Questions and Answers of Managing Risk In Information Systems

Of the following, what is critical for any DRP?A. Third-party backup softwareB. BudgetC. Alternate locationsD. Fuel for generators
A(n) _______ is a violation of a security policy or security practice.
All events on a system or network are considered computer security incidents.A. TrueB. False
An administrator has discovered that a web server is responding slowly. Investigation shows that the processor, memory, and network resources are being consumed by outside attackers. This is a
A user has installed P2P software on a system, and the organization’s policy specifically states that this is unauthorized. An administrator discovers the software on the user’s system. Is this a
Some malware can execute on a user’s system after the user accesses a website. The malware executes from within the web browser. What type of malware is this?A. VirusB. WormC. Trojan horseD. Mobile
A malicious virus is replicating and causing damage to computers. How do security professionals refer to the virus?A. In the openB. In the containment fieldC. In the jungleD. In the wild
What is the greatest risk to an organization when peer-to-peer software is installed on a user’s system?A. Loss of copyrightsB. Piracy of the organization’s copyrighted materialC. Data leakageD.
Only police or other law enforcement personnel are allowed to do computer forensics investigations.A. TrueB. False
A log shows that a user has copied proprietary data to his computer. The organization wants to take legal action against him, so it seizes the computer as evidence. What should be established as soon
Many steps are taken before, during, and after an incident. Of the following choices, what accurately identifies the incident response life cycle?A. Preparation, deletion and analysis, eradication
In general, members of a CIRT taking actions to attack attackers is acceptable because this is one of the normal responsibilities of a CIRT.A. TrueB. False
After an incident has been verified, it must be kept from spreading to other systems. What is this called?A. Spread avoidanceB. ContainmentC. Incident responseD. Impact and priority calculation.
Which of the following may be included in a CIRT plan?A. PoliciesB. Definition of incidentsC. CIRT member responsibilitiesD. Incident handling proceduresE. All of the aboveF. C and D only
Attackers attempt a DoS attack on servers in an organization. The CIRT responds and mitigates the attack. What should be the last step that the CIRT completes in response to this incident?A.
Several types of malicious code exist. Malware that appears to be one thing but is actually something else is _______.
A(n) ________ is a plan used to restore critical business functions to operation after a disruption or disaster.
A DRP has multiple purposes, which include saving lives, ensuring business continuity, and recovering after a disaster.A. TrueB. False
Disaster recovery and fault tolerance are the same thing.A. TrueB. False
A(n) ________ is an element necessary for success. For example, the success of a DRP depends on elements such as management support and a disaster recovery budget.
A business impact analysis (BIA) includes a maximum acceptable outage (MAO). The MAO is used to determine the amount of time in which a system must be recovered. What term is used in the DRP instead
A certain DRP covers a system that hosts a large database. To ensure that the data is copied to an off-site location, what could be used?A. Data replicationB. Electronic vaultingC. Remote
A copy of backups should be stored ________ to ensure the organization can survive a catastrophic disaster to the primary location.
An alternate location is being considered for a DRP, and the costs need to be minimized. What type of site would be chosen?A. Cold siteB. Warm siteC. Hot siteD. Mobile site
An alternate location is being considered for a DRP, and it must be brought online as quickly as possible. What type of site would be chosen?A. Cold siteB. Warm siteC. Hot siteD. DRP site
An alternate location is being considered for a DRP, and it needs to be a business location that is already running noncritical business functions. This location has most of the equipment needed.
Which of the following elements are commonly included in a DRP?A. BCP, BIA, communications, and recovery proceduresB. BCP, backup plans, and recovery proceduresC. Purpose, scope, communications, and
A hot site is being considered as an alternate location. Various technologies are also being considered to keep the data updated and decrease the time that will be necessary for the hot site to
An organization has created a DRP, but it hasn’t been tested. Which of the following methods can be used to test it?A. Desktop testingB. Simulation testingC. Full-blown DRP testingD. All of the
Once a DRP has been created, it doesn’t need to be updated.A. TrueB. False
A(n) ________ is a plan that helps an organization continue to operate during and after a disruption or disaster.
Business continuity and disaster recovery are the same thing.A. TrueB. False
A BCP includes specific locations, systems, employees, and vendors, and these requirements are identified in the ________ statement.
What is the purpose of a BCP?A. To identify CBFsB. To reduce or eliminate threatsC. To ensure mission-critical elements of an organization continue to operate after a disruptionD. All of the above
What does a BCP help to protect during and after a disruption or disaster?A. Confidentiality, information, and authenticationB. Certifications, identities, and accreditationsC. Mission-critical and
The ________ is responsible for declaring an emergency and activating the BCP.
After a BCP has been activated, who has overall authority for the recovery of systems?A. EMTB. DATC. TRTD. CAT
After a BCP has been activated, who will assess the damages?A. BCP coordinatorB. EMTC. DATD. TRT
After a BCP has been activated, who will recover and restore critical IT services?A. BCP coordinatorB. EMTC. DATD. TRT
What are the three phases of a BCP?A. Notification and activation, transfer, and recoveryB. Notification and activation, recovery, and reconstitutionC. Recovery, renewal, and reconstitutionD.
A major disruption has forced a company to move operations to an alternate location. The disruption is over, and now the process of normalizing operations needs to begin. What operations should be
A major disruption has forced a company to move operations to an alternate location. The disruption is over, and now the process of normalizing operations needs to begin. Several servers have been
What can be done to show that the BCP will work as planned?A. BCP planningB. BCP trainingC. BCP testingD. BCP exercises
What types of exercises can demonstrate a BCP in action? (Select three.)A. Tabletop exercisesB. Functional exercisesC. Pull-the-plug exercisesD. Full-scale exercises
Once a BCP has been developed, it should be reviewed and updated on a regular basis, such as annually.A. TrueB. False
What is included in a risk assessment that helps justify the cost of a control?A. Probability and impactB. ALEC. CBAD. POAM
In developing a BIA, when calculating the costs to determine the impact of an outage for a specific system, both the direct and ________ costs should be calculated.
A cost-benefit analysis is an important part of a BIA.A. TrueB. False
Of the following choices, which is (are) considered best practice(s) related to a BIA?A. Starting with clear objectivesB. Using different data collection methodsC. Mitigating identified risksD. A and
In developing a BIA, what should the critical business functions be mapped to?A. PersonnelB. RevenueC. Replacement costsD. IT systems
Mission-critical business functions are considered vital to an organization. What are they derived from?A. Critical success factorsB. Critical IT resourcesC. Executive leadershipD. Employees
What type of approach does a BIA use?A. Bottom-up approach in which servers or services are examined firstB. Top-down approach in which CBFs are examined firstC. Middle-tier approachD. Best-guess
In a BIA, which one of the following is a direct cost of the impact of an outage for a specific system?A. Loss of customersB. Loss of public goodwillC. Loss of salesD. Lost opportunities
Which of the following statements is true?A. The RPO applies to any systems or functions, whereas the RTO refers only to data housed in databases.B. The RTO applies to any systems or functions,
What is the time required for a system to be recovered called?A. BIA timeB. Maximum acceptable outageC. Recovery time objectivesD. Recovery point objectives
In a BIA, the maximum amount of data loss an organization can accept is called what?A. BIA timeB. Maximum acceptable outageC. Recovery time objectivesD. Recovery point objectives
What are two objectives of a BIA? (Select two.)A. Identifying minimum acceptable outageB. Documenting new policyC. Identifying critical resourcesD. Identifying critical business functions
What defines the boundaries of a business impact analysis?A. MAOB. BCPC. Recovery objectivesD. Scope
The BIA is a part of the ________.
Which of the following can determine what functions are considered critical business functions?A. ClientsB. StakeholdersC. Project teamD. Chief technology officer
The ________ identifies the maximum acceptable downtime for a system.
NIST 800-63 provides guidance on risk management strategies and policies.A. TrueB. False
Of the following items, what one(s) should be included in a cost-benefit analysis report?A. Recommended countermeasureB. Risk to be mitigatedC. CostsD. Annual projected benefitsE. A and C onlyF. A,
A cost-benefit analysis is being performed to determine whether a countermeasure should be used. Which of the following formulas should be applied?A. Loss before countermeasure – Loss after
Two possible countermeasures are being evaluated to mitigate a risk, but management wants to purchase only one. What can be used to determine which countermeasure provides the better cost benefits?A.
A risk assessment was completed three months ago and has recently been approved. What should be done first to implement a mitigation plan?A. Verify risk elementsB. Purchase countermeasuresC. Redo
What can be used to determine the priority of countermeasures?A. Cost-benefit analysisB. Threat likelihood/impact matrixC. Disaster recovery planD. Best guess method
What’s a reasonable amount of time for an account management policy to be completed and approved?A. Twenty minutesB. One dayC. One monthD. One year
Which of the following items are considered facility costs for the implementation of a countermeasure?A. Installation and air-conditioningB. Installation and trainingC. Power and air-conditioningD.
A countermeasure is being reviewed to be added to the mitigation plan. What costs should be considered?A. Initial purchase costsB. Facility costsC. Installation costsD. Training costsE. All of the
The ________ plan will include details on how and when to implement approved countermeasures.
What could a password policy include?A. Length of passwordB. List of required passwordsC. User profilesD. All of the above
What would an account management policy include?A. Details on how to create accountsB. Details on when accounts should be disabledC. Password policyD. A and B onlyE. A, B, and C
The formula for risk is Risk = ________.
A single risk can be mitigated by more than one countermeasure.A. TrueB. False
A(n) ________ countermeasure is one that has been approved and has a date for implementation.
A CBA can be used to justify the purchase of a control.A. TrueB. False
Which of the following is a valid formula used to identify the projected benefits of a control?A. Loss after control − Loss before controlB. Loss before control − Loss after controlC. Cost of
A CBA has been performed on a prospective control. The CBA indicates the cost of the control is about the same as the control’s projected benefits. What should be done?A. Identify the ROIB.
What determines whether an organization is governed by CIPA?A. Whether it is registered with the Securities and Exchange CommissionB. Whether its employees handle health-related informationC. Whether
What determines whether an organization is governed by SOX?A. Whether it is registered with the Securities and Exchange CommissionB. Whether its employees handle health-related informationC. Whether
What determines whether an organization is governed by HIPAA?A. Whether it is registered with the Securities and Exchange CommissionB. Whether its employees handle health-related informationC.
What determines whether an organization is governed by FISMA?A. Whether it is registered with the Securities and Exchange CommissionB. Whether its employees handle health-related informationC.
How much can an organization be fined in a year for HIPAA-related mistakes?A. $100B. $1,000C. $25,000D. $250,000
Which of the following strategies helps reduce security gaps even if a security control fails?A. Access control implementationB. Critical business factor analysisC. Defense in depthD. Business impact
Organizations that violate GDPR rules may be fined ____________ or _______________ of their annual global turnover, whichever is greater.
What can an organization use to remind users of an AUP’s contents?A. Logon bannersB. PostersC. EmailsD. All of the above
What would be used to identify mission-critical systems?A. Critical outage timesB. Critical business functionsC. PCI DSS reviewD. Disaster recovery plan
An organization wants to have an agreement with a vendor for an expected level of performance for a service that includes ensuring that monetary penalties are assessed if the minimum uptime
MAO is the minimal acceptable outage that a system or service can experience before its mission is affected.A. TrueB. False
A ________ is used to identify the impact on an organization if a risk occurs.
The web of trust has a centralized trust model.A. TrueB. False
Which of the following is a physical control?A. Logon identifiersB. CCTVC. EncryptionD. BCP
Which of the following is a technical control?A. PKIB. Awareness and trainingC. GuardsD. Electrical grounding
Which of the following is a procedural control?A. Session time-outB. Reasonableness checkC. Water detectionD. DRP
An organization wants to issue certificates for internal systems, such as an internal web server. A ________ will need to be installed to issue and manage certificates.
What should be logged in an audit log?A. All system eventsB. All security-related eventsC. The details of what happened for an eventD. Who, what, when, and where details of an event
What can be used to ensure confidentiality of sensitive data?A. EncryptionB. HashingC. Digital signatureD. Nonrepudiation
What should be used to ensure that users understand what they can and cannot do on systems within the network?A. Acceptable use bannerB. Data range checksC. Rules of behaviorD. Audit trails
Logon identifiers help ensure that users cannot deny taking a specific action, such as deleting a file. What is this called?A. Digital signatureB. EncryptionC. NonrepudiationD. PKI

Showing 1 - 100 of 225