CCT 077: CISSP Practice Test Questions for Risk Indicators, Backup Verification Data for DR and BC Operations (D6.3)

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Content

Transcript

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Hey all, it's Sean Gerber with CISSP Cyber Training. How are you all doing this beautiful day? Things here in Wichita, kansas, are amazing and the weather's actually starting to turn like fall. So that is just. I love this time of year. I love you all, but I love it. It's a great time of year, but today we are not here to talk about the fall. We are here to talk about CISSP exam questions, and today we're going to get into domain six of the CISSP exam. But before we do, we're going to talk just about one little piece of news that came up I saw just today, as it relates to what we call BEC attacks, and that is a business email compromise attack. There was a in the news that right now they have saw it was related to a Nigerian was extradited. No, it wasn't extradited. He was extradited to the US as part of a multi-million dollar business email compromise scheme. Now, if you're not familiar with a business email compromise otherwise known as a BEC, which is Bravo, echo, charlie, what it is is, someone will go and they basically scam folks to put in credentials or to add in payment data so that they can then do wire transfers. So, as an example I have, let's say, I have a CEO and the CEO has an administrative assistant, and his administrative assistant, or maybe the finance person, are the ones that control the finances for the company, and this individual, the scammer, will send an email and even text messages to kind of add more social clout to it, to the recipient, which would be this administrative assistant or the finance person, saying that the CEO wants you to transfer money from X account to Y account, and here is the routing details. But they don't do it quite like that. But they basically will come out and act like another third party and we'll say hey, we have this information, our payment information is changing, please make adjustments on your side so that we can receive payment. And this is hitting a lot of companies. It's continuously hitting companies. Well, what ended up actually happened is this guy stole close to $7 million. What that's he went after and he actually was able to fully garner back about a million dollars as it relates to the BEC's. And so the interesting part about all this is that in the past, a lot of this stuff was kind of thrown in the rug and people didn't really go after these folks. But now it appears that this is actually happening in the Department of the US. Department of Justice has gone after this individual and it looks like he could end up in jail for up to 20 years. So that you, as you all move into your Passions CISP and you move into security type roles you're going to be asked by both your legal and your CEOs To be able to help them understand these types of attacks, and so it's going to be your responsibility to come up with Some sort of letter that you would send out to your folks, some sort of policy statement, some announcement. You're going to have to do that and help them understand how can they avoid these BEC attacks. Now, bottom line with a with a BEC attack is that you just have to make sure Everybody you have very strict processes on how you transfer money and you sure everybody knows that, and if there's anything that goes Outside of the normal parameters in which you would transfer funds from one company to another is that you would have a positive Control path. What that basically means is that you have a phone number of a person you know that you have talked to, and then you get on the phone and you call that individual to say hey, did you really want me to redo this now? You would not take the phone number that's provided in the email because obviously the scammers will want you to call them and they'll say for sure, please do that. But you need to already have a predefined Setup with the third party that you're transferring money to, that you will call them in the event of a change in banking information. So you got to have this ahead of time. You cannot wait to when you actually get the email. You need to reach out to them immediately, find out what it is and then from there you can determine if it is actually legitimate or if it is a fake. But you can get this in the info security magazine calm and it's under BEC. Scammer, please, guilty to six million dollar scheme. Okay, so these questions are over CCT 077. This is doft domain 6.3 and these practice questions are around risk indicators as they're associated with business continuity plans, disaster recovery plans and the like, and so we'll just go ahead and get started into these questions. You can skip all of these questions and the videos. At CISSP cyber training calm, you'll be able to see the videos that are there. You'll be able to get the audio content that is associated with these various podcasts. You obviously can get these off the podcast that are on your norm normal carriers. They provide that as well as the videos, at some point in time, will be available through YouTube. I usually delay. Those are quite a bit, but so you can wait and you'll see them on YouTube. But if you want to get them immediately, you can get them through CISSP cyber training calm. Okay, so question one these are scenario-based questions. Alice is a business continuity planner. She has to decide when to activate the business continuity plan. What is the key determinant for activating a BCP or business continuity plan? A immediate loss of revenue. B when directed by senior management. C after assessing the impact on operations. Or Deactivation of the immersion C response team. So again, alice is a business continuity planner. Continuity planner she when should she decide to activate the BCP? And it is C after assessing the impact on Operations. So you need to before you go in through that process of activating the BCP, which is a. It triggers a lot of different things. It's generally based on the fact that it's tied specifically to operations and immediate financial losses, so therefore you need to make sure you assess the impact on your operations before actually pulling the trigger on it. Question two Bob is responsible for choosing a disaster recovery site for his organization. Which factor is least relevant in choosing a DR or disaster recovery location? A local cuisine, b cost of the site, c proximity to the primary site or d regulatory requirements? Now, it's pretty obvious, right, local cuisine. But you would be surprised Some people may pick one because they know their individuals are going to have to be eating while they're running through a DR plan. So let's pick out the best place to go get grub. No, that's definitely not the one you want. But cost of sight, proximity to the primary location and regulatory requirements are all part of a disaster recovery plan, or at least should be considered when building out your DR plan. Question three Carol needs to define recovery time objectives, rtos and recovery point objectives RPOs for critical application. Which statement about an RTO and an RPO is correct? A the RTO is more focused on data loss. B RPO is focused on the maximum tolerable downtime. C RPO and RTO refer to the same thing. And then D RTO is focused on the maximum tolerable downtime. So, if you break this down, rto is focused on the maximum tolerable downtime. That's RTO, romeo, tango, oscar. Rpo is focused on data loss itself. So A Obviously would get you tricked up if you focused on it because it says RTO is more focused on data loss, which is incorrect. That would be your RPO, romeo, papa, oscar. So again, the correct answer is RTO is focused on the maximum tolerable downtime. Question four Dave is conducting a BIA for his organization. What is the primary objective of the BIA? A To identify risks and threats. B To identify critical business functions. C To establish communication plans or D To create backup strategies. Dave is conducting a BIA for his organization. What is the primary objective of a BIA? B To identify critical business functions. That's what you want the BIA to do and it will help you walk through the whole process To determine which functions are the most critical to your organization and help you then determine the interdependencies that they may have. Question five Emily is preparing for a potential disaster when she wants to ensure that critical staff can operate remotely. What should Emily's primary concern be? A Ensuring high speed internet at employees' homes, b Securing laptops for remote work, c Creating a list of critical staff or. D Selecting the appropriate remote collaboration tools. So now, each one of those is important. Even ensuring people have high internet high speed internet at their employees' homes is an important thing if you're going to operate out of their homes. We learned this during the pandemic. But when it comes right down to it, the most important thing they can do, the primary concern that Emily should have is creating a list of critical staff. Again, the critical staff is the first step in ensuring that you have the essential functions continue during a disaster. The other factors are secondary. Question six Frank is in charge of data backups for his organization. What type of backup will take the least amount of time? A A full backup, C An incremental backup? Alright, that's not. C A Full backup, b An incremental backup, ca differential backup or D A mirror backup. So which backup will take the least amount of time? And that is B An incremental backup only copies the data that has changed since the last backup, thus requiring the least amount of time between the various backup stages? Question seven Grace has to create an alternate business process due to a system outage. What is her first step? So Grace has to create an alternate business process due to a system outage A Assess the impact. B Notify the stakeholders. C Implement contingency planning or. C Resume normal operations. So if you're looking to create an alternate business process, obviously resuming normal operations isn't even correct. So that narrows it down to three. But if you're looking at this from a management standpoint, you want to assess the impact, because you don't even know how to tell the stakeholders what's happened if you don't assess it. And it's really hard to implement your contingency plan if you don't know how bad the problem is. So, again you, what first thing you want to do is assess the overall impact, and that's one thing to keep in mind is when it comes to these tests. If you assess, it usually is when they say the first thing. It's usually the first thing that they're going to be asking for, and the other option that comes into is if it's around health and safety. Safety always trumps pretty much everything. Question eight Henry wants to test his organization's DR plan without affecting the production environment. What type of DR testing method should Henry use A a full scale test, b a checklist based walkthrough, c a parallel test or D a simulation test? So he wants to test the organization's DR plan without affecting the production environment. So which testing method should he use? It should be D simulation test. This allows you to evaluate DR plans in a controlled environment without affecting your production systems, making it extremely suitable for what Henry wants to accomplish. Question nine Irene is drafting contracts with vendors that will assist during a disaster or during a disaster recovery. I should say what should be her first main focus in the contract A service level agreements. B penalties for non-compliance, c cost or D duration of the contract. So she's drafting a contract with vendors that will assist during a disaster and you want to be a service level agreements. These are crucial when defining expectations that are going to occur with the service of a vendor. So CSLAs. So anytime I deal with a vendor, I have to have an SLA in place, because that sets the expectation of what they're supposed to do and also it sets the expectation of what we will be doing if we're working with them. So SLA's are the first really first thing you want to do when you're dealing with trying to work with vendors on a disaster recovery or really any type of contracting work? Question 10, jack is considering the use of mobile recovery units as part of his DR strategy. What is a significant downside of a mobile recovery unit? So mobile recovery unit is like a big trailer that you drive around on a semi kind of thing and those are set up to go to a location and that you can recover quickly. So what is that the most significant downside of a mobile recovery unit? A high cost, b limited space, c complexity of deployment or D all of the above? And the answer is D. They are everything of that. They are high cost, they are limited space and they are very complex to deploy. You want to think about this. You would not do this at a small or mid-sized company. You'd probably do this at a very large company that has a strong need for disaster recovery and they're willing to pay for having that on the books. Question 11, karen's data center has been flooded. What should be her immediate action? A start the generators. B execute the DR plan. C check the insurance policy. Or D evacuate the data center. So again, it's been flooded. First thing, safety, always safety, right. So evacuate the data center. You do not want people around water and electricity. They do not mix well, so you want to get everybody out. The one that people might bite off on is execute the DR plan. Well, that's the first thing, is the best question, or best answer is evacuate the data center. Question 12, luke is in charge of communication during disaster recovery. Which stakeholder should he inform of the disaster? A the media they're not a stakeholder. B the senior management. C a customer or D regulatory authorities. Okay, so each of those can be informed, but it depends upon when right. So he's in charge of communications during a disaster recovery. Which stakeholder should he inform first in the event of a disaster? And that would be senior management, right? I've had individuals that have wanted to contact regulatory authorities right away once a simulated disaster has occurred and it's like no, you need to make sure everybody circles the wagons and understands what you're putting out, especially to regulatory authorities. You cannot have one person be that main individual. You need to bring in your senior leaders and legal counsel to help you. Again, I'm not a lawyer, nor am I providing legal counsel. I'm just telling you that that would be the best plan of action. Question 13, nancy is tasked with preparing her company for a potential pandemic. What should be her first step? A stockpile vaccines. B establish remote work protocols. C assess critical business functions. Or D implement health checks at the office entrances. Well, we've been through this right. So, and when it comes right down to it, you want to assess the critical business functions. So you want to be able, if remote work is occurring and a pandemic has happened, you want to be able to ensure what brought business systems can be running. And how would you get them running? Question 14, olivia is concerned about the security of a sensitive data during a disaster recovery. What should be her primary focus when ensuring data security? So, olivia, she's concerned about data security. So she wants to protect the sensitive data during a DR situation. Eight, the answer is data encryption. B regular audits. C physical security of the DR site. Or D using secure communication channels. Okay, so her primary focus should be what as it relates to data security? And the answer is a data encryption. Data encryption is an important factor if you're trying to ensure data security. The rest of those are important. They're not bad. They're good for trying to deal with the DR plan, but when it comes to data security, that's data encryption. Last question, question 15,. Paul has managed to successfully to complete a successful disaster recovery. What should be the next immediate step? A restore services to normal. B update the DR plan. C notify stakeholders about a successful recovery. Or. D conduct a lessons learn. Okay, so the DR plan has been successful. What would be the next immediate step? It would conduct a lessons learn review. I did this one. I was flying airplanes. Every time we had a mission or a sortie. After we were done with the sortie, we would land. We would then do a debrief of how it went the good, the bad and the ugly and we did that each and every flight. And that's what you should do, especially on any sort of disaster recovery or even tabletop exercise what did you do good, what did you do bad and how can you make changes to fix it? Okay, that's all I have for today. If you like what you heard, go to CISSP Cyber Training, or you can like us on Facebook or wherever we're at. It's your podcast place, all that. But go to CISSPCybertrainingcom. You'll be able to check us out and we have all of this information for you and available. It's a plethora of information to help you pass the CISSP exam. That is the ultimate goal of this podcast and of the training to help you pass the doggone test so that you can move on in your cybersecurity career. All right, have a great day and we'll catch you on the flip side, see you.