THE COMPTIA SECURITY+ EXAM SY0-501 TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING: You are a manager of a bank and you suspect one of your tellers has stolen money from their station. After talking with your supervisor, you place the employee on leave with pay, suspend their computer account, and obtain their proximity card and keys to the building. Which of the following policies did you follow? Which of the following principles stipulates that multiple changes to a computer system should not be made at the same time? Why are penetration test often not advised? You are a security engineer and discovered an employee using the company’s computer systems to operate their small business. The employee installed their personal software on the company’s computer and is using the computer hardware, such as the USB port. What policy would you recommend the company implement to prevent any risk of the company’s data and network being compromised? What should be done to back up tapes that are stored off-site? Which recovery site is the easiest to test? Katelyn is a network technician for a manufacturing company. She is testing a network forensic capturing software and plugs her laptop into an Ethernet switch port and begins capturing network traffic. Later she begins to analyze the data and notices some broadcast and multicast packets, as well as her own laptop’s network traffic. Which of the following statements best describes why Katelyn was unable to capture all network traffic on the switch? Which of the following is not a step of the incident response process? Which of the following is another term for technical controls? You are a security manager for your company and need to reduce the risk of employees working in collusion to embezzle funds. Which of the following policies would you implement? You are a security administrator, and your manager has asked you about protecting the privacy of personally identifiable information (PII) that is collected. Which of the following would be the best option to fulfill the request? Which of the following plans best identifies critical systems and components to ensure the assets are protected? After your company implemented a clean desk policy, you have been asked to secure physical documents every night. Which of the following would be the best solution? Your manager has instructed the team to test certain systems based on the business continuity plan to ensure they are operating properly. The manager wants to ensure there are no overlaps in the plan before implementing the test. Which continuity of operation planning concept is your manager referring to? Which of the following is an example of PHI? Which of the following techniques attempts to predict the likelihood a threat will occur and assigns monetary values should a loss occur? Your competitors are offering a new service that is predicted to sell strong. After much careful research, your company has decided not to launch a competing service due to the uncertainty of the market and the enormous investment required. Which of the following best describes the company’s decision? Which of the following agreements is less formal than a traditional contract but still has a certain level of importance to all parties involved? Your company is considering moving its mail server to a hosting company. This will help reduce hardware and server administrator costs at the local site. Which of the following documents would formally state the reliability and recourse if the reliability is not met? You have an asset that is valued at $16,000, the exposure factor of a risk affecting that asset is 35%, and the annualized rate of occurrence if 75%. What is the SLE? During a meeting, you present management with a list of access controls used on your network. Which of the following controls is an example of a corrective control? You are the new security administrator and have discovered your company lacks deterrent controls. Which of the following would you install that satisfies your needs? (Choose two.) Your company’s security policy includes system testing and security awareness training guidelines. Which of the following control types is this? Which step of the incident response process occurs after containment? You are a security administrator for your company and you identify a security risk. You decide to continue with the current security plan. However, you develop a contingency plan in case the security risk occurs. Which of the following type of risk response technique are you demonstrating? Which of the following best visually shows the state of a computer at the time it was collected by law enforcement? You are asked to protect the company’s data should a complete disaster occur. Which action would be the best option for this request? Which of the following would not be a purpose of a privacy threshold analysis? You have purchased new laptops for your salespeople. You plan to dispose of the hard drives of the former laptops as part of a company computer sale. Which of the following methods would you use to properly dispose of the hard drives? You are the head of the IT department of a school and are looking for a way to promote safe and responsible use of the Internet for students. With the help of the teachers, you develop a document for students to sign that describes methods of accessing the Internet on the school’s network. Which of the following best describes this document? You are the security administrator and have discovered a malware incident. Which of the following responses should you do first? You are an IT administrator for a company and you are adding new employees to an organization’s identity and access management system. Which of the following best describes the process you are performing? Your company is partnering with another company and requires systems to be shared. Which of the following agreements would outline how the shared systems should be interfaced? Mark is an office manager at a local bank branch. He wants to ensure customer information isn’t compromised when the deskside employees are away from their desks for the day. What security concept would Mark use to mitigate this concern? You are a security administrator and advise the web development team to include a CAPTCHA on the web page where users register for an account. Which of the following controls is this referring to? Which of the following is not a common security policy type? As the IT security officer, you are configuring data label options for your company’s research and development file server. Regular users can label documents as contractor, public, or internal. Which label should be assigned to company trade secrets? Users are currently accessing their personal email through company computers, so you and your IT team have created a security policy for email use. What is the next step after creating and approving the email use policy? Which of the following is not a physical security control? Which of the following might you find in a DRP? Your security manager wants to decide which risks to mitigate based on cost. What is this an example of? Your company has outsourced its proprietary processes to Acme Corporation. Due to technical issues, Acme Corporation wants to include a third-party vendor to help resolve the technical issues. Which of the following must Acme Corporation consider before sending data to the third party? Zack is a security administrator who has been given permission to run a vulnerability scan on the company’s wireless network infrastructure. The results show TCP ports 21 and 23 open on most hosts. What port numbers do these refer to? (Choose two.) Which of the following backup concepts is the quickest backup but slowest restore? Which of the following operations should you undertake to avoid mishandling of tapes, removal drives, CDs, and DVDs? Which of the following can be classified as a single point of failure? Which of the following are considered detective controls? Your CIO wants to move the company’s large sets of sensitive data to an SaaS cloud provider to limit the storage and infrastructure costs. Both the cloud provider and the company are required to have a clear understanding of the security controls that will be applied to protect the sensitive data. What type of agreement would the SaaS cloud provider and your company initiate? Which of the following is typically included in a BPA? Your team powered off the SQL database server for over 7 hours to perform a test. Which of the following is the most likely reason for this? Which of the following role-based positions should receive training on how to manage a particular system? You maintain a network of 150 computers and must determine which hosts are secure and which are not. Which of the following tools would best meet your need? You have been instructed to introduce an affected system back into the company’s environment and be sure that it will not lead to another incident. You test, monitor, and validate that the system is not being compromised by any other means. Which of the incident response processes have you completed? You discover that an investigator made a few mistakes during a recent forensic investigation. You want to ensure the investigator follows the appropriate process for the collection, analysis, and preservation of evidence. Which of the following terms should you use for this process? You receive a call from the help desk manager stating that there has been an increase in calls from users reporting their computers are infected with malware. Which of the following incident response steps should be completed first? Which of the following are examples of custodian security roles? (Choose two.) You are the network administrator of your company, and the manager of a retail site located across town has complained about the loss of power to their building several times this year. The branch manager is asking for a compensating control to overcome the power outage. What compensating control would you recommend? James is a security administrator and is attempting to block unauthorized access to the desktop computers within the company’s network. He has configured the computers’ operating systems to lock after 5 minutes of no activity. What type of security control has James implemented? Which of the following terms best describes sensitive medical information? An accounting employee changes roles with another accounting employee every 4 months. What is this an example of? Which of the following are considered inappropriate places to store backup tapes? (Choose two.) You are a member of your company’s security response team and have discovered an incident within your network. You are instructed to remove and restore the affected system. You restore the system with the original disk image and then install patches and disable any unnecessary services to harden the system against any future attacks. Which incident response process have you completed? You are a security administrator and have decided to implement a unified threat management (UTM) appliance within your network. This appliance will provide antimalware, spam filtering, and content inspection along with other protections. Which of the following statements best describes the potential problem with this plan? You are attending a risk analysis meeting and are asked to define internal threats. Which of the following is not considered an internal threat? You are the network director and are creating the following year’s budget. You submit forensic dollar amounts for the cyber incident response team. Which of the following would you not submit? (Choose two.) Computer evidence of a crime is preserved by making an exact copy of the hard disk. Which of the following does this demonstrate? Which option is an example of a workstation not hardened? Which of the following elements should not be included in the preparation phase of the incident response process? Which of the following does not minimize security breaches committed by internal employees? You find one of your employees posting negative comments about the company on Facebook and Twitter. You also discover the employee is sending negative comments from their personal email on the company’s computer. You are asked to implement a policy to help the company avoid any negative reputation in the marketplace. Which of the following would be the best option to fulfill the request? Which of the following statements best describes a differential backup? During which step of the incident response process does root cause analysis occur? Which of the following types of testing can help identify risks? (Choose two.) What can a company do to prevent sensitive data from being retrieved by dumpster diving? You are a network administrator and have been asked to send a large file that contains PII to an accounting firm. Which of the following protocols would it be best to use? Zackary is a network backup engineer and performs a full backup each Sunday evening and an incremental backup Monday through Friday evenings. One of the company’s network servers crashes on Thursday afternoon. How many backups will Zack need to do to restore the server? Your company website is hosted by an Internet service provider. Which of the following risk response techniques is in use? A call center leases a new space across town, complete with a functioning computer network that mirrors the current live site. A high-speed network link continuously synchronizes data between the two sites. Which of the following describes the site at the new leased location? A security administrator is reviewing the company’s continuity plan, and it specifies an RTO of 4 hours and an RPO of 1 day. Which of the following is the plan describing? Which of the following statements is true regarding a data retention policy? You are attending a meeting with your manager and he wants to validate the cost of a warm site versus a cold site. Which of the following reasons best justify the cost of a warm site? (Choose two.) Recently, company data that was sent over the Internet was intercepted and read by hackers. This damaged the company’s reputation with its customers. You have been asked to implement a policy that will protect against these attacks. Which of the following options would you choose to help protect data that is sent over the Internet? (Choose two.) How do you calculate the annual loss expectancy (ALE) that may occur due to a threat? Which of the following impact scenarios would include severe weather events? (Choose two.) Which of the following outlines a business goal for system restoration and allowable data loss? Which of the following is an example of a preventive control? (Choose two.) You are a security administrator for your company and you identify a security risk that you do not have in-house skills to address. You decide to acquire contract resources. The contractor will be responsible for handling and managing this security risk. Which of the following type of risk response technique are you demonstrating? You are an IT manager and discovered your department had a break-in, and the company’s computers were physically damaged. What type of impact best describes this situation? Which of the following would help build informed decisions regarding a specific DRP? Each salesperson who travels has a cable lock to lock down their laptop when they step away from the device. Which of the following controls does this apply? Which of the following secures access to company data in agreement to management policies? You are a server administrator for your company’s private cloud. To provide service to employees, you are instructed to use reliable hard disks in the server to host a virtual environment. Which of the following best describes the reliability of hard drives? You are replacing a number of devices with a mobile appliance that combines several functions. Which of the following describes the new implementation? Which of the following can help mitigate adware intrusions? In the initial stages of a forensics investigation, Zack, a security administrator, was given the hard drive of the compromised workstation by the incident manager. Which of the following data acquisition procedures would Zack need to perform in order to begin the analysis? (Choose two.) Which of the following best describes a Computer Incident Response Team (CIRT)? Which of the following decreases the success of brute-force attacks? A warrant has been issued to investigate a file server that is suspected to be part of an organized crime to steal credit card information. You are instructed to follow the order of volatility. Which data would you collect first? What should human resources personnel be trained in regarding security policies? Which of the following is not a basic concept of computer forensics? The Chief Information Officer (CIO) wants to set up a redundant server location so that the production server images can be moved within 36 hours and the servers can be restored quickly, should a catastrophic failure occur at the primary location. Which of the following can be implemented? Choose the correct order of volatility when collecting digital evidence. Which of the following pieces of information would be summarized in the lessons learned phase of the incident response process? (Choose three.) You receive a phone call from an employee reporting that their workstation is acting strangely. You gather information from the intrusion detection system and notice unusual network traffic from the workstation, and you determine the event may be an incident. You report the event to your manager, who then begins to collect evidence and prepare for the next steps. Which phase of the incident response process is this? Your manager has asked you to recommend a way to transmit PII via email and maintain its confidentiality. Which of the following options is the best solution? Which of the following statements best defines change management? During which step of the incident response process does identification of incidents that can be prevented or mitigated occur? Which of the following best describes the disadvantages of quantitative risk analysis compared to qualitative risk analysis? (Choose two.) Which of the following are disadvantages of using a cold site? (Choose two.) Which of the following policies should be implemented to minimize data loss or theft? Which of the following should a comprehensive data policy include? You have revealed a recent intrusion within the company’s network and have decided to execute incident response procedures. The incident response team has identified audit logs that hold information about the recent security breach. Prior to the incident, a security consultant firm recommended that your company install a NTP server within the network. Which of the following is a setback the incident response team will likely encounter during the assessment? You plan to provide a word processing program to the employees in your company. You decide not to install the program on each employee’s workstation but rather have a cloud service provider host the application. Which of the following risk response techniques best describes the situation? Which of the following statements is true about incremental backup? The chief security