5. Risk Management
A system holding Personally Identifiable Information (PII) has been through an initial security audit. The results have determined the need to perform further analysis as the next step to assessing potential risks. Which type of audit has the system successfully completed?
A Privacy Threshold Analysis (PTA) is an initial audit to determine whether a computer system or workflow collects, stores, or processes PII to the degree where a PIA(Privacy Impact Assessment) must be performed.
An IT survey has been distributed throughout an organization with a goal to understand departmental systems security needs, requirements, and solicit suggestions. The survey results yielded suggestions to strengthen computer use policies. Apply knowledge of security controls to determine which guidelines are followed by implementing this type of security control.
Administrative
Human resources is developing a new set of policies for the IT department. The policies note suggestions for employee computer use rules. Compare security control types to determine which guidelines are followed as a result of implementing this type of security.
Administrative
New security controls have been established at a medium sized business. As part of the new implementation, scheduled security scans and audits will take place. Which security control type governs this component of the implementation?
Administrative
Human Resources has released an updated fair use policy regarding mobile devices. It is now prohibited to use the camera feature of a mobile device inside the office building. Classify the type of action that violates the updated fair use policy.
Adverse
During the evidence gathering process, an image of a compromised system was obtained for safekeeping. Investigators analyzing the image found it to be unreadable. After reviewing the forensic tools used, how could the corruption have been avoided?
Applying hashing utilities
IT security specialists were called in following an incident at a local business. An image of a compromised system was obtained for safekeeping during the evidence gathering process. It was later revealed that the image must not have copied properly and was found to be corrupt. As a result of reviewing available forensic tools, how could the corruption have been avoided?
Applying hashing utilities
In order to reduce waste, a company is reusing old data tapes being donated for backup purposes. The tapes are first being electro-magnetically erased for security purposes. Which media sanitization process is being used in this situation?
Degaussing
Several old computers are being given to employees. The company decided the hard disk drives do not need to be removed, but all data should be erased. Which media sanitization process effectively meets these requirements?
Degaussing
A recent system breach resulted in sensitive data being leaked online. Many specifics were unknown until details of the investigation revealed the breach was caused by an insider. Of the security controls in place, which was most effective in solving the crime?
Detective
Extremely warm temperatures have put extra stress on a local power grid. As a result, a severe power outage has caused down time at several local businesses. This type of incident is considered a threat, as it causes disruption to business. Applying knowledge of threat assessment goals, classify the type of threat actor for this event.
Environmental
A serious malware infection recently occured at an organization. The cause was found and eliminated. Systems are now being tested and brought back online. Considering incident response procedures, how is finding the cause categorized?
Eradication
Crypto-malware was found within an organization. An employee's USB flash drive was identified as the cause of the infection. Systems are now being restored from a backup, tested, and brought back online. Considering incident response procedures, how can finding the cause be categorized?
Eradication
A senior engineer has decided to take on an unresolved help-desk support case. The case involves the rebuild of a server system that has been compromised by malware. Accessing the data on the drive may not be possible. In terms of an incident reponse plan, what initial step has been executed?
Escalation
First responders found a highly critical incident. As a result, company executives concluded to halt operations for several days. The company is expected to recover from the impact during this time. In terms of an incident reponse plan, what initial step had been executed?
Escalation
A computer system at a local company was breached. Since the incident, internal IT support removed a USB flash drive that was found plugged into the machine. Security experts now question the validity of the chain of custody. Which statement justifies the analysis of the situation?
Evidence has been tampered with
Upon arrival to work, a user stated a system that is normally off was powered on and logged in. A junior technician responding to the issue moved the computer to the data center to investigate. Considering chain of custody, which statement correctly evaluates the situation?
Evidence has been tampered with
A human resources representative following a checklist of tasks needed to disable a user's account and privileges. They need to ensure that any information assets created or managed by the employee, but owned by the company, are accessible. Which process is the human resources manager executing?
Exit interview
A new business is working with a consultant to establish business processes. While drafting plans, the business must make considerations for unknown variables. Which type of approach to creating documentation do unknown variables prompt?
Guidance
An organization incorporates multiple complex and varied critical business processes. Documentation is requested to capture the steps involved with processes for improvement. Anaylze and determine which type of approach to creating the documentation is prompted by complex and differing variables.
Guidance
Forensic investigators gathered evidence from a breached system. During the process, an image of the system was acquired. Which is the next best step in following best practices for obtaining evidence?
Hashing
Investigators gathered evidence from a breached system. An image of the system was acquired before leaving the scene. Which step should the investigators execute next in following best practices for obtaining evidence?
Hashing
A company has several remote sites. Plans to convert one site into a disaster-recovery site are being developed. In the event of a catastrophe at the main site, the new alternate site should be ready to use at a moment's notice. Planning for this new site follows guidelines for which implementation?
Hot site
A major incident recently occurred at an organization. As a result, systems were down for several weeks and business was lost. If an alternate site had been available for business continuity purposes, the organization would not have suffered. After analyzing the options, conclude which site type can be ready at a moment's notice?
Hot site
Analyze the following alternate business practice topics and conclude which is included in a Continuity of Operations Plan (COOP).
Human Capital
An organization is developing a Continuity of Operations Plan (COOP). This plan will include strategies to keep the business functional during and after a catastrophe. Analyze the following topics and conclude which is included in such a plan.
Human capital
A company has several servers in place. It is possible that some of these servers can go offline without impacting daily operations. What criteria is used to justify this conclusion? (Choose two) Mission-essential functions
Identification of critical systems
A company has several servers in place. It is possible that some of these servers can go offline without impacting daily operations. What criteria is used to justify this conclusion? (Choose two)
Identification of critical systems Mission-essential functions
Checks and balances are often used to assess critical systems or procedures at risk of compromise by insider threats. Which policies are helpful when implementing such a program? (Choose two)
Job rotation Mandatory vacations
Which of the following are organizational security policies put in place so more than one person has knowledge of business processes? (Choose two)
Job rotation Mandatory vacations
An incident has recently occurred at a medium sized business. An employee is suspected of leaking information online. As a result of the investigation, the employee's computer has been secured as evidence by authorities. Identify the term that describes this type of action.
Legal hold
A recent incident is under review for future response planning. The current goal is to determine the incident's cause and whether it was avoidable. Consider the objectives included in the phases of the incident response lifecycle to conclude which phase is currently in progress.
Lesson learned
A risk assessment is scheduled at a local business. All data and related systems are to be included in the assessment. Which variables should be used to calculate the degree of risk? (Choose two)
Likelihood Impact
An organization needs to maintain a threat assessment. Analyze the following scenarios and select which best represents an environmental incident.
Local businesses are impacted after an aging utility pole has collapsed, bringing down communication lines.
An IT security expert is reviewing security settings for systems and devices. In order to gain insight on daily actitives, which settings should be verified?
Logs
A large geographic area was impacted by a major communications outage. Investigators found evidence of an accidental fire that burned down a central switching office. Such an incident is considered to have characteristics of which threat actor?
Manmade
Several small businesses suffered a power and communications outage. It was later determined a fire burned down a utility pole after a serious automobile accident. This scenario describes the characteristics of which threat actor?
Manmade
A hard disk in a Redundant Array of Independent Disks (RAID) array has failed. This RAID array is installed in a critical server system. Currently the system is operational, however, another failed disk will cause system downtime. Manangement is requesting information regarding fully restoring the system. Which Key Performance Indicator (KPI) should be calculated to evaluate the data?
Mean Time to Repair (MTTR)
A system has been compromised at a local business. In response, a help desk technician began recovery by powering the system down. As a result, what has been compromised?
Order of volatility
Internal IT personnel have finished investigating a system that had a reported breach. Documented steps included installing a new antivirus software package, uninstalling unknown software, and rebooting the system. Consider proper forensic and investigative protocols to conclude what has been highly compromised in this situation.
Order of volatility
An organization handles different sets of sensitive data. The data is gathered and categorized in three different ways; associated, anonymized, and de-identified. As a result, the organization is developing three different data management processes. Compare features of sensitive data and select which type is characterized by these categories.
PHI (Protected Health Information)
A small company worked with an IT security firm to complete a risk assessment. They discussed developing a plan for an alternate business practice in the event of an incident. Which business practice will the company likely implement?
Pen and paper
Analyze the following groups and conclude which is used in defining critical systems.
People, furniture, ideas
Critical systems need to be be defined by an organization. After analyzing the groups, which best represents a collection of critical systems?
People, furniture, ideas
A free software application was found to corrupt any image file it opens and was reported as problematic. After conducting research, the application was found to be maliciously modified before becoming available at an untrusted third-party distribution website. Which of the following choices best applies best to this scenario regarding how users have been impacted by this application?
Property
A company is very protective of its intellectual material. As a result, a dedicated server is put into place, containing related highly sensitive data. The fear of a breach by a curious public or competitors is an ongoing concern. Apply knowledge of data types and labels and select which type the company is protecting.
Proprietary
In an effort to rebrand itself, a company developed a new logo, mascot, and other materials. A file share is in place, containing this highly sensitive data. The fear of a breach by a curious public or competitors is an ongoing concern. Apply knowledge of data types and labels and select which type the company is protecting.
Proprietary
An organization handles various sets of sensitive data used in a variety of ways. For example, data that is categorized as de-identified is evaluated without subject information. This data contains codes, allowing the subject information to be reconstructed by the data provider, if required. Compare the characteristics of sensitive data to determine which type is being evaluated in this situation.
Protected Health Information (PHI)
An organization has just experienced a data breach. As part of the breach, thousands of records containing private information has been stolen. Which type of data is typically stolen for insurance fraud purposes?
Protected Health Information (PHI)
An organization has many old systems in storage from a past downsizing. While the systems are older, components such as hard drives can be repurposed. The drives are healthy but contain data from previous users. In effort to protect confidential information, the drives are being formatted to erase data before reuse. Consider various media sanitization methods and select the initiative IT is practicing.
Purging
IT is repurposing one dozen hard drives from old systems. The drives are healthy, but contain data from previous users. In effort to protect confidential information, the drives are being wiped to erase data before reuse. Consider various media sanitization methods and select the initiative IT is practicing.
Purging
A report has been compiled from results of a user completed systems use survery. A risk assessment was developed based on findings in the report and presented to management. Which approach supports conducting a risk assessment in this fashion?
Qualitative
A risk assessment needs to be performed for the computer network at a small business. Rather than spend time on complex calculations, the assessment will focus on user needs and input. Which approach supports conducting a risk assessment in this fashion?
Qualitative
An organization implements a new backup scheme. The backup includes daily backups to ensure any changes are captured. The organization would like to implement redundancy into the scheme. Evaluate the backup options and select the best solution for implementation.
Redundancy
An IT security consultant is working with a firm across several initiatives. One component of their ongoing work is evaluating the firm's readiness in the face of an incident. A discussion of threats and risks is on the table. Considering the relationship between the two topics, a likelihood variable relates to which type of assessment?
Risk
A company executive is concerned with risk. During a recent meeting, a report was handed to all stakeholders that contained a concerning scatterplot graph. The graph illustrated a high-level of risk related to the current systems infrastructure. Considering the evaluation of risk, what method was used to communicate risk issues with stakeholders?
Risk register
A company is evaluating risk. There are currently several critical processes in place in need of revision, and the systems infastructure is aging. How would a scatterplot graph be best developed to illustrate the likelihood and impact of risk?
Risk register
An organization planned a week of security exercises. Each day of the week focused on different scenarios and goals. Consider the elements of disaster recovery exercises and select the option that accomplishes the organization's goal during the exercise.
Roles and responsibilities
Security experts are performing disaster recovery exercises with employees at a software development company. Which key element should be focused on as a goal of these activities?
Roles and responsibilities
A new IT support ogranization is preparing many agreement templates for business. These templates will be used for partnerships, vendors, support agreements, and more. When organizing these templates, which should be applied to support agreements?
SLA (Service Level Agreement)
New security controls have been implemented in an organization. Analyze the possible controls and select the best example of a deterrent control.
Security Guard
Confidential data is ready to be destroyed. Pulping will be used and a requirements list is being created to carry out the task. Considering the various approaches to destroying media, how will pulping be implemented?
Shredding and mixing contents with a solution
IT worked with management to perform a qualitative risk assessment. Individual systems and the infrastructure were included in the assessment. Risk values for the servers were determined by finding the percentage of the lost value. When evaluating this risk, which risk factor was calculated in this situation?
Single Loss Expectancy (SLE)
A backup plan on a new Windows server uses the Volume Shadow Copy Service (VSS). The plan is set to backup the entire system over the weekend, and only backup files with changes on a daily-basis. What purpose does the utilization of VSS have for implementing the plan?
Snapshot
A computer system is mysteriously unable to boot. The decision has been made to restore the system from a backup, as one is performed every night. The last entire backup was five days ago, and subsequent backups have been performed every night. After restoring the system, it is discovered that files are missing. Considering backup solutions, which should be used to complete the task of restoring the data?
Snapshot
A small company has put a new backup scheme in place, protecting two critical servers. After a few weeks, the company discovers not all files are being backed up. Analyze and recommend which backup technique should be implemented to remedy this situation.
Snapshot
On a Windows server, the volume copy shadow service has been enabled to use with a new backup scheme. This scheme is set to backup the entire server, including open files, once a week and only changed files during the week. When enabling this scheme, what purpose does the use of VSS provide?
Snapshot
IT installed a new line of business system that will be used for daily operations by all departments. In cooperation with IT, Human Resources has scheduled systems training for all users. Key users will be given special training as part of a security and risk management plan that will focus on daily management of the system. Which area of training would most benefit these users?
Standard operating procedures
The order of restoration prioritizes and identifies the order for bringing devices and services online after an incident. When evaluating the proper order, which sets of devices or services represent a correct approach? (Choose two)
Step 1. Enable and test power Step 2. Enable and test infrastructure Step 1. Enable and test critical network servers Step 2. Enable and test backend and middleware
A major power incident has impacted a local transportation company and all systems have powered off. While the IT department is waiting for the power to be restored, they have been reviewing the situation and creating an order of restoration plan. Evaluate the following options and select the plan that would best follow standard guidelines.
Step 1. Enable and test power Step 2. Enable and test infrastructure Step 3. Enable and test critical network servers
A security consulting firm will be working with the staff of a local business to perform a disaster recovery exercise. After discussing options for performing the exercise, the firm decides to apply a specific approach to best meet the organization's needs by "ghosting" the same procedures as they would occur in an actual disaster. Apply knowledge of the scenario to conclude which exercise method the firm uses.
Tabletop
A company is upgrading a data center. While doing so, all new security controls are being installed on various fronts. One such control is a new intrusion detection system. Management has requested that the control types installed be reported. After evaluating the list of control types that have been upgraded, how would the intrusion detection system be categorized?
Technical
A new user group has been created in a Windows Active Directory domain. This new group will be used as an Access Control List (ACL) for specific printer deployments and shared folder access. Which type of security control allows execution of this implementation?
Technical
A new user requires access to a sensitive shared folder. According to established policies, certain controls are required to be put in place when user adds or changes are made throughout the organization. Evaluate and choose the security control type that would accomplish the task.
Technical
A recent update of security software on desktops includes Intrusion Prevention System (IPS) technology. The addition of IPS greatly improves overall security controls within the organization. Evaluate the control types and determine how the IPS system can be classified.
Technical
A small business is replacing an older software based solution with a new hardware based firewall that features Intrusion Prevention System (IPS) technology. The replacement is part of an initiative to upgrade security controls. Evaluate the list of control types and determine how the IPS system is categorized.
Technical
An IT security expert investigated a computer crime scene using computer forensic investigation best practices. After analyzing the following terms, which best fits the criteria of preservation of evidence?
Timeline
Analyze the following terms and consider computer forensic investigation best practices. Which best fits the criteria of preservation of evidence?
Timeline
After a recent incident, investigators are performing forensics on a Windows server. While using various tools to examine damaged data, they discover the timestamps on an NT file system (NTFS) volume do not seem correct, and are a few hours different from local time. What determination should the experts conclude as the reason for the timestamp discrepancy?
Timestamps are in coordinated universal time
Investigators pulled a drive out of a Windows workstation. As the investigation begins on the drive, it is discovered that the time stamps between volumes on the drive do not match. A fat volume seems much different and correct by a few hours compared to a NT file system (NTFS) volume. While evaulating the evidence, what determination do the investigators conclude as the reasoning behind the odd timestamps on the NTFS volume?
Timestamps are in coordinated universal time
Image acquisition is the process of obtaining a forensically clean copy of data from a device held as evidence. Which types of storage should be carefully imaged in an investigation? (Choose two)
Volatile Non-volatile
A government firm has been working on establishing an alternate operations site in the event of a disaster. Currently, the preparations have confirmed the readiness of an alternate site with a few minor configuration contingencies. These configurations should take no longer than 24 to 48 hours to implement. Evaluate characteristics of alternate sites to conclude which type the firm is currently working with.
Warm site
Disposing of old storage media is the responsibility of IT personnel. There are currently several old hard disk drives ready to be discarded. After evaluating the available methods, which is the most cost effective solution that requires the least interaction?
Wiping
A recent systems crash at a local business severely impacted operations. Reconfiguring the system took place after a 6 hour restoration was performed. Now, the system must be tested to confirm integrated functionality with other systems. Which metric is assigned when calculating the time required for the functionality testing?
Work Recovery Time (WRT)
An organization experienced a data security breach. Part of the established incident management plan is to consider factors in order to prioritize and allocate resources. After analyizing the plan and defined factors, which is considered the highest priority?
Data Integrity
A new job has become available at a firm that utilizes several important databases. The new job is ultimately responsible for enforcing access control and data encryption. Analyze the job titles and consider the responsibilities of each. Which job role has most likely become available?
Data custodian
Analyze the following incident factors and consider the incident management process to conclude which of the factors should receive the highest priority.
Data integrity
A firm that deals with numerous databases has worked to standardize job responsibilities based on industry defined roles. As a result, a new job has become available. The new job is ultimately responsible for maintaining the confidentiality, integrity, and availability of information, and who should have access. Evaluate the job titles and consider the responsibilities of each. Which job role has most likely become available?
Data owner
A business has implemented a series of websites that collect customer information for marketing and sales purposes. The sites are mirrored in a number of countries. What needs to be considered when implementing data retention for archival purposes?
Data sovereignty
Continuity of Operations (COOP) and Disaster Recovery Planning (DRP) are process that need to be reflected upon routinely. This allows organizations to review and improve processes. Apply knowledge of how processes are implemented to conclude the best time to execute improvement.
After-action report
A user who handles historical data must comply with laws concerning data retention. In doing so, IT has been been contacted to address the requirement regarding system backups. Considering possible backup options, how should the IT department handle data retention?
Archives
The systems administrator of a financial firm is required to document a new backup and restore methodology for senior management. Data retention is of great concern. In documenting the backup process, which area must the systems administrator focus their attention?
Archives
A company is implementing the use of an alternate site in the event of a disaster. The plan is to replicate data between the main site and the alternate site on a continuous basis. The sites are a few hundred miles apart. Which statements are true regarding replication? (Choose two)
Asynchronous replication indicates data is mirrored from a primary site to a secondary site. Synchronous replication is particularly sensitive to distance.
A hard drive contains sensitive data that the owner has recently applied restricted access as internal/official use only. Considering the different data classification levels, what is the appropriate level of data classification in this scenario?
Classified
Following military classification guidelines, select the lowest document classification type that is still restrictive.
Classified
A user invited a friend to the office for a tour. There were several moments when the visitor was left alone. During these times it was possible that confidential information was viewed. What type of policy can prevent such an activity from occuring?
Clean desk
Data for an upcoming project has been stolen from a company and leaked online. The investigation implies social engineering is the cause. Which policy can prevent such an incident from occuring?
Clean desk
A company is considering using an alternate site of operations in the event of a disaster. The plan is to aquire equipment at the time of the incident in order to avoid using dated hardware and software. What type of alternate site would best meet the company's needs?
Cold site
During a recent risk assessment, a municipality has decided an alternate site of operations is needed. This site would be used in the event of a severe incident. When the need arises, they plan to utilize spare equipment currently being held in secure storage. What type of alternate site should be used?
Cold site
A system recently lost data due to user error. A system backup was fortunately in-place and was used to restore the lost data. Considering the available security control types, which was utilized to address the missing data?
Compensating
Malware infected a system and data was lost. Fortunately, several security controls were in place and the infection was contained and mitigated. A system backup is being used to restore the lost data. Applying knowledge of security control types, which is being used to address the missing data?
Compensating
A company has been working to improve its overall security program. One such improvement is a new backup system. Which type of security control does this new system provide?
Compensating control
A malware outbreak has impacted several development computers at a data center. These particular systems are not networked. The investigation revealed a common USB flash drive was used between the systems. The USB drive has been located and is no longer being used. What incident response lifecycle step has been enacted?
Containment
Malicious activity has been detected on several computers in the marketing department at a local organization. In response, IT personnel has disconnected the marketing switch from the network. Identify which incident response lifecycle step has been enacted.
Containment
A new antivirus software package is being used to improve upon an organization's risk management plan. By strengthening security controls, the goal is to mitigate any threat as soon as possible. Analyze the scenario and determine which type of security control is likely being implemented.
Corrective
An organization is deploying a new antivirus software package. This initiative is a direct result of virus incidents recently infecting several laptops. The new antivirus software strengthens security controls to improve the organization's risk management plan. Analyze the scenario and determine which type of security control is likely being implemented.
Corrective
Which of the following is NOT a characteristic of a lessons learned report?
Determining if outside expertise is needed
A company has a data room it would like to protect. However, at the moment there are no funds in the budget to allocate to this task. As a result, they decide to place an alarm warning sticker on the door as temporary security measure. What type of security control is being used in this situation?
Deterrent
A user in a company would like a new USB flash drive. Rather than request one through the proper channel, the user intends to obtain one from a company storage closet. Upon approaching the closet door, the user notices a warning sign indicating cameras are in use. It is a known fact there are no cameras located in the company building, so the user enters the closet unconcerned. What type of security control is being attempted in this situation?
Deterrent
Which of the following illlustrates the importance of roles and responsibilites during an incident?
Disaster Recovery planning
A local organization's operations have been severely impacted after a power transformer in the area failed and caught fire. Which classification best describes this type of threat actor?
Environmental
An organization is starting a threat assessment project, with both internal and external factors considered threats. How is accidental fire damage categorized?
Environmental
A system has been compromised and data has been deleted. A backup of the system is performed every night. The last entire backup was five days ago. To restore the system, only two sets of data need to be restored. Examine the available backup schemes and determine which will accomplish the complete restoration of data.
Full and differential
A user installed software on a system without permission. The system is now highly unstable, continuously crashes, and removal of the software has failed. It has been decided to restore the system from a backup. A backup of the system is performed every night. The last entire backup was five days ago. To restore the system, five sets of data need to be used. Considering the available backup schemes, which will accomplish the complete restoration of data?
Full and incremental
Confidential data is ready to be destroyed. As a result, the decision to use pulverizing has been made, and a requirements list is being created. Considering the various approaches to destroying media, how will pulverizing be implemented?
Mechanically shredded
Two technology firms are in preliminary discussions to work together on several projects. The goal of the joint venture entails providing support services to a wider customer base as an entity with shared resources. Each firm has its own customer base, custom branded products, and established processes. Evaluating the current situation, which type of agreement should be put in place between the two firms?
Memorandum of Understanding (MOU)
A system breached earlier in the morning at an insurance firm has been investigated by local IT personnel. Documented steps taken included a virus scan followed by a reboot of the system. Consider proper forensic and investigative protocols to conclude what has been highly compromised.
Order of volatility
A system has several security controls in place. As a result, users are reporting that systems impact and usability is being impacted. Which control configuration should be evaluated before configuration?
Network logs
Implementing security controls can help harden a system. When doing so, the control configuration needs to consider systems impact and usability. Determine which control configuration should be evaluated before beginning configuration.
Network logs
A popular entertainment company is onboarding a new employee. Preliminary interview steps and due diligence has been completed. Internal security is of high importance, so all documentation for the formal employment process is being prepared. In implementing the process, which solution should be used to assist with internal security issues?
Non-Disclosure Agreement (NDA)
A computer system was breached at a medium-sized business. IT personnel began an investigation immediately. Some steps taken included a virus scan and a reboot. What has this breach compromised?
Order of volatility
A company is in the preparation phase of implementing an incident response plan. All technical security controls are in place. Now, the company needs to establish guidelines for handling an incident. Evaluate and select the appropriate guideline items. (Choose two)
Personnel and resources Policies and procedures
A security clearance firm is developing an incident response plan for an organization. All technical security controls have been outlined. Now, the firm needs to establish high-level guidelines for handling an incident. Evaluate and select the appropriate guideline items. (Choose two)
Policies and procedures Personnel and resources
A new locking cabinet has been installed in the computer room to hold extra flash drives and other supplies. Which type of security control has been configured?
Preventative
A new locking cabinet has been installed in the computer room to hold extra flash drives and other supplies. Which type of security control has been configured?
Preventive
Server systems breached at a large business were protected by several security controls. Investigators discovered the breach began as an inside job where the employee broke and entered into the secure area. Analyze the situation and determine which security control type failed.
Preventive
A large organization has just hired a new employee to oversee compliance of data with regulatory frameworks. One of the immediate tasks assigned to the new employee is to ensure data rention is in accorance with regulations. Which role accurately defines the new employee's responsibilities within the company?
Privacy officer
An employee has noticed private company information online while browsing social media. What measure should be implemented to address this observation?
Reporting requirements
There is suspicion of data theft from an internal sources within a company. What process will this possibility most likely trigger?
Reporting requirements
A hardware manufacturer has designed a smart-device for consumers to use at home. The device reponds to voice commands and has interactivity with a mobile application. It was discovered after several months on the market that the device collected personal data without consent. Sales of the device has since been negatively impacted. As a result of the privacy issue, lost sales, and bad product reviews, how has the manufacturer been impacted?
Reputation
A large business' computer system was breached and the suspect is a high-level executive. Several employees have been called as witnesses, and investigators are evaluating a questioning approach. Considering how evidence may be collected and documented, which method is more reliable, but may make witnesses less willing to make a statement?
Video
Which study aims to identify vulnerabilities that may lead to the data breach of personal information and to evaluate controls mitigating those risks?
Privacy Impact Assessment (PIA)
A system that holds a large amount of personal data for customers is going through an initial audit. One of the concerns is the system's security settings and controls. Which type of audit is currently being performed on the system?
Privacy Threshold Analysis (PTA)
Organizations should perform audits regularly to assess whether any Personally Identifiable Information (PII) data is processed securely. If an organization is storing PII data, and controls need to be investigated, which audit type should be implemented first?
Privacy Threshold Analysis (PTA)
A high ranking member of the Human Resources department has access to sensitive employee information. Which user type best fits the employee's access level?
Privileged user
A malware security breach occurred at a small firm. An maintenance agreement put in place by the IT support company has not been honored since numerous security updates were missing on all computer systems. When reviewing company agreements, which type is used for support?
A Service Level Agreement (SLA)
An IT security team recovered data from a recent cybercrime incident. Due to practicing proper order of volatility steps, data was not lost. After investigating and evaluating sets of data, which options represent examples of data sets ranging from more to less volatile? (Choose two)
1. CPU registers 2. ARP cache 1. Memory 2. Temporary file systems
A qualitative risk assessment is taking place to determine the overall risk and likelihood of a systems breach. What value is multiplied by an Exposure Factor (EF) when evaluating what would be lost in the occurrence of a single risk factor?
Asset
A company needs to onboard a new employee. A new process for preparing the employee for employment is being implemented. Which step should be performed first in order to eliminate wasted effort?
Background check
A new IT security firm is partnering with an IT support company, and is opening its doors for business soon. The firm would like to be a reseller of a popular firewall. Considering all the agreements in process, which would be used to become an authorized reseller?
Business Partners Agreement (BPA)
Employees of an organization have expressed they are unaware of recent regulatory changes. The lack of knowledge has a direct impact on data risk in the organization. With recent restructuring, a new initiative is being recommended to ensure employees maintain up-to-date knowledge. Which training program approach would satisfy this initiative?
Continuing education
A group of security professionals from several non-competing organizations address local security incidents by forming a Unified Cyber Incident Response Team (CIRT). The goal of the program is to share insights and knowledge, and assist in mitigating threats. Considering the team's desire for diversity among the team's membership, determine which user type should be included.
Decision maker
An organization is developing a risk management plan to avoid potential downtime in the event of an incident. One component of the plan includes the identification of critical systems. Considering critical aspects of business operations, identify the valid business process inventory items.
Employees, furniture, standard operating procedures
Which of the following is characteristic of a risk register?
Includes the date of identification, description, countermeasures, owner/route for escalation, and status
A high level executive for a popular firm has recently been receiving increasingly more spam email. IT personnel identified most of the spam as spear fishing attempts. After examing the computer for signs of a breach and interviewing the executive, what cause can the rise in spam email be most likely attributed to?
Increased social media activity
An IT security firm will be working with a government entity. Part of the working relationship requires integration of systems from both parties. After reviewing the technical specifics, an agreement must be established and put in place. Which agreement oversees this type of relationship?
Interconnection Security Agreement (ISA)
A recent incident is under review for future response planning. The current goal is to determine the incident's cause and whether it was avoidable. Consider the objectives included in the phases of the incident response lifecycle to conclude which phase is currently in progress.
Lessons learned
Analyze the following statements and determine which best fits the criteria for an environmental incident.
Local businesses are impacted after an aging utility pole has collapsed, bringing down communication lines.
A systems engineer is recovering a system from a crash. Data on a network has been corrupted. It was determined during troubleshooting that a faulty hard drive was to blame. A spare hard drive will be used to replace the failed drive. Afterwards, a plan is developed to restore from a backup. What metric can be implemented to best represent downtime to management while replacing the server hard drive?
MTTR (Mean Time to Recover)
A systems engineer is recovering a system from a catastrophe. A network server crashed and data has been corrupted. During troubleshooting, the engineer discovered a faulty memory module failed while a database was opened. A plan is developed to replace the memory module and restore from a backup. What metric can be implemented to best report downtime to management while replacing the server memory?
MTTR (Mean Time to Repair )
A critical server experienced a severe crash. In order to restore the system, a backup set is utilized. The last backup was 18 hours prior to the crash, which is 6 hours longer than the company can afford to lose data. IT estimates it will take approximately 4 hours to bring systems back online. When reporting the situation to management, what value does the 4 hours represent?
MTTR (Mean Time to Repair)
A lone server in an organization has crashed, and efforts to restore the system from a backup set is taking place. The last backup was 10 hours prior to the crash, which is 2 hours longer than the company can afford to lose data. The IT administrator estimates it will take approximately 3 hours to bring the server back online. When reporting the situation to the CEO, what value does the 3 hours represent?
MTTR(Mean Time to Repair)
A hardware manufacturer has created a new USB storage device. Before its release to market, a vulnerability was found. As a result, an internal change management process has been immediately put in place for quality assurance procedures. Based on the scenario, what approach is being implemented?
Proactive
A hardware manufacturer is developing a new USB device for biometric authentication. Employees curious about the project have used the device early under a "use at your own risk" agreement. As a result, some employees have experienced a faulty USB port. Consider how employees have been impacted by the devices to determine which option applies best to this situation.
Property
A small company is evaluating risk related to the possibility of system down time. Which approach does the company need to implement to accurately calculate single loss expectancy (SLE) and annual loss expectancy (ALE)?
Quantitative risk assessment
The CEO of a medium sized organization would like a risk assessment to be performed. This assessment focuses on an aging network infrastrcuture, and should provide both single loss expectancy (SLE) and annual loss expectancy (ALE) data. Which approach should be implemented to meet the CEO's needs?
Quantitative risk assessment
A software developer has released a new social media application. A severe vulnerability was found shortly after the software's release to market. A-s a result, an external change management process is being requested. Evaluate and select the process being implemented.
Reactive
A malware outbreak recently occured at a local organization. Systems were compromised and business operations shut down during this time. All systems were brought to a secure state over the course of ten business days. Which incident response lifescyle stage took ten days to complete?
Recovery
A critical server hosting a line of business app has crashed. IT personnel are working to fix the problem. A previous risk assessment stated that the company cannot afford more than 8 hours of data loss, and it cannot go more than 72 hours without the server before resulting in a severe business impact. The last system backup was taken 12 hours ago. IT reports that the estimated repair time is 48 hours. After evaluating the situation, which metric calculated from the data is represented by 4 hours?
Recovery Point Objective (RPO)
IT personnel are working to fix the issuse with an online retail website crash. A previous risk assessment stated the site cannot go offline for more than 48 hours without causing a severe business impact. The last system backup was taken 12 hours ago. IT reports that the estimated repair time is 24 hours. After evaluating the situation, what value is represented by the 24 hour repair time?
Recovery Time Objective (RTO)
IT worked with management to perform a qualitative risk assessment. Individual systems and the infrastructure were included in the assessment. Risk values for the servers were determined by finding the percentage of the lost value. When evaluating this risk, which risk factor was calculated in this situation?
SLE - Single Loss Expectancy
A company is considering the implementation of a secondary Internet connection, due to the fact that the primary connection has frequent issues. Which classification accurately describes the primary connection in this scenario?
Single Point of Failure
As a result of a failed RAID array, the system has crashed at a local business. The onsite IT professional is recovering data from a backup set and estimates a recovery to take 4 hours. Once the backup has been completed, the system will need some configuration that is not included in the backup. Which metric is assigned when calculating the time required for the configuration?
Work Recovery Time (WRT)