Chapter 7 - Security Operations Flashcards Preview

My Notes of CISSP CBK > Chapter 7 - Security Operations > Flashcards

Flashcards in Chapter 7 - Security Operations Deck (57)
Loading flashcards...
1

In the even of a security incident, one of the primary objectives of operations staff is to ensure that: A. the attackers are detected and stopped B. there is minimal disruption to the organization's mission C. appropriate documentation about the event is maintaqined as chain of evidence D. the affected systems are immediately shut off to limit to the impact

B. there is minimal disruption to the organization's mission

2

Assuming a working IDS is in place, which of the following groups is best capable of stealing sensitive information due to the abscence of system auditing? A. Malicious software B. Hacker or cracker C. Disgruntled employee D. Auditors

C. Disgruntled employee

3

Which of the following provides controlled and un-intercepted interfaces into privliged user functions? A. Ring protection B. Anti-malware C. Maintenance hooks D. Trusted paths

D. Trusted paths

4

The doors of a data center spring open in the event of a fire. This is an example of A. Fail-safe B. Fail-secure C. Fail-proof D. Fail-closed

A. Fail-safe

5

Which of the following ensures constant redundancy and fault tolerance? A. Cold spare B. Warm spare C. Hot spare D. Archives

C. Hot spare

6

If speed is preferred over resilience, which of the following raid configuration is the best choice? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 10

A. RAID 0

7

Updating records in multiple locations or copying an entire database to a remote location as a means to ensure the appropriate levels of fault tolerance and redundancy is known as A. Data mirroring B. Shadowing C. Back up D. Archiving

B. Shadowing

8

When the backup window is not long enough to backup all of the data and sthe restoration of backup must be as fast as possible, which of the following types of high-availability backup strategy is best? A. Full B. Incremental C. Differential D. Increase the backup window so a full backup can be performed

C. Differential

9

At a restricted facility, visitors are requested to provide identification and verified against a pre-approved list by the guard at the front gate before being let in. This is an example of checking for: A. Least privilege B. Separation of duties C. Fail-safe D. Psychological acceptability

A. Least privilege

10

The major benefit of information classification is to: A. map out the computing ecosystem B. identify the threats and vulnerabilities C. determine the software baseline D. identify the appropriate level of protection needs

D. identify the appropriate level of protection needs

11

When sensitive information is no longer critical but still within scope of a record retention policy, that information is best: A. Destroyed B. Re-categorized C. Degaussed D. Released

B. Re-categorized

12

The main benefit of placing users into groups and roles is: A. ease of user administration B. Increased security C. Ease of programmatic access D. Increased automation

A. ease of user administration

13

Which of the following best determines access and suitability of an individual? A. job rank and title B. partnership with the security team C. role D. background investigation

D. background investigation

14

Reports must be specific on both the message and which of the following? A. Intended audience B. Delivery options C. Colors used D. print layout

A. Intended audience

15

Which of the following can help with ensuring that only the needed logs are collected for monitoring? A. clipping level B. Aggreagation C. XML Parsing D. Inference

A. clipping level

16

The main difference between a Security Event Information System and a log management system is that SEIM systems are usefull for log collection, collation and analysis: A. real time B. for historical purposes C. for admissibility in court D. in discerning patterns

A. real time

17

When normal traffic is flagged as an attack, it is an example of: A. Fail-safe B. Fail-secure C. False-negative D. False-positive

D. False-positive

18

The best way to ensure that there is not data remance of sensitive information that was once stored on a dvd-r media is by: A. Deletion B. Degaussing C. Destruction D. Overwriting

C. Destruction

19

Which of the following processes is concerned with not only identifying and addressing the root cause but also addressing the underlying issue: A. Incident management B. Problem management C. Change management D. Configuration management

B. Problem management

20

Before applying a software update tp production systems, it is most important that: A. full disclosure information about the threat that the patch addresses is available B. The patching process is documented C. The production systems are backed up D. An independent third party attests the validity of the patch

C. The production systems are backed up

21

Least privilege

no more access than necessary to perform a job

22

need to know

defines the minimum for least privilege

23

Privilieged accounts

root/builtin adminstrator accounts; service accounts; administrator accounts, and power user accounts

24

system administrator

highest level of privilege on most systems, managing systems operations and maintenance

25

operators

typically were mainframe system users, schedule jobs to run effectively and troubleshoot problems, load/unload tapes and result of job print runs, reassignment of ports and lines

26

security administrator

oversight for security operations, acct managment, assignment of labels, system security settings and review of audit logs

27

job rotations

reduce the risk of collusion of activities between individuals - also provides back up coverage, succession planning, and job enrichment opportunities

28

information classification

group similar assets together and protect them based on common classification levels

29

marking

labels should have sensitivity marking, whether or not encrypted, and maybe point of contact and retention period

30

magnetic media

floppy disks, tapes, hard drives