
Domain 5 Quiz
Domain 5 Quiz
-
Your CEO has met with the CEO of another company, and
they have agreed to work together to develop a new service.
Authentication and identity management will be connected
across the two organizations.
Given the sensitivity of the development project,
user authentication and authorization will use a centralized
server running the best available trusted third-party service.
Users will receive identity and service tokens
from a unified authentication and authorization service,
which requires that system clocks be synchronized
across the organizations.
Applications will be limited to those written with the
API of that service.
What do you need?
- BPA
- Federation
- Kerberos
- KDC
- NTP
- Kerberization
- BPA = the CEOs met
- Federation = connecting IAM
- Kerberos = best available 3rd party authentication service
- KDC = Key Distribution Center, the Kerberos server
- NTP = Network Time Protocol
- Kerberization = (re)writing an application with the Kerberos API, making it Kerberized
-
Your hospital must protect the privacy of its patients and
personnel regarding personal, health,
and financial information.
A variety of federal and state/provincial laws apply
as regulatory requirements.
Select a decision-guidance tool you could use to
inventory, prioritize, and mitigate privacy issues
in programs and systems.
- ROI
- PII
- PIA
- PHI
-
Mandy is the director of the HR department.
In order to cut costs, she has decided to select some good
training material that everyone can benefit from,
and send all personnel through the same risk management
training.
The HR department only needs to buy one set of material.
If all events contain the same content, just one or a
few personnel out of each department can attend a session,
meaning that all groups can continue normal operations.
But which security advantage has been lost?
- Role-based
- Risk-prioritized
- Agile-based
- Morale-boosting
-
Jacqueline, a cybersecurity analyst at a major hospital,
has been tasked with a quantitative risk analysis of
data loss in the patient billing system.
Initial measurements show an
EF of 0.5,
an ARO of 3, and
an ALE of 60,000.
How much should the hospital expect to lose in a typical year?
- 20,000
- 30,000
- 60,000
- 180,000
-
Your corporation is considering moving some operations
into the cloud.
Amy's manager is worried that the cloud provider being
considered might not meet the performance and quality
requirements of the project.
What should Amy suggest using to solve the problem?
- MOU
- BPA
- SLA
- ISA
-
Pat was required to attend mandatory security awareness
training before starting his new job, to learn about protecting
highly sensitive corporate secrets and customer data.
This is part of the
stage.
- NDA
- OPSEC
- Non-compete
- On-boarding
- Off-boarding
-
Tony, a new auditor at the company, has been evaluating
security and conducting interviews.
He has discovered that doorways into sensitive areas,
and applications accessing sensitive data,
are frequently accessed via widely known combinations
and shared accounts.
What desirable security attribute has been lost?
- Accountability
- Responsibility
- Deterrence
- Assurance
-
Top management at the company has written a COO policy stating
that no more than 4 hours of down-time is allowed for
web sales operations.
Holly is a web server system administrator,
and is responsible for meeting this corporate policy.
Which statistic or requirement does this 4 hour figure
refer to?
- MAD
- RPO
- RTO
- MTTR
-
Min, a system engineer with the storage department, has
been tasked with planning the creation of a DRP that will
lead to implementing clustering and RAID.
What should be her first step?
- BIA
- Risk analysis
- Vulnerability assessment
- Penetration testing
- Service discovery
-
Management has set a policy specifying the acceptable
amount of data loss, which will be used to design
the backup process.
Which of these has been defined?
- RTO
- RPO
- RAD
- MAD
- MOU
-
The company's software development, customer service,
and order processing
operations are based at three separate facilities.
Top management has determined that if there were a
massive outage at the sales site, the customer service
facility would best be able to assist sales operations.
Which of these are they advocating?
- Tabletop exercises
- Walk-through exercises
- Failover
- Alternate business practices
- Redundancy
-
Brian, manager of the IT department, periodically moves
help desk staff from one support category to another.
Which security goal will this achieve?
- Fraud detection
- Fraud prevention
- Fraud analysis
- Fraud mitigation
-
Gene works with patch management for production systems.
Jane, his supervisor, has directed him to deploy a major
upgrade to the database server by the end of the week.
Gene wants to be able to implement the upgrade,
verify its functionality and performance, and then,
if needed, roll back.
How should he proceed?
- Deploy the upgrade, create a snapshot, and monitor the upgraded system.
- Create a snapshot, deploy the upgrade, and monitor the upgraded system.
- Copy the server's registry, deploy the upgrade, and monitor the upgraded system.
- Create an ephemeral snapshot, upgrade it, and if functionality and performance are adequate, apply those updates to the production system.
-
Beth, a system administrator, is training Jerry, a new
data maintenance technician, in how to restore backup
data into production use.
Which of the following should they be using?
- Recovery playbook
- Order of restoration
- Order of volatility
- Snapshot guidance
-
Natalie is a security auditor for a financial institution.
They are considering moving some of their operations overseas,
where they could pay lower wages and thereby increase profits.
What security concern should Natalie point out?
- Interoperability problems due to language and character set differences
- Portability of data
- Use of unauthorized apps
- Regulatory compliance
- Higher risk of DDoS
-
Many unexplained payments have been sent to a mysterious vendor.
The current model is:
- Add new vendor: Clerk
- Approve new vendor: Clerk
- Pay vendor: Clerk
- Approve payment: Manager
- Add new vendor: Manager
- Approve new vendor: Clerk
- Pay vendor: Clerk
- Approve payment: Manager
- Add new vendor: Clerk
- Approve new vendor: Manager
- Pay vendor: Clerk
- Approve payment: Clerk
- Add new vendor: Clerk
- Approve new vendor: Manager
- Pay vendor: Clerk
- Approve payment: Manager
- Add new vendor: Clerk
- Approve new vendor: Manager
- Pay vendor: Manager
- Approve payment: Manager
-
Terri is a database administrator in the billing department.
Her boss, James, has asked her to estimate the number
of security lapses and their cost over the coming year.
Which of these should she calculate?
- MTBF
- SLE
- ARO
- ALE
- EF
-
Harvey, the director of the Billing Department, worries that
one of his employees has found a covert way of committing
fraud.
He wants to find out if this is true or not, before any
fraud gets out of hand and he gets fired or the company
fails.
What should he implement?
- Least privilege
- Job rotation
- Mandatory vacation
- Separation of duties
-
Omar is a database administrator in the online
sales department.
The operating system, shared libraries, and applications
all need patching and reconfiguration.
Omar worries about unalterable modifications causing
data loss or corruption, or leading to a loss of functionality,
all of which would mean lost revenue.
What does he need?
- Back-out plans
- Offsite backups
- Live failover
- After-action analysis
-
Your company is being targeted by numerous
spearphishing attempts.
Which defense do you recommend?
- Security awareness training
- Pop-up blocker
- Spam filter
- Mail application-layer firewall
- Network intrusion prevention system
-
Kate is a network engineer at a company that is starting
a collaboration with another corporation.
What document should Kate consult to set up VPN connectivity?
- BPA
- SLA
- MOU
- ISA
-
Dale is the manager of the software development group.
She has directed her programmers to make a backup of their
code and test data at the end of every day,
locking the media in a desk drawer,
and making sure to lock their office door.
What is the greatest concern?
- Data remanence
- Off-site backups
- Data sovereignty
- Privacy protection
Passing = 82% of 22 = 18.0
Goal = 91% of 22 = 20.0