CISSP PRACTICE TESTS Chapter 7▪ Security Operations (Domain7), Questions and answers, 100% Accurate. Rated A

CISSP PRACTICE TESTS Chapter 7▪ Security Operations (Domain7), Questions and answers, 100% Accurate. Rated A 1.Referring to the figure below, what technology is shown that provides fault tolerance for the database servers? Refer to page 138 in book. A. Failover cluster B. UPS C. Tape backup D. Cold site - -A. Failover cluster 2. Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts? A. Read only B. Editor C. Administrator D. No access - -D. No Access 3. Which one of the following is not a privileged administrative activity that should be automatically sent to a log of superuser actions? A. Purging log entries B. Restoring a system from backup C. Logging into a workstation D. Managing user accounts - -C. Logging into a workstation 4. Which one of the following individuals is most likely to lead a regulatory investigation? A. CISO B. CIO C. Government agent D. Private detective - -C. Government agent 5. What type of evidence consists entirely of tangible items that may be brought into a court of law? A. Documentary evidence B. Parol evidence C. Testimonial evidence D. Real evidence - -D. Real Edvidence 6. Which one of the following trusted recovery types does not fail into a secure operating state? A. Manual recovery B. Automated recovery C. Automated recovery without undue loss D. Function recovery - -A. Manual recovery 7. Which one of the following might a security team use on a honeypot system to consume an attacker's time while alerting administrators? A. Honeynet B. Pseudoflaw C. Warning banner D. Darknet - -B. Pseudoflaw 8. Toni responds to the desk of a user who reports slow system activity. Upon checking outbound network connections from that system, Toni notices a large amount of social media traffic originating from the system. The user does not use social media, and when Toni checks the accounts in question, they contain strange messages that appear encrypted. What is the most likely cause of this traffic? A. Other users are relaying social media requests through Toni's computer. B. Toni's computer is partof a botnet. C. Toni is lying about her use of social media. D. Someone else is using Toni's computer when she is not present. - -B. Toni's computer is part of a botnet. 9. Under what virtualization model does the virtualization platform separate the network control plane from the data plane and replace complex network devices with simpler devices that simply receive instructions from the controller? A. Virtual machines B. VSAN C. VLAN D. SDN - -D. SDN 10. Jim would like to identify compromised systems on his network that may be participating in a botnet. He plans to do this by watching for connections made to known comnand and-control servers. Which one of the following techniques would be most likely to provide this information if Jim has access to a list of known servers? A. Netflow records B. IDS logs C. Authentication logs D. RFC logs - -A. Netflow records Questions 11-14 refer to the following scenario. Gary was recently hired as the first cheif information security officer (CISO) for a local government agency. The agency recently suffered a security breach and is attempting to build a new information security program. Gary would like to apply some best practices for security operations as he designing this program. 11. As Gary decides what access permissions he should grant to each user, what principle should guide his decisions sbout default permissions? A. Separation of duties B. Least privilege C. Aggregation D. Separation of privileges - -B. Least privilege 12. As Gary design the program, he uses the matrix shown below. What principle of information security does this matrix most directly help enforce? Refer to page 140 in the book. A. Segregation of duties B. Aggregation C. Two-person control D. Defense in depth - -A. Segregation of duties 13. Gary is preparing to create an account for a new user and assign privileges to the HR database. What two elements of information must Gary verify before granting this access? A. Credentials and need to know B. Clearance and need to know C. Password and clearance D. Password and biometric scan - -B. Clearance and need to know 14. Gary is preparing to develop controls around access to root encryption keys and would like to apply a principle of security designed specifically for very sensitive operations. What principle should he apply? A. Least privilege B. Defense in depth C. Security through obscurity D. Two-person control - -D. Two-person control 15. When should an organization conduct a review of theprivileged access that a user has to sensitive systems? A. On a periodic basis B. When a user leaves the organization C. When a user changes roles D. All of the above - -D. All of the above 16. Which one of