ISC2: Cybersecurity Certifications Exam QA: Part2

Q1: You are reviewing log data from a router; there is an entry that shows a user sent traffic through the router at 11:45 am, local time, yesterday. This is an example of a(n) _______.

1. Inform ISC2
2. Threat
3. Attack
4. Event

Ans: This is an example of an event.

Justification:

1. Event: In the context of cybersecurity and logging, an event refers to any observable occurrence or happening that is recorded in log data. Examples include user logins, file accesses, network traffic, system reboots, etc. The entry showing a user sent traffic through the router at a specific time is a record of an event that occurred.
2. Inform ISC2: ISC2 (International Information System Security Certification Consortium) is an organization that offers certifications and promotes cybersecurity best practices. While ISC2 may be informed of security incidents or breaches, an individual log entry itself is not something that would typically warrant informing ISC2 directly unless it is part of a larger incident.
3. Threat: A threat is a potential danger that could exploit a vulnerability in a system or organization. The log entry itself does not indicate any imminent danger but rather records a specific activity.
4. Attack: An attack refers to an unauthorized attempt to compromise the confidentiality, integrity, or availability of information or systems. The log entry alone does not confirm an attack; it records an activity that could potentially be part of an attack if it were unauthorized.

Q2: What is the goal of Business Continuity efforts?

1. Impress customers
2. Keep critical business functions operational
3. Save money
4. Ensure all IT systems continue to operate

Ans: The goal of Business Continuity efforts is to keep critical business functions operational.

Justification:

1. Business Continuity: Business Continuity refers to the capability of an organization to continue operating its critical business functions during and after disruptive events, such as natural disasters, technological failures, human errors, or malicious attacks.
2. Keep critical business functions operational: The primary objective of Business Continuity efforts is to ensure that key business processes and operations can continue functioning even in the face of adverse events. This ensures that the organization can continue to serve its customers, fulfill its obligations, and maintain its reputation and competitive advantage.
3. Impress customers: While maintaining continuity can indirectly impress customers by demonstrating reliability and resilience, the direct goal is to ensure operations rather than impressing customers as a primary objective.
4. Save money: While Business Continuity efforts can potentially save money by mitigating the impact of disruptions and reducing downtime, cost savings are not the primary goal. The focus is on maintaining operational capability.
5. Ensure all IT systems continue to operate: While IT systems are critical components of business operations, Business Continuity efforts encompass more than just IT systems. They include comprehensive plans and strategies to ensure the continuity of all critical business functions, which may involve IT systems but also extend to people, processes, facilities, and communications.

Q3: Which of the following is likely to be included in the business continuity plan?

1. The organization’s strategic security approach
2. Log data from all systems
3. Alternate work areas for personnel affected by a natural disaster
4. Last year’s budget information

Ans: Among the options provided, alternate work areas for personnel affected by a natural disaster is likely to be included in the business continuity plan.

Justification:

1. The organization’s strategic security approach: While important for overall security planning, the organization’s strategic security approach is typically documented in a separate strategic security plan rather than within the business continuity plan.
2. Log data from all systems: Log data from all systems is important for monitoring and incident response but is not typically included directly within a business continuity plan. It is more relevant to security monitoring and operations.
3. Alternate work areas for personnel affected by a natural disaster: This is a critical component of a business continuity plan. It involves identifying and preparing alternate locations or work arrangements where personnel can continue operations if their primary work area is inaccessible due to a natural disaster or other disruptive event.
4. Last year’s budget information: Budget information from previous years is not directly related to maintaining business operations during a disruption. While financial planning is important for business continuity, specific budget details are not typically included in the plan itself.

Q4: What is the most important goal of a business continuity effort?

1. Ensure all business activities are preserved during a potential disaster
2. Ensure all IT systems function during a potential interruption
3. Preserve health and human safety
4. Ensure the organization survives a disaster

Ans: The most important goal of a business continuity effort is to ensure the organization survives a disaster.

Justification:

1. Ensure all business activities are preserved during a potential disaster: While preserving all business activities is important, the primary goal of business continuity is broader and focuses on ensuring the organization as a whole can continue to operate and survive despite disruptions. It includes not only business activities but also essential functions and services.
2. Ensure all IT systems function during a potential interruption: While IT systems are critical components, the goal of business continuity extends beyond IT to encompass all aspects of the organization’s operations, including people, processes, facilities, and communications.
3. Preserve health and human safety: Human safety is paramount, and it is a critical consideration within business continuity planning. However, the ultimate goal is to ensure the organization can continue functioning effectively while also prioritizing human safety during and after a disaster.
4. Ensure the organization survives a disaster: This encapsulates the overarching objective of business continuity efforts. The goal is to implement strategies and plans that enable the organization to withstand and recover from disruptive events, ensuring its long-term viability and resilience.

Q5: What is the overall objective of a disaster recovery (DR) effort?

1. Save money
2. Enhance public perception of the organization
3. Preserve critical business functions during a disaster
4. Return to normal, full operations

Ans: The overall objective of a disaster recovery (DR) effort is to return to normal, full operations as quickly as possible following a disruptive event.

Justification:

1. Save money: While cost-effectiveness is a consideration in disaster recovery planning, it is not the primary objective. The focus is on minimizing downtime and restoring operations to minimize financial losses associated with disruptions.
2. Enhance public perception of the organization: While maintaining a positive public image is important, it is not the primary objective of disaster recovery. The focus is on internal resilience and continuity rather than external perception.
3. Preserve critical business functions during a disaster: Preserving critical business functions is a fundamental goal of both business continuity and disaster recovery efforts. However, the specific objective of disaster recovery is to recover those functions and return to normal operations after they have been disrupted by a disaster.
4. Return to normal, full operations: This is the primary objective of disaster recovery. It involves implementing plans and procedures to restore IT infrastructure, systems, data, and applications to their pre-disaster state or to an acceptable level of functionality. The goal is to minimize the impact of the disaster on business operations and resume normal activities as swiftly as possible.

Q6: What is the risk associated with delaying resumption of full normal operations after a disaster?

1. A new disaster might emerge
2. People might be put in danger
3. Competition
4. The impact of running alternate operations for extended periods

Ans: The risk associated with delaying the resumption of full normal operations after a disaster is: The impact of running alternate operations for extended periods.

Justification:

1. A new disaster might emerge: While this is a valid concern, it is not directly related to the delay in resuming normal operations. Emergence of new disasters is a separate risk that needs to be mitigated through preparedness measures.
2. People might be put in danger: While human safety is paramount, the question pertains to the business impact. Delaying the resumption of full operations primarily affects business continuity rather than immediate human safety issues.
3. Competition: While competition may take advantage of disruptions, the immediate risk addressed in the question is related to operational impacts within the organization.
4. The impact of running alternate operations for extended periods: This is a significant risk because operating in alternate modes for extended periods can lead to increased costs, reduced efficiency, decreased customer satisfaction, and potential long-term damage to the organization’s reputation and market position.

Q7: Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software. Which of the following could be used to describe Gelbi’s account?

1. External
2. Privileged
3. User
4. Internal

Ans: Based on Gelbi’s role as a Technical Support analyst who installs or removes software, the most appropriate term to describe Gelbi’s account would be privileged.

Justification:

1. External: This term typically refers to users who are not employees of the organization but may have some form of limited access or interaction with the organization’s systems or services. Gelbi, being an employee of Triffid, Inc., would not be considered external.
2. Privileged: In IT security and access control contexts, a privileged account typically refers to an account with elevated permissions and access rights. Gelbi, as a Technical Support analyst who installs or removes software, likely has elevated privileges to perform these tasks on behalf of users or systems within Triffid, Inc.
3. User: This term generally refers to any individual who accesses a computer system, application, or service. While Gelbi is indeed a user of the systems, the term “user” does not specifically denote the level of access or permissions Gelbi has to perform software installations and removals.
4. Internal: This term refers to individuals who are employed by the organization and have authorized access to its systems and resources. Gelbi is indeed an internal user of Triffid, Inc.

Q8: Which of the following is not an appropriate control to add to privileged accounts?

1. Multi-factor authentication
2. Increased auditing
3. Increased logging
4. Security deposit

Ans: Among the options provided, security deposit is not an appropriate control to add to privileged accounts.

Justification:

1. Multi-factor authentication: Multi-factor authentication (MFA) is a highly recommended control for privileged accounts. It adds an extra layer of security by requiring users to verify their identity using multiple factors (e.g., password, security token, biometric verification) before gaining access. This helps prevent unauthorized access even if credentials are compromised.
2. Increased auditing: Increased auditing is essential for monitoring privileged account activities. It involves capturing detailed logs of actions performed by privileged users, which can help detect and investigate suspicious or unauthorized activities. This control enhances accountability and transparency.
3. Increased logging: Similar to increased auditing, increased logging involves capturing comprehensive logs of privileged account activities. These logs are crucial for forensic analysis, incident response, and compliance purposes. They provide a detailed record of actions taken by privileged users.
4. Security deposit: A security deposit is not a typical control used for managing privileged accounts in IT security practices. Security deposits are more commonly associated with financial transactions or rental agreements rather than access controls for IT systems. It does not enhance security or control over privileged accounts in the context of cybersecurity.

Q9: Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the ACL?

1. The firmware
2. The rule
3. The object
4. The subject

Ans: In the context described, the ACL (Access Control List) is associated with the object.

Justification:

1. Object: In access control terminology, the “object” refers to the resource or entity (such as a file, database, or system) to which access is being controlled. In this case, the database itself is the object that contains the data.
2. Subject: The “subject” typically refers to the entity (such as a user or process) that is requesting access to the object. Prachi, in her role as a database administrator, is the subject who is attempting to access the database.
3. ACL (Access Control List): An ACL is a list of permissions attached to an object that specifies what actions are allowed or denied for subjects (users or processes) trying to access that object. The ACL checks and enforces these permissions when a subject requests access to the object.
4. The rule: While access control rules govern how permissions are enforced, they are typically defined within the ACL itself rather than being synonymous with the ACL. Rules dictate the conditions under which access is granted or denied based on the ACL’s configuration.

Q10: Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. Which security concept is being applied in this situation?

1. Dual control
2. Least privilege
3. Segregation of duties
4. Defense in depth

Ans: The security concept being applied in this situation is dual control.

Justification:

1. Dual control: Dual control is a security principle that requires the involvement of two or more separate entities (such as individuals or keys) to gain access or complete a task. In the scenario described, both Larry and Fern need to present their own keys (which are different) to the key reader simultaneously in order for the door to the data center to open. This ensures that no single individual can access the data center alone, enhancing security through mutual verification.
2. Least privilege: Least privilege is a principle that restricts access rights or permissions to only those necessary for the performance of authorized tasks. It focuses on minimizing potential damage or harm that could result from unauthorized access or misuse of privileges.
3. Segregation of duties: Segregation of duties involves dividing responsibilities among multiple individuals to reduce the risk of fraud, errors, or misuse of resources. It ensures that no single person has complete control over all aspects of a critical process.
4. Defense in depth: Defense in depth is a strategy that employs multiple layers of security controls (such as physical, technical, and administrative controls) to protect assets. It aims to provide redundancy and resilience against various types of attacks or failures.

__________________

Read more

ISC2: Cybersecurity Certifications Exam QA: Part1

ISC2: Cybersecurity Certifications Exam QA: Part2

ISC2: Cybersecurity Certifications Exam QA: Part3

ISC2: Cybersecurity Certifications Exam QA: Part4