Domain 5 Quiz

Mandy is the director of the HR department. In order to cut costs, she has decided to select some good training material that everyone can benefit from, and send all personnel through the same risk management training. The HR department only needs to buy one set of material. If all events contain the same content, just one or a few personnel out of each department can attend a session, meaning that all groups can continue normal operations. But which security advantage has been lost?
1. Role-based
2. Risk-prioritized
3. Agile-based
4. Morale-boosting
Jacqueline, a cybersecurity analyst at a major hospital, has been tasked with a quantitative risk analysis of data loss in the patient billing system. Initial measurements show an EF of 0.5, an ARO of 3, and an ALE of 60,000. How much should the hospital expect to lose in a typical year?
1. 20,000
2. 30,000
3. 60,000
4. 180,000
Your corporation is considering moving some operations into the cloud. Amy's manager is worried that the cloud provider being considered might not meet the performance and quality requirements of the project. What should Amy suggest using to solve the problem?
1. MOU
2. BPA
3. SLA
4. ROI
Pat was required to attend mandatory security awareness training before starting his new job, to learn about protecting highly sensitive corporate secrets and customer data. This is part of the stage.
1. NDA
2. OPSEC
3. Non-compete
4. On-boarding
5. Off-boarding
Tony, a new auditor at the company, has been evaluating security and conducting interviews. He has discovered that doorways into sensitive areas, and applications accessing sensitive data, are frequently accessed via widely known combinations and shared accounts. What desirable security attribute has been lost?
1. Accountability
2. Responsibility
3. Deterrence
4. Assurance
Top management at the company has written a COO policy stating that no more than 4 hours of down-time is allowed for web sales operations. Holly is a web server system administrator, and is responsible for meeting this corporate policy. Which statistic or requirement does this 4 hour figure refer to?
1. MAD
2. RPO
3. RTO
4. MTTR
Min, a system engineer with the storage department, has been tasked with planning the creation of a DRP that will lead to implementing clustering and RAID. What should be her first step?
1. BIA
2. Risk analysis
3. Vulnerability assessment
4. Penetration testing
5. Service discovery
Management has set a policy specifying the acceptable amount of data loss, which will be used to design the backup process. Which of these has been defined?
1. RTO
2. RPO
3. RAD
4. MAD
5. MOU
The company's software development, customer service, and order processing operations are based at three separate facilities. Top management has determined that if there were a massive outage at the sales site, the customer service facility would best be able to assist sales operations. Which of these are they advocating?
1. Tabletop exercises
2. Walk-through exercises
3. Failover
4. Alternate business practices
5. Redundancy
Brian, manager of the IT department, periodically moves help desk staff from one support category to another. Which security goal will this achieve?
1. Fraud detection
2. Fraud prevention
3. Fraud analysis
4. Fraud mitigation
Gene works with patch management for production systems. Jane, his supervisor, has directed him to deploy a major upgrade to the database server by the end of the week. Gene wants to be able to implement the upgrade, verify its functionality and performance, and then, if needed, roll back. How should he proceed?
1. Deploy the upgrade, create a snapshot, and monitor the upgraded system.
2. Create a snapshot, deploy the upgrade, and monitor the upgraded system.
3. Copy the server's registry, deploy the upgrade, and monitor the upgraded system.
4. Create an ephemeral snapshot, upgrade it, and if functionality and performance are adequate, apply those updates to the production system.
Natalie is a security auditor for a financial institution. They are considering moving some of their operations overseas, where they could pay lower wages and thereby increase profits. What security concern should Natalie point out?
1. Interoperability problems due to language and character set differences
2. Portability of data
3. Use of unauthorized apps
4. Regulatory compliance
5. Higher risk of DDoS
Many unexplained payments have been sent to a mysterious vendor. The current model is:
- Add new vendor: Clerk
- Approve new vendor: Clerk
- Pay vendor: Clerk
- Approve payment: Manager
What should it be?
1. - Add new vendor: Manager
  - Approve new vendor: Clerk
  - Pay vendor: Clerk
  - Approve payment: Manager
2. - Add new vendor: Clerk
  - Approve new vendor: Manager
  - Pay vendor: Clerk
  - Approve payment: Clerk
3. - Add new vendor: Clerk
  - Approve new vendor: Manager
  - Pay vendor: Clerk
  - Approve payment: Manager
4. - Add new vendor: Clerk
  - Approve new vendor: Manager
  - Pay vendor: Manager
  - Approve payment: Manager
Terri is a database administrator in the billing department. Her boss, James, has asked her to estimate the number of security lapses and their cost over the coming year. Which of these should she calculate?
1. MTBF
2. SLE
3. ARO
4. ALE
5. EF
Harvey, the director of the Billing Department, worries that one of his employees has found a covert way of committing fraud. He wants to find out if this is true or not, before any fraud gets out of hand and he gets fired or the company fails. What should he implement?
1. Least privilege
2. Job rotation
3. Mandatory vacation
4. Separation of duties
Kate is a network engineer at a company that is starting a collaboration with another corporation. What document should Kate consult to set up VPN connectivity?
1. BPA
2. SLA
3. MOU
4. ISA

To the answers

Passing = 82% of 16 = 13.1

Goal = 91% of 16 = 14.6

To the Cybersecurity Page