Pretest Flashcards
Which of the following is an indicator of effective governance?
A. A defined information security architecture
B. Compliance with international security standards
C. Periodic external audits
D. An established risk management program
D
Which of the following is the PRIMARY prerequisite to implementation data classification within and organization? A. Defining job roles B. Performing a risk assessment C. Identifying data owners D. Establishing data retention policies
C
What is the PRIMARY factor that should be taken into consideration when designing the technical solution for a disaster recovery site? A. Service deliver objective B. Recovery time objective C. Allowable interruption window D. Maximum tolerable outage
C
Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level? A. Implement countermeasures B. Eliminate the risk C. Transfer the risk D. Accept the risk
C
Due to limited storage media, an IT operations employee has requested permission to overwrite data stored on a magnetic tape. The decision of the authorizing manager will MOST likely be influenced by the data: A. classification policy B. Retention policy C. creation policy D. leakage protection
B
Which of the following is MOST effective in protecting against the attack technique known as phishing? A. Firewall blocking rules Up-to-date signature files C. Security awareness training D. Intrusion detection system monitoring
C
Which of the following is the MOST cost-effective approach to achieve strategic alignment? A. Periodically survey management B. Implement a governance framework C. Ensure that controls meet objectives D. Develop an enterprise architecture
A
An internal review of a web-based application system reveals that it is possible to gain access to all employees' accounts by changing the employee's ID used for accessing the account on the uniform resource locator. The vulnerability identified is: A. broken authentication B. unvalidated input C. cross-site scripting D. structured query language injection
A
Which of the following the is the MOST effective at preventing an unauthorized individual from following an authorized person through a secured entrance (tailgating or piggybacking)? A. Card key door locks B. Photo identification C. Biometric scanners D. Awareness training
D
Which of the following is the MOST important factor to be considered in the loss of mobile equipment with unencrypted data?
A. Disclosure of personal information
B. Sufficient coverage of the insurance policy for accidental losses
C. Potential impact of the data loss
D. Replacement cost of the equipment
C
Recovery point objectives can be used to determine which of the following? A. Maximum tolerable period of data loss B. Maximum tolerable downtime C. Baseline for operational resiliency D. Time to restore backups
A
An information security manager has implemented procedures for monitoring specific activities on the network. The system administrator has been trained to analyze the network events, take appropriate action and provide reports to the InfoSec manager. What additional monitoring should be implemented to give a more accurate, risk-based view of network activity?
A. The sys admin should be monitored by a separate reviewer
B. All activity on the network should be monitored
C. No additional monitoring is needed in this situation
D. Monitoring should be done only the they InfoSec manager
A
Which of the following is MOST likely to be discretionary A. Policies B. Procedures C. Guidelines D. Standards
C
Which of the following is the MOST important in developing a security strategy?
A. Creating a positive security environment
B. Understanding key business objectives
C. Having a reporting line to senior management
D. Allocating sufficient resources to InfoSec
B
Which of the following roles is responsible for legal and regulatory liability>
A. Chief security officer
B. Chief legal counsel
C. Board of directors and senior management
D. InfoSec steering group
C
What is the PRIMARY basis for a detailed business continuity plan?
A. Consideration of different alternatives
B. The solution that is least expensive
C. Strategies that cover all applications
D. Strategies validated by senior management
D
Which of the following is the MOST appropriate frequency for updating antivirus signature files for antivirus software on production servers?
A. Daily
B. Weekly
C. Concurrently with operating system patch updates
D. During scheduled change control updates
A
Why is public key infrastructure the preferred model when providing encryption keys to a large number of individuals?
A. It is computationally more efficient
B. It is more scalable than a symmetric key
C. It is less costly to maintain than a symmetric key approach
D. It provides greater encryption strength than a secret key model
B
Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures? A. Stress testing B. Patch management C. Change management D. Security baselines
C
What is the MOST important item to be included in an InfoSec policy?
A. The definition of toles and responsibilities
B. The scope of the security program
C. the key objectives of the security program
D. Reference to procedures and standards of the security program
C
What is the PRIMARY objective of a postincident review in incident response?
A. To adjust budget provisioning
B. To preserve forensic data
C. To improve the response process
d. To ensure the incident is fully documented
C
Which of the following actions is the MOST important when a server is infected with a virus?
A. Isolate the infected servers(s) from the network
B. Identify all potential damage cause by the infection
C. Ensure that the virus database files are current
D. Establish security weaknesses in the firewall
A
Who should determine the appropriate classification of accounting ledger data located on a database server and maintained by a database admin in the IT dept? A. DB Admin B. Finance dept mgmt C. InfoSec mgr D. IT dept mgmt
B
When a major vulnerability in the security of a critical web server is discovered, immediate notification should be made to the:
A. system owner to take corrective action
B. incident response team to investigate
C. data owners to mitigate damage
D. development team to remediate
A
What should documented standards/procedures for the use of cryptography across the enterprise achieve?
A. Define the circumstances where cryptography should be used
B. Define cryptographic algorithms and key lengths
C. Describe handing procedures of cryptographic keys
D. Establish the use of cryptographic solutions
A
Which of the following would be the MOST relevant factor when defining the info classification policy? A. Quantity of info B. Available IT infrastructure C. Benchmarking D. Requirements of data owners
D
A certificate authority is required for a public key infrastructure:
A. in cases where confidentiality is an issue
B. when challenge/response auth is used
C. except where users attests to each other’s identity
D. in role-based access control deployments
C
For risk management purposes, the value of a physical asset should be based on: A. original cost B. net cash flow C. net present value D. replacement cost
D
An enterprise is transferring its IT ops to an offshore location. An infosec mgr should PRIMARILY focus on: A. reviewing new laws and regulations B. updating operation procedures C. validating staff qualifications D. conducting a risk assessment
D
An org’s board of directors is concerned about recent fraud attempts that originated over the internet. What action should the board take to address this concern?
A. Direct infosec regarding specific resolutions that are needed to address the risk
B. Research solutions to determine appropriate actions for the org
C. Take not action; infosec does not report to the board
D. Direct mgmt to assess the risk and to report the results to the board
D
Which of the following roles is MOST responsible for ensuring that info protection policies are consistent with applicable laws and regulations? A. Executive mgmt B. Quality mgr. C. Board of directors D. Auditor
C
The PRIMARY goal of a corporate risk mgmt program is to ensure that an org’s:
A. IT assets in key business functions are protected
B. business risk is addressed by preventive controls
C. stated objectives are achieved
D. IT facilities and systems are always available
C
Of the following, retention of business records should be PRIMARILY based on: A. periodic vulnerability assessment B. business requirements C. device storage capacity and longevity D. legal requirements
B
Who should generally determine the classification of an information asset? A. the asset custodian B. the security mgr. C. senior mgmt. D. the asset owner
D
An infosec mgr. mapping a job description to types of data access is MOST likely to adhere to which of the following infosec principles? A. Ethics B. Proportionality C. Integration D. Accountability
B
What activity needs to be performed for previously accepted risk?
A. Risk should be reassessed periodically because risk changes over time
B. Accepted risk should be flagged to avoid future reassessment efforts
C. Risk should be avoided next tie to optimize the risk profile
D. Risk should be removed from the risk log after it is accepted
A
An enterprise has been recently subject to a series of denial-of-service attacks due to a weakness in security. The infosec mgr. needs to present a business case for increasing the investment in security. The MOST significant challenge in obtaining approval from senior mgmt. for the proposal is:
A. explaining technology issues of security
B. demonstrating value and benefits
C. simulating various risk scenarios
D. obtaining benchmarking data for comparison
B
When creating a forensic image of a hard drive, which of the following should be thee FIRST step?
A. Identify a recognized forensics software tool to create the image
B. Establish a chain of custody log
C. Connect the hard drive to a write blocker
D. Generate a cryptographic hash of the hard drive contents
B
When an org is using an automated tool to mange and house its business continuity plans, which of the following is the PRIMARY concern?
A. Ensuring accessibility should a disaster occur
B. Versioning control as plans are modified
C. Broken hyperlinks to resources stored elsewhere
D. Tracking changes in personnel and plan assets
A
Security risks assessments are MOST cost-effective to a software development org when they are performed:
A. before system development begins
B. at system deployment
C. before developing a business case
D. at each stage of the system development life cycle
D
Which of the following is MOST effective in preventing disruptions to production systems? A. patch mgmt. B. security baselines C. virus detection D. change mgmt.
D
The segregation of duties principle is violated if which of the following individuals has update rights to the db access control list? A. data owner B. data custodian C. systems programmer D. security admin
C
During which phase of development is it MOST appropriate to begin assessing the risk of a new application system? A. Feasibility B. Design C. Development D. Testing
A
When a proposed system change violates an existing security standard, the conflict would be BEST resolved by: A. calculating the risk B. enforcing the security standard C. redesigning the system change D. implementing mitigating controls.
A
Which of the following technologies is utilized to ensure that an individual connecting to a corporate internal network over the Internet is not an intruder masquerading as an authorized user? A. Intrusion detection system B. IP address packet filtering C. Two-factor authentication D. Embedded digital signature
C
Which of the following are seldom changed in response to technological changes? A. Standards B. Procedures C. Policies D. Guidelines
C
While implementing infosec governance, an org should FIRST: A. adopt security standards B. determine security baselines C. define the security strategy D. establish security policies
C
Who should be assigned as data owner for sensitive customer data that is used only by the sales dept. and stored in a central db? A. The sales dept. B. The db admin C. The chief information officer D. the head of the sales dept.
D
Which of the following actions should be taken when an online trading company discovers a network attack in progress? A. Shut of all network access points B. Dump all even logs to removable media C. Isolate the affected network segment D. Enable trace logging on all events
C
Which of the following is the MOST important consideration when performing a risk assessment?
A. Mgmt. supports risk mitigation efforts
B. Annual loss expectancies have been calculated for critical assets
C. Assets have been identified and appropriately valued
D. Attack motives, means and opportunities are understood
C
Which program element should be implemented FIRST in asset classification and control? A. Risk assessment B. Classification C. Valuation D. Risk mitigation
C
Infosec governance is PRIMARILY driven by: A. technology constraints B. regulatory requirements C. litigation potential D. business strategy
D
What is the BEST method for mitigating against network DOS attacks?
A. Ensure all servers are up to date on OS patches
B. Employ packet filtering to drop suspect packets
C. Implement network address translation to make internal addresses nonroutable
D. Implement load balancing for internet facing devices
B
Which of the following would be MOST appropriate for collecting and preserving evidence? A. Encrypted hard drives B. Generic audit software C. Proven forensic processes D. Log correlation software
C
What is the BEST means to standardize security configs in similar devices? A. Policies B. Procedures C. Technical guides D. Baselines
D
Serious security incidents typically lead to renewed focus by mgmt. on infosec that then usually fades over time. What opportunity should the infosec mgr. seize to BEST use this renewed focus?
A. To improve the integration of business and infosec processes
B. To increase infosec budgets and staffing levels
C. to develop tighter controls and stronger compliance efforts
D. To acquire better supplemental technical security controls
A
The use of insurance is an example of which of the following? A. Risk mitigation B. Risk acceptance C. Risk elimination D. Risk transfer
D
Infosec frameworks can be MOST useful for the infosec mgr. because they:
A. provide detailed processes and methods
B. are designed to achieve specific outcomes
C. provide structure and guidance
D. provide policy and procedure
C
What activity BEST helps ensure that contract personnel do not obtain unauthorized access to sensitive information?
A. Set accounts to pre-expire
B. Avoid granting sys admin roles
C. Ensure they successfully pass background checks
D. Ensure their access is approved by the data owner
B
When should risk assessments be performed for optimum effectiveness?
A. At the beginning of security program development
B. On a continuous basis
C. While developing the business case for the security program
D. During the business change management process
B