Created by - Mary Smith
AWS ANS-C00 Certified Advanced Networking Practice Questions 2023 - Part 25
Questions 1. You have a set of EC2 Instances that are deployed in a VPC. An application is hosted on these instances. There are some issues which keep on recurring In the application and you plan to inspect the packets being sent from the application to trace the error. How can you achieve this?A) Use Cloud trailB) Use VPC Flow logsC) Use an IDSD) Use Cloud watch Logs2. Which of the following can be used to control how far your routes gets advertised when using AWS(Amazon Web Service) Direct Connect and a public VIF?A) Use MEDB) Use AS_PATH pretendingC) Use BGP headersD) Use BGP communities3. Your company is using a hosted virtual interface from its parent AWS(Amazon Web Service) Account. You need to mention to IT management on what charges your company will acquire. Which of the following would you mention?A) The port hour chargesB) The amount of hours used by the interfaceC) The data transfer inD) The data transfer out via the interface4. Your company is planning on setting up an application that consists of EC2 Instances � an Application Load Balancer and Cloud front. Your management is worried about DDOs attacks. Which of the following can help protect against such network attacks? Choose 3 answers from the options given below?(Select 3answers)A) Place the AWS(Amazon Web Service) WAF in front of the Application Load BalancerB) Place the AWS(Amazon Web Service) WAF in front of the Cloud front Distribution .�C) Consider using AWS(Amazon Web Service) Shield AdvancedD) Place the AWS(Amazon Web Service) WAF in front of the EC2 Instances5. You will be asked to use Cloud Formation maintain version control and automation applications to achieve the organization. The environment consists of a plurality of network elements and application services. What is the best way to design a model.A) Combine all the resources of a single model for version control purposes 3nc1 3utrr3tIB) NoneC) Create several models in a single stack of cloud formation.D) Create separate models based on functionality, to create a nested stacks formation of clouds.E) Use a custom formation of cloud resources to handle dependencies stacks Right Answer and Explanation: 1. Right Answer: CExplanation: 2. Right Answer: DExplanation: 3. Right Answer: DExplanation: 4. Right Answer: A,B,CExplanation: 5. Right Answer: DExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
AWS Certified Cloud Practitioner Certification - Part 42
Questions 1. Which AWS service can be used to generate alerts based on an estimated monthly bill?A) A. AWS Config B) B. Amazon CloudWatchC) C. AWS X-RayD) D. AWS CloudTrail2. Which Amazon EC2 pricing model offers the MOST significant discount when compared to On-Demand Instances?A) A. Partial Upfront Reserved Instances for a 1-year term B) B. All Upfront Reserved Instances for a 1-year termC) C. All Upfront Reserved Instances for a 3-year termD) D. No Upfront Reserved Instances for a 3-year term3. Which of the following is the responsibility of AWS?A) A. Setting up AWS Identity and Access Management (IAM) users and groups B) B. Physically destroying storage media at end of lifeC) C. Patching guest operating systemsD) D. Configuring security settings on Amazon EC2 instances4. Which of the following is an advantage of using AWS?A) A. AWS audits user data. B) B. Data is automatically secure.C) C. There is no guessing on capacity needs.D) D. AWS manages compliance needs.5. Which AWS service would a customer use with a static website to achieve lower latency and high transfer speeds?A) A. AWS Lambda B) B. Amazon DynamoDB AcceleratorC) C. Amazon Route 53D) D. Amazon CloudFront Right Answer and Explanation: 1. Right Answer: BExplanation: You can monitor your estimated AWS charges by using Amazon CloudWatch. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges. This data includes the estimated charges for every service in AWS that you use, in addition to the estimated overall total of your AWS charges. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html2. Right Answer: CExplanation: https://aws.amazon.com/ec2/pricing/reserved-instances/3. Right Answer: BExplanation: Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life-cycles. AWS has exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.https://aws.amazon.com/compliance/data-center/controls/4. Right Answer: CExplanation: AWS manages dozens of compliance programs in its infrastructure. This means that segments of your compliance have already been completed.https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html5. Right Answer: DExplanation: Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developerfriendly environment. CloudFront is integrated with AWS ' both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services.https://aws.amazon.com/cloudfront/ .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
AWS Certified Security - Specialty - Part 45
