You are a manager of a bank and you suspect one of your tellers has stolen money from their station. After talking with your supervisor, you place the employee on leave with pay, suspend their computer account, and obtain their proximity card and keys to the building. Which of the following policies did you follow?

1. Mandatory vacations
2. Exit interviews
3. Adverse actions
4. Onboarding

Which of the following principles stipulates that multiple changes to a computer system should not be made at the same time?

1. Due diligence
2. Acceptable use
3. Change management
4. Due care

Why are penetration test often not advised?

1. It can be disruptive for the business activities.
2. It is able to measure and authenticate the efficiency of a company’s defensive mechanisms.
3. It’s able to find both known and unknown hardware or software weaknesses.
4. It permits the exploration of real risks and gives a precise depiction of a company’s IT infrastructure security posture at any given time.

You are a security engineer and discovered an employee using the company’s computer systems to operate their small business. The employee installed their personal software on the company’s computer and is using the computer hardware, such as the USB port. What policy would you recommend the company implement to prevent any risk of the company’s data and network being compromised?

1. Acceptable use policy
2. Clean desk policy
3. Mandatory vacation policy
4. Job rotation policy

What should be done to back up tapes that are stored off-site?

1. Generate a file hash for each backup file.
2. Scan the backup data for viruses.
3. Perform a chain of custody on the backup tape.
4. Encrypt the backup data.

Which recovery site is the easiest to test?

1. Warm site
2. Cold site
3. Hot site
4. Medium site

Katelyn is a network technician for a manufacturing company. She is testing a network forensic capturing software and plugs her laptop into an Ethernet switch port and begins capturing network traffic. Later she begins to analyze the data and notices some broadcast and multicast packets, as well as her own laptop’s network traffic. Which of the following statements best describes why Katelyn was unable to capture all network traffic on the switch?

1. Each port on the switch is an isolated broadcast domain.
2. Each port on the switch is an isolated collision domain.
3. Promiscuous mode must be enabled on the NIC.
4. Promiscuous mode must be disabled on the NIC.

Which of the following is not a step of the incident response process?

1. Snapshot
2. Preparation
3. Recovery
4. Containment

Which of the following is another term for technical controls?

1. Access controls
2. Logical controls
3. Detective controls
4. Preventive controls

You are a security manager for your company and need to reduce the risk of employees working in collusion to embezzle funds. Which of the following policies would you implement?

1. Mandatory vacations
2. Clean desk
3. NDA
4. Continuing education

You are a security administrator, and your manager has asked you about protecting the privacy of personally identifiable information (PII) that is collected. Which of the following would be the best option to fulfill the request?

1. PIA
2. BIA
3. RTO
4. SPF

Which of the following plans best identifies critical systems and components to ensure the assets are protected?

1. DRP
2. BCP
3. IT contingency plan
4. Succession plan

After your company implemented a clean desk policy, you have been asked to secure physical documents every night. Which of the following would be the best solution?

1. Department door lock
2. Locking cabinets and drawers
3. Proximity card
4. Onboarding

Your manager has instructed the team to test certain systems based on the business continuity plan to ensure they are operating properly. The manager wants to ensure there are no overlaps in the plan before implementing the test. Which continuity of operation planning concept is your manager referring to?

1. After-action report
2. Failover
3. Eradication
4. Tabletop exercise

Which of the following is an example of PHI?

1. Passport number
2. Criminal record
3. Fingerprints
4. Name of school attended

Which of the following techniques attempts to predict the likelihood a threat will occur and assigns monetary values should a loss occur?

1. Change management
2. Vulnerability assessment
3. Qualitative risk assessment
4. Quantitative risk assessment

Your competitors are offering a new service that is predicted to sell strong. After much careful research, your company has decided not to launch a competing service due to the uncertainty of the market and the enormous investment required. Which of the following best describes the company’s decision?

1. Risk transfer
2. Risk avoidance
3. Risk acceptance
4. Risk mitigation

Which of the following agreements is less formal than a traditional contract but still has a certain level of importance to all parties involved?

1. SLA
2. BPA
3. ISA
4. MOU

Your company is considering moving its mail server to a hosting company. This will help reduce hardware and server administrator costs at the local site. Which of the following documents would formally state the reliability and recourse if the reliability is not met?

