Preguntas con respuesta GO.pdf
Document Details
Uploaded by Deleted User
Tags
Related
Summary
This document appears to be a sample question paper discussing several information technology concepts such as security protocols and risk management.
Full Transcript
# Simulacro I - Preguntas ## 1 The SSL protocol (Secure Sockets Layer) provides security services by encrypting the data exchanged between the server and the client. To do this, it acts as follows: * By applying an asymmetric encryption algorithm, usually RSA, it encrypts the data and then encrypt...
# Simulacro I - Preguntas ## 1 The SSL protocol (Secure Sockets Layer) provides security services by encrypting the data exchanged between the server and the client. To do this, it acts as follows: * By applying an asymmetric encryption algorithm, usually RSA, it encrypts the data and then encrypts the session key using a symmetric algorithm. DES, triple-DES, RC2, RC4 or IDEA are some of the possible choices. * By applying a symmetric encryption algorithm, usually RSA, it encrypts the data and then encrypts the session key using an asymmetric algorithm including DES, triple-DES, RC2, RC4 or IDEA. * By applying a symmetric algorithm, including DES, triple-DES, RC2, RC4 or IDEA, it encrypts the data, and then encrypts the session key using an asymmetric encryption algorithm, usually RSA. * By applying an asymmetric encryption algorithm, including DES, triple-DES, RC2, RC4 or IDEA, it encrypts the data, and then encrypts the session key using a symmetric algorithm, usually RSA. ## 2 The FIRST activity to be carried out if an optimal risk management methodology is followed would be: * Analyze the impact of vulnerabilities. * Evaluate the probability of threats. * Identify critical information assets for the business. * Estimate the potential damage associated with threat-vulnerability situations. ## 3 Which of the following physical characteristics has the HIGHEST reliability for use in biometric systems? * The voice. * Writing. * Hand geometry. * The eye (iris or retina). ## 4 A FUNDAMENTAL characteristic of a user awareness program would be: * Each year the number of people interested in participating in the program increases. * The program is designed to cover all employees. * It counts with the support of technology providers. * It undergoes periodic reviews and is checked against current best practices. ## 5 Regarding digital summary algorithms (hash functions), it can be stated that: * MD4 is the safest algorithm given the length of the key. * MD4 and MD5 use different lengths for the keys. * SHA1 uses a 128-bit key. * SHA1 is the most secure algorithm and MD4 is the weakest. ## 6 A feature of intrusion detection systems would be: * Collect evidence of attack attempts. * Prevent attacks. * Block access to certain services. * Prevent viruses from entering the system. ## 7 The protocol used to secure credit card payments in e-commerce is called: * SSH. * SET. * S/MIME. * SSL. ## 8 The installation of an alternative center for backups should: * Be physically separated from the data center and not be subject to the same risks. * Have the same level of protection as the main data center. * Belong to a trusted external provider. * Be managed by the same people as the main data center. ## 9 The MAIN drawback of implementing basic measures (baselines) based on sectorial references and best practices as a starting point for risk management is: * The associated cost. * The possibility that it will safeguard the business against non-existent threats. * The comprehensive customization of the implemented security measures. * The estimated time to adapt to best practices. ## 10 Risk assessment is: * Subjective. * Objective. * Mathematical. * Statistical. ## 11 The Principle of Proportionality states that: * The cost of safeguards should be applied equally to different business units. * The cost of safeguards should be proportional to existing threats. * The cost of safeguards should not exceed the cost that derives from the impact. * The cost of safeguards should be proportional to the criticality of the assets. ## 12 A lack of adequate security controls would be: * A threat. * An asset. * An impact. * A vulnerability. ## 13 The acceptable service level that must be achieved within the time allowed to recover a function or business resource to a predefined operating level is called: * RTO. * RPO. * SDO. * MTO. ## 14 In the SSL protocol * Client authentication is not optional. * The master key from which the session key is generated is provided by the server. * Server authentication cannot be guaranteed. * Digital summary algorithms (hash) can be used. ## 15 The team that would act first in the event of a disaster would be: * The emergency action team. * The damage assessment team. * The network recovery team. * The emergency operations team. ## 16 The acceptable risk level should be defined by: * The Security department. * Senior Management. * The Systems Director and the Organization Director. * Heads of business areas. ## 17 Which of the following types of tests is NOT advisable to perform in relation to incident management and response? * Complete restoration and recovery tests with some people unfamiliar with the systems. * Unannounced tests. * Tests on the infrastructure and the recovery of critical applications. * Total shutdown tests without prior planning. ## 18 Which technique would BEST protect the confidentiality of data transmitted over the network? * Encrypting the data before transmission. * Appending a hash to all messages. * Ensuring network cables are secure. * Generating message control totals to detect possible alterations. ## 19 According to the OSI model, a router is a device that operates at layer: * 2. * 1. * 3. * 4. ## 20 When developing a backup strategy, the first step should be: * Identify the data. * Select the storage location. * Specify the storage media. * Calculate the RTO. ## 21 Which of the following tasks does NOT correspond to the incident manager? * Perform incident response tasks to contain exposures derived from an incident. * Document the steps taken when executing an incident response plan. * Draft a report of findings from the incident investigation. * Draft a report of incident responses and lessons learned. ## 22 Of the following components, which should be established FIRST in an optimal risk management strategy? * Planning of risk management audits. * Controls to be implemented. * Existing vulnerabilities. * Responsibilities in this area. ## 23 What is the BEST method for determining the criticality of an application? * Establishing it with the application programmers. * Run a vulnerability test. * Review the audits performed on this application. * Perform a business impact analysis. ## 24 Which of the following statements is FALSE about the incident history? * Its analysis can provide information about trends and types of events. * Its analysis helps assess the performance of the incident management team. * The analysis of the incidents included should not be considered when deciding what type of incidents should be considered and included in the plans. * The analysis of the incidents included makes it possible to assess their impact on the business ## 25 The characteristic of the digital signature that prevents the sender from later denying having sent it is known as: * Data integrity. * Confidentiality. * Non-repudiation. * Replay protection. ## 26 The MAIN objective of a Business Impact Analysis (BIA) is to: * Provide a plan to resume operations after a disaster. * Identify those events that could have a significant impact on business continuity. * Make public the organization's concern on this matter. * Provide the structure for an effective disaster recovery plan. ## 27 In risk analysis, if you encounter difficulties when projecting financial losses associated with a risk situation, you should: * Calculate the depreciation of the assets involved. * Calculate the return on investment. * Apply a qualitative approach. * Use the necessary resources and time to achieve that calculation. ## 28 Which of the following situations would increase the probability of fraud? * Application programmers are implementing changes to production programs. * Application programmers are implementing changes to test programs. * Application programmers have access to the development environment. * Database administrators are implementing changes to database structures. ## 29 The MAIN purpose of testing backup centers is: * Ensure data integrity in the database. * Eliminate the need to develop detailed contingency plans. * Ensure the continued compatibility of these centers. * Ensure the documentation is up-to-date. ## 30 The development of the security policy is the responsibility of: * The Systems department. * The Security Committee. * The Security Administrator. * The Board of Directors. ## 31 What defines the MTO parameter? * The maximum time an entity can be operating offsite. * The age of the data to be recovered. * The maximum time that can elapse from the occurrence of a disaster to the recovery of the services considered critical to business continuity to a predefined operational level. * The acceptable service level to be achieved. ## 32 The risk of a threat would be: * The product of the probability of occurrence and the magnitude of the impact if the threat-vulnerability pair occurs. * The magnitude of the impact in the case of the threat-vulnerability pair occurring. * The probability of occurrence of the threat. * The opinion of Senior Management. ## 33 Regarding security policy, the MOST important would be: * That it is stored offsite. * That it is approved by the Security Manager. * That it is circulated to all users. * That it is derived from a prior risk assessment ## 34 The INITIAL step in establishing a security program would be: * Developing a security standards manual. * Performing a security audit. * Defining a security policy. * Outsourcing security services. ## 35 The FIRST activity related to risk management is: * Analyze the criticality of services. * Classify the information. * Inventory the assets. * Value the assets. ## 36 The FUNDAMENTAL characteristic of hashing would be: * It is irreversible. * It provides confidentiality in message transmission. * It is independent of the message sent. * The length of the summary is identical to that of the message to be sent. ## 37 The IDEAL method for deleting confidential data on a laptop hard drive would be: * To demagnetize the hard drive. * It is not possible to delete completely. * Delete the data from the hard drive. * Defragment the data on the hard drive. ## 38 The IDEAL technique for capturing passwords on the network would be: * Encryption. * Spoofing. * Sniffing. * Piggybacking. ## 39 Setting the acceptable risk level is directly related to: * The residual risk level. * The inherent risk level. * The entity's risk profile. * The principle of proportionality ## 40 Which of the following attack attempts could be mitigated by implementing physical security controls? * Piggybacking. * Eavesdropping. * Phishing. * Sniffing. ## 41 Which of the following is the MOST effective control when granting temporary access to vendors? * Vendor access corresponds to the service level agreement (SLA). * User accounts are created with expiration dates and are based on services provided. * Administrator access is provided for a limited period of time. * User IDs are deleted when the job is finished. ## 42 What is one advantage gained as a result of performing a business impact analysis (BIA: Business Impact Analysis)? * It increases the organization's awareness of security issues. * It should not be carried out until the impact changes. * It eliminates the need to perform a risk assessment. * It can be carried out using only qualitative estimates. ## 43 The MOST important aspect that a risk management program should look for is: * Quantify the total risk * Minimize residual risk. * Eliminate inherent risk. * Maximize the sum of all annualized loss estimates (ALE: Annualized Loss Expectancy) ## 44 A Business Impact Analysis (BIA: Business Impact Analysis) is the BEST tool to calculate: * The total cost of assets. * Recovery priorities. * The annualized loss estimate (ALE: Annualized Loss Expectancy) * Residual risk. ## 45 When dealing with personal data, which of the following is MOST suitable for determining the level of protection? * The sensitivity of the information. * The source of the information. * The cost of obtaining it. * The validity of the information. ## 46 During a telecom system audit, an IS auditor finds that the risk of intercepting data being transmitted to and from remote locations is high. The MOST effective control to reduce this exposure is: * Encryption. * Callback modems. * Message authentication. * Leased dedicated lines. ## 47 The probability of which of the following threats would be NORMALLY easiest to estimate? * Terrorist attacks * Contamination from chemical products. * Explosions. * Hurricanes. ## 48 Security technologies should be selected primarily based on: * Their acquisition and maintenance costs. * Published evaluations in the specialized press. * The use of components of emerging technologies. * The advantages compared to their cost. ## 49 Which of the following types of antivirus software is the MOST effective? * Scanners. * Active monitors. * Integrity checkers. * Vaccines. ## 50 What will be the MOST significant reason for an organization to use a methodology for incident response? * Adherence to the audit requirements included in the company's statutes. * Due diligence in management. * Privacy legislation. * Justification of the security function. ## 51 Which of the following intrusion detection systems (IDSs) is MOST likely to generate false alarms resulting from normal network activity? * Statistics-based. * Signature-based. * Neural network. * Host-based. ## 52 The three fundamental aspects that should be considered when implementing access control mechanisms are: * Threats, assets, and objectives. * Threats, vulnerabilities, and risks. * Vulnerabilities, secret keys, and risks. * Risks, threats, and countermeasures. ## 53 In which of the following would it be MOST appropriate to apply gap analysis? * Business impact analysis (BIA: Business Impact analysis) assessment. * Developing an integral dashboard. * Demonstrating the relationship between variables. * Comparing the current situation with the desired future situation. ## 54 Which of the following BEST describes the probability of a successful attack occurring? * The value of the asset is high and the level of protection is high. * The capacity of potential attackers is low, and the value of the asset is low. * The level of protection is low and the value of the asset is high. * The attack frequency is high, and the protection is high. ## 55 Security priorities may occasionally disregard: * Technical requirements. * Regulatory requirements. * Privacy requirements. * Business requirements. ## 56 Risk assessment should be performed: * Separately and once for each business process. * By outsiders to maintain objectivity. * Every 5 years and every 3 years for critical processes. * Annually or whenever there is a significant change in the system. ## 57 A minor security flaw has been detected in a new system that is about to be put into production. What should the Security Manager do? * Report the fact in the periodic report prepared for management. * Inform the users that may be affected by the security hole. * Draft a specific report to immediately communicate it to management. * Inform the clients that may be affected by the security hole. ## 58 Which of the following should be done FIRST to ensure that the established disaster recovery plans are truly necessary? * Review activity logs (logs) archived. * Penetration tests. * Vulnerability tests. * Calculate the annual loss estimate (ALE: annualized loss expectancy). ## 59 Which of the following is NOT considered a role related to information classification? * Data owner. * Data custodian. * Data modifier. * Data user. ## 60 During the review of a biometric system operation, the IS auditor should FIRST review the stage of: * Enrollment. * Identification. * Verification. * Storage. ## 61 Which of the following is a characteristic of an intrusion detection system (IDS)? * Collect evidence of attack attempts. * Identify weaknesses in policy definition. * Block access to specific sites on the Internet. * Prevent certain users from accessing specific servers. ## 62 Which of the following would pose a HIGHER risk if located in a DMZ? * A Web server. * An email filter. * A proxy server. * A server that manages access controls. ## 63 Management's decision to determine the acceptable risk level is: * Subjective. * Qualitative. * Probability-based. * Quantitative. ## 64 Which of the following is MOST important to align the security architecture with? * Practices applied by industry companies. * Information Technology plans. * Best practices in security. * Business goals. ## 65 In which phase of the Incident Response Plan is it necessary to facilitate the declaration of normality of the operation by the system owners? * Preparation phase. * Identification phase. * Eradication phase. * Recovery phase. ## 66 The PRIMARY reason for using digital signatures is to ensure: * Data confidentiality. * Data integrity. * Data availability. * Data timeliness. ## 67 Which of the following BEST describes the scope of a risk analysis? * Critical financial systems. * Key systems and infrastructure. * The organization's systems and processes. * Any system subject to regulatory compliance obligations. ## 68 A Virtual Private Network (VPN) provides data confidentiality using: * Secure Socket Layer (SSL). * Tunneling. * Digital signatures. * Phishing. ## 69 The MAIN purpose for installing an intrusion detection system (IDS: Intrusion detection system) is to identify: * Network security weaknesses. * Ways to improve incident response procedures. * How an attack was launched on the internal network. * Potential attacks on the internal network. ## 70 Creating a digital signature: * Encrypts the message. * Verifies the message origin. * Cannot be affected when using a private key. * Cannot be used with email systems. ## 71 Which of the following would indicate that a production system has inadequate security controls? * Test libraries contain some real data. * If a failure occurs in the process, the system automatically recovers the previous configuration. * The development team has read-only access to test libraries. * Security staff have permissions to perform emergency operations. ## 72 The difference between vulnerability assessment and penetration testing is: * It is the same activity that can be referred to in both ways. * Vulnerability assessment is performed using IT tools, and penetration testing is a completely manual process. * Vulnerability assessment aims to identify vulnerabilities in the system, while penetration testing aims to exploit identified vulnerabilities to understand the impact. * Vulnerability assessment is performed using commercial tools, and penetration testing is performed by internal personnel. ## 73 A security manager is trying to establish a procedure for managing access control for program code documentation. What is MOST likely to do? * Evaluate the document retention period. * Interview the development team to determine their current procedures. * Compare the use of records with planned operations. * Review access logs to the code libraries. ## 74 The role of a CA (Certification Authority) as a third party is to: * Provide secure communications and network services based on certificates. * Host a repository of certificates with the corresponding public/private keys issued by that CA. * Act as a trusted intermediary between two communication partners. * Confirm the identity of the entity that owns a certificate issued by that CA ## 75 Which of the following is the BEST indicator of a failure in the organization's security information governance? * The security department has trouble filling vacancies. * The security policy is only available in electronic format. * The security committee only meets quarterly. * The data center manager must give final approval for security projects. ## 76 What would be the MOST appropriate action when carrying out a forensic analysis? * Working with the data as it is found on the hard drive. * Working with a copy of the data created on the hard drive of the same computer. * Creating a copy of the files on an external device using system commands. * Performing a disk clone to analyze it on another computer. ## 77 The BEST general quantitative measure of biometric device performance is: * False rejection rate (FRR). * False acceptance rate (FAR). * Equal error rate (EER). * Estimated error rate. ## 78 A device ("token") that generates unique passwords over a time interval is called: * An asynchronous dynamic password device * A time-sensitive device. * A synchronous dynamic password device. * A challenge-response device. ## 79 Which of the following is NOT an objective of incident management? * Respond to incidents to contain or eradicate the exposure and allow recovery within a reasonable time. * Make backups of sensitive information for the business. * Prevent the recurrence of previous incidents through their documentation and analysis. * Apply proactive countermeasures to prevent and/or minimize the probability of incidents occurring. ## 80 Which of the following entities is MOST likely to conflict with the incident response function? * Internal Audit * Information Security * Operations and Development * Development ## 81 The concept of due care implies that Management must ensure that: * All risks are eliminated * Some tasks must be delegated, but requesting control information from those who have been delegated. * The responsibility for information security is delegated to middle management. * In cases where necessary, the cost of implementing the selected measures may be greater than the impact that could be caused by the risks being minimized. ## 82 Quantitative risk analysis is MOST appropriate for evaluating data that: * Includes customer perceptions. * Contains estimated percentages. * Does not contain specific details. * Contains subjective information. ## 83 A card and a PIN are an example of: * A multifactor authentication system * A single-factor authentication system * A two-factor authentication system * A single-factor identification system. ## 84 When installing a honeypot to monitor the activity of potential attackers on the internal network, where should it be placed? * Somewhere outside the internal network. * In a specific internal network segment for this equipment. * In the internal network segment to be analyzed.. * In the DMZ. ## 85 Which of the following would NOT be part of a security policy? * Identifying critical business resources * Identifying the type of firewalls to be used for perimeter security. * Defining roles in the organization. * Defining roles for each role ## 86 The process of using interpersonal communication skills to gain unauthorized access to resources is called: * Backdoor. * Denial of Service. * Social engineering. * Discretionary access control. ## 87 To provide protection for backups stored offsite, the offsite storage facility should: * Be located on a different floor of the building. * Be easily accessible to everyone. * Be clearly labeled for emergency access. * Be protected against unauthorized access. ## 88 A dry pipe suppression system uses: * Water, but the water does not enter the pipes until a fire is detected * Oxygen * Carbon dioxide * Halon ## 89 The decision of whether a risk has been reduced to an acceptable level should be made by: * Organizational requirements * The requirements of the information systems department * The requirements of the security department * International best practice standards ## 90 Which of the following is the MAIN measure for the security of "software" and data in a data center? * Security awareness. * Dissemination of security policies. * Creation of a Security Committee. * Access controls. ## 91 What is the property included in database management systems that guarantees that a transaction either executes completely or does not execute at all? * Isolation. * Consistency. * Atomicity. * Durability. ## 92 Which of the following options corresponds to a security procedure? * Identifying critical business resources. * Identifying the types of firewalls to be used. * Defining the roles within the organization. * Determining the functionality of each role. ## 93 Identifying risks and establishing their priorities allows project stakeholders to: * Establish milestones in the implementation process. * Reduce the total cost of testing. * Focus on areas of greatest impact. * Accelerate the completion of the risk assessment. ## 94 A risk analysis should: * Limit the scope to that of similar companies. * Assume the same degree of protection for all assets. * Estimate the volume and probability of losses. * Weigh the probability of a loss more than the weight of the loss. ## 95 Which of the following is a characteristic of decentralized security management in an organization with a high geographical dispersion of locations? * Greater uniformity in the quality of service. * Better compliance with security policies. * Greater alignment with the business needs specific to the location. * Lower total cost of ownership (TCO: Total Cost of Ownership) ## 96 Which of the following are RARELY modified in response to technological changes? * Policies. * Regulations. * Procedures. * Guidelines. ## 97 Which of the following risks would be BEST evaluated using qualitative techniques? * Theft of purchased software. * A 24-hour service outage. * Permanent loss of customer trust. * Losses of emails received in the last 72 hours due to a virus attack. ## 98 The acceptable risk level should be determined by: * Legal counsel. * The Security Manager. * External auditors. * Senior Management. ## 99 The probability of successfully implementing information security governance in an organization will be MOST hampered by the absence of * Security education and awareness. * Updated security policies. * An incident management team. * Management support. ## 100 Sign-on procedures typically include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is: * Changing the company's security policy. * Educating users about the risks of weak passwords. * Built-in validation to prevent this when creating users and changing passwords. * Requiring a periodic review to ensure that user IDs and passwords do not match. ## 101 What is understood by Information Security Governance? * Defining policies related to information