Free CompTIA Security+ Practice Chapter 9

Ref: CompTIA Security Plus Get Certified Get Ahead SY0-701 Study Guide

CompTIA Security+ (SY0-701) – Chapter 9

1 / 138

What is a primary difference between a Network-Attached Storage (NAS) and a Storage Area Network (SAN)?

A. SANs require dedicated hardware while NAS do not.

B. NAS uses different protocols, such as Fibre Channel, while SANs use standard network protocols.

C. NAS provides block-level data storage while SAN provides file-based data storage.

D. SANs use standard network protocols such as TCP and IP, while NAS requires dedicated hardware and uses different protocols such as Fibre Channel.

2 / 138

What is the key purpose of testing backups?

A. To ensure the backup data can be restored

B. To ensure server redundancy

C. To check the functionality of an alternate site

D. To identify roles and responsibilities during a tabletop exercise

3 / 138

What type of backup strategy is best suited for an organization that wishes to recover failed systems quickly?

A. Full only

B. Full/Incremental

C. Full/Differential

D. Incremental only

4 / 138

What is the function of generators in the context of power redundancies?

A. They provide positive voltage and negative voltage to devices.

B. They are used to distribute power to devices within the rack.

C. They provide long-term power during extended outages.

D. They provide short-term power and protect against power fluctuations.

5 / 138

Which of the following statements about drones is FALSE?

A. Drones are usually piloted by remote control

B. Most drones have onboard cameras and can transmit images to operators

C. Drones can only be used for security purposes and can’t pose a threat

D. Sophisticated drones can use onboard computers

6 / 138

What is the purpose of defense in depth?

A. To diversify vendors to save costs

B. To use multiple layers of security in case of a single point of failure

C. To focus only on technical and administrative controls

D. To use the same technology from different vendors for added protection

7 / 138

If a system crashes on Thursday morning, how should the administrators restore the data from full/incremental backups?

A. They should first recover the full backup from Sunday, then restore the last incremental backup.

B. They should restore all incremental backups in a random order.

C. They should first recover the full backup from Sunday, then restore incremental backups in reverse chronological order.

D. They should first recover the full backup from Sunday, then restore all incremental backups in chronological order.

8 / 138

What does a Business Impact Analysis (BIA) help an organization to identify?

A. The organization’s marketing strategies

B. Key team members and their roles

C. Critical systems and components for its success

D. The organization’s customer base

9 / 138

Why should water never be used on an electrical fire during fire suppression?

A. It will lead to a chemical reaction

B. It will increase the heat

C. It will make the fire spread

D. It may cause electrical shocks

10 / 138

What is a snapshot backup?

A. A backup that captures all the data that has changed since the last full backup

B. A backup that captures the data at a point in time

C. A backup that captures all the data that has changed or is different since the last full backup

D. A backup that backs up all the selected data

11 / 138

What does an incremental backup strategy do after the full backup?

A. Backs up all data, regardless of changes

B. Backs up only the data that has changed since the full backup

C. Backs up all files regardless of the last backup

D. Backs up only the data that has been deleted since the last backup

12 / 138

According to the text, what are the four components of a fire that fire suppression methods attempt to remove or disrupt?

A. Heat, oxygen, fuel, and water

B. Heat, oxygen, fuel, and a chain reaction

C. Oxygen, fuel, water, and a chain reaction

D. Heat, fuel, water, and a chain reaction

13 / 138

What does the term ’high availability’ refer to in relation to server redundancy?

A. The system has an uptime of 60 minutes in a year

B. The system must constantly remain operational with almost no downtime

C. The system always has a backup server available

D. The system can support a large number of users

14 / 138

What is the main difference between card skimming and card cloning?

A. Card skimming makes a copy of a credit card, while card cloning captures credit card data

B. Card skimming captures credit card data at the point of sale, while card cloning makes a copy of a credit card

C. Card skimming is easy to do, while card cloning is hard

D. Card skimming is illegal, while card cloning is not

15 / 138

What is a single point of failure in a system and how can it be mitigated?

A. It is a frail part of a system that is ignored until a serious problem occurs. This can be mitigated by employing more IT personnel.

B. It is a part of a system that, if it fails, causes the entire system to fail. Solutions include adding redundancies and fault tolerance abilities.

C. It is any random failure in a system that causes the system to shut down. To resolve this, a new system has to be purchased.

D. It’s a common error in a system that happens frequently and cannot be avoided. The only way to manage it is to keep replacing the failed components.

16 / 138

What is one way to validate a backup?

A. By performing a test restore

B. By simply saving the data regularly

C. By looking at the backup files

D. By trusting the backup process

17 / 138

What can cause a person to become a single point of failure within an organization?

A. The person is the only one who knows how to perform specific tasks

B. The person is part of a RAID system

C. The person happens to control the power supply

D. The person is involved in disaster recovery planning

18 / 138

What provides fault tolerance for critical servers in case of a single point of failure?

A. Redundant Array of Inexpensive Disks (RAID)

B. Uninterruptable Power Supplies (UPSs)

C. Load Balancing

D. Power Generators

19 / 138

What does a site risk assessment focus on in the context of risk management?

A. It assesses the wide variety of risks across all sites

B. It focuses on assessing the specific risks related to each individual location or site

C. It focuses solely on natural risks such as hurricanes, floods, or earthquakes

D. It focuses only on mission-essential functions disregarding the geographical location

20 / 138

Which of the following is NOT commonly used as a physical security control?

A. Security cameras

B. Identification badges

C. False email accounts

D. Perimeter fencing

21 / 138

What is the main purpose of ’Two-person integrity’ in an organization’s security scenario?

A. To prevent individual access to COMSEC keying material

B. To prevent accidental launch of nuclear weapons

C. To deter tailgating incidents

D. Check and verify people’s identities against a preapproved access control list

22 / 138

Which of the following is a benefit of using disk storage for backups?

A. Disk storage is cheaper than other backup options

B. Disk storage allows for real-time replication of data

C. Disk access is quicker than tape

D. Disk storage does not require dedicated hardware

23 / 138

What does data sovereignty refer to in the context of data backup policy?

A. The type of data being backed up

B. The legal implications of storing data off-site in a different country

C. The distance between the main site and the off-site location for backup

D. The need of protecting the backup according to governing laws

24 / 138

What does a BIA attempt to identify when evaluating the impact of various scenarios such as natural disasters, fires, attacks, power outages, data loss, and hardware and software failures?

A. The type of the organization’s insurance

B. The sources that led to the disaster

C. The potential losses and the maximum downtime limits for the essential systems and components

D. The organization’s investment in technology

25 / 138

Which of the following best describes a hot site in the context of disaster recovery planning?

A. A site that is only operational during a disaster

B. A site that is up and operational 24/7 and can take over functionality quickly after a primary site failure

C. A disaster location that doesn’t include any equipment, software, or communication capabilities of the primary site

D. The most inexpensive disaster recovery solution

26 / 138

What does the concept of ’Technology diversity’ in security refer to?

A. Using multiple security vendors

B. Using different types of lock in the organization

C. Using different technologies to protect an environment

D. Implementing multiple layers of physical security

27 / 138

What is the purpose of a business continuity plan (BCP)?

A. To eliminate all potential threats

B. To ensure all employees are trained to deal with disasters

C. To ensure that critical business operations continue in the event of an outage

D. To document human errors that could lead to disasters

28 / 138

What is the primary difference between a Network-attached storage (NAS) and a Storage area network (SAN)?

A. NAS is much slower than a SAN

B. A NAS requires dedicated hardware and uses standard network protocols, while a SAN uses different protocols such as Fibre Channel

C. NAS is a type of cloud storage

D. NAS cannot have multiple drives

29 / 138

What factors should an organization consider while selecting a backup location?

A. Only the distance from the main site

B. Legal implications and availability of personnel

C. Distance, environmental issues and legal implications

D. Only data sovereignty issues

30 / 138

Why are daily full backups rare in most production environments?

A. Full backups are rarely successful

B. The backup program does not allow daily full backups

C. Full backups are time consuming and cost prohibitive

D. Full backups are not necessary as data changes rarely occur

31 / 138

What is the key benefit of adding redundancy to systems and networks in terms of system functionality?

A. It increases system speed

B. It makes the system look tidier

C. It enhances system’s reliability even when they fail

D. It eliminates the need for system updates

32 / 138

What do bollards provide for businesses and organizations?

A. They provide visual appeal to the building.

B. They effectively block vehicles from ramming into entrances.

C. They provide additional parking spaces.

D. They are used to guide pedestrians.

33 / 138

What is considered best practice when returning functions to the primary site after a disaster?

A. Return the most critical functions first

B. Return the functions randomly

C. Return the least critical functions first

D. Do not return functions until all problems are resolved

34 / 138

What is the purpose of a Redundant Array of Independent Disks (RAID)?

A. To increase network interface speed

B. To provide processor redundancy

C. To increase memory capacity

D. To provide fault tolerance for disks and increase system availability

35 / 138

What is the primary purpose of a vault in the context of information security?

A. To process transactions

B. To store and protect sensitive information

C. To provide workspace for employees

D. To host the organization’s website

36 / 138

What is the purpose of adding redundancy into systems and networks?

A. To increase the system’s performance

B. To make the system more complex

C. To increase the system’s reliability and resilience

D. To decrease the system’s power consumption

37 / 138

How do computer cable locks function in preventing theft of computers?

A. They create an electronic alarm system around the computer.

B. They secure the computer to a piece of furniture making it difficult for thieves to carry away.

C. They scramble the data on the computer making it useless for thieves.

D. They make the laptop explode when tampered with by unauthorized persons.

38 / 138

Which of the following correctly describes ’Person-made’ disasters?