Questions 1. Your company has a set of resources defined in the AWS(Amazon Web Service) Cloud. Their IT audit department has requested to get a list of resources that have been defined across the account. How can this be achieved in the easiest manner?A) Create a powershell script using the AWS(Amazon Web Service) CLI. Query for all resources with the tag of production.B) Create a bash shell script with the AWS(Amazon Web Service) CLI. Query for all resources in all regions. Store the results in an S3 bucket.C) Use AWS(Amazon Web Service) Config to get the list of all resourcesD) Use Cloud Trail to get the list of all resources2. A company wants to have a secure way of generating, storing and managing cryptographic keys. But they want to have exclusive access for the keys. Which of the following can be used for this purpose?A) Use Cloud HSMB) Use S3 Server Side encryptionC) Use KMS and use an external key materialD) Use KMS and the normal KMS encryption keys3. You have enabled Cloudtrail logs for your company's AWS(Amazon Web Service) account. In addition, the IT Security department has mentioned that the logs need to be encrypted. How can this be achieved?A) Enable Server side encryption for the destination S3 bucket (Incorrect)B) Enable SSL certificates for the Cloudtrail logsC) Enable Server side encryption for the trailD) There is no need to do anything since the logs will already be encrypted4. You want to launch an EC2 Instance with your own key pair in AWS. How can you achieve this? Choose 2 answers from the options given below. Each option forms part of the solution?(Select 2answers)A) Use a third party tool to create the Key pairB) Import the public key pair into EC2C) Import the private key pair into EC2D) Create a new key pair using the AWS(Amazon Web Service) CLI5. Your company is planning on hosting an internal network in AWS, They want machines in the VPC to authenticate using private certificates. They want to minimize the work and maintenance in working with certificates. What is the ideal way to fulfill this requirement.A) Consider using AWS(Amazon Web Service) Access keys to generate the certificatesB) Turn on VPC Flow Logs and carry out the penetration testC) Consider using AWS(Amazon Web Service) Trusted Advisor for managing the certificatesD) Consider using Windows Server 2016 Certificate Manager Right Answer and Explanation: 1. Right Answer: CExplanation: The most feasible option is to use AWS(Amazon Web Service) Config. When you turn on AWS(Amazon Web Service) Config , you will get a list of resources defined in your AWS(Amazon Web Service) Account. A sample snapshot of the resources dashboard in AWS(Amazon Web Service) Config is shown below Option A is incorrect because this would give the list of production based resources and now all resources. Option B is partially correct. But this will just add more maintenance overhead. Option C is incorrect because this can be used to log API activities but not give an account of all resources For more information on AWS(Amazon Web Service) Config, please visit the below URL https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html2. Right Answer: AExplanation: The AWS(Amazon Web Service) Documentation mentions the following The AWS(Amazon Web Service) CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS(Amazon Web Service) cloud. AWS(Amazon Web Service) and AWS(Amazon Web Service) Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS(Amazon Web Service) platform, but for some applications and data subject to contractual or regulatory mandates for managing cryptographic keys, additional protection may be necessary. CloudHSM complements existing data protection solutions and allows you to protect your encryption keys within HSMs that are designed and validated to government standards for secure key management. CloudHSM allows you to securely generate, store and manage cryptographic keys used for data encryption in a way that keys are accessible only by you. Option A,B and C are invalid because in all of these cases , the management of the key will be with AWS. Here the question specifically mentions that you want to have exclusive access over the keys. This can be achieved with Cloud HSM For more information on CloudHSM, please visit the following url https://aws.amazon.com/cloudhsm/faqs/3. Right Answer: DExplanation: The AWS(Amazon Web Service) Documentation mentions the following By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE). You can also choose to encrypt your log files with an AWS(Amazon Web Service) Key Management Service (AWS KMS) key. You can store your log files in your bucket for as long as you want. You can also define Amazon S3 lifecycle rules to archive or delete log files automatically. If you want notifications about log file delivery and validation, you can set up Amazon SNS notifications. Option A,C and D are not valid since logs will already be encrypted For more information on how Cloudtrail works, please visit the following URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html4. Right Answer: B,CExplanation: 5. Right Answer: BExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISA—Certified Information Systems Auditor - Part 125
Questions 1. There are several types of penetration tests depending upon the scope, objective and nature of a test. Which of the following describes a penetration test where you attack and attempt to circumvent the controls of the targeted network from the outside, usually the Internet?A) External TestingB) Internal TestingC) Blind TestingD) Targeted Testing2. Which of the following is penetration test where the penetration tester is provided with limited or no knowledge of the target's information systems?A) External TestingB) Internal TestingC) Blind TestingD) Targeted Testing3. Which of the following is an environmental issue caused by electric storms or noisy electric equipment and may also cause computer system to hang or crash?A) SagB) BlackoutC) BrownoutD) EMI4. Which of the following term describes a failure of an electric utility company to supply power within acceptable range?A) SagB) BlackoutC) BrownoutD) EMI5. Which of the following statement is NOT true about smoke detector?A) The Smoke detectors should be above and below the ceiling tiles throughout the facilities and below the raised in the computer room floorB) The smoke detector should produce an audible alarm when activated and be linked to a monitored stationC) The location of the smoke detector should be marked on the tiling for easy identification and accessD) Smoke detector should replace fire suppression system Right Answer and Explanation: 1. Right Answer: AExplanation: External testing refers to attack and control circumvention attempts on a target's network perimeter from outside the target's system, usually the Internet.For the CISA exam you should know penetration test types listed below:External Testing -Refers to attack and control circumvention attempts on a target's network perimeter from outside the target's system, usually the InternetInternal Testing '' Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.Blind Testing -Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target's information systems. Such testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.Double Blind Testing -It is an extension of blind testing, since the administrator and security staff at the target are also not aware of test. Such a testing can effectively evaluate the incident handling and response capability of the target and how well managed the environment is.Targeted Testing '' Refers to attack and control circumvention attempts on the target, while both the target's IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design. Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.The following were incorrect answers:Internal Testing '' Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.Blind Testing -Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target's information systems. Such a testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.Targeted Testing '' Refers to attack and control circumvention attempts on the target, while both the target's IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design. Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.Following reference(s) were/was used to create this question:CISA review manual 2014 Page number 3692. Right Answer: CExplanation: Blind Testing refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target. Such a testing is expensive, since the penetration tester has to research the target and profile it based on publicly available information.For your exam you should know below mentioned penetration typesExternal Testing -Refers to attack and control circumvention attempts on a target's network perimeter from outside the target's system is usually the InternetInternal Testing '' Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.Blind Testing -Refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target's information systems. Such a testing is expensive, since penetration tester have to research the target and profile it based on publicly available information.Double Blind Testing -It is an extension of blind testing, since the administrator and security staff at the target are also not aware of test. Such a testing can effectively evaluate the incident handling and response capability of the target.Targeted Testing '' Refers to attack and control circumvention attempts on the target, while both the target's IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design. Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.The following were incorrect answers:External Testing -Refers to attack and control circumvention attempts on a target's network perimeter from outside the target's system is usually the InternetInternal Testing '' Refers to attack and control circumvention attempt on target from within the perimeter. The objective is to identify what would occur if the external perimeter was successfully compromised and/or an authorized user from within the network wanted to compromise security of a specific resource on a network.Targeted Testing '' Refers to attack and control circumvention attempts on the target, while both the target's IT team and penetration tester are aware of the testing activities. Penetration testers are provided with information related to target and network design. Additionally, they are also provided with a limited privilege user account to be used as a starting point to identify privilege escalation possibilities in the system.The Following reference(s) were/was used to create this question:CISA review manual 2014 Page number 3693. Right Answer: DExplanation: The electromagnetic interference (EMI) caused