1. MOU
2. SLA
3. ISA
4. BPA

You have an asset that is valued at $16,000, the exposure factor of a risk affecting that asset is 35%, and the annualized rate of occurrence if 75%. What is the SLE?

1. $5,600
2. $5,000
3. $4,200
4. $3,000

During a meeting, you present management with a list of access controls used on your network. Which of the following controls is an example of a corrective control?

1. IDS
2. Audit logs
3. Antivirus software
4. Router

You are the new security administrator and have discovered your company lacks deterrent controls. Which of the following would you install that satisfies your needs? (Choose two.)

1. Lighting
2. Motion sensor
3. No trespassing signs
4. Antivirus scanner

Your company’s security policy includes system testing and security awareness training guidelines. Which of the following control types is this?

1. Detective technical control
2. Preventive technical control
3. Detective administrative control
4. Preventive administrative control

Which step of the incident response process occurs after containment?

1. Preparation
2. Recovery
3. Identification
4. Eradication

You are a security administrator for your company and you identify a security risk. You decide to continue with the current security plan. However, you develop a contingency plan in case the security risk occurs. Which of the following type of risk response technique are you demonstrating?

1. Accept
2. Transfer
3. Avoid
4. Mitigate

Which of the following best visually shows the state of a computer at the time it was collected by law enforcement?

1. Screenshots
2. Identification
3. Tabletop exercise
4. Generate hash values

You are asked to protect the company’s data should a complete disaster occur. Which action would be the best option for this request?

1. Back up all data to tape, and store those tapes at an alternate location within the city.
2. Back up all data to tape, and store those tapes at an alternate location in another city.
3. Back up all data to disk, and store the disk in a safe in the company’s basement.
4. Back up all data to disk, and store the disk in a safe at the network administrator’s home.

Which of the following would not be a purpose of a privacy threshold analysis?

1. Identify programs and systems that are privacy-sensitive.
2. Demonstrate the inclusion of privacy considerations during the review of a program or system.
3. Identify systems that are considered a single point of failure.
4. Demonstrate compliance with privacy laws and regulations.

You have purchased new laptops for your salespeople. You plan to dispose of the hard drives of the former laptops as part of a company computer sale. Which of the following methods would you use to properly dispose of the hard drives?

1. Destruction
2. Shredding
3. Purging
4. Formatting

You are the head of the IT department of a school and are looking for a way to promote safe and responsible use of the Internet for students. With the help of the teachers, you develop a document for students to sign that describes methods of accessing the Internet on the school’s network. Which of the following best describes this document?

1. Service level agreement
2. Acceptable use policy
3. Incident response plan
4. Chain of custody

You are the security administrator and have discovered a malware incident. Which of the following responses should you do first?

1. Recovery
2. Eradication
3. Containment
4. Identification

You are an IT administrator for a company and you are adding new employees to an organization’s identity and access management system. Which of the following best describes the process you are performing?

1. Onboarding
2. Offboarding
3. Adverse action
4. Job rotation

Your company is partnering with another company and requires systems to be shared. Which of the following agreements would outline how the shared systems should be interfaced?

1. BPA
2. MOU
3. SLA
4. ISA

Mark is an office manager at a local bank branch. He wants to ensure customer information isn’t compromised when the deskside employees are away from their desks for the day. What security concept would Mark use to mitigate this concern?

1. Clean desk
2. Background checks
3. Continuing education
4. Job rotation

You are a security administrator and advise the web development team to include a CAPTCHA on the web page where users register for an account. Which of the following controls is this referring to?

1. Deterrent
2. Detective
3. Compensating
4. Degaussing

Which of the following is not a common security policy type?

1. Acceptable use policy
2. Social media policy
3. Password policy
4. Parking policy

As the IT security officer, you are configuring data label options for your company’s research and development file server. Regular users can label documents as contractor, public, or internal. Which label should be assigned to company trade secrets?

1. High
2. Top secret
3. Proprietary
4. Low

Users are currently accessing their personal email through company computers, so you and your IT team have created a security policy for email use. What is the next step after creating and approving the email use policy?

1. Encrypt all user email messages.
2. Provide security user awareness training.
3. Provide every employee with their own device to access their personal email.
4. Forward all personal emails to their company email account.

Which of the following is not a physical security control?

1. Motion detector
2. Fence
3. Antivirus software
4. CCTV

Which of the following might you find in a DRP?

1. Single point of failure
2. Prioritized list of critical computer systems
3. Exposure factor
4. Asset value

Your security manager wants to decide which risks to mitigate based on cost. What is this an example of?

1. Quantitative risk assessment
2. Qualitative risk assessment
3. Business impact analysis
4. Threat assessment

Your company has outsourced its proprietary processes to Acme Corporation. Due to technical issues, Acme Corporation wants to include a third-party vendor to help resolve the technical issues. Which of the following must Acme Corporation consider before sending data to the third party?

1. This data should be encrypted before it is sent to the third-party vendor.
2. This may constitute unauthorized data sharing.
3. This may violate the privileged user role-based awareness training.
4. This may violate a nondisclosure agreement.

Zack is a security administrator who has been given permission to run a vulnerability scan on the company’s wireless network infrastructure. The results show TCP ports 21 and 23 open on most hosts. What port numbers do these refer to? (Choose two.)

1. FTP
2. SMTP
3. Telnet
4. DNS

Which of the following backup concepts is the quickest backup but slowest restore?

1. Incremental
2. Differential
3. Full
4. Snapshots

Which of the following operations should you undertake to avoid mishandling of tapes, removal drives, CDs, and DVDs?

1. Degaussing
2. Acceptable use
3. Data labeling
4. Wiping

Which of the following can be classified as a single point of failure?

1. Failover
2. A cluster
3. Load balancing
4. A configuration

Which of the following are considered detective controls?

1. Closed-circuit television (CCTV)
2. Guard
3. Firewall
4. IPS

Your CIO wants to move the company’s large sets of sensitive data to an SaaS cloud provider to limit the storage and infrastructure costs. Both the cloud provider and the company are required to have a clear understanding of the security controls that will be applied to protect the sensitive data. What type of agreement would the SaaS cloud provider and your company initiate?

1. MOU
2. BPA
3. SLA
4. ISA

Which of the following is typically included in a BPA?

1. Clear statements detailing the expectation between a customer and a service provider
2. The agreement that a specific function or service will be delivered at the agreed-upon level of performance
3. Sharing of profits and losses and the addition or removal of a partner
4. Security requirements associated with interconnecting IT systems

Your team powered off the SQL database server for over 7 hours to perform a test. Which of the following is the most likely reason for this?

1. Business impact analysis
2. Succession plan
3. Continuity of operations plan
4. Service level agreement

Which of the following role-based positions should receive training on how to manage a particular system?

1. Users
2. Privileged users
3. Executive users
4. System owners

You maintain a network of 150 computers and must determine which hosts are secure and which are not. Which of the following tools would best meet your need?

1. Vulnerability scanner
2. Protocol analyzer
3. Port scanner
4. Password cracker

You have been instructed to introduce an affected system back into the company’s environment and be sure that it will not lead to another incident. You test, monitor, and validate that the system is not being compromised by any other means. Which of the incident response processes have you completed?

1. Lessons learned
2. Preparation
3. Recovery
4. Containment

You discover that an investigator made a few mistakes during a recent forensic investigation. You want to ensure the investigator follows the appropriate process for the collection, analysis, and preservation of evidence. Which of the following terms should you use for this process?

1. Incident handling
2. Legal hold
3. Order of volatility
4. Chain of custody

You receive a call from the help desk manager stating that there has been an increase in calls from users reporting their computers are infected with malware. Which of the following incident response steps should be completed first?

1. Containment
2. Eradication
3. Lessons learned
4. Identification

Which of the following are examples of custodian security roles? (Choose two.)

1. Human resources employee
2. Sales executive
3. CEO
4. Server backup operator

You are the network administrator of your company, and the manager of a retail site located across town has complained about the loss of power to their building several times this year. The branch manager is asking for a compensating control to overcome the power outage. What compensating control would you recommend?

1. Firewall
2. Security guard
3. IDS
4. Backup generator

James is a security administrator and is attempting to block unauthorized access to the desktop computers within the company’s network. He has configured the computers’ operating systems to lock after 5 minutes of no activity. What type of security control has James implemented?

1. Preventive
2. Corrective
3. Deterrent
4. Detective

Which of the following terms best describes sensitive medical information?

1. AES
2. PHI
3. PII
4. TLS

An accounting employee changes roles with another accounting employee every 4 months. What is this an example of?

1. Separation of duties
2. Mandatory vacation
3. Job rotation
4. Onboarding

Which of the following are considered inappropriate places to store backup tapes? (Choose two.)

1. Near a workstation
2. Near a speaker
3. Near a CRT monitor
4. Near an LCD screen

You are a member of your company’s security response team and have discovered an incident within your network. You are instructed to remove and restore the affected system. You restore the system with the original disk image and then install patches and disable any unnecessary services to harden the system against any future attacks. Which incident response process have you completed?

1. Eradication
2. Preparation
3. Containment
4. Recovery

You are a security administrator and have decided to implement a unified threat management (UTM) appliance within your network. This appliance will provide antimalware, spam filtering, and content inspection along with other protections. Which of the following statements best describes the potential problem with this plan?

1. The protections can only be performed one at a time.
2. This is a complex plan because you will manage several complex platforms.
3. This could create the potential for a single point of failure.
4. You work with a single vendor and its support department.

You are attending a risk analysis meeting and are asked to define internal threats. Which of the following is not considered an internal threat?

1. Employees accessing external websites through the company’s hosts
2. Embezzlement
3. Threat actors compromising a network through a firewall
4. Users connecting a personal USB thumb drive to a workstation

You are the network director and are creating the following year’s budget. You submit forensic dollar amounts for the cyber incident response team. Which of the following would you not submit? (Choose two.)

1. ALE amounts
2. SLE amounts
3. Training expenses
4. Man-hour expenses

Computer evidence of a crime is preserved by making an exact copy of the hard disk. Which of the following does this demonstrate?

1. Chain of custody
2. Order of volatility
3. Capture system image
4. Taking screenshots

Which option is an example of a workstation not hardened?

1. Risk
2. Threat
3. Exposure
4. Mitigate

Which of the following elements should not be included in the preparation phase of the incident response process?

1. Policy
2. Lesson learned documentation
3. Response plan/strategy
4. Communication

Which of the following does not minimize security breaches committed by internal employees?

1. Job rotation
2. Separation of duties
3. Nondisclosure agreements signed by employees
4. Mandatory vacations

You find one of your employees posting negative comments about the company on Facebook and Twitter. You also discover the employee is sending negative comments from their personal email on the company’s computer. You are asked to implement a policy to help the company avoid any negative reputation in the marketplace. Which of the following would be the best option to fulfill the request?

1. Account policy enforcement
2. Change management
3. Security policy
4. Risk assessment

Which of the following statements best describes a differential backup?

1. Only the changed portions of files are backed up.
2. All files are copied to storage media.
3. Files that have changed since the last full backup are backed up.
4. Only files that have changed since the last full or incremental backup are backed up.

During which step of the incident response process does root cause analysis occur?

1. Preparation
2. Lessons learned
3. Containment
4. Recovery

Which of the following types of testing can help identify risks? (Choose two.)

1. Quantitative
2. Penetration testing
3. Vulnerability testing
4. Qualitative

What can a company do to prevent sensitive data from being retrieved by dumpster diving?

1. Degaussing
2. Capture system image
3. Shredding
4. Wiping

You are a network administrator and have been asked to send a large file that contains PII to an accounting firm. Which of the following protocols would it be best to use?

1. Telnet
2. FTP
3. SFTP
4. SMTP

Zackary is a network backup engineer and performs a full backup each Sunday evening and an incremental backup Monday through Friday evenings. One of the company’s network servers crashes on Thursday afternoon. How many backups will Zack need to do to restore the server?

1. Two
2. Three
3. Four
4. Five

Your company website is hosted by an Internet service provider. Which of the following risk response techniques is in use?

1. Risk avoidance
2. Risk register
3. Risk acceptance
4. Risk mitigation

A call center leases a new space across town, complete with a functioning computer network that mirrors the current live site. A high-speed network link continuously synchronizes data between the two sites. Which of the following describes the site at the new leased location?

1. Cold site
2. Warm site
3. Hot site
4. Differential site

A security administrator is reviewing the company’s continuity plan, and it specifies an RTO of 4 hours and an RPO of 1 day. Which of the following is the plan describing?

1. Systems should be restored within 1 day and should remain operational for at least 4 hours.
2. Systems should be restored within 4 hours and no later than 1 day after the incident.
3. Systems should be restored within 1 day and lose, at most, 4 hours’ worth of data.
4. Systems should be restored within 4 hours with a loss of 1 day’s worth of data at most.

Which of the following statements is true regarding a data retention policy?

1. Regulations require financial transactions to be stored for 7 years.
2. Employees must remove and lock up all sensitive and confidential documents when not in use.
3. It describes a formal process of managing configuration changes made to a network.
4. It is a legal document that describes a mutual agreement between parties.

You are attending a meeting with your manager and he wants to validate the cost of a warm site versus a cold site. Which of the following reasons best justify the cost of a warm site? (Choose two.)

1. Small amount of income loss during long downtime
2. Large amount of income loss during short downtime
3. Business contracts enduring no more than 72 hours of downtime
4. Business contracts enduring no more than 8 hours of downtime

Recently, company data that was sent over the Internet was intercepted and read by hackers. This damaged the company’s reputation with its customers. You have been asked to implement a policy that will protect against these attacks. Which of the following options would you choose to help protect data that is sent over the Internet? (Choose two.)

1. Confidentiality
2. Safety
3. Availability
4. Integrity

How do you calculate the annual loss expectancy (ALE) that may occur due to a threat?

1. Exposure Factor (EF) / Single Loss Expectancy (SLE)
2. Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO)
3. Asset Value (AV) × Exposure Factor (EF)
4. Single Loss Expectancy (SLE) / Exposure Factor (EF)

Which of the following impact scenarios would include severe weather events? (Choose two.)

1. Life
2. Reputation
3. Salary
4. Property

Which of the following outlines a business goal for system restoration and allowable data loss?

1. RPO
2. Single point of failure
3. MTTR
4. MTBF

Which of the following is an example of a preventive control? (Choose two.)

1. Data backups
2. Security camera
3. Door alarm
4. Cable locks

You are a security administrator for your company and you identify a security risk that you do not have in-house skills to address. You decide to acquire contract resources. The contractor will be responsible for handling and managing this security risk. Which of the following type of risk response technique are you demonstrating?

1. Accept
2. Mitigate
3. Transfer
4. Avoid

You are an IT manager and discovered your department had a break-in, and the company’s computers were physically damaged. What type of impact best describes this situation?

1. Life
2. Reputation
3. Property
4. Safety

Which of the following would help build informed decisions regarding a specific DRP?

1. Business impact analysis
2. ROI analysis
3. RTO
4. Life impact

Each salesperson who travels has a cable lock to lock down their laptop when they step away from the device. Which of the following controls does this apply?

1. Administrative
2. Compensating
3. Deterrent
4. Preventive

Which of the following secures access to company data in agreement to management policies?

1. Technical controls
2. Administrative controls
3. HTTPS
4. Integrity

You are a server administrator for your company’s private cloud. To provide service to employees, you are instructed to use reliable hard disks in the server to host a virtual environment. Which of the following best describes the reliability of hard drives?

1. MTTR
2. RPO
3. MTBF
4. ALE

You are replacing a number of devices with a mobile appliance that combines several functions. Which of the following describes the new implementation?

1. Cloud computing
2. Load balancing
3. Single point of failure
4. Virtualization

Which of the following can help mitigate adware intrusions?

1. Antivirus
2. Antispam
3. Spyware
4. Pop-up blocker

In the initial stages of a forensics investigation, Zack, a security administrator, was given the hard drive of the compromised workstation by the incident manager. Which of the following data acquisition procedures would Zack need to perform in order to begin the analysis? (Choose two.)

1. Take hashes
2. Take screenshots
3. Capture the system image
4. Start the order of volatility

Which of the following best describes a Computer Incident Response Team (CIRT)?

1. Personnel who participate in exercises to practice incident response procedures
2. Personnel who promptly and correctly handle incidents so they can be quickly contained, investigated, and recovered from
3. A team to identify planning flaws before an actual incident occurs
4. Team members using a walk-through checklist to ensure understanding of roles in a DRP

Which of the following decreases the success of brute-force attacks?

