Chapter 7 - Security Operations Flashcards Preview

My Notes of CISSP CBK > Chapter 7 - Security Operations > Flashcards

Flashcards in Chapter 7 - Security Operations Deck (57)
Loading flashcards...

In the even of a security incident, one of the primary objectives of operations staff is to ensure that: A. the attackers are detected and stopped B. there is minimal disruption to the organization's mission C. appropriate documentation about the event is maintaqined as chain of evidence D. the affected systems are immediately shut off to limit to the impact

B. there is minimal disruption to the organization's mission


Assuming a working IDS is in place, which of the following groups is best capable of stealing sensitive information due to the abscence of system auditing? A. Malicious software B. Hacker or cracker C. Disgruntled employee D. Auditors

C. Disgruntled employee


Which of the following provides controlled and un-intercepted interfaces into privliged user functions? A. Ring protection B. Anti-malware C. Maintenance hooks D. Trusted paths

D. Trusted paths


The doors of a data center spring open in the event of a fire. This is an example of A. Fail-safe B. Fail-secure C. Fail-proof D. Fail-closed

A. Fail-safe


Which of the following ensures constant redundancy and fault tolerance? A. Cold spare B. Warm spare C. Hot spare D. Archives

C. Hot spare


If speed is preferred over resilience, which of the following raid configuration is the best choice? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 10



Updating records in multiple locations or copying an entire database to a remote location as a means to ensure the appropriate levels of fault tolerance and redundancy is known as A. Data mirroring B. Shadowing C. Back up D. Archiving

B. Shadowing


When the backup window is not long enough to backup all of the data and sthe restoration of backup must be as fast as possible, which of the following types of high-availability backup strategy is best? A. Full B. Incremental C. Differential D. Increase the backup window so a full backup can be performed

C. Differential


At a restricted facility, visitors are requested to provide identification and verified against a pre-approved list by the guard at the front gate before being let in. This is an example of checking for: A. Least privilege B. Separation of duties C. Fail-safe D. Psychological acceptability

A. Least privilege


The major benefit of information classification is to: A. map out the computing ecosystem B. identify the threats and vulnerabilities C. determine the software baseline D. identify the appropriate level of protection needs

D. identify the appropriate level of protection needs


When sensitive information is no longer critical but still within scope of a record retention policy, that information is best: A. Destroyed B. Re-categorized C. Degaussed D. Released

B. Re-categorized


The main benefit of placing users into groups and roles is: A. ease of user administration B. Increased security C. Ease of programmatic access D. Increased automation

A. ease of user administration


Which of the following best determines access and suitability of an individual? A. job rank and title B. partnership with the security team C. role D. background investigation

D. background investigation


Reports must be specific on both the message and which of the following? A. Intended audience B. Delivery options C. Colors used D. print layout

A. Intended audience


Which of the following can help with ensuring that only the needed logs are collected for monitoring? A. clipping level B. Aggreagation C. XML Parsing D. Inference

A. clipping level


The main difference between a Security Event Information System and a log management system is that SEIM systems are usefull for log collection, collation and analysis: A. real time B. for historical purposes C. for admissibility in court D. in discerning patterns

A. real time


When normal traffic is flagged as an attack, it is an example of: A. Fail-safe B. Fail-secure C. False-negative D. False-positive

D. False-positive


The best way to ensure that there is not data remance of sensitive information that was once stored on a dvd-r media is by: A. Deletion B. Degaussing C. Destruction D. Overwriting

C. Destruction


Which of the following processes is concerned with not only identifying and addressing the root cause but also addressing the underlying issue: A. Incident management B. Problem management C. Change management D. Configuration management

B. Problem management


Before applying a software update tp production systems, it is most important that: A. full disclosure information about the threat that the patch addresses is available B. The patching process is documented C. The production systems are backed up D. An independent third party attests the validity of the patch

C. The production systems are backed up


Least privilege

no more access than necessary to perform a job


need to know

defines the minimum for least privilege


Privilieged accounts

root/builtin adminstrator accounts; service accounts; administrator accounts, and power user accounts


system administrator

highest level of privilege on most systems, managing systems operations and maintenance



typically were mainframe system users, schedule jobs to run effectively and troubleshoot problems, load/unload tapes and result of job print runs, reassignment of ports and lines


security administrator

oversight for security operations, acct managment, assignment of labels, system security settings and review of audit logs


job rotations

reduce the risk of collusion of activities between individuals - also provides back up coverage, succession planning, and job enrichment opportunities


information classification

group similar assets together and protect them based on common classification levels



labels should have sensitivity marking, whether or not encrypted, and maybe point of contact and retention period


magnetic media

floppy disks, tapes, hard drives