SP4 > Domain 7 - Security Operations > Flashcards

Domain 7 - Security Operations Flashcards

(35 cards)

Study These Flashcards
1
Q
  1. Assuming a working IDS is in place, which of the following groups is BEST capable of stealing sensitive information due to the absence of system auditing?

A. Malicious software (malware)
B. Hacker or cracker
C. Disgruntled employee
D. Auditors

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Which of the following provides controlled and un-intercepted interfaces into privileged user functions?

A. Ring protection
B. Anti-malware
C. Maintenance hooks
D. Trusted paths

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. The doors of a data center spring open in the event of a fire. This is an example of…

A. Fail-safe
B. Fail-secure
C. Fail-proof
D. Fail-closed

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following ensures constant redundancy and fault-tolerance?

A. Cold spare
B. Warm spare
C. Hot spare
D. Archives

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. If speed is preferred over resilience, which of the following RAID configuration is the most suited?

A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Updating records in multiple locations or copying an entire database on to a remote location as a means to ensure the appropriate levels of fault-tolerance and redundancy is known as…

A. Data mirroring
B. Shadowing
C. Backup
D. Archiving

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. When the backup window is not long enough to backup all of the data and the restoration of backup must be as fast as possible. Which of the following type of high-availability backup strategy is BEST?

A. Full
B. Incremental
C. Differential
D. Increase the backup window so a full backup can be performed

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. At a restricted facility, visitors are requested to provide identification and verified against a pre-approved list by the guard at the front gate before being let in. This is an example of checking for…

A. Least privilege
B. Separation of duties
C. Fail-safe
D. Psychological acceptability

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. When sensitive information is no longer critical but still within scope of a record retention policy, that information is BEST…

A. Destroyed
B. Re-categorized
C. Degaussed
D. Released

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which of the following BEST determines access and suitability of an individual?

A. Job rank or title
B. Partnership with the security team
C. Role
D. Background investigation

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which of the following can help with ensuring that only the needed logs are collected for monitoring?

A. Clipping level
B. Aggregation
C. XML Parsing
D. Inference

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. The main difference between a Security Event Information Management (SEIM) system and a log management system is that SEIM systems are useful for log collection, collation, and analysis…

A. In real time
B. For historical purposes
C. For admissibility in court
D. In discerning patterns

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. The best way to ensure that there is no data remnant of sensitive information that was once stored on a DVD-R media is by…

A. Deletion
B. Degaussing
C. Destruction
D. Overwriting

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue?

A. Incident management
B. Problem management
C. Change management
D. Configuration management

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Before applying a software update to production systems, it is MOST important that…

A. Full disclosure information about the threat that the patch addresses is available
B. The patching process is documented
C. The production systems are backed up
D. An independent third party attests the validity of the patch

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Computer forensics is the marriage of computer science, information technology, and engineering with…

A. Law
B. Information systems
C. Analytical thought
D. The scientific method

17
Q
  1. What principal allows an investigator to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator leaves traces while stealing assets?

A. Meyer’s principal of legal impunity
B. Criminalistic principals
C. IOCE/Group of 8 Nations principals for computer forensics
D. Locard’s principle of exchange

18
Q
  1. Which of the following is part of the five rules of evidence?

A. Be authentic, be redundant and be admissible.
B. Be complete, be authentic and be admissible.
C. Be complete, be redundant and be authentic.
D. Be redundant, be admissible and be complete

19
Q
  1. What is not mentioned as a phase of an incident response?

A. Documentation
B. Prosecution
C. Containment
D. Investigation

20
Q
  1. Which BEST emphasizes the abstract concepts of law and is influenced by the writings of legal scholars and academics.

A. Criminal law
B. Civil law
C. Religious law
D. Administrative law

21
Q
  1. Which of the following are computer forensics guidelines?

A. IOCE, MOM and SWGDE.
B. MOM, SWGDE and IOCE.
C. IOCE, SWGDE and ACPO.
D. ACPO, MOM and IOCE.

22
Q
  1. Triage encompasses which of the following incident response sub-phases?

A. Collection, transport, testimony
B. Traceback, feedback, loopback
C. Detection, identification, notification
D. Confidentiality, integrity, availability

23
Q
  1. The integrity of a forensic bit stream image is determined by:

A. Comparing hash totals to the original source
B. Keeping good notes
C. Taking pictures
D. Encrypted keys

24
Q
  1. When dealing with digital evidence, the crime scene:

A. Must never be altered
B. Must be completely reproducible in a court of law
C. Must exist in only one country
D. Must have the least amount of contamination that is possible

25
25. When outsourcing IT systems… A. all regulatory and compliance requirements must be passed on to the provider. B. the outsourcing organization is free from compliance obligations. C. the outsourced IT systems are free from compliance obligations. D. the provider is free from compliance obligations.
A
26
26. When dealing with digital evidence, the chain of custody: A. Must never be altered B. Must be completely reproducible in a court of law C. Must exist in only one country D. Must follow a formal documented process
D
27
27. To ensure proper forensics action when needed, an incident response program must: A. avoid conflicts of interest by ensuring organization legal council is not part of the process. B. routinely create forensic images of all desktops and servers. C. only promote closed incidents to law enforcement. D. treat every incident as though it may be a crime.
D
28
28. A hard drive is recovered from a submerged vehicle. The drive is needed for a court case. What is the best approach to pull information off the drive? A. Wait for the drive to dry and then install it in a desktop and attempt to retrieve the information via normal operating system commands. B. Place the drive in a forensic oven to dry it and then use a degausser to remove any residual humidity prior to installing the drive in a laptop and using the OS to pull off information. C. While the drive is still wet use a forensic bit to bit copy program to ensure the drive is preserved in its “native” state. D. Contact a professional data recovery organization, explain the situation and request they pull a forensic image.
D
29
29. To successfully complete a vulnerability assessment, it is critical that protection systems are well understood through: A. Threat definition, target identification and facility characterization B. Threat definition, conflict control and facility characterization C. Risk assessment, threat identification and incident review D. Threat identification, vulnerability appraisal and access review
A
30
30. The strategy of forming layers of protection around an asset or facility is known as: A. Secured Perimeter B. Defense-in-Depth C. Reinforced Barrier Deterrent D. Reasonable Asset Protection
B
31
31. The key to a successful physical protection system is the integration of: A. people, procedures, and equipment B. technology, risk assessment, and human interaction C. protecting, offsetting, and transferring risk D. detection, deterrence, and response
A
32
32. For safety considerations in perimeter areas such as parking lots or garages what is the advised lighting? A. 3 fc B. 5 fc C. 7 fc D. 10 fc
B
33
33. What would be the most appropriate interior sensor used for a building that has windows along the ground floor? A. infrared glass-break sensor B. ultrasonic glass-break sensors C. acoustic/shock glass-break sensors D. volumetric sensors
C
34
34. Which of the following BEST describe three separate functions of CCTV? A. surveillance, deterrence, and evidentiary archives B. intrusion detection, detainment and response C. optical scanning, infrared beaming and lighting D. monitoring, white balancing and inspection
A
35
35. What is the BEST means of protecting the physical devices associated with the alarm system? A. Tamper protection B. Target hardening C. Security design D. UL 2050
A
SP4
flashcards
Decks in class (9)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions