security. Apprise senior management.Provide detailed documentation.137 One of the software developers made a change in code that unintentionally diminishes security. Which of the following change control processes will be most effective in this situation?RollbackLoggingCompilingPatching
138 A newly certified administrator makes a change to Group Policy for 12,000 users. The box is checked on the operating systems to not allow the overwriting of security logs. After 48 hours, no users can log into their domain accounts because the security logs have filled up. What change control process step was skipped?ApprovalTestingImplementationDeployment
139 Your organization finds it difficult to distinguish what data can be shared with a customer and what should remain internal. They assigned you the task of data classification. What is the primary purpose of this task?Justification of expensesAssigning value to dataDefining necessary security protectionsControlling user access
140 The security awareness training informed employees that within their operating systems an auditing feature was enabled. What form of control is used when end users are informed that their actions are monitored on the network?DirectiveCorrectiveDetectivePreventative
141 Your external auditor submitted the final report to the board of directors and upper management. Who is responsible for implementing the recommendations in this report?End usersInternal auditorsSecurity administratorsSenior management
142 A security vulnerability was discovered while a system went through the accreditation process. What action should come next?Start the accreditation process over again once the issue is fixed.Restart the accreditation process from when the issue was discovered.Reimage the system and start the accreditation from the beginning.Reimage the system and start from the current point.
143 Your organization was breached, but you have been able to prove that sufficient due care was taken. What burden is eliminated?LiabilityInvestigationFinancial lossNegligence
144 You are a security administrator and were notified by your IPS that there is an issue. You quickly solve the problem. What needs to be done once the problem has been fixed?After-action reportMOAIncident reportUpdate to security policy
145 Your department was tasked with implementing Bluetooth connectivity controls to mitigate risk. Which of these BEST describes the network you will create?PANLANWANWLAN
146 You are planning the site security for a new building. The network administrators would like the server room door to be secured with RFID. The security team would like to use a cipher lock. Loss of the data on these servers is high risk. What should your plan start with?A meeting to discuss security optionsSmartcardsTFA, both cipher lock and RFIDA keyed lock only
147 You are a systems analyst conducting a vulnerability assessment. Which of the following is not a requirement for you to know?Access controlsUnderstanding of the systems to be evaluated Potential threatsPasswords
148 You are made aware of a threat that involves a hacking group holding large amounts of information about your company. What BEST describes the threat you face from this hacking group?DoSTCOLatencyData mining
149 Your CISO has asked you to evaluate an antivirus tool for all company-issued laptops. The cost is $3,000 for all 90 laptops. From historical data you anticipate that 12 computers will be affected with a SLE of $1,500. What do you recommend to the CISO?Accept the risk.Mitigate the risk.Transfer the risk.Avoid the risk.
150 You are evaluating the risk for your data center. You assigned threat, vulnerability, and impact a score from 1 to 10. The data center scores are as follows: Threat: 4, Vulnerability: 2, Impact: 6. What is the risk?12164835
151 You are tasked with creating a grouping of subjects and objects with the same security requirements. What should you build?MatrixDomainLLCMeshed network
152 You have a new security policy that requires backing up critical data off-site. This data must be backed up hourly. Cost is important. What method are you most likely to deploy?Remote accountingElectronic vaultingActive clusteringDatabase shadow copies
153 Your customer-facing website experiences some failures. The security engineer analyzed the situation and believes it is the web application firewall. Syslog shows that the WAF was down twice for a total of 3 hours in the past 72 hours. Which of the following is your mean time to repair (MTTR)?2.5 hours1.5 hours34.5 hours3 hours
154 Your financial institution decided to purchase costly custom computer systems. The vendor supplying the custom systems is experiencing a few minor legal issues. What should the CISO recommend to limit exposure?Source code escrowPenalty clauseSLAProof of insurance in the RFP
155 Your department started to plan for next year. You need to gain clarity about what your key performance indicators are for the current year. Which of the following is not found in a KPI?MeasurementTargetInvestmentData source
156 Your senior management wants to measure how risky an activity will be. This metric is used to provide a signal of increasing risk exposure. You need to identify which of the following?Key risk indicatorsKey performance indicatorsTotal cost of ownershipRisk assessment
157 Capturing lessons learned is an ongoing effort you have implemented in your technical project management. You will use this data in the future for process improvements. Not learning from project failures can lead to which of the following?Repeating the failureMissing opportunitiesImplementing good processesPreparing for current projects
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.
