Chapter 09 – Implementing Controls to Protect Assets

Ref: CompTIA Security Plus Get Certified Get Ahead SY0-701 Study Guide

CompTIA Security+ (SY0-701) – Chapter 9

1 / 138

What is one example of a physical security control that can be placed on a server room?

2 / 138

What is one of the key vulnerabilities that an effective asset management system can reduce in an organization?

3 / 138

What is a use case for safes in an office setting according to the CompTIA Security+ SY0-701 guidance?

4 / 138

Which of the following best describes a hot site in the context of disaster recovery planning?

5 / 138

Which of the following is a benefit of using disk storage for backups?

6 / 138

Which of the following statements about drones is FALSE?

7 / 138

Which system resource is usually upgraded by administrators to improve performance and redundancy?

8 / 138

What is the main difference between card skimming and card cloning?

9 / 138

Which power redundancy option can provide protection against power fluctuations and gives computing devices enough time to perform a logical shutdown?

10 / 138

What is the difference between Mean Time Between Failures (MTBF) and Mean Time To Repair (MTTR)?

11 / 138

What is the function of generators in the context of power redundancies?

12 / 138

What is a crucial consideration when implementing door access systems in case of a fire?

13 / 138

What is a possible use of a CCTV system in the workplace that was mentioned in the text?

14 / 138

What is the main purpose of ’Two-person integrity’ in an organization’s security scenario?

15 / 138

Why are backups still necessary even when protective measures such as RAID-1 or RAID-10 are in place?

16 / 138

What is a unique feature of managed power distribution units (PDUs)?

17 / 138

What is the primary difference between a Network-attached storage (NAS) and a Storage area network (SAN)?

18 / 138

What is a simulation in the context of Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs)?

19 / 138

What does an incremental backup strategy do after the full backup?

20 / 138

What is one potential method of physical attacks as mentioned in the text?

21 / 138

What is one of the steps included in the phases of a disaster recovery process after a disaster has passed?

22 / 138

What is the primary use of a Faraday cage?

23 / 138

If a system crashes on Wednesday morning, how many tapes would administrators need to recover the data in the case of a Full/Differential backup set?

24 / 138

How can an effective asset management system help mitigate system sprawl and undocumented assets?

25 / 138

What is the primary purpose of a tabletop exercise in business continuity planning and disaster recovery planning?

26 / 138

What is the function of an inactive server in an active/passive configuration of load balancers?

27 / 138

What is the rationale behind the practice of vendor diversity in implementing security controls?

28 / 138

Which of the following is a correct statement regarding the use of motion detection sensors in organizations?

29 / 138

Which of the following methods can reduce the risk of an attacker accessing the data cables to capture network traffic?

30 / 138

Why should water never be used on an electrical fire during fire suppression?

31 / 138

Why are full backups not typically performed on a daily basis in most production environments?

32 / 138

What is the main benefit of adding redundancy into your systems and networks?

33 / 138

What is one of the potential benefits of using a USB disk drive for copy backups as stated in the text?

34 / 138

What is a snapshot backup?

35 / 138

What is the essential benefit of RAID-1 (mirroring) configuration mentioned in the text?

36 / 138

What is the primary use of physical locks in the context of security?

37 / 138

What does ’Data sovereignty’ refer to in the context of data backups?

38 / 138

What is the primary use of a snapshot backup?

39 / 138

What are some differences between walkthroughs, tabletop exercises, and simulations in the context of testing business continuity plans and disaster recovery plans?

40 / 138

Which of the following is a potential challenge with physical cipher locks?

41 / 138

What is a common multifactor authentication method used with proximity cards in securing door access?

42 / 138

Which of the following is NOT commonly used as a physical security control?

43 / 138

Which of the following is NOT a method used to enhance the effectiveness of fencing, lighting, and alarms in physical security?

44 / 138

What is the key benefit of adding redundancy to systems and networks in terms of system functionality?

45 / 138

What is considered best practice when returning functions to the primary site after a disaster?

46 / 138

What is meant by the term ’Recovery Point Objective’ in the context of system backup and recovery strategies?

47 / 138

What are the main elements included in a business continuity plan (BCP)?

48 / 138

What do cards and badges work in tandem with to provide access?

49 / 138

According to the text, what are the four components of a fire that fire suppression methods attempt to remove or disrupt?

50 / 138

What is the function of a dual power supply in the context of power redundancies?

51 / 138

What is the major difference between RAID-5 and RAID-6 systems?

52 / 138

What does the concept of ’Technology diversity’ in security refer to?

