Security + Certification In Organizational Security
Organizational Security
Questions and Answers
- 1.
Which type of policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections?
- A.
Administrative
- B.
Usage
- C.
User management
- D.
Security
Correct Answer
D. SecurityExplanation
A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections. An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A usage policy covers how information and resources are used. A user management policy identifies the various actions that must occur in the normal course of employee activities.Rate this question:
-
- 2.
Which type of policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits?
- A.
Administrative
- B.
Usage
- C.
User management
- D.
Security
Correct Answer
A. AdministrativeExplanation
An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A usage policy covers how information and resources are used. A user management policy identifies the various actions that must occur in the normal course of employee activities. A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections.Rate this question:
-
- 3.
Which of the following access attacks amounts to listening in on or overhearing parts of a conversation?
- A.
Snooping
- B.
Passive interception
- C.
Eavesdropping
- D.
Active interception
Correct Answer
C. EavesdroppingExplanation
All of the choices listed are various types of access attacks. In an eavesdropping attack, the attacker listens in on or overhears parts of a conversation. In a snooping attack, someone looks through your files in hopes of finding something interesting. In a passive interception attack, someone routinely monitors network traffic. In an active interception attack, a computer is placed between the sender and receiver to capture information while it's sent.Rate this question:
-
- 4.
Which type of policy covers how information and resources are used?
- A.
Administrative
- B.
Usage
- C.
User management
- D.
Security
Correct Answer
B. UsageExplanation
A usage policy covers how information and resources are used. An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A user management policy identifies the various actions that must occur in the normal course of employee activities. A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections.Rate this question:
-
- 5.
Which type of policy identifies the various actions that must occur in the normal course of employee activities?
- A.
Administrative
- B.
Usage
- C.
User management
- D.
Security
Correct Answer
C. User managementExplanation
A user management policy identifies the various actions that must occur in the normal course of employee activities. An administrative policy lays out guidelines and expectations for upgrades, monitoring, backups, and audits. A usage policy covers how information and resources are used. A security policy defines the configuration of systems and networks, including the installation of software, hardware, and network connections.Rate this question:
-
- 6.
Which of the following is not a common level within an information policy?
- A.
Confidential
- B.
External
- C.
Private
- D.
Public
Correct Answer
B. ExternalExplanation
The common levels within an information policy are public (for all advertisements and information posted on the Web), internal (for all intranet-type information), private (for personnel records, client data, and so on), and confidential (PKI information and other restricted data).Rate this question:
-
- 7.
Which of the following is the term used to represent availability of 99.999 percent?
- A.
Five nines
- B.
Real time
- C.
Fail over
- D.
Surge time
Correct Answer
A. Five ninesExplanation
Availability of 99.999 percent is known as five nines availability.Rate this question:
-
- 8.
What is the minimum number of disks necessary to implement RAID 0?
- A.
1
- B.
2
- C.
3
- D.
4
Correct Answer
B. 2Explanation
RAID 0, disk striping, requires a minimum of two disks. RAID 1, mirroring, requires a minimum of two disks. RAID 3, disk striping with a dedicated parity disk, requires a minimum of three disks. RAID 5, disk striping with parity, requires a minimum of three disks.Rate this question:
-
- 9.
You have the server configured to automatically perform backups. A full backup is done every Sunday morning at 2 a.m. Differential backups are run every day at 7 a.m. You arrive at work Thursday morning to find the system crashed at 6 p.m. Wednesday night. How many backup sets must you restore to recover as much of the data as possible?
- A.
1
- B.
2
- C.
3
- D.
5
Correct Answer
B. 2Explanation
After replacing the failed drive, you would restore the full backup from Sunday. Following that, you would restore the most recent differential backup, which was done at 7 a.m. Wednesday.Rate this question:
-
- 10.
If a file system contains a log file of all changes and transactions that have occurred within a set period of time, what type of file system is it said to be?
- A.
Journaling
- B.
Highly available
- C.
Shadowed
- D.
Secure
Correct Answer
A. JournalingExplanation
A journaling file system contains a log file of all changes and transactions that have occurred within a set period of time.Rate this question:
-
- 11.
Which type of backup storage is stored in the same location as the computer center?
- A.
Working
- B.
Warm
- C.
Onsite
- D.
Obtainable
Correct Answer
C. OnsiteExplanation
Onsite storage refers to backup information stored locally; this is often the most recent set of backups.Rate this question:
-
- 12.
During which of the following types of backups is the archive bit on individual files turned off? (Choose all that apply.)
- A.
Full
- B.
Incremental
- C.
Differential
- D.
Daily
Correct Answer(s)
A. Full
B. IncrementalExplanation
The archive bit is turned off after a full or incremental backup. The archive bit is left on after a differential or daily backup.Rate this question:
-
- 13.
In the "grandfather, father, son" backup plan, which refers to the most recent backup?
- A.
Grandfather
- B.
Father
- C.
Son
- D.