A. Disasters caused by natural occurrences

B. Disasters caused by human activity

C. Disasters that occur within an organization

D. Disasters that occur outside of an organization but still impact the organization

39 / 138

Why do organizations provide additional physical security for server rooms?

A. To prevent attackers from accessing the equipment

B. To prevent unauthorized personnel from using the servers

C. Allowing IT personnel to work in isolation

D. To monitor the activities of IT personnel

40 / 138

What is the main purpose of NIC teaming?

A. To group two or more physical network adapters into a single software-based virtual network adapter

B. To create a single point of failure in a network

C. To reduce the bandwidth of individual NICs

D. To distribute outgoing traffic unequally among the NICs

41 / 138

What does an incremental backup do?

A. Backs up all the selected data

B. Backs up all the data that is different since the last full backup

C. Backs up all the data that has changed since the last full or incremental backup

D. Captures data at a point in time

42 / 138

What is the topic discussed in this section of the Security+ SY0-701 study material?

A. Protecting secure areas with digital security measures

B. Physical security measures for secure areas

C. Decoding secure areas with digital measures

D. Effective study methods for the exam

43 / 138

What is the main benefit of adding redundancy into your systems and networks?

A. It eliminates the possibility of system failure

B. It increases the system’s vulnerability

C. It increases the system’s reliability even when they fail

D. It ensures the system will never require maintenance

44 / 138

What do cards and badges work in tandem with to provide access?

A. Proximity reader

B. Moisture detection

C. Motion detection

D. Temperature sensor

45 / 138

How can an effective asset management system help mitigate system sprawl and undocumented assets?

A. By ensuring purchases go through an approval process

B. By tracking the movement of devices using RFID methods

C. By evaluating the purchases and ensuring that acquired hardware is added to the asset tracking system

D. By recording the issuance and retrieval of mobile devices

46 / 138

What is meant by the term ’Recovery Point Objective’ in the context of system backup and recovery strategies?

A. It refers to the maximum amount of time it should take to restore a system after an outage.

B. It pertains to the amount of data that an organization can afford to lose.

C. It defines the maximum allowable time for an outage as identified in the BIA.

D. It refers to the frequency in which weekly backups must be created.

47 / 138

In which scenario is restoring a full backup the fastest and simplest?

A. When you have multiple differential backups

B. When you have multiple incremental backups

C. When you have a single full backup

D. When you have mixed backups stored on different tapes

48 / 138

What is the primary use of physical locks in the context of security?

A. To secure household possessions

B. To secure buildings and room within buildings in a corporate environment

C. To store keys for other locks

D. To protect personal computers from unauthorized use

49 / 138

What are some differences between walkthroughs, tabletop exercises, and simulations in the context of testing business continuity plans and disaster recovery plans?

A. Walkthroughs, tabletop exercises, and simulations are all performed in a real environment.

B. Walkthroughs and tabletop exercises are discussion-based, while simulations are hands-on exercises.

C. Walkthroughs and simulations provide training to personnel, whereas tabletop exercises are hands-on exercises.

D. Simulations and tabletop exercises are hands-on exercises, while walkthroughs are discussion-based.

50 / 138

What is a characteristic of a RAID-0 (striping) setup?

A. It provides redundancy and fault tolerance

B. It only allows for one physical disk

C. It decreases read and write performance

D. Files stored on the array are spread across each of the disks

51 / 138

What is one example of a physical security control that can be placed on a server room?

A. Placing a camouflage grass on the server room floor

B. Using an identification badge to access the server room

C. Putting fake pine trees around the server room

D. Installing security cameras only on building entrances and exits

52 / 138

What are the main purposes of using load balancing in a network configuration?

A. To handle software incompatibilities

B. To provide scalability and availability in services

C. To protect the system from viruses

D. To ensure data is encrypted before transmission

53 / 138

What provides fault tolerance for hard drives and is considered a relatively inexpensive method of adding fault tolerance to a system?

A. A redundant array of inexpensive disks (RAID)

B. Uninterruptible power supplies (UPSs)

C. Load balancing

D. Power generators

54 / 138

How does an effective asset management system contribute in reducing architecture and design weaknesses within an organization?

A. It ensures that all purchases go through an approval process

B. It implements RFID tags on all devices

C. It reduces the number of devices purchased

D. It prevents users from leaving the company with mobile devices

55 / 138

What is the primary role of an Uninterruptible Power Supply (UPS) in a mission-critical system?

A. It provides long-term power during extended outages.

B. It powers a device if the primary power supply fails.

C. It provides both positive and negative voltage to devices.

D. It offers short-term power and protects against power fluctuations.

56 / 138

What is a primary difference between a NAS and a SAN?

