Читать книгу CASP+ Practice Tests - Nadean H. Tanner - Страница 19

THE CASP+ EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

 Domain 1: Risk Management1.1 Summarize business and industry influences and associated security risks.Risk management of new products, new technologies, and user behaviorsNew or changing business models/strategiesPartnershipsOutsourcingCloudAcquisition/merger—divestiture/demergerData ownershipData reclassificationSecurity concerns of integrating diverse industriesRulesPoliciesRegulationsExport controlsLegal requirementsGeographyData sovereigntyJurisdictionsInternal and external influencesCompetitorsAuditors/audit findingsRegulatory entitiesInternal and external client requirementsTop-level managementImpact of de-perimeterization (e.g., constantly changing network boundary)TelecommutingCloudMobileBYODOutsourcingEnsuring third-party providers have requisite levels of information security1.2 Compare and contrast security, privacy policies, and procedures based on organizational requirements.Policy and process life cycle managementNew businessNew technologiesEnvironmental changesRegulatory requirementsEmerging risksSupport legal compliance and advocacy by partnering with human resources, legal, management, and other entities.Understand common business documents to support security.Risk Assessment (RA)Business Impact Analysis (BIA)Interoperability Agreement (IA)Interconnection Security Agreement (ISA)Memorandum of Understanding (MOU)Service-Level Agreement (SLA)Operating-Level Agreement (OLA)Non-Disclosure Agreement (NDA)Business Partnership Agreement (BPA)Master Service Agreement (MSA)Research security requirements for contracts.Request for Proposal (RFP)Request for Quote (RFQ)Request for Information (RFI)Understand general privacy principles for sensitive information.Support the development of policies containing standard security practices.Separation of dutiesJob rotationMandatory vacationLeast privilegeIncident responseForensic tasksEmployment and termination proceduresContinuous monitoringTraining and awareness for usersAuditing requirements and frequencyInformation classification1.3 Given a scenario, execute risk mitigation strategies and controls.Categorize data types by impact levels based on CIA.Incorporate stakeholder input into CIA impact-level decisions.Determine minimum-required security controls based on aggregate score.Select and implement controls based on CIA requirements and organizational policies.Extreme scenario planning/worst-case scenarioConduct system-specific risk analysis.Make a risk determination based upon known metrics.Magnitude of impact based on ALE and SLELikelihood of threatMotivationSourceAROTrend analysisReturn on Investment (ROI)Total cost of ownershipTranslate technical risks in business terms.Recommend which strategy should be applied based on risk appetite.AvoidTransferMitigateAcceptRisk management processesExemptions—Deterrence—Inherent—ResidualContinuous improvement/monitoringBusiness continuity planningRTORPOMTTRMTBFIT governanceAdherence to risk management frameworksEnterprise resilience1.4 Analyze risk metric scenarios to secure the enterprise.Review effectiveness of existing security controls.Gap analysisLessons learnedAfter-action reportsReverse engineer/deconstruct existing solutions.Creation, collection, and analysis of metricsKPIsKRIsPrototype and test multiple solutions.Create benchmarks and compare to baselines.Analyze and interpret trend data to anticipate cyber defense needs.Analyze security solution metrics and attributes to ensure they meet business needs.PerformanceLatencyScalabilityCapabilityUsabilityMaintainabilityAvailabilityRecoverabilityROITCOUse judgment to solve problems where the most secure solution is not feasible.

1 One of the biggest tasks as a security professional is identifying vulnerabilities. What is the difference between a vulnerability and a threat?A vulnerability is a weakness in system design, procedure, or code. A threat is the circumstance or likelihood of a vulnerability being exploited.A vulnerability is the driving force behind the activity. A threat is the probability of an attack.A vulnerability is the value to an institution where a threat is the source of the risk, internal or external.A vulnerability is the probability of the realization of a threat. A threat is the driving force behind the activity.

2 Which of the following BEST defines risk in IT?You have a vulnerability with a known active threat.You have a threat with a known vulnerability.You have a risk with a known threat.You have a threat with a known exploit.

3 A situation that affects the CIA triad of an IT asset can include an internal and external risk source. A breach of physical security can be instigated by_________________.untrusted insiders or trusted outsiderstrusted insiders or untrusted outsidershidden costsservice deterioration

4 Your organization provides cloud computing for a highly classified project. You implemented a virtual data center with multifactor authentication. Using the SIEM, you discovered a breach affecting confidential data. Sensitive information was found within the hypervisor. What has most probably occurred?You found a token and a RAM exploit that was used to move data.You found a local admin who could move data to their hard drive.A vulnerable server was unpatched, and the attacker was able to use VMEscape for access.A guest account used privilege escalation to move data from one virtual token to another.

5 An internal auditor has completed the annual audit of the company's financial records. The report has found several lapses in security policies and procedures, including proper disposal and sanitation of financial transactions. What would be their recommendation?You should wait for an external audit.You should recommend a separation of duties.You should institute job rotation.You should implement mandatory training.

6 An analyst has been attempting to acquire a budget for a new security tool. Which of the following should the analyst give to management to support the request?Threat reports and a trend analysisInterconnection security agreement (ISA)Master service agreement (MSA)Request for information (RFI)

7 An audit found a lack of security controls regarding employee termination. The current company policy states that the terminated employee's account is disabled within one hour of termination. The audit found that more than 10 percent of terminated employees still have active accounts. What is the BEST course of action?Review the termination requirements.Implement a monthly review of terminated employees.Update the policy to accommodate the delay.Review the termination policy with managers.

8 Several servers went offline since an update was pushed out. Other servers without that patch are still operational but vulnerable to attack. As the security administrator, you must ensure that critical servers are patched while minimizing downtime. What is the best strategy to minimize risk?All updates are tested in a lab before deployment.All systems in production are patched automatically.Production servers are patched only when updates are released.All updates are tested after being installed in a live environment.

9 Your organization is in the middle of a risk assessment for a new network infrastructure upgrade. All planning is complete, and your plan must include which security controls are to be put in place during each stage of the upgrade. What risk response is most likely being considered while creating an SLA contract with a third party?Accepting riskIdentifying riskTransferring riskMitigating risk

10 Your company hired a new CISO, and the first order of business is to perform a risk assessment on a new mobile device that is to be given to all employees. The device is commercially available and runs a popular operating system. What are the most important security factors that you should consider while conducting this risk assessment?Remote wipe and controls, encryption, and vendor track recordEncryption, IPV6, cost, and colorRemote wipe, maintenance, and inventory managementRemote monitoring, cost, SSD, and vendor track record

11 Your CISO wants you to conduct a risk assessment for a vital new healthcare system that needs to be in place in a month. As you conduct the assessment, you find a vulnerability report that details the low likelihood of exploitation. Why does your CISO still have reservations about making an exemption for this risk?The CISO has concerns about government regulations and compliance.The CISO feels rushed to make a decision.Competitors have elected not to use this system.Even one attack would be devastating to the organization, both financially and to its reputation.

12 Your company is looking at a new strategy to reach customers that includes social media. The marketing director would like to share news, updates, and promotions on all social websites. What are the major security risks to be aware of when this new program goes into effect?Malware, phishing, and social engineeringDDOS, brute force, and SQLiMergers and data ownershipRegulatory requirements and environmental changes

13 Your CEO purchased the latest and greatest mobile device (BYOD) and now wants you to connect it to the company's intranet. You have been told to research this process. What BEST security recommendation do you recommend to make the biggest impact on risk?Making this a new corporate policy available for everyoneAdding a PIN to access the deviceEncrypting nonvolatile memoryAuditing requirements

14 Your organization wants to move a vital company process to the cloud. You are tasked with conducting a risk analysis to minimize the risk of hosting email in the cloud. What is the best path forward?All logins must be done over an encrypted channel and obtain an NDA and SLA from the cloud provider.Remind all users not to write down their passwords.Make sure that the OLA covers more than just operations.Require data classification.

15 A web developer builds a web form for customers to fill out and respond to the company via a web page. What is the first thing that a developer should do to avoid this page becoming a security risk?SQLiInput validationCross-site request forgeryFuzzing

16 Your organization is pressured by both the company board and employees to allow personal devices on the network. They asked for email and calendar items to be synced between the company ecosystem and their BYOD. Which of the following BEST balances security and usability?Allowing access for the management team only, because they have a need for convenient accessNot allowing any access between a BYOD device and the corporate network, only cloud applicationsOnly allowing certain types of devices that can be centrally managedReviewing security policy and performing a risk evaluation focused on central management, including the remote wipe and encryption of sensitive data

17 Your organization decided to outsource systems that are not mission critical. You have been tasked with calculating the risk of outsourcing these systems because a recent review indicates that core business functions are dependent on these outsourced systems. What is the BEST tool to use?Business impact analysisAnnual loss expectancyTotal cost of ownershipGap analysis

18 The retail division of your organization purchased touchscreen tablets and wireless mice and keyboards for all their representatives to increase productivity. You communicated the risk of nonstandard devices and wireless devices, but the deployment continued. What is the BEST method for evaluating and presenting potential threats to upper management?Conducting a vulnerability assessmentDeveloping a standard image for these assetsMaking new recommendations for security policiesWorking with the management team to understand the processes these devices will interface with, and to classify the risk connected with the hardware/software deployment life cycle

19 Your organization experiences a security incident that costs $20,000 in downtime each time it occurs. It's happened twice this fiscal year. The device causing the issue is scheduled to be upgraded next year. The cost of implementing a fix is more than $250,000 and also requires maintenance contracts. What is the most cost-effective way to deal with this risk?Mitigate the risk.Avoid the risk.Accept the risk.Transfer the risk.

20 You have an asset that is valued at $1,000. The EF for this asset is 10 percent. The ARO is 2. What is the ALE?The ALE is $200.The ALE is $100.The ALE is $400.ALE cannot be calculated with the numbers provided.

21 A security administrator is reviewing an audit and finds that two users in human resources also have access to finance data. One of these users is a recruiter, while the other is an intern. What security measure is being violated?Job rotationDisclosureMandatory vacationLeast privilege

22 Your organization experienced a security event that led to the loss and disruption of services. You were chosen to investigate the disruption to prevent the risk of it happening again. What is this process called?Incident managementForensic tasksMandatory vacationJob rotation

23 Your new role with a law enforcement agency is to support the development of policies and to implement standard IT security practices. You will be writing the procedures for ______________ such as collecting digital evidence, recording observations, and taking photographs.least privilegeincident responsesmaster service agreementsforensic tasks

24 Your company is working with a new ISP and wants to find out technical details, such as system numbers, port numbers, IP addressing, and the protocols used. What document will you find this information in?Memorandum of understandingDisclosure of assetsOperation level agreementInterconnection security agreements

25 Your new line of business is selling directly to the public. Two major risks are your lack of experience with establishing and managing credit card processing and the additional compliance requirements. What is the BEST risk strategy?Transferring the initial risk by outsourcingTransferring the risk to another internal departmentMitigating the risks by hiring additional IT staffAccepting the risks and log acceptance

26 A large enterprise is expanding through the acquisition of a second corporation. What should be done first before connecting the networks?System and network vulnerability scanImplementation of a firewall systemDevelopment of a risk analysis for the two networksComplete review of the new corporation

27 The CISO is researching ways to reduce risk associated with the separation of duties. In the case where one person is not available, another needs to be able to perform all the duties of their co-workers. What should the CISO implement to reduce risk?Mandatory requirement of a shared account for administrative purposesAudit of all ongoing administration activitiesSeparation of duties to ensure no single administrator has accessRole-based security on the primary role and provisional access to the secondary role on a case-by-case basis

28 How can you secure third-party applications and introduce only acceptable risk into your environment?Code review and simulationRoundtable discussionsParallel trialsFull deployment

29 Your company policy states that only authorized software is allowed on the corporate network, and BYOD needs to be configured by IT for the proper software and security controls to adhere to company policy. The marketing manager plugs in a USB received at a conference into their laptop and it auto-launches. What is the greatest risk?Employee transferring the customer database and IPEmployee using non-approved accounting applicationsInfecting the network with malwareFile corruption by the USB exiting out improperly

30 What risks and mitigations are associated with BYOD?Risk: Data exfiltrationMitigation: Remote wipeRisk: Confidentiality leaksMitigation: Corporate policyRisk: TheftMitigation: Minimal storageRisk: GPS trackingMitigation: Minimal cost

31 Your software company is acquiring a new program from a competitor. All the people working with that company will become your employees. They will retain all access to their former network and resources for two weeks to ease the transition. For productivity, the decision was made to join the two networks. Which of the following threats is the highest risk for your company?IP filtersLoss of codeMalwareComingling the networks

32 Your bank outsourced the security department to an outside firm. The CISO just learned that this third-party outside firm subcontracted security operations to another organization. The board of directors is now pressuring the CISO to ensure that the bank is protected legally. What is the BEST course of action for the CISO to take?Creating another NDA directly with the subcontractorConfirming that the current outside firm has an SLA with the subcontractorPerforming a risk analysis on the subcontractorTerminating the contract immediately and looking for another outside firm

33 The CIO created a goal for the security team to reduce vulnerabilities. They are not high profile, but they still exist. Many of these vulnerabilities have compensating controls in place for security reasons. At this point in time, the budget has been exhausted. What is the BEST risk strategy to use?Accepting riskMitigating riskTransferring riskAvoiding risk

34 Your database team would like to use a service-oriented architecture (SOA). The CISO suggested you investigate the risk for adopting this type of architecture. What is the biggest security risk to adopting an SOA?SOA available only over the enterprise networkLack of understanding from stakeholders Risk of legacy networks and system vulnerabilitiesSource code

35 With traditional network architecture, one best practice is to limit network access points. This limitation allowed for a concentration of network security resources and a protected attack surface. With the introduction of 802.1x into enterprise network architecture, what was introduced into the network?Increased capability and increased risk and higher TCODecreased capability and increased risk and higher TCOIncreased capability and decreased risk and lower TCODecreased capability and decreased risk and lower TCO

36 Marketing asked for web-based meeting software with a third-party vendor. The software you reviewed requires user registration and installation, and the user has to share their desktop. To ensure that information is secure, which of the following controls is BEST?Disallow. Avoid the risk.Hire a third-party organization to perform the risk analysis, and based on outcomes, allow or disallow the software.Log and record every single web-based meeting.After evaluating several providers, ensure acceptable risk and that the read-write desktop mode can be prevented.

37 You are tasked with writing the security viewpoint of a new program that your organization is starting. Which of the following techniques make this a repeatable process and can be used for creating the best security architecture?Data classification, CIA triad, minimum security required, and risk analysisHistorical documentation, continuous monitoring, and mitigation of high risksImplementation of proper controls, performance of qualitative analysis, and continuous monitoringRisk analysis; avoidance of critical risks, threats, and vulnerabilities; and the transference of medium risk

38 Because of time constraints and budget, your organization has opted to hire a third-party organization to begin working on an important new project. From a security point of view, what BEST balances the needs of the organization and managing the risk of a third-party vendor?Outsourcing is a valid option and not much of a concern for security because any damage is the responsibility of the third party.If the company has an acceptable security record, then it makes perfect sense to outsource.You should never outsource. It leads to legal and compliance issues.The third party should have the proper NDA, SLA, and OLA in place and should be obligated to perform adequate security activities.

39 Your organization must perform vast amounts of computations of big data overnight. To minimize TCO, you rely on elastic cloud services. The virtual machines and containers are created and destroyed nightly. What is the biggest risk to confidentiality?Data center distributionEncryptionPhysical loss of control of assetsData scraping

40 You work for a SOHO and replace servers whenever there is money readily available for expenditure. Over the past few tech-refresh cycles, you have received many servers and workstations from several different vendors. What is the challenge and risk of this style of asset management?OS and asset EOL issues and updatesOS complexities and OS patch version dependenciesFailure rate of legacy equipment, replacement parts, and firmware updates and managementPoor security posture, inability to manage performance on old OS

41 You are brought in as a consultant to improve the security of business processes. You improve security by applying the proper controls, including transport encryption, interface restrictions, and code review. What else can you do to improve business processes now that you've already done all the technical improvements?Modify the company security policies and procedures.Meet with upper management to approve new company standards and a mission statement.Conduct another technical quantitative risk analysis on all current controls.Conduct a gap analysis and give a recommendation on nontechnical controls to be incorporated into company documentation.

