Nadean H. Tanner

CASP+ Practice Tests


Скачать книгу

Which of these should you ensure happens after the incident?Avoid conflict of interest by hiring outside counselCreation of forensic images of all mission-critical servers Formal investigation performed by yourself without law enforcementIncident treated as though a crime had been committed

      70 Bob is the owner of a website that provides information to healthcare providers. He is concerned that the PHI data he is storing falls under the jurisdiction of HIPAA. How does he ensure that he removes the data correctly?By deleting the suspected PHI data on the driveBy degaussing the drives that hold suspected PHI dataBy determining how long to keep the healthcare data securely encrypted and then using a drive-wipe utilityBy adding SSDs to the web server and storing used drives in a physically secured location

      71 Your U.S.-based company manufactures children's clothing and is contemplating expanding their business into the European Union. You are concerned about regulation and compliance. What should your organization examine first?Payment Card IndustryGeneral Data Protection RegulationChildren's Online Privacy ProtectionFamily Educational Rights and Privacy Act

      72 A company outsourced payroll and is concerned about whether the right technical and legal agreements are in place. Data is viewed and stored by a third party, and an agreement needs to be set in place about that data. Which type of interoperability agreement can you use to make sure the data is encrypted while in transit and at rest?BPAMOUISANDA

      73 You decided to start a new consulting business. You began the risk analysis process and developed employee policies and researched and tested third-party security. What is the next riskiest problem for SOHO?Mobile devicesEmailTrainingGuidelines

      74 You need an agreement that lets your business implement a comprehensive risk allocation strategy and provides indemnification, the method that holds one party harmless against existing or future losses. What contract should you negotiate?Master service agreementBusiness impact agreement Interconnection security agreementMemorandum of understanding

      75 Which of the following security programs is designed to provide employees with the knowledge they need to fulfill their job requirements and protect the organization?AwarenessTrainingIndoctrinationDevelopment

      76 You have a well-configured firewall and IDS. Which of the following can BEST steal intellectual property or trade secrets because there is no system auditing?HacktivistAuditorsMalwareEmployees

      77 Bob needs your professional opinion on encryption capabilities. You explained to him that cryptography supports all the core principles of information security with an exception. What is that exception?AuthenticityIntegrityConfidentialityAvailability

      78 Alice discovered a meterpreter shell running a keylogger on the CFO's laptop. What security tenet is the keylogger mostly likely to break?AvailabilityThreatsIntegrityConfidentiality

      79 You were hired for a role in healthcare as a system architect. You need to factor in CIA requirements for a new SAN. Which of the following CIA requirements is best for multipathing?ConfidentialityThreatIntegrityAvailability

      80 As a technical project manager on a VoIP/teleconference project, the customer shared their requirements with your department. Availability must be at least five nines (99.999 percent), and all devices must support collaboration. Which controls are the BEST to apply to this ecosystem?All images must be standardized and double redundant.Security policies of network access controls and high-speed processing.RAID 0 and hot sites.Enforced security policies, standard images/configurations, and backup on all storage devices.

      81 A software startup hired you to provide expertise on data security. Clients are concerned about confidentiality. If confidentiality is stressed more than availability and integrity, which of the following scenarios is BEST suited for the client?Virtual servers in a highly available environment. Clients will use redundant virtual storage and terminal services to access software.Virtual servers in a highly available environment. Clients will use single virtual storage and terminal services to access software.Clients are assigned virtual hosts running on shared hardware. Physical storage is partitioned with block cipher encryption.Clients are assigned virtual hosts running shared hardware. Virtual storage is partitioned with streaming cipher encryption.

      82 Your company is considering adding a new host to a computer cluster. The cluster will be connected to a single storage solution. What are you most likely trying to accomplish?AvailabilityProvisioningIntegrityConfidentiality

      83 You work as a security analyst for a healthcare organization. A small legacy cluster of computers was acquired from a small hospital clinic. All virtual machines use the same NIC to connect to the network. Some of these machines have patient data, while others have financial data. One of these VMs is hosting an externally facing web application. What is the biggest problem you see with this scenario?ConfidentialityThreatsIntegrityUtilization

      84 You are a security administrator for a network that uses Fibre Channel over Ethernet (FCoE). The network administrator would like to access raw data from the storage array and restore it to yet another host. Which of the following might be an issue for availability?The new host might not be compatible with FCoE.The data may not be in a usable format. The process could cause bottlenecks.Deduplication will cause errors in the data.

      85 A senior security architect for a hospital is creating a hardened version of the newest GUI OS. The testing will focus on the CIA triad as well as on compliance and reporting. Which of these is the BEST life cycle for the architect to deploy in the final image?Employing proper disposal protocols for existing equipment and ensuring compliance with corporate data retention policiesUpdating whole disk encryption and testing operational modelsEmploying interoperability, integrity of the data at rest, network availability, and compliance with all government regulationsCreating a plan to decommission the existing OS infrastructure, implementing test and operational procedures for the new components in advance, and ensuring compliance with applicable regulations

      86 As a network administrator, you are asked to connect a server to a storage-attached network. If availability and access control are the most important, which of the following fulfills the requirements?Installing a NIC in the server, enabling deduplicationInstalling a NIC in the server, disabling deduplicationInstalling an HBA in the server, creating a LUN on the SANInstalling a clustered HBA in the server, creating two LUNS on a NAS

      87 One of the requirements for a new device you're adding to the network is an availability of 99.9 percent. According to the vendor, the newly acquired device has been rated with an MTBF of 20,000 hours and an MTTR of 3 hours. What is the most accurate statement?The device will meet availability because it will be at 99.985 percent.The device will not meet availability because it will be at 99.89 percent.The device will not meet availability because it will be at 99.85 percent.The device will meet availability because it will be at 99.958 percent.

      88 Good data management includes which of the following?Data quality procedures, verification and validation, adherence to agreed-upon data management, and an ongoing data audit to monitor the use and the integrity of existing dataCost, due care and due diligence, privacy, liability, and existing lawDetermining the impact the information has on the mission of the organization, understanding the cost of information, and determining who in the organization or outside of it has a need for the informationEnsuring the longevity of data and their reuse for multiple purposes, facilitating the interoperability of datasets, and increasing data sharing

      89 Which of the following confidentiality security models ensures that a subject with clearance level of Secret can write only to objects classified as Secret or Top Secret?BibaClark–WilsonBrewer–NashBell–LaPadula

      90 Your organization needs a security model for integrity where the subject cannot send messages to objects of higher integrity. Which of the following is unique to the Biba model and will accommodate that need?SimpleStarInvocationStrong

      91 You had an incident and need to verify that chain of custody, due diligence, and processes were followed. You are told to verify the forensic bit stream. What will you do?Employ encryption.Instigate containment.Compare hashes.Begin documentation.

      92 As a new CISO, you are evaluating controls for availability. Which set of controls should you choose?RAID 1, classification of data, and load balancingDigital signatures, encryption, and hashesSteganography, ACL, and vulnerability managementChecksum,