Podcast
Questions and Answers
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
- determine the risk of a business interruption occurring
- determine the technological dependence of the business processes
- Identify the financial impacts of a business interruption (correct)
- Identify the operational impacts of a business interruption
Which of the following actions will reduce risk to a laptop before traveling to a high-risk area?
Which of the following actions will reduce risk to a laptop before traveling to a high-risk area?
- Change access codes
- Implement more stringent baseline configurations
- Purge or re-image the hard disk drive (correct)
- Examine the device for physical tampering
A company whose Information Technology (IT) services are being delivered from a Tier 4 data centre, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
A company whose Information Technology (IT) services are being delivered from a Tier 4 data centre, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
- Storage
- Network (correct)
- Power
- Application
Which of the following represents the GREATEST risk to data confidentiality?
Which of the following represents the GREATEST risk to data confidentiality?
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?
International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
Which of the following is MOST important when assigning ownership of an asset to a department?
Which of the following is MOST important when assigning ownership of an asset to a department?
Which one of the following affects the classification of data?
Which one of the following affects the classification of data?
An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.
Which contract is BEST in offloading the task from the IT staff?
An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests. Which contract is BEST in offloading the task from the IT staff?
In a data classification scheme, the data is owned by the
In a data classification scheme, the data is owned by the
Which of the following is an initial consideration when developing an information security management system?
Which of the following is an initial consideration when developing an information security management system?
Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?
Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?
Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?
Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?
Who in the organization is accountable for classification of data information assets?
Who in the organization is accountable for classification of data information assets?
The use of private and public encryption keys is fundamental in the implementation of which of the following?
The use of private and public encryption keys is fundamental in the implementation of which of the following?
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?
In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?
Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?
Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?
Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?
Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?
An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?
An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?
Which of the following is the BEST network defence against unknown types of attacks or stealth attacks in progress?
Which of the following is the BEST network defence against unknown types of attacks or stealth attacks in progress?
Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?
Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?
An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?
An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?
Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?
Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee’s salary?
Which one of the following transmission media is MOST effective in preventing data interception?
Which one of the following transmission media is MOST effective in preventing data interception?
Which security action should be taken FIRST when computer personnel are terminated from their jobs?
Which security action should be taken FIRST when computer personnel are terminated from their jobs?
The type of authorized interactions a subject can have with an object is
The type of authorized interactions a subject can have with an object is
Why MUST a Kerberos server be well protected from unauthorized access?
Why MUST a Kerberos server be well protected from unauthorized access?
Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?
Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router?
While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?
While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?
Why must all users be positively identified prior to using multi-user computers?
Why must all users be positively identified prior to using multi-user computers?
An advantage of link encryption in a communications network is that it
An advantage of link encryption in a communications network is that it
What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?
What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?
The PRIMARY purpose of a security awareness program is to
The PRIMARY purpose of a security awareness program is to
The process of mutual authentication involves a computer system authenticating a user and authenticating the
The process of mutual authentication involves a computer system authenticating a user and authenticating the
The FIRST step in building a firewall is to
The FIRST step in building a firewall is to
A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority.
To which of the following might this system have been subjected?
A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?
What is the PRIMARY reason for implementing change management?
What is the PRIMARY reason for implementing change management?
What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?
What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?
What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?
What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?
A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?
A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?
What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?
What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?
Which of the following is the PRIMARY risk with using open-source software in a commercial software construction?
Which of the following is the PRIMARY risk with using open-source software in a commercial software construction?
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
Which of the following is the BEST method to prevent malware from being introduced into a production environment?
Which of the following is the BEST method to prevent malware from being introduced into a production environment?
Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?
Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?
What is the MOST effective countermeasure to a malicious code attack against a mobile system?
What is the MOST effective countermeasure to a malicious code attack against a mobile system?
Which of the following is ensured when hashing files during chain of custody handling?
Which of the following is ensured when hashing files during chain of custody handling?
Which of the following statements is TRUE of black box testing?
Which of the following statements is TRUE of black box testing?
Flashcards
Business Impact Analysis (BIA) questionnaire
Business Impact Analysis (BIA) questionnaire
A questionnaire used to asses the potential impact of business interruption.
Laptop security before travel
Laptop security before travel
Measures to reduce risk to a laptop when traveling to a high-risk area.
Tier 4 data center failure
Tier 4 data center failure
A major concern in business continuity planning when IT services depend on a high-availability data center.
Data Confidentiality Risk
Data Confidentiality Risk
Signup and view all the flashcards
Relocation Security
Relocation Security
Signup and view all the flashcards
ISO 27001/27002 Management Responsibilities
ISO 27001/27002 Management Responsibilities
Signup and view all the flashcards
Reactive Control for Personnel
Reactive Control for Personnel
Signup and view all the flashcards
Asset Ownership Assignment
Asset Ownership Assignment
Signup and view all the flashcards
Data Classification
Data Classification
Signup and view all the flashcards
Offloading IT Tasks
Offloading IT Tasks
Signup and view all the flashcards
Data Ownership
Data Ownership
Signup and view all the flashcards
Information Security Management System
Information Security Management System
Signup and view all the flashcards
Encryption Scheme Enhancement
Encryption Scheme Enhancement
Signup and view all the flashcards
SCAP Vulnerability Severity
SCAP Vulnerability Severity
Signup and view all the flashcards
Data Classification Accountability
Data Classification Accountability
Signup and view all the flashcards
SSL Encryption
SSL Encryption
Signup and view all the flashcards
Data at Rest Layer
Data at Rest Layer
Signup and view all the flashcards
TCP Connection Negotiation
TCP Connection Negotiation
Signup and view all the flashcards
PPP Packet Formats
PPP Packet Formats
Signup and view all the flashcards
Network Layer Protocol
Network Layer Protocol
Signup and view all the flashcards
Application Firewall Rule
Application Firewall Rule
Signup and view all the flashcards
Study Notes
No Topic Provided
- Insufficient information to generate study notes. Please provide the text or questions.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
