3 Months Free Update
3 Months Free Update
3 Months Free Update
Which of the following are the perspectives considered to ensure the confidentiality, integrity, and availability of an organization's assets, information, data, and IT services?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following types of social engineering attacks is a term that refers to going through someone's trash to find out useful or confidential information?
The Information Security Officer (ISO) of Blue Well Inc. wants to have a list of security measures put together. What should be done before security measures are selected by the Information Security Officer?
You work as an Information Security Manager for uCertify Inc. The company has made a contract with a third party software company to make a software program for personal use. You have been assigned the task to share the organization's personal requirements regarding the tool to the third party. Which of the following documents should be first signed by the third party?
You work as an Information Security Manager for uCertify Inc. You have been assigned the task to create the documentation on control A.7.2 of the ISO standard. Which of the following is the chief concern of control A.7.2?
You are working with a company that depends on real time data being available to employees, thus performance is an issue. They are trying to select the best method for handing the situation of a hard drive crashing. Which of the following would you recommend to them?
Which of the following are the sub-elements of environmental security?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Software Developer for TechNet Inc. He has recently been fired, as he was caught doing some illegal work in the organization. Before leaving the organization, he decided to retaliate against the organization. He deleted some of the system files and made some changes in the registry files created by him. Which of the following types of attacks has Mark performed?
Which of the following documents is developed along the risk management processes to monitor and control risks?
Which of the following statements MOST closely depicts the difference between qualitative risk analysis and quantitative risk analysis?
Which of the following should be considered while calculating the costs of the outage?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following roles is responsible for the review and risk analysis of all the contracts on regular basis?
Which of the following are the various types of security measures?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Data Center Manager for TechNet Inc. A few days ago, he published a blog about himself during his working hours. However, as per the organization's policy, any member of the organization cannot use any resources of the organization for his personal use. Since Mark has violated the policy, he should go to an internal committee and be informed of his rights in the matter. Which of the following practices is being implemented?
Which of the following are security design principles required for information protection?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following protects original works of authorship including literary, dramatic, musical, artistic, and other intellectual works?
John works as a Security Administrator for uCertify Inc. As per his past experience, he wants to make a policy stating that any hardware devices containing information about the organization should be destroyed properly before they are thrown. After applying this policy, John will be able to ensure that the information on the devices will not fall into the hands of unauthorized persons after properly discarding the devices.
Which of the following types of policies is John going to create?
Which of the following are the valid reasons for the occurrence of Drive-by download?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. You need to make the documentation on change management. What are the advantages of change management?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following indicates that the project team has decided not to change the project management plan to deal with a risk?
Risk analysis provides a great deal of useful information. It has four main objectives. Which of the following is not an objective of risk analysis?
The usage of pre-numbered forms for initiating a transaction is an example of which of the following types of control?
Which of the following are the purposes of security awareness, training, and education?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are steps of vulnerability management programs?
Each correct answer represents a complete solution. Choose all that apply.
An Active Attack is a type of steganography attack in which the attacker changes the carrier during the communication process. Which of the following techniques is used for smoothing the transition and controlling contrast on the hard edges, where there is significant color transition?
Which of the following surveys found that the smaller organizations had had a better understanding of their information assets?
Which of the following statements is true about annualized loss expectancy?
You are setting up file permissions on a Windows server. Different users have different access needs. What should be your guiding principal in assigning file permissions?
Which of the following are the negative points of CRAMM?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Administrator for uCertify Inc. You are working on a project related to various security policies. Which of the following information security standards ensures conformance with information security policies, standards, laws, and regulations?
Which of the following phases of the PDCA model is the monitoring and controlling phase of the Information Security Management System (ISMS)?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following is an intangible asset?
Which of the following pillars of Basel II is concerned with maintenance of regulatory capital intended for three major components of risk that a bank faces, which are credit risk, operational risk, and market risk?
Which of the following is the basic requirement to install WinDump on a Windows computer system?
Which of the following concepts or terms states that changes related to one requirement, i.e., scope, time, or cost, will at least influence one other element?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to classify different information assets used in your organization. Which of the following should be the basis of your classification?
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?
You work as a Security Administrator for uCertify Inc. You have made a plan to increase the security of the organization and you want to show this to the CEO of the organization. But, you do not want to share this information with others. Therefore, you want to classify this information.
Which of the following will be the suitable classification to accomplish the task?
Mark works as a security manager for SoftTech Inc. He is performing a security awareness program. To be successful in performing the awareness program, he should take into account the needs and current levels of training and understanding of the employees and audience. There are five key ways, which Mark should keep in mind while performing this activity:
l Current level of computer usage
l What the audience really wants to learn
l How receptive the audience is to the security program
l How to gain acceptance
l Who might be a possible ally
Which of the following activities is performed in this security awareness process?
David works as the Manager for Tech Mart Inc. An incident had occurred ten months ago due to which the company suffered too much losses. David has been assigned the task to submit a report on the losses incurred by the company in a year. Which of the following should David calculate in order to submit the report containing annualized loss expectancy?
Each correct answer represents a complete solution. Choose all that apply.
Mark is the project manager of the HAR Project. The project is scheduled to last for eighteen months and six months already passed. Management asks Mark that how often the project team is participating in the risk reassessment of this project. What should Mark tell management if he is following the best practices for risk management?
Mark works as a Network Security Administrator for uCertify Inc. He is responsible for securing and analyzing the network of the organization. Mark is concerned about the current network security, as individuals can access the network with bypass authentication, thus allowing them to get more permissions than allotted. Which of the following is responsible for this type of privilege escalation?
Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:
1. Smoothening and decreasing contrast by averaging the pixels of the area where
significant color transitions occurs.
2. Reducing noise by adjusting color and averaging pixel value.
3. Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?
Which formula will you use to calculate the estimated average cost of 1 hour of downtime?
Fill in the blank with an appropriate phrase.
The______ is concerned with rebuilding production processing and determining the criticality of data.
Which of the following individuals calculates the recovery time and cost estimates while performing a business impact analysis (BIA)?
Diane is the project manager of the HGF Project. A risk that has been identified and analyzed in the project planning processes is now coming into fruition. What individual should respond to the risk with the preplanned risk response?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to make a document on the classification of information assets. Which of the following controls of the ISO standard provides guidelines on the classification of information?
Sam is the CEO of Gentech Inc. The company is located in New York. He has to start a new project in order to increase the overall revenue of the company. Sam has to develop an ISMS policy. In which of the following phases of the PDCA cycle will Sam accomplish the task?
Which of the following are responsibilities of the Service Level Manager?
Each correct answer represents a complete solution. Choose all that apply.
David works as the Network Administrator for uCertify Inc. He has been asked to perform risk analysis. He decides to do it by using CRAMM. The CEO wants to know the negative points of CRAMM which is going to be used by David. Which of the following points will David tell the CEO of the organization?
You work as a Security Professional for uCertify Inc. You have been assigned the task to calculate the Recovery Time Objective for particular outage duration. Which of the following should be included in the Recovery Time Objective?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Software Developer for TechNet Inc. He has recently been fired, as he was caught doing some illegal work in the organization. Before leaving the organization, he decided to retaliate against the organization. He deleted some of the system files and made some changes in the registry files created by him. Which of the following types of attacks has Mark performed?
Fill in the blank with the appropriate term.
______is a prime example of a high-interaction honeypot.
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following is an intangible asset?
Which of the following laws or acts enforces the prohibition against cyber stalking?
Mark is the project manager of the NHQ project in StarTech Inc. The project has an asset valued at $195,000 and is subjected to an exposure factor of 35 percent. What will be the Single Loss Expectancy of the project?
Which of the following is a list of specific actions being taken to deal with specific risks associated with the threats?