42 Your bank's board of directors want to perform monthly security testing. As CISO, you must form a plan specifically for its development. This test must have a low risk of impacting system stability because the company is in production. The suggestion was made to outsource this to a third party. The board of directors argue that a third party will not be as knowledgeable as the development team. What will satisfy the board of directors?Gray-box testing by a major consulting firmBlack-box testing by a major external consulting firmGray-box testing by the development and security assurance teamsWhite-box testing by the development and security assurance teams

43 A vendor of software deployed across your corporate network announced that an update is needed for a specific vulnerability. Your CIO wants to know the vulnerability time (Vt). When can you give them that information?After the patch is downloaded and installed in the affected system or deviceAfter the patch is released and available to the public After the patch is created by the vendorAfter the vulnerability is discovered

44 You have an accountant who refuses to take their required time off. You must institute a policy that will force people in critical financial areas of the organization to take time off. Which of the following standard security practices do you institute?Separation of dutiesMandatory vacationForensic tasksTermination procedures

45 A small insurance business implemented least privilege. Management is concerned that staff might accidentally aid in fraud with the customers. Which of the following addresses security concerns with this risk?PolicyJob rotationSeparation of dutiesSecurity awareness training

46 A corporation expanded their business by acquiring several similar businesses. What should the security team first undertake?Development of an ISA and a risk analysisInstallation of firewalls between the businessesRemoval of unneeded assets and Internet accessScan of the new networks for vulnerabilities

47 Your company began the process of evaluating different technologies for a technical security-focused project. You narrowed down the selection to three organizations from which you received RFIs. What is the next request that you will make of those three vendors?RFQRFPRFCRFI

48 Your security team is small and must work economically to reduce risk. You do not have a lot of time to spend on reducing your attack surface. Which of the following might help reduce the time you spend on patching internal applications?VPNPaaSIaaSTerminal server

49 A competitor of your company was hacked, and the forensics show it was a social engineering phishing attack. What is the first thing you do to prevent this from happening at your company?Educate all employees about social engineering risks and countermeasures.Publish a new mission statement.Implement IPSec on all critical systems.Use encryption.

50 Many organizations prepare for highly technical attacks and forget about the simple low-tech means of gathering information. Dumpster diving can be useful in gaining access to unauthorized information. How should you reduce your company's dumpster-diving risk?Data classification and printer restrictions of intellectual property.Purchase shredders for the copy rooms.Create policies and procedures for document shredding.Employ an intern to shred all printed documentation.

51 Qualitative risk assessment is explained by which of the following?Can be completed by someone with a limited understanding of risk assessment and is easy to implementMust be completed by someone with expert understanding and uses detailed analysis for calculationIs completed by subject-matter experts and is difficult to implementBrings together SME with detailed metrics to handle a difficult implementation

52 What is the customary practice of responsible protection of an asset that affects an organization or community?Due diligenceRisk mitigationInsuranceDue care

53 Your global banking organization is acquiring a smaller local bank. As part of the security team, what will your risk assessment evaluate?Threats to assets, vulnerabilities present, the likelihood of an active threat, the impact of exposure, and residual riskThreats to assets, vulnerabilities present, the likelihood of a passive threat, the impact of exposure, and total riskThreats to assets, vulnerabilities present, the likelihood of a passive threat, the impact of exposure on the acquired bank, and total riskThreats to assets, vulnerabilities present, the likelihood of an active threat, the impact of exposure, and total inherent risk

54 During the risk analysis phase of planning, what would BEST mitigate and manage the effects of an incident?Modifying the scenario the risk is based onDeveloping an agenda for recoveryChoosing the members of the recovery teamImplementing procedural controls

55 You have been added to the team to conduct a business impact analysis (BIA). This BIA will identify:The impact of vulnerabilities to your organizationHow to best efficiently reduce threatsThe exposure to loss within your organizationHow to bring about change based on the impact on operations

56 You live and work in an area plagued by hurricanes. What BEST describes the effort you made to determine the consequence of a disruption due to this natural disaster?Business impact analysisRisk assessmentTable-top exercisesMitigating control analysis

57 You are a consultant for a cybersecurity firm and have been tasked with quantifying risks associated with information technology when validating the abilities of new security controls and countermeasures. What is the BEST way to identify the risks?Vulnerability managementPentestingThreat and risk assessmentData reclassification

58 You are employed in a high-risk, geographically diverse production environment. Which of these options would be the BEST reason to deploy link encryption to reduce risk?Link encryption provides better flow confidentiality and routing.Link encryption encrypts routing information and is often used with satellite communication.Link encryption is used for message confidentiality.Link encryption is implemented for better traffic integrity.

59 Your manufacturing organization implemented a new vulnerability management tool. As the security analyst, you are tasked with creating a successful process for vulnerability assessment. What do you have to fully understand before assuming this task?Threat definitions and identificationCVE and CVSS Risk assessments and threat identificationVulnerability appraisal and access review

60 Bob is conducting a risk assessment and wants to assign an asset value to the servers in the data center. The concern of his organization is to ensure there is a budget to rebuild in case of a natural disaster. What method should Bob use to evaluate the assets?Depreciated costPurchase costReplacement costConditional cost

61 Alice is responsible for PCI compliance for her organization. The policy requires she remove information from a database, but she cannot due to technical restrictions. She is pursuing a compensating control to mitigate the risk. What is her best option?InsuranceEncryptionDeletionExceptions

62 Bob is a security risk manager with a global organization. The organization recently evaluated the risk of flash floods on its operations in several regions and determined that the cost of responding is expensive. The organization chooses to take no action currently. What was the risk management strategy deployed?Risk mitigationRisk acceptanceRisk avoidanceRisk transference

63 Greg is a security researcher for a cybersecurity company. He is currently examining a third-party vendor and finds a way to use SQLi to deface their web server due to a missing patch in the company's web application. What is the threat of doing business with this organization?Web defacementUnpatched applicationsHackersEducation awareness

64 Your organization's primary network backup server went down at midnight. Your RPO is nine hours. At what time will you exceed the business process recovery tolerably, given the volume of data that has been lost in that time frame?6 A.M.9 A.M. Noon3 P.M.

