Security Pro Chapter 1-3

출구

의문 1 of 1

  남은 시간


0 [{"id":436749,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 02:35:35","updated_at":"2018-05-13 22:06:06","questionName":"When is a BCP or DRP design and development actually completed?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":13,"explanation":"BCP and DRP developments are never complete as they need constant improvement and updates. Senior management approval, testing, drilling, implementation, and distribution are all important phases and elements in the life of BCP and DRP projects. However, they do not represent the end point of BCP\/DRP design and development.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":436744,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 02:32:03","updated_at":"2018-05-13 22:06:06","questionName":"When recovering from a disaster, which services should you stabilize first?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":6,"explanation":"The services you should restore first are mission-critical services. If mission-critical services are not restored within their maximum tolerable downtime, the organization is no longer viable. Least business-critical services should be restored last. Financial support and outside communications should be restored only after all other services with a higher level of criticality are restored.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":436747,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 02:34:29","updated_at":"2018-05-13 22:06:06","questionName":"What is the primary goal of business continuity planning?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":12,"explanation":"The primary goal of BCP is maintaining business operations with reduced or restricted infrastructure capabilities or resources. Minimizing the risk of service delays and interruptions is a goal of DRP. If your organization cannot provide services, it is experiencing a disaster. Minimizing decision-making during the development process is not a valid goal of BCP or DRP; decisions should be made during development. The correct DRP goal is to minimize decisions during an emergency. Protecting an organization from major computer services failure is a goal of DRP, not BCP. If computer services fail, business continuity is interrupted, creating a disaster.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435459,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 14:49:41","updated_at":"2018-05-13 22:06:06","questionName":"Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":2,"explanation":"Hashing of any sort at any time, including within a digital signature, provides data integrity. Signing the message with the private key creates non-repudiation. A digital signature activity, as a whole, does not provide protection for confidentiality because the original message is sent in clear form. No form of cryptography provides protection for availability.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435462,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 14:51:49","updated_at":"2018-05-13 22:06:06","questionName":"What is the greatest threat to the confidentiality of data in most secure organizations?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":5,"explanation":"The greatest threat to data confidentiality in most secure organizations is portable devices (including USB devices). There are so many devices that can support file storage that stealing data has become easy, and preventing data theft is difficult.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435467,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 14:53:50","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is an example of a vulnerability?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":11,"explanation":"A misconfigured server is a vulnerability. A vulnerability is the absence or weakness of a safeguard that could be exploited, such as a USB port that is enabled on the server hosting the database. All of the other selections are examples of exposures. An exposure is an instance of exposure to losses from a threat agent.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437002,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:04:01","updated_at":"2018-05-13 22:06:06","questionName":"As you help a user with a computer problem, you notice that she has written her password on a\r\nnote stuck to her computer monitor. You check the password policy of your company and find that\r\nthe following settings are currently required:\r\n-Minimum password length = 10\r\n-Minimum password age = 4\r\n-Maximum password age = 30\r\n-Password history = 6\r\n-Require complex passwords that include numbers and symbols\r\n-Account lockout clipping level = 3\r\nWhich of the following is the best action to take to make remembering passwords easier so that\r\nshe no longer has to write the password down?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":10,"explanation":"The best solution is to implement end user training. Instruct users on the importance of security\r\nand teach them how to create and remember complex passwords. Making any other changes\r\nwould violate the security policy and reduce the overall security of the passwords.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435465,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 14:52:50","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is the correct definition of a threat?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":7,"explanation":"A threat is any potential danger to the confidentiality, integrity, or availability of information or systems. Risk is the likelihood of a threat taking advantage of a vulnerability. A vulnerability is the absence or weakness of a safeguard that could be exploited. An exposure is an instance of exposure to losses from a threat agent.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":436740,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 02:28:19","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is not an accepted countermeasure to strengthen a cryptosystem?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":3,"explanation":"Current practice in cryptography does not rely on the secrecy of the cryptosystem. Publishing the algorithm exposes the system to scrutiny. This scrutiny often validates the security of the system or identifies weaknesses that show the system as unreliable. The following countermeasures can strengthen a cryptosystem: \u2022 Use strong passwords that contain multiple character types, are a minimum length of eight characters or more, and use no part of a username or email address. \u2022 Implement strong cryptosystems with redundant encipherment, such as 3DES. \u2022 Implement long key spaces. Generally speaking, the longer the key space, the stronger the cryptosystem.