Security + 501 Chapter 5 Risk Management Exam with questions and correct answers 2024/2027
4 views 0 purchase
Course
Security + 501 Chapter 5 Risk Management
Institution
Security + 501 Chapter 5 Risk Management
Security + 501 Chapter 5 Risk Management Exam with questions and correct answers 2024/2027
.1. You are a manager of a bank and you suspect one of your tellers has stolen money from
their station. After talking with your supervisor, you place the employee on leave with
pay, suspend their comput...
Security + 501 Chapter 5 Risk Management Exam
with questions and correct answers 2024/2027
.1. You are a manager of a bank and you suspect one of your tellers has stolen money from
their station. After talking with your supervisor, you place the employee on leave with
pay, suspend their computer account, and obtain their proximity card and keys to the
building. Which of the following policies did you follow?
A. Mandatory vacations
B. Exit interviews
C. Adverse actions
D. Onboarding - ANSWER-C. Adverse actions are administrative actions that are placed against employees.
These
actions include letters of reprimand, leave with or without pay, or termination. Along with
these actions the policy should include actions such as disabling user accounts and revoking
privileges, such as access to facilities to prevent data from being compromised. When
an employee has been placed with administrative actions, the company shouldn't worry
about vindictive actions they will take against the company.
.2. Which of the following principles stipulates that multiple changes to a computer system
should not be made at the same time?
A. Due diligence
B. Acceptable use
C. Change management
D. Due care - ANSWER-C. Change management is the process of documenting all changes made to a company's
network and computers. Avoiding making changes at the same time makes tracking any
problems that can occur much simpler
,.3. Why are penetration test often not advised?
A. It can be disruptive for the business activities.
B. It is able to measure and authenticate the efficiency of a company's defensive
mechanisms.
C. It's able to find both known and unknown hardware or software weaknesses.
D. It permits the exploration of real risks and gives a precise depiction of a company's IT
infrastructure security posture at any given time. - ANSWER-A. The main reason to avoid penetration tests is
answer A. It's advised to perform vulnerability
test often rather than penetration tests. Pentests can cause disruption to businesses.
This is the main focus of the question.
.4. You are a security engineer and discovered an employee using the company's computer
systems to operate their small business. The employee installed their personal software
on the company's computer and is using the computer hardware, such as the USB port.
What policy would you recommend the company implement to prevent any risk of the
company's data and network being compromised?
A. Acceptable use policy
B. Clean desk policy
C. Mandatory vacation policy
D. Job rotation policy - ANSWER-A. Acceptable use policy is a document stating what a user may or may not
have access to
on a company's network or the Internet
.5. What should be done to back up tapes that are stored off-site?
A. Generate a file hash for each backup file.
B. Scan the backup data for viruses.
,C. Perform a chain of custody on the backup tape.
D. Encrypt the backup data. - ANSWER-D. Encrypting the backup data before storing it off-site ensures data
confidentiality
.6. Which recovery site is the easiest to test?
A. Warm site
B. Cold siteC. Hot site
D. Medium site - ANSWER-C. A hot site contains all of the alternate computer and telecommunication
equipment
needed in a disaster. Testing this environment is simple.
.7. Katelyn is a network technician for a manufacturing company. She is testing a network
forensic capturing software and plugs her laptop into an Ethernet switch port and
begins capturing network traffic. Later she begins to analyze the data and notices some
broadcast and multicast packets, as well as her own laptop's network traffic. Which of
the following statements best describes why Katelyn was unable to capture all network
traffic on the switch?
A. Each port on the switch is an isolated broadcast domain.
B. Each port on the switch is an isolated collision domain.
C. Promiscuous mode must be enabled on the NIC.
D. Promiscuous mode must be disabled on the NIC. - ANSWER-B. Switches forwards data only to the devices
that need to receive it, so when capturing
network traffic the computer will see only broadcast and multicast packets along with
traffic being sent and received to the connected computer.
.8. Which of the following is not a step of the incident response process?
A. Snapshot
B. Preparation
, C. Recovery
D. Containment - ANSWER-A. A snapshot is the state of a system at a particular point in time. It's also known as
a
system image and is not a step in the incident response process.
.9. Which of the following is another term for technical controls?
A. Access controls
B. Logical controls
C. Detective controls
D. Preventive controls - ANSWER-B. Technical controls are used to restrict data access and operating system
components,
security applications, network devices, and encryption techniques. Logical controls use
authentication mechanisms.
.10. You are a security manager for your company and need to reduce the risk of employees
working in collusion to embezzle funds. Which of the following policies would you
implement?
A. Mandatory vacations
B. Clean desk
C. NDA
D. Continuing education - ANSWER-A. Companies will use mandatory vacations policies to detect fraud by
having a second
person, familiar with the duties, help discover any illicit activities.
.11. You are a security administrator, and your manager has asked you about protecting
the privacy of personally identifiable information (PII) that is collected. Which of the
following would be the best option to fulfill the request?
A. PIA
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller stuviaunmatched. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.99. You're not tied to anything after your purchase.