65 Your company needs to decide on a data backup plan strategy. You established your RPO as 8 hours, and your RTO after any disaster, man-made or natural, as 48 hours. These RTOs were established by the business owner while developing the BIA. The RTO includes which of the following?Recovery, testing, and communicationsDecision timeParallel processingOnly the time for trying to fix the problem without a recovery

66 Your organization has a new policy to implement security based on least privilege and separation of duties. A key component is making a decision on data access. They decided it is BEST made by which of the following roles?Data stewardData ownerUser/managerSenior management

67 You are hired by an insurance company as their new data custodian. Which of the following best describes your new responsibilities?Writing and proofing administrative documentationEnsuring accessibility and appropriate access using policy and data ownership guidelinesConducting an audit of the data's strategic, tactical, and operation (STO) controlsImproving the data consistency and increasing data integration

68 Your healthcare organization decided to begin outsourcing some IT systems. Which of the following statements is true?All outsourcing frees your organization from any rules or requirements.All compliance and regulatory requirements are passed on to the provider.The IT systems are no longer configured, maintained, or evaluated by your organization.The outsourcing organization is free from any rules or regulations.

69 You work as a security analyst for a large banking organization that is about to disclose to the public that a substantial breach occurred. You are called into a meeting with the CISO and CEO to discuss how to ensure proper forensic action took place and that the incident response team responded appropriately. Which of these should you ensure happens after the incident?Avoid conflict of interest by hiring outside counselCreation of forensic images of all mission-critical servers Formal investigation performed by yourself without law enforcementIncident treated as though a crime had been committed

70 Bob is the owner of a website that provides information to healthcare providers. He is concerned that the PHI data he is storing falls under the jurisdiction of HIPAA. How does he ensure that he removes the data correctly?By deleting the suspected PHI data on the driveBy degaussing the drives that hold suspected PHI dataBy determining how long to keep the healthcare data securely encrypted and then using a drive-wipe utilityBy adding SSDs to the web server and storing used drives in a physically secured location

71 Your U.S.-based company manufactures children's clothing and is contemplating expanding their business into the European Union. You are concerned about regulation and compliance. What should your organization examine first?Payment Card IndustryGeneral Data Protection RegulationChildren's Online Privacy ProtectionFamily Educational Rights and Privacy Act

72 A company outsourced payroll and is concerned about whether the right technical and legal agreements are in place. Data is viewed and stored by a third party, and an agreement needs to be set in place about that data. Which type of interoperability agreement can you use to make sure the data is encrypted while in transit and at rest?BPAMOUISANDA

73 You decided to start a new consulting business. You began the risk analysis process and developed employee policies and researched and tested third-party security. What is the next riskiest problem for SOHO?Mobile devicesEmailTrainingGuidelines

74 You need an agreement that lets your business implement a comprehensive risk allocation strategy and provides indemnification, the method that holds one party harmless against existing or future losses. What contract should you negotiate?Master service agreementBusiness impact agreement Interconnection security agreementMemorandum of understanding

75 Which of the following security programs is designed to provide employees with the knowledge they need to fulfill their job requirements and protect the organization?AwarenessTrainingIndoctrinationDevelopment

76 You have a well-configured firewall and IDS. Which of the following can BEST steal intellectual property or trade secrets because there is no system auditing?HacktivistAuditorsMalwareEmployees

77 Bob needs your professional opinion on encryption capabilities. You explained to him that cryptography supports all the core principles of information security with an exception. What is that exception?AuthenticityIntegrityConfidentialityAvailability

78 Alice discovered a meterpreter shell running a keylogger on the CFO's laptop. What security tenet is the keylogger mostly likely to break?AvailabilityThreatsIntegrityConfidentiality

79 You were hired for a role in healthcare as a system architect. You need to factor in CIA requirements for a new SAN. Which of the following CIA requirements is best for multipathing?ConfidentialityThreatIntegrityAvailability

80 As a technical project manager on a VoIP/teleconference project, the customer shared their requirements with your department. Availability must be at least five nines (99.999 percent), and all devices must support collaboration. Which controls are the BEST to apply to this ecosystem?All images must be standardized and double redundant.Security policies of network access controls and high-speed processing.RAID 0 and hot sites.Enforced security policies, standard images/configurations, and backup on all storage devices.

81 A software startup hired you to provide expertise on data security. Clients are concerned about confidentiality. If confidentiality is stressed more than availability and integrity, which of the following scenarios is BEST suited for the client?Virtual servers in a highly available environment. Clients will use redundant virtual storage and terminal services to access software.Virtual servers in a highly available environment. Clients will use single virtual storage and terminal services to access software.Clients are assigned virtual hosts running on shared hardware. Physical storage is partitioned with block cipher encryption.Clients are assigned virtual hosts running shared hardware. Virtual storage is partitioned with streaming cipher encryption.

82 Your company is considering adding a new host to a computer cluster. The cluster will be connected to a single storage solution. What are you most likely trying to accomplish?AvailabilityProvisioningIntegrityConfidentiality

83 You work as a security analyst for a healthcare organization. A small legacy cluster of computers was acquired from a small hospital clinic. All virtual machines use the same NIC to connect to the network. Some of these machines have patient data, while others have financial data. One of these VMs is hosting an externally facing web application. What is the biggest problem you see with this scenario?ConfidentialityThreatsIntegrityUtilization

84 You are a security administrator for a network that uses Fibre Channel over Ethernet (FCoE). The network administrator would like to access raw data from the storage array and restore it to yet another host. Which of the following might be an issue for availability?The new host might not be compatible with FCoE.The data may not be in a usable format. The process could cause bottlenecks.Deduplication will cause errors in the data.

85 A senior security architect for a hospital is creating a hardened version of the newest GUI OS. The testing will focus on the CIA triad as well as on compliance and reporting. Which of these is the BEST life cycle for the architect to deploy in the final image?Employing proper disposal protocols for existing equipment and ensuring compliance with corporate data retention policiesUpdating whole disk encryption and testing operational modelsEmploying interoperability, integrity of the data at rest, network availability, and compliance with all government regulationsCreating a plan to decommission the existing OS infrastructure, implementing test and operational procedures for the new components in advance, and ensuring compliance with applicable regulations

86 As a network administrator, you are asked to connect a server to a storage-attached network. If availability and access control are the most important, which of the following fulfills the requirements?Installing a NIC in the server, enabling deduplicationInstalling a NIC in the server, disabling deduplicationInstalling an HBA in the server, creating a LUN on the SANInstalling a clustered HBA in the server, creating two LUNS on a NAS

87 One of the requirements for a new device you're adding to the network is an availability of 99.9 percent. According to the vendor, the newly acquired device has been rated with an MTBF of 20,000 hours and an MTTR of 3 hours. What is the most accurate statement?The device will meet availability because it will be at 99.985 percent.The device will not meet availability because it will be at 99.89 percent.The device will not meet availability because it will be at 99.85 percent.The device will meet availability because it will be at 99.958 percent.

88 Good data management includes which of the following?Data quality procedures, verification and validation, adherence to agreed-upon data management, and an ongoing data audit to monitor the use and the integrity of existing dataCost, due care and due diligence, privacy, liability, and existing lawDetermining the impact the information has on the mission of the organization, understanding the cost of information, and determining who in the organization or outside of it has a need for the informationEnsuring the longevity of data and their reuse for multiple purposes, facilitating the interoperability of datasets, and increasing data sharing

89 Which of the following confidentiality security models ensures that a subject with clearance level of Secret can write only to objects classified as Secret or Top Secret?BibaClark–WilsonBrewer–NashBell–LaPadula

90 Your organization needs a security model for integrity where the subject cannot send messages to objects of higher integrity. Which of the following is unique to the Biba model and will accommodate that need?SimpleStarInvocationStrong

91 You had an incident and need to verify that chain of custody, due diligence, and processes were followed. You are told to verify the forensic bit stream. What will you do?Employ encryption.Instigate containment.Compare hashes.Begin documentation.

92 As a new CISO, you are evaluating controls for availability. Which set of controls should you choose?RAID 1, classification of data, and load balancingDigital signatures, encryption, and hashesSteganography, ACL, and vulnerability managementChecksum, DOS attacks, and RAID 0

93 As a new CISO, you are evaluating controls for integrity. Which set of controls should you choose?RAID 1, classification of data, and load balancingDigital signatures, encryption, and hashesSteganography, ACL, and vulnerability managementChecksum, DOS attacks, and RAID 0

94 As a new CISO, you are evaluating controls for confidentiality. Which set of controls should you choose?RAID 1, classification of data, and load balancingDigital signatures, encryption, and hashesSteganography, ACL, and vulnerability managementChecksum, DOS attacks, and RAID 0

95 You have a web server in your network that is the target of a distributed denial-of-service attack. Multiple systems are flooding the bandwidth of that system. Which information security goal is impacted by this type of an attack?AvailabilityBaselinesIntegrityEmergency response

96 Bob is implementing a new RAID configuration needed for redundancy in the event of disk failure. He has compared standard hardware benchmarks with a week-long baseline of the server to find the assets used the most. What security goal is Bob trying to accomplish?AvailabilityIntegrityConfidentialityDisclosure

97 Because of your facility's geolocation and its propensity for hurricanes, you are tasked with finding another data processing facility to provide you with a location in case of a natural disaster. You are negotiating a contract with an organization with HVAC, power, water, and communication but no hardware. What kind of facility are you building?Hot siteWarm siteMobile siteCold site

98 You are a project manager for an organization that just acquired another company. Your company uses mostly in-house tools, whereas the company you just acquired uses mostly outside vendors. As the project manager, you need to merge these two organizations quickly, have an immediate return on investment (ROI), and retain the ability to customize systems. Each organization thinks their way is the best way. What do you do?Raise the issue with the CEO and board of directors to escalate the decision to outsource all services.Arrange a meeting between all department heads, project managers, and a representative from the board of directors to review requirements and calculate critical functions.Perform a cost-benefit analysis of in-house versus outsourcing and the ROI in-house.Calculate the time to deploy and support the new systems and compare the cost to outsourcing costs. Present the document to upper management for their final decision.

99 Your company experienced a natural disaster, used your hot site for three months, and now is returning to the primary site. What processes should be restored first at the primary site?Finance departmentExternal communicationMission criticalLeast business critical

100 Your organization is in an area susceptible to wildfires. Within the last 30 days, your employees were evacuated twice from the primary location. During the second evacuation, damage occurred to several floors of the building, including the data center. When should the team return to start recovery?In 72 hours.You should not return to the primary location.Immediately after the disaster.Only after it is deemed safe to return to the primary location.

101 Your cyber company has officially grown out of its startup phase and tasked your team with creating a pre-disaster preparation plan that will sustain the business should a disaster, natural or man-made, occur. Which of the following is the most important?Off-site backupsCopies of the BDRMaintaining a warm siteChain of command

102 You are tasked with conducting a risk analysis based on how it affects business processes. What activity are you performing?Gap analysisBusiness disaster recoveryIntrusion detectionBusiness impact analysis

103 Your organization is attempting to make the best use of all the resources allocated to a security project. If your organization is not making the best use of currently held resources, the project may not perform as planned. What type of analysis needs to be done?BDRBIAGapRisk

104 When you look at the business impact analysis given to your office for approval, you notice it is less narrative and more mathematical calculations. What will make this BIA more balanced?More qualitative analysisMore quantitative analysisMore gap analysisMore risk analysis

105 While developing your business continuity plan, your business impact analysis statement should include all but which of the following?Critical areas and dependenciesAll business unitsFinancial losses due to disaster or disruptionRecovery methods and responses

106 You examined your company's disaster recovery plans and are working on the proper response. If your mission-critical processes have an RTO of 36 hours, what would be the best recovery site to have?ServiceWarmHotCold

107 Your company just experienced an emergency and needs to initiate a business continuity plan (BCP). Who is responsible for initiating the BCP?Senior managementSecurity personnelRecovery teamDatabase admins

108 In the past, your global organization tasked individual locations and departments with creating their own separate disaster recovery plans because those employees know best how their organization works. Your new CISO tasked your team with creating a viable plan should your company experience a disaster. What is your mission?Record as many separate plans as necessary.Create one fully integrated business continuity plan.Create separate plans for each geographic location.Keep separate plans for each logical department, regardless of the physical location.