A. A NAS requires dedicated hardware and uses different protocols such as TCP and IP.

B. A SAN uses standard network protocols such as TCP and IP.

C. A SAN requires dedicated hardware and uses protocols such as Fibre Channel.

D. Both A and C are correct.

57 / 138

In fire suppression, ’remove the oxygen’ primarily means

A. Reducing the amount of air in the room

B. Using a gas like carbon dioxide to displace oxygen

C. Using an exhaust system to remove smoke

D. Increasing pressure to decrease oxygen levels

58 / 138

If a system crashes on Wednesday morning, how many tapes would administrators need to recover the data in the case of a Full/Differential backup set?

A. One tape

B. Two tapes

C. Three tapes

D. Four tapes

59 / 138

What is the major difference between RAID-5 and RAID-6 systems?

A. RAID-5 system requires more disks than RAID-6

B. RAID-6 system can survive the failure of two disks while RAID-5 cannot

C. RAID-5 system includes parity information while RAID-6 does not

D. RAID-6 system provides fault tolerance while RAID-5 does not

60 / 138

What is the primary use of a Faraday cage?

A. To amplify RF signals

B. To prevent RF signals from entering into or emanating beyond a room

C. To enable cell phones to work in elevators

D. To create an air gap for physical security

61 / 138

What is the purpose of the ’After-action report’ phase in a disaster recovery process?

A. To activate the disaster recovery plan.

B. To implement contingencies and move critical functions to alternate sites.

C. To review the disaster and the response, often including a lessons learned review to identify what went right and wrong.

D. To recover critical systems using the prioritization listed in the disaster recovery plan.

62 / 138

What is the main use of Disk Multipath?

A. To provide a singular data transfer path to and from the storage hardware

B. To provide a separate data transfer path to and from the storage hardware for redundancy and increased performance

C. To simplify a storage area network (SAN) using Fibre Channel

D. To decrease the complexity and cost of setting up a SAN using Fibre Channel

63 / 138

What is a unique feature of managed power distribution units (PDUs)?

A. They provide both positive voltage and negative voltage to devices.

B. They provide long-term power during extended outages.

C. They monitor the quality of power such as voltage, current, and power consumption and report these measurements to a central monitoring console.

D. They provide short-term power and can protect against power fluctuations.

64 / 138

Which system resource is usually upgraded by administrators to improve performance and redundancy?

A. Processor

B. Memory

C. Disk

D. Network interface

65 / 138

What is industrial camouflage as used in the context of physical security controls?

A. Use of encryption to hide data.

B. Use of materials to conceal items or disguise them as something else.

C. Applying digital effects to hide anomalies in surveillance footage.

D. A type of security software that obfuscates the true nature of data.

66 / 138

Which of the following best describes how to test site resiliency in the context of business continuity plans?

A. Take a primary server node offline to check if another node within the cluster assumes its role.

B. Restore backup data to verify the correctness and completeness of backups.

C. Move some of the functionality to the alternate site and ensure the alternate site works as intended.

D. Rebuild a server using a test system without impacting the active system.

67 / 138

What is the key difference between a walk-through and a tabletop exercise when testing Business Continuity Plans (BCPs)?

A. A walk-through is a discussion-based scenario, while a tabletop exercise involves actual testing

B. A walk-through is training provided to personnel in a classroom setting before a tabletop exercise, while a tabletop exercise is a discussion-based event exploring scenarios

C. A walk-through involves going through the actual steps of an exercise in a simulated environment, while a tabletop exercise does not

D. A walk-through requires the active participation of all team members, while a tabletop exercise only needs a coordinator

68 / 138

What is a simulation in the context of Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs)?

A. A discussion-based exercise where participants identify their responses to hypothetical scenarios

B. Training provided to personnel in a classroom setting before a tabletop exercise

C. An exercise allowing personnel to go through the actual steps of the plan in a simulated environment

D. A testing method where participants rebuild a server using a live system

69 / 138

What is a crucial consideration when implementing door access systems in case of a fire?

A. Doors should automatically lock.

B. Doors should need a special code to exit.

C. Doors should allow personnel to exit without any form of authentication.

D. Doors should need biometric authentication to exit.

70 / 138

Which of the following best describes a ’warm site’ in the context of disaster recovery?

A. An expensive solution that includes all necessary hardware and up-to-date data

B. A cost-effective solution but takes too long to configure for full operation

C. A compromise that might include necessary hardware but not necessarily up-to-date data

D. A solution that includes only up-to-date data but not the necessary hardware

71 / 138

What is the purpose of moisture detection in physical security controls?

A. To detect when noise levels exceed a certain level

B. To maintain proper temperature and humidity values in HVAC systems

C. To alert on any movement within an area

D. To detect flood events in organizations located within flood zones

72 / 138

What is control diversity in the context of defense in depth or layered security?

A. Use of different security control types

B. Use of security controls from different vendors

C. Use of different technologies to protect an environment

D. Use of two firewalls from different vendors in a screened subnet

73 / 138

What is the primary difference between a NAS and a SAN in term of system setup and protocols used?

A. NAS requires specialized protocols like Fiber Channel while SAN uses standard network protocols like TCP and IP

B. NAS requires dedicated hardware and uses standard network protocols like TCP and IP, while SAN uses different protocols such as Fibre Channel

C. SAN makes use of Linux while NAS utilises Windows

D. NAS is used for block-level data storage while SAN is used for file-based data storage

74 / 138

What does ’Data sovereignty’ refer to in the context of data backups?

A. The concept of data being free and independent

B. The legal implications when data is stored off-site in another country

C. The geographical location of data

D. The integrity of backup data

75 / 138

What is the key focus of Continuity of Operations Planning (COOP)?

A. Training employees on disaster response

B. Restoring mission-essential functions at a recovery site after an outage

C. Keeping the primary location operational at all times

D. Moving all operations to the alternate site permanently

76 / 138

Which step in the disaster recovery process involves moving critical functions to alternate sites if required and retrieving off-site backups?

A. Implement contingencies

B. Activate the disaster recovery plan

C. Test recovered systems

D. After-action report

77 / 138

What is the role of signage in physical security controls?

A. It completely prevents unauthorized access

B. It is used to notify people about restricted areas

C. It aids in electronic surveillance

D. It forms the majority of an organization’s security arrangements

78 / 138

What is the essential benefit of RAID-1 (mirroring) configuration mentioned in the text?

A. The storage space is doubled

B. It enhances the speed of the system

C. It allows the system to operate without any data loss even if half of the drives fail

D. It uses an additional disk controller to manage all the drives

79 / 138

Which of the following is NOT a method used to enhance the effectiveness of fencing, lighting, and alarms in physical security?

A. Combining them with motion detection

B. Positioning lights high enough so that they can’t be reached

C. Using temperature detection via infrared

D. Using sound waves to detect movements

80 / 138

What is the main advantage of online backups, as compared to offline backups?

A. They are less expensive

B. They offer faster access to the data

C. They are stored in the cloud and can be accessed from anywhere

D. They don’t need any backup media

81 / 138

What differentiates an internal disaster from an external disaster in the context of business continuity planning?

A. An internal disaster refers to natural disasters while an external disaster refers to person-made disasters.

B. An internal disaster refers to disasters that impact the stability of power or communication lines while an external disaster refers to disasters that can cause data loss.

C. An internal disaster refers to disasters that occur within an organization while an external disaster refers to disasters that occur outside of an organization but still impact the organization.

D. An internal disaster refers to disasters that can cause hardware failure while an external disaster refers to disasters that can cause software failures.

82 / 138

What is a malicious flash drive and how is it used?

A. It is a drive that contains malware intended to infect a computer when plugged in; often left in easily accessible areas to entice user’s to plug them in

B. It is a harmless device used by hackers to transport data

C. It is a type of drive that mimics a USB, but has software designed to protect a computer against hackers

D. It is a drive used by law enforcement to collect evidence in cybercrime investigations

83 / 138

Which backup type captures all data that has changed since the last full or incremental backup?

A. Full backup

B. Differential backup

C. Incremental backup

D. Snapshot and image backup

84 / 138

Which of the following is NOT a physical security control?

A. A hardware lock

B. A security camera

C. A software firewall

D. A fence

85 / 138

What is the rationale behind the practice of vendor diversity in implementing security controls?

A. It’s cheaper to use different vendors

B. It increases the complexity of the network

C. It ensures that if one firewall has a vulnerability, it’s unlikely the other will at the same time

D. It ensures that all security controls are from a trusted source

86 / 138

Which power redundancy option can provide protection against power fluctuations and gives computing devices enough time to perform a logical shutdown?

A. Uninterruptible power supplies

B. Dual supply

C. Generators

D. Managed power distribution units

87 / 138

Why is it rare to do a full backup on a daily basis in most production environments?

A. The backup process has no impact on operations

B. Administrators have unlimited time to do backups

C. A full backup can interfere with operations and require significant time

D. Full backups are not necessary

88 / 138

What does the ’Disrupt the chain reaction’ fire suppression method entail?

A. Using water to cool down the fire.

B. Replacing oxygen with a gas like CO2.

C. Waiting for the material causing the fire to be burned completely.

D. Using certain chemicals to stop the chain reaction of fires.

89 / 138

Which of the following is NOT a type of physical security control discussed in the text?

A. Identification badges

B. Locking cabinets

C. Server rooms

D. Facial recognition systems

90 / 138

Which of the following methods can reduce the risk of an attacker accessing the data cables to capture network traffic?

