Security And risk Management Flashcards

1
Q

Need to know access

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information processed correctly and not modified by unauthorized persons and protecting data in transit

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Ensuring systems are up and running so that persons can use them when they need them

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Who get access- who is authorized to speak behave access to the system

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Lashes, digital signatures, parity bits, separation of duties

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Remote sites, backups, high availability, RAID levels,

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Validates appropriate policies, procedures and standards and guidelines are implemented to ensure business operations

A

Information Security Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Things measured on a long-term trends and illustrate the day-to-day workload

A

Metrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who is responsible for Security

A

Everyone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who is ultimately responsible for Security

A

Executive Management/Executive Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who does security report too?

A

Chain of command

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Detecting- pre-emptive measure made to avoid harm to other persons or their property

A

Due Diligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Caring is correcting

A

Due Care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Legal term used to describe the care a “reasonable person” would exercise under given circumstances

A

Due Care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Examples:
Background checks of employee credit checks of business partners 
Information security assessments 
Penetration testing
Contingency testing of backup systems
A

Due Diligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Dual use goods

A

Wassenaar Arrangement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

3 types of access control

A

Administrative
Physical
Technical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Name 2 types of Risk

A

Likelihood

Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is C.I.A?

A

Confidentiality; Availability and Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

idea that is certified and made public

A

Patent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Expression of an idea

A

Copyright

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What organization concisely defines intellectual property?

A

World Intellectual Property Organization (WIPO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What laws explain what is an export?

A

International Traffic in Arms Regulations Act (ITAR:1976)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What laws explain What is deemed export?

A

Export Administration Regulations Act Security (EAR:1979)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the most common Dual-Use goods?

A

Cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Right and Obligations of individuals and Organizations with respect to the collection, use, retention and disclosure of personal information

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Limits collection of personal data

A

Collection Limitation Principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

data that should be relevant to the purposes for which they are to be used and to the extent necessary for those purpose

A

Data Quality Principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Personal data collected is specified not later than at the time of data collection and the subsequent use is limited to the fulfillment

A

Purpose Specification Principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

data should not be disclosed , made available or used for purpose other than those specified except; with consent of the data subject

A

use Limitation Principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Personal data protected by Security Safeguards

A

Security Safeguard Principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

openness of general policy about developments, practices and policies respect to personal data

A

Openness Principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

An event that has the potential to do harm

A

Incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

An event that is measurable or observable occurrence that involves any asset

A

Incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

An incident that results in the disclosure or potential exposure of data

A

Breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Unauthorized acquisition of personal information maintained in computerized form by a person that compromises the security, confidentiality, or integrity of the personal information

A

Data Disclosure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

provides a common language for describing security incidents in a structured and repeatable manner

A

VERIS (The Vocabulary for Event Recording and Incident Sharing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Regulates the handling of personal information about individuals

A

Privacy Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

sets national standards for the security of electronically protected health information

A

Health Insurance Portability and Accountability Act (HIPPA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

certify the accuracy of financial information and penalties for fraudulent activity by providing outside auditors to review accuracy of financial statements

A

Sarbanes-Oxley Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

standard that requires notice of data breaches of personal data breach to the competent national authority no later than 24 hours after detection

A

Regulation for Electronic Communications Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Ethical Standard that protects country

A

Global responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Ethical Standard Protect State

A

National standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Ethical Standard Protect Company

A

Organizational standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What you do when no one is there to navigate what you do legally or illegal

A

Personal Standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Code of Ethic Canons

A

Protect Society (people)
Act Honorably (Honor)
Provide diligent and competent service to principals (Boss)
Advance and protect the profession (profession)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

components that support the implementation of security policy

A

Procedure, standards, guidelines, and baselines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

4 Steps in a BIA

A

Gather information, perform a vulnerability assessment, analyzing the information, Document the results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

An event or situation that if occurred, would prevent the organization from operating in its normal manner, if at all

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

The amount of time the organization can function without that application before significant impact occurs

