1. The auditor is measuring the Recovery Point Objective, the amount of downtime a company can endure without causing damage to its sales or reputation.
2. The IT manager has been measuring the Mean Time Between Failures (MTBF) so that he can see, over a period of time, the number of times the video-conferencing application has been crashing. This measures the reliability.
3. The Mean Time to Repair (MTTR) lets you know how long it took a system to be repaired and the Recovery Time Objective (RTO) is when a system is back to operational state; they both inform you when the system is working.
4. The quality of how the risk is measured by the Qualitative Risk Assessment can be graded as high, medium, or low.
5. The Quantitative Risk Assessment is normally measured by giving the risk a value to measure the risk.
6. This is known as a single point of failure, where one component fails and takes down a system.
7. The most critical factor measuring Business Impact Analysis is the loss of life.
8. When employing someone, the human resources department must carry out a background check to ensure that they are who they say they are and they have no criminal record. For finance positions, they will also credit check them.
9. An exit interview is carried out by the human resources department to discover the reason why an employee leaves and to see how they can improve working conditions to ensure that they retain good employees.
10. A business partnership agreement lays out the contributions of each partner, which partner will make certain decisions so that they both know where they stand who decides which decisions so that they both know where they stand.
11. A service level agreement is needed for printer maintenance. This is measured in metrics, for example, did they meet the agreement 99% of the time.
12. When you outsource the maintenance of your printers this is called risk transference.
13. A MOU is more than a gentleman's agreement, but a MOA is legally binding.
14. The first stage in risk assessment is to classify the asset; this will then determine how it is handled, stored, and protected. Just think how differently you would treat gold from trash.
15. The first stage the financial director should do is to enforce mandatory vacations and send Mary on holiday. At that time, the financial consultant can log in to her system and have a thorough investigation.
16. They are adopting a clean desk policy, where they clear all paper from their desks. It should really be called a clear desk policy as nobody is interested in how clean the desk is.
17. Mandatory Access Control (MAC) is based on the classification of the data; the only person who really knows the classification is the data owner, the person who wrote the document.
18. A data custodian is responsible for storing and backing up of data; he is not authorized to give anyone access to it.
19. A contractor who is a member of the IT team such as a service technician would need either an administrative or privileged account.
20. Prior to starting penetration testing, the tester must establish what he should do when he discovers a vulnerability: does he just report it or exploit it as far as he can go?
21. When Ariadne brought her personal laptop into the company, the IT team should have carried out the on boarding policy and at that point, the virus would have been discovered.
22. A job rotation policy is aimed at, first of all, training staff and then discovering whether fraud or theft has occurred.
23. The cashier is not allowed to carry out the whole transaction herself without the Financial Director, which means that they are adopting separation of duties where no one person can carry out the whole transaction.
24. Each department head should document any risk that affects their department and how the risk should be treated. This should be reviewed annually.
25. When the risk seems too high, we would treat it with risk avoidance.
26. Outsourcing the Skype environment to a third party is known as risk transference.
27. Two technical controls that would be used to mitigate risk on a new laptop would be to activate the host-based firewall and install an antivirus solution.
28. The IT manager is adopting risk acceptance as there are rarely (if any) hurricanes and tornadoes in Scotland. This risk is deemed extremely low.
29. He will either write a new policy for the new technology or complete change management on the existing policy.
30. A standard operating procedure is where a company takes a task that needs to be carried out and sets out step-by-step instructions on how to carry out that task and by whom.
31. The purpose of using SLE, ARO, and ALE is to put a monetary value on items that are lost. SLE is the value of losing one item, the ARO is the number of losses a year, and the ALE, the annual loss, is when both of these are multiplied. As long as you have two values, the other can be calculated. For example, SLE x ARO = ALE or ALE /ARO = SLE.
32. When John Smith began employment, he would have been given the acceptable use policy on using email. In the policy, it would have been stipulated that company email cannot be used for personal email. By sending out this email, he has violated the AUP.
33. Before the forensic investigator starts to analyze the laptop, he must take a system image and place it on another computer, keeping the original intact so that it can be produced in court. Secondly, on the system image, he should hash the data prior to his investigation and then re-hash it at the end and when both values match, he can prove to the judge that the data has not been tampered with.
34. Before the forensic investigator starts to analyze an external hard drive, he must take a forensic copy then place it on another computer, keeping the original intact so that it can be produced in court. He would also hash the data before and after to prove integrity.
35. The chain of custody documents who has collected evidence and who has handled it until it is produced in court as evidence. Once the evidence has left the sight of the personnel who last signed for it, the chain of custody has been broken.
36. His mailbox should be placed on legal hold sometimes called Litigation Hold; this will then mean emails can be sent and received, but cannot be deleted or destroyed and then can be presented as evidence.
37. The first stage of discovering a web-based attack would be to capture the network traffic to identify the attacker as this is the most volatile evidence. Simply stopping the attack stops you from finding out who the perpetrator is.
38. If a rapidly expanding virus is attacking your company network, you need to immediately stop the attack. The time taken to capture the network traffic would allow the virus to be spread all over your network. This is the only case when you must stop it from spreading rather than capture the volatile evidence.
39. When the security administrator discovers that one of the company computers is a member of a botnet, it should be turned off immediately, taken from the network, and re-imaged; this is to prevent it from attacking anyone else. He then should investigate how it happened to prevent another occurrence.
40. The record time offset is the regional time that evidence has been collected. In the case of multinational investigations, it then can put into a sequence with evidence collected in other countries using time normalization. All times may be converted into GMT so a trail of evidence can be established.
41. A snapshot can be taken before a major upgrade so that if the upgrade fails the virtual machine can be rolled back to the original state. The CompTIA exam measures a snapshot as the fastest backup, when in fact, it should be deemed the fastest recovery.
42. The fastest physical backup is a full backup. A full backup is the last full backup, but both incremental and differential backups start with a full backup then replay the differential or the number of incremental backups required.
43. The most expensive disaster recovery site is a hot site as it is fully manned and operation with data with the data up to date.
44. The cheapest disaster recovery site is a cold site as it only has power and water and no equipment.
45. Data sovereignty means that data cannot be stored outside of the region it was created in. In the exam it could also mean country, data must reside within the country where it was created.
46. If your company is backing up data using backup tapes, they must ensure that the tapes are clearly labeled and that the latest backup is taken offsite.
47. For a business selling theater tickets, they must use a hot site for disaster recovery.
48. A cloud-based disaster recovery site can be up and running faster than any other site because all you need is an internal connection; even with a hot site, a company needs to move all of the people to that hot site and that may take some time.
49. A cold site would be the cheapest disaster recovery site as it would only have power and water. There would be no equipment and it may take some time to become operational.
50. Risk is the probability that an event will happen that would cause some loss to the company.