CISSP-operations Security
21 Questions
| Attempts: 301
Questions and Answers
- 1.
In the event of a security incident, one of the primary objectives of the operations staff is to ensure that
- A.
The attackers are detected and stopped.
- B.
There is minimum disruption to the organization’s activities.
- C.
Appropriate documentation about the event is maintained as chain of evidence.
- D.
Th e affected systems are immediately shut off to limit to the impact.
Correct Answer
B. There is minimum disruption to the organization’s activities.Explanation
While the operations staff may be able to detect the attack and
in some cases the attackers, there is very little that the operations staff can do to stop
them. All actions taken by the operations staff as they respond to handle the security
incident must follow established protocols and documented, but this is not their
primary objective. The affected systems must only be shut off after necessary data
or evidence that will be admissible in court is collected. Th e best answer choice is
that the operations staff must maintain operational resilience; i.e., there is minimum
disruption to the organization’s activities. Page 542Rate this question:
-
- 2.
For which of the following groups is the threat of unauthorized disclosure of sensitive information most likely to go unnoticed in the absence of auditing?
- A.
Malicious software (malware)
- B.
Hacker or cracker
- C.
Disgruntled employee
- D.
Auditors
Correct Answer
C. Disgruntled employeeExplanation
Insiders (employees, contractors, etc.) can have access to
information that they should not be allowed to and in the absence of auditing
(logging) their actions can go unnoticed. Encryption can provide controls over
unauthorized disclosure. External attacker (hacker or cracker) activity and malware
usually raise alerts on intrusion detection systems (IDS). Auditors may have the
need and authorization for the disclosure of sensitive information and this access is
often monitored. Page 543.Rate this question:
-
- 3.
Which of the following provides controlled and unintercepted interfaces into privileged user functions?
- A.
Ring protection
- B.
Anti-malware
- C.
Maintenance hooks
- D.
Trusted paths
Correct Answer
D. Trusted pathsExplanation
Ring protection can be used to enforce boundary control between
kernel functions and end-user controls. Anti-malware software is used to protect against
malicious software. Maintenance hooks are coding constructs written by the software
developer for troubleshooting and impersonation purposes, but can be a potential backdoor
for malicious software. Trusted paths provide trustworthy interfaces into privileged
user functions and are intended to provide a way to ensure that any communications
over that path cannot be intercepted or corrupted. Page 544.Rate this question:
-
- 4.
Th e doors of a data center opens up in the event of a fi re. Th is is an example of
- A.
Fail-safe
- B.
Fail-secure
- C.
Fail-open
- D.
Fail-closed
Correct Answer
A. Fail-safeExplanation
Fail-safe mechanisms focuses on failing with a minimum of
harm to personnel while fail-secure focuses on failing in a controlled manner to
block access while the systems is in an inconsistent state. For example, data center
door systems will fail safe to ensure that personnel can escape the area when the
electrical power fails. A fail-secure door would prevent personnel from using the
door at all, which could put personnel in jeopardy. Fail-open and fail-closed are fail
safe mechanisms. Page 545.Rate this question:
-
- 5.
In order to ensure constant redundancy and fault-tolerance, which of the following type of spare is recommended?
- A.
Cold spare
- B.
Warm spare
- C.
Hot spare
- D.
Archives
Correct Answer
C. Hot spareExplanation
A cold spare is a spare component that is not powered up but is a
duplicate of the primary component that can be inserted into the system if needed.
Warm spares are those that are already inserted in the system but do not receive
power unless they are required. Hot spares stay powered on and waiting to be called
upon as needed. Archives are data backups stored for historical purposes. To ensure
constant redundancy and fault-tolerance, hot spare is the best option. Page 545.Rate this question:
-
- 6.
If speed is preferred over resilience, which of the following RAID confi guration is the most suited?
- A.
RAID 0
- B.
RAID 1
- C.
RAID 5
- D.
RAID 10
Correct Answer
A. RAID 0Explanation
In a RAID 0 confi guration, fi les are written in stripes across
multiple disks without the use of parity information. Th is technique allows for fast
reading and writing to disk since all of the disks can typically be accessed in parallel.
However, without the parity information, it is not possible to recover from a
hard drive failure. Th is technique does not provide redundancy and should not be
used for systems with high availability requirements. It is important that you are
familiar with all of the RAID confi gurations and when to use which confi guration.
Page 547.Rate this question:
-
- 7.
Updating records in multiple locations or copying an entire database on to a remote location as a means to ensure the appropriate levels of fault-tolerance and redundancy is known as
- A.
Data mirroring
- B.
Database shadowing
- C.
Backup
- D.
Archiving
Correct Answer
B. Database shadowingExplanation
Data mirroring is a RAID technique that duplicates all disk
writes from one disk to another to create two identical drives. Database shadowing
is the technique in which updates are shadowed in multiple locations. It is like
copying the entire database on to a remote location. Backups are to be conducted
on a regular basis and are useful in recovering information or a system in the event
of a disaster. Archiving is the storage of data that is not in continual use for historical
purposes. Page 549.Rate this question:
-
- 8.