A

Recovery Time Objective (RTO) or Maximum Tolerable Downtime (MTD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

How quickly you need to have that application information available after downtime has occurred

A

Recovery Time Objective (RTO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Refers to the point in time which data must be restored in order to successfully resume processing between the last backup and when the event occured

A

Recovery Point Objective (RPO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Reduce Risk of Collusion between individuals

A

Job Rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

to not have the same capability to execute all of the steps of a particular process

A

Separation of Duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

access to sensitive data to do there job

A

Need to know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Guidance that analyze risks and manage mitigation in alignment with business and compliance objective

A

GRC- Governance Risk Management and Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Data Protection Directive (DPD), Personal Information Protection and Electronic Documents Acts (PIPEDA), Personally Identifiable Information (PII), HIPAA and Gramm-Leach Bliley ACt (GLBA), Payment Card Industry (PCI) are all examples of what?

A

Privacy Requirements Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Idea that is certified and made public

A

Patent

59
Q

Contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-goods and technolgies

A

The Wassenaar Arrangement (AR)

60
Q

Regulates the handling of personal information about individuals

A

The Privacy Act

61
Q

sets national standards for the security of electronically protected health information

A

Health insurance Portability and Accountability ACt (HIPPA)

62
Q

Top management must individually certify the accuracy of financial information and penalties for fraudulent financial activity are greater.

A

Sarbanes-Oxley Act

63
Q

European Electronic Communication Service providers are required to provide notice of data breaches of a personal data breach to the competent national authority no later than 24 hours after the detection of the personal data breach, when feasible

A

Regulation for Electronic Communication Service (EU)

64
Q

Procedures, standards, guidelines, and baselines are components that support the implementation of what?

A

Security Policy

65
Q

1st step in building the BC program

A

Project initiation and management

66
Q

Before the project can even start, it must have who’s support?

A

Senior/executive Management

67
Q

Procedures implanted to define the roles, responsibilities, policies and administrative functions needed to manage the control environment

A

Administrative Controls

68
Q

An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year

A

Annualized Rate of Occurrence (ARO)

69
Q

The principle that ensures that information is available and accessible to users

A

Availability

70
Q

An incident that results in the disclosure or potential exposure of data

A

Breach

71
Q

Controls and hat substitute for the loss of primary controls and mitigate risk down to an acceptable level

A

Compensating Controls

72
Q

Actions that ensure behavior that complies with established rules

A

Compliance

73
Q

Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, database, and computer programs.

A

Copyright

74
Q

Supports the principle of “Least Privilege” by providing that only authorized individuals, processes, or systems should have access to information on a need to know basis

A

Confidentiality

75
Q

Covers the expression of ideas rather than the ideas themselves, usually protected artistic property such as writings, recording, databases, and computer programs

A

Copyright

76
Q

Controls implemented to remedy circumstance, mitigate damage, or restore controls

A

Corrective Controls

77
Q

A breach for which it was confirmed that data was actually disclosed(not just exposed) to an unauthorized party

A

Data Disclosure

78
Q

Controls designed to signal warning when a security control has been breached

A

Detective Controls

79
Q

Controls designed to discourage people from violating security directives

A

Deterrent Controls

80
Q

Controls designed to specify acceptable rules of behavior within an organization

A

Directive Controls

81
Q

Is similar to Due care with the exception that it is a pre-preemptive measure made to avoid harm to other persons or their property

A

Due Diligence

82
Q

A process designed to identify potential events that may affect the entity, manage risk so it is within its risk appetite, and provide reasonable assurance regarding the achievement of entity objectives

A

Enterprise Risk Management

83
Q

Authorized the President to regulate export of civilian goods and technologies that have military applications

A

Export Administration Act

84
Q

Ensures the business focuses on core activities clarifies who in the organization has the authority to make decisions, determines accountability for actions and responsibility for outcomes, and addresses how expected performance will be evaulated

A

Governance

85
Q

A Security Event that compromises the confidentiality, integrity, or availability of an information asset

A

Incident

86
Q

Comes in two forms making sure that information is processed correctly and not modified by unauthorized persons and protecting information as it transits a network.

