Question 1

What are the steps in contingency planning?

Accepted Answer

1.The IR plan focuses on immediate response,but if the attack escalates or is disastrous (such as a fire,flood,earthquake,or total blackout)the process moves on to disaster recovery and business continuity.

2.The DR plan typically focuses on restoring systems at the original site after disasters occur,and as such is closely associated with the BC plan.

3.The BC plan runs concurrently with DRP when the damage is major or long term,requiring more than simple restoration of information and information resources.The BC plan establishes critical business functions at an alternate site.

Question 2

____ is defined as "the ownership of ideas and control over the tangible or virtual representation of those ideas".

Accepted Answer

A) Avoidance 
B) Trojan horse 
C) Malware 
D) Intellectual property 
A) Avoidance 
B) Trojan horse 
C) Malware 
D) Intellectual property D

Question 3

The threat of corruption can occur while information is being stored or transmitted.____ is the prevention of that corruption.

Accepted Answer

A) Risk assessment 
B) Availability 
C) Integrity 
D) Confidentiality 
A) Risk assessment 
B) Availability 
C) Integrity 
D) Confidentiality C

Question 4

A(n)____ is prepared by the organization to anticipate,react to,and recover from events that threaten the security of information and information assets in the organization,and,subsequently,to restore the organization to normal modes of business operations.

Accepted Answer

A) threat 
B) social plan 
C) contingency plan 
D) asset 
A) threat 
B) social plan 
C) contingency plan 
D) asset

Question 5

An asset can be logical,such as a Web site,information,or data;or an asset can be physical,such as a person,computer system,or other tangible object.

Accepted Answer

A) True 
 B)False

Question 6

Match each statement with an item below.
-The risk that remains to the information asset even after the existing control has been applied.

Accepted Answer

A) Threat agent 
B) Intellectual property 
C) Hacker 
D) Computer viruses 
E) Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards 
A) Threat agent 
B) Intellectual property 
C) Hacker 
D) Computer viruses 
E) Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Question 7

The ____ has been the industry standard for computer security since the development of the mainframe.

Accepted Answer

A) disaster recovery plan 
B) C.I.A.triangle 
C) strategic plan 
D) asset classification 
A) disaster recovery plan 
B) C.I.A.triangle 
C) strategic plan 
D) asset classification

Question 8

A(n)____ is a category of objects,persons,or other entities that pose a potential risk of loss to an asset.

Accepted Answer

A) payload 
B) intellectual property 
C) Trojan horse 
D) threat 
A) payload 
B) intellectual property 
C) Trojan horse 
D) threat

Question 9

What are the subordinate functions of contingency planning?

Accepted Answer

Contingency planning involves

Question 10

Match each statement with an item below.
-The process used to identify and then control risks to an organization's information assets.

Accepted Answer

A) Threat agent 
B) Intellectual property 
C) Hacker 
D) Computer viruses 
E) Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards 
A) Threat agent 
B) Intellectual property 
C) Hacker 
D) Computer viruses 
E) Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Question 11

What is difference between access control lists and configuration rules?

Accepted Answer

Access control lists (ACLs): Lists,matri

Question 12

____ enables authorized users - persons or computer systems - to access information without interference or obstruction,and to receive it in the required format.

Accepted Answer

A) Integrity 
B) Availability 
C) Confidentiality 
D) Risk assessment 
A) Integrity 
B) Availability 
C) Confidentiality 
D) Risk assessment

Question 13

Match each statement with an item below.
-Detailed statements of what must be done to comply with policy.

Accepted Answer

A) Threat agent 
B) Intellectual property 
C) Hacker 
D) Computer viruses 
E) Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards 
A) Threat agent 
B) Intellectual property 
C) Hacker 
D) Computer viruses 
E) Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Question 14

For the purpose of relative risk assessment,____________________ equals likelihood of vulnerability occurrence times value (or impact)minus percentage risk already controlled plus an element of uncertainty.

Accepted Answer

The answer of For the purpose of relative risk assessment,____________________...

Question 15

A(n)____ is a plan or course of action used by an organization to convey instructions from its senior-most management to those who make decisions,take actions,and perform other duties on behalf of the organization.

Accepted Answer

A) policy 
B) assessment 
C) asset 
D) residual risk 
A) policy 
B) assessment 
C) asset 
D) residual risk

Question 16

What are some of the criteria to be considered when conducting an information asset valuation?

Accepted Answer

Among the criteria to be considered are:

Question 17

Match each statement with an item below.
-The probability that a specific vulnerability within an organization will be successfully attacked.

Accepted Answer

A) Threat agent 
B) Intellectual property 
C) Hacker 
D) Computer viruses 
E) Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards 
A) Threat agent 
B) Intellectual property 
C) Hacker 
D) Computer viruses 
E) Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Question 18

____ of risk is the choice to do nothing to protect a vulnerability,and to accept the outcome of its exploitation.

Accepted Answer

A) Inheritance 
B) Acceptance 
C) Avoidance 
D) Mitigation 
A) Inheritance 
B) Acceptance 
C) Avoidance 
D) Mitigation

Question 19

Match each statement with an item below.
-A specific and identifiable instance of a general threat.

Accepted Answer

A) Threat agent 
B) Intellectual property 
C) Hacker 
D) Computer viruses 
E) Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards 
A) Threat agent 
B) Intellectual property 
C) Hacker 
D) Computer viruses 
E) Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards

Question 20

____________________ is the process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality,integrity,and availability of all the components in the organization's information system.

Accepted Answer

The answer of ____________________ is the process of identifying vulnerabilities...

What are the steps in contingency planning?

____ is defined as "the ownership of ideas and control over the tangible or virtual representation of those ideas".

The threat of corruption can occur while information is being stored or transmitted.____ is the prevention of that corruption.

A(n)____ is prepared by the organization to anticipate,react to,and recover from events that threaten the security of information and information assets in the organization,and,subsequently,to restore the organization to normal modes of business operations.

An asset can be logical,such as a Web site,information,or data;or an asset can be physical,such as a person,computer system,or other tangible object.

Match each statement with an item below. -The risk that remains to the information asset even after the existing control has been applied.

The ____ has been the industry standard for computer security since the development of the mainframe.

A(n)____ is a category of objects,persons,or other entities that pose a potential risk of loss to an asset.

What are the subordinate functions of contingency planning?

Match each statement with an item below. -The process used to identify and then control risks to an organization's information assets.

What is difference between access control lists and configuration rules?

____ enables authorized users - persons or computer systems - to access information without interference or obstruction,and to receive it in the required format.

Match each statement with an item below. -Detailed statements of what must be done to comply with policy.

For the purpose of relative risk assessment,____________________ equals likelihood of vulnerability occurrence times value (or impact)minus percentage risk already controlled plus an element of uncertainty.

A(n)____ is a plan or course of action used by an organization to convey instructions from its senior-most management to those who make decisions,take actions,and perform other duties on behalf of the organization.

What are some of the criteria to be considered when conducting an information asset valuation?

Match each statement with an item below. -The probability that a specific vulnerability within an organization will be successfully attacked.

____ of risk is the choice to do nothing to protect a vulnerability,and to accept the outcome of its exploitation.

Match each statement with an item below. -A specific and identifiable instance of a general threat.

____________________ is the process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality,integrity,and availability of all the components in the organization's information system.

Planning for Organizational Readiness

Incidence Response: Preparation, Organization, and Prevention

Incident Response: Detection and Decision Making

Incidence Response: Reaction, Recovery, and Maintenance

Contingency Strategies for Business Resumption Planning

Disaster Recovery: Preparation and Implementation

Disaster Recovery: Operation and Maintenance

Business Continuity Preparation and Implementation

Business Continuity Operations and Maintenance

Crisis Management and Human Factors

Filters

Exam 1: Contingency Planning Within Information Security

What are the steps in contingency planning?

____ is defined as "the ownership of ideas and control over the tangible or virtual representation of those ideas".

The threat of corruption can occur while information is being stored or transmitted.____ is the prevention of that corruption.

A(n)____ is prepared by the organization to anticipate,react to,and recover from events that threaten the security of information and information assets in the organization,and,subsequently,to restore the organization to normal modes of business operations.

An asset can be logical,such as a Web site,information,or data;or an asset can be physical,such as a person,computer system,or other tangible object.

Match each statement with an item below. -The risk that remains to the information asset even after the existing control has been applied.

The ____ has been the industry standard for computer security since the development of the mainframe.

A(n)____ is a category of objects,persons,or other entities that pose a potential risk of loss to an asset.

What are the subordinate functions of contingency planning?

Match each statement with an item below. -The process used to identify and then control risks to an organization's information assets.

What is difference between access control lists and configuration rules?

____ enables authorized users - persons or computer systems - to access information without interference or obstruction,and to receive it in the required format.

Match each statement with an item below. -Detailed statements of what must be done to comply with policy.

For the purpose of relative risk assessment,____________________ equals likelihood of vulnerability occurrence times value (or impact)minus percentage risk already controlled plus an element of uncertainty.

A(n)____ is a plan or course of action used by an organization to convey instructions from its senior-most management to those who make decisions,take actions,and perform other duties on behalf of the organization.

What are some of the criteria to be considered when conducting an information asset valuation?

Match each statement with an item below. -The probability that a specific vulnerability within an organization will be successfully attacked.

____ of risk is the choice to do nothing to protect a vulnerability,and to accept the outcome of its exploitation.

Match each statement with an item below. -A specific and identifiable instance of a general threat.

____________________ is the process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality,integrity,and availability of all the components in the organization's information system.

Planning for Organizational Readiness

Incidence Response: Preparation, Organization, and Prevention

Incident Response: Detection and Decision Making

Incidence Response: Reaction, Recovery, and Maintenance

Contingency Strategies for Business Resumption Planning

Disaster Recovery: Preparation and Implementation

Disaster Recovery: Operation and Maintenance

Business Continuity Preparation and Implementation

Business Continuity Operations and Maintenance

Crisis Management and Human Factors

Filters