When the backup window is not long enough to backup all of the data and the restoration of backup must be as fast as possible, which of the following type of high-availability backup strategy is recommended?
- A.
Full
- B.
Incremental
- C.
Differential
- D.
Increase the backup window so a full backup can be performed
Correct Answer
C. DifferentialExplanation
Full backup would not be possible since the backup window is
not long ago for all the data to be backed up. Additionally, it is less likely that the
backup window can be increased to allow for a full backup, which is both time consuming
and costly from a storage perspective. In an incremental backup, only the
fi les that changed since the last backup will be backed up. In a diff erential backup,
only the fi les that changed since the last full backup will be backed up. In general,
diff erentials require more space than incremental backups while incremental backups
are faster to perform. On the other hand, restoring data from incremental
backups requires more time than diff erential backups. To restore from incremental
backups, the last full backup and all of the incremental backups performed are
combined. In contrast, restoring from a diff erential backup requires only the last
full backup and the latest diff erential. Page 549.Rate this question:
-
- 9.
When you approach a restricted facility, you are requested for identifi cation and verifi ed against a pre-approved list by the guard at the front gate before being let in. Th is is an example of checking for the principle of
- A.
Least privilege
- B.
Separation of duties
- C.
Fail-safe
- D.
Psychological acceptability
Correct Answer
A. Least privilegeExplanation
Access to facilities should be limited to named individuals
with a requirement for physical access following the principle of least privilege.
Individuals who do not require frequent physical access to physical systems should
not receive access to the facility. If occasional access is required, then temporary
access should be granted and revoked when it is no longer required. It is recommended
that you are familiar with the other principles mentioned. Page 552.Rate this question:
-
- 10.
Th e major benefi t of information classifi cation is to
- A.
Map out the computing ecosystem
- B.
Identify the threats and vulnerabilities
- C.
Determine the software baseline
- D.
Identify the appropriate level of protection needs
Correct Answer
D. Identify the appropriate level of protection needsExplanation
Information classifi cation refers to the practice of diff erentiating
between diff erent types of information assets and providing some guidance as to how classifi ed information will need to be protected. Vulnerability scans can
be used to map out the computing ecosystem. Th reat modeling is used to identify
threats and vulnerabilities. Confi guration management can be used to determine
the software baseline. Page 554.Rate this question:
-
- 11.
When information, once classifi ed highly sensitive, is no longer critical or highly valued, that information must be
- A.
Destroyed
- B.
Declassified
- C.
Degaussed
- D.
Deleted
Correct Answer
B. DeclassifiedExplanation
Information classifi cation also includes the processes and
procedures to declassify information. For example, declassifi cation may be used to
downgrade the sensitivity of information. Over the course of time, information
once considered sensitive may decline in value or criticality. In these instances,
declassifi cation eff orts should be implemented to ensure that excessive protection
controls are not used for nonsensitive information. When declassifying information,
marking, handling, and storage requirements will likely be reduced.
Organizations should have declassifi cation practices well documented for use by
individuals assigned with the task. Information may still be needed and so it cannot
be destroyed, degaussed, or deleted. Page 555.Rate this question:
-
- 12.
Th e main benefit of placing users into groups and roles is
- A.
Ease of user administration
- B.
Increased security
- C.
Ease of programmatic access
- D.
Automation
Correct Answer
A. Ease of user administrationExplanation
While placing users into groups and roles can yield in increased
security, ease of programmatic access, or automation, the main reason as to why
this is done is for the ease of user administration. Effi cient management of users
requires the assignment of individual accounts into groups or roles. Groups and
roles allow rights and privileges to be assigned to groups or a role as opposed to
individual accounts. Individual user accounts can then be assigned to one or more
groups depending on the access and privileges they require. Page 556.Rate this question:
-
- 13.
The likelihood of an individual’s compliance to organization’s policy can be determined by their
- A.
Job rank or title
- B.
Partnership with the security team
- C.
Role
- D.
Clearance level
Correct Answer
D. Clearance levelExplanation
Clearances are a useful tool for determining the trustworthiness
of an individual and the likelihood of their compliance with organization policy.
Job rank, tile, or role may be tied to a clearance level, but this may not always
be the case. Partnership with the security team does not necessarily mean that the
individual complies or will comply with the organization’s policy. Page 560.Rate this question:
-
- 14.
Reports must be specific on both the message and which of the following?
- A.
Intended audience
- B.
Delivery options
- C.
Colors used
- D.
Print layout
Correct Answer
A. Intended audienceExplanation
Reporting is also fundamental to successful security operations.
It can take a variety of forms depending on the intended audience. Technical
reporting tends to be designed for technical specialists or managers with direct
responsibility for service delivery. Management reporting will provide summaries
of multiple systems as well as key metrics for each of the services covered by the
report. Executive dashboards are intended for the executive who is interested in seeing
only the highlights across multiple services, and provide simple summaries of
current state, usually in a highly visual form such as charts and graphs. Page 561.Rate this question:
-
- 15.
Which of the following can help with ensuring that only the needed logs are collected for monitoring?
- A.
Clipping level
- B.
Clearance level
- C.
Least privilege
- D.
Separation of duties
Correct Answer
A. Clipping levelExplanation
Clipping levels are used to ensure that only needed logs are
collected. Th is is mainly used, because even on a single system, logs can get to be
very large. An example of a clipping level is that only failed access attempts are
logged. Page 562.Rate this question:
-
- 16.
Th e main diff erence between a security event management (SEM) system and a log management system is that SEM systems are useful for log collection, collation, and analysis
- A.
In real time
- B.
For historical purposes
- C.
For admissibility in court
- D.
In discerning patterns
Correct Answer
A. In real timeExplanation
Security event management (SEM) solutions are intended to
provide a common platform for log collection, collation, and analysis in real-time
to allow for more eff ective and effi cient response. Log management systems are
similar in that, they also collect logs and provide the ability to report against them,
although their focus tends to be on the historical analysis of log information, rather
than real-time analysis. Th ey may be combined with SEM solutions to provide
both historical and real-time functions. Evidence collections for admissibility in
court and pattern discernment are not real-time functions. Page 563.Rate this question:
-
- 17.
When normal traffic is flagged as an attack, it is an example of
- A.
Fail-safe
- B.
Fail-secure
- C.
False-negative
- D.
False-positive
Correct Answer
D. False-positiveExplanation
False-positives occur when the IDS or IPS identifi es something
as an attack, but it is in fact normal traffi c. False-negatives occur when it failed to
interpret something as an attack when it should have. In these cases, intrusion
systems must be carefully “tuned” to ensure that these are kept to a minimum.
Page 564.Rate this question:
-
- 18.
The best way to ensure that there is no data remanence of sensitive information that was once stored on a burn-once DVD media is by
- A.
Deletion
- B.
Degaussing
- C.
Destruction
- D.
Overwriting
Correct Answer
C. DestructionExplanation
Optical media such as CDs and DVD must be physically
destroyed to make sure that there is no residual data that can be disclosed. Since the
media mentioned in this context is a read-only media (burn-once) DVD, the information
on it cannot be overwritten or deleted. Degaussing can reduce or remove
data remanence in magnetic nonoptical media. Page 567.Rate this question:
-
- 19.
Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue?
- A.
Incident management
- B.
Problem management
- C.
Change management
- D.
Confi guration management
Correct Answer
B. Problem managementExplanation
While incident management is concerned primarily with managing
an adverse event, problem management is concerned with tracking that event
back to a root cause and addressing the underlying problem. Maintaining system
integrity is accomplished through the process of change control management.
Confi guration management is a process of identifying and documenting hardware
components, software, and the associated settings. Page 570.Rate this question:
-
- 20.
Before applying a software update to production systems, it is extremely important that
- A.
Full disclosure information about the threat that the patch addresses is available
- B.
The patching process is documented
- C.
The production systems are backed up
- D.
An independent third party attests the validity of the patch
Correct Answer
C. The production systems are backed upExplanation
Prior to deploying updates to production servers, make certain
that a full system backup is conducted. In the regrettable event of a system crash,
due to the update, the server and data can be recovered without a signifi cant loss
of data. Additionally, if the update involved propriety code, it will be necessary to
provide a copy of the server or application image to the media librarian. Th e presence
or absence of full disclosure information is good to have but not a requirement
as the patching process will have to be a risk-based decision as it applies to the
organization. Documentation of the patching process is the last step in patch management
processes. Independent third-party assessments are not usually related to
attesting patch validity. Page 574.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 14, 2022Quiz Edited by
ProProfs Editorial Team -
Dec 22, 2012Quiz Created by
Cindymurray
- ACA Quizzes
- ACCA Quizzes
- ACE Quizzes
- BCBA Quizzes
- CCP Quizzes
- CDC Quizzes
- CDCs Quizzes
- CEH Quizzes
- CISA Quizzes
- CISCO Quizzes
- CPT Quizzes
- CSA Quizzes
- CSET Quizzes
- CST Quizzes
- CSWIP Quizzes
- FTCE Quizzes
- HIPAA Quizzes
- IAHCSMM Quizzes
- ISTQB Quizzes
- LEED Ga Quizzes
- MBLEx Quizzes
- NCIDQ Quizzes
- PMP Quizzes
- PRAXIS Quizzes
- PTCB Quizzes
- Six Sigma Quizzes
- TEAS Quizzes
Back to top