Referring to the following figure, what technology is shown that provides fault tolerance for the database servers?
Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts?
Which one of the following is not a privileged administrative activity that should be automatically sent to a log of superuser actions?
Which one of the following individuals is most likely to lead a regulatory investigation?
What type of evidence consists entirely of tangible items that may be brought into a court of law?
Which one of the following trusted recovery types does not fail into a secure operating state?
Which one of the following might a security team use on a honeypot system to consume an attacker’s time while alerting administrators?
Toni responds to the desk of a user who reports slow system activity. Upon checking outbound network connections from that system, Toni notices a large amount of social media traffic originating from the system. The user does not use social media, and when Toni checks the accounts in question, they contain strange messages that appear encrypted. What is the most likely cause of this traffic?
Under what virtualization model does the virtualization platform separate the network control plane from the data plane and replace complex network devices with simpler devices that simply receive instructions from the controller?
Jim would like to identify compromised systems on his network that may be participating in a botnet. He plans to do this by watching for connections made to known command-and-control servers. Which one of the following techniques would be most likely to provide this information if Jim has access to a list of known servers?
As Gary decides what access permissions he should grant to each user, what principle should guide his decisions about default permissions?
As Gary designs the program, he uses the matrix shown here. What principle of information security does this matrix most directly help enforce?
Gary is preparing to create an account for a new user and assign privileges to the HR database. What two elements of information must Gary verify before granting this access?
Gary is preparing to develop controls around access to root encryption keys and would like to apply a principle of security designed specifically for very sensitive operations. Which principle should he apply?
When should an organization conduct a review of the privileged access that a user has to sensitive systems?
Which one of the following terms is often used to describe a collection of unrelated patches released in a large collection?
Which one of the following tasks is performed by a forensic disk controller?
Lydia is processing access control requests for her organization. She comes across a request where the user does have the required security clearance, but there is no business justification for the access. Lydia denies this request. What security principle is she following?
Match each of the numbered terms with its correct lettered definition:
Terms
Definitions
Which one of the following mechanisms is not commonly seen as a deterrent to fraud?
Brian recently joined an organization that runs the majority of its services on a virtualization platform located in its own data center but also leverages an IaaS provider for hosting its web services and a SaaS email system. What term best describes the type of cloud environment this organization uses?
Tom is responding to a recent security incident and is seeking information on the approval process for a recent modification to a system’s security settings. Where would he most likely find this information?
Mark is considering replacing his organization’s customer relationship management (CRM) solution with a new product that is available in the cloud. This new solution is completely managed by the vendor, and Mark’s company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering?
Which one of the following information sources is useful to security administrators seeking a list of information security vulnerabilities in applications, devices, and operating systems?
Which of the following would normally be considered an example of a disaster when performing disaster recovery planning?
Glenda would like to conduct a disaster recovery test and is seeking a test that will allow a review of the plan with no disruption to normal information system activities and as minimal a commitment of time as possible. What type of test should she choose?
Which one of the following is not an example of a backup tape rotation scheme?
Helen is implementing a new security mechanism for granting employees administrative privileges in the accounting system. She designs the process so that both the employee’s manager and the accounting manager must approve the request before the access is granted. What information security principle is Helen enforcing?
Which one of the following is not a requirement for evidence to be admissible in court?
In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other’s identity?
Which of the following organizations would be likely to have a representative on a CSIRT?
Sam is responsible for backing up his company’s primary file server. He configured a backup schedule that performs full backups every Monday evening at 9 p.m. and differential backups on other days of the week at that same time. Files change according to the information shown in the following figure. How many files will be copied in Wednesday’s backup?
Which one of the following security tools is not capable of generating an active response to a security event?
In virtualization platforms, what name is given to the module that is responsible for controlling access to physical resources by virtual resources?
What term is used to describe the default set of privileges assigned to a user when a new account is created?
Which one of the following types of agreements is the most formal document that contains expectations about availability and other performance parameters between a service provider and a customer?
Which one of the following frameworks focuses on IT service management and includes topics such as change management, configuration management, and service level agreements?
Richard is experiencing issues with the quality of network service on his organization’s network. The primary symptom is that packets are consistently taking too long to travel from their source to their destination. What term describes the issue Richard is facing?
Joe wants to test a program he suspects may contain malware. What technology can he use to isolate the program while it runs?
Which one of the following is an example of a manmade disaster?
Which of the following is not true about the (ISC)2 code of ethics?
Javier is verifying that only IT system administrators have the ability to log on to servers used for administrative purposes. What principle of information security is he enforcing?
Which one of the following is not a basic preventative measure that you can take to protect your systems and applications against attack?
Tim is a forensic analyst who is attempting to retrieve information from a hard drive. It appears that the user attempted to erase the data, and Tim is trying to reconstruct it. What type of forensic analysis is Tim performing?
Which one of the following is an example of a computer security incident?
Which one of the following technologies would provide the most automation of an inventory control process in a cost-effective manner?
Connor’s company recently experienced a denial of service attack that Connor believes came from an inside source. If true, what type of event has the company experienced?
What type of attack is shown in the following figure?
Florian is building a disaster recovery plan for his organization and would like to determine the amount of time that a particular IT service may be down without causing serious damage to business operations. What variable is Florian calculating?
Which one of the following statements best describes a zero-day vulnerability?
Which one of the following is not a canon of the (ISC)2 code of ethics?
During an incident investigation, investigators meet with a system administrator who may have information about the incident but is not a suspect. What type of conversation is taking place during this meeting?
Match each of the numbered types of recovery capabilities to their correct lettered definition:
Terms
Definitions
What technique has been used to protect the intellectual property in the following image?
You are working to evaluate the risk of flood to an area and consult the flood maps from the Federal Emergency Management Agency (FEMA). According to those maps, the area lies within a 200-year flood plain. What is the annualized rate of occurrence (ARO) of a flood in that region?
Which one of the following individuals poses the greatest risk to security in most well-defended organizations?
Veronica is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move database backups from the primary facility to an offsite location each night. What type of database recovery technique is the consultant describing?
When designing an access control scheme, Hilda set up roles so that the same person does not have the ability to provision a new user account and assign superuser privileges to an account. What information security principle is Hilda following?
Reggie recently received a letter from his company’s internal auditors scheduling the kickoff meeting for an assessment of his group. Which of the following should Reggie not expect to learn during that meeting?
Which one of the following events marks the completion of a disaster recovery process?
Melanie suspects that someone is using malicious software to steal computing cycles from her company. Which one of the following security tools would be in the best position to detect this type of incident?
Brandon observes that an authorized user of a system on his network recently misused his account to exploit a system vulnerability against a shared server that allowed him to gain root access to that server. What type of attack took place?
Carla has worked for her company for 15 years and has held a variety of different positions. Each time she changed positions, she gained new privileges associated with that position, but no privileges were ever taken away. What concept describes the sets of privileges she has accumulated?
During what phase of the incident response process do administrators take action to limit the effect or scope of an incident?
At this point in the incident response process, what term best describes what has occurred in Ann’s organization?
Ann continues her investigation and realizes that the traffic generating the alert is abnormally high volumes of inbound UDP traffic on port 53. What service typically uses this port?
As Ann analyzes the traffic further, she realizes that the traffic is coming from many different sources and has overwhelmed the network, preventing legitimate uses. The inbound packets are responses to queries that she does not see in outbound traffic. The responses are abnormally large for their type. What type of attack should Ann suspect?
Now that Ann understands that an attack has taken place that violates her organization’s security policy, what term best describes what has occurred in Ann’s organization?
Frank is seeking to introduce a hacker’s laptop in court as evidence against the hacker. The laptop does contain logs that indicate the hacker committed the crime, but the court ruled that the search of the apartment that resulted in police finding the laptop was unconstitutional. What admissibility criteria prevents Frank from introducing the laptop as evidence?
Gordon suspects that a hacker has penetrated a system belonging to his company. The system does not contain any regulated information, and Gordon wishes to conduct an investigation on behalf of his company. He has permission from his supervisor to conduct the investigation. Which of the following statements is true?
Which one of the following tools provides an organization with the greatest level of protection against a software vendor going out of business?
Fran is considering new human resources policies for her bank that will deter fraud. She plans to implement a mandatory vacation policy. What is typically considered the shortest effective length of a mandatory vacation?
Which of the following events would constitute a security incident?
Which one of the following traffic types should not be blocked by an organization’s egress filtering policy?
Allie is responsible for reviewing authentication logs on her organization’s network. She does not have the time to review all logs, so she decides to choose only records where there have been four or more invalid authentication attempts. What technique is Allie using to reduce the size of the pool?
You are performing an investigation into a potential bot infection on your network and wish to perform a forensic analysis of the information that passed between different systems on your network and those on the Internet. You believe that the information was likely encrypted. You are beginning your investigation after the activity concluded. What would be the best and easiest way to obtain the source of this information?
