Exam Prep Questions

Question 1

The reference security policy in the SAFE Blueprint is

  • A. Applicable to all organizations

  • B. Modular, to facilitate selecting only those portions needed

  • C. Based on a template from the National Institute for Standards and Technology (NIST)

  • D. The one that already exists for your organization

A1:

Answer D is correct. The SAFE Blueprint assumes that you already have a security policy in place and that it is enforced. Because organizations have different security needs and information assets, and face different threats, there really cannot be a "one size fits all" security policy (eliminating answer A). Modularity (answer B) might make a policy easier to manage and keep current, but it is not required; in fact, the SAFE Blueprint does not make any recommendations regarding the content or structure of an organization's security policy. NIST (answer C) provides security and technology assistance to governmental organizations at the U.S. federal level; although it has many readily available documents, a template for a security policy is not among them.

Question 2
graphics/trick_icon.gif

Which of these is not discussed in the security policy?

  • A. Security technologies

  • B. Security procedures

  • C. Assets

  • D. Incident response

  • E. Authorities

  • F. Acceptable use

A2:

Answer B is correct. A security policy includes the following:

  • Assets

  • Threats

  • Risks accepted

  • Security technologies

  • Authorities

  • Acceptable use

  • Audit

  • Incident response

  • Revisions

Security procedures (answer B) are operational matters rather than matters of policy; they are at a level of detail far greater than that of organization-level documents.

Question 3
graphics/trick_icon.gif

Why might an organization include something describing the threats it does not plan to counter?

  • A. It intends to handle the threat later and has included it now for reference.

  • B. It does not expect the security policy to ever be seen by nonenterprise persons, so including it reminds personnel to be especially cautious regarding those threats.

  • C. It is a mistake.

  • D. It is establishing that it is not negligent, but making a deliberate choice in applying the limited security resources.

A3:

Answer D is correct. Not every risk that an organization faces is likely to actually occur. Because resources will always be limited, an organization must choose to mitigate some risks and not mitigate others. Establishing the basis for that choice can be a defense in the event of litigation. Answer A assumes an intent that might or might not be present (dealing with the threat later). Answer B assumes that there will never be a situation in which a security problem leads to litigation; although you might wish for that, you can hardly count on it. The security policy will be a factor in litigation, and it will be reviewed by others with all of their after-the-fact insight. Although it could be a mistake (answer C), corporate-level documents are reviewed by many people before they become official; leaving a mistake in one is extremely unlikely . Remember, the best answer is correct when more than one is possible.

Question 4

Why is it important to include an acceptable use policy in a security policy?

  • A. It designates the permissible activities on the network.

  • B. It requires adherence to acceptable use by everyone.

  • C. Its inclusion enables disciplinary actions for violations.

  • D. It can help protect the organization from litigation if an employee or contractor misuses the network.

  • E. All of these are correct.

A4:

Answer E is correct. An acceptable use policy designates activities that the organization has authorized as legitimate uses of the network (answer A), requires every user of the network to adhere to it (answer B), and specifies the possibility of sanctions for violation (answer C). Its presence in the security policy (and regular enforcement of the policy) indicates that the enterprise does not accept certain behaviors (such as hosting pornographic materials or stolen intellectual property). If an individual violates the policy, the enterprise has a defense from allegations that it supported the activity.

Question 5

An incident response policy does not include which of these?

  • A. Personnel assigned to the team

  • B. Where recovered forensic data will be stored, pending a decision to litigate

  • C. How data acquired during the investigation will be handled, to preserve the option to litigate

  • D. Planning requirements, such as checklist preparation

A5:

Answer B is correct. Remember, the question asks for a negative: which of these is not a part of the incident response policy. Such a policy typically includes who will respond and their roles (answer A); data-handling requirements for forensic validity, in case the organization chooses legal action (answer C); the checklists to be prepared (answer D); and so forth. Where recovered forensic data will be stored (answer C) depends on both the form of the data (log books versus log files, for instance) and where the incident occurred.

Question 6
graphics/trick_icon.gif

According to Cisco, the security policy should be revised how frequently?

  • A. Annually.

  • B. Quarterly.

  • C. Biennially (every two years ).

  • D. Every five years, at most.

  • E. Cisco does not make such a recommendation.

A6:

Answer E is correct. The SAFE Blueprint assumes that the organization already has a suitable security policy that is being enforced according to the organization's standards and culture. Some organizations need more frequent security policy revisions than others because their network is more dynamic or their business needs are in greater flux. Cisco leaves that to those who know it best: the organizations themselves .

Question 7

Which of these is not a stage in the security wheel?

  • A. Evaluate

  • B. Secure

  • C. Test

  • D. Monitor

  • E. Improve

A7:

Answer A is correct. The four stages of the security wheel are Secure, Monitor, Test, and Improve, after which it cycles back to Secure again.

Question 8

The Secure stage of the security wheel includes which of these? (Select two.)

  • A. Add hardware

  • B. Add network security personnel

  • C. Modify configuration files

  • D. Evaluate against new threats

A8:

Answers A and C are correct. During the Secure stage of the security wheel, the security characteristics of the network are implemented. This might entail adding new hardware (answer A) such as firewalls and VPN concentrators , adding new software such as AAA and software feature sets or packages, and modifying device configuration files (answer C). Personnel assignments (answer B) is a topic not addressed by the security wheel. Answer D, evaluating the network against new threats, is a part of the Test stage, not the Secure stage.

Question 9
graphics/trick_icon.gif

Which of these is a part of the Monitor stage of the security wheel?

  • A. Exchanging logs with the upstream ISP or ASP

  • B. Reviewing the automatic actions taken by IDS

  • C. Periodically rebuilding syslog servers to prevent log corruption

  • D. Isolating misperforming devices to prevent logs from being filled with unimportant (for security purposes) data

A9:

Answer B is correct. During the Monitor stage of the security wheel, you should review all logs, although some are more important than others and will be reviewed more closely and/or more frequently. You might or might not exchange log data with your upstream ISP or ASP (answer A); that tends to be specific to a particular incident, and then only if it can be established that the upstream might be willing and able to help. If your syslog servers are stable, you should not need to rebuild them (answer C); you might choose to copy log data to another storage location if your log data file system has some size limitations (and it could be a useful security practice to have a copy elsewhere that is appended but not rewritten, such as one-time writable mediathis would track log rewriting done as part of an attack). If devices on the network are misperforming (answer D), their performance problem can be deduced from the logs, but the review for performance issues is not a part of monitoring as part of the security wheel. This is an example of reading the answers in the context of the question.

Question 10

Why is the Test stage of the security wheel important?

  • A. It validates the security implementation against the known threats it is intended to counter.

  • B. It validates the implementation to ensure that it is stable before actually taking it "live" on a production network.

  • C. It ensures that the configurations as tested in the lab can be replicated on the various network devices.

  • D. None of these is correct.

A10:

Answer D is correct. The Test stage of the security wheel involves tracking threats as they evolve and testing the existing security configuration against these new threats. Testing to validate performance against threats known at the time of design and implementation (answer A) is a part of the Secure stage. This process is merely rephrased in answer B. Answer C, too, is part of the validation of a given design before rollout. This misconception about testing against new threats is often difficult to explain to management, which does not understand how rapidly network security threats evolve .

Question 11

Which of these is not a part of the Improve stage of the security wheel?

  • A. Identify hardware changes needed as a result of testing

  • B. Identify throughput bottlenecks caused by the network architecture

  • C. Redeploy misperforming devices to network segments where they will cause the least disruption

  • D. Eliminate unnecessary networking devices as a security hazard to the network

A11:

Answer B is correct. The Improve stage of the security wheel involves looking at the results of monitoring and testing, and determining what changes need to be made to improve security against the evolving threats (monitoring) or those you are vulnerable to (testing). These improvements might be hardware (answer A), software, configuration files, or a technical redesign to take better advantage of your existing hardware, software, or configuration assets (or, at least, to minimize the vulnerabilities they expose). Although identifying throughput bottlenecks caused by the network architecture is important (answer B), this is not a part of improvement in network security (you might consider it a part of the Monitor stage if the bottlenecks are security relatednot all are). Redeploying misperforming networking devices (answer C) might or might not be done for security purposes. If you are thinking of doing it for security purposes, remember that you must protect against threats that originate inside the network as much as those outside it. Will redeploying misperforming devices really improve security? Finally, although it might be a good idea to remove any unnecessary networking devices (answer Dsimpler networks are easier to monitor and protect), you would plan the removal in the Improve stage and execute itactually do the removingduring the Secure stage, which follows .




CSI Exam Cram 2 (Exam 642-541)
CCSP CSI Exam Cram 2 (Exam Cram 642-541)
ISBN: 0789730243
EAN: 2147483647
Year: 2002
Pages: 177
Authors: Annlee Hines

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net