Dell EMC DES-9131 Exam Practice Test Instant Access

Question 1

When should event analysis be performed?

AOnly when requested by an auditor

BRoutinely for all events collected on a mission critical system

COnly at the discretion of an authorized security analyst

DAfter an event is triggered by the detection system

Answer : B

Question 2

What process is used to identify an organization's physical, digital, and human resource, as required in their Business Impact Analysis?

ARisk Management Strategy

BRisk Assessment

CRisk Treatment

DAsset Inventory

Answer : D

Question 3

The CSIRT team is following the existing recovery plans on non-production systems in a PRE-BREACH

scenario. This action is being executed in which function?

AProtect

BRecover

CIdentify

DRespond

Answer : A

Question 4

The CSF recommends that the Communication Plan for an IRP include audience, method of communication, frequency, and what other element?

AIncident category

BMessage criteria

CIncident severity

DTemplates to use

Answer : B

https://www.utc.edu/information-technology/pdfs/it-comm-plan-master-2017.pdf (p.4)

Question 5

An Internet-connected file server compromised by a threat that leaked all dat

AThe data was destroyed to cover all tracks. The file server has high availability capabilities to handle critical workloads. The operations team took only 15 minutes to restore workload routing to a different node.
What part(s) of the CIA Triad was affected?

AA only

BC, I

CC, A

DA, I

Answer : C

Question 6

The network security team in your company has discovered a threat that leaked partial data on a compromised file server that handles sensitive information. Containment must be initiated and addresses by the CSIRT.

Service disruption is not a concern because this server is used only to store files and does not hold any critical workload. Your company security policy required that all forensic information must be preserved.

Which actions should you take to stop data leakage and comply with requirements of the company security policy?

ADisconnect the file server from the network to stop data leakage and keep it powered on for further
analysis.

BShut down the server to stop the data leakage and power it up only for further forensic analysis.

CRestart the server to purge all malicious connections and keep it powered on for further analysis.

DCreate a firewall rule to block all external connections for this file server and keep it powered on for further analysis.

Answer : C

Question 7

A company suffers a data breach and determines that the threat actors stole or compromised 10,000 user

profiles. The company had planned for such a breach and determined the loss would be around $2 million.

Soon after restoration, the company stock suffered a 30% drop and the loss was nearly $20 million. In addition, the company received negative press.

Which area of risk did the business forget to account for?

ALitigation or Legal Risk

BReputational Risk

CVulnerability risk

DBusiness Operational Risk

Answer : A

Dell EMC DES-9131 Specialist - Infrastructure Security, Version 1.0 Exam Practice Test