SY0-401 (v.4) 10

Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement?
Set up mantraps to avoid tailgating of approved users.
Place a guard at the entrance to approve access.
Install a fingerprint scanner at the entrance.
Implement proximity readers to scan users’ badges.
A security administrator wants to deploy a physical security control to limit an individual’s access into a sensitive area. Which of the following should be implemented?
Guards
CCTV
Bollards
Spike strip
After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?
Fencing
Proximity readers
Video surveillance
Bollards
A system administrator has concerns regarding their users accessing systems and secured areas using others’ credentials. Which of the following can BEST address this concern?
Create conduct policies prohibiting sharing credentials.
Enforce a policy shortening the credential expiration timeframe.
Implement biometric readers on laptops and restricted areas.
Install security cameras in areas containing sensitive systems.
Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?
Installing anti-malware
Implementing an IDS
Taking a baseline configuration
Disabling unnecessary services
Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server?
$500
$5,000
$25,000
$50,000
Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?
$1,500
$3,750
$15,000
$75,000
An advantage of virtualizing servers, databases, and office applications is:
Centralized management.
Providing greater resources to users.
Stronger access control.
Decentralized management.
Key elements of a business impact analysis should include which of the following tasks?
Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.
Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.
Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.
Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.
A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company?
$7,000
$10,000
$17,500
$35,000
In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?
Business Impact Analysis
IT Contingency Plan
Disaster Recovery Plan
Continuity of Operations
Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Select TWO).
DAC
ALE
SLE
ARO
ROI
A company’s chief information officer (CIO) has analyzed the financial loss associated with the company’s database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?
Succession plan
Disaster recovery plan
Continuity of operation plan
Business impact analysis
A network administrator has recently updated their network devices to ensure redundancy is in place so that:
Switches can redistribute routes across the network.
Environmental monitoring can be performed.
Single points of failure are removed.
Hot and cold aisles are functioning.
After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).
To allow load balancing for cloud support
To eliminate a single point of failure
To allow for business continuity if one provider goes out of business
To allow for a hot site in case of disaster
To improve intranet communication speeds
To eliminate a single point of failure
Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts?
Badlog
Faillog
Wronglog
Killlog
Which of the following risks could IT management be mitigating by removing an all-in-one device?
Continuity of operations
Input validation
Single point of failure
Single sign on
Which of the following risk concepts requires an organization to determine the number of failures per year?
SLE
ALE
MTBF
Quantitative analysis
Upper management decides which risk to mitigate based on cost. This is an example of:
Qualitative risk assessment
Business impact analysis
Risk management framework
Quantitative risk assessment
Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE).
Authentication
Data leakage
Compliance
Malware
Non-repudiation
Network loading
Which of the following is being tested when a company’s payroll server is powered off for eight hours?
Succession plan
Business impact document
Continuity of operations plan
Risk assessment plan
VA security administrator is reviewing the company’s continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?
Systems should be restored within six hours and no later than two days after the incident.
Systems should be restored within two days and should remain operational for at least six hours.
Systems should be restored within six hours with a minimum of two days worth of data.
Ystems should be restored within two days with a minimum of six hours worth of data.
Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete’s BEST option?
Use hardware already at an offsite location and configure it to be quickly utilized.
Move the servers and data to another part of the company’s main campus from the server room.
Retain data back-ups on the main campus and establish redundant servers in a virtual environment.
Move the data back-ups to the offsite location, but retain the hardware on the main campus for redundancy
Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this?
Structured walkthrough
Full Interruption test
Checklist test
Tabletop exercise
When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO).
Methods and templates to respond to press requests, institutional and regulatory reporting requirements.
Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.
Developed recovery strategies, test plans, post-test evaluation and update processes.
Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential.
Methods to review and report on system logs, incident response, and incident handling.
After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service?
Succession planning
Disaster recovery plan
Information security plan
Business impact analysis
Which of the following concepts defines the requirement for data availability?
Authentication to RADIUS
Non-repudiation of email messages
Disaster recovery planning
Encryption of email messages
Which of the following is the MOST specific plan for various problems that can arise within a system?
Business Continuity Plan
Disaster Recovery Plan
Continuity of Operation Plan
IT Contingency Plan
Joe, the system administrator, is performing an overnight system refresh of hundreds of user computers. The refresh has a strict timeframe and must have zero downtime during business hours. Which of the following should Joe take into consideration?
A disk-based image of every computer as they are being replaced.
A plan that skips every other replaced computer to limit the area of affected users.
An offsite contingency server farm that can act as a warm site should any issues appear.
A back-out strategy planned out anticipating any unforeseen problems that may arise.
Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?
Business continuity planning
Continuity of operations
Business impact analysis
Succession planning
Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?
Succession planning
Disaster recovery
Separation of duty
Removing single loss expectancy
Establishing a published chart of roles, responsibilities, and chain of command to be used during a disaster is an example of which of the following?
Fault tolerance
Succession planning
Business continuity testing
Recovery point objectives
A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts?
High availability
Load balancing
Backout contingency plan
Clustering
A network administrator has purchased two devices that will act as failovers for each other. Which of the following concepts does this BEST illustrate?
Authentication
Integrity
Confidentiality
Availability
The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand?
Warm site implementation for the datacenter
Geographically disparate site redundant datacenter
Localized clustering of the datacenter
Cold site implementation for the datacenter
{"name":"SY0-401 (v.4) 10", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Due to issues with building keys being duplicated and distributed, a security administrator wishes to change to a different security control regarding a restricted area. The goal is to provide access based upon facial recognition. Which of the following will address this requirement?, A security administrator wants to deploy a physical security control to limit an individual’s access into a sensitive area. Which of the following should be implemented?, After running into the data center with a vehicle, attackers were able to enter through the hole in the building and steal several key servers in the ensuing chaos. Which of the following security measures can be put in place to mitigate the issue from occurring in the future?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}
Powered by: Quiz Maker