Exam 2
1, add if you have time
10. The separation of network infrastructure from the control layer, combined with the ability to centrally program a network design in a vendor-neutral, standards-based implementation, is an example of what important concept?
A. MPLS, a way to replace long network addresses with shorter labels and support a wide range of protocols
MPLS (Multiprotocol Label Switching) is indeed a way to replace long network addresses with shorter labels, and it supports multiple protocols. However, it does not involve separation of the network infrastructure from the control layer in the way described in the question.
B. FCoE, a converged protocol that allows common applications over Ethernet
FCoE (Fibre Channel over Ethernet) is a protocol that allows Fibre Channel communications to run directly over Ethernet. It is primarily used in storage area networks and does not align with the description provided in the question.
C. SDN, a converged protocol that allows network virtualization
CDN (Content Delivery Network) is a system of distributed servers that deliver content, especially web content, to users based on their geographic location. This concept is not related to the central programming of a network or the separation of network infrastructure from its control layer.
D. CDN, a converged protocol that makes common network designs accessible
This is a primary feature of Software-Defined Networking (SDN). SDN decouples the control plane (which decides how to handle network traffic) from the data plane (which actually handles the traffic) allowing for centralized network management and programming.
12. Susan is worried about a complex change and wants to ensure that the organization can recover if the change does not go as planned. What should she require in her role on the organization's change advisory board (CAB)?
A. She should reject the change due to risk.
Simply rejecting a change due to potential risk without further analysis or mitigations isn't an appropriate approach. The CISSP emphasizes the importance of risk assessment and implementing controls to mitigate those risks, rather than avoidance.
B. She should require a second change review.
While a second review can be helpful in some circumstances, it doesn't directly address the concern of recovering if the change fails. The CISSP emphasizes the importance of recovery strategies and planning, rather than just additional reviews.
C. She should ensure a backout plan exists.
This is a key principle in change management. If a change doesn't go as planned, a backout plan (or rollback plan) provides steps to revert the system or application back to its previous state.
D. She should ensure a failover plan exists.
A failover plan is related to continuity of operations and disaster recovery, ensuring that if one system fails, another can take over. While this is crucial for maintaining availability, it doesn't specifically address the risk associated with a "change." It's more of a broader continuity plan.
Hint: CAB, Availability
18. What RADIUS alternative is commonly used for Cisco network gear and supports two-factor authentication?
a. RADIUS+
This is a made up term.
b. TACACS+
TACAS+ is the most version of TACAS (Terminal Access Controller Access-Control System)
c. XTACACS
XTACAS is an earlier version of TACAS and should be avoided
d. Kerberos
Kerberos is a network authentical protocol rather than a remote user authentication protocol. It is also a Microsoft product.
Hint: AAA Protocols, Kerberos
Questions 21–23 refer to the following scenario.
Hunter is the facilities manager for DataTech, a large data center management firm. He is evaluating the installation of a flood prevention system at one of DataTech’s facilities. The facility and contents are valued at $100 million. Installing the new flood prevention system would cost $10 million.
Hunter consulted with flood experts and determined that the facility lies within a 200-year flood plain and that, if a flood occurred, it would likely cause $20 million in damage to the facility.
Based on the information in this scenario, what is the exposure factor for the effect of a flood on DataTech’s data center?
2%
20%
The exposure factor is the percentage of the facility that risk managers expect will be damaged if a risk materializes. It is calculated by dividing the amount of damage by the asset value. In this case, that is $20 million in damage divided by the $100 million facility value, or 20%. The Exposure Factor (EF) represents the percentage of asset value that is expected to be lost due to a particular risk.
c. 100%
d. 200%
Based on the information in this scenario, what is the annualized rate of occurrence for a flood at DataTech’s data center?
a. 0.002
b. 0.005
c. 0.02
d. 0.05
B. The annualized rate of occurrence is the number of times each year that risk analysts expect a risk to happen in any given year. In this case, the analysts expect floods once every 200 years, or 0.005 times per year.
Based on the information in this scenario, what is the annualized loss expectancy for a flood at DataTech’s data center?
a. $40,000
b. $100,000
c. $400,000
d. $1,000,000
24. Which accounts are typically assessed during an account management assessment?
A random sample
Random samples are the second most likely choice.
Highly privileged accounts
The most frequent target of account management reviews are highly privileged accounts, as they create the greatest risk.
Recently generated accounts
Accounts that have existed for long periods of time
Accounts that have existed for a longer period of time are more likely to have a problem due to privilege creep than recently created accounts, but neither of these choices is likely unless there is a specific organizational reason to choose them.