School Answers

    BSA/385: Intro to Software Engineering Q:  Which type of support must a software project have to be successful? A:  Executive management Explanation:  For my Quora answers + posts go to: Helping students get online school answers (IT) (quora.com)

    BSA/385: Intro to Software Engineering Q:  Which recording requirement is a mockup of some or all of the application? A:  Prototype Explanation:  For my Quora answers + posts go to: Helping students get online school answers (IT) (quora.com)

    BSA/385: Intro to Software Engineering Q:  Which of the following operations describes a good document management system? A:  Shares the documents with other team members Explanation:  For my Quora answers + posts go to: Helping students get online school answers (IT) (quora.com)

    BSA/385: Intro to Software Engineering Q:  Which are the FURPS+ constraints? A:  Interface, Implementation, Physical, and Design Explanation:  For my Quora answers + posts go to: Helping students get online school answers (IT) (quora.com)

    BSA/385: Intro to Software Engineering Q:  Which requirements category describes the quality of the application's behavior/constraints on how it produces a desired result? A:  Non-functional Explanation:  For my Quora answers + posts go to: Helping students get online school answers (IT) (quora.com)

    BSA/385: Intro to Software Engineering Q:  Which requirement describes the project's capabilities? A:  Functional Explanation:  For my Quora answers + posts go to: Helping students get online school answers (IT) (quora.com)

    BSA/385: Intro to Software Engineering Q:  Which process uses several kinds of diagrams to represent different pieces of the system? A:  UML Explanation:  For my Quora answers + posts go to: Helping students get online school answers (IT) (quora.com)

   BSA/385: Intro to Software Engineering Q:  What brainstorming technique is known as the nominal group technique (NGT)? A:  Sticky note Explanation:  For my Quora answers + posts go to: Helping students get online school answers (IT) (quora.com)

 CYB 205 Infrastructure Administration Q: Kim wants to place a device on the outward-facing areas of the organization's network that may be broken into by an attacker so that she can evaluate the strategies that hackers are using on his systems. Which of the following would she use? A: Honeypot Explanation: A honeypot is a system that allows investigators to evaluate and analyze the attack strategies used by attackers. It is a sacrificial system placed on the outward-facing areas of the organization's network. The purpose of a honeypot is to allow an attacker limited, controlled access to the organization's systems so that more can be learned about systems vulnerabilities by watching the attacker attempt to exploit vulnerabilities in those systems.Answer B is incorrect. A sandbox is an isolated, highly controlled software and hardware environment in which software and data can be tested, inspected, and evaluated.Answer C is incorrect. Network access control (NAC) is the set...

 CYB 205 Infrastructure Administration Q: Which of the following are the key characteristics of information? Each correct answer represents a complete solution. Choose all that apply. A: Privacy, Confidentiality, Integrity Explanation: Information focuses on what people use and what kind of security it needs. The key characteristics of information that directly relate to keeping it safe, secure, and reliable are confidentiality, integrity, privacy, and availability.Answer A is incorrect. Interchangeability means using an object or symbol in place of another. This couldn't be a key characteristic of information as the change of an object will change the related information as well.

 CYB 205 Infrastructure Administration Q: What are the forms of the layers of an organization's function? Each correct answer represents a complete solution. Choose all that apply. A: Physical systems elements, Logical elements, Administrative elements Explanation: Here are the forms of the layers of an organization's function:Physical systems elements are typically things such as buildings, machinery, wiring systems, and the hardware elements of IT systems.Administrative elements are the policies, procedures, training, and expectations that are spelled out for the humans in the organization to follow.Logical elements (sometimes called technical elements) are software, firmware, database, or other control systems settings that are used to make the physical elements of the organization's IT systems obey the dictates and meet the needs of the administrative ones.Answer B is incorrect. Control elements are not the forms of the layers of an organization's function.

 CYB 205 Infrastructure Administration Q: Lauren starts at her new job and finds that she has access to a variety of systems that she does not need to accomplish her job. This is a violation of which of the following? A: Least privilege Explanation: When users have more rights than they need to accomplish their job, they have excessive privileges. This is a violation of the concept of least privilege. Using the least privilege concept gives a privileged account only the minimum rights and capabilities required for a role.Answer A is incorrect. Provisioning starts with the initial claim of identity and a request to create a set of credentials for that identity.Answer D is incorrect. Rights collision is a made-up term.Answer C is incorrect. Revocation is the formal process of terminating access privileges for a specific identity in a system.

 CYB 205 Infrastructure Administration Q: Renee is using encryption to safeguard sensitive business secrets when in transit over the Internet. What risk metric is she attempting to lower? A: Likelihood Explanation: Renee is attempting to lower the likelihood or probability of a risk. Using encryption reduces the risk by lowering the likelihood that an eavesdropper will be able to gain access to sensitive information.Answer A is incorrect. The recovery time objective (RTO) is the amount of time in which system functionality or ability to perform the business process must be back in operation.Answer B is incorrect. The annual rate of occurrence (ARO) is an estimate of how many times per year a particular risk is considered likely to occur.Answer C is incorrect. The safeguard value (SV) is the costs to install, activate, and use the risk mitigation controls that protect from the impact of a risk event.

 CYB 205 Infrastructure Administration Q: Kay is selecting an application management approach for her organization. Employees need the flexibility to install software on their systems, but Kay wants to prevent them from installing certain prohibited packages. What type of approach should she use? A: Blacklist Explanation: According to the scenario, Kay should use the blacklist approach. This approach to application control blocks certain prohibited packages but allows the installation of other software on systems.Answer C is incorrect. Middleware is special-purpose software that bridges the functional and interface gaps between different systems, applications, or platforms. It provides unified services to users.Answer D is incorrect. The whitelist approach uses the reverse philosophy and allows only approved software.Answer B is incorrect. This is an invalid option.

 CYB 205 Infrastructure Administration Q: Stella is using a phishing attack to masquerade a senior player of an organization and directly targeting other important individuals of the organization with the aim of stealing money or sensitive information. Which type of phishing attack is she using? A: Whaling Explanation: Stella is using the whaling attack, which aims at the senior level in an organization. This attack targets the high-worth or highly placed individuals, such as a chief financial officer (CFO), and uses much the same storyline to attempt to get the chief financial officer to ask a clerk to initiate a funds transfer.Answer B is incorrect. A spear phishing attack aimed at lower-level personnel in large organizations—people who by themselves can't or don't do great things or wield great authority and power inside the company but who may know or have access to some little bit of information or power the attacker can make use of.Answer A is incorrect. A brute-force att...

 CYB 205 Infrastructure Administration Q: Ben needs to verify that the most recent patch for his organization's critical application did not introduce issues elsewhere. What type of testing does Ben need to conduct to ensure this? A: Regression testing Explanation: Ben should conduct regression testing that ensures the proper functioning of an application or system after it has been changed. It ensures that changes have not introduced new issues. It is the verification that a fix to one system element did not break others.Answer B is incorrect. Acceptance testing confirms to the end-users that all of the stated requirements have been correctly implemented in the system being tested.Answers A and C are incorrect. Ethical penetration testing is security testing focused on trying to actively find and exploit vulnerabilities in an organization's information security posture, processes, procedures, and systems. Pen-testing, as it's sometimes called, often looks to use "ethi...

 CYB 205 Infrastructure Administration Q: NIST, in its special publication 800-61r2, refines the mitigation phase by breaking it down into which of the following steps? Each correct answer represents a complete solution. Choose all that apply. A: Containment, Eradication Explanation: NIST, in its special publication 800-61r2, refines the mitigation phase by breaking it down into containment and eradication steps. Containment is the process of identifying the affected or infected systems elements and isolating them from the rest of your systems to prevent the disruption-causing agent. Eradication is the process of identifying every instance of the causal agent and its associated files, executables, and so forth from all elements of your system.Answers C and D are incorrect. NIST, in its special publication 800-61r2, refines the lessons learned phase into information sharing and coordination activities.

 CYB 205 Infrastructure Administration Q: How many nodes or hosts per network does a Class C address support? A: 256 Explanation: Class C addresses are used for small networks. This allows for 2,097,152 networks and 256 hosts or nodes per network.Answers B and D are incorrect. Class A addresses allow for 128 networks and 16,777,216 hosts or nodes per network.Answer C is incorrect. Class B addresses support 65,536 hosts or nodes per network.

 CYB 205 Infrastructure Administration Q: During what phase of the incident response process would security professionals analyze the process itself to determine whether any improvements are warranted? A: Lessons learned Explanation: During the lessons learned phase, analysts close out an incident by conducting a review of the entire incident response process. This may include making recommendations for improvements to the process that will streamline the efficiency and effectiveness of future incident response efforts.Answer C is incorrect. The detection phase detects irregular activities and figures out exactly what is happening.Answer D is incorrect. The preparation phase involves implementing the right tools and setting up the right processes ahead of an incident occurring.Answer A is incorrect. The recovery phase restores and returns affected systems and devices back into your business environment.

 CYB 205 Infrastructure Administration Q: During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted? A: DNS poisoning Explanation: A DNS poisoning attack occurs when an attacker changes the domain name to IP address mappings of a system to redirect traffic to alternate systems.Answer B is incorrect. A bluesnarfing attack is the theft of information from a wireless device through a Bluetooth connection.Answer D is incorrect. An ARP spoofing attack is a type of attack in which a malicious actor sends falsified Address Resolution Protocol (ARP) messages over a local area network.Answer A is incorrect. A phishing attack is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.

 CYB 205 Infrastructure Administration Q: Norm would like to conduct a disaster recovery test for his organization and wants to choose the most thorough type of test, recognizing that it may be quite disruptive. What type of test should Norm choose? A: Full interruption Explanation: During a full interruption test, the team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations. The full interruption test is the most thorough test but also the most disruptive.Answer D is incorrect. During a parallel test, the team actually activates the disaster recovery site for testing but the primary site remains operational. The checklist review is the least disruptive type of disaster recovery test.Answer C is incorrect. During a structured walk-through test, team members come together and walk through a scenario without making any changes to information systems.Answer B is incorrect. During a checklist review, team members each revie...

 CYB 205 Infrastructure Administration Q: What type of attack would the following precautions help prevent? Requesting proof of identity Requiring callback authorizations on voice-only requests Not changing passwords via voice communications A: Social engineering Explanation: Social engineering encompasses almost any effort to learn about the people in the organization and find exploitable weaknesses via those people. Each of the precautions (requesting proof of identity, requiring callback authorizations on voice-only requests, and not changing passwords via voice communications) helps to prevent social engineering by helping prevent exploitation of trust. Avoiding voice-only communications is particularly important since establishing identity over the phone is difficult.Answers B, A, and C are incorrect because the listed attacks would not be prevented by these techniques.

 CYB 205 Infrastructure Administration Q: The preamble of the (ISC)2 Code of Ethics reminds us of which of the following? A: All of these Explanation: The preambles of the (ISC)2 Code of Ethics reminds us:Safety and welfare of societyThe common goodDuty to our principalsOur duty to each otherAdhere and be seen to adhere to

CYB 205 Infrastructure Administration Q: Juniper Content is a web content development company with 40 employees located in two offices: one in New York and a smaller office in the San Francisco Bay Area. You are the newly appointed IT manager for Juniper Content, and you are working to augment existing security controls to improve the organization's security. You are concerned about the availability of data stored on each office's server. You would like to add technology that would enable continued access to files located on the server even if a hard drive in a server fails. Which of the following will help in accomplishing the task? A: RAID Explanation: Redundant array of independent disks (RAID) uses additional hard drives to protect the server against the failure of a single device. It is a method of storing data across several different hard disks. Using this system, data is written to a series of hard disks in such a manner as to provide either speed or data redundancy.Ans...

 CYB 205 Infrastructure Administration Q: Which of the following steps of the PDCA cycle is the process of laying out the step-by-step path we need to take to go from "where we are" to "where we want to be"? A: Planning Explanation: Planning is the process of laying out the step-by-step path we need to take to go from “where we are” to “where we want to be.” It’s a natural human activity; we do this every moment of our lives.Answer A is incorrect. Checking is part of conducting due diligence on what the plan asked us to achieve and how it asked us to get it done.Answer D is incorrect. Acting is the phase that involves making decisions and taking corrective or amplifying actions based on what the checking activities revealed.Answer C is incorrect. Doing is the phase that encompasses everything it takes to accomplish the plan.

 CYB 205 Infrastructure Administration Q: Andrew believes that a digital certificate belonging to his organization was compromised and would like to add it to a Certificate Revocation List. Who must add the certificate to the Certificate Revocation List? A: The certificate authority that issued the certificate Explanation: The certificate authority must add the certificate to the Certificate Revocation List, which is a list of certificates that have either expired or been revoked due to compromise or other situations. The certificate authority issues, manages, and revokes digital certificates. The topmost certificate authority is referred to as the root certificate authority.

 CYB 205 Infrastructure Administration Q: In an organization, a dashboard provides which of the following aspects of a critical information infrastructure's security situation? Each correct answer represents a complete solution. Choose all that apply. A: Real-time and near-real-time incident information, Systems health information, Real-time and near-real-time indicators and warnings Explanation: In an organization, dashboards provide at-a-glance insight into several aspects of a critical information infrastructure's security situation:Real-time and near-real-time incident informationReal-time and near-real-time indicators and warningsCurrent status of ongoing risk mitigation projects and activitiesSystems health information, whether for critical nodes in the information architecture or across the user base of systems

 CYB 205 Infrastructure Administration Q: Which one of the following metrics specifies the amount of time that business continuity planners find acceptable for the restoration of service after a disaster? A: RTO Explanation: The recovery time objective (RTO) specifies the amount of time that business continuity planners find acceptable for the restoration of service after a disaster. It is the time by which the systems must be restored to normal operational function after the occurrence of the risk event.Answer B is incorrect. The exposure factor (EF) is the fraction of the value of the asset, process, or outcome that will be lost from a single occurrence of the risk event.Answer D is incorrect. The single loss expectancy (SLE) is the total direct and indirect costs (or losses) from a single occurrence of a risk event.Answer C is incorrect. The maximum allowable outage (MAO) is the greatest time period that business operations can be allowed to be disrupted by a risk event.

 CYB 205 Infrastructure Administration Q: Ann is a security professional for a midsize business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization’s intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system gave an alert because the network began to receive an unusual high volume of the inbound traffic. Ann received this alert and began looking into the origin of the traffic. Ann continues her investigation and realizes that the traffic generating the alert is abnormally high volumes of inbound UDP traffic on port 53. What service typically uses this port? A: DNS Explanation: The Domain Name System (DNS) commonly uses port 53 for both TCP and UDP communications. DNS resolves domain names into IP addresses for network routin...

 CYB 205 Infrastructure Administration Q: Alex’s job requires him to see protected health information to ensure the proper treatment of patients. His access to their medical records does not provide access to patient addresses or billing information. What access control concept best describes this control? A: Need to know Explanation: Need to know is applied when subjects like Alex have access to only the data they need to accomplish their job. Need to know limits who has access to read, use, or modify data based on whether their job functions require them to do so.Answers D and B are incorrect. Separation or segregation of duties is used to limit fraud and abuse by having multiple employees perform parts of a task.Answer C is incorrect. Privilege creep happens when duties have changed and yet privileges that are no longer actually needed remain in effect for a given user.

 CYB 205 Infrastructure Administration Q: Ann is a security professional for a midsize business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization's intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system gave an alert because the network began to receive an unusual high volume of the inbound traffic. Ann received this alert and began looking into the origin of the traffic. A: Security event Explanation: At this point in the incident response process, Ann has no reason to believe that any actual security compromise or policy violation took place, so this situation does not meet the criteria for a security incident or intrusion. Rather, the alert generated by the intrusion detection system is simply a security event requir...

