66. Which of the following should be included in an enterprise Business Continuity Plan (BCP)? (Choose THREE.)
A. Accidental or intentional data deletion
B. Severe weather disasters 156-510
C. Employee terminations
D. Employee administrative leave
E. Minor power outages
Answer: ABE
67. Which type of access management uses information […]
61. The items listed below are examples of ___________________ controls.
*Smart cards
*Access control lists
*Authentication servers 156-315
*Auditing
A. Role-based
B. Administrative
C. Technical
D. Physical
E. Mandatory
Answer: C
62. Why does the (ISC)2 access-control systems and methodology functional domain address both the confidentiality
and integrity aspects of the Information Security Triad? Access-control systems […]
56. Operating-system fingerprinting uses all of the following, EXCEPT ________, to identify a target operating system.
A. Sequence Verifier
B. Initial sequence number
C. Address spoofing
D. Time to Live
E. IP ID field
Answer: C
57. Organizations _______ risk, when they convince another entity to assume the risk for them.
A. Elevate
B. Assume
C. Deny
D. Transfer
E. Mitigate
Answer: D
58. A(n) _______________ is an unintended […]
51. ____________________ is the state of being correct, or the degree of certainty a person or process can have, that the
data in an information asset is correct.
A. Confidentiality
B. Integrity
C. Authenticity 156-816
D. Privacy
E. Availability
Answer: B
52. Distinguish between the role of the data […]
46. Embedding symbols in images or common items, such as pictures or quilts, is an example of __________.
A. Espionage
B. Transposition cipher
C. Key exchange
D. Arithmancy
E. Steganography
Answer: E
47. Why should each system user and administrator have individual accounts? (Choose TWO.)
A. Using generic user names and passwords increases system security and reliability.
B. Using separate accounts for each user […]
41. If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the
organization’s e-mail policy?
A. Technologies and methods used to monitor and enforce the organization’s policies
B. Senior management and business-unit owner responsibilities and delegation options
C. Clear, legally defensible definition of what constitutes a business record
D. Consequences […]
36. Which of these strategies can be employed to test training effectiveness? (Choose THREE.)
A. Create a survey for managers, to see if participants practice behaviors presented during training.
B. Provide feedback forms for employees to rate instruction and training material, immediately after training has ended.
C. Include auditors before and after the training. This checks to see […]
31. _______ is the process of confirming that implemented security safeguards work as expected.
A. Penetration testing
B. Exploitation
C. Baselining
D. A vulnerability
E. A countermeasure
Answer: A
32. A _______ attack uses multiple systems to launch a coordinated attack.
A. Distributed denial-of-service
B. Teardrop
C. Birthday
D. FTP Bounce
E. Salami
Answer: A
33. What must system administrators do when they cannot access a complete replica of […]
26. _________ is a smaller, enhanced version of the X.500 protocol. It is used to provide directory-service information.
(Choose the BEST answer.)
A. Lightweight Directory Access Protocol
B. X.400 Directory Access Protocol
C. Access control list
D. Lightweight Host Configuration Protocol
E. Role-based access control
Answer: A
27. Which of the following is an integrity requirement for Remote Offices/Branch Offices (ROBOs)?
A. Private data […]
21. Virtual corporations typically use a(n) _______ for maintaining centralized information assets.
A. Off-line repository
B. Floppy disk
C. Data warehouse
D. CD-ROM burner
E. Colocation pass4side
Answer: E
22. Which of these choices correctly describe denial-of-service (DoS) attacks? (Choose THREE.)
A. DoS attacks do not require attackers to have any privileges on […]