Cybersecurity Essentials 1.1 Chapter 6 Quiz Answers Full Questions
Chapter 6: The Five Nines Concept
1. A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment.The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?
- exposure factor
- hardware
- quantitative
- qualitative
2. A user is evaluating the network infrastructure of a company. The user noted many redundant systems and devices in place, but no overall evaluation of the network. In a report, the user emphasized the methods and configurations needed as a whole to make the network fault tolerant. What is the type of design the user is stressing?
- comprehensive
- spanning tree
- resilient
- availability
3. A user has completed a six month project to identify all data locations and catalog the location. The next step is to classify the data and produce some criteria on data sensitivity. Which two steps can the user take to classify the data? (Choose two.)
- Treat all the data the same.
- Determine how often data is backed up.
- Determine the user of the data.
- Establish the owner of the data.
- Identify sensitivity of the data.
- Determine permissions for the data.
4. A user needs to add redundancy to the routers in a company. What are the three options the user can use? (Choose three.)
- VRRP
- IPFIX
- STP
- RAID
- HSRP
- GLBP
5. A user is asked to evaluate the data center to improve availability for customers. The user notices that there is only one ISP connection, some of the equipment is out of warranty, there are no spare parts, and no one was monitoring the UPS which was tripped twice in one month. Which three deficiencies in high availability has the user identified? (Choose three.)
- single points of failure
- failure to detect errors as they occur
- failure to prevent security incidents
- failure to protect against poor maintenance
- failure to design for reliability
- failure to identify management issues
6. A company is concerned with traffic that flows through the network. There is a concern that there may be malware that exists that is not being blocked or eradicated by antivirus. What technology can be put in place to detect potential malware traffic on the network?
- NAC
- IPS
- IDS
- firewall
7. A user is a consultant who is hired to prepare a report to Congress as to which industries should be required to maintain five nine availability. Which three industries should the user include in a report? (Choose three.)
- finance
- food service
- healthcare
- education
- retail
- public safety
8. A security breach has happened at a major corporation. The incident team has responded and executed their incident response plan. During which phase are lessons learned applied?
- analyze
- recovery
- detection
- post-incident
- preparation
- containment
9. A user is redesigning a network for a small company and wants to ensure security at a reasonable price. The user deploys a new application-aware firewall with intrusion detection capabilities on the ISP connection. The user installs a second firewall to separate the company network from the public network. Additionally, the user installs an IPS on the internal network of the company. What approach is the user implementing?
- layered
- attack based
- structured
- risk based
10. The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing?
- avoidance
- mitigation
- transference
- reduction
11. A user is purchasing a new server for the company data center. The user wants disk striping with parity on three disks. Which RAID level should the user implement?
- 0
- 1+0
- 1
- 5
12. A team has been asked to create an incident response plan for security incidents. In what phase of an incident response plan does the team get management approval of the plan?
- containment
- preparation
- post-incident
- recovery
- analysis
- detection
13. A user was hired as the new security officer. One of the first projects was to take inventory of the company assets and create a comprehensive database. Which three pieces of information would the user want to capture in an asset database? (Choose three.)
- users
- hardware network devices
- groups
- workstations
- passwords
- operating systems
14. A user is asked to create a disaster recovery plan for a company. The user needs to have a few questions answered by management to proceed. Which three questions should the user ask management as part of the process of creating the plan? (Choose three.)
- Who is responsible for the process
- What is the process?
- Does the process require approval?
- How long does the process take?
- Where does the individual perform the process?
- Can the individual perform the process?
15. A user is asked to evaluate the security posture of a company. The user looks at past attempts to break into the company and evaluates the threats and exposures to create a report. Which type of risk analysis could the user perform?
- subjective
- opinion
- qualitative
- objective
16. A user is running a routine audit of the server hardware in the company data center. Several servers are using single drives to host operating systems and multiple types of attached storage solutions for storing data. The user wants to offer a better solution to provide fault tolerance during a drive failure. Which solution is best?
- offsite backup
- RAID
- UPS
- tape backup
17. A user was hired by a company to provide a highly available network infrastructure. The user wants to build redundancy into the network in case of a switch failure, but wants to prevent Layer 2 looping. What would the user implement in the network?
- VRRP
- GLBP
- HSRP
- Spanning Tree Protocol