 CYB 205 Infrastructure Administration Q: Elaine is developing a business continuity plan for her organization. What value should she seek to minimize? A: RTO Explanation: Elaine should seek to minimize the recovery time objective value. The goal of business continuity planning exercises is to reduce the amount of time required to restore operations. This is done by minimizing the recovery time objective (RTO). RTO is the amount of time expected to return an IT service or component to operation after a failure.Answer C is incorrect. SLAs (service-level agreements) are written contracts that document service expectations.Answers B and D are incorrect. The Secure Socket Layer (SSL) and the Lightweight Directory Access Protocol (LDAP) are the network protocols.

 CYB 205 Infrastructure Administration Q: Derek sets up a series of virtual machines that are automatically created in a completely isolated environment. Once created, the systems are used to run potentially malicious software and files. The actions taken by those files and programs are recorded and then reported. What technique is Derek using? A: Sandboxing Explanation: Derek is using a sandboxing technique, which is a software management strategy that isolates applications from critical system resources and other programs.Answer B is incorrect. A honeypot is a sacrificial system placed on the outward-facing areas of the organization's network.Answer A is incorrect. Network access control (NAC) is a set of services that give network administrators the ability to define and control what devices, processes, and persons can connect to the network or to individual subnetworks or segments of that network.Answer D is incorrect. Social engineering encompasses almost any effort to learn a...

 CYB 205 Infrastructure Administration Q: Which of the following cryptographic goals protects against the risks posed when a device is lost or stolen? A: Confidentiality Explanation: The greatest risk when a device is lost or stolen is that sensitive data contained on the device will fall into the wrong hands. Confidentiality protects against this risk.Answer B is incorrect. Nonrepudiation provides ways to sign messages, documents, and even software executables so that recipients can be assured of their authenticity.Answer A is incorrect. Authentication is the act of examining or testing the identity credentials provided by a subject that is requesting access.Answer D is incorrect. Accounting is the process of keeping logs or other records that show access requests, whether those were granted or not, and a history of what resources in the system that subject then accessed.

 CYB 205 Infrastructure Administration Q: Which of the following is an exploitation of a newly discovered vulnerability before that vulnerability is discovered by or reported to the developers, vendors, or users of the affected system? A: Zero-day Explanation: A zero-day exploit or attack is an exploitation of a newly discovered vulnerability before that the vulnerability is discovered by or reported to the developers, vendors, or users of the affected system. The term suggests that the system's defenders have zero time to prepare for such an exploit since they are not aware of the vulnerability or the potential for an attack based on it.Answer C is incorrect. A bluesnarfing attack is the theft of information from a wireless device through a Bluetooth connection.Answer B is incorrect. A whaling attack targets the high-worth or highly placed individuals, such as a chief financial officer (CFO), and uses much the same storyline to attempt to get the chief financial officer to ask a c...

 CYB 205 Infrastructure Administration Q: You are conducting a qualitative risk assessment for your organization. The two important risk elements that should weigh most heavily in your analysis of risk are probability and ___________. A: impact Explanation: The two most important elements of a qualitative risk assessment are determining the probability and impact of each risk upon the organization.Answer D is incorrect. The likelihood is another word for probability.Answer A is incorrect. Availability means that the information can be extracted, produced, or displayed where it is needed.Answer C is incorrect. Cost should be taken into account but is only one element of impact, which also includes reputational damage, operational disruption, and other ill effects.

 CYB 205 Infrastructure Administration Q: Tom is conducting a business continuity planning effort for Orange Blossoms, a fruit orchard located in Central Florida. During the assessment process, the committee determined that there is a small risk of snow in the region but that the cost of implementing controls to reduce the impact of that risk is not warranted. They elect to not take any specific action in response to the risk. What risk management strategy is Orange Blossoms pursuing? A: Risk acceptance Explanation: According to the scenario, Orange Blossoms is pursuing a risk acceptance strategy. It occurs when an organization determines that the costs involved in pursuing other risk management strategies are not justified and they choose not to pursue any action.Answer C is incorrect. A risk mitigation strategy includes repairing or replacing the vulnerable system and is often called fixing or mitigating the risk.Answer D is incorrect. A risk transference strategy involves paying...

 CYB 205 Infrastructure Administration Q: Tamara recently decided to purchase cyber-liability insurance to cover her company's costs in the event of a data breach. What risk management strategy is she pursuing? A: Risk transference Explanation: Tamara is pursuing a risk transference strategy. It involves shifting the impact of a potential risk from the organization incurring the risk to another organization. Insurance is a common example of risk transference.Answer A is incorrect. A risk acceptance strategy involves accepting the identified risk and not taking any other action to reduce the risk.Answer B is incorrect. A risk mitigation strategy includes repairing or replacing the vulnerable system and is often called fixing or mitigating the risk.Answer D is incorrect. A risk avoidance strategy involves changing a business process so that the risk no longer applies.

 CYB 205 Infrastructure Administration Q: What type of access control is intended to discover unwanted or unauthorized activity by providing information after the event has occurred? A: Detective Explanation: Detective access controls operate after the fact and are intended to detect or discover unwanted access or activity. Examples of detective access controls include guard dogs, motion detectors, recording and reviewing of events seen by security cameras or CCTV, etc.Answer D is incorrect. Preventive access controls are designed to prevent the activity from occurring.Answer C is incorrect. Corrective controls return an environment to its original status after an issue occurs.Answer A is incorrect. Directive access controls are deployed to direct, confine, or control the actions of the subject to force or encourage compliance with security policies.

 CYB 205 Infrastructure Administration Q: During which of the following disaster recovery tests does the team sit together and discuss the response to a scenario but not actually activate any disaster recovery controls? A: Structured walk-through Explanation: During a structured walk-through test, team members come together and walk through a scenario without making any changes to information systems. This test is the most common of the plan tests and may be performed frequently across different business units.Answer A is incorrect. During a checklist review, team members each review the contents of their disaster recovery checklists on their own and suggest any necessary changes. The checklist review is the least disruptive type of disaster recovery test.Answer D is incorrect. During a full interruption test, the team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations. The full interruption test is the most thorough t...

 CYB 205 Infrastructure Administration Q: Fred's company wants to ensure the integrity of email messages sent via its central email servers. If the confidentiality of the messages is not critical, what solution should Fred suggest? A: Digitally sign but don't encrypt all messages. Explanation: Fred's company needs to protect the integrity, which can be accomplished by digitally signing messages. Any change will cause the signature to be invalid. A digital signature provides both proof of origin (and therefore nonrepudiation) and message integrity.Answer B is incorrect. Encrypting isn't necessary because the company does not want to protect confidentiality.Answer D is incorrect. The Transport Layer Security (TLS) protocol can provide in-transit protection but won't protect the integrity of the messages.Answer A is incorrect. The Network Time Protocol (NTP) allows the synchronization of system clocks with a standardized time source. It is used to synchronize the devic...

 CYB 205 Infrastructure Administration Q: Alejandro is an incident response analyst for a large corporation. He is on the midnight shift when an intrusion detection system alerts him to a potential brute-force password attack against one of the company’s critical information systems. He performs an initial triage of the event before taking any additional action. A: Activate the incident response team. Explanation: The incident response process consists of a series of steps that start with detection and run through response, mitigation, reporting, recovery, and remediation, ending with a lessons learned and onward preparation phase. After the detection of a security incident, the next step in the process is the response, which should follow the organization’s formal incident response procedure. The first step of this procedure is activating the appropriate teams, including the organization's computer security incident response team (CSIRT).Answers A and D are incorrect. Lessons lear...

 CYB 205 Infrastructure Administration Q: Rick is an application developer who works primarily in Python. He recently decided to evaluate a new service where he provides his Python code to a vendor who then executes it on their server environment. What type of cloud computing environment is this service? A: PaaS Explanation: Cloud computing systems where the customer only provides application code for execution on a vendor-supplied computing platform are examples of the platform as a service (PaaS) computing. PaaS provides a large-scale, feature-rich applications platform, again on top of infrastructure as a service foundation. Platforms usually integrate data modeling, data management, and data backup, restore, and failover capabilities focused on the application services the platform delivers to its users.Answer C is incorrect. Software as a service (SaaS) provides a layer of application software on top of an IaaS foundation.Answer A is incorrect. Infrastructure as a service (Iaa...

 CYB 205 Infrastructure Administration Q:Which of the following come under the guidelines for use during computer forensic investigation? Each correct answer represents a complete solution. Choose all that apply. A: Examining or analyzing evidence, Identifying evidence, Collecting or acquiring evidence Explanation: A number of organizations establish guidelines for use during computer forensic investigations:Identifying evidence: Responding individuals must begin documenting everything that they find at an incident scene.Collecting or acquiring evidence: Adhering to proper evidence collection and documentation techniques while minimizing incident scene contamination is vitally important.Examining or analyzing evidence: The evidence is investigated and analyzed using sound scientific tests and methods which are acceptable both in the forensic community as well as in the court of law.Presentation of evidence and findings: Forensics examiners must present their evidence, findings, and...

 CYB 205 Infrastructure Administration Q: Theresa is implementing a new access control system and wants to ensure that developers do not have the ability to move code from development systems into the production environment. What information security principle is she most directly enforcing? A: Separation of duties Explanation: According to the scenario, Theresa is directly enforcing the separation of duties principle. This principle takes a business process that might logically be performed by one subject and breaks it down into subprocesses, each of which is allocated to a different, separate subject to perform. In the given question, while developers may feel like they have a business need to be able to move code into production, the principle of separation of duties dictates that they should not have the ability to write code and place it on a production server. The deployment of code is often performed by change management staff.Answer C is incorrect. Revocation is the formal ...

 CYB 205 Infrastructure Administration Q: Which of the following is special-purpose software that bridges the functional and interface gaps between different systems, applications, or platforms? A: Middleware Explanation: Middleware is special-purpose software that bridges the functional and interface gaps between different systems, applications, or platforms. It provides unified services to users.Answer A is incorrect. Scareware is a malware tactic that manipulates users into believing they need to download or buy malicious, sometimes useless, software.Answer D is incorrect. Spyware is a program that intercepts the user's interaction with the computer and sends information to its creators about a user's activities without the user's consent.Answer C is incorrect. Adware, or advertising-supported software, is software that displays unwanted advertisements on your computer.

 CYB 205 Infrastructure Administration Q: What type of alternate processing facility contains the hardware necessary to restore operations but does not have a current copy of data? A: Warm site Explanation: Warm sites contain the hardware necessary to restore operations but do not have a current copy of data. It is an alternate IT processing facility that has equipment installed and usually configured. The warm site does not have duplicate data installed and must be provisioned from backups.Answer B is incorrect. A hot site is an alternate IT processing facility that can be brought online within a very short period of time. The hot site will maintain duplicate equipment and duplicate sets of data.Answer D is incorrect. A cold site does not have the network hardware or communications equipment. Equipment would have to be ordered, shipped in, and installed. After installation, all data would have to be restored from backups.Answer A is incorrect. This is an invalid option.

