CISSP-operations Security

21 Questions | Attempts: 301
Share
Quiz Flashcard
SettingsSettings
Please wait...
  • 1/21 Questions

    Th e major benefi t of information classifi cation is to

    • Map out the computing ecosystem
    • Identify the threats and vulnerabilities
    • Determine the software baseline
    • Identify the appropriate level of protection needs
Please wait...

Quiz Preview

  • 2. 

    Reports must be specific on both the message and which of the following?

    • Intended audience

    • Delivery options

    • Colors used

    • Print layout

    Correct Answer
    A. Intended audience
    Explanation
    Reporting is also fundamental to successful security operations.
    It can take a variety of forms depending on the intended audience. Technical
    reporting tends to be designed for technical specialists or managers with direct
    responsibility for service delivery. Management reporting will provide summaries
    of multiple systems as well as key metrics for each of the services covered by the
    report. Executive dashboards are intended for the executive who is interested in seeing
    only the highlights across multiple services, and provide simple summaries of
    current state, usually in a highly visual form such as charts and graphs. Page 561.

    Rate this question:

  • 3. 

    In order to ensure constant redundancy and fault-tolerance, which of the following type of spare is recommended?

    • Cold spare

    • Warm spare

    • Hot spare

    • Archives

    Correct Answer
    A. Hot spare
    Explanation
    A cold spare is a spare component that is not powered up but is a
    duplicate of the primary component that can be inserted into the system if needed.
    Warm spares are those that are already inserted in the system but do not receive
    power unless they are required. Hot spares stay powered on and waiting to be called
    upon as needed. Archives are data backups stored for historical purposes. To ensure
    constant redundancy and fault-tolerance, hot spare is the best option. Page 545.

    Rate this question:

  • 4. 

    For which of the following groups is the threat of unauthorized disclosure of sensitive information most likely to go unnoticed in the absence of auditing?

    • Malicious software (malware)

    • Hacker or cracker

    • Disgruntled employee

    • Auditors

    Correct Answer
    A. Disgruntled employee
    Explanation
    Insiders (employees, contractors, etc.) can have access to
    information that they should not be allowed to and in the absence of auditing
    (logging) their actions can go unnoticed. Encryption can provide controls over
    unauthorized disclosure. External attacker (hacker or cracker) activity and malware
    usually raise alerts on intrusion detection systems (IDS). Auditors may have the
    need and authorization for the disclosure of sensitive information and this access is
    often monitored. Page 543.

    Rate this question:

  • 5. 

    When normal traffic is flagged as an attack, it is an example of

    • Fail-safe

    • Fail-secure

    • False-negative

    • False-positive

    Correct Answer
    A. False-positive
    Explanation
    False-positives occur when the IDS or IPS identifi es something
    as an attack, but it is in fact normal traffi c. False-negatives occur when it failed to
    interpret something as an attack when it should have. In these cases, intrusion
    systems must be carefully “tuned” to ensure that these are kept to a minimum.
    Page 564.

    Rate this question:

  • 6. 

    Th e doors of a data center opens up in the event of a fi re. Th is is an example of

    • Fail-safe

    • Fail-secure

    • Fail-open

    • Fail-closed

    Correct Answer
    A. Fail-safe
    Explanation
    Fail-safe mechanisms focuses on failing with a minimum of
    harm to personnel while fail-secure focuses on failing in a controlled manner to
    block access while the systems is in an inconsistent state. For example, data center
    door systems will fail safe to ensure that personnel can escape the area when the
    electrical power fails. A fail-secure door would prevent personnel from using the
    door at all, which could put personnel in jeopardy. Fail-open and fail-closed are fail
    safe mechanisms. Page 545.

    Rate this question:

  • 7. 

    Which of the following can help with ensuring that only the needed logs are collected for monitoring?

    • Clipping level

    • Clearance level

    • Least privilege

    • Separation of duties

    Correct Answer
    A. Clipping level
    Explanation
    Clipping levels are used to ensure that only needed logs are
    collected. Th is is mainly used, because even on a single system, logs can get to be
    very large. An example of a clipping level is that only failed access attempts are
    logged. Page 562.

    Rate this question:

  • 8. 

    When information, once classifi ed highly sensitive, is no longer critical or highly valued, that information must be

    • Destroyed

    • Declassified

    • Degaussed

    • Deleted

    Correct Answer
    A. Declassified
    Explanation
    Information classifi cation also includes the processes and
    procedures to declassify information. For example, declassifi cation may be used to
    downgrade the sensitivity of information. Over the course of time, information
    once considered sensitive may decline in value or criticality. In these instances,
    declassifi cation eff orts should be implemented to ensure that excessive protection
    controls are not used for nonsensitive information. When declassifying information,
    marking, handling, and storage requirements will likely be reduced.
    Organizations should have declassifi cation practices well documented for use by
    individuals assigned with the task. Information may still be needed and so it cannot
    be destroyed, degaussed, or deleted. Page 555.

