Security+ Study Guide-09 Implementing Controls to Protect Assets

Closed-circuit television (CCTV) or a similar video surveillance system can monitor the entrance and record who enters and exits the area.

An access control vestibule (sometimes called a mantrap) prevents tailgating, but it doesn’t necessarily identify individuals.

An access list is useful if a guard identifies users and allows access based on the access list, but the access list does not identify users.

Bollards are a type of barricade that protects building entrances.

Using a CCTV until the key card system is installed is an example of a compensating control, but all compensating controls do not identify people.

A cable lock attaches to a computer and wraps around a piece of furniture to secure it to deter and prevent theft. This is like a bike lock used to secure a bicycle to a bike rack.

A mantrap prevents tailgating but is unrelated to this question.

Anti-malware software protects the systems from viruses and other malware.

Disk encryption is useful if the computers have confidential information, but it wouldn’t be appropriate to put confidential information on a public computer.

An air gap is a physical security control that ensures that a network is physically isolated from other networks, including the Internet.

A Faraday cage prevents radio frequency (RF) signals from entering or emanating beyond an enclosure, but a network within a Faraday cage can still be connected to external networks.

Protected cable distribution practices isolate cables from electromagnetic interference (EMI) sources but don’t isolate networks.

Vaults are rooms or large compartments used to store valuables, not isolate networks.

A biometric reader used for access control, an access control vestibule (sometimes called a mantrap), and a closed-circuit television (CCTV) system all provide strong physical security for accessing a data center.

Cable locks are effective theft deterrents for mobile devices such as laptops, but they don’t protect data centers.

Heating, ventilation, and air conditioning (HVAC) systems can control the data center’s environment, but they don’t secure access.

A redundant array of independent disks 6 (RAID-6) is the best solution of the available answers. It supports two-drive failure meaning that two drives can fail in the RAID-6, and the disk subsystem will continue to operate.

RAID-0 (disk striping) doesn’t have any fault tolerance and will fail completely if a single drive fails.

RAID-1 (disk mirroring) uses only two drives. If one drive fails in a RAID-1, the data is preserved, but if two drives fail, all data is lost.

RAID-5 (striping with parity) will continue to operate if one drive fails, but all data is lost if two drives fail.

Multipath is a fault-tolerance technique that provides more than one path for a system to the data storage system. It could be two Small Computer System Interface (SCSI) controllers providing a path to SCSI disks, or two storage area network (SAN) switches providing redundant paths to the SAN.

Network interface card (NIC) teaming combines the bandwidth of two or more NICs to increase the throughput, but the NICs won't necessarily be used to access disks.

Managed power distribution units (PDUs) provide the ability to monitor energy consumption in a data center remotely.

An uninterruptible power supply (UPS) providers short term power to systems after a power failure.

Network interface card (NIC) teaming combines the bandwidth of two or more NICs to increase the throughput and would solve this problem. A storage area network (SAN) is a computer network that provides block-level data storage.

A SAN can increase disk performance, not bandwidth performance.

Multipath is a fault-tolerance technique used for data storage.

Managed power distribution units (PDUs) provide the ability to remotely monitor energy consumption in a data center.

This describes a load-balancing configuration using persistence so that a user will connect to the same application server for an entire session.

All the answers are related to load balancing, but the scenario describes load balancing with persistence, so persistence is more correct than load balancing.

An active/active load-balancing configuration indicates all the servers are handling user requests.

An active/passive load-balancing configuration has at least one server that is not actively serving clients but can take over if another server fails. However, the scenario didn’t give enough information to determine if the application servers were configured as active/active or active/passive.

An active/passive load-balancing configuration supports resilience and high availability.

An active/passive load-balancing configuration uses redundant servers to ensure a service continues to operate even if one of the servers fails.

Obfuscation methods attempt to make something unclear or difficult to understand and are not related to load balancing. Integrity methods ensure that data has not been modified.

Confidentiality methods such as encryption prevent the unauthorized disclosure of data.

Two backups are required, the full backup performed on Sunday at 12:01 a.m. and the differential backup performed on Thursday at 12:01 a.m.

If you perform only one backup, it would be the full backup. You can’t restore a differential backup without restoring the full backup first. This wouldn’t include all the changes that occurred during the week.

If you were using a full/incremental strategy, you would apply five backups: the full backup, and each of the incremental backups performed daily (Monday, Tuesday, Wednesday, and Thursday).