53 / 138

What is the key focus of Continuity of Operations Planning (COOP)?

54 / 138

What is the function of noise detection sensors?

55 / 138

What is the purpose of moisture detection in physical security controls?

56 / 138

What are the factors an organization should consider when setting a backup policy?

57 / 138

What does the term ’Full backup’ refer to in relation to backup utilities?

58 / 138

Which of the following recovery sites would be best utilized in the event of a catastrophic failure?

59 / 138

What would happen to the air circulation in a data center if all cabinets had their fronts facing the same way without a hot/cold aisle design?

60 / 138

What can cause a person to become a single point of failure within an organization?

61 / 138

What is the purpose of adding redundancy into systems and networks?

62 / 138

How can server redundancy be tested in a business continuity plan or disaster recovery plan?

63 / 138

What is one way to validate a backup?

64 / 138

What differentiates an internal disaster from an external disaster in the context of business continuity planning?

65 / 138

Why is it rare to do a full backup on a daily basis in most production environments?

66 / 138

What are the main purposes of using load balancing in a network configuration?

67 / 138

What is one of the advantages of using biometric methods in an access control system?

68 / 138

What is the purpose of two-person integrity in security control?

69 / 138

What is a single point of failure in a system and how can it be mitigated?

70 / 138

Which of the following is NOT a physical security control?

71 / 138

What is the key purpose of testing backups?

72 / 138

Which of the following correctly describes ’Person-made’ disasters?

73 / 138

What are mission-essential functions ?

74 / 138

In fire suppression, ’remove the oxygen’ primarily means

75 / 138

How does an effective asset management system contribute in reducing architecture and design weaknesses within an organization?

76 / 138

What does a differential backup strategy do?

77 / 138

What is the function of a proximity reader in a physical security system?

78 / 138

Which of the following best describes a ’warm site’ in the context of disaster recovery?

79 / 138

What is a malicious flash drive and how is it used?

80 / 138

What is industrial camouflage as used in the context of physical security controls?

81 / 138

If a system crashes on Thursday morning, how should the administrators restore the data from full/incremental backups?

82 / 138

Why are daily full backups rare in most production environments?

83 / 138

Which of the following best describes a mobile site in the context of site variations?

84 / 138

What is the role of signage in physical security controls?

85 / 138

What data does a differential backup capture?

86 / 138

What does a Business Impact Analysis (BIA) help an organization to identify?

87 / 138

What is a primary difference between a NAS and a SAN?

88 / 138

Which step in the disaster recovery process involves moving critical functions to alternate sites if required and retrieving off-site backups?

89 / 138

What does an incremental backup do?

90 / 138

How do proximity cards function in terms of being powered and transmitting information to a reader?

91 / 138

What type of backup strategy is best suited for an organization that wishes to recover failed systems quickly?

92 / 138

What is the main use of Disk Multipath?

93 / 138

Why do organizations provide additional physical security for server rooms?

94 / 138

What is the purpose of defense in depth?

95 / 138

What is a characteristic of a RAID-0 (striping) setup?

96 / 138

Which of the following is NOT a type of physical security control discussed in the text?

97 / 138

What is the purpose of a disaster recovery plan (DRP)?

98 / 138

What does data sovereignty refer to in the context of data backup policy?

99 / 138

What provides fault tolerance for hard drives and is considered a relatively inexpensive method of adding fault tolerance to a system?

100 / 138

What does the ’Recovery Time Objective’ (RTO) refer to in a business continuity planning context?

101 / 138

What does a disaster recovery plan (DRP) usually involve?

102 / 138

Why is off-site storage important in backup policy?

103 / 138

What does the ’Disrupt the chain reaction’ fire suppression method entail?

104 / 138

What is control diversity in the context of defense in depth or layered security?

105 / 138

What does a BIA attempt to identify when evaluating the impact of various scenarios such as natural disasters, fires, attacks, power outages, data loss, and hardware and software failures?

106 / 138

What is the topic discussed in this section of the Security+ SY0-701 study material?

107 / 138

What are the two possible outcomes of a test restore and why are both considered good?

108 / 138

Which of the following is not a type of physical security control sensor described?

109 / 138

What is the primary role of an Uninterruptible Power Supply (UPS) in a mission-critical system?

110 / 138

What is the primary purpose of a vault in the context of information security?

111 / 138

What is the key difference between a walk-through and a tabletop exercise when testing Business Continuity Plans (BCPs)?

112 / 138

What is the significance of temperature sensors in a HVAC system?

113 / 138

What does a Tabletop Exercise entail in the context of Business Continuity Plans and Disaster Recovery Plans testing?

114 / 138

What is the purpose of a Redundant Array of Independent Disks (RAID)?

115 / 138

What are some methods an organization may use to provide physical security to secure work areas?

116 / 138

What does a site risk assessment focus on in the context of risk management?

117 / 138

What do bollards provide for businesses and organizations?

118 / 138

What is meant by ’Remove the fuel’ in relation to fire-suppression methods?

119 / 138

In which scenario is restoring a full backup the fastest and simplest?

120 / 138

How do computer cable locks function in preventing theft of computers?

121 / 138

What is the purpose of the ’After-action report’ phase in a disaster recovery process?

122 / 138

Which of the following best describes how to test site resiliency in the context of business continuity plans?

123 / 138

What provides fault tolerance for critical servers in case of a single point of failure?

124 / 138

What is the minimum number of drives that can be used in a RAID-10 configuration?

125 / 138

What does the term ’air gap’ in computer security refer to?

126 / 138

What does the term ’high availability’ refer to in relation to server redundancy?

127 / 138

What is the main purpose of NIC teaming?

128 / 138

What factors should an organization consider while selecting a backup location?

129 / 138

What are the primary requirements of a cold site based on the provided description?

130 / 138

What is the main advantage of online backups, as compared to offline backups?

131 / 138

What is the purpose of a business continuity plan (BCP)?

132 / 138

What is the main function of a malicious USB cable?

133 / 138

What is the primary difference between a NAS and a SAN in term of system setup and protocols used?

134 / 138

What is the rationale behind having specific requirements relating to the distance between an organization’s main site and off-site backup location?

135 / 138

What is a primary difference between a Network-Attached Storage (NAS) and a Storage Area Network (SAN)?

136 / 138

What does a disaster recovery plan (DRP) help an organization to identify?

137 / 138

According to the text, what is the purpose of performing a test restore?

138 / 138

Which backup type captures all data that has changed since the last full or incremental backup?

Your score is

Dowload the FREE OFFLINE Version of this Test Bank

Boost your cybersecurity skills! Click to download the CompTIA Security+ Practice Anki deck.

Anki deck of CompTIA A+ Practice Questions images

Boost your IT skills with our free CompTIA Security+ practice test focusing on Chapter 09: Implementing Controls to Protect Assets. Whether you’re entering the IT industry or advancing in cyber security, our resources are here to help you succeed in the CompTIA Exam.

Why Choose Our CompTIA Security+ Practice Test?

  • Skill Enhancement:

Covers essential techniques for implementing controls to protect assets crucial for the CompTIA Exam.

  • Career Advancement:

Passing the CompTIA Security+ exam can open doors to new job opportunities and significant career changes in the IT industry.

  • Vulnerability Management:

Master the art of implementing asset protection controls, a key skill in cyber security.

Free Anki Deck Download

Download our free Anki Deck, reviewed by industry expert Josh Madakor, who has extensive experience in IT and cyber security, including work with Microsoft and government sectors. Learn more about Anki on the official site.

Get Started with Your IT Career Change Today!

Visit the CompTIA Security+ official site and the CompTIA Network+ official site for more information.

 
Explore our other free practice tests:
Share the Post:

Related Posts

RSS  
  • Discover How to Work Remotely and Travel!
    Have you ever dreamed about working from beautiful places like Thailand or Japan, but weren’t sure if it’s possible? I’m here to share my adventures and some tips on how to make working remotely while exploring the world a reality.  Who Am I? My name is Josh, and I’m all about creating helpful content on […]
  • Why Contract Work in IT Can Be a Good Start for Your Career
    Hey buddies! Are you curious about what it’s like to work in IT and cyber security? Well, you’re in luck because today we’re diving into the world of contract work and how it might just be the jumpstart your career needed! Getting Into the World of Contract Work in IT Josh, an expert in IT […]
  • Is Cyber Security a Career That Will Last Forever?
    Hey everyone! Have you ever wondered if choosing a career in cyber security is a good idea for the long haul? Well, let’s dive into this topic with the help of Josh Maor’s insights, and find out why cyber security might just be one of the smartest career choices out there. What Is Cyber Security? […]
IT Course

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

Ready to get started your journey?
Cyber Course

The Affordable, Hands-On Cyber Security that gets Results!

Ready to get started your journey?

JOIN OUR

NEWSLETTER

Sign up for our free newsletters.

by joining 8000+ others in my weekly newsletter 

where you’ll get a dose of my thoughts on self-improvement, career,

and life!