    Rate this question:

  • 9. 

    Th e main benefit of placing users into groups and roles is

    • Ease of user administration

    • Increased security

    • Ease of programmatic access

    • Automation

    Correct Answer
    A. Ease of user administration
    Explanation
    While placing users into groups and roles can yield in increased
    security, ease of programmatic access, or automation, the main reason as to why
    this is done is for the ease of user administration. Effi cient management of users
    requires the assignment of individual accounts into groups or roles. Groups and
    roles allow rights and privileges to be assigned to groups or a role as opposed to
    individual accounts. Individual user accounts can then be assigned to one or more
    groups depending on the access and privileges they require. Page 556.

    Rate this question:

  • 10. 

    Th e main diff erence between a security event management (SEM) system and a log management system is that SEM systems are useful for log collection, collation, and analysis

    • In real time

    • For historical purposes

    • For admissibility in court

    • In discerning patterns

    Correct Answer
    A. In real time
    Explanation
    Security event management (SEM) solutions are intended to
    provide a common platform for log collection, collation, and analysis in real-time
    to allow for more eff ective and effi cient response. Log management systems are
    similar in that, they also collect logs and provide the ability to report against them,
    although their focus tends to be on the historical analysis of log information, rather
    than real-time analysis. Th ey may be combined with SEM solutions to provide
    both historical and real-time functions. Evidence collections for admissibility in
    court and pattern discernment are not real-time functions. Page 563.

    Rate this question:

  • 11. 

    The best way to ensure that there is no data remanence of sensitive information that was once stored on a burn-once DVD media is by

    • Deletion

    • Degaussing

    • Destruction

    • Overwriting

    Correct Answer
    A. Destruction
    Explanation
    Optical media such as CDs and DVD must be physically
    destroyed to make sure that there is no residual data that can be disclosed. Since the
    media mentioned in this context is a read-only media (burn-once) DVD, the information
    on it cannot be overwritten or deleted. Degaussing can reduce or remove
    data remanence in magnetic nonoptical media. Page 567.

    Rate this question:

  • 12. 

    Before applying a software update to production systems, it is extremely important that

    • Full disclosure information about the threat that the patch addresses is available

    • The patching process is documented

    • The production systems are backed up

    • An independent third party attests the validity of the patch

    Correct Answer
    A. The production systems are backed up
    Explanation
    Prior to deploying updates to production servers, make certain
    that a full system backup is conducted. In the regrettable event of a system crash,
    due to the update, the server and data can be recovered without a signifi cant loss
    of data. Additionally, if the update involved propriety code, it will be necessary to
    provide a copy of the server or application image to the media librarian. Th e presence
    or absence of full disclosure information is good to have but not a requirement
    as the patching process will have to be a risk-based decision as it applies to the
    organization. Documentation of the patching process is the last step in patch management
    processes. Independent third-party assessments are not usually related to
    attesting patch validity. Page 574.

    Rate this question:

  • 13. 

    When you approach a restricted facility, you are requested for identifi cation and verifi ed against a pre-approved list by the guard at the front gate before being let in. Th is is an example of checking for the principle of

    • Least privilege

    • Separation of duties

    • Fail-safe

    • Psychological acceptability

    Correct Answer
    A. Least privilege
    Explanation
    Access to facilities should be limited to named individuals
    with a requirement for physical access following the principle of least privilege.
    Individuals who do not require frequent physical access to physical systems should
    not receive access to the facility. If occasional access is required, then temporary
    access should be granted and revoked when it is no longer required. It is recommended
    that you are familiar with the other principles mentioned. Page 552.

    Rate this question:

  • 14. 

    In the event of a security incident, one of the primary objectives of the operations staff is to ensure that

    • The attackers are detected and stopped.

    • There is minimum disruption to the organization’s activities.

    • Appropriate documentation about the event is maintained as chain of evidence.

    • Th e affected systems are immediately shut off to limit to the impact.

    Correct Answer
    A. There is minimum disruption to the organization’s activities.
    Explanation
    While the operations staff may be able to detect the attack and
    in some cases the attackers, there is very little that the operations staff can do to stop
    them. All actions taken by the operations staff as they respond to handle the security
    incident must follow established protocols and documented, but this is not their
    primary objective. The affected systems must only be shut off after necessary data
    or evidence that will be admissible in court is collected. Th e best answer choice is
    that the operations staff must maintain operational resilience; i.e., there is minimum
    disruption to the organization’s activities. Page 542

    Rate this question:

  • 15. 

    If speed is preferred over resilience, which of the following RAID confi guration is the most suited?

    • RAID 0

    • RAID 1

    • RAID 5

    • RAID 10

    Correct Answer
    A. RAID 0
    Explanation
    In a RAID 0 confi guration, fi les are written in stripes across
    multiple disks without the use of parity information. Th is technique allows for fast
    reading and writing to disk since all of the disks can typically be accessed in parallel.
    However, without the parity information, it is not possible to recover from a
    hard drive failure. Th is technique does not provide redundancy and should not be
    used for systems with high availability requirements. It is important that you are
    familiar with all of the RAID confi gurations and when to use which confi guration.
    Page 547.

    Rate this question:

  • 16. 

    Which of the following provides controlled and unintercepted interfaces into privileged user functions?

    • Ring protection

    • Anti-malware

    • Maintenance hooks

    • Trusted paths

    Correct Answer
    A. Trusted paths
    Explanation
    Ring protection can be used to enforce boundary control between
    kernel functions and end-user controls. Anti-malware software is used to protect against
    malicious software. Maintenance hooks are coding constructs written by the software
    developer for troubleshooting and impersonation purposes, but can be a potential backdoor
    for malicious software. Trusted paths provide trustworthy interfaces into privileged
    user functions and are intended to provide a way to ensure that any communications
    over that path cannot be intercepted or corrupted. Page 544.

    Rate this question:

  • 17. 

    When the backup window is not long enough to backup all of the data and the restoration of backup must be as fast as possible, which of the following type of high-availability backup strategy is recommended?

    • Full

    • Incremental

    • Differential

    • Increase the backup window so a full backup can be performed

    Correct Answer
    A. Differential
    Explanation
    Full backup would not be possible since the backup window is
    not long ago for all the data to be backed up. Additionally, it is less likely that the
    backup window can be increased to allow for a full backup, which is both time consuming
    and costly from a storage perspective. In an incremental backup, only the
    fi les that changed since the last backup will be backed up. In a diff erential backup,
    only the fi les that changed since the last full backup will be backed up. In general,
    diff erentials require more space than incremental backups while incremental backups
    are faster to perform. On the other hand, restoring data from incremental
    backups requires more time than diff erential backups. To restore from incremental
    backups, the last full backup and all of the incremental backups performed are
    combined. In contrast, restoring from a diff erential backup requires only the last
    full backup and the latest diff erential. Page 549.

    Rate this question:

  • 18. 

    Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue?

    • Incident management

    • Problem management

    • Change management

    • Confi guration management

    Correct Answer
    A. Problem management
    Explanation
    While incident management is concerned primarily with managing
    an adverse event, problem management is concerned with tracking that event
    back to a root cause and addressing the underlying problem. Maintaining system
    integrity is accomplished through the process of change control management.
    Confi guration management is a process of identifying and documenting hardware
    components, software, and the associated settings. Page 570.

    Rate this question:

  • 19. 

    Updating records in multiple locations or copying an entire database on to a remote location as a means to ensure the appropriate levels of fault-tolerance and redundancy is known as

    • Data mirroring

    • Database shadowing

    • Backup

    • Archiving

    Correct Answer
    A. Database shadowing
    Explanation
    Data mirroring is a RAID technique that duplicates all disk
    writes from one disk to another to create two identical drives. Database shadowing
    is the technique in which updates are shadowed in multiple locations. It is like
    copying the entire database on to a remote location. Backups are to be conducted
    on a regular basis and are useful in recovering information or a system in the event
    of a disaster. Archiving is the storage of data that is not in continual use for historical
    purposes. Page 549.

    Rate this question:

  • 20. 

    The likelihood of an individual’s compliance to organization’s policy can be determined by their

    • Job rank or title

    • Partnership with the security team

    • Role

    • Clearance level

    Correct Answer
    A. Clearance level
    Explanation
    Clearances are a useful tool for determining the trustworthiness
    of an individual and the likelihood of their compliance with organization policy.
    Job rank, tile, or role may be tied to a clearance level, but this may not always
    be the case. Partnership with the security team does not necessarily mean that the
    individual complies or will comply with the organization’s policy. Page 560.

    Rate this question:

Quiz Review Timeline (Updated): Mar 14, 2022 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 14, 2022
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 22, 2012
    Quiz Created by
    Cindymurray
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.