Security PLUS (Set 04)
Which of the following reduce the risk of a threat agent being able to exploit a vulnerability? O Secure data transmissions O Implementation of VLANs O Countermeasures O Manageable neüvork plans
Countermeasures
Which of the following is not an appropriate response to a risk discovered during a risk analysis? ● Denial ● Assignment ● Mitigation ● Acceptance
Denial
When recovering from a disaster, which services should you stabilize first? ● Outside communications ● Mission-critical ● Financial support ● Least business-critical
Mission-critical
You have conducted a risk analysis to protect a key company asset. You identify the following values: • Asset value = 400 • Exposure factor = 75 • Annualized Rate of Occurrence = .25 What is the Single Loss Expectancy (SLE)? ● 100 ● 300 ● 475 ● 30000
300
You have conducted a risk analysis to protect a key company asset. You identify the following values: • Asset value = 400 • Exposure factor = 75 • Annualized rate of occurrence What is the Annualized Loss Expectancy (ALE)? ● 25 ● 75 ● 100 ● 175 ● 475
75
What is a service level agreement (SLA)? ● A contract with a legal entity to limit your asset loss liability ● A guarantee of a specific level of service ● A contract with an ISP for a specific level of bandwidth ● An agreement to support another company in the event of a disaster
A guarantee of a specific level of service
Which of the following is an example of an internal threat? O A server back door allows an attacker on the internet to gain access to the intranet site. O A water pipe in the server room breaks. O A delivery man is able to walk into a controlled area and steal a laptop. O A user accidentally deletes the new product designs.
A user accidentally deletes the new product design
What is the primary countermeasure to social engineering? ● Traffic filters ● Awareness ● Heavy management oversight ● A written security policy
Awareness
Which of the following is an important aspect of evidence gathering? O Monitoring user access to compromised systems O Restoring damaged data from backup media O Backing up all log files and audit trails O Purging transaction logs
Backing up all log files and audit trails
When duplicating a drive for forensic investigation purposes, which of the following copying methods is most appropriate? O Active sector cloning O Bit-level cloning O Drive mirroring O File by-file copying
Bit-level cloning
In business continuity planning, what is the primary focus of the scope? ● Company assets ● Human life and safety ● Recovery time objective ● Business processes
Business Processes
An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone who is not on the list? O Explicit allow O Explicit deny O Implicit deny O Implicit allow
Implicit deny
Which of the following is a security approach that combines multiple security controls and defenses and is sometime called defense in depth? O Perimeter security O Layered security O Countermeasure security O Network security O Cumulative security
Layered security
The chain of custody is used for which purposes? O Listing people coming into contact with evidence O Detailing the timeline between creation and discovery of evidence O Retaining evidence integrity O Identifying the owner of the evidence
Listing people coming into contact with evidence
Which of the following encryption methods combines a random value with plain text to produce cipher text? O Steganography O Elliptic curve O One-time pad O Transposition
One-time pad
You have discovered a computer that is connected to your network and was used for an attack. You have disconnected the computer from the network to isolate it and stop the attack. What should pu do next? O Make a hash of the hard drive O Clone the hard drive O Stop all running processes O Perform a memory dump
Perform a memory dump
Separation of duties is an example of which type of access control? O Preventive O Detective O Compensative O Corrective
Preventive
You want to examine the data on your network to find out if any of the following are happening: • Users are connecting to unauthorized websites • Cleartext passwords are allowed by protocols or services • Unencrypted traffic that contains sensitive data is on the network Which of the following tools would you use? O System logging O Throughput tester O Protocol analyzer O Load tester
Protocol analyzer
Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called? ● Risk ● Loss ● Residual risk ● Exposure
Residual risk
Which type of media preparation is sufficient for media that will be reused in a different security contexts within your organization? O Formatting O Deletion O Sanitization O Destruction
Sanitization
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent data extraction from the discs? ● Write junk data over the discs seven times ● Degauss the disks ● Delete the data on the discs ● Shred the disks
Shred the disks
Which type of cipher changes the position of the characters in a plain text message? O Substitution O Transposition O Steam O Block
Transposition
What is the best definition of a security incident? O Interruption of productivity O Compromise of the CIA of resources O Violation of a security policy O Criminal activity
Violation of a security policy
When would choosing to do nothing about an identified risk be acceptable? ● When the cost of protecting the asset is greater than the potential loss ● When the threat is most likely to come from an internal source instead of an external source ● When the threat is likely to occur less than once per year ● When the asset is an intangible asset instead of a tangible asset
When the cost of protecting the asset is greater than the potential loss
When a cryptographic system is used to protect the data confidentiality, what actually takes place? O Transmitting the encrypted data is prohibited O The data is available for access whenever authorized users need it O The data is protected from corruption or change O unauthorized users are prevented from viewing or accessing the resource
unauthorized users are prevented from viewing or accessing the resource
How can an organization help prevent social engineering attacks? (Select two.) ☐ Educate employees on the risks and countermeasures. ☐ Close all unneeded ports on firewalls. ☐ Publish and enforce clearly-written security policies. ☐ Implement IPsec on all critical systems.
☑ Educate employees on the risks and countermeasures. ☑ Publish and enforce clearly-written security policies.
Which of the following is the best definition of the term hacker? O A threat actor who lacks skills and sophistication but wants to impress their friends or garner attention. O Any individual whose attacks are politically motivated. O The most organized, well-funded, and dangerous type of threat actor. O A threat actor whose main goal is financial gain. O A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.
A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.
Which of the following is an example of a vulnerability? O Unauthorized access to confidential resources O A misconfigured server O Virus infection O Denial of servÄce attack
A misconfigured server
What is the average number of times that a specific risk is likely to be realized in a single year? ● Estimated maximum downtime ● Annualized rate of occurrence ● Exposure factor ● Annualized loss expectancy
Annualized rate of occurrence
Which of the following is the correct definition of a threat? O Absence or weakness of a safeguard that could be exploited O Any potential danger to the confidentiality, integrity, or availability of information or systems O Instance of exposure to losses from an attacker O The likelihood of an attack taking advantage of a vulnerability
Any potential danger to the confidentiality, integrity, or availability of information or systems
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take? O Back up all logs and audits regarding the incident O Deploy new countermeasures O update the security policy O Restore and repair any damage
Back up all logs and audits regarding the incident
You have been asked to draft a document related to evidence-gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this? O CPS (certificate practice statement) O Chain of custody O Flps_140 O Rules of eh.qdence
Chain of custody
What is the most important element related to evidence in addition to the evidence itself? O Completeness O Witness testimony O Chain of custody document O Photographs of the crime scene
Chain of custody document
You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? ● Change management ● SLA ● Acceptable use ● Resource allocation
Change management
As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan? ● Redefine all roles and responsibilities ● Obtain senior management approval ● Perform new awareness sessions ● Collect and destroy all old plan copies
Collect and destroy all old plan copies
Need to know access is required to access which types of resources? O High-security resources O Low-security resources O Resources with unique ownership O Compartmentalized resources
Compartmentalized resources
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is most pressing? O Non-repudiation O Availability O Confidentiality O Integrity
Confidentiality
By definition, which security concept ensures that only authorized parties can access data? O Non-repudiation O Integrity O Authentication O Confidentiality
Confidentiality
Smart phones with cameras and internet capabilities pose a risk to which security concept? O Confidentiality O Non-repudiation O Integrity O Availability
Confidentiality
You have hired 10 new temporary workers who will be with the company for three months. You want to make sure that after that time the user accounts cannot be used for login. What should you do? ● Configure day/time restrictions in the user accounts ● Configure account policies in Group Policy ● Configure account lockout in Group Policy ● Configure account expiration in the user accounts
Configure account expiration in the user accounts
You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic? O Configure the network interface to use protocol analysis mode O Configure the network interface to use promiscuous mode O Configure the netlvork intefface to use port mirroring mode O Configure the network interface to enable logging
Configure the network interface to use promiscuous mode
You have recently discovered that a network attack has compromised your database server. The attacker may have stolen customer credit card numbers. You have stopped the attack and implemented security measures to prevent the same incident from occurring in the future. What else might you be legally required to do? ● Implement training for employees who handle personal information ● Perform additional investigations to identify the attacker ● Contact your customers to let them know about the security breach ● Delete personally identifiable information from your computers
Contact your customers to let them know about the security breach
Which of the following is not a valid concept to associate with integrity? O Prevent the unauthorized change of data O Protect your environment so it maintains the highest source of truth O Control access to resources to prevent unwanted access O Ensure that your systems record the real information when collecting data
Control access to resources to prevent unwanted access
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence? O Enable write protection O Write a log file to the media O Create a checksum using a hashing algorithm O Reset the file attributes on the media to read-only
Create a checksum using a hashing algorithm
As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same neüvork segment as the human resources department. Which of the following steps can be used to isolate these departments? ● Create a separate VLAN for each department ● Identify the choke points in your network ● Implement the principle of least privilege for the human resources department ● Move the sales department into the DMZ
Create a separate VLAN for each department
Which of the following is an example of privilege escalation? O Mandatory vacations O Principle of least privilege O Separation of duties O Creeping privileges
Creeping privileges
Which of the following is the best protection against security violations? ● Defense in-depth ● Monolithic security ● Fortress mentality ● Bottom-up decision-making
Defense in-depth
To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used? ● Asset classification ● Sensitivity' vs. risk ● Delphi method ● Comparative
Delphi method
When you inform an employee that they are being terminated, what is the most important activity? ● Allowing them to complete their current work projects ● Giving them two weeks' notice ● Disabling their network access ● Allowing them to collect their personal items
Disabling their network access
During a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence? O See who is connected to the access point and attempt to find the attacker O Disconnect the access point from the network O Run a packet sniffer to monitor traffic to and from the access point O Connect to the access point and examine its logs for information
Disconnect the access point from the network
You are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first? O Turn off the system O Stop all running processes O Document what's on the screen O Remove the hard drive
Document what's on the screen
Which of the following is the single greatest threat to network security? O Weak passwords O Employees O Email phishing O Insecure physical access to network resources
Employees
Which of the following is not a valid example of steganography? O Digital watermarking O Hiding text messages within graphical images O Encrypting a data file with an encryption key O Microdots
Encrypting a data file with an encryption key
Which type of data loss prevention system can be configured to block unauthorized email messages from being sent and, therefore, being subject to email retention rules? ● Network DLP ● Endpoint DLP ● File Level DLR ● Chinese Wall
Endpoint DLP
Change control should be used to oversee and manage changes over what aspect of an organization? ● Physical environment ● Every aspect ● Personnel and policies ● IT hardware and software
Every aspect
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control will the access list use? O Explicit allow, implicit deny O Implicit allow, explicit deny O Implicit allow, implicit deny O Explicit allow, explicit deny
Explicit allow, implicit deny
Which of the following is a recommendation to use when a specific standard or procedure does not exist? ● Procedure ● Standard ● Baseline ● Guideline
Guideline
Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? O Insider O Nation state O Competitor O Script kiddie O Hacktivist
Hacktivist
Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence? O Hashing O Photographs O Serial number notation O File directory listing
Hashing
Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.) O Policies, Procedures, and Awareness O Perimeter O Host O Data
Includes OS hardening, patch management, malware, and password attacks: O Host Includes how to manage employee onboarding and off-boarding: O Policies, Procedures, and Awareness Includes cryptography and secure transmissions: O Data Includes user education and manageable network plans: O Policies, Procedures, and Awareness Includes firewalls using ACLs and securing the wireless network: O Perimeter
Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.) O Physical O Network O Host O Application
Includes fences, door locks, mantraps, turnstiles, device locks, and server cages: O Physical Includes each individual workstation, laptop, and mobile device: O Host Includes authentication and authorization, user management, and group policies: O Application Includes cameras, motion detectors, and even environmental controls: O Physical Includes implementation of VLANs, penetration testing, and the utilization of virtualization: O Network
The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following: • Create and follow onboarding and off-boarding procedures • Employ the principle of least privilege • Have appropriate physical security controls in place Which type of threat actor do these steps guard against? O Script Kiddie O Competitor O Hacktivist O Insider
Insider
Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity' provide? O Integrity O Availability O Non-repudiation O Confidentiality
Integrity
You are concerned that the accountant in your organization might have the chance to modify' financial information and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which security principle are you implementing by periodically shifting accounting responsibilities? O Separation of duties O Least privilege O Need to know O Explicit deny O Job rotation
Job rotation
A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the best defense against script kiddie attacks? O Properly secure and store data backups. O Build a comprehensive security' approach that uses all aspects of threat prevention and protection. O Implement email filtering systems. O Have appropriate physical security controls in place. O Keep systems up to-date and use standard security practices.
Keep systems up to-date and use standard security practices.