A. Connecting cables with an adapter

B. Running cables through a false ceiling or a raised floor

C. Keeping cables near EMI sources

D. Running cables through cable troughs or wiring ducts

91 / 138

According to the text, what is the purpose of performing a test restore?

A. To retrieve data for users who lost their files.

B. To ensure you can recover data from a backup during a crisis.

C. To practice your system repair skills.

D. To make sure you have enough storage space for backups.

92 / 138

What is the main function of a malicious USB cable?

A. It blocks access to the computer

B. It sends random commands to the computer

C. It receives commands from wireless devices and sends them to the computer

D. It prevents physical input devices from communicating with the computer

93 / 138

Which of the following best describes a mobile site in the context of site variations?

A. A site that is identical to the primary location and provides 100 percent availability

B. A transportable unit that contains all of the equipment needed for specific requirements

C. A site that can be up and operational within an hour

D. A site that uses real-time transfers to send modifications from the primary location

94 / 138

What is one of the key vulnerabilities that an effective asset management system can reduce in an organization?

A. Communication issues among the IT team

B. System sprawl and undocumented assets

C. User accessibility and friendliness of the systems

D. The speed of system execution

95 / 138

Why are backups still necessary even when protective measures such as RAID-1 or RAID-10 are in place?

A. RAID can prevent ransomware attacks

B. Backups and RAID serve the same purpose

C. Data in RAID is safe from physical destruction

D. If a fire destroys a server, it also destroys the data on the RAID

96 / 138

What does the ’Recovery Time Objective’ (RTO) refer to in a business continuity planning context?

A. The amount of profit generated during a system outage

B. The maximum acceptable duration of a system outage

C. The exact time a system outage is expected to occur

D. The interval at which system outages are monitored

97 / 138

What is the rationale behind having specific requirements relating to the distance between an organization’s main site and off-site backup location?

A. To make sure that the backups are not easily accessible

B. To ensure that a disaster at the main site does not impact the backup’s location

C. To comply with governing laws and regulations

D. To avoid data sovereignty issues

98 / 138

Which of the following recovery sites would be best utilized in the event of a catastrophic failure?

A. Mobile sites

B. Warm sites

C. Mirrored sites

D. Hot sites

99 / 138

What is one of the advantages of using biometric methods in an access control system?

A. They can run without electricity

B. They provide both identification and authentication

C. They function even without internet connection

D. They use less memory than standard locks

100 / 138

Which of the following is a potential challenge with physical cipher locks?

A. They can’t be electronic

B. They can’t be used with multiple users

C. They identify all users

D. Users might give out the cipher code to unauthorized individuals

101 / 138

What is a use case for safes in an office setting according to the CompTIA Security+ SY0-701 guidance?

A. To store employee personal effects

B. To store smaller devices such as USB drives and possibly laptops when not in use

C. To provide a decorative element in the office

D. To store food and drinks

102 / 138

What is meant by ’Remove the fuel’ in relation to fire-suppression methods?

A. Using chemical agents to cool down the fire

B. Using a gas to displace the oxygen feeding the fire

C. Allowing the material to burn out to quench the fire

D. Disrupting the chain reaction to stop the fire

103 / 138

What is the purpose of two-person integrity in security control?

A. It requires at least two authorized individuals to grant access to encrypted communication material

B. It allows two security personnel to communicate with intruders using video and two-way audio

C. It gives two people the power to launch nuclear weapons

D. It prevents security guards from checking people’s identities against an access control list

104 / 138

Which of the following is not a type of physical security control sensor described?

A. Motion detection

B. Noise detection

C. Proximity reader

D. Fingerprint scanner

105 / 138

What is the function of an inactive server in an active/passive configuration of load balancers?

A. It takes over when the active server fails

B. It functions along side the active server to distribute the load

C. It monitors the active server without any other function

D. It serves as a backup storage for the active server

106 / 138

What are the two possible outcomes of a test restore and why are both considered good?

A. The test succeeds and the backup process is verified or the test fails and a problem is identified that can be fixed before an actual data loss

B. The test succeeds and all backups are deemed valid or the test fails and it’s assumed the backup process is flawed

C. The test succeeds but many backups may still be invalid or the test fails and no matter what, data lost can’t be restored

D. The test succeeds or fails randomly and this indicates the stability of the IT environment

107 / 138

What is the significance of temperature sensors in a HVAC system?

A. They ensure that computing systems are kept cool.

B. They are used to control the lights.

C. They are used to set off alarms.

D. They are used for motion detection.

108 / 138

What is the primary use of a snapshot backup?

A. Rapidly recover from updates that lead to problems

B. Recover deleted files

C. Perform network security audits

D. Optimize system performance

109 / 138

What is the primary purpose of a tabletop exercise in business continuity planning and disaster recovery planning?

A. To execute the steps of the plan.

B. To discuss scenarios and identify how team members would respond.

C. To demonstrate the amount of time it will take to execute the plan.

D. To provide training to personnel prior to an exercise or to create a formal test plan.

110 / 138

Which of the following is a correct statement regarding the use of motion detection sensors in organizations?

