary site is lost.

✅ Security+ Tip: Journaling = continuous log for granular recovery. Backups are not enough alone.

How well did you know this?

Not at all

Perfectly

Ellen is concerned about her company’s resilience and wants to ensure it can handle either changing loads or support disaster recovery and business continuity efforts if a primary location or datacenter were taken offline. Which of the following should she primarily focus on during her capacity planning?

A. People, technology, and infrastructure
B. A generator and a UPS
C. RAID 0, 1, 5, and 10
D. Incremental, differential, and full backups

✅ A. People, technology, and infrastructure
📄 Resilience requires capacity planning to ensure that capacity—including staff, technology, and infrastructure—is available when is needed.
❌ B, C, D. Although a generator, UPS, various RAID levels, and backups have their place in disaster recovery and contingency planning, they are not the primary focus of resiliency and capacity planning.

✅ Security+ Tip: People, tech, and infra = the three pillars of resilience planning.

How well did you know this?

Not at all

Perfectly

Madhuri has deployed a replication tool that copies data over to a secondary hot site in real time. What type of replication has she deployed?

A. Synchronous replication
B. Journaled replication
C. Asynchronous replication
D. Snapshot-based replication

✅ A. Synchronous replication
📄 Synchronous = real-time mirror. Asynchronous has slight delays.

✅ Security+ Tip: Real-time sync = synchronous replication.
Asynchronous = eventual consistency.

How well did you know this?

Not at all

Perfectly

What factor is a major reason organizations do not use security guards?

A. Reliability
B. Training
C. Cost
D. Social engineering

✅ C. Cost
📄 Security guards can be one of the costliest physical security controls over time, making the cost of guards one of the most important deciding factors guiding when and where they will be employed.
❌ A, B, D. Reliability, training, and the potential for social engineering are all possible issues with security guards, but none of these is the major driver in the decision process.

✅ Security+ Tip: Guards = high effectiveness, high cost.

How well did you know this?

Not at all

Perfectly

Megan wants to deploy a sensor that is inexpensive, yet will allow her to detect humans entering and moving in a secured room. Which of the following should she select?

A. An infrared sensor
B. A microwave sensor
C. An ultrasonic sensor
D. A pressure sensor

✅ A. An infrared sensor
📄 Infrared detects heat/motion, is affordable, and good for indoor security.
❌ B. Microwave sensors are more expensive but can provide better coverage, including traveling through some barriers.
❌ C. Ultrasonic sensors are rarely used for this purpose
❌ D. Pressure sensors are limited to the pad where they are deployed, making them expensive and challenging to use for rooms or larger spaces.

✅ Security+ Tip: Cheap + motion detection = infrared.

How well did you know this?

Not at all

Perfectly

Kathleen wants to discourage potential attackers from entering the facility she is responsible for. Which of the following is not a common control used for this type of preventive defense?

A. Fences
B. Lighting
C. Platform diversity
D. Video surveillance

✅ C. Platform diversity
📄 Platform diversity is a technical control used in cybersecurity to limit risk from software or vendor failures. It is not a physical deterrent.

❌ A. Fences are physical barriers used to prevent or deter unauthorized entry.
❌ B. Lighting increases visibility and discourages unauthorized activity.
❌ D. Video surveillance acts as both a deterrent and a detection control.

✅ Security+ Tip: If the question asks for a physical deterrent, eliminate answers related to technical architecture like platform diversity.

How well did you know this?

Not at all

Perfectly

How does technology diversity help ensure cybersecurity resilience?

A. It ensures that a vulnerability in a single company’s product will not impact the entire infrastructure.
B. If a single vendor goes out of business, the company does not need to replace its entire infrastructure.
C. It means that a misconfiguration will not impact the company’s entire infrastructure.
D. All of the above.

✅ D. All of the above
📄 Technology diversity reduces reliance on a single vendor or platform, helping organizations maintain operations if:

A vendor product has a vulnerability (A)

A vendor shuts down or is unavailable (B)

One system is misconfigured (C)

❌ A–C are all correct individually, so D is the best choice.

✅ Security+ Tip: “All of the above” is often the correct answer when multiple options are independently valid — especially with terms like resilience or redundancy.

How well did you know this?

Not at all

Perfectly

Scott sends his backups to a company that keeps them in a secure vault. What type of backup solution has he implemented?

A. Nearline
B. Safe
C. Onsite
D. Offsite

✅ D. Offsite
📄 Offsite backups are stored away from the primary site and are critical for disaster recovery and geographic redundancy.

❌ A. Nearline storage is slower than online but still available quickly (e.g., tape libraries).
❌ B. Safe is not a defined Security+ term for backup storage.
❌ C. Onsite means backups stored at the primary location, which wouldn’t be in a secure external vault.

✅ Security+ Tip: If a question mentions remote vaults or geographic separation, it’s referring to offsite backups.

Gabby wants to detect physical brute-force attempts against her organization. What solution is best suited to this?

A. Security guards
B. Locks
C. Access badges
D. An intrusion detection system (IDS)

✅ A. Security guards
📄 A. Security guards who can monitor for and understand the signs of a physical brute-force attempt are the most useful control listed.

❌ B. Locks may show signs of attempts but require careful inspection
❌ C. Access badges would require log review and additional information to detect brute-force attacks
❌ D. IDS is useful for network attacks, not physical ones

✅ Security+ Tip: For physical brute-force detection, always consider human-based solutions like guards or cameras.

Florian wants to test his high-availability designs but does not want to interrupt his organization’s normal work. Which of the following is the least disruptive testing scenario?

A. A failover exercise
B. A tabletop exercise
C. A partial failover exercise
D. A simulation

✅ B. A tabletop exercise
📄 A tabletop exercise is discussion-based, involves no live systems, and is the least disruptive test type.

❌ A. Failover tests real failover to a backup — highly disruptive.
❌ C. Partial failover still redirects some services and can affect users.
❌ D. Simulation involves practicing real actions and could still disrupt services.

✅ Security+ Tip: For non-disruptive testing, look for tabletop. For realism, look for failover.

An organization wants to prevent piggybacking by requiring individuals to authenticate twice before entering a secured area. Each person must first enter a chamber, wait for the first door to close, and then authenticate again to unlock the second door. What physical security control is being implemented?

A. A Faraday cage
B. An access control vestibule
C. A bollard
D. An air gap

✅ B. An access control vestibule
📄 Also known as a mantrap, this prevents tailgating or piggybacking by only allowing one person at a time to authenticate and enter.

❌ A. Faraday cage blocks electromagnetic signals; unrelated to entry control.
❌ C. Bollard protects from vehicles, not people.
❌ D. Air gap refers to electronic isolation, not physical access control.

✅ Security+ Tip: If the question describes two doors and anti-tailgating, it’s testing your knowledge of mantraps or vestibules.

Gurvinder identifies a third-party datacenter provider over 90 miles away to run his redundant datacenter operations. Why has he placed the datacenter that far away?

A. Because it is required by law
B. Network traffic latency concerns
C. Geographic dispersion
D. Geographic tax reasons

✅ C. Geographic dispersion
📄 Keeping backup datacenters geographically distant reduces the risk that a single regional disaster will affect both sites.

❌ A. Required by law – Not typically a legal requirement (except in some regulated industries).
❌ B. Network latency would increase at 90+ miles, not decrease.
❌ D. Geographic tax reasons aren’t related to resiliency planning.

✅ Security+ Tip: 90+ miles is the benchmark often cited for effective disaster separation and is tied to geographic dispersion.

Your organization uses firewalls, intrusion detection systems, and endpoint protection tools from multiple vendors. Which of the following best explains this design decision?

A. It simplifies management and support
B. It avoids single points of failure due to vendor compromise
C. It ensures all systems are patched by the same vendor
D. It guarantees compliance with all security frameworks

Correct Answer: B

Platform diversity reduces risk from a single point of compromise—if one vendor’s solution is breached, others may not be affected.

What is a disadvantage of implementing platform diversity across security controls?

A. Increased vendor lock-in
B. Decreased system availability
C. Higher complexity and training requirements
D. Inability to apply any cryptographic solutions

Correct Answer: C

Using tools from multiple vendors increases complexity, training needs, and integration challenges.

A financial services company needs to ensure that critical systems stay online AT ALL TIMES, even during hardware failure. Which of the following technologies best supports this goal?

A. Full backup
B. Snapshot
C. Replication
D. Journaling

Correct Answer: C. Replication
🧠 Explanation: Replication keeps data and systems synchronized in real time, ensuring immediate failover and high availability. Backups and snapshots help with restoration, not live availability.

