IS5403 Week 7 All Quizezz

2

Question

What will be the available drive space in a RAID 5 configured system with 3 250GB hard drives?

1 TB

500 GB

250 GB

750 GB

Correct

 

2 of 4

3

Question

Which RAID types would use a minimum of four hard drives? (Choose all that apply).

6

0

51

1

10

5

Correct

 

3 of 4

4

Question

What are some common symptoms of RAID array failures? (Choose all that apply.)

OS not found

Failure to boot

Drive not recognized

Overheating

Correct 

4

Question

NIDS is an advanced version of NIPS.

True only when the NIDS is patched.

False

True only when the NIDS is vendor specific.

True

Correct

 

4 of 6

5

Question

The security administrator for a large organization receives numerous alerts from a network-based intrusion detection system (NIDS) of a possible worm infection spreading through the network via network shares. Before taking any drastic action to solve this problem such as blocking file sharing, what should first be done?

Research best practices with respect to stopping the worm and implement the solution without delay.

Look for a less radical solution

Call an emergency change management meeting to ensure the solution will not have unforeseen negative affects.

Block file sharing immediately because this is an emergency that could lead to a widespread data compromise.

Perform a pilot study of the solution and monitor for adverse affects

Correct

 

5 of 6

6

Question

For what purpose should the network traffic log be analyzed?

To check for suspicious traffic

To facilitate security management

To check processor performance

To capture network packets

To store the dump file offsite

Correct

Which statement regarding vulnerability appraisal is NOT true?

• Every asset must be viewed in light of each threat.
• Each vulnerability should be cataloged.
• Each threat could reveal multiple vulnerabilities.
• Vulnerability appraisal is always the easiest and quickest step.

CORRECT

Which of the following is NOT a risk associated with the use of private data?

• Associations with groups
• Individual inconveniences and identity theft
• Statistical inferences
• Devices being infected with malware

CORRECT

Which of the following is a command-line alternative to Nmap?

• Statnet
• Mapper
• Netstat
• Netcat

CORRECT

Which of the following is NOT a function of a vulnerability scanner?

• Detects which ports are served and which ports are browsed for each individual system
• Maintains a log of all interactive network sessions
• Alerts users when a new patch cannot be found
• Detects when an application is compromised

CORRECT

Which statement regarding a honeypot is NOT true?

• It cannot be part of a honeynet.
• It can direct an attacker's attention away from legitimate servers.
• It is intentionally configured with security vulnerabilities.
• It is typically located in an area with limited security.

CORRECT

Which of these should NOT be classified as an asset?

• Accounts payable
• Employee databases
• Buildings
• Business partners

CORRECT

Which of the following tools is a Linux command-line protocol analyzer?

• IP
• Tcpdump
• Arp
• Wireshark

CORRECT

Which of the following command-line tools tests a connection between two network devices?

• Netstat
• Ping
• Ifconfig
• Nslookup

CORRECT

Which of the following data sensitivity labels has the lowest level of data sensitivity?

• Public
• Open
• Free
• Unrestricted

CORRECT

Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm?

• Risk appraisal
• Vulnerability scan
• Vulnerability assessment
• Penetration test

CORRECT

If a software application aborts and leaves the program open, which control structure is it using?

• Fail-secure
• Fail-safe
• Fail-open
• Fail-right

CORRECT

If a tester is given the IP addresses, network diagrams, and source code of customer applications, the tester is using which technique?

• Black box
• White box
• Blue box
• Gray box

CORRECT

Which of the following data sensitivity labels is the highest level of data sensitivity?

• Private
• Confidential
• Secret
• Ultra

CORRECT

Which of the following must be kept secure as mandated by HIPAA?

• PHI
• PII
• PLILP
• PHIL

CORRECT

Which of the following sends "probes" to network devices and examines the responses to evaluate whether a specific device needs remediation?

• Remote scanner
• Active scanner
• Probe scanner
• Passive scanner

CORRECT

Which of the following constructs scenarios of the types of threats that assets can face to learn who the attackers are, why they attack, and what types of attacks may occur?

• Vulnerability prototyping
• Threat modeling
• Risk assessment
• Attack assessment

CORRECT

At what point in a vulnerability assessment would an attack tree be utilized?

• Threat evaluation
• Vulnerability appraisal
• Risk assessment
• Risk mitigation

CORRECT

Which of the following is NOT true about privacy?

• Today, individuals can achieve any level of privacy that is desired.
• Privacy is freedom from attention, observation, or interference based on your decision.
• Privacy is difficult due to the volume of data silently accumulated by technology.
• Privacy is the right to be left alone to the degree that you choose.

CORRECT

Which of these is NOT a state of a port that can be returned by a port scanner?

• Closed
• Blocked
• Busy
• Open

CORRECT

Which of the following is NOT an issue raised regarding how private data is gathered and used?

• The data is gathered and kept in secret.
• By law, all encrypted data must contain a "backdoor" entry point.
• The accuracy of the data cannot be verified.
• Informed consent is usually missing or is misunderstood.

CORRECT

Which of the following is NOT a category of fire suppression systems?

• Water sprinkler system
• Clean agent system
• Wet chemical system
• Dry chemical system

CORRECT

What is the maximum length of time that an organization can tolerate between data backups?

• Recovery point objective (RPO)
• Recovery time objective (RTO)
• Optimal recovery timeframe (ORT)
• Recovery service point (RSP)

CORRECT

Margaux has been asked to work on the report that will analyze the exercise results with the purpose of identifying strengths to be maintained and weaknesses to be addressed for improvement. What report will she be working on?

• Business continuity report
• After-action report
• Containment report
• Identification of critical systems report

CORRECT

Which level of RAID uses disk mirroring and is considered fault-tolerant?

• Level 2
• Level 3
• Level 1
• Level 4

CORRECT

A(n) _____ is always running off its battery while the main power runs the battery charger.

• backup UPS
• secure UPS
• on-line UPS
• off-line UPS

CORRECT

Which of these is NOT a characteristic of a disaster recovery plan (DRP)?

• It is detailed.
• It is updated regularly.
• It is written.
• It is a private document used only by top-level administrators for planning.

CORRECT

What is the average amount of time that it will take a device to recover from a failure that is not a terminal failure?

• MTTI
• MTTR
• MTBF
• MTBR

CORRECT

An electrical fire like that which would be found in a computer data center is known as what type of fire?

• Class A
• Class D
• Class C
• Class B

CORRECT

Which of the following can a UPS NOT perform?

• Prevent any new users from logging on
• Prevent certain applications from launching that will consume too much power
• Notify all users that they must finish their work immediately and log off
• Disconnect users and shut down the server

CORRECT

Dilma has been tasked with creating a list of potential employees to serve in an upcoming tabletop exercise. Which employees will be on her list?

• Individuals on a decision-making level
• Only IT managers
• Full-time employees
• All employees

CORRECT

The chain of _____ documents that the evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence.

• evidence
• custody
• control
• forensics

CORRECT

Which of the following is NOT required for a fire to occur?

• A chemical reaction that is the fire itself
• A spark to start the process
• A type of fuel or combustible material
• Sufficient oxygen to sustain the combustion

CORRECT

What does an incremental backup do?

• Copies selected files
• Copies all files
• Copies all files since the last full backup
• Copies all files changed since the last full or incremental backup

CORRECT

Which question is NOT a basic question to be asked regarding creating a data backup?

• What information should be backed up?
• Where should the backup be stored?
• What media should be used?
• How long will it take to finish the backup?

CORRECT

What is the amount of time added to or subtracted from Coordinated Universal Time to determine local time?

• Time offset
• Civil time
• Daylight savings time
• Greenwich Mean Time (GMT)

CORRECT

When an unauthorized event occurs, what is the first duty of the cyber-incident response team?

• To log off from the server
• To back up the hard drive
• To reboot the system
• To secure the crime scene

CORRECT

Raul has been asked to help develop an outline of procedures to be followed in the event of a major IT incident or an incident that directly impacts IT. What type of planning is this?

• Risk IT planning
• IT contingency planning
• Business impact analysis planning
• Disaster recovery planning

CORRECT

Which of these is an example of a nested RAID?

• Level 1-0
• Level 0/1
• Level 0+1
• Level 0-1

CORRECT

What does the abbreviation RAID represent?

• Redundant Array of IDE Drives
• Resistant Architecture of Inter-Related Data Storage
• Redundant Array of Independent Drives
• Resilient Architecture for Interdependent Discs

CORRECT

Which type of site is essentially a duplicate of the production site and has all the equipment needed for an organization to continue running?

• Hot site
• Warm site
• Replicated site
• Cold site

CORRECT