Chapter 12
Which of the following fire extinguisher types poses a safety risk to users in the area? (Select two)
- CO2 - Halon
In business continuity planning, what is the primary focus of the scope?
Business processes
What is the primary goal of business continuity planning?
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
Purchasing insurance is what type of response to risk?
Transference
Which of the following documents would likely identify that drop cables on your network use T568A standard?
Wiring schematic
Which of the following terms describes a test lab environment that does not require the use of physical hardware?
Virtual sandbox
Your organization is in the process of negotiating an Interoperability Agreement (IA) with another organization. As a part of this... As a security administrator, which tasks should you complete during this phase? (Select two)
- Identify how data will be shared - Identify how data ownership will be determined
A user named Bob Smith has been assigned... When provisioning Bob's user account in... On first logon, Bob is prompted to change... What should you do to increase the security of Bob's account? (Select two)
- Require stronger initial password when creating user accounts - Train users not to use passwords that are easy to guess
The power supply in a tower server system... Next, you remove the power supply unit from the server and open it... Which safety rules were violated in this scenario? (Select two)
- You should never open a computer power supply - You should unplug a device from the wall outlet before connecting yourself to it with a static wristband
What is recommended humidity level for several rooms?
70%
Which of the following information are you likely to find in a policy document?
A requirement for using encrypted communications for web transactions
Which of the following is an example of an internal threat?
A user accidentally deletes the new product designs
You are concerned about the amount of traffic that passed though a router... Which document would help in identifying past average network traffic?
Baseline
You are in the habit of regularly monitoring performance statistics for your... Which type of document should you update to reflect the change?
Baseline
Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components?
Carbon dioxide (CO2)
You are troubleshooting a workstation connection... drop cable connecting the computer to the network. Which type of document should you update?
Change documentation
You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device?
Change management
Which of the following fire extinguisher types is best used for electrical fires that might result when working with computer components?
Class C
Which of the following network strategies connects multiple servers together such that if one server fails, the other immediately take over its tasks, preventing a disruption in service?
Clustering
Match each third-party integration phase on the left with the tasks that need to be completed during that phase on the right. Each phase may be used once, more than once, or not at all.
Communicate vulnerability assessment... - Ongoing operations Disable VPN configurations... - Off-boarding Compare your organization's... - Onboarding Disable the domain... - Off-boarding Identify how privacy... - Onboarding Draft an ISA... - Onboarding Conduct regular security... - Ongoing operations
You want to make sure that the correct ports on a firewall have been opened or closed. Which document should you check?
Configuration documentation
A security administrator logs on to a Windows server on her organization's... What type of scan was conducted in this scenario?
Credentialed scan
Which of the following is an example of privilege escalation?
Creeping privileges
Which of the following is an example of privilege escalation?
Creeping privilieges
Which of the following is not a valid response to a risk discovered during a risk analysis?
Denial
Which of the following information are you likely to find in a procedure document?
Details on how to test and deploy patches.
You manage the website for your company. The Web1 server hosts... Which component is a single point of failure for the website?
Disk controller
You have just started a new job as a network... To improve the safety of your organization, you decide... How should you get them?
Download them from the chemical manufacturers' websites
Which of the following statements about ESD is not correct?
ESD is much more likely to occur when the relative humidity is above 50%
Which component of a Change and Configuration Management policy identifies technical and budgetary considerations associated with a proposed change and also identifies any potential impacts to the network?
Feasibility anaylsis
You are adding a new rack to your data center... The only space you have available in the data center is on the... To protect against failures, you also plan to install a UPS in the rack along... There are problems with this plan. What should you do?
Hire an electrician to install a wall outlet near the new rack
Which is the most common failure of a security policy in an environment?
Lack of user awareness
You walk by the server room and notice a fire has started. What should you do first?
Make sure everyone has cleared the area
Which business document is a contract that defines a set of terms that will govern future agreements between two parties?
Master Service Agreement
When recovery is being performed due to a disaster, which services are to be stabilized first?
Mission critical
If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?
Negligence
In troubleshooting a router, you want to identify which other devices... Which type of document would most likely have this information?
Network diagram
A new law was recently passes that states that all businesses must keep a history of... Which document type would you update first in response to this new law?
Policy
When analyzing assets, which analysis method assigns financial values to assets?
Quantitative
You need to find out what kind of laws might apple to... Which type of document would you consult?
Regulation
Your company has developed and implemented countermeasures for the greatest risks to their assets... What is the remaining risk called?
Residual risk
Match each Interoperability Agreement document on the left with the appropriate description on the right. Each document may be used once, more than once, or not at all.
Specifies exactly which... - SLA Creates an agreement... - BPO Provides a summary of... - MOU Documents how the... - ISA Defines how disputes... - SLA Specifies a present... - BPO
Arrange the steps in the Change and Configuration Management process on the left in the correct order in which they should be completed on the right.
Step 1 - Identify the need... Step 2 - Conduct a feasibility... Step 3 - Define the procedure... Step 4 - Notify affected parties... Step 5 - Implement the change. Step 6 - Document the change.
What is the primary purpose of penetration testing?
Test the effectiveness of your security perimeter
What is the greatest threat to the confidentiality of data in most secure organizations?
USB devices
You manage a network with a single switch. All hosts connect to the... You want to increase the security of devices that are part of the accounting department... What should you do?
Use a router to configure a subnet for the accounting computers
You have installed anti-virus software on computers at your business... What should you add to your security measures to help prevent this from happening again?
User awareness training
What is the main difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter
You manage a website for your company. The website uses three... Considering the availability of your website, which component represents a single point of failure?
Website storage
When would choosing to do nothing about an identified risk be acceptable?
When the cost of protecting the asset is greater than the potential loss
Which type of documentation would you consult to find the location of RJ-45 wall jacks and their endpoints in the intermediate distribution closet?
Wiring schematic
You are troubleshooting a workstation connection... different port on the patch pane. Which type of document should you update?
Wiring schematic