Cybersecurity Management II - Tactical - C795 Ucertify Extra Questions
Because of the value of your company's data, your company has asked you to ensure data availability. You want to implement the techniques that can help to ensure data availability. Which mechanism(s) should you implement? auditing techniques data recovery techniques authentication techniques fault tolerance techniques access control techniques
You should implement data recovery and fault tolerance techniques to ensure data availability
Recently, an employee of your organization made illegal copies of your organization's intellectual property. This is a direct violation of your organization's employment policies. You need to create an incident response team to investigate the crime. Who should NOT be a part of an incident response team? HR department a Public Relations department senior management Federal government Information Technology department
a Public Relations department senior management
Your company has decided to implement anomaly-based monitoring on your network. You obtain a new server that will perform this monitoring. You must ensure that the monitoring is effective. For this type of monitoring to be effective, what must be in place?
a baseline
What is NOT an example of an operational control?
a business continuity plan
Question 101 :What is a correct description of a honeypot system?
a computer used to entice an attacker
What is a physical barrier that acts as the first line of defense against an intruder?
a fence
Question 18 :Which type of incident is NOT usually addressed in a contingency plan?
a hurricane
Question 130 :Which intrusion detection system (IDS) uses a magnetic field to detect intrusions?
a proximity detector
Question 8 : You need to protect data on computer networks from power spikes. What should you use?
a surge suppressor
Which functions are NOT associated in a properly segregated environment?
access authorization and auditing
Question 88 :At which point should a configuration change be documented to the change log?
after the change is implemented
As a part of the incident response team, you have been given a procedures document that identifies the steps you must complete during a forensic investigation. When should the evidence collection step be completed?
after the incident has been identified and the evidence has been preserved
When should you install a software patch on a production server?
after the patch has been tested
Your organization implements a full/differential backup scheme. A full backup was completed two days ago. Yesterday, a differential backup was completed. Which files were backed up yesterday
all files in a backup set that were changed or created since the last full backup
Question 41 :Which of the following should be members of the Computer Security Incident Response Team (CSIRT)? IT department member Legal department member Public relations department member Management team member
all of the options
To improve security, which mechanisms should be utilized with a cipher lock? door delay key override master keying hostage alarm
all of the options
Which technologies are considered remote-sensing technologies? unmanned aircraft manned aircraft satellites land-based cameras
all of the options
Question 92 :Your company implements a honeypot as intrusion prevention. Management is concerned that this honeypot would be considered entrapment and has asked you to ensure that entrapment does not occur. Which situation should you prevent?
allowing downloads on a honeypot
Question 20 :What occurs during the reconstitution phase of a recovery?
an organization transitions back to its original site
You have been asked to implement network monitoring that detects any changes or deviations in network traffic. While setting up the monitoring, you establish network traffic baselines. Which type of monitoring are you implementing?
anomaly-based
Your company has several different types of network monitoring that it uses to detect and prevent network attacks. Which type of monitoring is most likely to produce a false alert?
anomaly-based
Question 82 :Your company monitors several events to ensure that the security of your servers is not compromised, and that the performance of your servers is maintained within certain thresholds. A security consultant has been hired by your company to analyze organizational security measures. The consultant has requested access to the security monitoring logs. You need to limit the amount of audit log information you provide by discarding information that is not needed by the consultant. Which tool should you use?
audit-reduction tool
You are creating a monitoring solution for your company's network. You define a rule that prevents an e-mail client from executing the cmd.exe command and alerts you when this is attempted. Which type of monitoring are you using?
behavior-based
Question 17 : Which plan is written to attempt to prevent a disaster from impacting the organization and/or to lessen a disaster's impact?
business continuity plan
Who is responsible for approving change requests?
change control board
Question 125 :Which principle stipulates that multiple changes to a computer system should NOT be made at the same time?
change management Change management stipulates that multiple changes to a computer system should NOT be made at the same time. This makes tracking any problems that can occur much simpler. Change management includes the following rules:
Your data center has its own lock to prevent entry. Your organization's security plan states that the lock to the data center should be programmable. Which type of lock should you use?
cipher lock
You have established user error threshold baselines for your organization's network that will alert you if suspicious activity occurs. What are the baselines called?
