CS4451 Module 13

A company has been involved in a three-month project to ensure they do not suffer downtime due to threats that could hamper their operations. They are now ready to test some of the elements in the project. Which of the following most likely represents what the company is doing?

They are in the process of developing a BCP.

Three members of a larger task force at an enterprise are responsible for ensuring a variety of technologies, diverse vendors, and encryption capabilities are part of the company's networking infrastructure. Which of the following is most likely to be a true statement regarding their activities?

This is part of a plan to ensure their operations are not disrupted if a major disaster occurs.

Which of the following events could hamper a mission-essential function? Select two.

The reservation system for an airline is affected by ransomware.
A cyberattack on a SCADA system shuts down a water treatment plant

A data center suffered damage due to a natural disaster. The IT staff is in the process of restoring service, but they need to follow a specific series of steps due to critical dependencies. The content of which document are they most likely to follow?

DRP

In the process of responding to a security event, Fram identifies the cause of the event and temporarily disconnects the system that may be causing damage from the network. What action did Fram take in terms of response?

Eradication

An organization suffers what appears to be a security breach. However, upon further analysis, they quickly determine it is not a significant event and no further action is taken. Which of the following most likely allowed them to make this determination?

The definitions spelled out in the incident response plan.

Givon, a skilled technician with extensive knowledge of a company's network, is reviewing a recovery procedure in detail. What is the most likely reason why Givon is doing this? Select two.

He is walking through a testing exercise to confirm there are no omissions or gaps.
He is walking through a testing exercise to see if there are any errors or false assumptions.

A company has a central office and two satellite branches. The security team simultaneously renders the DNS servers at the three satellite sites inoperable. The goal is to test how effective the same incident response will be at the branch sites. Which term best describes this exercise?

Parallel processing

An organization is researching a series of documents that spell out the process that should be used to define policies and procedures that relate to security. What is the organization most likely trying to accomplish?

They want to adopt a security framework.

A series of security students are analyzing entries in a knowledge base of attacker techniques used against systems. They would like to replicate some of the attacks, but the database makes no reference to the tools used during the attacks. Which of the following statements is most likely to be true?

The database focuses on how attackers interact with systems and not on attack tools.

Which of the following are true statements regarding the MITRE ATT&CK and the Diamond Model of Intrusion Analysis frameworks? Select two.

Victims and capabilities are elements associated with the Diamond Model of Intrusion Analysis.
The Diamond Model of Intrusion Analysis uses a variety of interconnected elements

An attacker is trying to break into a network by following the typical process threat actors engage. Which of the following should be disrupted to help minimize the impact of the breach?

Weaponization

A software tester is using a system in a computer lab. The computer lab has internet access but is not connected to the corporate network. The tester clicks on a link in an email that renders the computer inoperable. The tester then sits idle for 30 minutes waiting for the IT staff to replace the computer. What preventive measure should have been put in place?

None, computers can be quickly replaced.

A company is in the process of transitioning from having physical on-premises servers to the cloud.A particular database server is clustered and has both a public cluster connection and a private cluster connection. Which of the following best explains these connections?

The private connection allows the servers in a cluster to communicate with each other.

A storage company sells large data storage systems each containing thousands of SSDs. They calculated the MTBF rating of the SSDs to be about 2 million hours. What does this mean?

It means 10,000 SSDs running for 1000 hours can expect to see about 5 failures.

A company uses a RAID configuration such that only 50 percent of the raw capacity can be used for storage. They want to transition to a different type of RAID level to increase the percentage of usable storage to be greater than 50 percent. What is the current RAID level and what is the desired RAID level?

From RAID 1 to RAID 5

An organization analyzes flight data collected for a small commercial airline. They want to ensure the data is available in at least two locations simultaneously for reasons that include backup availability. Which of the following best describes what they should use?

SAN

Which of the following network hardware components cannot be duplicated to provide redundancy?

NIC
Switch
Router
Correct Answer (None of these)

A company decides to use an online UPS instead of an offline UPS for a particular set of systems. Although they both essentially perform the same fundamental function, why would they opt to use an online UPS?

The online UPS protects from spikes.

An organization stores all their data with a cloud provider that uses zones to help protect against disasters. What type of redundancy does the cloud provider most closely mimic as far as the company's data is concerned?

Hot site

A small business has decided to use the services of a small and recently established cloud provider. Unfortunately, the cloud provider suffers a severe breach that corrupts their data. If you had been hired as a consultant beforehand, which of the following recommendations would you have made?

Spread cloud computing across multiple cloud providers

An agency has an RPO of two hours and an RTO of 30 minutes. The agency suffers a disaster and starts restoring data at noon. By what time can the agency expect to be up and running?

12:30 p.m.

Which of the following are true statements regarding backups and replication? Select two.

Backups require fewer financial resources than replication.
Restoring data from a backup takes longer than restoring data when using replication.

An individual stores all passwords in cleartext format in the notes area of a free online email system and in a piece of paper in their wallet. They also use a weak password to access their email. The individual loses their wallet at a theme park, and a system at work ends up being compromised as a result. An RCA is likely to yield which of the following at the top of the list?

The individual stored passwords on a piece of paper.

A team of security analysts are reviewing log files. In their investigation, they identify incoming and outgoing connections, as well as traffic that was allowed and traffic that was blocked. What type of log was most likely being analyzed?

Firewall logs

Zabrina is the team leader for the group responsible for managing logs when a security incident occurs. They have a relatively small budget so a significant portion of their activity lacks automation. Which of the following is most likely to represent the most significant challenge?

Combining logs generated using different formats.

A security team is looking for a solution capable of consolidating real-time security monitoring along with analysis of security events. Which of the following is most likely to meet their requirements?

SIEM

A judge sternly warns a prosecutor and a defense attorney, both of whom are suspected of being a bit deviant, to not violate the e-discovery protocols that have been established. What message is the judge most likely trying to convey to the attorneys?

To ensure incriminating or exonerating electronic documents are not intentionally suppressed.

A tech-savvy banker is suspected of money laundering using an unauthorized app. When the banker is called into the branch manager's office, the banker is immediately locked out of the office. A digital forensics incident response team goes into the office, documents the surroundings, and takes custody of the computer as well as other devices. What is the response team doing?

They are securing the scene.

A digital forensics incident response team seizes a series of computers. Which of the following, albeit not necessarily a complete list, represents the order in which the specified artifact should be preserved? Select two.

CPU, RAM, temporary files, hard drive, network topology, archival media
Registers, ARP cache, temporary files, hard drive, remote logging data, physical configuration