CompTIA JK0-022 E2C Security+ Compliance & Operational Exam Set 6

A security administrator is reviewing the company’s continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?


Options are :

  • Systems should be restored within two days and should remain operational for at least six hours.
  • Systems should be restored within six hours and no later than two days after the incident.
  • Systems should be restored within two days with a minimum of six hours worth of data.
  • Systems should be restored within six hours with a minimum of two days worth of data. (Correct)

Answer : Systems should be restored within six hours with a minimum of two days worth of data.

Which of the following concepts defines the requirement for data availability?


Options are :

  • Encryption of email messages
  • Non-repudiation of email messages
  • Disaster recovery planning (Correct)
  • Authentication to RADIUS

Answer : Disaster recovery planning

Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service?


Options are :

  • Cold site
  • Clustering (Correct)
  • Backup Redundancy
  • RAID

Answer : Clustering

A network administrator has recently updated their network devices to ensure redundancy is in place so that:


Options are :

  • single points of failure are removed. (Correct)
  • environmental monitoring can be performed.
  • switches can redistribute routes across the network.
  • hot and cold aisles are functioning.

Answer : single points of failure are removed.

A security administrator is tasked with calculating the total ALE on servers. In a two year period of time, a company has to replace five servers. Each server replacement has cost the company $4,000 with downtime costing $3,000. Which of the following is the ALE for the company?


Options are :

  • $35,000
  • $10,000
  • $17,500 (Correct)
  • . $7,000

Answer : $17,500

Which of the following is the BEST concept to maintain required but non-critical server availability?


Options are :

  • Hot site
  • Cold site
  • SaaS site
  • Warm site (Correct)

Answer : Warm site

A company’s chief information officer (CIO) has analyzed the financial loss associated with the company’s database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?


Options are :

  • Continuity of operation plan
  • Succession plan
  • Business impact analysis (Correct)
  • Disaster recovery plan

Answer : Business impact analysis

Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts?


Options are :

  • wronglog
  • faillog (Correct)
  • badlog
  • killlog

Answer : faillog

An advantage of virtualizing servers, databases, and office applications is:


Options are :

  • Decentralized management.
  • Stronger access control.
  • Providing greater resources to users.
  • Centralized management. (Correct)

Answer : Centralized management.

The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter’s HVAC. Which of the following can be implemented?


Options are :

  • Hot site
  • Load balancing
  • Cold site
  • Warm site (Correct)

Answer : Warm site

Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?


Options are :

  • Disaster recovery
  • Succession planning (Correct)
  • Removing single loss expectancy
  • Separation of duty

Answer : Succession planning

Which of the following may significantly reduce data loss if multiple drives fail at the same time?


Options are :

  • Server clustering
  • RAID (Correct)
  • Virtualization
  • Load balancing

Answer : RAID

After a production outage, which of the following documents contains detailed information on the order in which the system should be restored to service?


Options are :

  • Business impact analysis
  • Succession planning
  • Disaster recovery plan (Correct)
  • Information security plan

Answer : Disaster recovery plan

Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached inthe next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?


Options are :

  • $15,000
  • $1,500
  • $3,750 (Correct)
  • $75,000

Answer : $3,750

A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts?


Options are :

  • High availability (Correct)
  • Backout contingency plan
  • Load balancing
  • Clustering

Answer : High availability

Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device’s removable media in the event that the device is lost or stolen?


Options are :

  • Screen locks
  • Hashing
  • Encryption (Correct)
  • Device password

Answer : Encryption

In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?


Options are :

  • Continuity of Operations
  • Business Impact Analysis (Correct)
  • Disaster Recovery Plan
  • IT Contingency Plan

Answer : Business Impact Analysis

Customers’ credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future?


Options are :

  • Application firewalls
  • Firmware version control
  • Encrypted TCP wrappers (Correct)
  • Manual updates

Answer : Encrypted TCP wrappers

Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?


Options are :

  • Disabling unnecessary services (Correct)
  • Installing anti-malware
  • Taking a baseline configuration
  • Implementing an IDS

Answer : Disabling unnecessary services

Upper management decides which risk to mitigate based on cost. This is an example of:


Options are :

  • Qualitative risk assessment
  • Risk management framework
  • Quantitative risk assessment (Correct)
  • Business impact analysis

Answer : Quantitative risk assessment

Which of the following is being tested when a company’s payroll server is powered off for eight hours?


Options are :

  • Risk assessment plan
  • Business impact document
  • Succession plan
  • Continuity of operations plan (Correct)

Answer : Continuity of operations plan

Key elements of a business impact analysis should include which of the following tasks?


Options are :

  • Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.
  • Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential. (Correct)
  • Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.
  • Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.

Answer : Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.

Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following?


Options are :

  • Clustering (Correct)
  • Load balancing
  • RAID
  • Virtualization

Answer : Clustering

When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO).


Options are :

  • Methods to exchange essential information to and from all response team members, employees, suppliers, and customers. (Correct)
  • Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential.
  • Methods to review and report on system logs, incident response, and incident handling.
  • Methods and templates to respond to press requests, institutional and regulatory reporting requirements. (Correct)
  • Developed recovery strategies, test plans, post-test evaluation and update processes.

Answer : Methods to exchange essential information to and from all response team members, employees, suppliers, and customers. Methods and templates to respond to press requests, institutional and regulatory reporting requirements.

A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario?


Options are :

  • Site visit to the backup data center
  • Restore from backup
  • Disaster recovery exercise (Correct)
  • Disaster recovery plan review

Answer : Disaster recovery exercise

After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).


Options are :

  • To improve intranet communication speeds
  • To allow load balancing for cloud support
  • To allow for business continuity if one provider goes out of business (Correct)
  • To allow for a hot site in case of disaster
  • To eliminate a single point of failure (Correct)

Answer : To allow for business continuity if one provider goes out of business To eliminate a single point of failure

A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost?


Options are :

  • Mirrored server
  • Tape backup
  • Clustering
  • RAID (Correct)

Answer : RAID

Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE).


Options are :

  • Data leakage (Correct)
  • Compliance (Correct)
  • Authentication
  • Malware (Correct)
  • Network loading
  • Non-repudiation

Answer : Data leakage Compliance Malware

Which of the following provides the LEAST availability?


Options are :

  • RAID 3
  • RAID 0 (Correct)
  • RAID 5
  • RAID 1

Answer : RAID 0

Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Select TWO).


Options are :

  • ALE (Correct)
  • SLE (Correct)
  • DAC
  • ARO
  • ROI

Answer : ALE SLE

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions