66. Which of the following should be included in an enterprise Business Continuity Plan (BCP)? (Choose THREE.)
A. Accidental or intentional data deletion
B. Severe weather disasters                             156-510
C. Employee terminations
D. Employee administrative leave
E. Minor power outages
Answer: ABE
67. Which type of access management uses information […]

56. Operating-system fingerprinting uses all of the following, EXCEPT ________, to identify a target operating system.
A. Sequence Verifier
B. Initial sequence number
C. Address spoofing
D. Time to Live
E. IP ID field
Answer: C
57. Organizations _______ risk, when they convince another entity to assume the risk for them.
A. Elevate
B. Assume
C. Deny
D. Transfer
E. Mitigate
Answer: D
58. A(n) _______________ is an unintended […]

51. ____________________ is the state of being correct, or the degree of certainty a person or process can have, that the
data in an information asset is correct.
A. Confidentiality
B. Integrity
C. Authenticity                             156-816
D. Privacy
E. Availability
Answer: B
52. Distinguish between the role of the data […]

46. Embedding symbols in images or common items, such as pictures or quilts, is an example of __________.
A. Espionage
B. Transposition cipher
C. Key exchange
D. Arithmancy
E. Steganography
Answer: E
47. Why should each system user and administrator have individual accounts? (Choose TWO.)
A. Using generic user names and passwords increases system security and reliability.
B. Using separate accounts for each user […]

41. If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the
organization’s e-mail policy?
A. Technologies and methods used to monitor and enforce the organization’s policies
B. Senior management and business-unit owner responsibilities and delegation options
C. Clear, legally defensible definition of what constitutes a business record
D. Consequences […]

36. Which of these strategies can be employed to test training effectiveness? (Choose THREE.)
A. Create a survey for managers, to see if participants practice behaviors presented during training.
B. Provide feedback forms for employees to rate instruction and training material, immediately after training has ended.
C. Include auditors before and after the training. This checks to see […]

31. _______ is the process of confirming that implemented security safeguards work as expected.
A. Penetration testing
B. Exploitation
C. Baselining
D. A vulnerability
E. A countermeasure
Answer: A
32. A _______ attack uses multiple systems to launch a coordinated attack.
A. Distributed denial-of-service
B. Teardrop
C. Birthday
D. FTP Bounce
E. Salami
Answer: A
33. What must system administrators do when they cannot access a complete replica of […]

26. _________ is a smaller, enhanced version of the X.500 protocol. It is used to provide directory-service information.
(Choose the BEST answer.)
A. Lightweight Directory Access Protocol
B. X.400 Directory Access Protocol
C. Access control list
D. Lightweight Host Configuration Protocol
E. Role-based access control
Answer: A
27. Which of the following is an integrity requirement for Remote Offices/Branch Offices (ROBOs)?
A. Private data […]

16. To comply with the secure design principle of fail-safe defaults, what must a system do if it receives an instruction it
does not understand? The system should:                           pass4side
A. send the instruction to a peer server, to see if the peer can execute.
B. not […]

11. Which of the following is a cost-effective solution for securely transmitting data between remote offices?
A. Standard e-mail
B. Fax machine
C. Virtual private network
D. Bonded courier
E. Telephone
Answer: C
12. Which of the following statements about the maintenance and review of information security policies is NOT true?
A. The review and maintenance of security policies should be tied to […]