1. Password complexity
2. Password hints
3. Account lockout threshold
4. Enforce password history

A warrant has been issued to investigate a file server that is suspected to be part of an organized crime to steal credit card information. You are instructed to follow the order of volatility. Which data would you collect first?

1. RAM
2. USB flash drive
3. Hard disk
4. Swap files

What should human resources personnel be trained in regarding security policies?

1. Guidelines and enforcement
2. Order of volatility
3. Penetration assessment
4. Vulnerability assessment

Which of the following is not a basic concept of computer forensics?

1. Preserve evidence
2. Determine if the suspect is guilty based on the findings
3. Track man-hours and expenses
4. Interview all witnesses

The Chief Information Officer (CIO) wants to set up a redundant server location so that the production server images can be moved within 36 hours and the servers can be restored quickly, should a catastrophic failure occur at the primary location. Which of the following can be implemented?

1. Hot site
2. Cold site
3. Warm site
4. Load balancing

Choose the correct order of volatility when collecting digital evidence.

1. Hard disk drive, DVD-R, RAM, swap file
2. Swap file, RAM, DVD-R, hard disk drive
3. RAM, DVD-R, swap file, hard disk drive
4. RAM, swap file, hard disk drive, DVD-R

Which of the following pieces of information would be summarized in the lessons learned phase of the incident response process? (Choose three.)

1. When the problem was first detected and by whom
2. How the problem was contained and eradicated
3. The work that was performed during the recovery
4. Preparing a company’s team to be ready to handle an incident at a moment’s notice

You receive a phone call from an employee reporting that their workstation is acting strangely. You gather information from the intrusion detection system and notice unusual network traffic from the workstation, and you determine the event may be an incident. You report the event to your manager, who then begins to collect evidence and prepare for the next steps. Which phase of the incident response process is this?

1. Preparation
2. Identification
3. Containment
4. Eradication

Your manager has asked you to recommend a way to transmit PII via email and maintain its confidentiality. Which of the following options is the best solution?

1. Hash the information before sending.
2. Protect the information with a digital signature.
3. Protect the information by using RAID.
4. Encrypt the information before sending.

Which of the following statements best defines change management?

1. Responding to, containing, analyzing, and recovering from a computer-related incident
2. Means used to define which access permissions subjects have for a specific object
3. Procedures followed when configuration changes are made to a network
4. Categorizing threats and vulnerabilities and their potential impacts to a network

During which step of the incident response process does identification of incidents that can be prevented or mitigated occur?

1. Containment
2. Eradication
3. Preparation
4. Lessons learned

Which of the following best describes the disadvantages of quantitative risk analysis compared to qualitative risk analysis? (Choose two.)

1. Quantitative risk analysis requires complex calculations.
2. Quantitative risk analysis is sometimes subjective.
3. Quantitative risk analysis is generally scenario-based.
4. Quantitative risk analysis is more time-consuming than qualitative risk analysis.

Which of the following are disadvantages of using a cold site? (Choose two.)

1. Expense
2. Recovery time
3. Testing availability
4. Administration time

Which of the following policies should be implemented to minimize data loss or theft?

1. Password policy
2. PII handling
3. Chain of custody
4. Detective control

Which of the following should a comprehensive data policy include?

1. Wiping, disposing, storage, retention
2. Disposing, patching, storage, retention
3. Storage, retention, virtualization
4. Onboarding, storage, disposing

You have revealed a recent intrusion within the company’s network and have decided to execute incident response procedures. The incident response team has identified audit logs that hold information about the recent security breach. Prior to the incident, a security consultant firm recommended that your company install a NTP server within the network. Which of the following is a setback the incident response team will likely encounter during the assessment?

1. Order of volatility
2. Chain of custody
3. Eradication
4. Record time offset

You plan to provide a word processing program to the employees in your company. You decide not to install the program on each employee’s workstation but rather have a cloud service provider host the application. Which of the following risk response techniques best describes the situation?

1. Risk mitigation
2. Risk acceptance
3. Risk avoidance
4. Risk transfer

Which of the following statements is true about incremental backup?

1. It backs up all files.
2. It backs up all files in a compressed format.
3. It backs up all new files and any files that have changed since the last full backup without resetting the archive bit.
4. It backs up all new files and any files that have changed since the last full or incremental backup and resets the archive bit.

The chief security officer (CSO) has seen four security breaches during the past 2 years. Each breach cost the company $30,000, and a third-party vendor has offered to repair the security weakness in the system for $250,000. The breached system is set to be replaced in 5 years. Which of the following risk response techniques should the CSO use?

1. Accept the risk.
2. Transfer the risk.
3. Avoid the risk.
4. Mitigate the risk.

Which of the following would not be a guideline for performing a BIA?

1. Identify impact scenarios that put your business operations at risk.
2. Identify mission-essential functions and the critical systems within each function.
3. Approve and execute changes in order to ensure maximum security and availability of IT services.
4. Calculate RPO, RTO, MTTR, and MTBF.

You are a network administrator and have purchased two devices that will work as failovers for each other. Which of the following does this best demonstrate?

1. Integrity
2. Availability
3. Authentication
4. Confidentiality

Your company has lost power and the salespeople cannot take orders because the computers and phone systems are unavailable. Which of the following would be the best options to an alternate business practice? (Choose two.)

1. Tell the salespeople to go home for the day until the power is restored.
2. Tell the salespeople to use their cell phones until the power is restored.
3. Have the salespeople use paper and pen to take orders until the power is restored.
4. Have the salespeople instruct customers to fax their orders until the power is restored.

Leigh Ann is the new network administrator for a local community bank. She studies the current file server folder structures and permissions. The previous administrator didn’t properly secure customer documents in the folders. Leigh Ann assigns appropriate file and folder permissions to be sure that only the authorized employees can access the data. What security role is Leigh Ann assuming?

1. Power user
2. Data owner
3. User
4. Custodian

Which of the following methods is not recommended for removing data from a storage media that is used to store confidential information?

1. Formatting
2. Shredding
3. Wiping
4. Degaussing

A SQL database server is scheduled for full backups on Sundays at 2:00 a.m. and incremental backups each weeknight at 11:00 p.m. Write verification is enabled, and backup tapes are stored off-site at a bank safety deposit box. Which of the following should be completed to ensure integrity and confidentiality of the backups? (Choose two.)

1. Use SSL to encrypt the backup data.
2. Encrypt the backup data before it is stored off-site.
3. Ensure that an employee other than the backup operator analyzes each day’s backup logs.
4. Ensure that the employee performing the backup is a member of the administrators’ group.

You are planning to perform a security audit and would like to see what type of network traffic is transmitting within your company’s network. Which of the following tools would you use?

1. Port scanner
2. Vulnerability scanner
3. Protocol analyzer
4. Network intrusion detection system

Your company has hired a new administrative assistant to a commercial lender named Leigh Ann. She will be using a web browser on a company computer at the office to access internal documents on a public cloud provider over the Internet. Which type of document should Leigh Ann read and sign?

1. Internet acceptable use policy
2. Audit policy
3. Password policy
4. Privacy policy

During a conversation with another colleague, you suggest there is a single point of failure in the single load balancer in place for the company’s SQL server. You suggest implementing two load balancers in place with only one in service at a given time. What type of load balancing configuration have you described?

1. Active-active
2. Active directory
3. Round robin
4. Active-passive

Which of the following policies would you implement to help prevent the company’s users from revealing their login credentials for others to view?

1. Job rotation
2. Data owner
3. Clean desk
4. Separation of duties

Which of the following are part of the chain of custody?

1. Delegating evidence collection to your manager
2. Capturing the system image to another hard drive
3. Capturing memory contents before capturing hard disk contents
4. Preserving, protecting, and documenting evidence

Zackary has been assigned the task of performing a penetration test on a server and was given limited information about the inner workings of the server. Which of the following tests will he be performing?

1. White box
2. Gray box
3. Black box
4. Clear box

Which of the following are considered administrative controls? (Choose two.)

1. Firewall rules
2. Personnel hiring policy
3. Separation of duties
4. Intrusion prevention system

Which of the following are examples of alternate business practices? (Choose two.)

1. The business’s point-of-sale terminal goes down, and employees use pen and paper to take orders and a calculator to determine customers’ bills.
2. The network system crashes due to an update, and employees are told to take time off until the company’s network system is restored.
3. Power is lost at a company’s site and the manager posts a closed sign until power is restored.
4. A bank location has lost power, and the employees are sent to another location to resume business.

Which of the following require careful handling and special policies for data retention and distribution? (Choose two.)

1. Personal electronic devices
2. MOU
3. PII
4. NDA

Matt is the head of IT security for a university department. He recently read articles about security breaches that involved malware on USB removable devices and is concerned about future incidents within the university. Matt reviews the past incident responses to determine how these occurrences may be prevented and how to improve the past responses. What type of document should Matt prepare?

1. MOU
2. SLA
3. After-action report
4. Nondisclosure agreement

Categorizing residual risk is most important to which of the following risk response techniques?

1. Risk mitigation
2. Risk acceptance
3. Risk avoidance
4. Risk transfer

You are the IT manager and one of your employees asks who assigns data labels. Which of the following assigns data labels?

1. Owner
2. Custodian
3. Privacy officer
4. System administrator

Which of the following is the most pressing security concern related to social media networks?

1. Other users can view your MAC address.
2. Other users can view your IP address.
3. Employees can leak a company’s confidential information.
4. Employees can express their opinion about their company.

You are a network administrator looking to test patches quickly and often before pushing them out to the production workstations. Which of the following would be the best way to do this?

1. Create a full disk image to restore the system after each patch installation.
2. Create a virtual machine and utilize snapshots.
3. Create an incremental backup of an unpatched workstation.
4. Create a differential backup of an unpatched workstation.

You have instructed your junior network administrator to test the integrity of the company’s backed-up data. Which of the following is the best way to test the integrity of a backup?

1. Review written procedures.
2. Use software to recover deleted files.
3. Restore part of the backup.
4. Conduct another backup.

What concept is being used when user accounts are created by one employee and user permissions are configured by another employee?

1. Background checks
2. Job rotation
3. Separation of duties
4. Collusion

Your company is requesting the installation of a fence around the property and cipher locks on all front entrances. Which of the following concepts is your company concerned about?

1. Confidentiality
2. Integrity
3. Availability
4. Safety

Which of the following is an example of a vulnerability assessment tool?

1. Ophcrack
2. John the Ripper
3. L0phtCrack
4. Nessus

A security analyst is analyzing the cost the company could incur if the customer database was breached. The database contains 2,500 records with PII. Studies show the cost per record would be $300. The likelihood that the database would be breached in the next year is only 5%. Which of the following would be the ALE for a security breach?

1. $15,000
2. $37,500
3. $150,000
4. $750,000

Your team must perform a test of a specific system to be sure the system operates at the alternate site. The results of the test must be compared with the company’s live environment. Which test is your team performing?

1. Cutover test
2. Walk-through
3. Parallel test
4. Simulation

Which of the following concepts defines a company goal for system restoration and acceptable data loss?

1. MTBF
2. MTTR
3. RPO
4. ARO

Your IT team has created a disaster recovery plan to be used in case a SQL database server fails. What type of control is this?

1. Detective
2. Corrective
3. Preventive
4. Deterrent

Which of the following is not a step in the incident response process?

1. Snapshot
2. Preparation
3. Recovery
4. Containment

Which of the following threats is mitigated by shredding paper documents?

1. Shoulder surfing
2. Physical
3. Adware
4. Spyware

Your company hires a third-party auditor to analyze the company’s data backup and long-term archiving policy. Which type of organization document should you provide to the auditor?

1. Clean desk policy
2. Acceptable use policy
3. Security policy
4. Data retention policy

You are a network administrator and have been given the duty of creating users accounts for new employees the company has hired. These employees are added to the identity and access management system and assigned mobile devices. What process are you performing?

1. Offboarding
2. System owner
3. Onboarding
4. Executive user

Which of the following defines a standard operating procedure (SOP)? (Choose three.)

1. Standard
2. Privacy
3. Procedure
4. Guideline

Computer equipment was suspected to be involved in a computer crime and was seized. The computer equipment was left unattended in a corridor for 10 minutes while officers restrained a potential suspect. The seized equipment is no longer admissible as evidence because of which of the following violations?

1. Chain of custody
2. Order of volatility
3. Preparation
4. Eradication

Which of the following should be performed when conducting a qualitative risk analysis? (Choose two.)

1. ARO
2. SLE
3. Asset estimation
4. Rating potential threats