 CYB 205 Infrastructure Administration Q: Question 11 :Which of the following come under the CIA triad? Each correct answer represents a complete solution. Choose all that apply. A: Confidentiality, Integrity, Availability Explanation: Confidentiality, integrity, and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. Accountability does not come under the CIA triad

 CYB 205 Infrastructure Administration Q: Which of the following is verification that a process has been completed according to the policy or plan? A: Auditing Explanation: Auditing is verification that a process has been completed according to the policy or plan. It may also verify that the product is in compliance with established performance requirements.Answer D is incorrect. Revocation is the formal process of terminating access privileges for a specific identity in a system.Answer A is incorrect. Provisioning starts with the initial claim of identity and a request to create a set of credentials for that identity.Answer B is incorrect. Accounting is the process of keeping logs or other records that show access requests, whether those were granted or not.

 CYB 205 Infrastructure Administration Q: What type of disaster recovery test activates the alternate processing facility and uses it to conduct transactions but leaves the primary site up and running? A: Parallel Explanation: During a parallel test, the team actually activates the disaster recovery site for testing, but the primary site remains operational.Answer A is incorrect. During a full interruption test, the team takes down the primary site and confirms that the disaster recovery site is capable of handling regular operations.Answer C is incorrect. During a checklist test, team members each review the contents of their disaster recovery checklists on their own and suggest any necessary changes.Answer B is incorrect. During a structured walk-through test, team members come together and walk through a scenario without making any changes to information systems.

 CYB 205 Infrastructure Administration Q: If Susan's organization requires her to log in with her fingerprints, PINs, passwords, and retina scans, how many distinct authentication factor types has she used? A: Two Explanation: Susan has used two distinct types of factors: PINs and passwords are both Type 1 factors (something you know), and fingerprints and retina scans are both Type 3 factors (something you are).

 CYB 205 Infrastructure Administration Q: What are the four correct steps of the OODA loop? A: Observe, Orient, Decide, and Act Explanation: Here are the four steps of the OODA loop:Observe: Gather information about what is happening, right now, and what's been happening very recently.Orient: Remember what are the organization's goals and objectives.Decide: Make an educated guess as to what's going on and what needs to be done about it.Act: Take action on the decision that was made.

 CYB 205 Infrastructure Administration Q: Which of the following are the datacenter's logging and monitoring system activities that are worth raising alarm for any incident that might occur? A: All of these Explanation: Here are the datacenter's logging and monitoring system activities that are worth raising alarm for any incident that might occur:Unplanned shutdown of any asset, such as a router, switch, or serverUnauthorized attempts to elevate a user's or process’s privilege state to systems owner or root levelUnauthorized attempts to extract, download, or otherwise exfiltrate restricted data from the facilityUnauthorized attempts to change, alter, delete, or replace any data, software, or other controlled elements of the baseline systemUnplanned or unauthorized attempts to initiate system backup or recovery tasksUnplanned or unauthorized attempts to connect a device, cable, or process to the systemAlarms or alerts from malware, intrusion detection, or other defensive sy...

 CYB 205 Infrastructure Administration Q: The common vulnerabilities and exposures (CVE) data and your own vulnerability assessments indicate that many of your end-user systems do not include recent security patches released by the software vendors. You decide to bring these systems up to date by applying these patches. This is an example of which of the following? A: Remediating or mitigating a risk Explanation: Fixing or applying patches to eliminate a vulnerability is the definition of remediating, mitigating, fixing, or repairing a vulnerability. The risk mitigation strategy attempts to lower the probability and/or impact of a risk occurring.Answer D is incorrect. Transferring a risk involves paying someone else to take on the work of repairs, reimbursements, or replacement of damaged systems if the risk event occurs.Answer C is incorrect. Avoiding a risk involves changing a business process so that the risk no longer applies.Answer B is incorrect. Accepting a risk involves acc...

 CYB 205 Infrastructure Administration Q: Which formula is used to determine risk? A: Risk = Threat * Vulnerability Explanation: Risk is a possibility that an event can occur that can disrupt or damage the organization’s planned activities, assets, or processes, which may impact the organization’s ability to achieve some or all of its goals and objectives. Risks exist when there is an intersection of a threat and a vulnerability. This is described using the equation Risk = Threat * Vulnerability.

 CYB 205 Infrastructure Administration Q: Javier is verifying that only IT system administrators have the ability to log on to servers used for administrative purposes. What principle of information security is he enforcing? A: Least privilege Explanation: Javier is enforcing the principle of least privilege, which says that an individual should only have the privileges necessary to complete their job functions. Removing administrative privileges from non-administrative users is an example of least privilege.Answer C is incorrect. Privilege creep happens when duties have changed and yet privileges that are no longer actually needed remain in effect for a given user.Answer A is incorrect. Revocation is the formal process of terminating access privileges for a specific identity in a system.Answer D is incorrect. The transitive trust relationship exists when one node (node A) in a system trusts another node (node B), which further trusts a third node (node C); this results in node A t...

 CYB 205 Infrastructure Administration Q: During a penetration test, Chris recovers a file containing hashed passwords for the system he is attempting to access. What type of attack is likely to succeed against the hashed passwords? A: Rainbow table attack Explanation: A rainbow table attack is likely to succeed against the hashed passwords. This attack is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. Rainbow tables use precomputed password hashes to conduct cracking attacks against password files.Answer D is incorrect. A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.Answer C is incorrect. A phishing attack is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.Answer A is incorrect. A bluesna...

 CYB 205 Infrastructure Administration Q: You have identified the risks and then you need to mitigate those risks as you find it unacceptable. Once you treat the risks, you won't completely eliminate all the risks because it is simply not possible and therefore, some risks will remain at a certain level. This is a description of which of the following? A: Residual risk Explanation: Residual risk is the risk that is left untreated after the application of a specific set of risk controls have been implemented.Answers D and C are incorrect. The willingness of the organization to accept the risk, and on how leadership makes decisions about risk is referred to as risk appetite, also called risk tolerance.Answer B is incorrect. Risk assessment is a systematic process of identifying risks to achieving organizational priorities.

 CYB 205 Infrastructure Administration Q: Which of the following states how a task needs to be performed and what constraints or success criteria apply? A: Procedure Explanation: Procedures state how a task needs to be performed and what constraints or success criteria apply. A policy is a broad statement of direction and intention. In most organizations, it establishes direction and provides constraints to leaders, managers, and the workforce. A standard is a technical document designed to be used as a rule, guideline, or definition. A principle is a basic truth or the source or origin of something or someone.

 CYB 205 Infrastructure Administration Q: Which of the following is referred to as the maximum tolerable period of disruption? A: MAO Explanation: The maximum acceptable outage (MAO) is the maximum time that a business process or task cannot be performed without causing intolerable disruption or damage to the business. It is referred to as the maximum tolerable outage (MTO), or the maximum tolerable period of disruption (MTPOD).

 CYB 205 Infrastructure Administration Q: What does it mean to accept a risk? A: You simply decide to do nothing about the risk. Explanation: Accepting risk means you simply decide to do nothing about the risk. You recognize it is there, but you make a conscious decision to do nothing differently to reduce the likelihood of occurrence or the prospects of negative impact. Options D, B, and A describe the mitigate, transfer, and recast risk treatment strategies, respectively.

 CYB 205 Infrastructure Administration Q: Which of the following looks at your business procedures and how different risks can impact, disrupt, or block your ability to run those procedures successfully and correctly? A: Process-based Explanation: The process-based risk looks at your business procedures and how different risks can impact, disrupt, or block your ability to run those procedures successfully and correctly. The outcomes-based risk looks at why people or organizations do what they do or set out to achieve their goals or objectives. The asset-based risk looks at any tangible or intangible asset and asks how risks can decrease the value of the asset to the business. The threat-based risk focuses on how things go wrong—what the root and proximate causes of risks might be—whether natural, accidental, or deliberately caused.

 CYB 205 Infrastructure Administration Q: Fixing patches to eliminate a vulnerability is an example of which of the following? A: Remediating or mitigating a risk Explanation: Fixing or applying patches to eliminate a vulnerability is an example of remediating, mitigating, fixing, or repairing a vulnerability.

 CYB 205 Infrastructure Administration Q: When we call an attack a "zero-day exploit," we mean that: A: the attack exploited a previously unreported vulnerability before the affected systems or software vendor recognized and acknowledged it, reported or disclosed it, or provided a warning to its customers. Explanation: Option D correctly explains the period from discovery in the wild to first recognition by system owners, users, or the IT community, and how this element of surprise may give the attacker an advantage. Despite the name, the 24 hours of a day have nothing to do with the element of surprise associated with attacking a heretofore-unknown vulnerability. Option C is false since the term is well understood in IT security communities.

 CYB 205 Infrastructure Administration Q: All of the following are risk treatment controls except for which one? A: Functional Explanation: Risk treatment involves all aspects of taking an identified risk and applying a set of chosen methods to eliminate or reduce the likelihood of its occurrence, the impacts it has on the organization when (not if) it occurs. Physical, logical (technical), and administrative are the risk treatment controls.

 CYB 205 Infrastructure Administration Q: What is the first step involved in the risk mitigation process? A: Assess the information architecture and the information technology architectures that support it. Explanation: Here are the steps involved in the risk mitigation process:Assess the information architecture and the information technology architectures that support it.Assess vulnerabilities, and conduct threat modeling as necessary.Choose risk treatments and controls.Implement risk mitigation controls.Verify control implementations.Engage and train users as part of the control.Begin routine operations with new controls in place.Monitor and assess system security with new controls in place.

 CYB 205 Infrastructure Administration Q: Which of the following starts with the premise that all systems have an external boundary that separates what the system owner, builder, and user own, control, or use, from what's not part of the system? A: Threat modeling Explanation: Threat modeling starts with the premise that all systems have an external boundary that separates what the system owner, builder, and user own, control, or use, from what's not part of the system. Quantitative assessments attempt to arithmetically compute values for the probability of occurrence and the single loss expectancy. Qualitative assessments depend on experienced people to judge the level or extensiveness of a potential impact, as well as its frequency of occurrence. The business impact analysis is a consolidated statement of how different risks could impact the prioritized goals and objectives of an organization.

 CYB 205 Infrastructure Administration Q: Patsy is reviewing the quantitative risk assessment spreadsheet, and she sees multiple entries where the annual rate of occurrence (ARO) is far greater than the single loss expectancy (SLE). This suggests that: A: the particular risk is assessed to happen many times per year; thus, its ARO is much greater than 1.0. Explanation: According to the scenario, it suggests that the particular risk is assessed to happen many times per year; thus, its ARO is much greater than 1.0. Option A has the annualized rate of occurrence (ARO) use incorrect; if ARO was less than 1, the single loss expectancy is in effect spread over multiple years (as if it were amortized). Option B involves restore time and point objectives, which are not involved in the annualized loss expectancy (ALE) calculation. Option C misunderstands ALE = ARO * SLE as the basic math involved.

 CYB 205 Infrastructure Administration Q: Which of the following is focused on trying to actively find and exploit vulnerabilities in an organization's information security posture, processes, procedures, and systems? A: Penetration testing Explanation: Penetration testing is focused on trying to actively find and exploit vulnerabilities in an organization’s information security posture, processes, procedures, and systems. Acceptance testing confirms to the end-users that all of their stated requirements have been correctly implemented in the system being tested. The architecture assessment is both an inventory of all systems elements and a map or process flow diagram that shows how these elements are connected to form or support business processes and thereby achieve the needs of required business logic. Configuration control is the process of regulating changes so that only authorized changes to controlled systems baselines can be made.

 CYB 205 Infrastructure Administration Q: Which area of concern for a common vulnerability scoring system characterizes how vulnerability changes over time? A: Temporal metric Explanation: A temporal metric characterizes how vulnerability changes over time. A base metric assesses qualities intrinsic to a particular vulnerability. An environmental metric assesses dependencies on particular implementations of systems environments. A report metric is an invalid choice.

 CYB 205 Infrastructure Administration Q: Which of the following shows the major steps of the information risk management process in the correct order? A: Set priorities; assess risks; implementing risk treatment plans; continuous monitoring Explanation: Information risk management is a process that guides organizations through identifying risks to their information, information systems, and information technology systems; setting priorities and characterizing those risks in terms of impacts to prioritized goals and objectives; making decisions about which risks to treat, accept, transfer, or ignore; and then implementing risk treatment plans. As an ongoing management effort, it requires continuous monitoring of internal systems and processes, as well as a constant awareness of how threats and vulnerabilities are evolving throughout the world.

 CYB 205 Infrastructure Administration Q: Which of the following activities is part of information risk mitigation? A: Developing an information classification policy and process Explanation: Improving product quality is a laudable goal but it is not related to information risk mitigation; thus option A is incorrect. Option B refers to activities after an incident; mitigation activities happen before an incident occurs, or result from lessons learned because of the incident. Option C is most likely being done to implement new or revised security policies. Option D is part of information risk management and should precede information risk mitigation.

 CYB 205 Infrastructure Administration Q: An architecture assessment includes all of the following activities except for which one? A: Review of software testing procedures and results. Explanation: A review of software testing procedures and results is one of the activities of gap analysis. Options C, D, and A are the activities of an architecture assessment. The architecture assessment is both an inventory of all systems elements and a map or process flow diagram that shows how these elements are connected to form or support business processes and thereby achieve the needs of required business logic. This requires a thorough review and analysis of existing physical asset/equipment inventories, network and communications diagrams, contracts with service providers, error reports, and change requests.

 CYB 205 Infrastructure Administration Q: Which of the following choices for limiting or containing the damage from risks keeps an attack from happening or contains it so that it cannot progress further into the target's systems? A: Prevent Explanation: Prevention keeps an attack from happening or contains it so that it cannot progress further into the target's systems. Deter means to convince the attacker that costs they’d incur and difficulties they’d encounter by doing an attack are probably far greater than anticipated gains. Detecting that an attack is imminent or actually occurring is vital to taking any corrective, evasive, or containment actions. Avoiding the possible damage from risk requires terminating the activity that incurs the risk, or redesigning or relocating the activity to nullify the risk.

 CYB 205 Infrastructure Administration Q: Which of the following is a consolidated statement of how different risks could impact the prioritized goals and objectives of an organization? A: BIA Explanation: The business impact analysis (BIA) is a consolidated statement of how different risks could impact the prioritized goals and objectives of an organization. The service-level agreement (SLA) is a written contract that documents service expectations. The single loss expectancy (SLE) is the total of all losses that could be incurred as a result of one occurrence of a risk. The maximum acceptable outage (MAO) is the time limit to restore all mission-essential systems and services to avoid impact on the mission of the organization.

 CYB 205 Infrastructure Administration Q: The risk that is left untreated after the application of a specific set of risk controls have been implemented is known as ___________. A: residual risk Explanation: The risk that is left untreated after the application of a specific set of risk controls has been implemented is known as residual risk. Risk appetite, also called risk tolerance, is a subjective measure of how willing an organization’s senior leaders and managers are to accept risks. Risk assessment is a systematic process of identifying risks to achieving organizational priorities.

 CYB 205 Infrastructure Administration Q: Which of the following is defined as the estimated cost to implement and operate the chosen risk mitigation control? A: Safeguard value Explanation: The safeguard value is the estimated cost to implement and operate the chosen risk mitigation control. The single loss expectancy is the total cost you can reasonably expect should the risk event occur. The annual rate of occurrence is an estimate of how often during a single year the risk event could reasonably be expected to occur. The annual loss expectancy is the total expected losses for a given year.

 CYB 205 Infrastructure Administration Q: What are the basic choices for limiting or containing the damage from risks? A: Deter, detect, prevent, and avoid Explanation: The basic choices for limiting or containing the damage from risks are deter, detect, prevent, and avoid. Option C includes risk treatment strategies, option A includes the four faces of risk, and option D includes the types of risk assessments.