100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Security + 501 Chapter 5 Risk Management Exam with questions and correct answers 2024/2027 $13.99   Add to cart

Exam (elaborations)

Security + 501 Chapter 5 Risk Management Exam with questions and correct answers 2024/2027

 6 views  0 purchase
  • Course
  • Security + 501 Chapter 5 Risk Management
  • Institution
  • Security + 501 Chapter 5 Risk Management

Security + 501 Chapter 5 Risk Management Exam with questions and correct answers 2024/2027 .1. You are a manager of a bank and you suspect one of your tellers has stolen money from their station. After talking with your supervisor, you place the employee on leave with pay, suspend their comput...

[Show more]

Preview 4 out of 54  pages

  • November 7, 2024
  • 54
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • Security + 501 Chapter 5 Risk Management
  • Security + 501 Chapter 5 Risk Management
avatar-seller
stuviaAgrade
Security + 501 Chapter 5 Risk Management Exam
with questions and correct answers 2024/2027

.1. You are a manager of a bank and you suspect one of your tellers has stolen money from

their station. After talking with your supervisor, you place the employee on leave with

pay, suspend their computer account, and obtain their proximity card and keys to the

building. Which of the following policies did you follow?

A. Mandatory vacations

B. Exit interviews

C. Adverse actions

D. Onboarding - ANSWER-C. Adverse actions are administrative actions that are placed against employees.
These

actions include letters of reprimand, leave with or without pay, or termination. Along with

these actions the policy should include actions such as disabling user accounts and revoking

privileges, such as access to facilities to prevent data from being compromised. When

an employee has been placed with administrative actions, the company shouldn't worry

about vindictive actions they will take against the company.



.2. Which of the following principles stipulates that multiple changes to a computer system

should not be made at the same time?

A. Due diligence

B. Acceptable use

C. Change management

D. Due care - ANSWER-C. Change management is the process of documenting all changes made to a company's

network and computers. Avoiding making changes at the same time makes tracking any

problems that can occur much simpler

,.3. Why are penetration test often not advised?

A. It can be disruptive for the business activities.

B. It is able to measure and authenticate the efficiency of a company's defensive

mechanisms.

C. It's able to find both known and unknown hardware or software weaknesses.

D. It permits the exploration of real risks and gives a precise depiction of a company's IT

infrastructure security posture at any given time. - ANSWER-A. The main reason to avoid penetration tests is
answer A. It's advised to perform vulnerability

test often rather than penetration tests. Pentests can cause disruption to businesses.

This is the main focus of the question.



.4. You are a security engineer and discovered an employee using the company's computer

systems to operate their small business. The employee installed their personal software

on the company's computer and is using the computer hardware, such as the USB port.

What policy would you recommend the company implement to prevent any risk of the

company's data and network being compromised?

A. Acceptable use policy

B. Clean desk policy

C. Mandatory vacation policy

D. Job rotation policy - ANSWER-A. Acceptable use policy is a document stating what a user may or may not
have access to

on a company's network or the Internet



.5. What should be done to back up tapes that are stored off-site?

A. Generate a file hash for each backup file.

B. Scan the backup data for viruses.

,C. Perform a chain of custody on the backup tape.

D. Encrypt the backup data. - ANSWER-D. Encrypting the backup data before storing it off-site ensures data
confidentiality



.6. Which recovery site is the easiest to test?

A. Warm site

B. Cold siteC. Hot site

D. Medium site - ANSWER-C. A hot site contains all of the alternate computer and telecommunication
equipment

needed in a disaster. Testing this environment is simple.



.7. Katelyn is a network technician for a manufacturing company. She is testing a network

forensic capturing software and plugs her laptop into an Ethernet switch port and

begins capturing network traffic. Later she begins to analyze the data and notices some

broadcast and multicast packets, as well as her own laptop's network traffic. Which of

the following statements best describes why Katelyn was unable to capture all network

traffic on the switch?

A. Each port on the switch is an isolated broadcast domain.

B. Each port on the switch is an isolated collision domain.

C. Promiscuous mode must be enabled on the NIC.

D. Promiscuous mode must be disabled on the NIC. - ANSWER-B. Switches forwards data only to the devices
that need to receive it, so when capturing

network traffic the computer will see only broadcast and multicast packets along with

traffic being sent and received to the connected computer.



.8. Which of the following is not a step of the incident response process?

A. Snapshot

B. Preparation

, C. Recovery

D. Containment - ANSWER-A. A snapshot is the state of a system at a particular point in time. It's also known as
a

system image and is not a step in the incident response process.



.9. Which of the following is another term for technical controls?

A. Access controls

B. Logical controls

C. Detective controls

D. Preventive controls - ANSWER-B. Technical controls are used to restrict data access and operating system
components,

security applications, network devices, and encryption techniques. Logical controls use

authentication mechanisms.



.10. You are a security manager for your company and need to reduce the risk of employees

working in collusion to embezzle funds. Which of the following policies would you

implement?

A. Mandatory vacations

B. Clean desk

C. NDA

D. Continuing education - ANSWER-A. Companies will use mandatory vacations policies to detect fraud by
having a second

person, familiar with the duties, help discover any illicit activities.



.11. You are a security administrator, and your manager has asked you about protecting

the privacy of personally identifiable information (PII) that is collected. Which of the

following would be the best option to fulfill the request?

A. PIA

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller stuviaAgrade. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75057 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.99
  • (0)
  Add to cart