Which of the following systems helps to detect the "abuse of privileges" attack that does not
actually involve exploiting any security vulnerability?
You work as a Network administrator for Infonet Inc. The company has 135 Windows XP Professional computers and twenty Windows 2003 Server computers. You want to specify the number of invalid logon attempts allowed before a user account is locked out. What will you do to accomplish the task?
Which of the following workforces works to handle the incidents in an enterprise?
You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?
Which of the following systems commonly resides on a discrete network segment and monitors the traffic on that network segment?
Which of the following components in a TCB acts as the boundary that separates the TCB from the remainder of the system?
Which of the following actions can be performed by using the principle of separation of duties?
Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?
Fill the measurement of SFX form factor style power supply in the blank space.
The SFX form factor style power supply is ___________mm wide, mm deep, and mm in height.
Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?
Which of the following processes helps to quantify the impact of potential threats to put a price or value on the cost of lost business functionality?
Which of the following plans provides procedures for recovering business operations immediately following a disaster?
Software Development Life Cycle (SDLC) is a logical process used by the programmers to develop software. Which SDLC phase meets the following audit objectives? l System and data are validated. l System meets all user requirements.
l System meets all control requirements.
Mark works as a Network Administrator for NetTech Inc. Mark is testing the disaster recovery plan of the company. During the testing of the recovery plan, he finds that some servers have been restored with another server's data. What will Mark do to improve the disaster recovery plan?
Which of the following terms describes the determination of the effect of changes to the
information system on the security of the information system?
Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will he use to fulfill this requirement?
Fill in the blank with the appropriate phrase.
__________________ is the process of obtaining access using legitimate credentials, and then attempting to leverage that into access to unauthorized system resources.
Which of the following individuals incorporates risk assessment in training programs for the
organization's personnel?
In which of the following managing styles does the manager supervise subordinates very closely and give detail directions?
Which of the following cryptographic system services ensures that the information will not be disclosed to any unauthorized person on a local network?
Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions?
Each correct answer represents a complete solution. Choose all that apply.
Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question?
Each correct answer represents a part of the solution. Choose three.
You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?
Which of the following subphases are defined in the maintenance phase of the life cycle models?
Each correct answer represents a part of the solution. Choose all that apply.
Which of the following processes involves taking measures to alter or improve the risk position of an asset throughout the company?
Which of the following terms best describes the presence of any potential event that causes an undesirable impact on the organization?
Which of the following SSE-CMM security engineering Process Areas (PA) specifies the security needs?
Which of the following documents is necessary to continue the business in the event of disaster or emergency?
Which of the following concepts represent the three fundamental principles of information security?
Each correct answer represents a complete solution. Choose three.
Which of the following acts of information security governance affects the financial institutions?
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses of the disaster. In which of the following disaster recovery tests can this task be performed?
Joseph is a merchant. He lives in an area that is prone to natural disasters. What will he do to save his data from a disaster?
Which of the following classification schemes is considered to be of a personal nature and is
intended for company use only?
Which of the following Tier 1 policies will identify who is responsible for what?
Which of the following is a duplicate of the original site of an organization, with fully working
systems as well as near-complete backups of user data?
Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large?
Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?
You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?
Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?
Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?
Which of the following sites is a non-mainstream alternative to a traditional recovery site?
ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO 17799. What are the ISO 17799 domains?
Each correct answer represents a complete solution. Choose all that apply.