Module III Quiz
Your manager is concerned that if the company e-mail server fails, then the company will no longer have access to e-mail services. What solution would you recommend? A. Clustering B. Load balancing C. RAID 5 D. Full backup
A. Clustering
Sue comes to you asking if it is okay if she downloads movies to her company laptop with a P2P program so that she can watch the movies while she is away on business. Which of the following is the best response? A. Educate Sue on the fact that P2P programs are popular ways to spread viruses, so no, the company does not allow P2P software on its systems. B. Tell her no. C. Tell her yes, as long as she does not watch the movies during work hours. D. Tell her yes, as long as she places the downloaded movies on the server so that you can scan them for viruses.
A. Educate Sue on the fact that P2P programs are popular ways to spread viruses, so no, the company does not allow P2P software on its systems.
Bob requires the capabilities to change the system time on the computers, but instead of adding Bob to the Administrators group (who can change the time on the computer), you grant Bob the Change System Time right. This is an example of following which security principle? A. Least privilege B. Job rotation C. Separation of duties D. AUP
A. Least privilege
What is the first step in creating a security policy? A. Obtain management approval and support. B. Create the AUP. C. Download sample templates. D. Review job roles.
A. Obtain management approval and support.
Which type of risk analysis involves calculating the actual dollars lost due to a threat occurring? A. Quantitative B. Qualitative C. Risk assessment D. Mitigation
A. Quantitative
You are the security administrator for a company and wish to implement a solution that will reduce data loss in the case of a drive failure. Which of the following would you use? A. RAID B. Server clustering C. Load balancing D. Virtualization
A. RAID
Your manager is concerned that the drive that holds the company data will fail, rendering the data unavailable. What protection method can you put on the drives to help in drive disasters? A. RAID B. Backups C. Load balancing D. Clustering
A. RAID
What RAID level mirrors the data from one drive to another? A. RAID 1 B. RAID 5 C. RAID 3 D. RAID 0
A. RAID 1
Before reusing target drives to acquire bit-level copies of a suspect's drive for a new case, what should be done? A. Securely wipe the target drive. B. Image the target drive. C. Delete all the files off the target drive. D. Format the target drive
A. Securely wipe the target drive.
The lead investigator in your office is looking for help with an investigation. You both have identified the evidence that needs to be obtained and planned how to obtain it, including evidence from a computer and cell phone. What is your next step? A. Seize the evidence. B. Acquire the evidence. C. Create a CIRT. D. Power off the switch
A. Seize the evidence.
Looking at a threat against one of your assets, you have decided to get an insurance policy that covers the risk. How have you handled the risk? A. Transfer B. Accept C. Mitigate D. Deny
A. Transfer
You have been tasked to design a disaster recovery alternative site solution to ensure that all the equipment and services are in place with minimal restoration time. What type of alternative site are you looking to use? A. Warm site B. Hot site C. Cold site D. Spare site
A. Warm site
Informs employees of rules for Internet and e-mail usage
AUP
RTO
Amount of time allowable for the restoration of a business function
MTTF
Amount of time before a device fails
MTTR
Amount of time to recover a system
A small company has identified that having the company server in the closet of a facility and not having it in a locked room presents a risk. They decide to do nothing to correct the threat. How have they handled the risk? A. Transfer B. Accept C. Mitigate D. Deny
B. Accept
You are talking with management about ways to limit security threats such as tailgating within the company. Management has said there is no money to spend on controls such as mantraps. What can you do to reduce the risk of tailgating? A. Purchase an additional lock. B. Conduct training and awareness. C. Purchase a revolving door. D. Purchase a mantrap.
B. Conduct training and awareness.
John is a member of an incident response team and is the first responder. John responds to a security incident that involves a virus infection on a system. Which of the following actions should John do first? A. Document the state of the system. B. Disconnect the system from the network. C. Inventory the software on the system. D. Do a live acquisition of memory
B. Disconnect the system from the network.
Which of the following is required throughout the entire process of the investigation? A. Consult a CIRT B. Document each step C. Security policy D. Legal advisor
B. Document each step
Which of the following are considered PII that must be secured at all times? (Choose two.) A. Postal code B. Driver's license number C. City name D. Social Security number E. Street name
B. Driver's license number and D. Social Security number
Which of the following are common steps to performing the BIA? (Choose three.) A. Choose an alternative site location. B. Identify business functions. C. Create a backup plan. D. Identify threats against business functions. E. Identify maximum tolerable downtime of business functions.
B. Identify business functions. D. Identify threats against business functions. E. Identify maximum tolerable downtime of business functions.
You have been asked by the manager to help with some risk analysis within the company. What is the first step to performing a risk assessment? A. Identify the threats. B. Identify the assets. C. Identify the impact. D. Evaluate residual risks.
B. Identify the assets.
What feature of forensics analysis tools will filter out files that are known operating system files that have not been tampered with? A. KFC B. KFF C. Report D. D dd
B. KFF
Customers visiting the company web site are complaining that the web site is responding slowly. Your manager is wondering if there is a way to speed up the customers' experience with the web site. What would you recommend? A. Clustering B. Load balancing C. RAID 5 D. Full backup
B. Load balancing
Your manager has come to you with inappropriate graphic image files that have been taken in the office. Your manager knows of five employees who have had cameras purchased for them over the last six years. What can you do to help narrow down which employee may have taken the picture? A. Look at the filename. B. Look at the Exif metadata. C. Look at the file extension. D. Look at the picture.
B. Look at the Exif metadata.
You are looking to create the business continuity plan for your organization. What is your first step to creating the BCP? A. Perform the business impact assessment. B. Obtain management support. C. Determine allowable downtime of business functions. D. Identify threats against resources.
B. Obtain management support.
The network administrator is configuring the network and wants to put restrictions on user passwords such as the length of the password, password complexity, and password history. Where can the administrator find out what the values of those settings should be set to? A. VPN policy B. Password policy C. AUP D. Secure disposal of equipment policy
B. Password policy
You are responsible for ensuring that backups are stored at an alternative location. Which of the following should you consider with the tapes that are stored at the alternative location? A. RAID B. Password protect or encrypt C. Store close to magnets D. Store tapes in a hidden location in a closet
B. Password protect or encrypt
Which of the following represents how you can calculate the ALE? A. SLE × EF B. SLE × ARO C. Asset value × EF D. EF × ARO
B. SLE × ARO
Which type of policy is not optional and must be adhered to? A. Procedure B. Standard C. Guideline D. Least privilege
B. Standard
Your team has devised a plan to determine how new company leaders are chosen as part of your contingency plan. Which part of the plan have you just developed? A. Business impact analysis B. Succession planning C. Continuity of operations D. Disaster recovery
B. Succession planning
Which of the following is a good reason to ensure all employees take vacation time each year? A. To keep the employee refreshed and energized B. To hold employees accountable for any suspicious activity C. To keep the employee happy D. To raise company morale
B. To hold employees accountable for any suspicious activity
One of the network administrators in the office has been monitoring the proxy server logs and notices that Bob has visited some inappropriate web sites. What policy is this in violation of? A. Firewall policy B. Proxy server policy C. AUP D. Hiring policy
C. AUP
Which of the following is the goal of the first responder? A. Acquisition B. Seizing C. Containment D. Reporting
C. Containment
Which of the following is an example of an intangible impact of a threat? A. Revenue loss B. Loss of production C. Damage to company reputation D. Loss of facility
C. Damage to company reputation
A manager has just notified you that John, a longtime employee of the company, has been stealing money from the company and that representatives of management and HR are headed into a meeting with John to let him know he is being terminated. What should you do while they are in the meeting? A. Review logs. B. See if anyone wants his office space. C. Disable the employee's user accounts and access cards. D. Format the drive on his workstation.
C. Disable the employee's user accounts and access cards
What type of backup backs up the data that has changed and then clears the archive bit? A. Full B. Differential C. Incremental D. Offsite
C. Incremental
The lead investigator for a case has indicated that she believes that the suspect is encrypting data on the drives of the computer that needs to be seized. What type of acquisition will you look to perform? A. RAW acquisition B. Static acquisition C. Live acquisition D. Dynamic acquisition
C. Live acquisition
Tom is the security officer for a large organization and wishes to split the requests to his web site across multiple devices. Which of the following should be used? A. RAID B. Proxy server C. Load balancing D. Virtualization
C. Load balancing
After identifying that a buffer overflow threat against your web server exists, you implement a firewall to control communication to the web server. How have you handled the risk? A. Transfer B. Accept C. Mitigate D. Deny
C. Mitigate
A corporate investigation is typically the result of which of the following? A. A crime B. A CIRT C. Policy violation D. Direct evidence
C. Policy violation
What is the term used for when someone slips through an open door behind you after you have unlocked the door? A. Horseback riding B. Worming C. Tailgating D. Gliding
C. Tailgating
The lead investigator for a case has indicated that it is critical that you do not modify the suspect's system, so you are going to perform a static acquisition of the drive in the suspect's system. Which of the following should be used in the process of acquiring the image? A. Helix B. KFF C. Write blocker D. Hash
C. Write blocker
Data classification labels are applied to _______________, while clearance levels are applied to _______________. A. employees, information B. management, employees C. information, employees D. employees, management
C. information, employees
Your company has a piece of machinery that is used to produce the main product your company sells. It has been decided that the machinery has a value of $320,000. If a part fails, it will have an impact of your company losing 18 percent of the asset value with each failure. You expect the failure to occur once every four years. What is the annual loss expectancy of the threat? A. $57,000 B. $29,000 C. $57,600 D. $14,400
D. $14,400
Which of the following could be considered a reason why evidence may be thrown out of court if it is not maintained? A. Security policy B. CIRT C. Certifications D. Chain of custody
D. Chain of custody
Sean is the CIRT team leader for his company. Which of the following represents Sean's responsibility when dealing with security incidents? A. Create an image of the suspect's drive. B. Document all events during the response. C. Give legal advice to the rest of the team. D. Ensure all team members know their role with incident response.
D. Ensure all team members know their role with incident response.
The technical team is putting together the firewall solution and needs to know what type of traffic is permitted to pass through the firewall. What policy can the technical team use to find out what traffic is permitted to pass through the firewall? A. AUP B. Hiring policy C. VPN policy D. Firewall policy
D. Firewall policy
Your manager has been reading about risk analysis and asks you what the benefit of qualitative analysis is. How would you respond? A. You are able to justify the cost because you know how much money each threat will cost you. B. You are able to calculate the ALE. C. You are able to calculate the SLE. D. It is quicker than a quantitative analysis.
D. It is quicker than a quantitative analysis.
Management is concerned that an employee may be able to hide fraudulent activity for long durations while working for the company. What would you recommend to help detect an improper activity performed by employees? A. Least privilege B. AUP C. Disabling the employee's user accounts and access cards D. Job rotation
D. Job rotation
You are the data owner of a set of data that is considered sensitive to the organization. If this information is leaked to the public, it could cause damage to the organization. Which of the following classification labels would you assign to the data? A. Unclassified B. Public C. Low D. Private
D. Private
You are performing an internal corporate investigation and want to ensure that you capture the evidence using the order of volatility. Which of the following represents the proper order of volatility? A. DVD, RAM, swap file, hard disk B. Hard disk, DVD, RAM, swap file C. RAM, hard disk, swap file, DVD D. RAM, swap file, hard disk, DVD
D. RAM, swap file, hard disk, DVD
You have met with your manager over lunch to discuss the company's goal for system restores, and your manager has specified the degree of acceptable data loss during restoration. Which of the following has been defined? A. MTTR B. MTTF C. MTBF D. RPO
D. RPO
Jeff is the network administrator for a law firm and has just purchased 20 new systems for the employees. Jeff has collected all of the old computers from the employees and has searched through the hard drives and deleted any DOC and XLS files before handing the computers over to the local school. What policy may Jeff be in violation of? A. AUP B. Password policy C. Virus protection policy D. Secure disposal of equipment policy
D. Secure disposal of equipment policy
What type of BCP testing involves the BCP committee getting together to review the BCP? A. Checklist review B. Simulation test C. Parallel test D. Structured walkthrough
D. Structured walkthrough
Which of the following best describes risk analysis? A. An event that can cause harm to the asset B. A weakness in the configuration of hardware or software C. When the threat to an asset can cause harm to the organization—typically resulting in a financial loss D. The identification and planning of mitigation techniques to reduce the risks to your organization
D. The identification and planning of mitigation techniques to reduce the risks to your organization
One of the file servers on your network containing commonly accessed data has been compromised. Upon investigation, you find that the hacker planted a Trojan virus on the system to gain access at a later time. Which of the following incident response procedures should be used to recover the system? A. Retain the existing OS partition, wipe the data partition, and restore the data from the last good backup. B. Wipe the OS partition, keep the data partition, and restore the data from the last good backup. C. Wipe the OS partition, keep the data partition, and only restore the data you suspect was compromised. D. Wipe the drives on the system, reinstall the operating system, and restore the data from the last good backup.
D. Wipe the drives on the system, reinstall the operating system, and restore the data from the last good backup.
RPO
Determines how much data loss is acceptable
Risk transfer
Get insurance policy
Mitigate the risk
Implement secuirty control to protect the asset
Helps detect fraudulent activities performed by an employee
Mandatory vacation
You are the security officer for Company XYZ and are creating an incident response plan. You are working on creating the steps for other security officers to capture evidence of a user's system if an incident occurs. Place the following types of evidence in the order in which they should be captured: A. ____ Swap file B. ____ DVD-ROM C. ____ Hard disk D. ____ Memory
Memory, Swap File, Hard Disk, DVD ROM
Information that can uniquely identify a person
PII
Risk with cloud computing
Privacy concerns
Specifies maximum allowed downtime
SLA
ALE
SLE x ARO
Informs employees on how to decommission systems and devices
Secure disposal
Mechanism used to protect an asset
Security control
MTBF
Time between failures
SLE
Value ($) x EF(%)
