Which of the following would be the MOST secure firewall system?
Correct Answer: B
A screened-subnet firewall, also used as a demilitarized zone (DMZ), utilizes two packet filtering routers and a bastion host. This provides the most secure firewall system, since it supports both network- and application-level security while defining a separate DMZ network. A screened-host firewall utilizes a packet filtering router and a bastion host. This approach implements basic network layer security (packet filtering) and application server security (proxy services). A dual-homed firewall system is a more restrictive form of a screened-host firewall system, configuring one interface for information servers and another for private network host computers. A stateful inspection firewall working at the transport layer keeps track of thedestination IP address of each packet that leaves the organization's internal network and allows a reply from the recorded IP addresses.
Question 372
The objective of concurrency control in a database system is to:
Correct Answer: B
Section: Protection of Information Assets Explanation: Concurrency controls prevent data integrity problems, which can arise when two update processes access the same data item at the same time. Access controls restrict updating of the database to authorized users, and controls such as passwords prevent the inadvertent or unauthorized disclosure of data from the database. Quality controls, such as edits, ensure the accuracy, completeness and consistency of data maintained in the database.
Question 373
The purpose of business continuity planning and disaster-recovery planning is to:
Correct Answer: B
Section: Protection of Information Assets Explanation: The primary purpose of business continuity planning and disaster-recovery planning is to mitigate, or reduce, the risk and impact of a business interruption or disaster. Total elimination of risk is impossible.
Question 374
Which of the following is MOST important to include in security awareness training?
Correct Answer: A
Explanation The most important thing to include in security awareness training is how to respond to various types of suspicious activity. Security awareness training is a program that educates employees about the importance of security and how to avoid common threats and risks. One of the main objectives of security awareness training is to enable employees to recognize and report any signs of malicious or unauthorized activity, such as phishing emails, malware infections, data breaches, or social engineering attempts. By teaching employees how to respond to various types of suspicious activity, security awareness training can help to prevent or mitigate the impact of security incidents, protect the organization's assets and reputation, and comply with legal and regulatory requirements. The other options are not as important as option A. The importance of complex passwords is a useful topic, but not the most important thing to include in security awareness training. Complex passwords are passwords that are hard to guess or crack by using a combination of letters, numbers, symbols, and cases. Complex passwords can help to protect user accounts and data from unauthorized access, but they are not sufficient to prevent all types of security incidents. Moreover, complex passwords may be difficult to remember or manage by users, and may require additional measures such as password managers or multi-factor authentication. Descriptions of the organization's security infrastructure is a technical topic, but not the most important thing to include in security awareness training. Security infrastructure is the set of hardware, software, policies, and procedures that provide the foundation for the organization's security posture and capabilities. Security infrastructure may include firewalls, antivirus software, encryption tools, access control systems, backup systems, etc. Descriptions of the organization's security infrastructure may be relevant for some employees who are involved in security operations or administration, but they may not be necessary or understandable for all employees who need security awareness training. Contact information for the organization's security team is a practical detail, but not the most important thing to include in security awareness training. Security team is the group of people who are responsible for planning, implementing, monitoring, and improving the organization's security strategy and activities. Contact information for the organization's security team may be useful for employees who need to report or escalate a security issue or request a security service or support. However, contact information for the organization's security team is not enough to ensure that employees know how to respond to various types of suspicious activity. References: Security Awareness Training | SANS Security Awareness, Security Awareness Training | KnowBe4, Security Awareness Training Course (ISC)² | Coursera
Question 375
Which of the following would be the BEST criteria for monitoring an IT vendor's service levels?
