Security PLUS (Set 04)

Which of the following reduce the risk of a threat agent being able to exploit a vulnerability? O Secure data transmissions O Implementation of VLANs O Countermeasures O Manageable neüvork plans

Countermeasures

Which of the following is not an appropriate response to a risk discovered during a risk analysis? ● Denial ● Assignment ● Mitigation ● Acceptance

Denial

When recovering from a disaster, which services should you stabilize first? ● Outside communications ● Mission-critical ● Financial support ● Least business-critical

Mission-critical

You have conducted a risk analysis to protect a key company asset. You identify the following values: • Asset value = 400 • Exposure factor = 75 • Annualized Rate of Occurrence = .25 What is the Single Loss Expectancy (SLE)? ● 100 ● 300 ● 475 ● 30000

300

You have conducted a risk analysis to protect a key company asset. You identify the following values: • Asset value = 400 • Exposure factor = 75 • Annualized rate of occurrence What is the Annualized Loss Expectancy (ALE)? ● 25 ● 75 ● 100 ● 175 ● 475

75

What is a service level agreement (SLA)? ● A contract with a legal entity to limit your asset loss liability ● A guarantee of a specific level of service ● A contract with an ISP for a specific level of bandwidth ● An agreement to support another company in the event of a disaster

A guarantee of a specific level of service

Which of the following is an example of an internal threat? O A server back door allows an attacker on the internet to gain access to the intranet site. O A water pipe in the server room breaks. O A delivery man is able to walk into a controlled area and steal a laptop. O A user accidentally deletes the new product designs.

A user accidentally deletes the new product design

What is the primary countermeasure to social engineering? ● Traffic filters ● Awareness ● Heavy management oversight ● A written security policy

Awareness

Which of the following is an important aspect of evidence gathering? O Monitoring user access to compromised systems O Restoring damaged data from backup media O Backing up all log files and audit trails O Purging transaction logs

Backing up all log files and audit trails

When duplicating a drive for forensic investigation purposes, which of the following copying methods is most appropriate? O Active sector cloning O Bit-level cloning O Drive mirroring O File by-file copying

Bit-level cloning

In business continuity planning, what is the primary focus of the scope? ● Company assets ● Human life and safety ● Recovery time objective ● Business processes

Business Processes

An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone who is not on the list? O Explicit allow O Explicit deny O Implicit deny O Implicit allow

Implicit deny

Which of the following is a security approach that combines multiple security controls and defenses and is sometime called defense in depth? O Perimeter security O Layered security O Countermeasure security O Network security O Cumulative security

Layered security

The chain of custody is used for which purposes? O Listing people coming into contact with evidence O Detailing the timeline between creation and discovery of evidence O Retaining evidence integrity O Identifying the owner of the evidence

Listing people coming into contact with evidence

Which of the following encryption methods combines a random value with plain text to produce cipher text? O Steganography O Elliptic curve O One-time pad O Transposition

One-time pad

You have discovered a computer that is connected to your network and was used for an attack. You have disconnected the computer from the network to isolate it and stop the attack. What should pu do next? O Make a hash of the hard drive O Clone the hard drive O Stop all running processes O Perform a memory dump

Perform a memory dump

Separation of duties is an example of which type of access control? O Preventive O Detective O Compensative O Corrective

Preventive

You want to examine the data on your network to find out if any of the following are happening: • Users are connecting to unauthorized websites • Cleartext passwords are allowed by protocols or services • Unencrypted traffic that contains sensitive data is on the network Which of the following tools would you use? O System logging O Throughput tester O Protocol analyzer O Load tester

Protocol analyzer

Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called? ● Risk ● Loss ● Residual risk ● Exposure

Residual risk

Which type of media preparation is sufficient for media that will be reused in a different security contexts within your organization? O Formatting O Deletion O Sanitization O Destruction

Sanitization

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent data extraction from the discs? ● Write junk data over the discs seven times ● Degauss the disks ● Delete the data on the discs ● Shred the disks

Shred the disks

Which type of cipher changes the position of the characters in a plain text message? O Substitution O Transposition O Steam O Block

Transposition

What is the best definition of a security incident? O Interruption of productivity O Compromise of the CIA of resources O Violation of a security policy O Criminal activity

Violation of a security policy

When would choosing to do nothing about an identified risk be acceptable? ● When the cost of protecting the asset is greater than the potential loss ● When the threat is most likely to come from an internal source instead of an external source ● When the threat is likely to occur less than once per year ● When the asset is an intangible asset instead of a tangible asset

When the cost of protecting the asset is greater than the potential loss

When a cryptographic system is used to protect the data confidentiality, what actually takes place? O Transmitting the encrypted data is prohibited O The data is available for access whenever authorized users need it O The data is protected from corruption or change O unauthorized users are prevented from viewing or accessing the resource

unauthorized users are prevented from viewing or accessing the resource

How can an organization help prevent social engineering attacks? (Select two.) ☐ Educate employees on the risks and countermeasures. ☐ Close all unneeded ports on firewalls. ☐ Publish and enforce clearly-written security policies. ☐ Implement IPsec on all critical systems.

☑ Educate employees on the risks and countermeasures. ☑ Publish and enforce clearly-written security policies.

Which of the following is the best definition of the term hacker? O A threat actor who lacks skills and sophistication but wants to impress their friends or garner attention. O Any individual whose attacks are politically motivated. O The most organized, well-funded, and dangerous type of threat actor. O A threat actor whose main goal is financial gain. O A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.

A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.

Which of the following is an example of a vulnerability? O Unauthorized access to confidential resources O A misconfigured server O Virus infection O Denial of servÄce attack

A misconfigured server

What is the average number of times that a specific risk is likely to be realized in a single year? ● Estimated maximum downtime ● Annualized rate of occurrence ● Exposure factor ● Annualized loss expectancy

Annualized rate of occurrence

Which of the following is the correct definition of a threat? O Absence or weakness of a safeguard that could be exploited O Any potential danger to the confidentiality, integrity, or availability of information or systems O Instance of exposure to losses from an attacker O The likelihood of an attack taking advantage of a vulnerability

Any potential danger to the confidentiality, integrity, or availability of information or systems

After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take? O Back up all logs and audits regarding the incident O Deploy new countermeasures O update the security policy O Restore and repair any damage

Back up all logs and audits regarding the incident

You have been asked to draft a document related to evidence-gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this? O CPS (certificate practice statement) O Chain of custody O Flps_140 O Rules of eh.qdence

Chain of custody

What is the most important element related to evidence in addition to the evidence itself? O Completeness O Witness testimony O Chain of custody document O Photographs of the crime scene

Chain of custody document

You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? ● Change management ● SLA ● Acceptable use ● Resource allocation

Change management

As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan? ● Redefine all roles and responsibilities ● Obtain senior management approval ● Perform new awareness sessions ● Collect and destroy all old plan copies

Collect and destroy all old plan copies

Need to know access is required to access which types of resources? O High-security resources O Low-security resources O Resources with unique ownership O Compartmentalized resources

Compartmentalized resources

A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is most pressing? O Non-repudiation O Availability O Confidentiality O Integrity

Confidentiality

By definition, which security concept ensures that only authorized parties can access data? O Non-repudiation O Integrity O Authentication O Confidentiality

Confidentiality

Smart phones with cameras and internet capabilities pose a risk to which security concept? O Confidentiality O Non-repudiation O Integrity O Availability

Confidentiality

You have hired 10 new temporary workers who will be with the company for three months. You want to make sure that after that time the user accounts cannot be used for login. What should you do? ● Configure day/time restrictions in the user accounts ● Configure account policies in Group Policy ● Configure account lockout in Group Policy ● Configure account expiration in the user accounts

Configure account expiration in the user accounts

You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic? O Configure the network interface to use protocol analysis mode O Configure the network interface to use promiscuous mode O Configure the netlvork intefface to use port mirroring mode O Configure the network interface to enable logging

Configure the network interface to use promiscuous mode

You have recently discovered that a network attack has compromised your database server. The attacker may have stolen customer credit card numbers. You have stopped the attack and implemented security measures to prevent the same incident from occurring in the future. What else might you be legally required to do? ● Implement training for employees who handle personal information ● Perform additional investigations to identify the attacker ● Contact your customers to let them know about the security breach ● Delete personally identifiable information from your computers

Contact your customers to let them know about the security breach

Which of the following is not a valid concept to associate with integrity? O Prevent the unauthorized change of data O Protect your environment so it maintains the highest source of truth O Control access to resources to prevent unwanted access O Ensure that your systems record the real information when collecting data

Control access to resources to prevent unwanted access

How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence? O Enable write protection O Write a log file to the media O Create a checksum using a hashing algorithm O Reset the file attributes on the media to read-only

Create a checksum using a hashing algorithm

As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same neüvork segment as the human resources department. Which of the following steps can be used to isolate these departments? ● Create a separate VLAN for each department ● Identify the choke points in your network ● Implement the principle of least privilege for the human resources department ● Move the sales department into the DMZ

Create a separate VLAN for each department

Which of the following is an example of privilege escalation? O Mandatory vacations O Principle of least privilege O Separation of duties O Creeping privileges

Creeping privileges

Which of the following is the best protection against security violations? ● Defense in-depth ● Monolithic security ● Fortress mentality ● Bottom-up decision-making

Defense in-depth

To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used? ● Asset classification ● Sensitivity' vs. risk ● Delphi method ● Comparative

Delphi method

When you inform an employee that they are being terminated, what is the most important activity? ● Allowing them to complete their current work projects ● Giving them two weeks' notice ● Disabling their network access ● Allowing them to collect their personal items

Disabling their network access

During a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence? O See who is connected to the access point and attempt to find the attacker O Disconnect the access point from the network O Run a packet sniffer to monitor traffic to and from the access point O Connect to the access point and examine its logs for information

Disconnect the access point from the network

You are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first? O Turn off the system O Stop all running processes O Document what's on the screen O Remove the hard drive

Document what's on the screen

Which of the following is the single greatest threat to network security? O Weak passwords O Employees O Email phishing O Insecure physical access to network resources

Employees

Which of the following is not a valid example of steganography? O Digital watermarking O Hiding text messages within graphical images O Encrypting a data file with an encryption key O Microdots

Encrypting a data file with an encryption key

Which type of data loss prevention system can be configured to block unauthorized email messages from being sent and, therefore, being subject to email retention rules? ● Network DLP ● Endpoint DLP ● File Level DLR ● Chinese Wall

Endpoint DLP

Change control should be used to oversee and manage changes over what aspect of an organization? ● Physical environment ● Every aspect ● Personnel and policies ● IT hardware and software

Every aspect

You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control will the access list use? O Explicit allow, implicit deny O Implicit allow, explicit deny O Implicit allow, implicit deny O Explicit allow, explicit deny

Explicit allow, implicit deny

Which of the following is a recommendation to use when a specific standard or procedure does not exist? ● Procedure ● Standard ● Baseline ● Guideline

Guideline

Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? O Insider O Nation state O Competitor O Script kiddie O Hacktivist

Hacktivist

Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence? O Hashing O Photographs O Serial number notation O File directory listing

Hashing

Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.) O Policies, Procedures, and Awareness O Perimeter O Host O Data

Includes OS hardening, patch management, malware, and password attacks: O Host Includes how to manage employee onboarding and off-boarding: O Policies, Procedures, and Awareness Includes cryptography and secure transmissions: O Data Includes user education and manageable network plans: O Policies, Procedures, and Awareness Includes firewalls using ACLs and securing the wireless network: O Perimeter

Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.) O Physical O Network O Host O Application

Includes fences, door locks, mantraps, turnstiles, device locks, and server cages: O Physical Includes each individual workstation, laptop, and mobile device: O Host Includes authentication and authorization, user management, and group policies: O Application Includes cameras, motion detectors, and even environmental controls: O Physical Includes implementation of VLANs, penetration testing, and the utilization of virtualization: O Network

The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following: • Create and follow onboarding and off-boarding procedures • Employ the principle of least privilege • Have appropriate physical security controls in place Which type of threat actor do these steps guard against? O Script Kiddie O Competitor O Hacktivist O Insider

Insider

Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity' provide? O Integrity O Availability O Non-repudiation O Confidentiality

Integrity

You are concerned that the accountant in your organization might have the chance to modify' financial information and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which security principle are you implementing by periodically shifting accounting responsibilities? O Separation of duties O Least privilege O Need to know O Explicit deny O Job rotation

Job rotation

A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the best defense against script kiddie attacks? O Properly secure and store data backups. O Build a comprehensive security' approach that uses all aspects of threat prevention and protection. O Implement email filtering systems. O Have appropriate physical security controls in place. O Keep systems up to-date and use standard security practices.

Keep systems up to-date and use standard security practices.

Which of the following is not an accepted countermeasure to strengthen a cryptosystem? ● Implement long key spaces ● Keep the cryptosystem a secret ● Implement strong systems with redundant encipherment ● use strong passwords

Keep the cryptosystem a secret

In a cryptographic system, what properties should the initialization vector have? (Select two.) ☐ Large ☐ Unpredictable ☐ Predictable ☐ Shon ☐ Uniform

Large Unpredictable

Which of the following tools would you use to simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email? O Protocol analyzer O Throughput tester O Load tester O Packet sniffer

Load tester

What is the primary goal of business continuity planning? ● Minimize decision-making during the development process ● Protecting an organization from major computer services failure ● Maintaining business operations with reduced or restricted infrastructure capabilities or resources ● Minimizing the organization's risk of service delays and interruptions

Maintaining business operations with reduced or restricted infrastructure capabilities or resources

You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first? O Fire the employee who uses the computer O Make a bit-level copy of the disk O Obtain a search warrant O Run forensic tools to examine the hard drive contents

Make a bit-level copy of the disk

Match each Manageable Network Plan milestone on the left with the tasks that are associated with that milestone on the right. Each milestone may be used once, more than once, or not at all. ● Prepare to Document ● Protect Your Network ● Map Your Network ● Reach Your Network

Make sure that remote access connections are secure ● Reach Your Network Create a list of all protocols being used on the network ● Map Your Network Identify the choke points on the network ● Protect Your Network Use timestamps on all documents ● Prepare to Document Create a list of all devices ● Map Your Network

Which of the following principles is implemented in a mandatory access control model to determine object access by classification level? O Ownership O Clearance O Separation of duties O Least privilege O Need to know

Need to know

If an organization shows suffcient due care, which burden is eliminated in the event of a security breach? ● Negligence ● Investigation ● Asset loss ● Liability

Negligence

Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies? ● Chinese Wall ● File Level DLR ● Network DLP ● Endpoint DLP

Network DLP

When is a BCP or DRP design and development actually completed? ● Only after testing and drilling ● Once senior management approves ● Only after implementation and distribution ● Never

Never

By definition, which security concept uses the ability to prove that a sender sent an encrypted message? O Authentication O Non-repudiation O Integrity O Privacy

Non-repudiation

What is the primary purpose of separation of duties? O Prevent conflicts of interest O Grant a greater range of control to senior management O Inform managers that they are not trusted O Increase the difficulty of performing administration

Prevent conflicts of interest

You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with? O Job rotation O Need to know O Principle of least privilege O Cross-training

Principle of least privilege

HIPAA is a set of federal regulations that define securiti guidelines. What do HIPAA guidelines protect? ● Availability ● Integrity ● Privacy ● Non-repudiation

Privacy

What is the most effective way to improve or enforce security in any environment? ● Enforcing account lockout ● Disabling Internet access ● Providing user-awareness training ● Requiring two-factor authentication

Providing user-awareness training

Which of the following best describes the concept of due care or due diligence? ● Reasonable precautions based on industry best practices are utilized and documented. ● Availability supersedes security unless physical harm is likely. ● Security through obscurity is best accomplished by port stealthing. ● Legal disclaimers are consistently and conspicuously displayed on all systems.

Reasonable precautions based on industry best practices are utilized and documented.

Match each Manageable Neüork Plan milestone on the left with the tasks that are associated with that milestone on the right. Each milestone may be used once, more than once, or not at all. ● Control Your Network ● Protect Your Network ● Manage Your Network ● Reach Your Network

Remove insecure protocols ● Reach Your Network Implement the principle of least privilege ● Control Your Network Segregate and isolate networks ● Protect Your Network Establish an update management process ● Manage Your Network Establish a baseline for all systems ● Manage Your Network

Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution? O Need to know O Principle of least privilege O Dual administrator accounts O Separation of duties

Separation of duties

You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principle should you implement to accomplish this goal? O Job rotation O Least privilege O Mandatory vacations O Implicit deny O Separation of duties

Separation of duties

Which of the following is defined as a contract that prescribes the technical support or business parameters a provider will bestow to its client? ● Final audit report ● Mutual aid agreement ● Service level agreement ● Certificate practice statement

Service level agreement

Match the general attack strategy on the left with the appropriate description on the right. (Each attack strategy may be used once, more than once, or not all.) O Reconnaissance O Breaching O Escalating privileges O Staging O Exploitation

Stealing information: O Exploitation Preparing a computer to perform additional tasks in the attack: O Staging Crashing systems: O Exploitation Gathering system hardware information: O Reconnaissance Penetrating system defenses to gain unauthorized access: O Breaching Configuring additional rights to do more than breach the system: O Escalating Privileges

Which is the cryptography mechanism that hides secret communications within various forms of data? O Codes O Signals O Polyinstantiation O Steganography

Steganography

You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuo Plan (BCP) with two other database professionals. Which type of BCP test is this considered? ● Succession planning ● Complex exercise ● Tabletop exercise ● Medium exercise

Tabletop exercise

Match the general defense methodology on the left with the appropriate description on the right. (Each methodology may be used once, more than once, or not all.) O Layering O Principle of least privilege O Variety O Randomness O Simplicity

The constant change in personal habits and passwords to prevent anticipated events and exploitation: O Randomness Diversifying layers of defense: O Variety Giving users only the access they need to do their job and nothing more: O Principle of least privilege Implementing multiple security measures to protect the same asset: O Layering Eliminating single points of failure: O Layering Giving groups only the access they need to do their job and nothing more: O Principle of least privilege

Which of the following best defines Single Loss Expectancy (SLE)? ● The monetary value of a single employee's loss of productivity due to a successful attack ● The statistical probability of a malicious event ● The total monetary loss associated with a single occurrence of a threat ● The total cost of all countermeasures associated with protecting against a given vulnerability

The total monetary loss associated with a single occurrence of a threat

When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated? ● Multiply the Single Loss Expectancy (SLE) by the standard annual deviation. ● Divide the static variable by the probability index. ● Multiply the Single Loss Expectancy (SLE) by the Annual Loss Expectancy (ALE). ● Through historical data provided by insurance companies and crime statistics.

Through historical data provided by insurance companies and crime statistics.

Which of the following tools would you use to validate the bandwidth on your network and identify when the bandwidth is significantly below what it should be? O Packet Sniffer O Protocol analyzer O Throughput Tester O Load Tester

Throughput Tester

What is the primary purpose of source code escrow? ● To obtain change rights over software after the vendor goes out of business ● To obtain resale rights over software after the vendor goes out of business ● To provide a backup copy of software to use for recovery in the event of a disaster ● To hold funds in reserve for unpredicted costs before paying the fees of the programmer

To obtain change rights over software after the vendor goes out of business

Purchasing insurance is what type of response to risk? ● Transference ● Deployment of a countermeasure ● Acceptance ● Rejection

Transference

What is the greatest threat to the confidentiality of data in most secure organizations? O USB devices O Operator error O Hacker intrusion O Malware

USB Devices

Which of the following is an example of a strong password? ● Robert694 ● atgiov45a ● desktop#7 ● a8bT11$yi

a8bT11$yi

Which of the following accurately describes what a protocol analyzer is used for? (Select two.) ☐ A device that does not allow you to capture, modify, and retransmit frames (to perform an attack). ☐ A device that can simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email. ☐ A device that measures the amount of data that can be transferred through a network or processed by a device. ☐ A passive device that is used to copy frames and allow you to view frame contents. ☐ A device that allows you to capture, modify, and retransmit frames (to perform an attack).

☐ A device that does not allow you to capture, modify, and retransmit frames (to perform an attack). ☐ A passive device that is used to copy frames and allow you to view frame contents.

A Service Level Agreement (SLA) defines the relationship and contractual responsibilities of providers and service recipients. Which of the following characteristics are most important when designing an SLA? (Select two.) ☐ Clear and detailed descriptions of penalties if the level of service is not provided. ☐ Employee vetting procedures that don't apply to contract labor. ☐ Detailed provider responsibilities for all continuity and disaster recovery mechanisms. ☐ Industry standard templates for all SLAS to ensure corporate compliance.

☑ Clear and detailed descriptions of penalties if the level of service is not provided. ☑ Detailed provider responsibilities for all continuity and disaster recovery mechanisms.

Which of the following statements is true regarding risk analysis? (Select two.) ☐ Don't implement a countermeasure if the cost is greater than loss. ☐ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year. ☐ Exposure factor is the percent of the asset lost from an unsuccessful threat attack. ☐ The value of an asset is the worth of a resource to the organization excluding qualitative values.

☑ Don't implement a countermeasure if the cost is greater than loss. ☑ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year.

You have recently been hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network plan for the network. You have already completed the first and second milestones, in which documentation procedures were identified and the network was mapped. You are now working on the third milestone, identifying ways to protect the network. Which tasks should you complete as a pan of this milestone? (Select two.) ☐ Create an approved application list for each network device ☐ Identify and document each user on the network ☐ Physically secure high-value systems ☐ Set account expiration dates ☐ Apply critical patches whenever they are released

☑ Identify and document each user on the network ☑ Physically secure high-value systems