A. Motion detection sensors are always enabled and turn on lights at full capacity at all times.

B. Motion detection sensors are used to detect changes in temperature.

C. Motion detection sensors turn off automatically at dusk and turn on at dawn.

D. Motion detection sensors are only enabled when an area is empty and can trigger alarms when they detect any movement.

111 / 138

What are some methods an organization may use to provide physical security to secure work areas?

A. Implement hardware locks, identification badges, and security cameras

B. Control entry and exit points by posting security guards

C. Restrict access to internal work areas, allowing only authorized personnel

D. All of the above

112 / 138

What is one of the steps included in the phases of a disaster recovery process after a disaster has passed?

A. Panic and try to solve everything at once

B. Shut down all remaining systems

C. Recover critical systems

D. Ignore any change management documentation

113 / 138

What are mission-essential functions ?

A. They are functions that can be delayed during a disaster

B. They are the activities that must continue or be restored quickly after a disaster

C. They are non-critical systems of an organization

D. They are functions that are non-essential to an organization’s mission

114 / 138

What does a disaster recovery plan (DRP) usually involve?

A. Activation of the DRP, with contingency implementation, recovery of critical systems, testing of recovered systems, and an after-action report

B. Continuous testing and modification of systems

C. Immediate deployment of alternate sites, without any prioritization

D. Complete isolation of affected systems without recovery attempts

115 / 138

What is the difference between Mean Time Between Failures (MTBF) and Mean Time To Repair (MTTR)?

A. MTBF identifies the average time it takes to restore a failed system, and MTTR identifies the average time between failures

B. MTBF identifies the average time between failures and is a measure of a system’s reliability, whereas MTTR identifies the average time to restore a failed system

C. MTBF and MTTR both measure the time it takes to repair a failed system

D. MTBF works towards predicting potential outages, whereas MTTR is a guarantee on restoration time

116 / 138

What is a possible use of a CCTV system in the workplace that was mentioned in the text?

A. To monitor employee productivity

B. To provide reliable proof of a person’s location and activity

C. To capture images for promotional materials

D. To relay live video feeds to the public

117 / 138

What is one potential method of physical attacks as mentioned in the text?

A. Using duplicate keys to access secure areas

B. Creating a physical diversion to distract from the attack

C. Utilizing smaller devices that appear to be normal but can install malware or steal data

D. Physically overpowering security personnel

118 / 138

What does the term ’air gap’ in computer security refer to?

A. It refers to the physical distance between two servers.

B. It is the isolation of a computer or network from another for security purposes.

C. It refers to the period of time during which a system is shut down for maintenance.

D. It is a type of malware that targets network cables.

119 / 138

What does a disaster recovery plan (DRP) help an organization to identify?

A. How to prevent a disaster from happening

B. How to recover critical systems and data after a disaster

C. The exact time a disaster will occur

D. How to avoid performing a business impact analysis

120 / 138

What is a common multifactor authentication method used with proximity cards in securing door access?

A. Combining proxmity card with a passport

B. Combining proximity card with a fingerprint scan

C. Combining proximity card with a personal identification number (PIN)

D. Combining proximity card with facial recognition scan

121 / 138

What would happen to the air circulation in a data center if all cabinets had their fronts facing the same way without a hot/cold aisle design?

A. The back row would have cooler air coming in the front than the front row

B. The hot air pumping out the back of one row of cabinets would be sent to the front of the cabinets behind them

C. The temperature would remain uniform throughout all rows

D. The cool air would be pumped through the back of the cabinets

122 / 138

Why is off-site storage important in backup policy?

A. To allow for immediate access to the data

B. To provide a redundant copy of the data in case of a disaster at the primary site

C. To comply with data sovereignty laws

D. Because it typically costs less than on-site storage

123 / 138

What does the term ’Full backup’ refer to in relation to backup utilities?

A. It backs up all the data that has changed or is different since the last full backup

B. It backs up all the data that has changed since the last full or incremental backup

C. It captures the data at a point in time

D. It backs up all the selected data

124 / 138

What is one of the potential benefits of using a USB disk drive for copy backups as stated in the text?

A. The USB disk drive cannot be infected with malware

B. If the USB disk drive is disconnected after copying files, the malware cannot reach them

C. It increases the speed of the backup process

D. It allows for automatic backups

125 / 138

What data does a differential backup capture?

A. Only the data that has changed since the last differential backup.

B. All the data that has changed or is different since the last full backup.

C. Same data captured in a full backup.

D. Data at a particular point in time.

126 / 138

What is the minimum number of drives that can be used in a RAID-10 configuration?

A. Two

B. Four

C. Six

D. Eight

127 / 138

How do proximity cards function in terms of being powered and transmitting information to a reader?

A. They require regular charging via a USB port and transmit data via a wired connection.

B. They use an inbuilt battery and transmit data wirelessly using Bluetooth.

C. They contain a capacitor and a coil that can accept a charge from the proximity card reader and transmit information to the reader via radio frequency.

D. They must be manually powered on before use and transmit data via infrared signals.

128 / 138

What is the function of a proximity reader in a physical security system?

A. It detects changes in temperature and humidity

B. It is used with proximity cards for access points

C. It detects motion and can automatically turn lights on or off

D. It detects noise levels that exceed a certain point

129 / 138

What is the function of a dual power supply in the context of power redundancies?

A. It provides both positive voltage and negative voltage to devices.

B. It is a second power supply that powers a device if the primary power supply fails.

C. It monitors the quality of power such as voltage, current, and power consumption.

D. It provides short-term power and protects against power fluctuations.

130 / 138

What does a differential backup strategy do?

A. Backs up only the data that changed since the last differential backup

B. Backs up data that has not changed since the last full backup

C. Backs up data that has changed or is different since the last full backup

D. Backs up all data, regardless of whether it has changed since the last full backup

131 / 138

Why are full backups not typically performed on a daily basis in most production environments?

A. Full backups take too long to perform and can interfere with operations.

B. Full backups are too straightforward and easy to perform.

C. Full backups do not provide enough data protection.

D. Full backups are not compatible with most backup programs.

132 / 138

What is the purpose of a disaster recovery plan (DRP)?

A. To recover non-critical systems after a disaster

B. To prioritize the restoration of support services after an outage

C. To identify how to recover critical systems and data after a disaster

D. To ensure that non-critical systems are not affected by a disaster

133 / 138

What are the primary requirements of a cold site based on the provided description?

A. Running IT equipment, data, and software

B. Power and connectivity

C. Operational sites with tents, antennas, and cables

D. Buildings with suitable infrastructure

134 / 138

How can server redundancy be tested in a business continuity plan or disaster recovery plan?

A. By restoring backup data

B. By moving the functionality to an alternate site

C. By taking a primary node offline in an active/passive load balancing server

D. Through a tabletop exercise

135 / 138

What does a Tabletop Exercise entail in the context of Business Continuity Plans and Disaster Recovery Plans testing?

A. It is a discussion-based exercise where participants sit around a table and talk through one or more scenarios

B. It is a hands-on exercise where participants navigate through the actual steps in a simulated environment

C. It consists of training provided to personnel in a classroom setting before a formal test

D. It involves participants following steps to rebuild a server using a live system

136 / 138

What is the function of noise detection sensors?

A. They are used to adjust the intensity of lights based on motion detected.

B. They detect changes in temperature and humidity levels.

C. They are used to detect any noise or when noise exceeds a certain level.

D. They are used to detect proximity of a card to a card reader.

137 / 138

What are the main elements included in a business continuity plan (BCP)?

A. Disaster recovery and impact prediction

B. Financial planning and budget analysis

C. Employee management and recruitment

D. Product development and marketing strategies

138 / 138

What are the factors an organization should consider when setting a backup policy?

A. What data to back up, frequency of backing up, how to test backups, retention period, and legal implications

B. The logistics of moving data off-site, the cost of backup media, and the cost of storage

C. The data center’s proximity to the office, the internet speed at the backup site, and the backup software’s user interface

D. The size of the backup media, the backup media’s lifespan, and the backup software’s ease of use

Your score is

Dowload the FREE OFFLINE Version of this Test Bank

Boost your cybersecurity skills! Click to download the CompTIA Security+ Practice Anki deck.

Boost your IT skills with our free CompTIA Security+ practice test focusing on Chapter 09: Implementing Controls to Protect Assets. Whether you’re entering the IT industry or advancing in cyber security, our resources are here to help you succeed in the CompTIA Exam.

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement:

Covers essential techniques for implementing controls to protect assets crucial for the CompTIA Exam.

Career Advancement:

Passing the CompTIA Security+ exam can open doors to new job opportunities and significant career changes in the IT industry.

Vulnerability Management:

Master the art of implementing asset protection controls, a key skill in cyber security.

Free Anki Deck Download

Download our free Anki Deck, reviewed by industry expert Josh Madakor, who has extensive experience in IT and cyber security, including work with Microsoft and government sectors. Learn more about Anki on the official site.

Get Started with Your IT Career Change Today!

Visit the CompTIA Security+ official site and the CompTIA Network+ official site for more information.

Chapter 09 – Implementing Controls to Protect Assets

Dowload the FREE OFFLINE Version of this Test Bank

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement:

Career Advancement:

Vulnerability Management:

Free Anki Deck Download

Explore our other free practice tests:

Related Posts

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

The Affordable, Hands-On Cyber Security that gets Results!

JOIN OUR

NEWSLETTER