✅ Security+ Tip:
If the question is about keeping systems running right now, no to little delay, the answer is likely replication — not backup or journaling.

An administrator needs to recover a system to the state it was in just before a failed software update that corrupted several files. Which of the following provides the FASTEST METHOD of restoring the system to a known-good state?

A. Journaling
B. Replication
C. Incremental backup
D. Snapshot

Correct Answer: D. Snapshot
🧠 Explanation: A snapshot captures the entire system state at a point in time, allowing quick rollback. Journaling replays changes (slower), replication just mirrors corruption, and incremental backups require multiple layers to rebuild.

✅ Security+ Tip:
If the question asks for quick rollback to a known state, go with snapshot. Journaling is slower and replication copies corruption instantly.

A ransomware attack encrypts a company’s shared drive. The drive was replicated to a secondary location in real time. What is the most likely result? A. The replicated drive remains unaffected B. The ransomware only encrypts the primary drive C. Both the primary and replicated drives are encrypted D. Replication automatically recovers the files

Correct Answer: C. Both the primary and replicated drives are encrypted 🧠 Explanation: Replication mirrors live changes, including deletions or malicious encryptions. This is why replication ≠ backup. 📢 Exam-Specific Warning: Security+ may include replication vs backup questions like this. You must recognize that replication is not safe against corruption or ransomware.

Which of the following best describes the role of journaling in a storage system? A. It replicates data to a secondary system for high availability B. It keeps point-in-time records of changes to enable rollback C. It creates daily backups to an external storage device D. It ensures continuous data synchronization during write operations

Correct Answer: B. It keeps point-in-time records of changes to enable rollback 🧠 Explanation: Journaling logs individual changes that can be reapplied after an incident, such as in databases or file systems. ✅ Security+ Tip: If the question says “point-in-time recovery” or “transactional rollback”, think journaling — not replication or backups.

A company stores archival backups in a cloud storage service with LOW COST but VERY HIGH LATENCY for retrieval. Which of the following storage types is most likely being used? A. Online cloud backup B. Network-attached storage (NAS) C. Glacier or coldline storage D. Tape backup robot

Correct Answer: C. Glacier or coldline storage 🧠 Explanation: Coldline or Glacier storage offers low-cost, long-term backup, but with slow retrieval speeds. Ideal for archival use, not for quick restoration. ✅ Security+ Tip: If the question highlights low cost but slow access, think cloud cold storage like Amazon S3 Glacier or Google Coldline.

A company backs up its critical data to a remote third-party provider in another state. Which of the following is the PRIMARY BENEFIT of this approach? A. Faster recovery times B. Compliance with password policies C. Improved disaster recovery through geographic diversity D. Reduced need for encryption

Correct Answer: C. Improved disaster recovery through geographic diversity 🧠 Explanation: Off-site backups improve disaster recovery by ensuring data isn’t lost during a local disaster. Speed may be reduced, but survivability is increased. ✅ Security+ Tip: When the question mentions disaster recovery or regional failure, the best answer is usually off-site or cloud backup with geographic diversity.

Which of the following is a disadvantage of using cloud-based backups compared to local storage solutions? A. Slower backup performance due to local network speeds B. Inability to encrypt data at rest C. Less reliable data retention D. Greater need for physical security controls

Correct Answer: A. Slower backup performance due to local network speeds 🧠 Explanation: Cloud backups depend on your Internet bandwidth — they may be slower to back up and restore than local disk or NAS systems. ✅ Security+ Tip: If the question asks about speed limitations with cloud, the answer often involves network constraints like upload/download bottlenecks.

A small business wants a cost-effective backup solution for rarely accessed compliance data. Which of the following is the best option? A. Onsite SSD backup B. High-speed SAN array C. Coldline cloud storage D. Daily incremental backups to flash drives

Correct Answer: C. Coldline cloud storage 🧠 Explanation: Coldline storage is designed for infrequent access with low cost, making it perfect for long-term retention needs like compliance archives. 📢 Exam-Specific Warning: Security+ may try to distract you with flashy, high-speed options, but the key is in recognizing the keywords like infrequent access, archival, or cost-effective.

Henry wants to ensure that his organization is not responsible for the full cost of a data breach. Which of the following strategies supports this goal? A. Load balancing B. Redundancy C. Risk transference D. Platform diversity

✅ C. Risk transference 📄 Risk transference shifts some or all of the liability to another entity — like through cyber insurance or third-party agreements. ❌ A. Load balancing handles traffic distribution, not financial liability. ❌ B. Redundancy helps with availability, not risk ownership. ❌ D. Platform diversity improves resilience, not liability. ✅ Security+ Tip: If a question talks about reducing liability, insurance, or third-party contracts, it's testing risk transference.

Maria designs a backup architecture that includes off-site storage, but the client is concerned about whether the vendor provides regular patches and support for the storage platform. Which factor is Maria evaluating? A. Patch availability B. Resilience C. Risk transference D. Cost

✅ A. Patch availability 📄 Patch availability ensures that systems remain secure and supported by the vendor — critical when trusting third-party infrastructure. ❌ B. Resilience refers to system uptime and recoverability. ❌ C. Risk transference would involve contracts or insurance, not patching. ❌ D. Cost is always relevant but not the core concern here. ✅ Security+ Tip: If the scenario mentions vendor support or patching timelines, think patch availability.

Martin manages an industrial site that relies on older control systems that cannot be taken offline or patched. What challenge is he most likely to face? A. Patch availability B. Inability to patch C. Load balancing D. Power distribution

✅ B. Inability to patch 📄 Inability to patch refers to systems that must remain online or are too outdated to support modern updates. ❌ A. Patch availability is a concern when patches exist but are slow to release — here, patching isn't possible. ❌ C. Load balancing has nothing to do with patches. ❌ D. Power distribution is not related to patching concerns. ✅ Security+ Tip: Legacy systems or those with uptime requirements often face an inability to patch.

A facility’s fire suppression system is accidentally triggered, causing data loss. Further investigation reveals it was caused by a remote environmental manipulation. What kind of physical attack has occurred? A. RFID cloning B. Brute force C. Environmental attack D. Motion-based intrusion

✅ C. Environmental attack 📄 Environmental attacks target HVAC, fire suppression, or other non-cyber infrastructure to cause disruption or damage. ❌ A. RFID cloning involves duplicating access cards. ❌ B. Brute force refers to physical entry by force (e.g., breaking a door). ❌ D. Motion-based intrusion would be detected, not triggered, by sensors. ✅ Security+ Tip: Any attack that manipulates climate, power, fire systems, or moisture controls is an environmental attack.

An attacker captures the signal from an employee’s badge and uses it to gain unauthorized access. What kind of attack is this? A. Brute-force attack B. RFID cloning C. Physical bypass D. Credential stuffing

✅ B. RFID cloning 📄 RFID cloning involves copying radio frequency identification data from access cards to impersonate an authorized user. ❌ A. Brute-force involves physical force. ❌ C. Physical bypass may involve tailgating, not cloning. ❌ D. Credential stuffing is an online password attack, not physical access. ✅ Security+ Tip: When a badge or RFID signal is duplicated, it's an RFID cloning attack — a form of physical compromise.

A company wants to host applications in two different cloud provider environments to ensure continuity if one vendor experiences a regional outage. What approach are they using? A. Site mirroring B. Cloud federation C. Multicloud architecture D. Hybrid backup strategy

✅ C. Multicloud architecture 📄 Multicloud means using two or more cloud providers to improve resilience and reduce vendor lock-in. ❌ A. Site mirroring is within the same provider or infrastructure. ❌ B. Cloud federation involves linking identities and services — not redundancy. ❌ D. Hybrid backup involves mixing cloud and on-prem backup, not multicloud hosting. ✅ Security+ Tip: When you see “two cloud providers,” it's always testing multicloud.

The IT director wants to ensure operations remain online even during a long-term power outage. Which of the following should be included in the facility’s design? A. Load balancer B. UPS and generator C. RAID 10 D. HVAC zoning

✅ B. UPS and generator 📄 A UPS provides short-term power, and a generator supplies long-term power, ensuring continuous uptime. ❌ A. Load balancer manages traffic, not power. ❌ C. RAID 10 handles disk redundancy. ❌ D. HVAC manages cooling, not power supply. ✅ Security+ Tip: Power redundancy always comes down to UPS for immediate needs and generators for sustained outages.