Which of the following is not an accepted countermeasure to strengthen a cryptosystem? ● Implement long key spaces ● Keep the cryptosystem a secret ● Implement strong systems with redundant encipherment ● use strong passwords
Keep the cryptosystem a secret
In a cryptographic system, what properties should the initialization vector have? (Select two.) ☐ Large ☐ Unpredictable ☐ Predictable ☐ Shon ☐ Uniform
Large Unpredictable
Which of the following tools would you use to simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email? O Protocol analyzer O Throughput tester O Load tester O Packet sniffer
Load tester
What is the primary goal of business continuity planning? ● Minimize decision-making during the development process ● Protecting an organization from major computer services failure ● Maintaining business operations with reduced or restricted infrastructure capabilities or resources ● Minimizing the organization's risk of service delays and interruptions
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first? O Fire the employee who uses the computer O Make a bit-level copy of the disk O Obtain a search warrant O Run forensic tools to examine the hard drive contents
Make a bit-level copy of the disk
Match each Manageable Network Plan milestone on the left with the tasks that are associated with that milestone on the right. Each milestone may be used once, more than once, or not at all. ● Prepare to Document ● Protect Your Network ● Map Your Network ● Reach Your Network
Make sure that remote access connections are secure ● Reach Your Network Create a list of all protocols being used on the network ● Map Your Network Identify the choke points on the network ● Protect Your Network Use timestamps on all documents ● Prepare to Document Create a list of all devices ● Map Your Network
Which of the following principles is implemented in a mandatory access control model to determine object access by classification level? O Ownership O Clearance O Separation of duties O Least privilege O Need to know
Need to know
If an organization shows suffcient due care, which burden is eliminated in the event of a security breach? ● Negligence ● Investigation ● Asset loss ● Liability
Negligence
Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies? ● Chinese Wall ● File Level DLR ● Network DLP ● Endpoint DLP
Network DLP
When is a BCP or DRP design and development actually completed? ● Only after testing and drilling ● Once senior management approves ● Only after implementation and distribution ● Never
Never
By definition, which security concept uses the ability to prove that a sender sent an encrypted message? O Authentication O Non-repudiation O Integrity O Privacy
Non-repudiation
What is the primary purpose of separation of duties? O Prevent conflicts of interest O Grant a greater range of control to senior management O Inform managers that they are not trusted O Increase the difficulty of performing administration
Prevent conflicts of interest
You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with? O Job rotation O Need to know O Principle of least privilege O Cross-training
Principle of least privilege
HIPAA is a set of federal regulations that define securiti guidelines. What do HIPAA guidelines protect? ● Availability ● Integrity ● Privacy ● Non-repudiation
Privacy
What is the most effective way to improve or enforce security in any environment? ● Enforcing account lockout ● Disabling Internet access ● Providing user-awareness training ● Requiring two-factor authentication
Providing user-awareness training
Which of the following best describes the concept of due care or due diligence? ● Reasonable precautions based on industry best practices are utilized and documented. ● Availability supersedes security unless physical harm is likely. ● Security through obscurity is best accomplished by port stealthing. ● Legal disclaimers are consistently and conspicuously displayed on all systems.
Reasonable precautions based on industry best practices are utilized and documented.
Match each Manageable Neüork Plan milestone on the left with the tasks that are associated with that milestone on the right. Each milestone may be used once, more than once, or not at all. ● Control Your Network ● Protect Your Network ● Manage Your Network ● Reach Your Network
Remove insecure protocols ● Reach Your Network Implement the principle of least privilege ● Control Your Network Segregate and isolate networks ● Protect Your Network Establish an update management process ● Manage Your Network Establish a baseline for all systems ● Manage Your Network
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution? O Need to know O Principle of least privilege O Dual administrator accounts O Separation of duties
Separation of duties
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principle should you implement to accomplish this goal? O Job rotation O Least privilege O Mandatory vacations O Implicit deny O Separation of duties
Separation of duties
Which of the following is defined as a contract that prescribes the technical support or business parameters a provider will bestow to its client? ● Final audit report ● Mutual aid agreement ● Service level agreement ● Certificate practice statement
Service level agreement
Match the general attack strategy on the left with the appropriate description on the right. (Each attack strategy may be used once, more than once, or not all.) O Reconnaissance O Breaching O Escalating privileges O Staging O Exploitation
Stealing information: O Exploitation Preparing a computer to perform additional tasks in the attack: O Staging Crashing systems: O Exploitation Gathering system hardware information: O Reconnaissance Penetrating system defenses to gain unauthorized access: O Breaching Configuring additional rights to do more than breach the system: O Escalating Privileges
