8. c. Information system transitional states include startup, restart, shutdown, and abort. It is critical to initiate session audit work at system startup time so that the system captures and logs all the content related to a user system. These audit logs can be locally or remotely reviewed for later evidence.
9. The major reason for retaining older versions of baseline configuration is to support:
a. Roll forward
b. Rollback
c. Restart
d. Restore
9. b. A rollback is restoring a database from one point in time to an earlier point. A roll forward is restoring the database from a point in time when it is known to be correct to a later time. A restart is the resumption of the execution of a computer system using the data recorded at a checkpoint. A restore is the process of retrieving a dataset migrated to offline storage and restoring it to online storage.
10. Which of the following updates the applications software and the systems software with patches and new versions?
a. Preventive maintenance
b. Component maintenance
c. Hardware maintenance
d. Periodic maintenance
10. a. The scope of preventive maintenance includes updating applications software and systems software with patches and new versions, replacing failed hardware components, and more.
The other three choices are incorrect because they can be a part of corrective maintenance (fixing errors) or remedial maintenance (fixing faults).
11. Regarding incident handling, dynamic reconfiguration does not include changes to which of the following?
a. Router rules
b. Access control lists
c. Filter rules
d. Software libraries
11. d. Software libraries are part of access restrictions for change so changes are controlled. Dynamic reconfiguration (i.e., changes on-the-fly) can include changes to router rules, access control lists, intrusion detection and prevention systems (IDPS) parameters, and filter rules for firewalls and gateways.
12. Prior to initiating maintenance work by maintenance vendor personnel who do not have the needed security clearances and access authorization to classified information, adequate controls include:
1. Sanitize all volatile information storage components
2. Remove all nonvolatile storage media
3. Physically disconnect the storage media from the system
4. Properly secure the storage media with physical or logical access controls
a. 1 only
b. 2 only
c. 2, 3, and 4
d. 1, 2, 3, and 4
12. d. All four items are adequate controls to reduce the risk resulting from maintenance vendor personnel’s access to classified information. For handling classified information, maintenance personnel should possess security clearance levels equal to the highest level of security required for an information system.
13. A security configuration checklist is referred to as which of the following?
1. Lockdown guide
2. Hardening guide
3. Security guide
4. Benchmark guide
a. 1 and 2
b. 1 and 3
c. 2 and 3
d. 1, 2, 3, and 4
13. d. A security configuration checklist is referred to as several names, such as a lockdown guide, hardening guide, security technical implementation guide, or benchmark guide. These guides provide a series of instructions or procedures for configuring an information system’s components to meet operational needs and regulatory requirements.
14. Regarding the verification of correct operation of security functions, which of the following is the correct order of alternative actions when anomalies are discovered?
1. Report the results.
2. Notify the system administrator.
3. Shut down the system.
4. Restart the system.
a. 1, 2, 3, and 4
b. 3, 4, 2, and 1
c. 2, 1, 3, and 4
d. 2, 3, 4, and 1
14. d. The correct order of alternative actions is notify the system administrator, shut down the system, restart the system, and report the results of security function verification.
15. The audit log does not include which of the following?
a. Timestamp
b. User’s identity
c. Object’s identity
d. The results of action taken