security. * Developing a program of activities designed to provide reasonable assurance that information assets are protected at a level commensurate with their value. * The process of implementing controls arising from a previously performed business risk analysis. * Defining the organizational structure for information security. ## 102 The principle that states that information must be complete, accurate and therefore protected from unauthorized modification is known as... * The Principle of Non-repudiation * The Principle of Confidentiality * The Principle of Integrity. * The Principle of Availability. ## 103 When selecting an identification and authentication mechanism for an information system, it is CRITICAL to consider… * The complexity of its implementation * The sensitivity of the information to be protected. * The possible rejection by the user. * False positives associated. ## 104 The defined information security policy affects... * Users who have access to information systems and communication resources, as well as external users who are incorporated to carry out certain tasks and require access to certain information. * Area users who are responsible for classifying the information. * The entire organization, as well as external users who are incorporated to carry out certain tasks and require access to certain information. * Users who access sensitive information, since its disclosure could have a negative impact on unauthorized personnel. ## 105 The parameter that is determined by the product of the expected loss for an information asset in the event of an event by the probability that the event will occur is known as… * ROI (Return on Investment) * ARO (Annual Rate of Occurrence) * ROSI (Return on Security Investment) * ALE (Annual Loss Expectancy) ## 106 Which of the following competencies is MOST likely to be performed by the security administrator? * Approve the security policy. * Test the application software. * Ensure the integrity of the data. * Maintain the access rules. ## 107 Area managers are considered the owners of the data they generate in the processes in which they participate. In this sense, they are tasked with… * Classify data based on its value to the business. * Restore the data in the event of a loss. * Implement security measures to ensure that unauthorized users cannot access the data. * Guarantee the availability of the data. ## 108 When setting retention periods for business information, the security manager should MAINLY consider... * Compliance with business requirements. * Compliance with legal requirements. * The opinions of area managers as data owners. * The decision of the Management Committee in this regard. ## 109 Which of the following features is NOT associated with the deployment of Single Sign-On (SSO) based identification and authentication mechanisms?: * The compromise of the key by third parties would have a greater impact. * User administration is simplified in principle. * It makes compromising the password difficult. * It makes it easier for the user to manage their own passwords. ## 110 The BEST option in terms of the security manager’s hierarchical dependence would be for the security manager to report to: * The CFO. * The CIO. * The Management Committee. * The Risk Unit. ## 111 Risk management is BEST defined as * The ongoing process that aims to eliminate existing threats to business assets. * The ongoing process that aims to eliminate the impact associated with the assets of the organization. * The ongoing process that aims to eliminate risk situations that occur in the organization. * The ongoing process that aims to reduce the probability of a risk situation occurring. ## 112 In relation to risk treatment, the MOST accurate statement would be that... * It is more optimal the more the implementation of controls is in line with the organization's acceptable risk levels. * It is more optimal if the mitigation strategy is based on outsourcing certain services * It is more optimal the more controls are implemented to reduce the existing risk level. * It is more optimal if it is associated with a sufficient budget ## 113 A MAIN characteristic associated with a control should be... * The elimination of an existing vulnerability in an information asset. * The elimination of a threat to an information asset. * The possibility of eliminating a risk situation presented for an information asset. * The possibility of measuring it to evaluate its effectiveness. ## 114 In relation to the processes of identification, analysis and mitigation of risks, we can affirm that: * It would not be advisable to integrate them into existing change management processes in the organization. * They should be completely independent processes, not integrated with any other support or business process in the entity, achieving the maximum possible objectivity. * They should be integrated with change management processes to analyze the impact that changes to be made have on the existing security environment. * They should be integrated with change management processes so that the person in charge of them can prevent changes being made that put the existing security environment at risk. ## 115 Which of the following characteristics DO NOT match risk management processes? * They must be based on a reactive methodology. * They must examine all areas of the organization. * They