GW- Ch 9- CompTIA Security+ (Exam SYO-501)
C. Full *Restoring physical servers*. Using either a differential or incremental would still require a full backup first which is obviously more time consuming than just a full restore. A full backup is the easiest and quickest to restore.
566. Joe, a backup administrator, wants to implement a solution that will reduce the restoration time of physical servers. Which of the following is the BEST method for Joe to use? A. Differential B. Incremental C. Full D. Snapshots
A. RTO The recovery time objective (RTO) identifies the maximum amount of time it can take to restore a system after an outage. Many BIAs identify the maximum acceptable outage or maximum tolerable outage time for mission-essential functions and critical systems. If an outage lasts longer than this maximum time, the impact is unacceptable to the organization.
20. An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has been specified? A. RTO B. RPO C. MTBF D. MTTR
A. Transference You can avoid risk by not providing a service or participating in a risky activity. Purchasing insurance, such as fire insurance, transfers the risk to another entity. Security controls mitigate or reduce risks. When the cost of a control outweighs a risk, it is common to accept the risk. With risk transference, you share some of the burden of the risk with another entity, such as an insurance company. You do not completely offload the risk, you mitigate it through partnerships. The most effective way to handle risk is to transfer it so that the loss is borne by another party. Insurance is the most common method of transferring risk from an individual or group to an insurance company.
353.A company recently replaced its unsecure email server with a cloud-based email and collaboration solution that is managed and insured by a third party. Which of the following actions did the company take regarding risks related to its email and collaboration services? A. Transference B. Acceptance C. Mitigation D. Deterrence
A. Full backup The questions says "server data mirroring is not enabled", so there is no data at the warm site. (Which sounds more like a cold site to me...) the warm site provides a compromise that an organization can tailor to meet its needs. Full backup is the slowest to back up but is easiest and quickest to restore. Incremental and Differential both require the last full backup anyways.
358. Which of the following would allow for the QUICKEST restoration of a server into a warm recovery site in a case in which server data mirroring is not enabled? A. Full backup B. Incremental backup C. Differential backup D. Snapshot
B. 2 *** Differential is ALWAYS two backups to restore.*** Differential is a complete backup of the 'differences' from last full backup. Incremental changes since the last incremental backup. So, differential restore = full backup plus one differential. A differential backup is a cumulative backup of all changes made since the last full backup, i.e., the differences since the last full backup. The advantage to this is the quicker recovery time, requiring only a full backup and the last differential backup to restore the entire data repository. Incremental restore = full backup + incremental 1 + incremental 2 etc.
42. A database backup schedule consists of weekly full backups performed on Saturday at 12:00 a.m. and daily differential backups also performed at 12:00 a.m. If the database is restored on Tuesday afternoon, which of the following is the number of individual backups that would need to be applied to complete the database recovery? A. 1 B. 2 C. 3 D. 4
B. MTTR MTTR (mean time to repair/ restore )measures how long it will take to get a failed product/device running/operating again. It identifies the average (the arithmetic mean) time it takes to restore a failed system.
456. Which of the following refers to the term used to restore a system to its operational state? A. MTBF B. MTTR C. RTO D. RPO
A. Mission-essential function A business impact analysis (BIA) is an important part of a BCP. It helps an organization identify critical systems and components that are essential to the organization's success. These critical systems support mission-essential functions. The BIA also helps identify vulnerable business processes. These are processes that support mission-essential functions. Answer A refers to functions. Answer D refers to systems. Functions is best choice. The BIA is composed of the following three steps: Determine mission/business processes and recovery criticality. Mission/business processes supported by the system are identified and the impact of a system disruption to those processes is determined along with outage impacts and estimated downtime.
467. A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed? A. mission-essential function B. Single point of failure C. backup and restoration plans D. Identification of critical systems
C. System sprawl A vulnerability that occurs when an organization has more systems than it needs, and systems it owns are underutilized. Asset management begins before the hardware is purchased and helps prevent system sprawl by evaluating the purchase. Additionally, after the purchase is completed, asset management processes ensure hardware is added into the asset management tracking system. This ensures that the assets are managed and tracked from cradle to grave.
476. A recent internal audit is forcing a company to review each internal business unit's VMs because the cluster they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exist? A. Buffer overflow B. End-of-life systems C. System sprawl D. Weak configuration
C. Faraday cage A Faraday cage is typically a room that prevents signals from emanating beyond the room. It includes electrical features that cause RF signals that reach the boundary of the room to be reflected back, preventing signal emanation outside the Faraday cage. A Faraday cage can also be a small enclosure. In addition to preventing signals from emanating outside the room, a Faraday cage also provides shielding to prevent outside interference such as EMI (Electromagnetic interference) and RFI (radio frequency interference) from entering the room. Banks regularly use Faraday-shielded rooms to protect servers.
523. A bank uses a wireless network to transmit credit card purchases to a billing system. Which of the following would be MOST appropriate to protect credit card information from being accessed by unauthorized individuals outside of the premises? A. Air gap B. Infrared detection C. Faraday cage D. Protected distributions
C. RTO RTO (Recovery Time Objective) is the expected ***maximum time*** you need to recover your IT infrastructure. RPO (Recovery Point Objective) is a measurement of the maximum data to lose. MTTF (mean time to failure) is the average life of a non-repairable/expendable item (its availability). MTTR (mean time to repair) measures how long it will take to get a failed device running again. MTBF (mean time between failures) is the average time elapsed between failures of a repairable item (its reliability).
569. Which of the following describes the maximum amount of time a mission-essential function can operate without the systems it depends on before significantly impacting the organization? A. MTBF B. MTTR C. RTO D. RPO
A. Deterrent Deterrent controls attempt to discourage individuals from causing an incident Preventive controls attempt to prevent an incident from occurring. Detective controls attempt to detect incidents after they have occurred. Corrective controls attempt to reverse the impact of an incident.
58. A high-security defense installation recently begun utilizing large guard dogs that bark very loudly and excitedly at the slightest provocation. Which of the following types of controls does this BEST describe? A. Deterrent B. Preventive C. Detective D. Compensating
A. Identification of critical systems A business impact analysis (BIA) is an important part of a BCP. It helps an organization identify critical systems and components that are essential to the organization's success. These critical systems support mission-essential functions. The BIA also helps identify vulnerable business processes. These are processes that support mission-essential functions.
656. A company is performing an analysis of the corporate enterprise network with the intent of identifying any one system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to the company's revenue, referrals, and reputation. Which of the following an element of the BIA that this action is addressing? A. Identification of critical systems B. Single point of failure C. Value assessment D. Risk register
A. Critical system inventory A business impact analysis (BIA) is an important part of a BCP. It helps an organization identify critical systems and components that are essential to the organization's success. These critical systems support mission-essential functions. ***Corporate units = devices Services = mission critical functions
696. A company is performing an analysis of which **corporate units** are most likely to **cause revenue loss in the event the unit is unable to operate**. Which of the following is an element of the BIA that this action is addressing? A. Critical system inventory B. Single point of failure C. Continuity of operations D. Mission-essential functions
D. 4 ***number of backup tapes*** Linear Tape Open LTO tape drives are magnetic tapes used to store data. This can be used with small and large computers for backup purposes. Sunday (7 PM): Full backup 1.... Monday (7 PM): Incremental Tuesday (7 PM): Incremental Wednesday (7 PM): Differential 2.... Thursday (7 PM): Incremental 3..... Friday (7 PM): Incremental 4.... Differential - backs up data that has been changed since the last Full back up. So, Wednesday disk includes all the change since Sunday;'s full back up. For, incremental. it backs up since the last full or the last incremental data. ...
707. When backing up a database server to LTO tape drives, the following backup schedule is used. Backups take one hour to complete: Sunday (7 PM): Full backup Monday (7 PM): Incremental Tuesday (7 PM): Incremental Wednesday (7 PM): Differential Thursday (7 PM): Incremental Friday (7 PM): Incremental Saturday (7 PM): Incremental On Friday at 9:00 p.m., there is a RAID failure on the database server. The data must be restored from backup. Which of the following is the number of backup tapes that will be needed to complete this operation? A. 1 B. 2 C. 3 D. 4 E. 6
B. Identity mission-critical applications and systems.
735.A Chief Information Security Officer (CISO) is performing a BIA for the organization in case of a natural disaster. Which of the following should be at the top of theCISO's list? A. Identify redundant and high-availability systems. B. Identity mission-critical applications and systems. C. Identify the single point of failure in the system. D. Identity the impact on safety of the property.
A. Snapshots The Hypervisor (the OS that interacts directly with the physical hardware) creates the Virtual Machine (VM). The VM then presents the virtual hardware to the Guest OS which is the OS that runs on the VM. Best practice is to take a backup or snapshot of the VM before making changes in case they don't work, you can revert back to the snapshot before the changes were made. B and C are the concepts, but the name of the technology that implements B and C is called Snapshots. Shadow Copy is Microsoft backend technology for doing snapshots, but doesn't apply to Hyper-V, which is Microsoft's hypervisor.
784. A technician is required to configure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates. Which of the following should the technician implement? A. Snapshots B. Revert to known state C. Rollback to known configuration D. Shadow copy
d. RAM Data should be collected according to the order of volatility. When collecting data for a forensic analysis, you should collect it from the most volatile to the least volatile. The order of volatility is cache memory, regular RAM, swap or paging file, hard drive data, logs stored on remote systems, and archived media.
801. A first responder needs to collect digital evidence from a compromised headless virtual host. Which of the following should the first responder collect FIRST? A. Virtual memory B. BIOS configuration C. Snapshot D. RAM
C. To minimize external RF interference with embedded processors
806. In highly secure environments where the risk of malicious actors attempting to steal data is high, which of the following is the BEST reason to deploy Faraday cages? A. To provide emanation control to prevent credential harvesting B. To minimize signal attenuation over distances to maximize signal strength C. To minimize external RF interference with embedded processors D. To protect the integrity of audit logs from malicious alteration
A. Snapshot A snapshot backup captures the data at a moment in time. It is commonly used with virtual machines and sometimes referred to as a checkpoint. administrators often take a snapshot of a VM before a risky operation such as an update. If the update causes problems, it's relatively easy to revert the VM to the state it was in before the update. it's not asking to backup the files - it's asking to backup the server itself. Snapshots provide that.
94. An organization's file server has been virtualized to reduce costs. Which of the following types of backups would be MOST appropriate for the particular file server? A. Snapshot B. Full C. Incremental D. Differential
D. Honeynet
QUESTION 741 A company network is currently under attack. Although security controls are in place to stop the attack, the security administrator needs more information about the types of attacks being used. Which of the following network types would BEST help the administrator gather this information? A. DMZ B. Guest network C. Ad hoc D. Honeynet