and compliance with all government regulationsCreating a plan to decommission the existing OS infrastructure, implementing test and operational procedures for the new components in advance, and ensuring compliance with applicable regulations86 As a network administrator, you are asked to connect a server to a storage-attached network. If availability and access control are the most important, which of the following fulfills the requirements?Installing a NIC in the server, enabling deduplicationInstalling a NIC in the server, disabling deduplicationInstalling an HBA in the server, creating a LUN on the SANInstalling a clustered HBA in the server, creating two LUNS on a NAS
87 One of the requirements for a new device you're adding to the network is an availability of 99.9 percent. According to the vendor, the newly acquired device has been rated with an MTBF of 20,000 hours and an MTTR of 3 hours. What is the most accurate statement?The device will meet availability because it will be at 99.985 percent.The device will not meet availability because it will be at 99.89 percent.The device will not meet availability because it will be at 99.85 percent.The device will meet availability because it will be at 99.958 percent.
88 Good data management includes which of the following?Data quality procedures, verification and validation, adherence to agreed-upon data management, and an ongoing data audit to monitor the use and the integrity of existing dataCost, due care and due diligence, privacy, liability, and existing lawDetermining the impact the information has on the mission of the organization, understanding the cost of information, and determining who in the organization or outside of it has a need for the informationEnsuring the longevity of data and their reuse for multiple purposes, facilitating the interoperability of datasets, and increasing data sharing
89 Which of the following confidentiality security models ensures that a subject with clearance level of Secret can write only to objects classified as Secret or Top Secret?BibaClark–WilsonBrewer–NashBell–LaPadula
90 Your organization needs a security model for integrity where the subject cannot send messages to objects of higher integrity. Which of the following is unique to the Biba model and will accommodate that need?SimpleStarInvocationStrong
91 You had an incident and need to verify that chain of custody, due diligence, and processes were followed. You are told to verify the forensic bit stream. What will you do?Employ encryption.Instigate containment.Compare hashes.Begin documentation.
92 As a new CISO, you are evaluating controls for availability. Which set of controls should you choose?RAID 1, classification of data, and load balancingDigital signatures, encryption, and hashesSteganography, ACL, and vulnerability managementChecksum, DOS attacks, and RAID 0
93 As a new CISO, you are evaluating controls for integrity. Which set of controls should you choose?RAID 1, classification of data, and load balancingDigital signatures, encryption, and hashesSteganography, ACL, and vulnerability managementChecksum, DOS attacks, and RAID 0
94 As a new CISO, you are evaluating controls for confidentiality. Which set of controls should you choose?RAID 1, classification of data, and load balancingDigital signatures, encryption, and hashesSteganography, ACL, and vulnerability managementChecksum, DOS attacks, and RAID 0
95 You have a web server in your network that is the target of a distributed denial-of-service attack. Multiple systems are flooding the bandwidth of that system. Which information security goal is impacted by this type of an attack?AvailabilityBaselinesIntegrityEmergency response
96 Bob is implementing a new RAID configuration needed for redundancy in the event of disk failure. He has compared standard hardware benchmarks with a week-long baseline of the server to find the assets used the most. What security goal is Bob trying to accomplish?AvailabilityIntegrityConfidentialityDisclosure
97 Because of your facility's geolocation and its propensity for hurricanes, you are tasked with finding another data processing facility to provide you with a location in case of a natural disaster. You are negotiating a contract with an organization with HVAC, power, water, and communication but no hardware. What kind of facility are you building?Hot siteWarm siteMobile siteCold site
98 You are a project manager for an organization that just acquired another company. Your company uses mostly in-house tools, whereas the company you just acquired uses mostly outside vendors. As the project manager, you need to merge these two organizations quickly, have an immediate return on investment (ROI), and retain the ability to customize systems. Each organization thinks their way is the best way. What do you do?Raise the issue with the CEO and board of directors to escalate the decision to outsource all services.Arrange a meeting between all department heads, project managers, and a representative from the board of directors to review requirements and calculate critical functions.Perform a cost-benefit analysis of in-house versus outsourcing and the ROI in-house.Calculate the time to deploy and support the new systems and compare the cost to outsourcing costs. Present the document to upper management for their final decision.
99 Your company experienced a natural disaster, used your hot site for three months, and now is returning to the primary site. What processes should be restored first at the primary site?Finance departmentExternal communicationMission criticalLeast business critical
100 Your organization is in an area susceptible to wildfires. Within the last 30 days, your employees were evacuated twice from the primary location. During the second evacuation, damage occurred to several floors of the building, including the data center. When should the team return to start recovery?In 72 hours.You should not return to the primary location.Immediately after the disaster.Only after it is deemed safe to return to the primary location.
101 Your cyber company has officially grown out of its startup phase and tasked your team with creating a pre-disaster preparation plan that will sustain the business should a disaster, natural or man-made, occur. Which of the following is the most important?Off-site backupsCopies of the BDRMaintaining a warm siteChain of command
102 You are tasked with conducting a risk analysis based on how it affects business processes. What activity are you performing?Gap analysisBusiness disaster recoveryIntrusion detectionBusiness impact analysis
103 Your organization is attempting to make the best use of all the resources allocated to a security project. If your organization is not making the best use of currently held resources, the project may not perform as planned. What type of analysis needs to be done?BDRBIAGapRisk
104 When you look at the business impact analysis given to your office for approval, you notice it is less narrative and more mathematical calculations. What will make this BIA more balanced?More qualitative analysisMore quantitative analysisMore gap analysisMore risk analysis
105 While developing your business continuity plan, your business impact analysis statement should include all but which of the following?Critical areas and dependenciesAll business unitsFinancial losses due to disaster or disruptionRecovery methods and responses
106 You examined your company's disaster recovery plans and are working on the proper response. If your mission-critical processes have an RTO of 36 hours, what would be the best recovery site to have?ServiceWarmHotCold
107 Your company just experienced an emergency and needs to initiate a business continuity plan (BCP). Who is responsible for initiating the BCP?Senior managementSecurity personnelRecovery teamDatabase admins
108 In the past, your global organization tasked individual locations and departments with creating their own separate disaster recovery plans because those employees know best how their organization works. Your new CISO tasked your team with creating a viable plan should your company experience a disaster. What is your mission?Record as many separate plans as necessary.Create one fully integrated business continuity plan.Create separate plans for each geographic location.Keep separate plans for each logical department, regardless of
