WGU D483 Comp Tia Sys Study
Questions And Answers
An organization recently had an attack that resulted in system data loss. The
system administrator must now restore the system with a data backup. What
functional security control was the system administrator able to implement?
A.Preventative
B.Responsive
C.Corrective
D.Compensating
The system administrator used a corrective control after the attack. A good example of
a corrective control is a backup system that can restore data that an attacker damages
during an intrusion.
Preventative controls act to eliminate or reduce the likelihood that an attack can
succeed. A preventative control operates before an attack can take place.
Responsive controls serve to direct corrective actions enacted after the organization
confirms the incident. They often document these actions in a playbook.
The compensating control is a substitute for a principal control, as recommended by a
security standard, and affords the same (or better) level of protection but uses a
different methodology or technology.
A security engineer installs a next-generation firewall on the perimeter of a
network. This installation is an example of what type of security control class?
A.Managerial
B.Operational
C.Detective
D.Technical
Firewalls, antivirus software, and operating system (OS) access control models are
examples of technical controls. The engineer would implement technical control as a
system (hardware, software, or firmware).
The managerial control gives oversight of the information system. Examples could
include risk identification or a tool allowing the evaluation and selection of other security
controls.
People primarily implement operational control rather than systems. For example,
security guards and training programs are operational controls rather than technical
, controls.
The detective control is a functional control that is not a security control class
An engineer is considering appropriate risk responses using threat modeling.
They are trying to understand which threat actors are in scope for their
organization. How does threat modeling identify the principal risks and tactics,
techniques, and procedures (TTPs) for which their system may be susceptible?
(Select the three best options.)
A.By evaluating the system from an attacker's point of view
B.By evaluating a system from a neutral perspective
C.Through using tools such as diagrams
D.By analyzing the system from the defender's perspective
Evaluating systems from a neutral perspective is not a method used in threat modeling.
A mission-critical system is offline at an organization due to a zero-day attack.
The associated software vendor plans to release a patch to remediate the
vulnerability. Which of the following are important patch management
considerations for this scenario? (Select the three best options.)
A.A patch test environment
B.Immediate push delivery of critical security patches
C.A specific team responsible for reviewing vendor-supplied newsletters and
security patch bulletins
D.A routine schedule for the rollout of noncritical patches
D. While creating a routine schedule for the rollout of noncritical patches has merit, it
does not illustrate important patch management considerations in this example. A
security analyst would address noncritical patches at a later time.
A security analyst is reviewing an announcement from the Cybersecurity and
Infrastructure Security Agency. Which source of defensive open-source
intelligence (OSINT) does the agency represent?
A.CERT
B.Internal sources
C.Government bulletins
D.CSIRT
The government is responsible for protecting the country's constituents and the national
infrastructure and publishing various information and advice regarding observed threats.
For example, the Department of Homeland Security and the Cybersecurity and
Infrastructure Agency publishes several types of cybersecurity guidance, including basic
informational content and binding operational directives that federal agencies must
implement.
A computer emergency response team (CERT) aims to mitigate cybercrime and
minimize damage by responding to incidents quickly.
Questions And Answers
An organization recently had an attack that resulted in system data loss. The
system administrator must now restore the system with a data backup. What
functional security control was the system administrator able to implement?
A.Preventative
B.Responsive
C.Corrective
D.Compensating
The system administrator used a corrective control after the attack. A good example of
a corrective control is a backup system that can restore data that an attacker damages
during an intrusion.
Preventative controls act to eliminate or reduce the likelihood that an attack can
succeed. A preventative control operates before an attack can take place.
Responsive controls serve to direct corrective actions enacted after the organization
confirms the incident. They often document these actions in a playbook.
The compensating control is a substitute for a principal control, as recommended by a
security standard, and affords the same (or better) level of protection but uses a
different methodology or technology.
A security engineer installs a next-generation firewall on the perimeter of a
network. This installation is an example of what type of security control class?
A.Managerial
B.Operational
C.Detective
D.Technical
Firewalls, antivirus software, and operating system (OS) access control models are
examples of technical controls. The engineer would implement technical control as a
system (hardware, software, or firmware).
The managerial control gives oversight of the information system. Examples could
include risk identification or a tool allowing the evaluation and selection of other security
controls.
People primarily implement operational control rather than systems. For example,
security guards and training programs are operational controls rather than technical
, controls.
The detective control is a functional control that is not a security control class
An engineer is considering appropriate risk responses using threat modeling.
They are trying to understand which threat actors are in scope for their
organization. How does threat modeling identify the principal risks and tactics,
techniques, and procedures (TTPs) for which their system may be susceptible?
(Select the three best options.)
A.By evaluating the system from an attacker's point of view
B.By evaluating a system from a neutral perspective
C.Through using tools such as diagrams
D.By analyzing the system from the defender's perspective
Evaluating systems from a neutral perspective is not a method used in threat modeling.
A mission-critical system is offline at an organization due to a zero-day attack.
The associated software vendor plans to release a patch to remediate the
vulnerability. Which of the following are important patch management
considerations for this scenario? (Select the three best options.)
A.A patch test environment
B.Immediate push delivery of critical security patches
C.A specific team responsible for reviewing vendor-supplied newsletters and
security patch bulletins
D.A routine schedule for the rollout of noncritical patches
D. While creating a routine schedule for the rollout of noncritical patches has merit, it
does not illustrate important patch management considerations in this example. A
security analyst would address noncritical patches at a later time.
A security analyst is reviewing an announcement from the Cybersecurity and
Infrastructure Security Agency. Which source of defensive open-source
intelligence (OSINT) does the agency represent?
A.CERT
B.Internal sources
C.Government bulletins
D.CSIRT
The government is responsible for protecting the country's constituents and the national
infrastructure and publishing various information and advice regarding observed threats.
For example, the Department of Homeland Security and the Cybersecurity and
Infrastructure Agency publishes several types of cybersecurity guidance, including basic
informational content and binding operational directives that federal agencies must
implement.
A computer emergency response team (CERT) aims to mitigate cybercrime and
minimize damage by responding to incidents quickly.
