Which of the following terms describes the determination of the effect of changes to the
information system on the security of the information system?
Which of the following TCB techniques involves viewing system components at a high level and ignoring or segregating its specific details?
Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions?
Each correct answer represents a complete solution. Choose all that apply.
Disaster recovery plan consists of various tiers for identifying the methods of recovering mission-critical computer systems that are necessary to support business continuity. All these tiers provide a simple method to define current service levels and associated risks. Choose and re-order the tiers of disaster recovery plan.
Which of the following security procedures is NOT related to the SDLC's disposition?
Which of the following events occurs in a system when there is a TCB failure and the recovery
procedures cannot return the system to a secure state?
Which of the following activities includes initiation, development and acquisition, implementation and installation, operational maintenance, and disposal?
You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?
Which of the following methods is a means of ensuring that system changes are approved before being implemented, and the implementation is complete and accurate?
Which of the following levels of RAID provides security features that are availability, enhanced performance, and fault tolerance?
Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery?
Which of the following system security policies is used to address specific issues of concern to the organization?
Which of the following tests ensures that the organization complies with the requirements of the disaster recovery plan?
Which of the following actions can be performed by using the principle of separation of duties?
Which of the following statements about disaster recovery plan documentation are true? Each correct answer represents a complete solution. Choose all that apply.
Which of the following DRP tests is plan distributed, and reviewed by the business units for its
thoroughness and effectiveness?
Which of the following governance bodies provides management, operational, and technical controls to satisfy the security requirements?
Which of the following modes of operation supports users with different clearances and data at various classification levels?
Which of the following Tier 1 policies will identify who is responsible for what?
Which of the following tests activates the total disaster recovery plan?
Fill in the blank with the appropriate phrase.
__________________ is the process of obtaining access using legitimate credentials, and then attempting to leverage that into access to unauthorized system resources.
BS 7799 is an internationally recognized ISM standard that provides high level, conceptual recommendations on enterprise security. BS 7799 is basically divided into three parts. Which of the following statements are true about BS 7799?
Each correct answer represents a complete solution. Choose all that apply.
You work as a security manager for SoftTech Inc. You along with your team are doing the disaster recovery for your project. Which of the following steps are performed by you for secure recovery based on the extent of the disaster and the organization's recovery ability?
Each correct answer represents a part of the solution. Choose three.
ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO 17799. What are the ISO 17799 domains?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?
Which of the following procedures is to reduce the risk to personnel, property, and other assets while minimizing work disorders in the event of an emergency?
Which of the following strategies is used to minimize the effects of a disruptive event on a
company, and is created to prevent interruptions to normal business activity?
Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question?
Each correct answer represents a part of the solution. Choose three.
Which of the following terms describes the determination of the effect of changes to the
information system on the security of the information system?
Which of the following is established during the Business Impact Analysis by the owner of a process in accepted business continuity planning methodology?
Which of the following is a category of an automated Incident detection process?
Which of the following sources is the best for developing Recovery Time Objectives (RTO)?
Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?
You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the person who made that change. What is this called?
Which of the following statements is related to residual risks?
Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
Which of the following types of storage requires some direct human action in order to make
access to the storage media physically possible?
Which of the following options is an activity of observing the content that appears on a computer monitor or watching what a user is typing?
Fill in the blank with an appropriate phrase.
The ___________ is concerned with rebuilding production processing and determining the criticality of data.
Software Development Life Cycle (SDLC) is a logical process used by the programmers to develop software. Which SDLC phase meets the following audit objectives?
System and data are validated.
System meets all user requirements.
System meets all control requirements.
A project plan includes the Work Breakdown Structure (WBS) and cost estimates. Which of the following are the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following options is an activity of observing the content that appears on a computer monitor or watching what a user is typing?
Allen works as a professional Computer Hacking Forensic Investigator. A project has been assigned to him to investigate a computer, which is used by the suspect to sexually harass the victim using instant messenger program. Suspect's computer runs on Windows operating system. Allen wants to recover password from instant messenger program, which suspect is using, to collect the evidence of the crime. Allen is using Helix Live for this purpose. Which of the following utilities of Helix will he use to accomplish the task?