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":436738,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 02:26:32","updated_at":"2018-05-13 22:06:06","questionName":"Which type of data loss prevention system can be configured to block unauthorized email messages from being sent and, therefore, being subject to email retention rules?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":1,"explanation":"Endpoint DLP runs on end-user workstations and servers. It can be configured to block email messages that contain unauthorized or sensitive content from being sent, which prevents them from being added to an organization's email archive. Such messages are considered to have never been sent and are not subject to email retention laws. As a result, these messages will not be included in legal discovery situations. Network DLP is a software or hardware solution that is typically installed near the network perimeter. It analyzes network traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. File-Level DLP is used to identify sensitive files in a file system and then embed the organization's security policy within the file so that it travels with the file when it is moved or copied.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437005,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:05:19","updated_at":"2018-05-13 22:06:06","questionName":"You have installed antivirus software on computers at your business. Within a few days, however,\r\nyou notice that one computer has a virus. When you question the user, she says she installed\r\nsome software a few days ago, but it was supposed to be a file compression utility. She admits she\r\ndid not scan the file before running it.\r\nWhat should you add to your security measures to help prevent this from happening again?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":14,"explanation":"Many antivirus prevention measures are ineffective if users take actions that put their computers at\r\nrisk (such as downloading and running files or copying unscanned files to their computers). If users\r\nare educated about malware and about the dangers of downloading software, the overall security\r\nof the environment improves.\r\nA proxy server controls access to the internet based on user name, URL, or other criteria. Account\r\nlockout helps prevent attackers from guessing passwords. Firewall ports might be used by some\r\nmalware, but will not prevent malware introduced by downloading and installing a file.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":436737,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 02:25:08","updated_at":"2018-05-13 22:06:06","questionName":"Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":0,"explanation":"Network DLP is a software or hardware solution that is typically installed near the network perimeter. It analyzes network traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies. Endpoint DLP runs on end-user workstations and servers. Endpoint-DLP is also referred to as a Chinese Wall solution. File-Level DLP is used to identify sensitive files in a file system and then to embed the organization's security policy within the file so that it travels with the file when it is moved or copied.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437001,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:01:06","updated_at":"2018-05-13 22:06:06","questionName":"Over the last month, you have noticed a significant increase in the occurrence of inappropriate\r\nactivities performed by employees. What is the best first response step to take in order to improve\r\nor maintain the security level of the environment?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":9,"explanation":"In this situation, the best response is to improve and hold new awareness sessions. If everyone is\r\nlax in avoiding inappropriate behavior, either they have forgotten what is appropriate, or a new\r\ntrend has started that needs to be diverted. Either way, new awareness should greatly reduce\r\noccurrences.\r\nTermination should only be considered after repeated attempts to re-train and warn the offenders.\r\nFiring staff based on initial trend data of inappropriate activities is an overly severe response.\r\nReducing permissions and privileges is a step to take after re-training--otherwise, it could severely\r\ninterfere with the ability of the staff to accomplish their work tasks. Initiating stronger auditing will\r\nnot directly address the problem; it will just uncover more evidence of the trend of increasing\r\ninappropriate activity.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":436745,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 02:33:03","updated_at":"2018-05-13 22:06:06","questionName":"In business continuity planning, what is the primary focus of the scope?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":8,"explanation":"Business processes are the primary focus of the scope of BCP. Company assets are the focus of risk assessment for security policy development, not BCP. Human life and safety are considerations for emergency response, but are not the focus of the BCP scope. Recovery time objective is a consideration in emergency response plans, not an aspect of BCP scope.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435461,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 14:50:46","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is an example of an internal threat?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":4,"explanation":"Internal threats are intentional or accidental acts by employees, including: \u2022 Malicious acts such as theft, fraud, or sabotage \u2022 Intentional or unintentional actions that destroy or alter data \u2022 Disclosing sensitive information by snooping or espionage External threats are events that originate outside of the organization. They typically focus on compromising the organization's information assets. Examples of external threats include hackers, fraud perpetrators, and viruses. Natural events are events that may reasonably be expected to occur over time, such as a fire or a broken water pipe.","question_score_id":null,"lang":null,"questionAudioPath":null}]
436749
0
120
block

When is a BCP or DRP design and development actually completed?

올바른 답변 선택  

(0/0)












436744
0
120
none
436747
0
120
none
435459
0
120
none
435462
0
120
none
435467
0
120
none
437002
0
120
none
435465
0
120
none
436740
0
120
none
436738
0
120
none
437005
0
120
none
436737
0
120
none
437001
0
120
none
436745
0
120
none
435461
0
120
none