Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 1: Contingency Planning Within Information Security

Full screen (f)
exit full mode
Question
A(n)____ is a category of objects,persons,or other entities that pose a potential risk of loss to an asset.

A)payload
B)intellectual property
C)Trojan horse
D)threat
Use Space or
up arrow
down arrow
to flip the card.
Question
The ____ has been the industry standard for computer security since the development of the mainframe.

A)disaster recovery plan
B)C.I.A.triangle
C)strategic plan
D)asset classification
Question
____ is the control approach that attempts to shift the risk to other assets,other processes,or other organizations.

A)Transference
B)Mitigation
C)Acceptance
D)Avoidance
Question
____ ensures that only those with the rights and privileges to access information are able to do so.

A)Confidentiality
B)Availability
C)Integrity
D)Risk assessment
Question
An asset can be logical,such as a Web site,information,or data;or an asset can be physical,such as a person,computer system,or other tangible object.
Question
A ____ attack seeks to deny legitimate users access to services by either tying up a server's available resources or causing it to shut down.

A)Trojan horse
B)DoS
C)social engineering
D)spyware
Question
____ enables authorized users - persons or computer systems - to access information without interference or obstruction,and to receive it in the required format.

A)Integrity
B)Availability
C)Confidentiality
D)Risk assessment
Question
A(n)____ is prepared by the organization to anticipate,react to,and recover from events that threaten the security of information and information assets in the organization,and,subsequently,to restore the organization to normal modes of business operations.

A)threat
B)social plan
C)contingency plan
D)asset
Question
An information security policy provides rules for the protection of the information assets of the organization.
Question
____ hack systems to conduct terrorist activities through network or Internet pathways.

A)Cyberterrorists
B)Script kiddies
C)Programmers
D)Social engineers
Question
____ is the process of examining and documenting the security posture of an organization's information technology and the risks it faces.

A)Risk identification
B)Data classification
C)Security clearance
D)DR
Question
____ of risk is the choice to do nothing to protect a vulnerability,and to accept the outcome of its exploitation.

A)Inheritance
B)Acceptance
C)Avoidance
D)Mitigation
Question
IRP focuses more on preparations completed before and actions taken after the incident,whereas DRP focuses on intelligence gathering,information analysis,coordinated decision making,and urgent,concrete actions.
Question
The vision of an organization is a written statement of an organization's purpose.
Question
____ is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.

A)Avoidance
B)Transference
C)Acceptance
D)Mitigation
Question
____ is defined as "the ownership of ideas and control over the tangible or virtual representation of those ideas".

A)Avoidance
B)Trojan horse
C)Malware
D)Intellectual property
Question
____ assigns a risk rating or score to each information asset.While this number does not mean anything in absolute terms,it is useful in gauging the relative risk to each vulnerable information asset and facilitates the development of comparative ratings later in the risk control process.

A)BC
B)Risk assessment
C)DR
D)Avoidance
Question
____ is the risk control strategy that attempts to prevent the exploitation of the vulnerability.

A)Acceptance
B)Transference
C)Avoidance
D)Mitigation
Question
Once intellectual property (IP)has been defined and properly identified,breaches in the controls that have been placed around the IP constitute a threat to the security of this information.
Question
The threat of corruption can occur while information is being stored or transmitted.____ is the prevention of that corruption.

A)Risk assessment
B)Availability
C)Integrity
D)Confidentiality
Question
A(n)____ is a plan or course of action used by an organization to convey instructions from its senior-most management to those who make decisions,take actions,and perform other duties on behalf of the organization.

A)policy
B)assessment
C)asset
D)residual risk
Question
Match each statement with an item below.

-The risk that remains to the information asset even after the existing control has been applied.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Question
Match each statement with an item below.

-The probability that a specific vulnerability within an organization will be successfully attacked.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Question
Match each statement with an item below.

-Segments of code that perform malicious actions.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Question
Information has the characteristic of ____________________ when disclosure or exposure to unauthorized individuals or systems is prevented.
Question
Match each statement with an item below.

-A person who uses and creates computer software to gain access to information illegally.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Question
Match each statement with an item below.

-Something that looks like a desirable program or tool,but that is in fact a malicious entity.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Question
____________________ is the process of applying controls to reduce the risks to an organization's data and information systems.
Question
A(n)____ is an investigation and assessment of the impact that various attacks can have on the organization.

A)BIA
B)intellectual property
C)incident
D)threat
Question
____________________ is the process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality,integrity,and availability of all the components in the organization's information system.
Question
____ is the process of moving the organization toward its vision.

A)Transference
B)Avoidance
C)Strategic planning
D)Mitigation
Question
A ____ deals with the preparation for and recovery from a disaster,whether natural or man-made.

A)mitigation plan
B)disaster recovery plan
C)risk management
D)risk assessment
Question
A(n)____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality,integrity,or availability.

A)threat
B)Trojan horse
C)worm
D)incident
Question
Match each statement with an item below.

-Detailed statements of what must be done to comply with policy.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Question
For the purpose of relative risk assessment,____________________ equals likelihood of vulnerability occurrence times value (or impact)minus percentage risk already controlled plus an element of uncertainty.
Question
Match each statement with an item below.

-The process used to identify and then control risks to an organization's information assets.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Question
Match each statement with an item below.

-A specific and identifiable instance of a general threat.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Question
Match each statement with an item below.

-Includes trade secrets,copyrights,trademarks,and patents.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Question
____________________ is defined by the Committee on National Security Systems (CNSS)as the protection of information and its critical elements,including the systems and hardware that use,store,and transmit that information.
Question
A ____ is a document that expresses how an organization ensures that critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site if a catastrophic incident or disaster occurs.

A)risk assessment plan
B)business continuity plan
C)Trojan horse
D)worm
Question
Once the project team for information security development creates a ranked vulnerability worksheet,the team must choose one of four basic strategies to control each of the risks that result from these vulnerabilities.List the four strategies.
Question
What is the difference between a disaster recovery plan and a business continuity plan?
Question
What are some of the criteria to be considered when conducting an information asset valuation?
Question
What is difference between access control lists and configuration rules?
Question
What is a polymorphic threat?
Question
What are some of the key elements that a security policy should have in order to remain viable?
Question
What are the subordinate functions of contingency planning?
Question
What are the steps in contingency planning?
Question
What is the difference between avoidance of risk and acceptance of risk?
Question
What is the difference between transference and mitigation?
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 1: Contingency Planning Within Information Security
1
A(n)____ is a category of objects,persons,or other entities that pose a potential risk of loss to an asset.

A)payload
B)intellectual property
C)Trojan horse
D)threat
D
2
The ____ has been the industry standard for computer security since the development of the mainframe.

A)disaster recovery plan
B)C.I.A.triangle
C)strategic plan
D)asset classification
B
3
____ is the control approach that attempts to shift the risk to other assets,other processes,or other organizations.

A)Transference
B)Mitigation
C)Acceptance
D)Avoidance
A
4
____ ensures that only those with the rights and privileges to access information are able to do so.

A)Confidentiality
B)Availability
C)Integrity
D)Risk assessment
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
An asset can be logical,such as a Web site,information,or data;or an asset can be physical,such as a person,computer system,or other tangible object.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
A ____ attack seeks to deny legitimate users access to services by either tying up a server's available resources or causing it to shut down.

A)Trojan horse
B)DoS
C)social engineering
D)spyware
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
____ enables authorized users - persons or computer systems - to access information without interference or obstruction,and to receive it in the required format.

A)Integrity
B)Availability
C)Confidentiality
D)Risk assessment
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
A(n)____ is prepared by the organization to anticipate,react to,and recover from events that threaten the security of information and information assets in the organization,and,subsequently,to restore the organization to normal modes of business operations.

A)threat
B)social plan
C)contingency plan
D)asset
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
An information security policy provides rules for the protection of the information assets of the organization.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
____ hack systems to conduct terrorist activities through network or Internet pathways.

A)Cyberterrorists
B)Script kiddies
C)Programmers
D)Social engineers
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
____ is the process of examining and documenting the security posture of an organization's information technology and the risks it faces.

A)Risk identification
B)Data classification
C)Security clearance
D)DR
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
____ of risk is the choice to do nothing to protect a vulnerability,and to accept the outcome of its exploitation.

