logo image

Chapter 4 security Practice Exams

4.1.11 Practice Exam
Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow to its client?
Service level agreement
HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what?
Privacy
Which of the following policies specifically protects PII?
Privacy
Which of the following defines an acceptable use agreement?
An agreement which identifies the employee’s right to use company property such as Internet access and computer equipment for personal use.
You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do?
Contact your customers to let them know of the security breach
When informing an employee that they are being terminated, what is the most important activity?
Disabling their network access
What is the most effective means of improving or enforcing security in any environment?
User awareness training
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent extracting data from the discs?
Shredding
Which of the following best describes the concept of due care or due diligence?
Reasonable precautions, based on industry best practices, are utilized and documented.
Which of the following is a high-level, general statement about the role of security in the organization?
Policy
Which of the following is a recommendation to use when a specific standard or procedure does not exist?
Guideline
Who has the responsibility for the development of a security policy?
Senior Management
What is the primary purpose of source code escrow?
To obtain change rights over software after the vendor goes out of business
Which of the following is the best protection against security violations?
Defense in depth
What is the primary purpose of change control?
Prevent unmanaged change
4.2.4 Practice Exam
Match each manageable network plan milestone on the left with the tasks that are associated with that milestone on the right.
Make sure that remote access connections are secure
Reach your network
Create a list of all protocols being used on the network
Map your network
Identify the choke points on the network
Protect your network
Use timestamps on all documents
Prepare to document
Create a list of all devices
Map your network
Mach each manageable network plan milestone on the left with the task that are associated with that milestone on the right.
Remove insecure protocols
Reach your network
Implement the principle of least privilege
Control your network
Segregate and isolate networks
Protect your network
Establish an update management process
Manage your network
Establish a baseline for all systems
Manage your network
You have been recently hired as the new network administrator for a startup company. The company’s network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a manageable network plan for the network. Which task should you complete as a pair of this milestone? select two
Identify and document each user on the network
Physically secure high-value systems
4.3.4 Practice Exam
When recovery is being performed due to disaster, which services are to be stabilized first?
Mission critical
In business continuity planning, what is the primary focus of the scope?
Business processes
What is the primary goal of business continuity planning?
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
The company is implementing a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP). It is time for the control tests and the company would like to perform compliance testing. Which of the following best describes compliance testing?
The testing of control procedures to see if they are working as expected and are being implemented in accordance with management policies.
When is a BCP or DRP design and development actually completed?
Never
As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?
Collect and destroy all old plan copies
You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals. Which type of BCP test is this considered?
Tabletop exercise
4.4.5 Practice Exam
Which of the following is “NOT” a valid response to a risk discovered during a risk analysis?
Denial
Which of the following best defines Single Loss Expectancy (SLE)?
The total monetary loss associated with a single occurrence of a threat
What is the average number of times that a specific risk is likely to be realized?
Annualized Rate of Occurrence
When analyzing assets, which analysis method assigns financial values to assets?
Quantitative
Which of the following statement is true regards to risk analysis? (Select two)
Annualized Rate of Occurrence (ARO) identifies how often in a single year the successful threat attack will occur.
Don’t implement a countermeasure if the cost is greater than loss
When would choosing to do nothing about an identified risk be acceptable?
When the cost of protecting the asset is greater than the potential loss
If an organization shows sufficient due care, which burden is eliminated in the event of a security breach?
Negligence
You have conducted a risk analysis to protect a key company asset. You identify following values:
*Asset value = 400
*Exposure factor = 75
* Annualized Rate of Occurrence =.25
What is the Annualized Loss Expectancy (ALE)?
75
When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated?
Through historical data provided by insurance companies and crime statistics.
Purchasing insurance is what type of response to risk?
Transference
To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used?
Delphi method
You have conducted a risk analysis to protect a key company asset. You identify following values:
*Asset value = 400
*Exposure factor = 75
* Annualized Rate of Occurrence =.25
What is the Single Loss Expectancy (SLE)?
300
You have conducted a risk analysis to protect a key company asset. You identify following values:
*Asset value = 400
*Exposure factor = 75
* Annualized Rate of Occurrence (ARO) =.25
Countermeasure A has a cost of 320 and will protect the asset for four years. Countermeasure B has an annual cost of 85. An insurance policy to protect the asset has an annual premium of 90. What should you do?
Accept the risk or find another countermeasure.
Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organization security policies?
Network DLP
You are a network administrator over two Windows-based sites. You have almost 2000 employees with workstations and 64 servers that need to be more secure. You have decided to implement a Data Loss Prevention (DLP) solution to detect and stop breaches of sensitive data.
You decide to implement e-mail and instant messaging communication controls so that messages that violate your organizations security policy are blocked at the workstation before being transmitted on the network. Which DLP solution should you implement?
Endpoint DLP
4.5.7 Practice Exam
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take?
Back up all logs and audits regarding the incident
Which of the following is an important aspect of evidence gathering?
Back up all log files and audit trails
Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence?
Hashing
The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence?
Rebooting the system
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence?
Create a checksum using a hashing algorithm
You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first?
Make a bit-level copy of the disk
During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence?
Disconnect the access point from the network
You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack. What should you do next?
Perform a memory dump
When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first?
Document what’s on the screen
Arrange the computer components listed on the left in the order they should be addressed when conducting a forensic evaluation (decreasing data volatility) on the right.
CPU registers and caches
System RAM
Paging file
Hard Disk
File system backup on an external USB drive
What is the best definition of a security incident?
Violation of security policy
When conducting a forensic investigation, which of the following initial actions is appropriate for preserving evidence?
Document what’s on the screen
What is the most important element related to evidence in addition to the evidence itself?
chain of custody document
The chain of custody is used for what purposes?
Listing people coming into contact with evidence
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?
Chain of custody
4.6.6 Practice Exam
What is the primary countermeasure to social engineering?
Awareness
How can an organization help prevent social engineering attacks? (Select two.)
Educate employees on the risks and countermeasures, Publish and enforce clearly-written security polices
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?
Phishing
Match the social engineering description on the left with the appropriate attack type on the right.
Phishing
An attacker sends an email pretending to be from a trusted organization, asking users to access a web site to verify personal information.
Whaling
An attacker gathers personal information about the target individual, who is a CEO.
Spear phishing
An attacker gathers personal information about the target individual in an organization.
Dumpster diving
An attacker searches through an organization’s trash looking for sensitive information.
Piggybacking
An attacker enters a secured building by following an authorized employee through a secure door without providing identification.
Vishing
An attacker uses a telephone to convince target individuals to reveal their credit card information.
Which of the following is a common form of social engineering attack?
Hoax virus information e-mails.
You have just received a generic-looking e-mail that is addressed as coming from the administrator of your company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter your username and password at a new Web site so you can manage your e-mail and spam using the new service. What should you do?
Verify that the e-mail was sent by the administrator and that this new service is legitimate.
Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving?
Establish and enforce a document destruction policy
What is the primary difference between impersonation and masquerading?
One is more active, the other is more passive
Which of the following social engineering attacks are use Voice over IP (VoIP) to gain sensitive information?
Vishing
A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn’t know and he is asking for immediate clarification on several of the project’s details so the project can get back on schedule. What type of an attack best describes the scenario?
Whaling
The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack?
Authority
By definition, which type of social engineering attack uses of a fictitious scenario to persuade someone to give information for which they are not authorized?
Pretexting
Which type of social engineering attack uses peer pressure to persuade someone to help an attacker?
Social validation
You’ve got just received an e-mail messages that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the WindowsSystem32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat. What should your first action based on the message be?
Verify the information on well-known malicious code threat management Web sites.
Dictionary attacks are often more successful when performed after what reconnaissance action?
Social engineering
4.7.4 Practice Exam
Which of the following is a term used to describe a level of confidence that the evaluation methods were thorough and complete so that the security designation can be trusted?
Assurance
Which of the following defines system high mode?
All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system.
Which of the following is “NOT” used by the reference monitor to determine levels of access?
Ring architecture
Which of the following defines layering in regards to system access control?
Various tasks are divided into a hierarchical manner to provide security.
Which of the following terms restricts the ability of a program to read and write to memory according to its permissions or access level?
Confinement
Who is assigned the task of judging the security of a system or network granting it an approval to operate?
Designated Approving Authority
A process performed in a controlled environment by a third-party which verifies that an IS meets a specific set of security standards before being granted the approval to operate is known as?
Accreditation
Which is the operating mode of a system that is deployed in such a way so that it operates at a single level of classification and all users who can access the system all have the same specific clearance level as well as all of the need to know over all the data on the system?
Dedicated
Which of the following components of the Common Criteria (CC) evaluation system is a document written by a user or community that identifies the security requirements for a specific purpose?
Protection Profile (PP)
Which of the following terms describes the product that is evaluated against the security requirements in the Common Criteria (CC) evaluation system?
Target of Evaluation (TOE)
Which of the following best describes the Security Target (ST) in the Common Criteria (CC) evaluation system?
The ST is a document that describes the security properties of a security product.
Which of the following is a representative example of an assigned level of a system that was judged through Common Criteria?
EAL5
4.8.5 Practice Exam
What is another name for a backdoor that was left in a product by the manufacturer by accident?
Maintenance hook
Which of the following is an action which must take place during the release stage of the SDLC?
Venders develop and release patches in response to exploited vulnerabilities that have been discovered.
Which of the following development modes is a method used by programmers while writing programs that allows for optimal control over coherence, security, accuracy, and comprehensibility?
Structured programming
How often should change control management be implemented?
Any time a production system is altered.
In which phase of the system life cycle is security integrated into the product?
Project initiation
In which phase of the system life cycle is software testing performed?
System Development
What is the primary purpose of imposing software life cycle management concepts?
Increase the quality of software.
4.9.5 Practice Exam
What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year?
To check for evidence of fraud
What is the primary means by which supervisors can determine whether or not employees are complying with the organization’s security policy?
Auditing
A code of ethics provides for all but which of the following.?
Clearly defines courses of action to take when complex issue is encountered
Which of the following are typically associated with human resource security policies? (Select two.)
Background checks
Termination
Over the last month you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment?
Improve and hold new awareness sessions
As you are helping a user with a computer problem you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required:
Minimum password length = 10
Minimum password age = 4
Maximum password age = 30
Password history = 6
Require complex password that include numbers and symbols
Account lockout clipping level = 3

Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down?

Implement end-user training.
You have installed anti-virus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she did install some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should you add to your security measures to help prevent this from happening again?
User awareness training
Which of the following defines two-man control?
Certain tasks should be dual-custody in nature to prevent security breach.
Which of the following is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization’s confidential information?
Non-disclosure agreement
Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept?
The system administrator configures remote access privileges and the security officer reviews and activates each account
Which of the following is “NOT” a protection against collusion?
Cross training
Which of the following is “NOT” an element of the termination process?
Dissolution of the NDA
When informing an employee that they are being terminated, what is the most important activity?
Disabling their network access
The best way to initiate solid administrative control over an organization’s employee is to have what element in place?
Distinct job descriptions
Match the employment process on the left with the appropriate task that should occur during that process on the right.
Conduct role-based training
Employment
Verify an individuals job history
Pre-employment
Show individuals how to protect sensitive information
Employment
disable a users account
Termination
Remind individuals of NDA agreements
Termination
Obtain an individuals credit history
Pre-employment
4.10.3 Practice Exam
Match each interoperability Agreement document on the left with the appropriate description on the right.
Specifies exactly which services will be performed by each party
SLA – Service Level Agreement
Creates an agreement with a vendor to provide services on an ongoing basis
BPO – Blanket Purchase Order
Provides a summary of which party is responsible for performing specific tasks
MOU – Memorandum of Understanding
Documents how the networks will be connected
ISA – Interconnection Security Agreement
Defines how disputes will be managed
SLA – Service Level Agreement
Specifies a preset discounted pricing structure
BPO – Blanket Purchase Order
Your organization entered into anInteroperability Agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain.
The partnership has been in the ongoing operations phase for almost nine months now. As a security administrator, which tasks should you complete during this phase? (Select two.)
Conduct periodic vulnerability assessments.
Verify compliance with the A documents.
Your organization is in the process of negotiating an Interoperability Agreement (IA) with another organization. As a part of this agreement, the partner organization proposes that a federated trust be established between your domain and their domain. This configuration will allow users in their domain to access resources in your domain and vice versa.
As a security administrator, which tasks should you complete during this phase? (Select two.)
Identify how data ownership will be determined.
Identify how data will be shared.
Match each third-party integration phase on the left with the task that need to be completed during the phase on the right.
Communicate vulnerability assessment findings with the other party.
Ongoing Operations

Disable VPN configurations that allow partner access to your network.
Off-Boarding

Compare your organization’s security policies against the
partner’s policies
On-Boarding

Disable the domain trust relationship between networks. Off-Boarding

Identify how privacy will be protected.
On-Boarding

Draft an ISA.
On-boarding

Conduct regular security audits.
Ongoing-operations

Need essay sample on "Chapter 4 security Practice Exams"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy