option
My Daypo

Important Exam Security

COMMENTS STADISTICS RECORDS
TAKE THE TEST
Title of test:
Important Exam Security

Description:
Practice test

Author:
Nicks
(Other tests from this author)

Creation Date:
23/10/2021

Category:
Others

Number of questions: 30
Share the Test:
Facebook
Twitter
Whatsapp
Share the Test:
Facebook
Twitter
Whatsapp
Last comments
No comments about this test.
Content:
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that determine the risk of a business interruption occurring determine the technological dependence of the business processes Identify the operational impacts of a business interruption Identify the financial impacts of a business interruption.
Which of the following actions will reduce risk to a laptop before traveling to a high risk area? Examine the device for physical tampering Implement more stringent baseline configurations Purge or re-image the hard disk drive Change access codes.
Which of the following represents the GREATEST risk to data confidentiality? Network redundancies are not implemented Security awareness training is not completed Backup tapes are generated unencrypted Users have administrative privileges.
What is the MOST important consideration from a data security perspective when an organization plans to relocate? Ensure the fire prevention and detection systems are sufficient to protect personnel Review the architectural plans to determine how many emergency exits are present Conduct a gap analysis of a new facilities against existing security requirements Revise the Disaster Recovery and Business Continuity (DR/BC) plan.
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with? Application Storage Power Network.
When assessing an organizationג€™s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined? Only when assets are clearly defined Only when standards are defined Only when controls are put in place Only procedures are defined.
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas? Install mantraps at the building entrances Enclose the personnel entry area with polycarbonate plastic Supply a duress alarm for personnel exposed to the public Hire a guard to protect the public area.
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements? Development, testing, and deployment Prevention, detection, and remediation People, technology, and operations Certification, accreditation, and monitoring.
Intellectual property rights are PRIMARY concerned with which of the following? Owner's ability to realize financial gain Owner's ability to maintain copyright Right of the owner to enjoy their creation Right of the owner to control delivery method.
A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk? 25% 50% 75% 100%.
In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network? Physical Layer Application Layer Data-Link Layer Network Layer.
What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source? Smurfing Man-in-the-Middle (MITM) attack Session redirect Spoofing.
Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities? Security governance Risk management Security portfolio management Risk assessment.
Which of the following mandates the amount and complexity of security controls applied to a security risk? Security vulnerabilities Risk tolerance Risk mitigation Security staff.
When determining who can accept the risk associated with a vulnerability, which of the following is MOST important? Countermeasure effectiveness Type of potential loss Incident likelihood Information ownership.
A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again? Define additional security controls directly after the merger Include a procurement officer in the merger team Verify all contracts before a merger occurs Assign a compliancy officer to review the merger conditions.
Which of the following is a direct monetary cost of a security incident? Morale Reputation Equipment Information.
Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow? Memory review Code review Message division Buffer division.
Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack? parameterized database queries whitelist input values synchronized session tokens use strong ciphers.
What is the PRIMARY purpose for an organization to conduct a security audit? To ensure the organization is adhering to a well-defined standard To ensure the organization is applying security controls to mitigate identified risks To ensure the organization is configuring information systems efficiently To ensure the organization is documenting findings.
How does security in a distributed file system using mutual authentication differ from file security in a multi-user host? Access control can rely on the Operating System (OS), but eavesdropping is not a risk Access control cannot rely on the Operating System (OS), and eavesdropping is a risk Access control can rely on the Operating System (OS), and eavesdropping is a risk Access control cannot rely on the Operating System (OS), and eavesdropping is not a risk.
When defining a set of security controls to mitigate a risk, which of the following actions MUST occur? Each control's effectiveness must be evaluated individually Each control must completely mitigate the risk The control set must adequately mitigate the risk The control set must evenly divide the risk.
Which of the following provides the BEST method to verify that security baseline configurations are maintained? Perform regular system security testing Design security early in the development cycle Analyze logs to determine user activities Perform quarterly risk assessments.
Which of the following is the MOST critical success factor in the security patch management process? Tracking and reporting on inventory Supporting documentation Management review of reports Risk and impact analysis.
Which of the following is MOST important when determining appropriate countermeasures for an identified risk? Interaction with existing controls Organizational risk tolerance Patch availability Cost.
What is the MAIN reason to ensure the appropriate retention periods are enforced for data stored on electronic media? To reduce the carbon footprint by eliminating paper To create an inventory of data assets stored on disk for backup recovery To declassify information that has been improperly classified To reduce the risk of loss, unauthorized access, use, modification, and disclosure.
What is the MAIN objective of risk analysis in Disaster Recovery (DR) planning? Establish Maximum Tolerable Downtime (MTD) Information Systems (IS) Define the variable cost for extended downtime scenarios Identify potential threats to business availability Establish personnel requirements for various downtime scenarios.
A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of which of the following? Transferred risk Inherent risk Residual risk Avoided risk.
Which of the following is MOST important when assigning ownership of an asset to a department? The department should report to the business owner Ownership of the asset should be periodically reviewed Individual accountability should be ensured All members should be trained on their responsibilities.
Which one of the following affects the classification of data? Assigned security label Multilevel Security (MLS) architecture Minimum query size Passage of time.
Report abuse Terms of use
HOME
CREATE TEST
COMMENTS
STADISTICS
RECORDS
Author's Tests