Which one of the following tools helps system administrators by providing a standard, secure template of configuration settings for operating systems and applications?
What type of disaster recovery test activates the alternate processing facility and uses it to conduct transactions but leaves the primary site up and running?
During which phase of the incident response process would an analyst receive an intrusion detection system alert and verify its accuracy?
In what virtualization model do full guest operating systems run on top of a virtualization platform?
What level of RAID is also known as disk mirroring?
Bruce is seeing quite a bit of suspicious activity on his network. It appears that an outside entity is attempting to connect to all of his systems using a TCP connection on port 22. What type of scanning is the outsider likely engaging in?
The historic ping of death attack is most similar to which of the following modern attack types?
Roger recently accepted a new position as a security professional at a company that runs its entire IT infrastructure within an IaaS environment. Which one of the following would most likely be the responsibility of Roger’s firm?
What technique can application developers use to test applications in an isolated virtualized environment before allowing them on a production network?
Gina is the firewall administrator for a small business and recently installed a new firewall. After seeing signs of unusually heavy network traffic, she checked the intrusion detection system, which reported that a SYN flood attack was under way. What firewall configuration change can Gina make to most effectively prevent this attack?
What type of trust relationship extends beyond the two domains participating in the trust to one or more of their subdomains?
Renee is a software developer who writes code in Node.js for her organization. The company is considering moving from a self-hosted Node.js environment to one where Renee will run her code on application servers managed by a cloud vendor. What type of cloud solution is Renee’s company considering?
Timber Industries recently got into a dispute with a customer. During a meeting with his account representative, the customer stood up and declared, “There is no other solution. We will have to take this matter to court.” He then left the room. When does Timber Industries have an obligation to begin preserving evidence?
What legal protection prevents law enforcement agencies from searching a facility or electronic system without either probable cause or consent?
Darcy is a computer security specialist who is assisting with the prosecution of a hacker. The prosecutor requests that Darcy give testimony in court about whether, in her opinion, the logs and other records in a case are indicative of a hacking attempt. What type of evidence is Darcy being asked to provide?
Which one of the following techniques is not commonly used to remove unwanted remnant data from magnetic tapes?
What is the minimum number of disks required to implement RAID level 1?
Jerome is conducting a forensic investigation and is reviewing database server logs to investigate query contents for evidence of SQL injection attacks. What type of analysis is he performing?
Quantum Computing regularly ships tapes of backup data across the country to a secondary facility. These tapes contain confidential information. What is the most important security control that Quantum can use to protect these tapes?
Carolyn is concerned that users on her network may be storing sensitive information, such as Social Security numbers, on their hard drives without proper authorization or security controls. What technology can she use to best detect this activity?
Under what type of software license does the recipient of software have an unlimited right to copy, modify, distribute, or resell a software package?
In what type of attack do attackers manage to insert themselves into a connection between a user and a legitimate website?
Which one of the following techniques uses statistical methods to select a small number of records from a large pool for further analysis with the goal of choosing a set of records that is representative of the entire pool?
Which one of the following controls protects an organization in the event of a sustained period of power loss?
What concept from the Federal Rules of Civil Procedure (FCRP) helps to ensure that additional time and expense are not incurred as part of electronic discovery when the benefits do not outweigh the costs?
Anne wants to gather information about security settings as well as build an overall view of her organization’s assets by gathering data about a group of Windows 10 workstations spread throughout her company. What Windows tool is best suited to this type of configuration management task?
Scott is responsible for disposing of disk drives that have been pulled from his company’s SAN as they are retired. Which of the following options should he avoid if the data on the SAN is considered highly sensitive by his organization?
What documentation is typically prepared after a postmortem review of an incident has been completed?
Staff from Susan’s company often travel internationally. Susan believes that they may be targeted for corporate espionage activities because of the technologies that her company is developing. What practice should Susan recommend that they adopt for connecting to networks while they travel?
Matt wants to ensure that critical network traffic from systems throughout his company is prioritized over web browsing and social media use at this company. What technology can he use to do this?
John deploys his website to multiple regions using load balancers around the world through his cloud infrastructure as a service provider. What availability concept is he using?
Lauren wants to ensure that her users only run software that her organization has approved. What technology should she deploy?
When one of the employees of Alice’s company calls in for support, she uses a code word that the company agreed to use if employees were being forced to perform an action. What is this scenario called?