109 As a security architect, you implemented dual firewalls, an IPS, and ACLs. All the files on this network are copied to a tape backup every 24 hours. This backup solution addresses which security tenet?AvailabilityDistributionIntegrityConfidentiality

110 You need to perform a test where a BCP is tested but no actions take place. It needs to be scheduled periodically. Which of the following is the BEST type of test to perform?Full interruption testParallel testStructured walk-throughSimulation test

111 You completed a structured walk-through of your disaster recovery plan. Senior management would like you to use the absolute best way to verify that the DRP is sufficient and has no deficiencies. What test do you choose next?Roundtable exercisesDry-run exercisesFull interruption testExternal audit

112 Over the last month, you reviewed security reports that state there was a significant increase in the number of inappropriate activities on the network by employees. What is the first step in improving the security level in your organization?Awareness sessionsStronger auditingReduce employee permissionsTermination

113 You have been contacted by senior management to conduct an investigation. They suspect that malicious activities are caused by internal personnel and need to know if it is intentional or unintentional. After investigating, you believe it is unintentional and that the most likely cause is which of the following?FraudEspionageEmbezzlementSocial engineering

114 A white-hat penetration test showed your organization to be susceptible to social engineering attacks. One victim in your organization was phished successfully, while another clicked a link in an email and downloaded possible malware. What steps do you take to prevent social engineering in the future?Use IPSec on critical systemsPublish a policy and educate users on risksUse encryptionEstablish KPIs

115 With the rise of malware spread with removable media, your company wrote an amendment to include a ban of all flashcards and memory drives. They pose a threat due to all but which of the following?Physical sizeTransportabilityStorage capacityBeing cheap and easy to use

116 You received final documentation from your compliance audit. They suggested you implement a complementary security tool to work with your firewall to detect any attempt at scanning. Which device do you choose?RASPBXIDSDDT

117 Your company is using a traditional signature-based IDS system, and it seems to have some problems. You and your fellow analysts are seeing more and more false positives. What might be the issue?Anomaly detection requires vast amounts of resources.FIM.Excessive FTP traffic.Poorly written signatures.

118 One of your end users contacted the security administrator because the mouse on his computer seems to be moving all by itself. If your company's focus is confidentiality, which of the following is the best action to take?Delay the intruder.Disconnect the intruder.Record the intruder.Monitor the intruder.

119 You disconnected a computer from the network because of a suspected breach. Which of the following should you do next?Back up all security and audit logs on that computer.Update the security policy.Reimage the machine.Deploy new countermeasures.

120 You are developing a security policy regarding password management. Which of these is not important?Account lockoutTraining users to create complex, easy-to-remember passwords Preventing users from using personal information in a password, such as their birthday or spouse's nameStoring passwords securely

121 As a hospital, you rely on some assets running high-end customized legacy software. What precaution should you implement to protect yourself if this developer goes out of business?Access controlService level agreementCode escrowOutsourcing

122 A security analyst on your team was written up for a multitude of offenses. The latest transgression left you no choice but to terminate this employee. Which of the following is most important to do when informing the employee of their separation from the company?Allowing them to complete their projectGiving them two weeks' severanceAllowing them to collect their personal belongingsDisabling network access and changing the passwords to devices to which they had access

123 As a CISO, you built a team of developers, managers, educators, architects, and administrators. Some of the people in these roles are finding they are duplicating efforts and not utilizing their time well. What can you use to initiate solid administrative control over the situation?AUPTCOMandatory vacationJob descriptions

124 You have an amazing developer on staff. They are a great problem-solver and work very well with others. However, this developer continues to perform risky behavior on the network even after security awareness sessions and several warnings. What should you do next?Begin a separation of duties.Terminate them and perform an exit interview.Employ mandatory vacation.Decrease permissions.

125 Your vulnerability manager contacted you because of an operating system issue. There are a few security-related issues due to patches and upgrades needed for an application on the systems in question. When is the BEST time to complete this task?As quickly as possible after testing.After experiencing the issue the vulnerability manager described. After other organizations have tested the patch or upgrade.During the usual monthly maintenance.

126 You need to assign permissions so that users can access only the resources they need to complete specific tasks. Which security tenet should you utilize to meet the need?Separation of dutiesNeed to knowJob rotationLeast privilege

127 You recorded data that includes security logs, object access, FIM, and other activities that your SIEM often uses to detect unwanted activity. Which of the following BEST describes this collection of data?Due diligenceSyslogIDRAudit trail

128 You are tasked with hiring a third party to perform a security assessment of your manufacturing plant. What type of testing gives the most neutral review of your security profile?White hatGray hatBlack hatBlue hat

129 You work in law enforcement supporting a network with HA. High availability is mandatory, as you also support emergency 911 services. Which of the following would hinder your HA ecosystem?Clustered serversPrimary firewallSwitched networksRedundant communication links

130 You are tasked to with creating a security plan for your point-of-sale systems. What is the BEST methodology when you begin architecting?Outside inAssets outNo write upNo write down

131 Alice needs some help developing security policy documentation. She turns to you for help in developing a document that contains instructions or information on how to remain in compliance with regulations. What document do you need to develop?ProceduresStandardsPolicyGuidelines

132 You are the security administrator for a large governmental agency. You implemented port security, restricted network traffic, and installed NIDS, firewalls, and spam filters. You think the network is secure. Now you want to focus on endpoint security. What is the most comprehensive plan to follow?Anti-malware/virus/spyware, host-based firewall, and MFAAntivirus/spam, host-based IDS, and TFAAnti-malware/virus, host-based IDS, and biometricsAntivirus/spam, host-based IDS, and SSO

133 You oversee hardware distribution for your global enterprise. You conduct a data analysis to figure out failure rates of a certain brand and model of laptop. You need to calculate the average number of times that specific model is likely to break in a year. Which of the following BEST describes your calculation?Annualized rate of occurrenceExposure factorSingle loss expectancyAnnualized loss expectancy

134 Prioritization is an important part of your job as a security analyst. You are trying to calculate the ALE for all assets and risks. What purpose will this serve?To estimate insuranceTo arrive at a budget and head countTo prioritize countermeasuresTo inform design

135 You need to calculate the ALE for an asset. Which of these is the proper formula?ARO × EF × AVARO × AVEF × SLEEF × SLE × AV

136 As a software developer, you are frustrated with your customer who keeps calling you on the phone and leaving messages to make changes. What should you do to make the development process easier?Change control.Increase security. Apprise senior management.Provide detailed documentation.

137 One of the software developers made a change in code that unintentionally diminishes security. Which of the following change control processes will be most effective in this situation?RollbackLoggingCompilingPatching

138 A newly certified administrator makes a change to Group Policy for 12,000 users. The box is checked on the operating systems to not allow the overwriting of security logs. After 48 hours, no users can log into their domain accounts because the security logs have filled up. What change control process step was skipped?ApprovalTestingImplementationDeployment

139 Your organization finds it difficult to distinguish what data can be shared with a customer and what should remain internal. They assigned you the task of data classification. What is the primary purpose of this task?Justification of expensesAssigning value to dataDefining necessary security protectionsControlling user access

140 The security awareness training informed employees that within their operating systems an auditing feature was enabled. What form of control is used when end users are informed that their actions are monitored on the network?DirectiveCorrectiveDetectivePreventative

141 Your external auditor submitted the final report to the board of directors and upper management. Who is responsible for implementing the recommendations in this report?End usersInternal auditorsSecurity administratorsSenior management

142 A security vulnerability was discovered while a system went through the accreditation process. What action should come next?Start the accreditation process over again once the issue is fixed.Restart the accreditation process from when the issue was discovered.Reimage the system and start the accreditation from the beginning.Reimage the system and start from the current point.

143 Your organization was breached, but you have been able to prove that sufficient due care was taken. What burden is eliminated?LiabilityInvestigationFinancial lossNegligence

144 You are a security administrator and were notified by your IPS that there is an issue. You quickly solve the problem. What needs to be done once the problem has been fixed?After-action reportMOAIncident reportUpdate to security policy

145 Your department was tasked with implementing Bluetooth connectivity controls to mitigate risk. Which of these BEST describes the network you will create?PANLANWANWLAN

146 You are planning the site security for a new building. The network administrators would like the server room door to be secured with RFID. The security team would like to use a cipher lock. Loss of the data on these servers is high risk. What should your plan start with?A meeting to discuss security optionsSmartcardsTFA, both cipher lock and RFIDA keyed lock only

147 You are a systems analyst conducting a vulnerability assessment. Which of the following is not a requirement for you to know?Access controlsUnderstanding of the systems to be evaluated Potential threatsPasswords

148 You are made aware of a threat that involves a hacking group holding large amounts of information about your company. What BEST describes the threat you face from this hacking group?DoSTCOLatencyData mining

149 Your CISO has asked you to evaluate an antivirus tool for all company-issued laptops. The cost is $3,000 for all 90 laptops. From historical data you anticipate that 12 computers will be affected with a SLE of $1,500. What do you recommend to the CISO?Accept the risk.Mitigate the risk.Transfer the risk.Avoid the risk.

150 You are evaluating the risk for your data center. You assigned threat, vulnerability, and impact a score from 1 to 10. The data center scores are as follows: Threat: 4, Vulnerability: 2, Impact: 6. What is the risk?12164835

151 You are tasked with creating a grouping of subjects and objects with the same security requirements. What should you build?MatrixDomainLLCMeshed network

152 You have a new security policy that requires backing up critical data off-site. This data must be backed up hourly. Cost is important. What method are you most likely to deploy?Remote accountingElectronic vaultingActive clusteringDatabase shadow copies

153 Your customer-facing website experiences some failures. The security engineer analyzed the situation and believes it is the web application firewall. Syslog shows that the WAF was down twice for a total of 3 hours in the past 72 hours. Which of the following is your mean time to repair (MTTR)?2.5 hours1.5 hours34.5 hours3 hours

154 Your financial institution decided to purchase costly custom computer systems. The vendor supplying the custom systems is experiencing a few minor legal issues. What should the CISO recommend to limit exposure?Source code escrowPenalty clauseSLAProof of insurance in the RFP

155 Your department started to plan for next year. You need to gain clarity about what your key performance indicators are for the current year. Which of the following is not found in a KPI?MeasurementTargetInvestmentData source

156 Your senior management wants to measure how risky an activity will be. This metric is used to provide a signal of increasing risk exposure. You need to identify which of the following?Key risk indicatorsKey performance indicatorsTotal cost of ownershipRisk assessment

157 Capturing lessons learned is an ongoing effort you have implemented in your technical project management. You will use this data in the future for process improvements. Not learning from project failures can lead to which of the following?Repeating the failureMissing opportunitiesImplementing good processesPreparing for current projects