SEC340 Quiz Week 2

$8.50

SEC340 Quiz Week 2
(TCOs 1, 2, 4) A targeted solution to misuse of a specific vulnerability is called a(n) _____….

 

SKU: SEC340 Quiz Week 2 Categories: , Tags: , , ,

Description

SEC340 Quiz Week 2

SEC340 Quiz Week 2

A+

(TCOs 1, 2, 4) A targeted solution to misuse of a specific vulnerability is called a(n) _____.

Exploit

Vulnerability

Control

Safeguard

(TCOs 1, 2, 4) The risk that remains after a control has been applied is called _____.

Pure risk

Residual risk

Dynamic risk

Static risk

(TCOs 1, 2, 4) Which part of the contingency plan provides detailed scenarios of the potential impact of each type of attack?

Incident response plan

Business impact analysis

Disaster recovery plan

Business continuity plan

(TCOs 1, 2, 4) Which is not a role of the contingency planning management team?

Obtaining commitment and support from senior management

Writing the contingency plan document

Conducting the business impact analysis

Conducting the risk assessment

(TCOs 1, 2, 4) Who should set the policy for the contingency planning process?

Executive management

CIO

Contingency planning management team

Incident response team

(TCOs 1, 2, 4) Which of the following is a method or source for collecting data for the BIA?

Online questionnaires

Focus groups

Application and system logs

All of the above

(TCOs 3, 5) Which of the following is not a possible IR team structure model? (TCOs 3, 5) Which of the following is not a possible IR team structure model?

Central IR team

Distributed IR teams

Decentralized IR team

Coordinating IR team

(TCOs 3, 5) The responsibility for creating an organization’s IR plan rests with the _____.

Chief information security officer (CISO)

Chief security officer

Chief executive officer

Chief planning officer

(TCOs 3, 5) An actual incident that occurs but is not reported is called a _____.

False positive

True positive

False negative

True negative

(TCOs 3, 5) An IDS that monitors traffic on a network segment is called a(n) _____.

Switched-port analysis

Application-based IDS

Host-based IDS

Network-based IDS

(TCOs 3, 5) The _____ should provide the incident response plan as its first deliverable.

Emergency response team

Incident response team

IR planning committee

None of the above

(TCOs 3, 5) Which of the following starts with admitting there is a problem?

Crisis intervention

Risk management

Risk assessment

Successful execution of a business continuity plan

(TCOs 3, 5) Confidentiality, integrity, and availability reflect upon the relative _____ of an information system.

Accessibility

Security

Patch level

None of the above

(TCOs 3, 5) Confidentiality refers to the way in which an information system is capable of identifying those who _____.

Do not have the right to know and access information

Are able to audit the system

Created files on that system

Are the system owners

(TCOs 3, 5) Which of the following is not a problem associated with risk management?

It is a distraction

It is expensive

It is not effective

It can be too effective

(TCO 1) The CNSS model of _____ evolved from a concept known as the CIA triangle.

Information assurance

Information technology

Information security

Security standards

(TCO 1) A threat is a category of all of the following except for what?

Objects

Persons

All of the above

None of the above

(TCOs 2, 4) The _____ takes up where the risk assessment process leaves off.

Risk assessment analysis

Business impact analysis

Qualitative evaluation

Business management board

(TCO 5) When a non-event is categorized as an actual incident, it is also known as a _____.

False negative

False positive

Reliable indicator

Threat vector

(TCO 5) False positives or noise often result from which of the following causes in an incident collection candidate?

Placement

Policy

Awareness

All of the above