Question $1(1$ point$)$

Which is the typical risk equation?

Question $1$ options:

Risk $=$ Likelihood x Vulnerability

Risk $=$ Threat x Vulnerability

Risk $=$ Threat x Likelihood

Risk $=$ Vulnerability x Cost

Question $2(1$ point$)$

What is the main purpose of risk identification in an organization?

Question $2$ options:

To make the organization's personnel aware of existing risk

To create a business continuity plan $($BCP$)$

To create a disaster recovery plan $($DRP$)$

To understand threats to critical resources

Question $3(1$ point$)$

Hajar is developing a business impact assessment for her organization. She is working with business units to determine the target state of recovered data that allows the organization to continue normal processing after a major interruption. Which of the following is Hajar determining?

Question $3$ options:

Recovery time objective $($RTO$)$

Recovery point objective $($RPO$)$

Business recovery requirements

Technical recovery requirements

Question $4(1$ point$)$

What is the first priority when responding to a disaster recovery effort?

Question $4$ options:

Determining the cause of the event

Following the disaster recovery plan $($DRP$)$

Communicating with all affected parties

Ensuring that everyone is safe

Question $5(1$ point$)$

Dawn is selecting an alternative processing facility for her organization's primary data center. She needs a facility with the least switchover time, even if it's the most expensive option. What is the most appropriate option in this situation?

Question $5$ options:

Hot site

Warm site

Cold site

Mobile site

Question $6(1$ point$)$

What level of technology infrastructure should you expect to find in a cold site alternative data center facility?

Question $6$ options:

Hardware and data that mirror the primary site

Hardware that mirrors the primary site, but no data

Basic computer hardware

No technology infrastructure

Question $7(1$ point$)$

Isabella is in charge of the disaster recovery plan $($DRP$)$ team. She needs to ensure that data center operations will transfer smoothly to an alternate site in the event of a major interruption. She plans to run a complete test that will interrupt the primary data center and transfer processing capability to a hot site. What option is described in this scenario?

Question $7$ options:

Structured walk$-$through

Full$-$interruption test

Parallel test

Simulation test

Question $8(1$ point$)$

Which of the following is an example of a reactive disaster recovery plan?

Question $8$ options:

Moving to a warm site

Disk mirroring

Surge suppression

Antivirus software

Question $9(1$ point$)$

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

Question $9$ options:

Disaster recovery plan $($DRP$)$

Business impact analysis $($BIA$)$

Business continuity plan $($BCP$)$

Service$-$level agreement $($SLA$)$

Question $10(1$ point$)$

Which of the following is not true of gap analysis?

Question $10$ options:

The difference between the security controls that are in place and the controls that are necessary to address all vulnerabilities is called the security gap.

Threats that you do not address through at least one control indicate gaps in the security.

A gap analysis can be performed only through a formal investigation.

One important aspect of a gap analysis is determining the cause of the gap.

Question $11(1$ point$)$

Aditya recently assumed an information security role for a financial institution located in the United States. He is tasked with assessing the institution's risk profile and cybersecurity maturity level. What compliance regulation applies specifically to Aditya's institution?

Question $11$ options:

FFIEC

FISMA

HIPAA

PCI DSS

Question $12(1$ point$)$

What compliance regulation is similar to the European Union $($EU$)$ General Data Protection Regulation $($GDPR$)$ of $2016$ and focuses on individual privacy and rights of data owners?

Question $12$ options:

California Security Breach Information Act $($SB $1386)$ of $2003$

Sarbanes$-$Oxley Act $($SOX$)$

California Consumer Privacy Act $($CCPA$)$ of $2018$

Gramm$-$Leach$-$Bliley Act $($GLBA$)$

Question $13(1$ point$)$

What compliance regulation focuses on management and evaluation of the security of unclassified and national security systems?

Question $13$ options:

Government Information Security Reform Act $($Security Reform Act$)$ of $2000$

The USA PATRIOT Act of $2001$

Federal Information Security Management Act $($FISMA$)$

Gramm$-$Leach$-$Bliley Act $($GLBA$)$

Question $14(1$ point$)$

Which of the following is an example of an authorization control?

Question $14$ options:

Biometric device

Digital certificate

Access control list