Which is the cryptography mechanism that hides secret communications within various forms of data? O Codes O Signals O Polyinstantiation O Steganography
Steganography
You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuo Plan (BCP) with two other database professionals. Which type of BCP test is this considered? ● Succession planning ● Complex exercise ● Tabletop exercise ● Medium exercise
Tabletop exercise
Match the general defense methodology on the left with the appropriate description on the right. (Each methodology may be used once, more than once, or not all.) O Layering O Principle of least privilege O Variety O Randomness O Simplicity
The constant change in personal habits and passwords to prevent anticipated events and exploitation: O Randomness Diversifying layers of defense: O Variety Giving users only the access they need to do their job and nothing more: O Principle of least privilege Implementing multiple security measures to protect the same asset: O Layering Eliminating single points of failure: O Layering Giving groups only the access they need to do their job and nothing more: O Principle of least privilege
Which of the following best defines Single Loss Expectancy (SLE)? ● The monetary value of a single employee's loss of productivity due to a successful attack ● The statistical probability of a malicious event ● The total monetary loss associated with a single occurrence of a threat ● The total cost of all countermeasures associated with protecting against a given vulnerability
The total monetary loss associated with a single occurrence of a threat
When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated? ● Multiply the Single Loss Expectancy (SLE) by the standard annual deviation. ● Divide the static variable by the probability index. ● Multiply the Single Loss Expectancy (SLE) by the Annual Loss Expectancy (ALE). ● Through historical data provided by insurance companies and crime statistics.
Through historical data provided by insurance companies and crime statistics.
Which of the following tools would you use to validate the bandwidth on your network and identify when the bandwidth is significantly below what it should be? O Packet Sniffer O Protocol analyzer O Throughput Tester O Load Tester
Throughput Tester
What is the primary purpose of source code escrow? ● To obtain change rights over software after the vendor goes out of business ● To obtain resale rights over software after the vendor goes out of business ● To provide a backup copy of software to use for recovery in the event of a disaster ● To hold funds in reserve for unpredicted costs before paying the fees of the programmer
To obtain change rights over software after the vendor goes out of business
Purchasing insurance is what type of response to risk? ● Transference ● Deployment of a countermeasure ● Acceptance ● Rejection
Transference
What is the greatest threat to the confidentiality of data in most secure organizations? O USB devices O Operator error O Hacker intrusion O Malware
USB Devices
Which of the following is an example of a strong password? ● Robert694 ● atgiov45a ● desktop#7 ● a8bT11$yi
a8bT11$yi
Which of the following accurately describes what a protocol analyzer is used for? (Select two.) ☐ A device that does not allow you to capture, modify, and retransmit frames (to perform an attack). ☐ A device that can simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email. ☐ A device that measures the amount of data that can be transferred through a network or processed by a device. ☐ A passive device that is used to copy frames and allow you to view frame contents. ☐ A device that allows you to capture, modify, and retransmit frames (to perform an attack).
☐ A device that does not allow you to capture, modify, and retransmit frames (to perform an attack). ☐ A passive device that is used to copy frames and allow you to view frame contents.
A Service Level Agreement (SLA) defines the relationship and contractual responsibilities of providers and service recipients. Which of the following characteristics are most important when designing an SLA? (Select two.) ☐ Clear and detailed descriptions of penalties if the level of service is not provided. ☐ Employee vetting procedures that don't apply to contract labor. ☐ Detailed provider responsibilities for all continuity and disaster recovery mechanisms. ☐ Industry standard templates for all SLAS to ensure corporate compliance.
☑ Clear and detailed descriptions of penalties if the level of service is not provided. ☑ Detailed provider responsibilities for all continuity and disaster recovery mechanisms.
Which of the following statements is true regarding risk analysis? (Select two.) ☐ Don't implement a countermeasure if the cost is greater than loss. ☐ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year. ☐ Exposure factor is the percent of the asset lost from an unsuccessful threat attack. ☐ The value of an asset is the worth of a resource to the organization excluding qualitative values.
☑ Don't implement a countermeasure if the cost is greater than loss. ☑ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year.
You have recently been hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network plan for the network. You have already completed the first and second milestones, in which documentation procedures were identified and the network was mapped. You are now working on the third milestone, identifying ways to protect the network. Which tasks should you complete as a pan of this milestone? (Select two.) ☐ Create an approved application list for each network device ☐ Identify and document each user on the network ☐ Physically secure high-value systems ☐ Set account expiration dates ☐ Apply critical patches whenever they are released
☑ Identify and document each user on the network ☑ Physically secure high-value systems