by electrical storms or noisy electrical equipments. The interference may cause computer system to hang or crash as well as damages similar to those caused by sags, spike and surges.Because Unshielded Twisted Pair cables does not have shielding like shielded twisted-pair cables, UTP is susceptible to interference from external electrical sources, which could reduce the integrity of the signal. Also, to intercept transmitted data, an intruder can install a tap on the cable or monitor the radiation from the wire. Thus, UTP may not be a good choice when transmitting very sensitive data or when installed in an environment with much electromagnetic interference(EMI) or radio frequency interference (RFI). Despite its drawbacks, UTP is the most common cable type. UTP is inexpensive, can be easily bent during installation, and, in most cases, the risk from the above drawbacks is not enough to justify more expensive cables.For your exam you should know below information about power failureTotal Failure (Blackout) '' A complete loss of electric power, which may span from a single building to an entire geographical are and is often caused by weather conditions or inability of an electric utility company to meet user demandsSeverely reduced voltage (brownout) '' The failure of an electric utility company to supply power within acceptable range. Such a failure places a strain on electronic equipment and may limit their operational life or even cause permanent damage.Sags, spike and surge '' Temporary and rapid decreases (sag) or increases (spike and surges) in a voltage levels. These anomalies can cause loss of data, data corruption, network transmission errors or physical damage to hardware devices.Electromagnetic interference (EMI) - The electromagnetic interference (EMI) caused by electrical storms or noisy electrical equipments. The interference may cause computer system to hang or crash as well as damages similar to those caused by sags, spike and surges.The following were incorrect answers:Sag '' Temporarily rapid decrease in a voltage.Total Failure (Blackout) '' A complete loss of electric power, which may span from a single building to an entire geographical are and is often caused by weather conditions or inability of an electric utility company to meet user demandsSeverely reduced voltage (brownout) '' The failure of an electric utility company to supply power within acceptable range. Such a failure places a strain on electronic equipment and may limit their operational life or even cause permanent damage.Following reference(s) were/was used to create this question:CISA review manual 2014 Page number372andHernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 6507-6512). AcerbicPublications. Kindle Edition.4. Right Answer: CExplanation: The failure of an electric utility company to supply power within acceptable range. Such a failure places a strain on electronic equipment and may limit their operational life or even cause permanent damage.For CISA exam you should know below information about power failureTotal Failure (Blackout) '' A complete loss of electric power, which may span from a single building to an entire geographical are and is often caused by weather conditions or inability of an electric utility company to meet user demandsSeverely reduced voltage (brownout) '' The failure of an electric utility company to supply power within acceptable range. Such a failure places a strain on electronic equipment and may limit their operational life or even cause permanent damage.Sags, spike and surge '' Temporary and rapid decreases (sag) or increases (spike and surges) in a voltage levels. These anomalies can cause loss of data, data corruption, network transmission errors or physical damage to hardware devices.Electromagnetic interference (EMI) - The electromagnetic interference (EMI) caused by electrical storms or noisy electrical equipments. The interference may cause computer system to hang or crash as well as damages similar to those caused by sags, spike and surges.The following were incorrect answers:Sag '' Temporarily rapid decrease in a voltage.Total Failure (Blackout) '' A complete loss of electric power, which may span from a single building to an entire geographical are and is often caused by weather conditions or inability of an electric utility company to meet user demandsSeverely reduced voltage (brownout) '' The failure of an electric utility company to supply power within acceptable range. Such a failure places a strain on electronic equipment and may limit their operational life or even cause permanent damage.Following reference(s) were/was used to create this question:CISA review manual 2014 Page number3725. Right Answer: DExplanation: The word NOT is the keyword used in the question. You need to find out a statement which is not applicable to smoke detector. Smoke detector should supplement, not replace, fire suppression system.For CISA exam you should know below information about smoke detector.The Smoke detectors should be above and below the ceiling tiles throughout the facilities and below the raised computer room floor.The smoke detector should produce an audible alarm when activated be linked to a monitored stationThe location of the smoke detector should be marked on the tiling for easy identification and access.Smoke detector should supplement, not replace, fire suppression systemThe following were incorrect answers:The other presented options are valid statement about smoke detector.Following reference(s) were/was used to create this question:CISA review manual 2014 Page number373 .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISA—Certified Information Systems Auditor - Part 381