A)Inheritance
B)Acceptance
C)Avoidance
D)Mitigation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
IRP focuses more on preparations completed before and actions taken after the incident,whereas DRP focuses on intelligence gathering,information analysis,coordinated decision making,and urgent,concrete actions.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
The vision of an organization is a written statement of an organization's purpose.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
____ is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.

A)Avoidance
B)Transference
C)Acceptance
D)Mitigation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
____ is defined as "the ownership of ideas and control over the tangible or virtual representation of those ideas".

A)Avoidance
B)Trojan horse
C)Malware
D)Intellectual property
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
____ assigns a risk rating or score to each information asset.While this number does not mean anything in absolute terms,it is useful in gauging the relative risk to each vulnerable information asset and facilitates the development of comparative ratings later in the risk control process.

A)BC
B)Risk assessment
C)DR
D)Avoidance
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
____ is the risk control strategy that attempts to prevent the exploitation of the vulnerability.

A)Acceptance
B)Transference
C)Avoidance
D)Mitigation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Once intellectual property (IP)has been defined and properly identified,breaches in the controls that have been placed around the IP constitute a threat to the security of this information.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
The threat of corruption can occur while information is being stored or transmitted.____ is the prevention of that corruption.

A)Risk assessment
B)Availability
C)Integrity
D)Confidentiality
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
A(n)____ is a plan or course of action used by an organization to convey instructions from its senior-most management to those who make decisions,take actions,and perform other duties on behalf of the organization.

A)policy
B)assessment
C)asset
D)residual risk
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Match each statement with an item below.

-The risk that remains to the information asset even after the existing control has been applied.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
Match each statement with an item below.

-The probability that a specific vulnerability within an organization will be successfully attacked.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
Match each statement with an item below.

-Segments of code that perform malicious actions.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Information has the characteristic of ____________________ when disclosure or exposure to unauthorized individuals or systems is prevented.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
Match each statement with an item below.

-A person who uses and creates computer software to gain access to information illegally.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Match each statement with an item below.

-Something that looks like a desirable program or tool,but that is in fact a malicious entity.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
____________________ is the process of applying controls to reduce the risks to an organization's data and information systems.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
A(n)____ is an investigation and assessment of the impact that various attacks can have on the organization.

A)BIA
B)intellectual property
C)incident
D)threat
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
____________________ is the process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality,integrity,and availability of all the components in the organization's information system.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
____ is the process of moving the organization toward its vision.

A)Transference
B)Avoidance
C)Strategic planning
D)Mitigation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
A ____ deals with the preparation for and recovery from a disaster,whether natural or man-made.

A)mitigation plan
B)disaster recovery plan
C)risk management
D)risk assessment
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
A(n)____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality,integrity,or availability.

A)threat
B)Trojan horse
C)worm
D)incident
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Match each statement with an item below.

-Detailed statements of what must be done to comply with policy.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
For the purpose of relative risk assessment,____________________ equals likelihood of vulnerability occurrence times value (or impact)minus percentage risk already controlled plus an element of uncertainty.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Match each statement with an item below.

-The process used to identify and then control risks to an organization's information assets.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Match each statement with an item below.

-A specific and identifiable instance of a general threat.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
Match each statement with an item below.

-Includes trade secrets,copyrights,trademarks,and patents.

A)Threat agent
B)Intellectual property
C)Hacker
D)Computer viruses
E)Trojan
F)Risk management
G)Likelihood
H)Residual risk
I)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
____________________ is defined by the Committee on National Security Systems (CNSS)as the protection of information and its critical elements,including the systems and hardware that use,store,and transmit that information.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
A ____ is a document that expresses how an organization ensures that critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site if a catastrophic incident or disaster occurs.

A)risk assessment plan
B)business continuity plan
C)Trojan horse
D)worm
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Once the project team for information security development creates a ranked vulnerability worksheet,the team must choose one of four basic strategies to control each of the risks that result from these vulnerabilities.List the four strategies.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
What is the difference between a disaster recovery plan and a business continuity plan?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
What are some of the criteria to be considered when conducting an information asset valuation?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
What is difference between access control lists and configuration rules?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
What is a polymorphic threat?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
What are some of the key elements that a security policy should have in order to remain viable?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
What are the subordinate functions of contingency planning?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What are the steps in contingency planning?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
What is the difference between avoidance of risk and acceptance of risk?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
What is the difference between transference and mitigation?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree