In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure, including the interruption of service, restoration of data from backups, and notification of appropriate individuals? a. Full-interruption b. Desk check c. Simulation d. Structured walk-through

Which act requires organizations that retain health care information to use InfoSec mechanisms to protect this information, as well as policies and procedures to maintain them?

	a.	Sarbanes-Oxley
	b.	Gramm-Leach-Bliley
	c.	HIPAA
	d.	ECPA

Strategies to limit losses before and during a realized adverse event is covered by which of the following plans in the mitigation control approach?

	a.	damage control plan
	b.	disaster recovery plan
	c.	incident response plan
	d.	business continuity plan

The InfoSec measurement development process recommended by NIST is is divided into two major activities. Which of the following is one of them?

	a.	Compare organizational practices against organizations of similar characteristics
	b.	Regularly monitor and test networks
	c.	Maintain a vulnerability management program
	d.	Identification and definition of the current InfoSec program

The risk control strategy that attempts to reduce the impact of the loss caused by a realized incident, disaster, or attack through effective contingency planning and preparation is known as the mitigation risk control strategy. ____________

True

False

Application of training and education is a common method of which risk control strategy?

	a.	acceptance
	b.	mitigation
	c.	transferal
	d.	defense

"Shoulder spying" is used in public or semi-public settings when individuals gather information they are not authorized to have by looking over another individuals shoulder or viewing the information from a distance. _________________________

True

False

Which of the following is NOT a CISSP concentration?

	a.	ISSAP
	b.	ISSTP
	c.	ISSMP
	d.	ISSEP