officer (CSO) has seen four security breaches during the past 2 years. Each breach cost the company $30,000, and a third-party vendor has offered to repair the security weakness in the system for $250,000. The breached system is set to be replaced in 5 years. Which of the following risk response techniques should the CSO use? Which of the following would not be a guideline for performing a BIA? You are a network administrator and have purchased two devices that will work as failovers for each other. Which of the following does this best demonstrate? Your company has lost power and the salespeople cannot take orders because the computers and phone systems are unavailable. Which of the following would be the best options to an alternate business practice? (Choose two.) Leigh Ann is the new network administrator for a local community bank. She studies the current file server folder structures and permissions. The previous administrator didn’t properly secure customer documents in the folders. Leigh Ann assigns appropriate file and folder permissions to be sure that only the authorized employees can access the data. What security role is Leigh Ann assuming? Which of the following methods is not recommended for removing data from a storage media that is used to store confidential information? A SQL database server is scheduled for full backups on Sundays at 2:00 a.m. and incremental backups each weeknight at 11:00 p.m. Write verification is enabled, and backup tapes are stored off-site at a bank safety deposit box. Which of the following should be completed to ensure integrity and confidentiality of the backups? (Choose two.) You are planning to perform a security audit and would like to see what type of network traffic is transmitting within your company’s network. Which of the following tools would you use? Your company has hired a new administrative assistant to a commercial lender named Leigh Ann. She will be using a web browser on a company computer at the office to access internal documents on a public cloud provider over the Internet. Which type of document should Leigh Ann read and sign? During a conversation with another colleague, you suggest there is a single point of failure in the single load balancer in place for the company’s SQL server. You suggest implementing two load balancers in place with only one in service at a given time. What type of load balancing configuration have you described? Which of the following policies would you implement to help prevent the company’s users from revealing their login credentials for others to view? Which of the following are part of the chain of custody? Zackary has been assigned the task of performing a penetration test on a server and was given limited information about the inner workings of the server. Which of the following tests will he be performing? Which of the following are considered administrative controls? (Choose two.) Which of the following are examples of alternate business practices? (Choose two.) Which of the following require careful handling and special policies for data retention and distribution? (Choose two.) Matt is the head of IT security for a university department. He recently read articles about security breaches that involved malware on USB removable devices and is concerned about future incidents within the university. Matt reviews the past incident responses to determine how these occurrences may be prevented and how to improve the past responses. What type of document should Matt prepare? Categorizing residual risk is most important to which of the following risk response techniques? You are the IT manager and one of your employees asks who assigns data labels. Which of the following assigns data labels? Which of the following is the most pressing security concern related to social media networks? You are a network administrator looking to test patches quickly and often before pushing them out to the production workstations. Which of the following would be the best way to do this? You have instructed your junior network administrator to test the integrity of the company’s backed-up data. Which of the following is the best way to test the integrity of a backup? What concept is being used when user accounts are created by one employee and user permissions are configured by another employee? Your company is requesting the installation of a fence around the property and cipher locks on all front entrances. Which of the following concepts is your company concerned about? Which of the following is an example of a vulnerability assessment tool? A security analyst is analyzing the cost the company could incur if the customer database was breached. The database contains 2,500 records with PII. Studies show the cost per record would be $300. The likelihood that the database would be breached in the next year is only 5%. Which of the following would be the ALE for a security breach? Your team must perform a test of a specific system to be sure the system operates at the alternate site. The results of the test must be compared with the company’s live environment. Which test is your team performing? Which of the following concepts defines a company goal for system restoration and acceptable data loss? Your IT team has created a disaster recovery plan to be used in case a SQL database server fails. What type of control is this? Which of the following is not a step in the incident response process? Which of the following threats is mitigated by shredding paper documents? Your company hires a third-party auditor to analyze the company’s data backup and long-term archiving policy. Which type of organization document should you provide to the auditor? You are a network administrator and have been given the duty of creating users accounts for new employees the company has hired. These employees are added to the identity and access management system and assigned mobile devices. What process are you performing? Which of the following defines a standard operating procedure (SOP)? (Choose three.) Computer equipment was suspected to be involved in a computer crime and was seized. The computer equipment was left unattended in a corridor for 10 minutes while officers restrained a potential suspect. The seized equipment is no longer admissible as evidence because of which of the following violations? Which of the following should be performed when conducting a qualitative risk analysis? (Choose two.)