the following terms is often used to describe a collection of unrelated patches released in a large collection? A. Hotfix B. Update C. Security fix D. Service pack - -D. Service pack 17. Which one of the following tasks is performed by a forensic disk controller? A. Masking error conditions reported by the storage device B. Transmitting write commands to the storage device C. Intercepting and modifying or discarding commands sent to the storage deviice D. Preventing data from being returned by a read operation sent to the device - -C. Intercepting and modifying or discarding commands sent to the storage device 18. Lydia is processing access control requests for her organization. She comes across a request where the user does have the required security clearance, but there is no business justification for the access. Lydia denies this request. What security principle is she following? A. Need to know B. Least privilege C. Seperation of duties D. Two-person control - -A. Need to know 19. Which one of the folling security tools consists of an unused network address space that may detect unauthorized activity? A. Honeypot B. Honeynet C. Psuedoflaw D. Darknet - -D. Darknet 20. Which one of the following mechanisms is not commonly seen as a deterrent to fraud? A. Job rotatio B. Mandatory vacations C. Incident response D. Two-person control - -C. Incident response 21. Brian recently joined an organization that runs the majority of its services on a virtualization platform located in its own data center but also leverages an IaaS provider for hosting its web services and SaaS email system. What term best describes the type of cloud environment this organisation uses? A. Public cloud B. Dedicated cloud C. Private cloud D. Hybrid cloud - -D. Hybrid cloud 22. Tom is responding to a recent security incident and seeking information on the approval process for a recent modification to a system's security settings. Where would he most likely find this information? A. Change log B. System log C. security log D. Application log - -A. Change log 23. Mark is considering replacing his organization's customer relationship management (CRM) solution with a mew product that is available in the cloud. This new solution is completely managed by the vendor and Mark's company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering? A. IaaS B. CaaS C. PaaS D. SaaS - -D. SaaS 24. Which one of the following information sources is useful to security admiistrators seeking a list information security vulnerabilities in applications, devices, and operating systems? A. OWASP B. Bugtraq C. Microsoft Security Bulletins D. CVE - -D. CVE 25. Which of the following would normally be considered an example of disaster when performing disaster recovery planning? I. Hacking incident II. Flood III. Fire IV. Terrorism A. II and III only B. I amd IV only C. II, III, and IV only D. I, II,III, and IV - -D. I, II, III, and IV 26. Glenda would like to conducta diaster recovery test and is seeking a test that will allow a review of the plan with no disruption to normal information activities and as minimal a commitment of time as possible. What type of information system activities and as minimal a commitment of time as possible. What type of test should shebchoose? A. Tabletop excerrise B. Parallel test C. Full interruption test D. Checklist review - -D. Checklist review 27. Which one if the following is not an example of a backup tape rotation scheme? A. Grandfather/Father/Son B. Meet in the middle C. Tower of Hanoi D. Six Cartridge Weekly - -B. Meet in the middle 28. Helen is implementing a new security mechanism for granting employees administrative privileges in the accounting system. She designs the process so that both the employee's manager and the accounting manager must approve the request before the access is granted. What information security principle is Helen enforcing? A. Least privilege B. Two-person control C. Job rotation D. Separation of duties - -B. Two-person control 29. Which one of the following is not a requirement for evidence to be admissible in court? A. The evidence must be relevent. B. The evidence must be material. C. The evidence must be tangible. D. The evidence must be competent.. - -C. The evidence must be tangible. 30. In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other's identity? A. Public cloud B. Private cloud C. Community cloud D. Shared cloud - -A. Public cloud 31. Which of the following organizations would be likely to have a representative on a CSIRT? I. Information security II. Legal counsel III. Senior management IV. Engineering A. I, III, and IV B. I, II, and III C. I, II,and IV D. All of the above - -D. All of the above 32. Sam is responsible for backing up his company's primary file server. He configured a backup schedule that performs full backups every Monday evening