Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the person who made that change. What is this called?

A.

Availability

B.

Non repudiation

C.

Confidentiality

D.

Data Protection

Full Access
Question # 5

Organizations must assess the safety of their workplaces and consider the ability of a business to continue despite risk impact. When assessing business continuity risks, the HR Professional must consider several different types of disasters, their probability, and impact on an organization. What category of disaster is best described as acts of terrorism, major thefts, sabotage, or labor disputes?

A.

Organized or deliberate disruptions

B.

System failures

C.

Environmental disasters

D.

Serious information security incidents

Full Access
Question # 6

Which of the following components in a TCB acts as the boundary that separates the TCB from the remainder of the system?

A.

Abstraction

B.

Trusted path

C.

Trusted computer system

D.

Security perimeter

Full Access
Question # 7

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

A.

Integrity

B.

Confidentiality

C.

Availability

D.

Non-repudiation

Full Access
Question # 8

Which of the following tests activates the total disaster recovery plan?

A.

Full-interruption test

B.

Structured walk-through test

C.

Checklist test

D.

Parallel test

Full Access
Question # 9

Which of the following TCB techniques involves viewing system components at a high level and ignoring or segregating its specific details?

A.

Trusted computer system

B.

Security perimeter

C.

Abstraction

D.

Trusted path

Full Access
Question # 10

Which of the following is a compromise between hot and cold sites?

A.

Mutual site

B.

Warm site

C.

Mobile site

D.

Reciprocal site

Full Access
Question # 11

Which of the following documents is necessary to continue the business in the event of disaster or emergency?

A.

Legal value

B.

Recourse record

C.

Fiscal value

D.

Vital record

Full Access
Question # 12

IT Service Continuity Management (ITSCM) is used to support the overall Business Continuity Management (BCM) in order to ensure that the required IT infrastructure and the IT service provision are recovered within an agreed business time scales. Which of the following are the benefits of implementing IT Service Continuity Management?

Each correct answer represents a complete solution. Choose all that apply.

A.

It prioritizes the recovery of IT services by working with BCM and SLM.

B.

It minimizes costs related with recovery plans using proper proactive planning and testing.

C.

It confirms competence, impartiality, and performance capability of an organization that

performs audits.

D.

It minimizes disruption in IT services when it follows a major interruption or disaster.

Full Access
Question # 13

Which of the following strategies is used to minimize the effects of a disruptive event on a

company, and is created to prevent interruptions to normal business activity?

A.

Business Continuity Plan

B.

Disaster Recovery Plan

C.

Continuity of Operations Plan

D.

Contingency Plan

Full Access
Question # 14

Which of the following phases is the first step towards creating a business continuity plan?

A.

Business Impact Assessment

B.

Plan Approval and Implementation

C.

Business Continuity Plan Development

D.

Scope and Plan Initiation

Full Access
Question # 15

Which of the following processes helps to quantify the impact of potential threats to put a price or value on the cost of lost business functionality?

A.

Risk Reassessment

B.

Risk Identification

C.

Risk Analysis

D.

Risk Avoidance

Full Access
Question # 16

In risk analysis, which of the following can be identified as a consequence of a disaster?

A.

Loss of stockholder confidence

B.

Loss of competitive edge

C.

Loss of operating capability

D.

Loss of goodwill

Full Access
Question # 17

The Incident handling process implemented in an enterprise is responsible to deal with all the incidents regarding the enterprise. Which of the following procedures will be involved by the preparation phase of the Incident handling process?

A.

Organizing a solution to remove an incident

B.

Setting up the initial position after an incident

C.

Building up an incident response kit

D.

Working with QA to validate security of the enterprise

Full Access
Question # 18

Which of the following documents helps disaster recovery team members in getting the alternate sites up and running?

A.

Technical guide

B.

Executive summary

C.

Department-specific plan

D.

Checklist

Full Access
Question # 19

Which of the following security procedures is related to the SDLC's implementation?

A.

Risk assessment

B.

Security accreditation

C.

Media sanitation

D.

Information preservation

Full Access
Question # 20

Which of the following TCB components is a hardware, firmware, and software element that

implements the reference monitor concept?

A.

Security perimeter

B.

Security Kernel

C.

Trusted computer system

D.

Trusted path

Full Access
Question # 21

You work as a senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management, you are decomposing the verification system into identifiable, understandable, manageable, traceable units that are known as Configuration Items (CIs). According to you, which of the following processes is known as the

decomposition process of a verification system into Configuration Items?

A.

Configuration status accounting

B.

Configuration identification

C.

Configuration auditing

D.

Configuration control

Full Access
Question # 22

Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?

A.

Emergency action team

B.

Damage assessment team

C.

Off-site storage team

D.

