Chapter 7 ■ Security Operations (Domain 7) 167
- Gordon suspects that a hacker has penetrated a system belonging to his company. The
system does not contain any regulated information, and Gordon wishes to conduct an
investigation on behalf of his company. He has permission from his supervisor to conduct
the investigation. Which of the following statements is true?
A. Gordon is legally required to contact law enforcement before beginning the investigation.
B. Gordon may not conduct his own investigation.
C. Gordon’s investigation may include examining the contents of hard disks, network
traffic, and any other systems or information belonging to the company.
D. Gordon may ethically perform “hack back” activities after identifying the perpetrator. - Which one of the following tools provides an organization with the greatest level of
protection against a software vendor going out of business?
A. Service level agreement
B. Escrow agreement
C. Mutual assistance agreement
D. PCI DSS compliance agreement - Fran is considering new human resources policies for her bank that will deter fraud. She
plans to implement a mandatory vacation policy. What is typically considered the shortest
effective length of a mandatory vacation?
A. Two d ay s
B. Four days
C. One week
D. One month - Which of the following events would constitute a security incident?
- An attempted network intrusion
- A successful database intrusion
- A malware infection
- A violation of a confidentiality policy
- An unsuccessful attempt to remove information from a secured area
A. 2 , 3, and 4
B. 1 , 2, and 3
C. 4 and 5
D. All of the above
- Which one of the following traffic types should not be blocked by an organization’s egress
filtering policy?
A. Traffic destined to a private IP address
B. Traffic with a broadcast destination
C. Traffic with a source address from an external network
D. Traffic with a destination address on an external network