must identify potential vulnerabilities associated with information assets. * They must use the criticality of services offered as a source of information ## 116 Qualitative risk assessment methodologies… * Are generally more accurate than quantitative assessment methodologies. * Become a better option compared to quantitative assessment methodologies in organizations that are more prone to change. * Allow for an objective assessment of different information assets. * Do not require historical data related to security incidents to carry out their assessment. ## 117 The information classification process... * Generally reduces the cost of potential oversizing of controls to be implemented. * Allows for a flat security administration in which all assets are equally important, * Is not required when using qualitative risk assessment methodologies. * Should attempt to have as many levels as possible. ## 118 To perform information classification based on criticality, it is preferable to... * Analyze the impact that the loss of information could generate for different security events that could arise. * Analyze the impact that unauthorized access to this information could generate for unauthorized persons. * Analyze the impact that the loss of information availability could generate, regardless of the security event that could occur. * Analyze the impact that could be caused by the incompleteness or integrity of the information managed by authorized users. ## 119 In relation to the implementation of best practices in information security, it can be stated that... * The choice of best practice does not depend on the business objectives established by the organization. * There is the possibility that certain security controls are not applicable to achieving the business objectives set by the organization. * It would be sufficient to apply the security controls included in best practices since, being a well-known standard, it is proven that they are valid for any organization. * The choice of best practice depends on the current maturity of the existing security environment. ## 120 Corrective controls are implemented in order to * Reduce the probability of the threat-vulnerability pair occurring. * Eliminate risk situations that could arise, reaching the existing state with a proactive nature. * Recover the value of assets against the presence of risk situations. * Reduce the impact caused by the threat-vulnerability pair occurring. ## 121 Which of the following plans would be executed FIRST in the event of a virus attack? * Security incident response plan. * Business continuity plan. * Disaster recovery plan. * Evacuation plan. ## 122 Execution of the disaster recovery plan will be the responsibility of... * Senior Management. * The information security manager. * Data owners. * Systems Management. ## 123 From a security management perspective, why should the situation presented after a denial of service attack be analyzed? * To assess the economic damage that may have occurred. * To identify the cost of opportunity. * To take preventive and/or corrective actions. * To modify the disaster recovery strategy. ## 124 Emergency actions after a disaster situation are geared towards the FIRST step of * Determining the extent of the damage that has occurred. * Preventing the potential impact of the damage from increasing. * Preventing the possible leakage of confidential information as a result of the scenario that is unfolding. * Preventing possible personal injuries. ## 125 What is understood by MTO in the context of business continuity? * The maximum time an organization has to restore normal operations. * The level of service provided during alternative operating mode. * The maximum time an organization can sustain critical processes in alternative operating mode. * The maximum time the organization has to regain critical operations. ## 126 What does the paper test associated with a disaster recovery plan involve? * Executing the plan on a specific unit that has been identified as critical to the business in the BIA.. * Executing the plan in an alternative backup facility that is identical to the one maintained at the main facility. * Leading the plan through a walkthrough with the main stakeholders so they can identify possible consequences of a disaster situation. * Executing tests to confirm the compatibility of the main facility with the backup facility. ## 127 In the case where a warm site alternative center is maintained, which of the following conditioning aspects becomes critical? * Hardware. * Power supply. * Air conditioning. * Network connections. ## 128 The objectives to be pursued when defining a disaster recovery plan should be: * Reduce implementation costs, recovery time, and recovery costs. * Increase recovery costs and reduce implementation costs and recovery time. * Reduce implementation and recovery costs, increasing recovery time. * Reduce recovery time, with an increase in implementation and recovery costs. ## 129 Once an incident has been reported and the impact is being contained, the next step would be... * Document the security incident. * Monitor the proper functionality. * Restore the situation, ensuring that the impact is minimal. * Inform the systems auditors of the situation. ## 130 In the BCP lifecycle, which of the following phases requires greater user involvement?: *