None of the above
Correct Answer
C. SonExplanation
The most recent backup is the son. After another backup is done, the son becomes the father and then the grandfather.Rate this question:
-
- 14.
Your manager has asked that you investigate the costs of renting a location that can provide operations within hours of a failure. What type of location is this known as?
- A.
Hot
- B.
Warm
- C.
Cold
- D.
Round
Correct Answer
A. HotExplanation
A hot site is a location that can provide operations within hours of a failure. A warm site provides some of the capabilities of a hot site but requires more work to become operational. A cold site is a facility that isn't immediately ready to use; you must bring along your own network and equipment. There is no such entity as a round site.Rate this question:
-
- 15.
Which of the following is an agreement between your company and a service provider stipulating the performance you can expect or demand from the vendor?
- A.
SND
- B.
RSA
- C.
SLA
- D.
ATP
Correct Answer
C. SLAExplanation
A service-level agreement (SLA) is an agreement between your company and a service provider stipulating the performance you can expect or demand from the vendor.Rate this question:
-
- 16.
You have been told to collect the key metrics outlines in every SLA and document them. Which of the following is a measure of the anticipated incidence of failure for a system or component?
- A.
MRA
- B.
MTTR
- C.
MBAC
- D.
MTBF
Correct Answer
D. MTBFExplanation
Mean Time Before Failure (MTBF) is a measure of the anticipated incidence of failure for a system or component. Mean Time To Repair (MTTR) is a measurement of how long it takes to repair a system or component after a failure has occurred. The other two choices do not represent metrics.Rate this question:
-
- 17.
What type of policy identifies the level of care used to maintain the confidentiality of private information?
- A.
Separation of duties
- B.
Due care
- C.
Document disposal and destruction
- D.
Incident response
Correct Answer
B. Due careExplanation
A due care policy identifies the level of care used to maintain the confidentiality of private information. A separation of duties policy is intended to reduce the risk of fraud and prevent losses in an organization. A document disposal and destruction policy is used to define how information that is no longer needed is handled. An incident response policy defines how an organization will respond to an incident.Rate this question:
-
- 18.
What is the minimum number of disks necessary to implement RAID 1?
- A.
1
- B.
2
- C.
3
- D.
4
Correct Answer
B. 2Explanation
RAID 1, mirroring, requires a minimum of two disks. RAID 0, disk striping, requires a minimum of two disks. RAID 3, disk striping with a dedicated parity disk, requires a minimum of three disks. RAID 5, disk striping with parity, requires a minimum of three disks.Rate this question:
-
- 19.
During which process must a forensics investigator be able to prove that the data being presented as evidence is the same data that was collected on the scene?
- A.
Evidentiary
- B.
Analytic
- C.
Custody
- D.
Confirmation
Correct Answer
A. EvidentiaryExplanation
During the evidentiary process, a forensics investigator must be able to prove that the data being presented as evidence is the same data that was collected on the scene.Rate this question:
-
- 20.
Which type of policy should exist that defines the requirements, responsible parties, and procedures to follow after the collection of evidence?
- A.
Preservation of evidence
- B.
Information retention
- C.
Chain-of-custody
- D.
Storage
Correct Answer
C. Chain-of-custodyExplanation
A chain-of-custody policy should exist that defines the requirements, responsible parties, and procedures to follow after the collection of evidence. Preservation of evidence needs to happen, but it is not a policy in and of itself. An information retention policy details how long data is retained. A storage policy defines how information is stored.Rate this question:
-
- 21.
Which of the following is a collection of data that is removed from the system because it's no longer needed on a regular basis?
- A.
Backup
- B.
Inventory
- C.
Array
- D.
Archive
Correct Answer
D. ArchiveExplanation
An archive is a collection of data that is removed from the system because it's no longer needed on a regular basis. A backup is a restorable copy of any set of data that is needed on the system. The other two choices are not relevant.Rate this question:
-
- 22.
Which of the following is a regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information?
- A.
FERPA
- B.
HIPAA
- C.
CESA
- D.
Gramm-Leach-Bliley Act
Correct Answer
B. HIPAAExplanation
The Health Insurance Portability and Accountability Act (HIPAA) is a regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information. The Family Educational Rights and Privacy Act (FERPA) dictates that educational institutions may not release information to unauthorized parties without the express permission of the student or their parents. The Cyberspace Electronic Security Act (CESA) gives law enforcement the right to gain access to encryption keys and cryptography methods. The Gramm-Leach-Bliley Act requires financial institutions to develop privacy notices and notify customers that they are entitled to privacy.Rate this question:
-
- 23.
Which of the following is not one of the three key steps of the forensics process?
- A.
Analyzing the evidence
- B.
Acquiring the evidence
- C.
Copying the evidence
- D.
Authenticating the evidence
Correct Answer
C. Copying the evidenceExplanation
The three key steps of the forensics process are acquiring the evidence, authenticating the evidence, and analyzing the evidence.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
Dec 27, 2010Quiz Created by
Joelcg
Back to top