Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
102 Cards in this Set
- Front
- Back
1 Which of the following permissions should not be assigned to system operators?
|
b. Changing the system time
|
|
2. Which type of network component typically lacks sufficient accountability controls?
|
c. Switches
|
|
3. The correlation of system time among network components is important for what purpose?
|
d. Audit log review
|
|
4. Which type of access control system would use security labels?
|
a. Mandatory access control
|
|
5. Individuals are granted clearance according to their:
a. Duties assigned b. Trustworthiness c. Both a and b d. Neither a or b |
c. Both a and b
|
|
6. Which group characteristic or practice should be avoided?
|
b. Group accounts
|
|
7. Which of the following resources does not impact audit log management?
a. Memory b. Bandwidth c. CPU time d. Storage space |
d. Storage space
|
|
8. Which type of users should be allowed to use system accounts?
a. Ordinary users b. Security administrators c. System administrators d. None of the above |
c. System administrators
|
|
9 Wireless network traffic is the best security with which of the following protocols
|
Wi-Fi Protected c. Access (WPA)
|
|
10. Original copies of software should reside with:
|
a. Media librarian
|
|
11. All of the following are control types except:
a. Detective b. Preventative c. Recovery d. Configuration |
d. Configuration
|
|
12. Compensating controls are used:
|
b. When an existing control is insufficient to provide the required access
|
|
13. Need-to-know enforcement is most easily implemented using:
|
a. Mandatory access control
|
|
14 What measurement unit is used to describe the amount of energy necessary to reduce a
magnetic field to zero? |
c. Coercivity
|
|
a piece of information or data residing on magnetic medi
|
object
|
|
15. Which object reuse method is best used for a CD-ROM containing sensitive information?
|
b. Pulverize
|
|
16. Backups and archives:
|
d. Serve different purposes
|
|
17. Redundant components are characterized by all of the following except:
a. Hardware only b. Hot spares c. Online d. Duplicative |
a. Hardware only
|
|
18. Which RAID level provides data mirroring?
|
b. 1
|
|
19. Relative humidity levels in the IT operations center should be less than:
|
d. 60 percent
|
|
20. Who is ultimately responsible for notifying authorities of a data or system theft?
|
d. Management
|
|
21. Phishing is essentially another form of:
|
b. Social engineering
|
|
22. Intrusion detection systems are used to detect all of the following except:
|
d. SPAM
|
|
23. Which of the following does not give rise to a vulnerability?
|
a. Hackers
|
|
24. Configuration management involves:
|
b. Documenting system settings
|
|
25. Patch management is a part of:
|
b. Change control management
|
|
level of RAID that writes files in strips across multiple disks (no parity) no redundancy
|
RAID 0
|
|
RAID level duplicates all disk writes from one to another (mirroring) and allows duplexing
|
RAID 1
|
|
RAID level where data is spread across multiple disk, computes using Hamming ECC. not used much
|
RAID 2
|
|
RAID level where data is striped across multiple disks (in bytes) and parity is written to a dedicated disk. Can tolerate loss of one drive
|
RAID 3
|
|
RAID level where data is striped across multiple disks (in blocks) and parity is written to a dedicated disk. Can tolerate loss of one drive
|
RAID 4
|
|
RAID level where data and parity is striped together across all drives. req's 3 or more drives. Can tolerate loss of any one drive
|
RAID 5
|
|
RAID level computing two sets of parity info, accomodate 2 drive failures
|
RAID 6
|
|
Combines RAID 0,1
|
RAID 10
|
|
Steps in change management process
|
REquests
Impact Assessment Approval/disapproval Build & Test Notification Implementation Validation Documentation |
|
Reboot req'd admin intervention
|
cold start
|
|
Restart due to uncontrolled manner/inconsistent state
|
emergency restart
|
|
In the event of a security incident, one of the primary objectives of the operations staff is to ensure that:
|
There is minimum disruption to the organization's activities
|
|
For which of the following groups is the threat of unauthorized disclosure of sensitive information most likely to go unnoticed in the absence of auditing:
a) Malicious s/w b) Hacker or cracker c) Disgruntled employee d) Auditor |
C) disgruntled employee
|
|
Which of the following provides controlled and uninterrupted interfaces into privilegedd user functions?
|
Trusted paths
|
|
The dorrs of a dta center opens up intehe vent of a fire. This is an example of
|
Fail-safe
|
|
In order to ensure constant redundancy and fault tolerance, which of the following type of spare is recommended?
|
Hot spare
|
|
If speed is preferred over resilience, which of the following RAID configuraiotn is the most suite?
|
RAID 0
|
|
Updating records in multiple location or copying an entire database onto a remote location as a means to ensure the appropriate elvels of faul-tolerance and redundancy is known as
|
Data shadowing
|
|
When the backup window is not leong enough to backup all of the data and the resoration of back up must be s f fast as possible, which of the following type of high-avialability backup strategy is recommended?
|
Incremental
|
|
type of backup wher only the files that changes since the last backup will be back up. Restoring involves combining the last full and __
|
incremental
|
|
type of backup where only the files that changes since the last fullbackup will be back up. Restoring involves only the last backup and latest___
|
differential
|
|
When you approach a restircted facility, you are requested for identification and verified against a pre-approved list by the guard at the front gate before being let in.This is an example of checking for the principle of
|
Least privilege
|
|
10. The major benefit of information slclassifcation is to
|
identify the appropriate level of protection needs
|
|
when information, once classified highly sensitive, is no longer critical or highly valuable, that information must be
|
declassified
|
|
The main benefit of placing user into groups and roles is
|
ease of user administration
|
|
The likelihood of an individuals's compliance to organization's policy can be determined by their
|
Clearance level
|
|
15. Which of the following can help with ensuring that only the needed logs are collected for monitoring?
|
Clipping level
|
|
The main difference between a secuiryt event managment (SEM) system and alog management system is that SEM systems are useful for log collection, collation, and analysis
a) in real time b) for historical purposes c) for admissibility in court d) in discerning patterns |
A) in real time
|
|
Reports must be speciif on both the message and which of the following:
A) intended audience b) Delivery options c) colors used d) print layout |
Intended audience
|
|
17 When normal traffic is flagged as an attack, it is an example of
|
False positive
|
|
The best way toe nsure that there is no data remanence of sensitive information that was once stored on a burn-once DVD media is by
|
Destruction
|
|
19. Which of the following processes is concerned with not only idnetifiying the root cause but also addressing the underlying issue?
|
Problem management
|
|
20. Before applying a software update to production systems, it is extremely important that:
|
the production systems are backed up
|
|
Fail state where failure of part of system will no result in the failure of the rest of system
|
Fail safe
|
|
Fail State: The ability to fail with minimum damage
|
Fail Soft
|
|
a secondary system which takes over when the primary system fails
|
Failover
|
|
Failing in state that blocks access
|
Fail secure
|
|
failing where system remains open/accessible
|
FAIL open
|
|
Change Control Procedures
|
Request
Impact Assessment Approval Build/Test Implement Monitor |
|
maintaining system's integrity with respect to a the approved settings
|
Configuration Management
|
|
What is the most secure way to dispose of information a CD-Rom?
|
physicall destry
|
|
Privileged user should be subject to period re-certification to mainten the level of privileges that have been assigned. The primary reson to do this recterificaiton is:
|
JOb reassignment may remove the need for previously granted permission
|
|
Which of these privilged user could most easily commit fraud?
a. Network Admin b. Security Administrator c. Data Owner d. Computer operator |
D) Computer operator
|
|
four types of privilegedaccounts w/ different levels of privilege:
|
Root/Built-in Admin
2)service accounts 3) Administraotr accounts 4) power users |
|
types of accounts
|
privilged, ordinary user, SA, operators, Security Admins
|
|
Who controls Initial program load, sleecting and loading input/outputs, monitoring using system utlities
|
Operator
|
|
Which of these task is the responsibility of the custodian?
|
ensureing availabiligy of data
|
|
Temperature in the data center has risen. It has been observed that the primary and backup air condidtionaing unite are malfunctioning. When conteacted, the vendor maintenance staff advisted whtat iw ill take 1 hr before they can arrive. What step should be taken?
|
D) Follow your business continuity plan's procedures
|
|
Peronsonnel Secuirty checks should be contduncted with the assitance from the following divisions:
|
Human resources
|
|
Operations secuirity req'uires the implementation of physical security measures to control:
|
Unauthorized personnel access to secure facilities
|
|
A review of an operatoris shift logs a can be identified as this type of control
|
detective
|
|
An applications developer contact the data center manager advising him that his application program aborted. As the report from this program is required by the end of the day, he want to pcress it himself and has requsted that he abe allowwed access to the data center. Additionally, he is an ex-operator and has more experience than the existing staff. What action should be taken
|
C. Advise him to resubmit his program and to make the necessary steps to have it processed
|
|
Non-scheduled reviews of physical access controls to the data center should be done:
|
when a privileged employee leaves the organization
|
|
The network security administrator has submitted her request to implement additional security controls. her request should be reviewed by the:
|
Steering Committee in charge of change managment
|
|
Which type of a system category failure results in unexpected security kernel or media failure and where the recover proceedures cannot bring the sytem to a consisten state
|
a System cold start
|
|
Media Tap librarians are ultimately responsibile fore:
|
A) the protection of magnetic media
|
|
System backups ,containing only thos files tht have changed sinc a a full backup was last performed are called:
|
differential
|
|
A tape librarian takes a new , blank tape home every day and sells it on eBay. This is a violation of:
|
Physical controls
|
|
A mainframe operator notices that scheduled job is running slowly because there are insufficient resources available to complete in the expected time. What should the operator do?
|
Allow the job to continue as it is, provided that it does not have an undue effect on other jobs
|
|
RAID level four usually implemted at which level
|
block level
|
|
Compensating controls are substitute controls to provide protection when:
|
a primary control is compromised ior disabled
|
|
Clustering is more attractive than server redundancy because:
|
The secondary systems are actually providing processing time
|
|
Emergency fixed to a system must:
|
be scrutinized subsequently to ensure they were performed correctly
|
|
XYZ corpporation has found that their employees are consistenly coat-ltailing (tailgaiting) into the data center. Of the following what should be done first to begin to stop this practice
|
Create a policy regarding access control
|
|
When cerating policies and procedures regarding backing up critical data for an organization the first thing that should be addressed is:
|
what data should be backed up
|
|
Which of the following describtes the leel that is set within a asystem to enable it to determine at what point activity is recorded?
|
Clipping level
|
|
In general, a network policy should state only approved user should have or use a network sniffer. Of the following groups who would normally be included in the list of approved users?
a. Network admin b. Information Owner c. Applications developer d. Data entry personnel |
Network Admin
|
|
Which level or RAID gives the highest level of both fault tolerance and performance
|
RAID 5
|
|
Difference between system reboot and emergency system restart?
|
system reboot/soft is controlled while Emergency system restart due to uncontrolled events
|
|
when extra charges have been added to a customer's bill that the customer did not request
|
Cramming
|
|
when a customer's service provider has been changed without her consent
|
Slamming
|
|
Computer product evaluation criteria that look at clipping level configurations, unit testing, and configuration management are categorized as what?
|
Life cycle assurance
|
|
deals with the system's architecture and associated features and functionality
|
Operational assurance
|
|
what controls are used to amend a situation after an attack has occured or a vulnerability has been identified?
|
corrective
|
|
Computer is restarted by user intervention due to the computer being unable to execute normal recovery procedures
|
System cold start
|
|
Use of a librarian to manage company resources such as laptops, CD-ROMs, and other is what type of control?
|
media control
|