Review Questions | Security+ Study Guide

1.	What is the policy that includes all aspects of the security of an organization called? Security management policy Information security policy Physical security policy Information classification policy
2.	Which policy deals with information sensitivity and usage? Security policy Information classification policy Use policy Configuration management policy
3.	What is the policy that identifies which software and hardware components can be used in the organization called? Backup policy Configuration management policy Inventory policy Use policy
4.	Which document dictates the layout of the network and what the existing configuration is? Change documentation Use policy Systems architecture BIA
5.	The process of ensuring that all policies, procedures, and standards are met is a function of which process? Education Enforcement Responsibility Change management
6.	The set of guidelines that outline the components of an effective security management is called what? Best practices Forensics Chain of evidence Use policy
7.	Which policy identifies the files and data that must be archived? Information classification policy Use policy Logs and inventories policy Information retention policy
8.	Which of the following is not a necessary part of a forensic investigation? Acquiring evidence Authenticating evidence Analyzing evidence Security policy
9.	Which policy defines upgrade and systems requirements? Configuration management policy Use policy Logs and inventory policy Backup policy
10.	Which of the following storage areas would be suitable for storing a disk drive as evidence? Environmentally controlled cage Maintenance spares closet Outside storage shed Computer room media storage cabinet
11.	Which of the following would be an acceptable method of protecting the disk drive contents in an investigation? Locked closet Encrypted disk drive Date-stamped sealed plastic bag System log
12.	Which of the following tasks should be accomplished before analyzing a hard drive for forensic clues? Create a backup drive, and then analyze the original. Create a backup drive, and then analyze the backup. Encrypt the drive. Make a CD copy of the system files.
13.	What is a chain of custody? A detailed log of all activities that occur with evidence A physical storage device used to store evidence A method of determining the current location of evidence A process of protecting evidence
14.	Which policy dictates the processes used to create archival copies of records? Backup policy Security policy Use policy User management policy
15.	Which topic would not normally be covered in a user-oriented security- awareness program? Security management policy Use policy Network technology and administration Account and password criteria
16.	Which group would most benefit from an overall briefing on security threats and issues? Management Users Developers Network administrators
17.	Which process is concerned with tracking evidence as it is used in an investigation? Forensics Chain of custody Preservation of evidence Collection of evidence
18.	Who should be consulted before involving law enforcement in an investigation? Management Network administrators Developers Security professionals
19.	Which of the following is essential in collecting evidence in an investigation? Meticulous records by investigators Privacy of evidence Photographs of the evidence Locked storage closet
20.	Which of the following should occur when a computer system becomes surplus? All files should be erased. Disk drives should be initialized. Disk drives should be formatted. Computer screens should be degaussed.

Answers

1.	A. The security management policy encompasses items B, C, and D in this question. All aspects of security in the organization are encompassed in the security management policy.
2.	B. The information classification policy discusses information sensitivity and access to information.
3.	B. The configuration management policy is concerned with how systems are configured and what software can be installed on systems.
4.	C. The systems architecture documentation identifies the configuration and changes that have been made to the network. These documents help keep track of the network, and they are useful in troubleshooting network problems.
5.	B. Enforcement of policies, procedures, and standards is essential for effective sustainability of security efforts. The saying "Inspect what you expect" is relevant in this situation.
6.	A. The term best practices refers to the essential elements of an effective security management effort.
7.	D. Information retention policies dictate what information must be archived and the duration those archives must be kept.
8.	D. The three A's of an investigation are acquiring, authenticating, and analyzing evidence. A security policy might dictate that a forensic investigation is needed in a given situation, but it is not part of the investigation.
9.	A. Configuration management policy dictate the configurations and upgrades of systems in the organization.
10.	A. Evidence should be kept in a limited access area that is environmentally appropriate for the media. Believe it or not, each of these other areas has been used as a storage area for evidence in several forensic sites—with poor results.
11.	B. Authenticating evidence means that a way must be used to ensure that the contents of drive do not change. Encrypting the drive using a hashing-based algorithm (such as SHA or MD5) ensures the information will not be altered without being detected.
12.	B. The first step in conducting an investigation would be to create a disk image of the original. If at all possible, all investigations should be performed on the backup drive, not the original.
13.	A. The chain of custody demonstrates to the court the events and activities that have involved the evidence. Usually, this includes a log showing all of the activities involving the evidence from collection to presentation to the court as evidence.
14.	A. The backup policy identifies the methods used to archive electronic and paper file systems. This policy works in conjunction with the information retention and storage policies.
15.	C. Network technology and administration would not be covered in a user security-awareness program. Issues of policy, responsibilities, and importance of security would be key aspects of this program.
16.	A. Managers would derive the most benefit from a high-level explanation of security threats and issues. Users need to know how to follow the policies and why they are important. Developers and network administrators need specific and focused information on how to better secure networks and applications.
17.	B. The chain of custody identifies each and every step taken with the evidence in an investigation.
18.	A. Management of the organization should be consulted before law enforcement is involved in an incident. Management will usually want to seek legal counsel as part of their decision-making process.
19.	A. Investigators should be prepared to testify in legal proceedings about the methods used to collect evidence. It is extremely essential that investigators keep good records. A trial may not occur for several years from the time an investigation begins.
20.	B. The only way to guarantee that data and applications on a disk drive are unreadable is to perform a low-level initialization of the storage media. This sets every storage location into a newly initialized state. This process is also referred to as disk wiping.