QUESTION 1
Which type of offsite backup service provides backups for transactional data only, typically in real time?
A. Electronic vaulting
B. Traditional data backups
C. Remote journaling
D. Database shadowing
QUESTION 2
Which of the following is NOT a major benefit of SETA programs?
A. They can improve employee behavior
B. They can improve configuration rule security
C. They can inform members of the organization about where to report policy violations
D. They enable the organization to hold employees accountable
QUESTION 3
Which of the following is not a component of a typical strategic plan?
A. Strategic issues and core values
B. Historical profile
C. Organizational profile
D. Executive summary
QUESTION 4
The _________ is the responsibility of the CISO, and is designed to reduce incidence of accidental security breaches by organization members.
QUESTION 5
The ___________ contains the contact information of individuals that need to be notified in the event of an actual incident.
QUESTION 6
At what point during an incident should law enforcement be notified?
A. When an incident is determined to violate civil or criminal law
B. When an organization no longer has the ability to handle an incident with its current resources
C. Immediately after the detection of an event
D. After the incident is escalated to a disaster
QUESTION 7
True or False: Slow-onset disasters occur over time and gradually degrade an organization's ability to withstand their effects.
True
False
QUESTION 8
Which of the following is NOT an InfoSec policy recommended in NIST's Special Publication 800-14 document?
A. System-specific security policies (SysSP)
B. Task-specific security policies (TSSP)
C. Enterprise information security policy (EISP)
D. Issue-specific security policies (ISSP)
QUESTION 9
Which is not one of the core principles in traditional management theory?
A. Controlling
B. Directing
C. Leading
D. Staffing
QUESTION 10
True or False: A CISO never reports to the CIO, and must always go through management hierarchies.
True
False
QUESTION 11
What is the name of the process that is used to establish whether or not a user's identity is legitimate?
A. Authorization
B. Availability
C. Authentication
D. Accountability
QUESTION 12
True or False: Detecting a modification of system logs is an indicator that an actual incident has taken place.
True
False
QUESTION 13
A ___________ is a site with a fully configured computer facility, including all services, communications links, and physical plant operations
QUESTION 14
Which of the following is NOT a specific characteristic of ISSP?
A. It contains an issue statement
B. It requires frequent updates
C. It addresses specific technology-based resources
D. It addresses hardware implementation issues
QUESTION 15
A(n) _____________regulates the who, what, when, where, and how aspects of access to a system or resource.
QUESTION 16
True or False: A system administrator may need to create a different type of policy in order to implement a managerial policy.
True
False
QUESTION 17
Which of the following best describes a stakeholder?
A. An individual who buys an organization's products
B. An individual or group who has a vested interest
C. A competing organization
D. An individual or group that owns financial stock in an organization
QUESTION 18
True or False: It is the CISO's responsibility to ensure that InfoSec functions are performed within an organization.
True
False
QUESTION 19
All but which of the following is certification training recommended for a student focusing on managerial information security?
A. Global Information Security Officer
B. Security+
C. Certified Information Systems Security Professional
D. Certified Information Security Manager
QUESTION 20
Which of the following is NOT a typical permission available for use in ACLs?
A. Read
B. Expunge
C. Delete
D. Write