Questions 1. An IS auditor is reviewing the results of a business process improvement project. Which of the following should be performed FIRST?A) Evaluate control gaps between the old and the new processes.B) Develop compensating controls.C) Document the impact of control weaknesses in the process.D) Ensure that lessons learned during the change process are documented.2. Which of the following controls can BEST detect accidental corruption during transmission of data across a network?A) Sequence checkingB) Parity checkingC) Symmetric encryptionD) Check digit verification3. An IS auditor is asked to identify risk within an organization's software development project. The project manager tells the auditor that an agile development methodology is being used to minimize the lengthy development process. Which of the following would be of GREATEST concern to the auditor?A) Each team does its own testing.B) The needed work has not yet been fully identified.C) Some of the developers have not attended recent training.D) Elements of the project have not been documented.4. Which of the following must be in place before an IS auditor initiates audit follow-up activities?A) A heat map with the gaps and recommendations displayed in terms of riskB) A management response in the final report with a committed implementation dateC) Supporting evidence for the gaps and recommendations mentioned in the audit reportD) Available resources for the activities included in the action plan5. To maintain the confidentiality of information moved between office and home on removable media, which of the following is the MOST effective control?A) Mandatory file passwordsB) Security awareness trainingC) Digitally signed mediaD) Data encryption Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: BExplanation: Parity check is used to detect transmission errors in the data. When a parity check is applied to a single character, it is called vertical or column check. In addition, if a parity check is applied to all the data it is called vertical or row check. By using both types of parity check simultaneously can greatly increase the error detection possibility, which may not be possible when only one type of parity check is used.3. Right Answer: BExplanation: 4. Right Answer: CExplanation: 5. Right Answer: DExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
CISM—Certified Information Security Manager - Part 241
Questions 1. Recovery time objectives (RTOs) are an output of which of the following?A) Business continuity planB) Disaster recovery planC) Service level agreement (SLA)D) Business impact assessment (BIA)2. A global organization is developing an incident response team (IRT). The organization wants to keep headquarters informed of all incidents and wants to be able to present a unified response to widely dispersed events.Which of the following IRT models BEST supports these objectives?A) Holistic IRTB) Central IRTC) Coordinating IRTD) Distributed IRT3. Which of the following should be done FIRST when selecting performance metrics to report on the vendor risk management process?A) Review the confidentiality requirements.B) Identity the data owner.C) Select the data source.D) Identity the intended audience.4. The decision to escalate an incident should be based PRIMARILY on:A) organizational hierarchy.B) prioritization by the information security manager.C) predefined policies and procedures.D) response team experience.5. An organization's information security strategy for the coming year emphasizes reducing the risk of ransomware.Which of the following would be MOSThelpful to support this strategy?A) Provide relevant training to all staff.B) Create a penetration testing plan.C) Perform a controls gap analysis.D) Strengthen security controls for the IT environment. Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: BExplanation: 3. Right Answer: BExplanation: 4. Right Answer: CExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
Comptia A+ 1002 2023 Questions and answer - Part 59
Questions 1. A technician troubleshooting a computer finds a faulty video card and needs to replace it. Which of the following safety procedures should be used to prevent damaging the new part?A) A. Ground the computer and remove jewelry.B) B. Self ground and handle the new card by the edges.C) C. Place the computer on an ESD mat.D) D. Attach an ESD strap to the new card during handling.2. A user, Ann, has reported that she lost a laptop. The laptop had sensitive corporate information on it that has been published on the Internet. Which of the following is the FIRST step in implementing a best practice security policy?A) A. Require bio-metric identification to log into the laptop.B) B. Require multi-factor authentication to log into laptop.C) C. Require laptop hard drives to be encrypted.D) D. Require users to change their password at frequent intervals.E) E. Require users to have strong passwords.3. A user calls the help-desk reporting that when accessing the company portal, it redirects to an unfamiliar website. Which of the following steps would the technician take to resolve this issue using best practices?A) A. Identify symptoms, quarantine infected system, and create restore point.B) B. Quarantine infected system, identify symptoms, and create restore point.C) C. Identify symptoms, educate end user, and create restore point.D) D. Create restore point, identify symptoms, and quarantine infected system.4. Joe, an end-user, reports that the PC he uses periodically logs off his user account and displays a message that updates are being installed. Which of the following is the MOST likely cause of this issue?A) A. Time of day restrictions are enabled on the machineB) B. Scheduled antivirus scans and updates are enabled on the machineC) C. Remote desktop is enabled and an administrator has logged into the machineD) D. Automatic Windows Update is enabled on the machine5. A technician is in need of a device that would give the BEST network protection within a single device. Which of the following devices would the technician use?A) A. NLXB) B. IDSC) C. UTMD) D. ATX Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: CExplanation: 3. Right Answer: AExplanation: 4. Right Answer: DExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
Comptia Linux + 2023 Questions and answer - Part 9
Questions 1. How can the existing environment variable FOOBAR be suppressed for the execution of the script./myscript only?A) A. unset -v FOOBAR;./myscriptB) B. set -a FOOBAR='';./myscriptC) C. env -u FOOBAR./myscriptD) D. env -i FOOBAR./myscript2. What output will the following command produce?seq 1 5 20A) A. 1B) B. 1C) C. 1D) D. 2E) E. 53. Which of the following words is used to restrict the records that are returned from a SELECT SQL query based on a supplied criteria for the values in the records?A) A. CASEB) B. FROMC) C. WHERED) D. IF4. Which of the following commands lists all defined variables and functions within Bash?A) A. envB) B. setC) C. env -aD) D. echo $ENV5. Which of the following SQL queries counts the number of occurrences for each value of the field order_type in the table orders?A) A. SELECT order_type,COUNT(*) FROM orders WHERE order_type=order_type;B) B. SELECT order_type,COUNT(*) FROM orders GROUP BY order_type;C) C. COUNT(SELECT order_type FROM orders);D) D. SELECT COUNT(*) FROM orders ORDER BY order_type;E) E. SELECT AUTO_COUNT FROM orders COUNT order_type; Right Answer and Explanation: 1. Right Answer: CExplanation: 2. Right Answer: AExplanation: 3. Right Answer: CExplanation: 4. Right Answer: BExplanation: 5. Right Answer: BExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Created by - Mary Smith
ComptiA Security+ Certification Exam Questions and answer - Part 35
Questions 1. An organization - s primary datacenter is experiencing a two-day outage due to an HVAC malfunction. The node located in the datacenter has lost power and is no longer operational,impacting the ability of all users to connect to the alternate datacenter. Which of the following BIA concepts BEST represents the risk described in this scenario?A) SPoFB) RTOC) MTBFD) MTTR2. An organization uses SSO authentication for employee access to network resources. When an employee resigns,as per the organization - s security policy,the employee - s access to all network resources is terminated immediately. Two weeks later,the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action?A) Approve the former employee - s request,as a password reset would give the former employee access to only the human resources server.B) Deny the former employee - s request,since the password reset request came from an external email address.C) Deny the former employee - s request,as a password reset would give the employee access to all network resources.D) Approve the former employee - s request,as there would not be a security issue with the former employee gaining access to network resources.3. An organization wants to conduct secure transactions of large data files. Before encrypting and exchanging the data files,the organization wants to ensure a secure exchange of keys. Which of the following algorithms is appropriate for securing the key exchange?A) DESB) BlowfishC) DSAD) Diffie-HellmanE) 3DES4. An organization wants to ensure network access is granted only after a user or device has been authenticated. Which of the following should be used to achieve this objective for both wired and wireless networks?A) CCMPB) PKCS#12C) IEEE 802.1XD) OCSP5. An organization wants to implement a method to correct risks at the system/application layer. Which of the following is the BEST method to accomplish this goal?A) IDS/IPSB) IP tunnelingC) Web application firewallD) Patch management Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: CExplanation: 3. Right Answer: DExplanation: 4. Right Answer: CExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }
More detailsPublished - Fri, 03 Mar 2023
Search
Popular categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Write a public review