clipping levels
Question 3 :Which fault tolerant solution is the most expensive to implement?
clusters
Which site usually takes the longest to configure when needed?
cold site
Question 95 :Which process includes auditing and tracking of changes made to the trusted computing base?
configuration management
You need to ensure that all systems, networks, and major applications can be recovered. What should you create or perform?
contingency plan
Question 37 :Recently, flooding damaged the building that houses your company's data center. Your team has been asked to determine which functions were affected by the flooding, and which functions are most critical. Which disaster recovery step are you performing?
damage assessment
Question 25 :While developing the business continuity plan, your team must create a plan that ensures that normal operation can be resumed in a timely manner. Which element is your team creating?
disaster recovery plan
Which business continuity plan element is primarily concerned with minimizing property damage and preventing loss of life?
disaster recovery plan
Question 36 :Which of the following business continuity exercises can be quite involved and should be performed annually?
disaster simulation testing
What is the term for RAID 1 implemented with a single hard disk controller?
disk mirroring
Question 10 :Which electronic backup solution backs up data in real time but transmits the data to an offsite facility in batches?
electronic vaulting
Question 33 :Which plan ensures that a vital corporate position is filled in the event it is vacated during a disaster?
executive succession plan
Your organization has asked that you reassess the organization's security plan to see if it fully addresses crime and disruption prevention through deterrence. Which security mechanism covers this issue?
fences
Question 80 :Company management has recently become concerned about security issues involving company employees. You have been asked to improve user accountability by monitoring system events. Which audit events should NOT be monitored?
file creation
Over the next weekend, your team is scheduled to perform tests that include shutting down the live site and bringing the alternate site up to full operation. Which test will be performed?
full-interruption test
As a member of your organization's security team, you are examining all aspects of operations security for your network. You must determine the countermeasures that can be used in operations security. You have already examined the resources and information that must be protected. What is the third asset type that must be examined?
hardware
Question 15 :Your organization is researching alternate computing facilities to ensure that the organization is able to function if the primary facility is destroyed. Which offsite facility is the most expensive to implement?
hot site
Question 129 :Which update type makes repairs to a computer during its normal operation so that the computer can continue to operate until a permanent repair can be made?
hotfix
A user inherits a permission based on his group membership. Which type of right has been implemented?
implicit right An implicit right occurs when a user inherits a permission based on group membership. It can also occur due to role assignment.
During the business impact analysis (BIA), the business continuity committee identifies a server that has a maximum tolerable downtime (MTD) of 48 hours. Into which maximum tolerable downtime (MTD) category should this system be placed?
important A critical system would need to be restored in under 24 hours. An urgent system would need to be restored within 24 hours. A normal system would need to be restored within 7 days. A nonessential system would need to be restored in 30 days.
Question 121 :Which option is NOT an administrative control for physical security?
intrusion detection
Question 70 :Which access control principle ensures that a particular role has more than one person trained to perform its duties?
job rotation
Which arrangement enables you to identify fraudulent activity by allowing an employee to perform more than one role in the organization?
job rotation
Question 49 :Your organization has decided to implement a network-based intrusion detection system (NIDS). What is the primary advantage of using this type of system?
low maintenance
Question 34 :Which term refers to the amount of time a company can tolerate the outage of a certain asset, entity, or service?
maximum tolerable downtime
Question 6 :What is the term for providing fault tolerance by copying the contents of one hard drive to another?
mirroring
Question 84 :You have decided to utilize a host-based intrusion detection system (HIDS) to provide added security on your company's network. Which sources of information are NOT utilized by this system to analyze an intrusion attempt? system logs network packets operating system alarms operating system audit trails
network packets operating system alarms
Management has asked you to implement a honeypot. Where should this computer reside?
on the demilitarized zone (DMZ)
Which type of security identifies the process of safeguarding information assets after the implementation of security?
operations security
Question 53 :Users report that they are having trouble accessing several servers on your organization's network. The cause of this problem must be determined. Who should troubleshoot this issue?
operations team
According to the business continuity plan, this week your team must complete a test of specific systems to ensure their operation at alternate facilities. The results of the test must be compared with the live environment. Which test are you completing?
