Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Cybersecurity Incident Response and Access Control Practices, Exams of Cybercrime, Cybersecurity and Data Privacy

DeVry University - VirginiaCybercrime, Cybersecurity and Data Privacy

Comprehensive overview of cybersecurity concepts and practices, including incident response, access control models, disaster recovery planning, and security testing. Covers topics such as incident response, security testing, access control, anti-malware protection, disaster recovery, and more. Valuable resource for students, professionals, and researchers in the field.

Typology: Exams

2023/2024

Available from 10/07/2024

peter-githongo
peter-githongo 🇺🇸

11 documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Cybersecurity Management II -
Tactical - C795 CISSP 14,15,16,17,18
Questions
According to the Federal Emergency Management Agency, approximately what
percentage of U.S. states is rated with at least a moderate risk of seismic activity? - 80
percent
An organization is planning the layout of a new building that will house a datacenter.
Where is the most appropriate place to locate the datacenter? - In the center of the
building
Badin Industries runs a web application that processes e-commerce orders and handles
credit card transactions. As such, it is subject to the Payment Card Industry Data
Security Standard (PCI DSS). The company recently performed a web vulnerability
scan of the application and it had no unsatisfactory findings. How often must Badin
rescan the application? - At least annually
Question 1 :An organization ensures that users are granted access to only the data they
need to perform specific work tasks. What principle are they following? - Need-to-know
Question 1 :What is the end goal of disaster recovery planning? - Restoring normal
business activity
Question 1 :Which of the following best describes an implicit deny principle? - All
actions that are not expressly allowed are denied.
Question 1 :Which of the following is the best response after detecting and verifying an
incident? - Contain it.
Question 1 :Which one of the following factors should not be taken into consideration
when planning a security testing schedule for a particular system? - Desire to
experiment with new testing tools
Question 2 :An administrator is granting permissions to a database. What is the default
level of access the administrator should grant to new users in the organization? - No
access
Question 2 :Which of the following would security personnel do during the remediation
stage of an incident response? - Root cause analysis
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download Cybersecurity Incident Response and Access Control Practices and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

Cybersecurity Management II -

Tactical - C795 CISSP 14,15,16,17,

Questions

According to the Federal Emergency Management Agency, approximately what percentage of U.S. states is rated with at least a moderate risk of seismic activity? - 80 percent An organization is planning the layout of a new building that will house a datacenter. Where is the most appropriate place to locate the datacenter? - In the center of the building Badin Industries runs a web application that processes e-commerce orders and handles credit card transactions. As such, it is subject to the Payment Card Industry Data Security Standard (PCI DSS). The company recently performed a web vulnerability scan of the application and it had no unsatisfactory findings. How often must Badin rescan the application? - At least annually Question 1 :An organization ensures that users are granted access to only the data they need to perform specific work tasks. What principle are they following? - Need-to-know Question 1 :What is the end goal of disaster recovery planning? - Restoring normal business activity Question 1 :Which of the following best describes an implicit deny principle? - All actions that are not expressly allowed are denied. Question 1 :Which of the following is the best response after detecting and verifying an incident? - Contain it. Question 1 :Which one of the following factors should not be taken into consideration when planning a security testing schedule for a particular system? - Desire to experiment with new testing tools Question 2 :An administrator is granting permissions to a database. What is the default level of access the administrator should grant to new users in the organization? - No access Question 2 :Which of the following would security personnel do during the remediation stage of an incident response? - Root cause analysis

