An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is:
A. Rule-based access control B. Role-based access control C. Mandatory access control D. Discretionary access control
Which of the following best describes the objectives of succession planning?
A. To identify and document the successive order in which critical systems should be reinstated following a disaster situation B. To ensure that a personnel management plan is in place to ensure continued operation of critical processes during an incident C. To determine the appropriate order in which contract internal resources, third party suppliers and external customers during a disaster response D. To document the order that systems should be reinstated at the primary site following a failover operation at a backup site.
A technician has been assigned a service request to investigate a potential vulnerability in the organization’s extranet platform. Once the technician performs initial investigative measures, it is determined that the potential vulnerability was a false-alarm. Which of the following actions should the technician take in regards to the findings?
A. Write up the findings and disable the vulnerability rule in future vulnerability scans B. Refer the issue to the server administrator for resolution C. Mark the finding as a false-negative and close the service request D. Document the results and report the findings according to the incident response plan
A company has experienced problems with their ISP, which has failed to meet their informally agreed upon level of service. However the business has not negotiated any additional formal agreements beyond the standard customer terms. Which of the following is the BEST document that the company should prepare to negotiate with the ISP?
A. ISA B. SLA C. MOU D. PBA
During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?
A. All users have write access to the directory. B. Jane has read access to the file. C. All users have read access to the file. D. Jane has read access to the directory.
Correct Answer: C Section: Threats and Vulnerabilities
The question states that Jane was able to download a document from the spool directory. To view and download the document, Jane must have at least Read access to the file. The
fact that the document belonged to someone else suggests that all users have read access to the file.
A: You need Read access to read and download a document from a spool directory. Write access would enable you to create documents in the spool directory but doesn’t mean you
can download documents from the directory.
B: Jane was able to view and download the document so she does have Read access to it. However, the fact that the document belonged to someone else suggests that other users
have read access to the file rather than only Jane having read access to the file.
D: Read access to the directory would allow Jane to view the directory and view the contents of the directory. However, to view and download a file from the directory, Jane would need
read access to the file itself, not just the directory.
The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?
A. Business Impact Analysis B. First Responder C. Damage and Loss Control D. Contingency Planning
Correct Answer: B Section: Compliance and Operational Security
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. In this scenario the security officer is carrying out an incident response measure that will address and be of benefit to those in the vanguard, i.e. the employees and they are the first responders.
A: A business impact analysis (BIA) is concerned with evaluating the processes in the likelihood of a loss. A business impact analysis is an integral part of Business continuity planning which is a management tool that ensures that critical business functions can be performed when normal business operations are disrupted. In this case the question refers to a process within the incident response plan being carried out by an incident response team member.
C: Damage and loss Control is a critical, but a security officer arming employees (those in the vanguard) with tools to mitigate risk when they encounter an incident seems more like a first responder phase in incident response procedures.
D: Contingency planning is not normally part of an incidence response policy.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 429, 432
Which of the following is a best practice when a mistake is made during a forensics examination?
A. The examiner should verify the tools before, during, and after an examination. B. The examiner should attempt to hide the mistake during cross-examination. C. The examiner should document the mistake and workaround the problem. D. The examiner should disclose the mistake and assess another area of the disc.
Correct Answer: C Section: Compliance and Operational Security
Every step in an incident response should be documented, including every action taken by end users and the incident-response team.
A: Verifying the tools may help prevent the occurrence of a mistake during a forensic examination by does not address the actions to be taken should a mistake be made.
B: Hiding the mistake is not advisable as it would compromise the examination and would most likely be detected during the writing of the incident report.
D: Rather than changing area of examination once the mistake has been acknowledged, ways of working around and overcoming the mistake should be taken.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 104