parallel test
Which issue is BEST monitored by logging CPU load and memory usage
performance issue
Which device lock prevents access to hard drives or unused ports in a computer?
port control
Your organization has responded to a security incident. The breach has been contained, and all systems have been recovered. What should you do last as part of the incident response?
post-mortem review
Which backup facility is owned by the company and can be brought online relatively easily?
redundant site
Question 51 :Which method of resetting the BIOS password requires physical access to the computer?
resetting the CMOS contents via hardware
Question 27 :An earthquake damaged the building that houses your organization's data center. As a result, the alternate site in New Jersey must be configured and brought online. Which team should be responsible for this?
restoration team
Your company network has been breached. During the breach, the attacker removes incriminating data from your company's audit logs to prevent prosecution. What is this process called?
scrubbing
What is a term that is synonymous with security label?
sensitivity label
Question 50 :As an organization's security administrator, you must prevent conflicts of interest when assigning personnel to complete certain security tasks. Which operations security tenet are you implementing?
separation of duties
You have been asked to monitor traffic on your network. While researching the different monitoring methods, you become concerned about monitoring that requires regular updates to ensure its effectiveness. Which type of monitoring requires that updates be regularly obtained to ensure its effectiveness?
signature-based
Which stipulation is usually NOT provided in an offsite vendor contract?
specific location of the offsite facility
Question 56 :Which element is NOT a functional component of an intrusion detection system (IDS)?
statistical intrusion detector
Which operating system failure requires intervention of system administrator for system restoration?
system cold start
What is meant by MTBF?
the estimated amount of time that a piece of equipment should remain operational before failure
Your organization has a safe for storing corporate laptops when they are not being used. As part of the security plan, you must ensure that the safe engages an extra lock if the safe's temperature exceeds a certain level. This will provide protection against drilling. Which type of lock should you implement?
thermal relock
Question 66 :What is the primary objective of privilege management?
to ensure control over user permissions and access rights
Question 73 :According to your organization's data backup policy, you must keep track of the number and location of backup versions of the organization's data. What is the main purpose of this activity?
to ensure proper disposal of information
You have recently been hired as the security administrator for your organization. You have been given several security reports. One of the reports shows statistical information from the organization's anomaly detector. What is the primary task of this system?
to identify abnormal activity
Question 81 :Your organization has decided to implement a dual backbone. What is the purpose of this?
to provide local area network (LAN) redundancy
Your company has a backup solution that performs a full backup each Saturday evening and an incremental backup all other evenings. A vital system crashes on Monday morning. How many backups will need to be restored?
two
Question 12 :What is covered by the last step of a business continuity plan?
updating the plan
Which activity is NOT a function of an intrusion detection system (IDS)?
verification of only the threats inside the network
Question 117 :Which of the following is NOT a type of mechanical tumbler lock?
warded
OPEN Question 21 :Your organization has created an exhaustive disaster recovery plan. When should it be implemented?
when the company is in emergency mode
Question 94 :What is the first step of the equipment life cycle?
Assessment
As part of your organization's new security initiative, you must ensure that all systems are hardened. What should you do? Remove all unneeded applications. Remove or disable all unneeded services. Configure application services to use the same non-privileged account. Configure database services to use a non-privileged account.
To harden a system, you should complete the following steps: Remove all unneeded applications. Remove or disable all unneeded services. Configure database services to use a non-privileged account. Configure each application service to use its own non-privileged account.
Which statement best describes a two-man control?
Two operators review and approve each other's work.
Question 99 :You are deploying anti-virus software on your organization's network. All of the following are guidelines regarding anti-virus software, EXCEPT:
Update anti-virus signatures only via a local server.
You must document the appropriate guidelines that should be included as part of any security policy that involves personnel who travel with company-issued devices. You have been given a list that should be included in the guidelines as follows: Transport devices in checked baggage. Use encryption when possible. Do not leave the device unattended. Do not use WiFi networks. Which are valid guidelines that should be included as part of the guidelines for personnel?
Use encryption when possible. Do not leave the device unattended. Do not use WiFi networks.
As an IT department manager, you must ensure high availability and performance for your organization's network. You must also ensure that the network is secure. What is the relationship between network performance and security?
When you increase the security mechanisms, performance usually decreases.
A ________ is a program that spreads itself through network connections
Worm -
Question 58 :You have been given several suggestions for implementing the principle of least privilege. What is the BEST implementation of this principle?
Issue the Run as command to execute administrative tasks during a regular user session.
Your company has implemented a host-based intrusion detection system (HIDS). You have recently become concerned with problems when these systems are implemented. What is a major problem when deploying this type of system?
It must be deployed on each computer that needs it.
Question 4 :Your organization is implementing a new file server. You have been asked to implement a disk subsystem that is a failure-resistant disk system (FRDS). Which criterion should this system meet?
It protects against data loss due to disk drive failure.
You have just received an alert than a network intrusion attempt has been detected. You need to launch the initial countermeasures for this attack. Which action is NOT recommended as an initial countermeasure?
Launch a counterattack on the intruder.
Question 35 :Which term is an estimate of the amount of time a piece of equipment will last and is usually determined by the equipment vendor or a third party?
MTBF Mean time between failures (MTBF) is an estimate of the amount of time a piece of equipment will last and is usually determined by the equipment vendor or a third party.
Which statement is true of a trusted computing base (TCB)?
A TCB contains the security kernel and other security protection mechanisms.
Backdoor - a developer hook in a system or application that allows developers to circumvent normal authentication Logic bomb - a program that executes when a certain predefined event occurs Spyware - a program that monitors and tracks user activities Trojan horse - a program that infects a system under the guise of another legitimate program
The Different (4) types of malware
Management has notified you that the mean time to repair (MTTR) a critical hard drive is too high. You need to address this issue with the least amount of expense. What should you do?
Add another hard drive, and implement disk mirroring.
________ is a software application that displays advertisements while the application is executing
Adware -
Question 77 :You must document the appropriate guidelines that should be included as part of any security policy that involves personnel who travel with company-issued devices. You have been given a list of possible tips that travelers should be included in the guidelines as follows: Privacy when traveling, no matter the connection medium, is not guaranteed. Personnel movements can be tracked using mobile devices. Malicious software can be inserted onto a device from any connection that is controlled by someone else or through thumb drives. Do not take the device with you if you do not need it. Which tips are valid tips that should be included as part of the guidelines for personnel?
All of the points
Question 106 :Which statement is true of the dedicated security mode?
All users have the clearance and formal approval required to access all the data.
Which statement is NOT a characteristic of a network-based intrusion detection system (NIDS)?
An NIDS analyzes encrypted information.
Question 55 :Which statement is true of a network-based intrusion detection system (NIDS)?
An NIDS cannot detect an intruder logged on to a host computer.
Question 46 : Which statements regarding an audit trail are NOT true? An audit trail is a preventive control. An audit trail assists in intrusion detection. An audit trail does not record successful login attempts. An audit trail establishes accountability for access control. An audit trail is not reviewed as soon as an intrusion is detected.
An audit trail is a preventive control. An audit trail does not record successful login attempts. An audit trail is not reviewed as soon as an intrusion is detected.
___________a computer that is hacked when a malicious program is installed on it and remotely triggered
Botnet -
Question 75 :You want to ensure that employees can use a code to alert the proper authorities when they are under duress. With which physical security measure can this be used? cipher lock security guard combination lock biometric system
Cipher, Security guard, biometric system
While examining performance reports for your organization's resources, you notice a significant performance increase on your organization's file server. The server log indicates that the memory and hard drive of the file server were upgraded. As a member of the operations team, what should you do?
Create a new performance baseline for the file server.
Which statement is true of lighting of critical areas?
Critical areas should use continuous lighting and be illuminated eight feet in height to two foot-candles
You have received a list of users and their jobs. You need to implement the principle of least privilege. What is the next step that should be performed?
Determine the minimum set of privileges needed to perform the user's job.
You have been asked to reduce the surface area of a Windows Server 2012 computer that acts as a Web server. Which step is NOT included in reducing surface area attacks?
Disable auditing.
During a recent security audit of your company's network, contractors suggested that the operating systems on client computers are not sufficiently hardened. Which steps are crucial to ensure that an operating system is hardened?
Disable unnecessary services.
What are some of the areas for which employees must be trained so that they follow procedures when a disaster occurs? restoration procedures evacuation procedures investigation procedures communication procedures
Employees should be trained in restoration procedures, evacuation procedures, and communication procedures
Question 128 :You receive an unsolicited e-mail from an application vendor stating that a security patch is available for your application. Your company's security policy states that all applications must be updated with security patches and service packs. What should you do?
Go to the vendor's Web site to download the security patch.
As part of your organization's security policy, you must monitor access control violations. Which method(s) should you use? ACLs IDSs backups audit logs
IDS Audit Log
You have been asked to implement a system that detects network intrusion attempts and controls access to the network for the intruders. Which system should you implement?
IPS
Question 16 : You have been asked to work with a team to design your company's business continuity plan. The team has defined the scope of the business continuity plan. What is the next step?
Identify the key business areas.
Question 43 :Which statement is true of computer incident handling?
Investigation by the computer incident response team should involve a representative from the senior management.
You are setting up the server computers for a new company. You have been asked to design the access control lists (ACLs) for the files and folders on the servers. Which principle(s) affect the design? Kerberos SESAME need to know least privilege single sign-on
Need to know and least privilege affect the design of access control lists (ACLs)
Question 63 :As part of routine maintenance, your organization requires that system administrators perform a routine access review and audit. As part of this process, you decide to audit user access to files and folders. Which Windows audit policy should you enable?
Object access
Question 62 :You have been tasked with designing the audit policy for your company based on your company's security policy. What is the first step you should take?
Plan the audit strategy.
Question 19 :You are performing embedded device analysis on a GPS chip in a mobile phone. You perform cryptographic hashing, create checksums, and document all the evidence. Which phase of embedded device analysis are you performing?
Preservation
Question 13 :Your organization is considering leasing an off-site data center to provide facility recovery if a disaster occurs. Management wants to lease a cold site. What are some disadvantages of this type of site? expense recovery time administration time testing availability
Recovery and testing availability
You have been asked to design your company's change management process. What is the first step of this process?
Request the change.
Question 22 :During a recent natural disaster, the primary location for your organization was destroyed. To bring the alternate site online, you restored the most critical systems first. Now a new primary site is complete, and you need to ensure that the site is brought online in an orderly fashion. What should you do first?
Restore the least critical functions to the new primary site.
_________a collection of programs that grants a hacker administrative access to a computer or network
Rootkit -
Question 90 :Which items do NOT complement an intrusion detection system (IDS)? vulnerability analysis system sensors honeypots padded cells centralized monitoring software
Sensors and centralized monitoring software are actually primary components of any IDS and do not complement the IDS
Question 79 :Which tool is an intrusion detection system (IDS)?
Snort
Question 104 :Users report that your company's Windows Server terminal server is experiencing performance issues. You have a performance baseline for the server. You suspect that the terminal server is under attack from a hacker. Which tool should you use to determine if the performance of the server has degraded?
System Monitor
Your organization is concerned with unauthorized users downloading confidential data to removable media. You decide to encrypt the company's confidential data using the operating system's encryption feature. What does this ensure?
The data is protected while it is on the original media only.
Question 107 :Which statement is true of a multilevel security mode?
The multilevel security mode involves the use of sensitivity labels.
Question 1 :A security technician reports to you that a file server is experiencing unscheduled initial program loads (IPLs). Which statement BEST explains this problem?
The system is rebooting.
Question 29 :The business continuity committee has developed the business impact analysis (BIA), identified the preventative controls that can be implemented, and developed the recovery strategies. Next, the committee should develop a contingency plan. Which teams should be included in this plan's development to aid in the execution of the final plan? restoration team damage assessment team salvage team risk management team incident response team
The teams that should be included in the contingency plan's development to aid in the execution of the final plan are the restoration, damage assessment, and salvage teams.
Question 113 : What are the main types of mechanical locks? combination locks cipher locks warded locks tumbler locks
The two main types of mechanical locks are warded locks and tumbler locks.
