Question 221: Statistics reported in the 2020 State of Privacy and Security Awareness Report from MediaPRO find evidence that the vast majority of employees in the firms surveyed are not very confident in their ability to recognize a phishing email or when malware has infected their computers.
A. True
B. False
Correct Answer: A. True
Question 222: In which of the following phases would you most likely apply a patch to a compromised machine’s OS?
A. Preparation
B. Short-term containment
C. Long-term containment
D. Eradication
Correct Answer: C. Long-term containment
Explanation: During long-term containment, you would commonly perform activities like OS patching/upgrading, disabling a compromised account, and installing a host firewall or HIPS.
Question 223: In which of the following phases would you commonly use chain of custody forms?
A. Preparation
B. Containment
C. Eradication
D. Identification
Correct Answer: B. Containment
Explanation: During containment, you will commonly perform activities that initially allow you to stop the attack (thus performing partial containment) so you can acquire necessary evidence before applying more permanent containment methods (if applicable) or moving on to eradication. Chain of custody forms would be used when you are gathering evidence (for example, collecting hard drives, laptops, and mobile phones) to support later litigation proceedings.
Question 224: Which of the following activities would most likely be performed during the eradication phase?
A. Backup restoration
B. Removal of compromised system files
C. Addition of a firewall rule that blocks communication to a system owned by the attacker
D. Evaluation of the incident’s criticality
Correct Answer: B. Removal of compromised system files
Explanation: Any malicious files that the attacker left behind (like backdoors, trojans, or altered system files) would be removed during eradication.
Question 225: During which of the following phases would you most likely acquire a host forensic image?
A. Identification
B. Eradication
C. Preparation
D. Containment
Correct Answer: D. Containment
Explanation: A forensic image would commonly be obtained as part of the containment phase. This will give you the time to fully investigate for indicators of compromise and perform root cause analysis while proceeding to the eradication phase.
Question 226: Which of the following is the correct order for some of the steps of a BCDR strategy?
A. Define, Analyze, Design, Assess Risk, Test, Implement
B. Define, Assess Risk, Analyze, Design, Implement, Test
C. Define, Design, Analyze, Assess Risk, Test, Implement
D. Define, Analyze, Assess Risk, Design, Implement, Test
Correct Answer: D. Define, Analyze, Assess Risk, Design, Implement, Test
Explanation: Define, Analyze, Assess Risk, Design, Implement, Test are in the correct order; the other options are all incorrect.
Question 227: Which of the following would be the least beneficial reason to consider a cloud platform as a BCDR solution?
A. Metered service costs
B. Hardware ownership
C. Broad network access
D. Virtual host replication
Correct Answer: B. Hardware ownership
Explanation: Hardware ownership would be the least beneficial reason because a cloud customer does not own the hardware; the cloud provider does. Metered service costs are a major benefit of using a cloud provider for BCDR, as the cloud customer would only pay for services when they are needed, unlike traditional BCDR, which typically involves idle hardware sitting in a secondary data center that will likely never be used. Virtual host replication is also a major benefit for a cloud platform and BCDR, as it enables production systems to be regularly mirrored to a secondary location and instantly used, unlike traditional backups, which would have to be recovered on top of another configured system before they can be used. Broad network access would also be highly beneficial for BCDR, as network availability would not be a concern and the ability to access the environment from anywhere on the Internet in case of a disaster would be a major factor.
Question 228: Apart from annual testing, when would it be most crucial for a BCDR plan to undergo additional testing?
A. During a change in senior management
B. During major configuration changes to an application
C. When new staff is hired
D. During a change in encryption keys
Correct Answer: B. During major configuration changes to an application
Explanation: Major configuration changes with an application should entail new BCDR testing. Any major configuration change or update represents a significant shift in an environment, and, as such, proper testing is needed to ensure that all BCDR implementations and procedures are both still valid and still work as intended. The changes mentioned in the other answer choices are either minor or personnel changes that would not require new comprehensive testing.
Question 229: Which of the following issues would be the greatest concern from a regulatory standpoint of using a cloud provider for a BCDR solution?
A. Location of stored data
B. Scalability
C. Self-service
D. Interoperability
Correct Answer: A. Location of stored data
Question 230: Which of the following relates to the acceptable duration of recovery to a BCDR location?
A. RPO
B. RSL
C. RDO
D. RTO
Correct Answer: D. RTO
Explanation: RTO, or recovery time objective, relates to the acceptable time for restoration of services. The other choices offered are acronyms that are not applicable here.