Question 2 :Which one of the following is an example of a man-made disaster? - Power outage Question 2 :Which one of the following is not normally included in a security assessment? - Mitigation of vulnerabilities Question 3 :A table includes multiple objects and subjects and it identifies the specific access each subject has to different objects. What is this table? - Access control matrix Question 3 :An organization has an incident response plan that requires reporting incidents after verifying them. For security purposes, the organization has not published the plan. Only members of the incident response team know about the plan and its contents. Recently, a server administrator noticed that a web server he manages was running slower than normal. After a quick investigation, he realized an attack was coming from a specific IP address. He immediately rebooted the web server to reset the connection and stop the attack. He then used a utility he found on the internet to launch a protracted attack against this IP address for several hours. Because attacks from this IP address stopped, he didn't report the incident. What was missed completely in this incident? - Lessons learned Rebooting the server is a recovery step. It's worth mentioning that the incident response plan was kept secret and the server administrator didn't have access to it and so likely does not know what the proper response should b Question 3 :Which of the following statements best describes why separation of duties is important for security purposes? - It prevents any single IT security person from making major security changes without involving other individuals. Question 4 :Of the following choices, what is the best form of anti-malware protection? - Anti-malware protection at several locations Question 4 :What is a primary benefit of job rotation and separation of duties policies? - Preventing fraud Question 4 :Which one of the following disaster types is not usually covered by standard business or homeowner's insurance? - Flood Question 4 :Which one of the following tools is used primarily to perform network discovery scans? - Nmap Question 4 :Who, or what, grants permissions to users in a DAC model? - The data custodian Question 5 :A financial organization commonly has employees switch duty responsibilities every six months. What security principle are they employing? - Job rotation

Question 7 :Alan ran an nmap scan against a server and determined that port 80 is open on the server. What tool would likely provide him the best additional information about the server's purpose and the identity of the server's operator? - Web browser Question 7 :An organization wants to reduce vulnerabilities against fraud from malicious employees. Of the following choices, what would help with this goal? (Choose all that apply.) - Job rotation Separation of duties Mandatory vacations Question 8 :In which one of the following database recovery techniques is an exact, up- to-date copy of the database maintained at an alternative location? - Remote mirroring Question 8 :Of the following choices, what is not a valid security practice related to special privileges? - Grant access equally to administrators and operators. Question 8 :Of the following choices, which is the most common method of distributing malware? - Drive-by downloads Question 8 :What port is typically used to accept administrative connections using the SSH utility? - 22 Question 8 :Which of the following statements is true related to the RBAC model? - A RBAC model allows users membership in multiple groups. Question 9 :Of the following choices, what indicates the primary purpose of an intrusion detection system (IDS)? - Detect abnormal activity Question 9 :Which of the following identifies vendor responsibilities and can include monetary penalties if the vendor doesn't meet the stated responsibilities? - Service-level agreement (SLA) Question 9 :Which of the following is the best choice for a role within an organization using a RBAC model? - Programmer Question 9 :Which one of the following tests provides the most accurate and detailed information about the security state of a server? - Authenticated scan Question 10 :What should be done with equipment that is at the end of its lifecycle and is being donated to a charity? - Sanitize it. Question 10 :What type of network discovery scan only follows the first two steps of the TCP handshake? - TCP SYN scan

Question 10 :Which of the following best describes a rule-based access control model?

  • It uses global rules applied to all users equally. Question 10 :Which of the following is true for a host-based intrusion detection system (HIDS)? - It monitors a single system. Question 10 :Which one of the following alternative processing sites takes the longest time to activate? - Cold site Question 11 :Matthew would like to test systems on his network for SQL injection vulnerabilities. Which one of the following tools would be best suited to this task? - Web vulnerability scanner Question 11 :What is the typical time estimate to activate a warm site from the time a disaster is declared? - 12 hours Question 11 :What type of access control model is used on a firewall? - Rule-based access control model Question 11 :Which of the following is a fake network designed to tempt intruders with unpatched and unprotected security vulnerabilities and false data? - Honeynet honeynets are entire networks created to serve as a trap for intruders. They look like legitimate networks and tempt intruders with unpatched and unprotected security vulnerabilities as well as attractive and tantalizing but false data. Question 12 :What type of access controls rely on the use of labels? - MAC Question 12 :When using penetration testing to verify the strength of your security policy, which of the following is not recommended? - Performing attacks without management knowledge Question 12 :Which of the following is a true statement regarding virtual machines (VMs) running as guest operating systems on physical servers? - VMs must be updated individually. Question 12 :Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites? - Current data Question 13 :An organization has an incident response plan that requires reporting incidents after verifying them. For security purposes, the organization has not published the plan. Only members of the incident response team know about the plan and its contents. Recently, a server administrator noticed that a web server he manages was running slower than normal. After a quick investigation, he realized an attack was coming from a specific IP address. He immediately rebooted the web server to reset the connection and stop the attack. He then used a utility he found on the internet to launch

Question 15 :Backup tapes have reached the end of their lifecycle and need to be disposed of. Which of the following is the most appropriate disposal method? - Purge the tapes of all data before disposing of them. Question 15 :What is used to keep subjects accountable for their actions while they are authenticated to a system? - Monitoring Question 15 :What port is typically open on a system that runs an unencrypted HTTP server? - 80 Question 15 :What would an organization do to identify weaknesses? - Vulnerability analysis Question 16 :Paul would like to test his application against slightly modified versions of previously used input. What type of test does Paul intend to perform? - Mutation fuzzing Question 16 :What type of a security control is an audit trail? - Detective Question 16 :What type of backup involves always storing copies of all files modified since the most recent full backup? - Differential backups Question 16 :Which of the following can be an effective method of configuration management using a baseline? - Using images Question 16 :Which of the following can help mitigate the success of an online brute- force attack? - Account lockout Question 17 :What combination of backup strategies provides the fastest backup creation time? - Full backups and incremental backups Question 17 :Which of the following steps would not be included in a change management process? - Immediately implement the change if it will improve performance Question 17 :Which of the following would provide the best protection against rainbow table attacks? - Salt and pepper with hashing Question 18 :What can be used to reduce the amount of logged or audited data using nonstatistical methods? - Clipping levels Question 18 :What combination of backup strategies provides the fastest backup restoration time? - Full backups and differential backups Question 18 :What type of attack uses email and attempts to trick high-level executives?

  • Whaling

Question 18 :What type of interface testing would identify flaws in a program's command-line interface? - User interface testing Question 18 :While troubleshooting a network problem, a technician realized the problem could be resolved by opening a port on a firewall. The technician opened the port and verified the system was now working. However, an attacker accessed this port and launched a successful attack. What could have prevented this problem? - Change management processes Question 19 :An organization has recently suffered a series of security breaches that have damaged its reputation. Several successful attacks have resulted in compromised customer database files accessible via one of the company's web servers. Additionally, an employee had access to secret data from previous job assignments. This employee made copies of the data and sold it to competitors. The organization has hired a security consultant to help them reduce their risk from future attacks. What would the consultant use to identify potential attackers? - Threat modeling Question 19 :What type of disaster recovery plan test fully evaluates operations at the backup facility but does not shift primary operations responsibility from the main site? - Parallel test Question 19 :Which of the following is not a part of a patch management process? - Deploy all patches. Test, audit, and eval are all apart of the patch management Question 19 :Which one of the following is the final step of the Fagin inspection process? - Follow-up Question 20 :An organization has recently suffered a series of security breaches that have damaged its reputation. Several successful attacks have resulted in compromised customer database files accessible via one of the company's web servers. Additionally, an employee had access to secret data from previous job assignments. This employee made copies of the data and sold it to competitors. The organization has hired a security consultant to help them reduce their risk from future attacks. Management wants to ensure that the consultant has the correct priorities while doing her research. Of the following, what should be provided to the consultant to meet this need? - Asset valuation Question 20 :Servers within your organization were recently attacked causing an excessive outage. You are asked to check systems for known issues that attackers may use to exploit other systems in your network. Which of the following is the best choice to meet this need? - Vulnerability scanner