Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIH prep > CIH > Flashcards

CIH Flashcards

preparation for CIH exam

1
Q

A Distributed Denial-of-Service (DDoS) attack is a more common type of DoS attack, where a single system is targeted by a large number of infected machines over the Internet. In a DDoS attack, attackers first infect multiple systems which are known as:

Spyware
Zombies
Worms
Trojans

A

Zombies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which one of the following is the correct flow of the stages in an incident response?
Eradication –> Containment –> Identification –> Preparation –> Recovery –> Follow-up
Identification –> Preparation –> Containment –> Recovery –> Follow-up - -> Eradication
Containment –> Identification –> Preparation –> Recovery –> Follow-up –> Eradication
Preparation –> Identification –> Containment –> Eradication –> Recovery –> Follow-up

A

Preparation –> Identification –> Containment –> Eradication –> Recovery –> Follow-up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Risk analysis involves the process of defining and evaluating dangers. The numerical determination of the probability of an adverse event, and the extent of the losses due to the event, refers to which approach of risk determination?
Descriptive risk analysis
Analytical risk analysis
Quantitative risk analysis
Qualitative risk analysis
A

Quantitative risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
One of the main objectives of incident management is to prevent incidents and attacks by tightening the physical security of the system or infrastructure. According to CERT’s incident management process, which stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other process improvement mechanisms?
Detection
Triage
Protection
Preparation
A

Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with supervisors and coworkers, decline in performance, tardiness, or unexplained absenteeism. Select the technique that helps in detecting insider threats.
Categorizing information according to its sensitivity and access rights
Protecting computer systems by implementing proper controls
Making it compulsory for employees to sign a nondisclosure agreement
Correlating known patterns of suspicious and malicious behavior

A

Correlating known patterns of suspicious and malicious behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
Risk management consist of three processes; risk assessment, risk mitigation and evaluation and assessment. Risk assessment determines the extent of the potential threat and the risk associated with an IT system throughout its SDLC. How many primary steps does NIST’s risk assessment methodology involve?
Nine
Twelve
Four
Six
A

Nine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
An incident response plan consists of a set of instructions to detect and respond to an incident. It defines the areas of responsibility, and creates procedures for handling various computer security incidents. Which of the following is an essential pre-requisite for an Incident response plan?
Availability of forensic experts
An approval from court of law
Incident analysis report
Company’s financial support
A

Company’s financial support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Incident handling and response steps help you to detect, identify, respond, and manage an incident. Which of the following helps in recognizing and separating the infected hosts from the information system?
Configuring firewall to default settings
Browsing particular government websites
Inspecting the processes running on the system
Sending mails to only group of friends

A

Inspecting the processes running on the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focuses on limiting the scope and extent of an incident?
Identification
Data Collection
Containment
Eradication
A

Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
In which of the steps of NIST’s risk assessment methodology are the boundaries of the IT system, along with the resources and the information that constitute the system, identified?
Control Recommendations
Control Analysis
System Characterization
Likelihood Determination
A

System Characterization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
Which of the following incident recovery testing methods works by creating a mock disaster, like a fire, toidentify the reaction of the procedures that are implemented to handle such situations?
Scenario testing
Procedure testing
Facility testing
Live Walk Through testing
A

Scenario testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

US-CERT and federal civilian agencies use the reporting timeframe criteria in the federal agency reporting categorization. What is the timeframe required to report an incident under the CAT 4 federal agency category?
Weekly
Monthly
Within two (2) hours of discovery/detection
Within four (4) hours of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate activity

A

Weekly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with a high volume of traffic that consumes all existing network resources.
	SQL injection
	URL manipulation
	XSS attack
	Denial-of-Service
A

Denial-of-Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?
An insider intentionally deleting files from a workstation
An attacker using email with malicious code to infect internal work station
An attacker redirecting user to a malicious website and infects his system with Trojan
An attacker infecting a machine to launch a DDoS attack

A

An insider intentionally deleting files from a workstation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
The data on affected systems must be backed up so that it can be retrieved if it is damaged during incident response.  The system backup can also be used for further investigation of the incident.  Identify the stage of the incident response and handling process in which complete backup of the infected system is carried out?
Containment
Incident recording
Incident investigation
Eradication
A

Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An access control policy authorizes a group of users to perform a set of actions on a set of resources. Access to resources is based on necessity and if a particular job role requires the use of those resources. Which of the following is not a fundamental element of an access control policy?
Action group: Group of actions performed by the user on resources
Development group: Group of persons who develop the policy
Access group: Group of users to which the policy applies
Resource group: Resources controlled by the policy

A

Development group: Group of persons who develop the policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q 
Host based evidence is the evidence gathered and available on a computer system. It may include logs, records, documents, and any other information stored in a computer system. Network-based evidence is the information gathered from the network resources. Which of the following is Host-Based evidence?
Wiretaps			
IDS logs
Router logs
State of network interface
A

State of network interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q 
Organizations, or incident response teams, need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. Evidence protection is also required to meet legal compliance issues. Which of the following documents helps in protecting evidence from physical or logical damage?
Chain-of-Custody
Chain-of-Precedence
Forensic analysis report
Network and Host log records
A

Chain-of-Custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q 
An organization faced an information security incident, where a disgruntled employee passed sensitive access control information to a competitor. The organization’s incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business continuity and market competitiveness. How would you categorize such information security incidents?
High level incident
Middle level incident
Ultra-high level incident
Low level incident
A

Middle level incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q 
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutes in the Netherlands, and deals with all cases related to computer security incidents in which a customer is involved, either as a victim or as a suspect?
Funet CERT
SURFnet-CERT
NET-CERT
DFN-CERT
A

SURFnet-CERT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The goal of incident response is to handle the incidents in a way that minimizes damage and reduces recovery time and costs. Which of the following does not constitute a goal of incident response?
Dealing properly with legal issues that may arise during incidents
Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data
Helping personnel to recover quickly and efficiently from security incidents, minimizing loss or theft of information and disruption of services
Dealing with human resource department and various employee conflict behaviors

A

Dealing with human resource department and various employee conflict behaviors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

The insider’s incident response plan helps the organization to minimize or limit the damage caused due to malicious insiders. Organizations should ensure that the insider perpetrators are not included in the response team or are not aware of the progress. Which of the following statements is not true about the incident response plan?
The organization should regularly update the employee on different forms of external and internal attacks through training program
The employees should also be trained on how to report suspicious behaviors of the insiders
The organization should share or provide the details of the insider’s incident response plan with all employees
Persons responsible for handling insiders incidents should be trained on the contents and execution of the response plan

A

The organization should share or provide the details of the insider’s incident response plan with all employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A computer virus hoax is a message warning the recipient of a non-existent computer virus threat. The message is usually a chain e-mail that tells the recipient to forward it to everyone they know. Which of the following is not a symptom of virus hoax message?
The message warns to delete certain files if the user does not take appropriate action
The message prompts the user to install Anti-virus
The message from a known email id is caught by SPAM filters due to change in filter settings
The message prompts the end user to forward it to his/her email contact list and gain monetary benefits in doing so

A

The message from a known email id is caught by SPAM filters due to change in filter settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q 
One of the goals of CSIRT is to manage security problems by taking a certain approach towards the customers’ security vulnerabilities, and by responding effectively to potential information security incidents. Identify the incident response approach that focuses on developing the infrastructure and security processes before the occurrence or detection of an event or any incident.
Interactive approach
Qualitative approach
Proactive approach
Interactive approach
A

Proactive approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q 
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of authority that enables the members of CSIRT to undertake any necessary actions on behalf of their constituency?
Half-level authority
Shared-level authority
Mid-level authority
Full-level authority
A

Full-level authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q 
Sam, an employee from a multinational company, uses his company’s account to send e-mails to a third party with their spoofed mail address.  How can you categorize this type of account?
Denial-of-Service incident
Network intrusion incident
Unauthorized access incident
Inappropriate usage incident
A

Inappropriate usage incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A Computer Risk policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is not part of the computer risk policy?
Provisions for continuing support if there is an interruption in the system or if the system crashes
Procedures for the ongoing training of employees authorized to access the system
Procedure to identify security funds to hedge risk
Procedures to monitor the efficiency of the security controls

A

Procedures to monitor the efficiency of the security controls

28
Q 
Computer forensics is the branch of forensic science in which legal evidence is found in any computer or on any digital media devices. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?
Evidence Manager
Evidence Examiner/Investigator
Evidence Documenter
Evidence Supervisory
A

Evidence Examiner/Investigator

29
Q 
An information system processes data into useful information to achieve specified organizational or individual goals. It accepts, processes, and stores data in the form of records in a computer system, and automates some of the information processing activities of the organization. Who is responsible for implementing and controlling the security measures of an information system?
Information Custodian
Information Owner
Information Implementer
Information Consultant
A

Information Custodian

30
Q

In a qualitative risk analysis, risk is calculated in terms of:
(Attack Success + Criticality) – (Countermeasures)
Probability of Loss X Loss
(Countermeasures + Magnitude of Impact)- (Reports from prior risk assessments)
Asset criticality assessment –(Risks and Associated Risk Levels)

A

(Attack Success + Criticality) – (Countermeasures)

31
Q

Which one of the following is an appropriate flow of the incident recovery steps?
System Restoration –> System Monitoring –> System Validation –> System Operations
System Operations –> System Restoration –> System Validation –> System Monitoring
System Validation –> System Operations –> System Restoration –> System Monitoring
System Restoration –> System Validation –> System Operations –> System Monitoring

A

System Restoration –> System Validation –> System Operations –> System Monitoring

32
Q

Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event’s occurrence, the harm it may cause, and is usually denoted as:

Significances
Probability
Magnitudes
Consequences

A

Consequences

33
Q

An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, an application, or user activities. Which of the following statements is not true for an audit trail policy
It helps in reconstructing the events after a problem has occurred
It helps in calculating intangible losses to the organization due to an incident
It helps in compliance to various regulatory laws, rules, and guidelines
It helps in tracking individual actions and allows users to be personally accountable for their actions

A

It helps in calculating intangible losses to the organization due to an incident

34
Q

Computer forensics is a methodical series of techniques and procedures for gathering evidence from computing equipment, various storage devices and/or digital media that can be presented in a court of law in a coherent and meaningful format. Which one of the following is an appropriate flow of steps in the computer forensics process?
Examination> Analysis> Preparation> Collection> Reporting
Analysis> Preparation> Collection> Reporting> Examination
Preparation> Collection> Examination> Analysis> Reporting
Preparation> Analysis> Collection> Examination> Reporting

A

Preparation> Collection> Examination> Analysis> Reporting

35
Q

Quantitative risk is the numerical determination of the probability of an adverse event, and the extent of the losses due to the event. Quantitative risk is calculated as:
Significant Risks x Probability of Loss X Loss
(Probability of Loss) / (Loss)
(Loss) / (Probability of Loss)
(Probability of Loss) X (Loss)

A

(Probability of Loss) X (Loss)

36
Q

The incident management team provides support to all users in the organization that are affected by the threat or attack. The organization’s internal auditor is part of the incident response team. Identify one of the responsibilities of the internal auditor as a part of the incident response team.
Perform necessary action required to block the network traffic from the suspected intruder
Coordinate incident containment activities with the information security officer
Configure information security controls
Identify and report security loopholes to the management for necessary actions

A

Identify and report security loopholes to the management for necessary actions

37
Q

When an employee is terminated from his/her job, what should be the next immediate step taken by an organization?
The access requests granted to an employee should be documented and vetted by a supervisor
All access rights of the employee to physical locations, networks, systems, applications, and data should be disabled
The organization should enforce separation of duties
The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information

A

All access rights of the employee to physical locations, networks, systems, applications, and data should be disabled

38
Q 
Which of the following terms may be defined as “a measure of possible inability to achieve a goal, objective, or target within a defined security, cost, plan, and technical limitations that adversely affects the organization’s operations and revenues?”
Incident Response
Threat
Vulnerability
Risk
A

Risk

39
Q

A file or an object found on the system that might involve attacking systems and networks is known as an “artifact”. Handling an artifact involves receiving information about the artifacts that are used in intruder attacks, investigation, and other unauthorized activities causing distortions. Identify the CSIRT service category that artifact handling belongs to?
Reactive services
Proactive services
Incident tracking and reporting systems services
Security quality management services

A

Reactive services

40
Q 
An incident is analyzed for its nature, intensity, and its effects on the network and systems. Which stage of the incident response and handling process involves auditing the system and network log files?
Identification
Containment
Incident recording
Reporting
A

