Chapter 9 Quiz
A security professional has reported an increase in the number of tailgating violations into a secure data center. Which of the following can prevent this? A. CCTV B. Mantrap C. Proximity card D. Cipher lock
B. A mantrap is highly effective at preventing unauthorized entry and can also be used to prevent tailgating.
Your organization has decided to increase the amount of customer data it maintains and use if for targeted sales. However, management is concerned that they will need to comply with existing laws related to PII. Which of the following should be completed to determine if the customer data is PII? A. Privacy threshold assessment B. Privacy impact assessment C. Tabletop exercise D. Affinity scheduling
A. A privacy threshold assessment helps an organization identify Personally Identifiable Information (PII) within a system, and in this scenario, it would help the organization determine if the customer data is PII.
Management within your organization wants to create a small network used by executives only. They want to ensure that this network is completely isolated from the main network. Which of the following choices BEST meets this need? A. Airgap B. Mantrap C. Control diversity D. Infrared motion detectors
A. An airgap ensures that a computer or network is physically isolated from another computer or network.
Thieves recently rammed a truck through the entrance of your company's main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which of the following choices can you use to prevent this form happening again? A. Bollards B. Guards C. CCTV D. Mantrap
A. Bollards are effective barricades that can block vehicles.
Flancrest Enterprises recently set up a web site utilizing several web servers in a web farm. The web farm spreads the load among the different web servers. Visitor IP addresses are used to ensure that clients always return to the same server during a web session. Which of the following BEST describes this configurations? A. Affinity B. Round-robin C. Virtual IP D. Active-passive
A. Source address IP affinity scheduling allows a load balancer to direct client requests to the same server during web session.
Your organization is planning to deploy a new e-commerce web site. Management anticipates heavy processing requirements for a back-end application. The current design will use one web server and multiple application servers. Which of the following BEST describes the application servers? A. Load balancing B. Clustering C. RAID D. Affinity scheduling
A. The design is using load balancing to spread the load across multiple application servers. This scenario indicates the goal is to use multiple servers because of heavy processing requirements, and this is exactly what load balancing does.
You are helping implement your company's business continuity plan. For one system, the plan requires an RTO of five hours and an RPO of one day. Which of the following would meet this requirement? A. Ensure the system can be restored within five hours and ensure it does note lose more than one day of data B. Ensure the system can be restored within one day and ensure it does not lose more than five hours of data C. Ensure the system can be restored between five hours and one day after an outage D. Ensure critical systems can be restored within five hours and noncritical systems can be restored within one day
A. The recovery time objective (RTO) identifies the maximum amount of time it should take to restore a system after an outage. The recovery point objective (RPO) refers to the amount of data you can afford to lose. RTO only refers to time, not data. RPO refers to data recovery points, not time to restore a system.
A security analyst is creating a document that includes the expected monetary loss from a major outage. She is calculating the potential impact on life, property, finances, and the organization's reputation. Which of the following documents is she MOST likely creating? A. BCP B. BIA C. MTBF D. RPO
B. A business impact analysis (BIA) includes information on potential monetary losses along with the impact on life, property, and the organization's reputation. It is most likely document of those listed that would include this information.
You are a technician at a small organization. You need to add fault-tolerance capabilities within the business to increase the availability of data. However, you need to keep costs as low as possible. Which of the following is the BEST choice to meet these needs? A. Alternative processing site B. RAID-10 C. Backups D. Faraday cage
B. A redundant array of inexpensive disk 10 (RAID-10 (RAID-10) subsystem provides fault tolerance for disks and increase data availability.
Flancrest Enterprises recently set up a web site utilizing several web servers in web farm. The web farm spreads the load among the different web servers by sending the first request to one server, the next request to the second server, and so on. Which of the following BEST describes this configuration? A. Affinity B. Round-robin C. Airgap D. Mantrap
B. A round-robin scheduling scheme allows a load balancer to send requests to servers one after another.
After a recent attack on your organization's network, the CTO is insisting that the DMZ uses two firewalls and they are purchased from different companies. Which of the following BEST describes this practice? A. Single-layer security B. Vendor diversity C. Control diversity D. Redundancy
B. The chief technology officer (CTO) is recommending vendor diversity for the demilitarized zone (DMZ). Firewalls from different companies (vendors) provide vendor diversity. This also provides defense in depth or layered security, but not single-layer security.
Lisa is the new chief technology officer (CTO) at your organization. She wants to ensure that critical business systems are protected from isolated outages. Which of the following would let her know how often these systems will experience outages? A. MTTR B. MTBF C. RTO D. RPO
B. The mean time between failures (MTBF) provides a measure of a system's reliability and would provide an estimate of how often the systems will experience outages.
Your backup policy for a database server dictates that the amount of time needed to perform backups should be minimized. Which of the following backup plans would BEST meet this need? A. Full backups on Sunday and full backups on the other six days of the week B. Full backups on Sunday and differential backup on the other six day of the week C. Full backups on Sunday and incremental backups on the other six days of the week D. Differential backups on Sunday and incremental backups on the other six days of the week
C. A full/incremental backup strategy is the best option with one full backup on one day and incremental backups on the other days. The incremental backups will take a relatively short time compared with the other methods. A full backup everyday would require the most time every day.
A security expert at your organization is leading an on-site meeting with key disaster recovery personnel. The purpose of the meeting is to perform a test. Which of the following BEST describes this test? A. Functional exercise B. Full-blown test C. Tabletop exercise D. Simulation to perform steps of a plan
C. A tabletop exercise is discussion-based and is typically performed in a classroom or conference room setting. Because this is a meeting that includes disaster recovery personnel, it is a tabletop exercise.
Flancrest Enterprises recently set up a web site utilizing several web servers in a web farm. The web servers access a back-end database. The database is hosted by database application configured on two database servers. Web servers can access either for the database servers. Which of the following BEST describes the configuration of the database servers? A. Active-passive B. Round-robin C. Affinity D. Active-active
D. The database servers are in an active-active load-balancing configuration because web servers can query both database servers.