Emergency management team

Full Access
Question # 23

Which of the following defines the communication link between a Web server and Web applications?

A.

IETF

B.

Firewall

C.

PGP

D.

CGI

Full Access
Question # 24

Which of the following acts of information security governance affects the financial institutions?

A.

Sarbanes-Oxley Act of 2002

B.

Health Insurance Privacy and Accountability Act (HIPAA)

C.

California Database Security Breach Information Act

D.

Gramm-Leach-Bliley Act of 1999

Full Access
Question # 25

Against which of the following does SSH provide protection?

Each correct answer represents a complete solution. Choose two.

A.

Broadcast storm

B.

Password sniffing

C.

DoS attack

D.

IP spoofing

Full Access
Question # 26

You work as a senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management, you are decomposing the verification system into identifiable, understandable, manageable, traceable units that are known as Configuration Items (CIs). According to you, which of the following processes is known as the decomposition process of a verification system into Configuration Items?

A.

Configuration auditing

B.

Configuration identification

C.

Configuration status accounting

D.

Configuration control

Full Access
Question # 27

Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

A.

Snooping

B.

Utility model

C.

Copyright

D.

Patent

Full Access
Question # 28

Which of the following Tier 1 policies will identify who is responsible for what?

A.

Scope

B.

Responsibilities

C.

Compliance or Consequences

D.

Topic

Full Access
Question # 29

Which of the following documents is necessary to continue the business in the event of disaster or emergency?

A.

Legal value

B.

Recourse record

C.

Fiscal value

D.

Vital record

Full Access
Question # 30

Which of the following terms describes the determination of the effect of changes to the

information system on the security of the information system?

A.

Validation analysis

B.

Impact analysis

C.

Authentication

D.

Verification

Full Access
Question # 31

Which of the following statements are true about security risks?

Each correct answer represents a complete solution. Choose three.

A.

They can be mitigated by reviewing and taking responsible actions based on possible risks.

B.

They can be analyzed and measured by the risk analysis process.

C.

They are considered an indicator of threats coupled with vulnerability.

D.

They can be removed completely by taking proper actions.

Full Access
Question # 32

Which of the following phases involves getting the final senior management signoff and creating enterprise-wide awareness of the plan?

A.

Business Impact Assessment

B.

Business Continuity Plan Development

C.

Plan Approval and Implementation

D.

Scope and Plan Initiation

Full Access
Question # 33

Which of the following methods is a means of ensuring that system changes are approved before being implemented, and the implementation is complete and accurate?

A.

Configuration identification

B.

Documentation control

C.

Configuration auditing

D.

Configuration control

Full Access
Question # 34

Which of the following sources is the best for developing Recovery Time Objectives (RTO)?

A.

Tape restore data

B.

Past recovery test results

C.

Industry averages

D.

Business impact analysis

Full Access
Question # 35

Which of the following processes helps the organization to identify appropriate controls for

reducing or eliminating risk during the risk mitigation process?

A.

Risk Assessment

B.

Risk Acceptance

C.

Risk Transference

D.

Risk Identification

Full Access
Question # 36

Which of the following processes measures the maturity level of the security program?

A.

Risk analysis

B.

GAP analysis

C.

Risk assessment

D.

Risk mitigation

Full Access
Question # 37

Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

A.

Snooping

B.

Patent

C.

Utility model

D.

Copyright

Full Access
Question # 38

Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large?

A.

CERT

B.

CSIRT

C.

FedCIRC

D.

FIRST

Full Access
Question # 39

You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?

A.

RAID-5

B.

RAID-0

C.

RAID-1

D.

RAID-10

Full Access
Question # 40

Which of the following statements about disaster recovery plan documentation are true? Each correct answer represents a complete solution. Choose all that apply.

A.

The documentation regarding a disaster recovery plan should be stored in backup tapes.

B.

The disaster recovery plan documentation should be stored offsite only.

C.

The documentation regarding a disaster recovery plan should be stored in floppy disks.

D.

The disaster recovery plan documentation should be stored onsite only.

Full Access
Question # 41

Which of the following maturity levels of the software CMM focuses on competent people and

heroics?

A.

Initiating level

B.

Defined level

C.

Managed level

D.

Repeatable level

Full Access
Question # 42

Which of the following acts affects all public companies subject to US security laws?

A.

Gramm-Leach-Bliley Act of 1999

B.

Health Insurance Privacy and Accountability Act (HIPAA)

C.

Sarbanes-Oxley Act of 2002

D.

Federal Information Security Management Act

Full Access
Question # 43

Which of the following security procedures is NOT related to the SDLC's disposition?

A.

Media sanitation

B.

Information preservation

C.

Hardware and software disposal

D.

Security certification

Full Access