Download Cybersecurity Incident Response and Access Control Practices and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity! Cybersecurity Management II - Tactical - C795 CISSP 14,15,16,17,18 Questions According to the Federal Emergency Management Agency, approximately what percentage of U.S. states is rated with at least a moderate risk of seismic activity? - 80 percent An organization is planning the layout of a new building that will house a datacenter. Where is the most appropriate place to locate the datacenter? - In the center of the building Badin Industries runs a web application that processes e-commerce orders and handles credit card transactions. As such, it is subject to the Payment Card Industry Data Security Standard (PCI DSS). The company recently performed a web vulnerability scan of the application and it had no unsatisfactory findings. How often must Badin rescan the application? - At least annually Question 1 :An organization ensures that users are granted access to only the data they need to perform specific work tasks. What principle are they following? - Need-to-know Question 1 :What is the end goal of disaster recovery planning? - Restoring normal business activity Question 1 :Which of the following best describes an implicit deny principle? - All actions that are not expressly allowed are denied. Question 1 :Which of the following is the best response after detecting and verifying an incident? - Contain it. Question 1 :Which one of the following factors should not be taken into consideration when planning a security testing schedule for a particular system? - Desire to experiment with new testing tools Question 2 :An administrator is granting permissions to a database. What is the default level of access the administrator should grant to new users in the organization? - No access Question 2 :Which of the following would security personnel do during the remediation stage of an incident response? - Root cause analysis Question 2 :Which one of the following is an example of a man-made disaster? - Power outage Question 2 :Which one of the following is not normally included in a security assessment? - Mitigation of vulnerabilities Question 3 :A table includes multiple objects and subjects and it identifies the specific access each subject has to different objects. What is this table? - Access control matrix Question 3 :An organization has an incident response plan that requires reporting incidents after verifying them. For security purposes, the organization has not published the plan. Only members of the incident response team know about the plan and its contents. Recently, a server administrator noticed that a web server he manages was running slower than normal. After a quick investigation, he realized an attack was coming from a specific IP address. He immediately rebooted the web server to reset the connection and stop the attack. He then used a utility he found on the internet to launch a protracted attack against this IP address for several hours. Because attacks from this IP address stopped, he didn't report the incident. What was missed completely in this incident? - Lessons learned Rebooting the server is a recovery step. It's worth mentioning that the incident response plan was kept secret and the server administrator didn't have access to it and so likely does not know what the proper response should b Question 3 :Which of the following statements best describes why separation of duties is important for security purposes? - It prevents any single IT security person from making major security changes without involving other individuals. Question 4 :Of the following choices, what is the best form of anti-malware protection? - Anti-malware protection at several locations Question 4 :What is a primary benefit of job rotation and separation of duties policies? - Preventing fraud Question 4 :Which one of the following disaster types is not usually covered by standard business or homeowner's insurance? - Flood Question 4 :Which one of the following tools is used primarily to perform network discovery scans? - Nmap Question 4 :Who, or what, grants permissions to users in a DAC model? - The data custodian Question 5 :A financial organization commonly has employees switch duty responsibilities every six months. What security principle are they employing? - Job rotation Question 10 :Which of the following best describes a rule-based access control model? - It uses global rules applied to all users equally. Question 10 :Which of the following is true for a host-based intrusion detection system (HIDS)? - It monitors a single system. Question 10 :Which one of the following alternative processing sites takes the longest time to activate? - Cold site Question 11 :Matthew would like to test systems on his network for SQL injection vulnerabilities. Which one of the following tools would be best suited to this task? - Web vulnerability scanner Question 11 :What is the typical time estimate to activate a warm site from the time a disaster is declared? - 12 hours Question 11 :What type of access control model is used on a firewall? - Rule-based access control model Question 11 :Which of the following is a fake network designed to tempt intruders with unpatched and unprotected security vulnerabilities and false data? - Honeynet honeynets are entire networks created to serve as a trap for intruders. They look like legitimate networks and tempt intruders with unpatched and unprotected security vulnerabilities as well as attractive and tantalizing but false data. Question 12 :What type of access controls rely on the use of labels? - MAC Question 12 :When using penetration testing to verify the strength of your security policy, which of the following is not recommended? - Performing attacks without management knowledge Question 12 :Which of the following is a true statement regarding virtual machines (VMs) running as guest operating systems on physical servers? - VMs must be updated individually. Question 12 :Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites? - Current data Question 13 :An organization has an incident response plan that requires reporting incidents after verifying them. For security purposes, the organization has not published the plan. Only members of the incident response team know about the plan and its contents. Recently, a server administrator noticed that a web server he manages was running slower than normal. After a quick investigation, he realized an attack was coming from a specific IP address. He immediately rebooted the web server to reset the connection and stop the attack. He then used a utility he found on the internet to launch a protracted attack against this IP address for several hours. Because attacks from this IP address stopped, he didn't report the incident. What should have been done before rebooting the web server? - Gather evidence Question 13 :Grace is performing a penetration test against a client's network and would like to use a tool to assist in automatically executing common exploits. Which one of the following security tools will best meet her needs? - Metasploit Question 13 :Some cloud-based service models require an organization to perform some maintenance and take responsibility for some security. Which of the following is a service model that places most of these responsibilities on the organization leasing the cloud-based resources? - IaaS Question 13 :What type of database backup strategy involves maintenance of a live backup server at the remote site? - Remote mirroring Question 13 :Which of the following best describes a characteristic of the MAC model? - Prohibitive Question 14 :An organization has an incident response plan that requires reporting incidents after verifying them. For security purposes, the organization has not published the plan. Only members of the incident response team know about the plan and its contents. Recently, a server administrator noticed that a web server he manages was running slower than normal. After a quick investigation, he realized an attack was coming from a specific IP address. He immediately rebooted the web server to reset the connection and stop the attack. He then used a utility he found on the internet to launch a protracted attack against this IP address for several hours. Because attacks from this IP address stopped, he didn't report the incident. Which of the following indicates the most serious mistake the server administrator made in this incident? - Attacking the IP address Question 14 :An organization is using a SaaS cloud-based service shared with another organization. What type of cloud-based deployment model does this describe? - Community Question 14 :During what type of penetration test does the tester always have access to system configuration information? - White box penetration test Question 14 :What type of document will help public relations specialists and other individuals who need a high-level summary of disaster recovery efforts while they are under way? - Executive summary Question 14 :Which of the following is not a valid access control model? - Compliance- based access control model Question 15 :Backup tapes have reached the end of their lifecycle and need to be disposed of. Which of the following is the most appropriate disposal method? - Purge the tapes of all data before disposing of them. Question 15 :What is used to keep subjects accountable for their actions while they are authenticated to a system? - Monitoring Question 15 :What port is typically open on a system that runs an unencrypted HTTP server? - 80 Question 15 :What would an organization do to identify weaknesses? - Vulnerability analysis Question 16 :Paul would like to test his application against slightly modified versions of previously used input. What type of test does Paul intend to perform? - Mutation fuzzing Question 16 :What type of a security control is an audit trail? - Detective Question 16 :What type of backup involves always storing copies of all files modified since the most recent full backup? - Differential backups Question 16 :Which of the following can be an effective method of configuration management using a baseline? - Using images Question 16 :Which of the following can help mitigate the success of an online brute- force attack? - Account lockout Question 17 :What combination of backup strategies provides the fastest backup creation time? - Full backups and incremental backups Question 17 :Which of the following steps would not be included in a change management process? - Immediately implement the change if it will improve performance Question 17 :Which of the following would provide the best protection against rainbow table attacks? - Salt and pepper with hashing Question 18 :What can be used to reduce the amount of logged or audited data using nonstatistical methods? - Clipping levels Question 18 :What combination of backup strategies provides the fastest backup restoration time? - Full backups and differential backups Question 18 :What type of attack uses email and attempts to trick high-level executives? - Whaling