Which step of a risk assessment uses the history of system attacks?
A. Step 2: Threat Identification
B. Step 3: Vulnerability Identification
C.
... [Show More] Step 4: Control Analysis
D. Step 5: Likelihood Determination
A. Step 2: Threat Identification
In which one of the following is modifying important or sensitive information categorized?
A. Confidentiality
B. Availability
C. Integrity
D. All of the above
C. Integrity
Of the risk mitigation steps, in which step does management determine the most cost-effective control(s) for reducing risk to the organization's mission?
A. Step 3: Conduct Cost-Benefit Analysis
B. Step 4: Select Controls
C. Step 5: Assign Responsibility
D. Step 6: Develop a Safeguard Implementation Plan
B. Step 4: Select Controls
Which of the following is the set of security controls for an information system that is primarily implemented and executed by people?
A. Operational Controls
B. Management Controls
C. Technical Controls
D. All of the above
A. Operational Controls
Software as a Service is one class of Cloud Computing.
A. True
B. False
A. True
If the availability of a service was critical to your organization, what would you say the impact would be if the service was irrevocably destroyed?
A. High
B. Medium
C. Low
D. None of the above
A. High
Low humidity within a server room could result in a static electricity build-up/discharge.
A. True
B. False
A. True
Which of the following is the ability to hide messages in existing data?
A. Cryptography
B. Scareware
C. Steganography
D. Whaling
C. Steganography
Which of the following firewall implementations is a combination of a packet filter with bastion host?
A. Screened-subnet
B. Dual-homed
C. Boundary
D. Screened-host
D. Screened-host
Countermeasures do not reduce a threat or vulnerability.
A. True
B. False
B. False
Which of the following malware will allow an attacker to dynamically install additional malware?
A. Virus
B. Attack Script
C. Trojan
D. Downloader
D. Downloader
Which of the following is an algorithm or hash that uniquely identifies a specific virus, worm or variant of malicious code?
A. Heuristics
B. Steganography
C. Integrity Checkers
D. Signature
B. Steganography
Which tier of Risk Management is associated with Enterprise Architecture?
A. Tier 1, Organization, Governance
B. Tier 2, Mission, Business Process
C. Tier 3, Information System, Environment of Operations
D. None of the above
B. Tier 2, Mission, Business Process
Which type of analysis is often expressed as: annual loss expectancy = (asset value x exposure factor) x annual rate of occurrence?
A. Quantitative Analysis
B. Qualitative Analysis
C. Gap Analysis
D. None of the above
A. Quantitative Analysis
A locking mechanism which is controlled by a mechanical key pad is known as?
A. Cipher lock
B. Locking cylinders
C. Mortise lock
D. Rim lock
A. Cipher lock
Simulating attack from a malicious source could be part of penetration testing.
A. True
B. False
A. True
Terrorism, sabotage, war, theft, fraud, arson, and labour disputes are part of which category of threats?
A. Information Security
B. Deliberate destruction
C. Natural disasters
D. Equipment failure
B. Deliberate destruction
The minimum assurance requirement which assessors conducting security assessments should evaluate to is provided in NIST SP 800-53.
A. True
B. False
A. True
NAT is a network address translation which makes a bridge between a local network and the Internet and maps network ports.
A. True
B. False
B. False
Which of the following technical controls place servers that are accessible to the public in a special network?
A. Intrusion Detection System
B. VPN
C. Proxy servers
D. De-Militarized Zone
D. De-Militarized Zone
CERT-RMM is a capability model for managing and improving operational resilience.
A. True
B. False
A. True
Business Impact Analysis addresses which component?
A. People
B. Information
C. Technology
D. All of the above
D. All of the above [Show Less]