Identification

41
Q

Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan; namely supporting information, notification/activation, recovery, and reconstitution and plan appendices. What is the main purpose of a reconstitution plan?
To restore the original site, tests systems to prevent the incident, and terminates operations
To provide the introduction and detailed concept of the contingency plan
To provide a sequence of recovery activities with the help of recovery procedures
To define the notification procedures, damage assessments, and offers the plan activation

A

To restore the original site, tests systems to prevent the incident, and terminates operations

42
Q

Identifying and analyzing an incident is a very critical part of the incident response procedure. Which of the following signs do not indicate a computer security incident?
System crashes or poor system performance
Failed logon attempts and creation of new user accounts
A system alarm or similar indication from an intrusion-detection
Smoke emitting from the system

A

Smoke emitting from the system

43
Q 
In the Control Analysis stage of the NIST’s risk assessment methodology, technical and nontechnical control methods are classified into two categories. What are these two control categories?
Preventive and Detective controls
Predictive and Detective controls
Detective and Disguised controls
Preventive and Predictive controls
A

Preventive and Detective controls

44
Q 
Which policy recommends controls for securing and tracking organizational resources?
Access control policy
Administrative security policy
Acceptable use policy
Asset control policy
A

Asset control policy

45
Q

Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of an IRT?
Links the appropriate technology to the incident to ensure that the foundation’s offices are returned to normal operations as quickly as possible
Links the groups that are affected by the incidents, such as legal, human resources, different business areas, and management
Applies the appropriate technology and tries to eradicate and recover from the incident
Focuses on the incident and handles it from management and technical point of view

A

Links the groups that are affected by the incidents, such as legal, human resources, different business areas, and management

46
Q

“Information warfare” is conflict that uses Information/Information systems as weapons. “Offensive” and “defensive” are two types of information warfare. Which of the following is an example of defensive information warfare?
Disabling SSID broadcasts so that unauthorized users cannot detect the presence of a wireless network
Hijacking television and radio transmissions for generating disinformation
Spoofing or disabling the communication networks of a competitor or an enemy
Jamming radio transmissions

A

Disabling SSID broadcasts so that unauthorized users cannot detect the presence of a wireless network

47
Q 
Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies authorizes a group of users to perform a set of actions on a set of resources?
Documentation policy
Audit Trail Policy
Logging Policy
Access Control Policy
A

Access Control Policy

48
Q

Signs of an Incident are categorized into one of two categories: Precursor or Indication. Precursor indicates the possibility of a security incident occurrence, and Indication implies that an incident has probably occurred or is in progress. Identify which of the following is a precursor to an incident?
The network administrator notices an unusual deviation from the typical network traffic flows
A user approaches the help desk to report of abusing/threatening email
Warning from an antivirus program or scanner that threat(s) from virus/worm is identified on the user’s system.
A new found vulnerability in the organization server, in case the vendor makes an announcement of the same

A

A new found vulnerability in the organization server, in case the vendor makes an announcement of the same

49
Q 
Identify a standard national process which establishes a set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site.
NIASAP
NIACAP
NIAAAP
NIPACP
A

NIACAP

50
Q 
The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?
SMTP service
SAM service
POP3 service
Echo service
A

Echo service

51
Q

A security policy will take the form of a document or a collection of documents, depending on the situation or usage. It can also become a point of reference in case a violation occurs that results in a dismissal or other penalty. Which of the following is NOT true for a good security policy?
It must be approved by a court of law after verification of stated terms and facts
It must clearly define the areas of responsibility for the users, administrators, and management
It must be enforceable with security tools where appropriate, and with sanctions, where actual prevention is not technically feasible
It must be implementable through system administration procedures, publishing of acceptable use guidelines, or other appropriate methods

A

It must be approved by a court of law after verification of stated terms and facts

52
Q

The insiders risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

If the insiders’ technical literacy and process knowledge is high, the risk posed by the threat will be high
If the insiders’ technical literacy is low and process knowledge is high, the risk posed by the threat will be insignificant
If the insiders’ technical literacy is high and process knowledge is low, the risk posed by the threat will be high
If the insiders’ technical literacy and process knowledge are high, the risk posed by the threat will be insignificant

A

If the insiders’ technical literacy and process knowledge is high, the risk posed by the threat will be high

53
Q

A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved.

Preparation
Collection
Reporting
Examination

A

Examination

54
Q

Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focuses on limiting the scope and extent of an incident?

Identification
Eradication
Data Collection
Containment

A

Containment

55
Q

Business continuity is defined as the ability of an organization to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy. Identify the plan which is a mandatory part of a business continuity plan?

New business strategy plan
Business recovery plan
Forensics procedure plan
Sales and marketing plan

A

Business recovery plan

56
Q

Information gathering is an integral part of information warfare. Which of the following activities is a part of passive information gathering?

Obtaining details of the target organization by scanning their network
Obtaining details of the target organization by taking services of underground hacking forums
Obtaining details of the target organization that are freely available on the Internet, and through various other techniques without coming into direct contact with the organization
Obtaining details of the target organization that are freely available on the Internet, and through various other techniques by coming into direct contact with the organization

A

Obtaining details of the target organization that are freely available on the Internet, and through various other techniques without coming into direct contact with the organization

57
Q

Which policy recommends controls for securing and tracking organizational resources?

Administrative security policy
Access control policy
Asset control policy
Acceptable use policy

A

Asset control policy

58
Q

Which of the following tools is a stand-alone utility used to detect and remove specific viruses? It is not a substitute for full anti-virus but assists administrators and users while dealing with an infected system, and utilizes next generation scan engine technology that includes process scanning, digitally signed DAT files and scan performance optimizations.

Site Advisor
Tripwire Enterprise
HijackThis
Stinger

A

Stinger

59
Q

A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency’s reporting timeframe guidelines, this incident should be reported within two (2) hours of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of US Federal Agency does this incident belong to?

CAT 5
CAT 2
CAT 1
CAT 6

A

CAT 2

60
Q

An incident recovery plan is a statement of actions that should be taken before, during, or after an incident.Identify which of the following is not an objective of the incident recovery plan?

Creating new business processes to maintain profitability after incident
Providing a standard for testing the recovery plan
Avoiding the legal liabilities arising due to incident
Providing assurance that systems are reliable

A

Creating new business processes to maintain profitability after incident

61
Q 
A threat source does not present a risk if there is no vulnerability that can be exercised for a particular threat source. Identify the step in which different threats and threat sources are determined?
Threat identification 
 System characterization 
 Identification Vulnerabilities 
 Control Analysis
A

Threat identification

62
Q

Which one of the following is an appropriate flow of the incident recovery steps?

System Restoration –> System Validation –> System Operations –> System Monitoring
System Validation –> System Operations –> System Restoration –> System Monitoring
System Operations –> System Restoration –> System Validation –> System Monitoring
System Restoration –> System Monitoring –> System Validation –> System Operations

A

System Restoration –> System Validation –> System Operations –> System Monitoring

63
Q

A risk mitigation strategy determines the circumstances under which an action has to be taken to minimize and overcome risks. Identify the risk mitigation strategy that focuses on minimizing the probability of risks and losses by searching for vulnerabilities in the system and appropriate controls.

Research and acknowledgment
Risk limitation
Risk absorption
Risk assumption

A

Research and acknowledgment

64
Q

Mysoft, a major software developer located out of New Jersey, realized that sensitive information from folders shared across its network is being accessed by unauthorized people and leaked to third parties, which could result in huge financial losses for the organization. In this context, which of the following statements most appropriately defines “computer security incident”?

Events related to physical security incidents and trouble- shooting issues in corporate networks
Any real or suspected adverse event in relation to the security of computer systems or networks
Policies guaranteeing access to information system resources
Rectifying the loss of information that may affect the investment of the organization in different business activities

A

Any real or suspected adverse event in relation to the security of computer systems or networks

65
Q

Risk mitigation strategy determines the circumstances under which an action has to be taken to minimize and overcome risks. An organization that absorbs minor risks while preparing to respond to major risks relates to which risk mitigation strategy?

Risk limitation
Risk avoidance
Risk absorption
Risk assumption

A

Risk absorption

66
Q

Identify the malicious program that is masked as a genuine harmless program, and gives the attacker unrestricted access to the user’s information and system. These programs may unleash dangerous programs that may erase the unsuspecting user’s disk, and send the victim’s credit card numbers and passwords to a stranger.

Cookie tracker
Worm
Virus
Trojan

A

Trojan

CIH prep (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions