Security+ Study Guide

2017-07-07 02:10:07

1.	What is the plan or policy that helps an organization determine how to relocate to an emergency site called? Disaster Recovery plan Backup Site plan Privilege Management policy Privacy plan
2.	Which backup type is used for the immediate recovery of a lost file? Onsite storage Working copies Incremental backup Differential backup
3.	Which system frequently has audit files that can be used for recovery? Database system Application server Backup server User system
4.	Which backup system backs up only the files that have changed since the last backup? Full backup Incremental backup Differential backup Backup server
5.	Which backup system backs up all of the files that have changed since the last full backup? Full backup Incremental backup Differential backup Archival backup
6.	Which backup method uses a rotating schedule of backup media to ensure long-term information storage? Grandfather, Father, Son method Full Archival method Backup Server method Differential Backup method
7.	Which site provides limited capabilities for the restoration of services in a disaster? Hot site Warm site Cold site Backup site
8.	What is an agreement between two organizations to provide mutual use of their sites in the event of an emergency called? Backup site agreement Warm site agreement Hot site agreement Reciprocal agreement
9.	The process of automatically switching from a malfunctioning system to another system is called what? Fail safe Redundancy Fail-over Hot site
10.	Which disk technology is not fault tolerant? RAID 0 RAID 1 RAID 3 RAID 5
11.	Which agreement outlines performance requirements for a vendor? MBTF MTTR SLA BCP
12.	The process of storing source code for use by the customer in the event that a vendor ceases business is called what? Code escrow SLA BCP CA
13.	Which policy describes how computer systems may be used within an organization? Due Care policy Acceptable Use policy Need to Know policy Privacy policy
14.	Which policy dictates confidentiality requirements for customer records? Separation of Duties policy Due Care policy Physical Access policy Document Destruction policy
15.	Which policy dictates how an organization manages certificates and certificate acceptance? Certificate policies Certificate access lists CA accreditation CRL rules
16.	Which party in a transaction is responsible for verifying the identity of a certificate holder? Subscriber Relying party Third party CA registrar
17.	Which of the following would not be part of an incident response policy? Outside agencies (that require status) Outside experts (to resolve the incident) Contingency plans Evidence collection procedures
18.	Which of the following groups is used to manage access in a network? Security group Single sign-on group Resource sharing group AD group
19.	What is the process of inspecting procedures and verifying that they are working called? Audit Business Continuity plan Security review Group privilege management
20.	Which access model allows users some flexibility for information sharing purposes? DAC MAC RBAC MLAC

Answers

1.	A. The disaster recovery plan deals with site relocations in the event of an emergency, natural disaster, or service outage.
2.	B. Working copies are backups that are usually kept in the computer room for immediate use in a system recovery or lost file recovery.
3.	A. Large-scale database systems usually provide an audit file process that allows transactions to be recovered in the event of a data loss.
4.	B. An incremental backup backs up files that have changed since the last full or partial backup.
5.	C. A differential backup backs up all of the files that have changed since the last full backup.
6.	A. The Grandfather, Father, Son method of backup is designed to provide a rotating schedule of backup processes. This allows for a minimum usage of backup media, and it still allows for long-term archiving.
7.	B. Warm sites provide some capabilities in the event of a recovery. The organization that wants to use a warm site will need to install, configure, and reestablish operations on systems that may already exist at the warm site.
8.	D. A reciprocal agreement is between two organizations and it allows one to use the other organization's site in an emergency.
9.	C. Fail-over is the process where a system that is developing a malfunction automatically switches processes to another system to continue operations.
10.	A. RAID 0 is a method of spreading a single disk over a number of disk drives. This is primarily for performance purposes.
11.	C. A service level agreement (SLA) specifies performance requirements for a vendor. This agreement may use MBTF and MTTR as performance measures in the SLA.
12.	A. Code escrow allows customers to access source code of systems that are installed under specific conditions, such as the bankruptcy of a vendor.
13.	B. The Acceptable Use policy dictates how computers can be used within an organization. This policy should also outline consequences of misuse.
14.	B. Due Care policies dictate the expected precautions to be used to safeguard client records.
15.	A. A Certificate policy dictates how an organization uses, manages, and validates certificates.
16.	C. The third party is responsible for assuring the relying party that the subscriber is genuine.
17.	C. A contingency plan would not normally be part of an incident response plan. It would be part of a disaster recovery plan.
18.	A. A security group is used to manage user access to a network or system.
19.	A. An audit is used to inspect, test, and verify that procedures within an organization are working and are up-to-date. The result of an audit is a report to management.
20.	A. DAC allows some flexibility in information sharing capabilities within the network.

Категории