Pen used to do a practice exam.

Domain 5 Quiz

Domain 5 Quiz

  1. Your CEO has met with the CEO of another company, and they have agreed to work together to develop a new service. Authentication and identity management will be connected across the two organizations. Given the sensitivity of the development project, user authentication and authorization will use a centralized server running the best available trusted third-party service. Users will receive identity and service tokens from a unified authentication and authorization service, which requires that system clocks be synchronized across the organizations. Applications will be limited to those written with the API of that service. What do you need?
    1. BPA
    2. Federation
    3. Kerberos
    4. KDC
    5. NTP
    6. Kerberization
  2. Your hospital must protect the privacy of its patients and personnel regarding personal, health, and financial information. A variety of federal and state/provincial laws apply as regulatory requirements. Select a decision-guidance tool you could use to inventory, prioritize, and mitigate privacy issues in programs and systems.
    1. ROI
    2. PII
    3. PIA
    4. PHI
  3. Mandy is the director of the HR department. In order to cut costs, she has decided to select some good training material that everyone can benefit from, and send all personnel through the same risk management training. The HR department only needs to buy one set of material. If all events contain the same content, just one or a few personnel out of each department can attend a session, meaning that all groups can continue normal operations. But which security advantage has been lost?
    1. Role-based
    2. Risk-prioritized
    3. Agile-based
    4. Morale-boosting
  4. Jacqueline, a cybersecurity analyst at a major hospital, has been tasked with a quantitative risk analysis of data loss in the patient billing system. Initial analysis shows an EF of 0.5, an ARO of 3, and an ALE of 60,000. How much should the hospital expect to lose in a typical year?
    1. 20,000
    2. 30,000
    3. 60,000
    4. 180,000
  5. Your corporation is considering moving some operations into the cloud. Amy's manager is worried that the cloud provider being considered might not meet the performance and quality requirements of the project. What should Amy suggest using to solve the problem?
    1. MOU
    2. BPA
    3. SLA
    4. ISA
  6. Pat was required to attend mandatory security awareness training before starting his new job, to learn about protecting highly sensitive corporate secrets and customer data. This is part of the              stage.
    1. NDA
    2. OPSEC
    3. Non-compete
    4. On-boarding
    5. Off-boarding
  7. Tony, a new auditor at the company, has been evaluating security and conducting interviews. He has discovered that doorways into sensitive areas, and applications accessing sensitive data, are frequently accessed via widely known combinations and shared accounts. What desirable security attribute has been lost?
    1. Accountability
    2. Responsibility
    3. Deterrence
    4. Assurance
  8. Top management at the company has written a COO policy stating that no more than 4 hours of down-time is allowed for web sales operations. Holly is a web server system administrator, and is responsible for meeting this corporate policy. Which statistic or requirement does this 4 hour figure refer to?
    1. MAD
    2. RPO
    3. RTO
    4. MTTR
  9. Min, a system engineer with the storage department, has been tasked with planning the creation of a DRP that will lead to implementing clustering and RAID. What should be her first step?
    1. BIA
    2. Risk analysis
    3. Vulnerability assessment
    4. Penetration testing
    5. Service discovery
  10. Management has set a policy specifying the acceptable amount of data loss, which will be used to design the backup process. Which of these has been defined?
    1. RTO
    2. RPO
    3. RAD
    4. MAD
    5. MOU
  11. The company's software development, customer service, and order processing operations are based at three separate facilities. Top management has determined that if there were a massive outage at the sales site, the customer service facility would best be able to assist sales operations. Which of these are they advocating?
    1. Tabletop exercises
    2. Walk-through exercises
    3. Failover
    4. Alternate business practices
    5. Redundancy
  12. Brian, manager of the IT department, periodically moves help desk staff from one support category to another. Which security goal will this achieve?
    1. Fraud detection
    2. Fraud prevention
    3. Fraud analysis
    4. Fraud mitigation
  13. Gene works with patch management for production systems. Jane, his supervisor, has directed him to deploy a major upgrade to the database server by the end of the week. Gene wants to be able to implement the upgrade, verify its functionality and performance, and then, if needed, roll back. How should he proceed?
    1. Deploy the upgrade, create a snapshot, and monitor the upgraded system.
    2. Create a snapshot, deploy the upgrade, and monitor the upgraded system.
    3. Copy the server's registry, deploy the upgrade, and monitor the upgraded system.
    4. Create an ephemeral snapshot, upgrade it, and if functionality and performance are adequate, apply those updates to the production system.
    That is the only choice that makes a snapshot or backup to which you could roll back before making changes.
  14. Beth, a system administrator, is training Jerry, a new data maintenance technician, in how to restore backup data into production use. Which of the following should they be using?
    1. Recovery playbook
    2. Order of restoration
    3. Order of volatility
    4. Snapshot guidance
  15. Natalie is a security auditor for a financial institution. They are considering moving some of their operations overseas, where they could pay lower wages and thereby increase profits. What security concern should Natalie point out?
    1. Interoperability problems due to language and character set differences
    2. Portability of data
    3. Use of unauthorized apps
    4. Regulatory compliance
    5. Higher risk of DDoS
  16. Many unexplained payments have been sent to a mysterious vendor. The current model is:
    • Add new vendor: Clerk
    • Approve new vendor: Clerk
    • Pay vendor: Clerk
    • Approve payment: Manager
    What should it be?
      • Add new vendor: Manager
      • Approve new vendor: Clerk
      • Pay vendor: Clerk
      • Approve payment: Manager
      • Add new vendor: Clerk
      • Approve new vendor: Manager
      • Pay vendor: Clerk
      • Approve payment: Clerk
      • Add new vendor: Clerk
      • Approve new vendor: Manager
      • Pay vendor: Clerk
      • Approve payment: Manager
      • Add new vendor: Clerk
      • Approve new vendor: Manager
      • Pay vendor: Manager
      • Approve payment: Manager
  17. Terri is a database administrator in the billing department. Her boss, James, has asked her to estimate the number of security lapses and their cost over the coming year. Which of these should she calculate?
    1. MTBF
    2. SLE
    3. ARO
    4. ALE
    5. EF
  18. Harvey, the director of the Billing Department, worries that one of his employees has found a covert way of committing fraud. He wants to find out if this is true or not, before any fraud gets out of hand and he gets fired or the company fails. What should he implement?
    1. Least privilege
    2. Job rotation
    3. Mandatory vacation
    4. Separation of duties
  19. Omar is a database administrator in the online sales department. The operating system, shared libraries, and applications all need patching and reconfiguration. Omar worries about unalterable modifications causing data loss or corruption, or leading to a loss of functionality, all of which would mean lost revenue. What does he need?
    1. Back-out plans
    2. Offsite backups
    3. Live failover
    4. After-action analysis
  20. Your company is being targeted by numerous spearphishing attempts. Which defense do you recommend?
    1. Security awareness training
    2. Pop-up blocker
    3. Spam filter
    4. Mail application-layer firewall
    5. Network intrusion prevention system
  21. Kate is a network engineer at a company that is starting a collaboration with another corporation. What document should Kate consult to set up VPN connectivity?
    1. BPA
    2. SLA
    3. MOU
    4. ISA
  22. Dale is the manager of the software development group. She has directed her programmers to make a backup of their code and test data at the end of every day, locking the media in a desk drawer, and making sure to lock their office door. What is the greatest concern?
    1. Data remanence
    2. Off-site backups
    3. Data sovereignty
    4. Privacy protection

To the answers

To the Cybersecurity Page