A

Integrity

87
Q

Accountable for ensuring the protection of all of the business information assets from intentional and unintentional loss, disclosure, alteration, destruction and unavailabilty

A

Information Security Officer

88
Q

Granting users only the accesses that are required to perform their job functions

A

Least Privilege

89
Q

Electronic hardware and software solutions implemented to control access to information and information networks

A

Logical (Technical) Controls

90
Q

Protects novel, useful, and non-obvious inventions

A

Patent

91
Q

Controls to protect the organizations people and physical environment, such as locks, fire management, gates, and guards

A

Physical controls

92
Q

Controls implemented to prevent a security incident

A

Preventive Controls

93
Q

Controls implemented to restore conditions to normal after a security incident

A

Recovery Controls

94
Q

How quickly you need to have that applications information available after downtime has occured

A

Recovery Time Objective (RTO)

95
Q

The point in time to which data must be restored in order to successfully resume processing

A

Recovery Point Objective (RPO)

96
Q

A Combination of the probability of an event and its consequences (ISO 27000)

A

Risk

97
Q

An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result (RFC 2828)

A

Risk

98
Q

The practice of accepting certain risk, typically based on business direction that may also weigh the cost versus the benefit of dealing with the risk in another way

A

Risk Acceptance

99
Q

The practice of coming up with alternatives so that the risk in question is not realized

A

Risk Avoidance

100
Q

The practice of the elimination of or the significant decrease in the level of risk presented

A

Risk Mitigation

101
Q

The practice of passion on the risk in question to another entity, such as an insurance company

A

Risk Transfer

102
Q

A systematic process for identifying, analyzing, evaluation, remedying, and monitoring risk

A

Risk Management

103
Q

Defined as the difference between the original value and the remaining value of an asset after a single exploit

A

Single Loss Expectancy (SLE)

104
Q

An word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods and distinguish them from those made or sold by others

A

Trademark

105
Q

Proprietary business or technical information, processes, designs, practices, etc. that are confidential and critical to the business

A

Trade Secret

106
Q

Determines the potential impact of disruptive events on the organizations business processes

A

Vulnerability Assessment

107
Q

Established to contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, this preventing destabilizing accumulations

A

Wassenaar Arrangement

108
Q

Within the realm of IT Security, which of the following combinations best define risk:
A. Threat coupled with a breach
B. Threat coupled with a vulnerability
C. Vulnerability coupled with an attack
D. Threat coupled with a breach of security

A

B. Threat coupled with a vulnerability
(A vulnerability is a lack of countermeasure or a weakness in a countermeasure that is in place. A threat is any potential danger that is associated with the exploitation of a vulnerability)

109
Q

When determining the value of an intagible asset which is the BEST approach:
A. Determine the physical storage cost and multiply by the expected life of the company
B. With the assistance of finance of accounting professional determine how much profit the asset has returned
C. Review the depreciation of intangible asset over the past three years
D. Use the historical acquisition or development cost of the intangible asset.

A

B.-

110
Q

Qualitative risk assessment is ear marked by which of the following?
A. Ease of implementation and it can be completed by personnel with a limited understanding of the risk assessment process
B. Can be completed by personnel with a limited understanding of the risk assessment process and uses detailed metrics used for calculation of risk
C. Detailed metrics used for calculation of risk and ease of implementation
D. Can be completed by personnel with a limited understanding of the risk assessment process and detailed metrics used for the calculation of risk

A

A

111
Q

Single Loss expectancy (SLE) is calulated by using:
A. Asset Value and annualized rate of occurence (ARO)
B. Asset Value, local annual frequency estimate (LAFE) and standard annual frequency estimate (SAFE)
C. Asset value and exposure factor
D. Local annual frequency estimate and annualized reate of occurence

A

C

112
Q

Consideration for which type of risk assessment to perform includes all of the following:
A. Culture of the organization likelihood of exposure and budget
B. Budget, capabilities of resources and likelihood of exposure
C. Capabilities of resources, likelihood of exposure and budget
D. Culture of the organization, budget, capabilities and resources

A

D

113
Q

Security Awareness training includes:
A. Legislated security compliance objectives
B. Security roles and responsibilities for staff
C. The high-level outcome of vulnerability assessments
D. Specialized curriculum assignments, coursework and an accredited institution.

A

B

114
Q
What is the minimum and customary practice of responsible protection of assets that affects a community or societal norm?
A. Due diligence
B. Risk Mitigation
C. Asset Protection
D. Due Care
A

D

115
Q
Effective Security Management
A. Achieved security at the lowest cost
B. Reduces risk to an acceptable level
C. Prioritizes security for new products
D. installs patches in a timely manner
A

B

116
Q

Availability makes information accessible by protecting from:
A. Denial of services, fires, floods, hurricanes, and unauthorized transactions
B. Fire, floods, hurricanes, unauthorized transactions and unreadable backup tapes
C. unauthorized transactions fires, floods, hurricanes and unreadable backup tapes
D. Denial services, fires, floods, and hurricanes and unreadable backup tapes

A

D

117
Q

Which phrase best defines a business continuity/disaster recovery plan?
A. A set of plans for preventing a disaster
B. An approved set of preparations and sufficient procedures for responding to a disaster
C. A set of preparations and procedures for responding to a disaster without management approval
D. The adequate preparations and procedures for the continuation of all organization functions

A

D

118
Q

Which of the following steps should be performed first in a business impact analysis (BIA)?
A. Identify all business units within an organization
B. Evaluate the impact of disruptive events
C. Estimate the Recovery Time Objectives (RTO)
D. Evaluate the criticality of business functions

A

A

119
Q

Tactical security plans are BEST used to:
A. Establish high-level security policies
B. Enable enterprise/entity-wide security management
C.Reduce downtime
D. Deploy new security technology

A

D

120
Q
Who is accountable for implementing information security?
A. Everyone
B. Senior Management
C. Security Officer
D. Data Owners
A

C

121
Q
Security is likely to be most expensive when addressed in which phase?
A. Design
B. Rapid Prototyping
C. Testing
D. Implementation
A

D

122
Q

Information systems auditors help the organization?
A. Mitigate compliance issues
B. Establish and effective control environment
C. Identify control gaps
D. Address information technology for financial statements

A

C

123
Q

The Facilitated Risk Analysis Process (FRAP)
A. Makes a base assumption that a broad risk assessment is the most effective way to determine risk in a system, business segment, application or process
B. Makes a base assumption that a narrow risk assessment is the most efficient way to determine risk in a system, business segment, application or process
C. Makes a base assumption that a narrow risk assessment is the least efficient way to determine risk in a system, business segment, application or process
D. makes a base assumption that a broad risk assessment is the least efficient way to determine risk in a system, business segments, application or process

A

B

124
Q

Setting clear security roles has the following benefits:
A. Establishes personnel accountability, reduces cross-training requirements and reduced departmental turf battle
B. Enables continuous improvement, reduces cross-training requirements and reduced departmental turf battle
C. Established personal accountability, establishes continuous improvement and reduces turf battles
D. Reduced departmental turf battles, Reduces cross-training requirements and establishes personal accountability

A

C

125
Q

Well-written security program policies are BEST reviewed:
A. At least annually or at pre-determined organization changes
B. After major project implementations
C. When applications or operating systems are updated
D. When procedures need to be modified

A

A

126
Q

An organization will conduct a risk assessment to evaluate:
A. Threat to its assets, vulnerabilities not present in the environment, the likelihood that a threat will be realized by taking advantage of an exposure, the impact that the exposure being realized will have on the organization, the residual risk
B. Threat to its assets, vulnerabilities present int he environment, the likelihood that a threat will be realized by taking advantage of an exposure, the impact that the exposure being realized will have on another organization, the residual risk
C. Threat to its assets, vulnerabilities present int he environment, the likelihood that a threat will be realized by taking advantage of an exposure, the impact that the exposure being realized will have on organization, the residual risk
D.Threat to its assets, vulnerabilities present int he environment, the likelihood that a threat will be realized by taking advantage of an exposure, the impact that the exposure being realized will have on the organization, the total risk

A

C

127
Q

A security policy which will remain relevant and meaningful over time includes the following:
A. Directive words such as shall, must, or will, technical specifications and is short in length
B. Defined policy development process, short in length and contains directive words such as shall, must or will
C. Short in length, technical specifications and contains directive words such as shall, must or will
D. Directive words such as shall, must, or will, defined policy development process and is short in length.

A

D

128
Q
The ability of one person in the finance department to add vendors to the vendor database and subsequently pay the vendor violates which concept?
A. A well-formed transaction
B. Separation of duties
C. Least Privilege
D. Data sensitivity level
A

B

129
Q
Collusion is best mitigated by:
A.  Job rotation
B. Data Classification
C. Defining job sensitivity level
D. Least privilege
A

A

130
Q
Data Access decisions are best made by:
A. user managers
B. Data Owners
C. Senior Management
D. Application developer
A

B

131
Q

Which of the following statements BEST described the extent to which an organization should address business continuity or disaster recovery planning?
A. Continuity Planning is significant organizational issue and should include all parts or functions of the company
B. Continuity planning is a significant technology issue and the recovery of technology should be its primary focus
C. Continuity planning is required only where there is complexity in voice and data communications
D. Continuity planning is a significant management issue and should include the primary functions specified by managemen

A

A

132
Q

Business impact analysis is performed to BEST identify:
A. The impacts of a threat to the organization operations
B. The exposure to loss to the organization
C. The impacts of a risk on the organization
D. The cost efficient way to eliminate threats

A

B

133
Q

During the risk analysis phase of the planning, which of the following actions could BEST manage threats or mitigate the effects of an event?
A. Modifying the exercise scenario
B. Developing recovery procedures
C. Increasing reliance on key individuals
D. Implementing procedural controls

A

D

134
Q
The BEST reason to implement additional controls or safeguards is to:
A. deter or remove the risk
B. Identify and eliminate the threat
C. Reduce the impact of the threat
D. identify the risk and the threat
A

C

135
Q

Which of the following statements BEST describes organization impact analysis?
A. Risk analysis and organization impact analysis are two different terms describing the same project effort
B. A organization impact analysis calculates the probability of disruptions to the organizations
C. A organization impact analysis is critical to development of a business continuity plan
D. A organization impact analysis establishes the effect of disruptions on the organization

A

D

136
Q
The term "disaster recovery" refers to the recovery of:
A. organization operations
B. Technology environment
C. manufacturing environment
D. personnel environments
A

B

137
Q
Which if the following terms BEST described the effort to determine the consequences of disruption that could result from a disaster?\
A. Business Impact Analysis
B. Risk Analysis
C. Risk Assessment
D. Project problem definition
A

A

138
Q

the elements of risk are as follows:
A. natural Disasters and man-made disasters
B. Threats, assets and mitigating controls
C. Risk and business impact analysis
D. Business Impact analysis and mitigating controls

A

B

139
Q

Which if the following methods is not acceptable for exercising the business continuity plan?
A. Table-top exercise
B. Call exercise
C. Simulated exercise
D. Halting a production application or function

A

D

140
Q

Which of the following is the primary desired result of any well-planned business continuity exercise?
A. Identifies plan strengths and weaknesses
B. Satisfies management requirements
C. Complies with auditors requirements
D. Maintains shareholder confidence

A

A

141
Q

A business continuity plan is best updated and maintained:
A. Annually or when requested by auditors
B. Only when new versions of software are deployed
C. Only when new hardware is deployed
D. During the configuration and change management process

A

D

142
Q
Which of the following is MOST important for successful business continuity>
A. Senior leadership support
B. Strong technical support staff
C. Extensive wide are network
D. An integrated incident response team
A

A

143
Q
A Service's recovery point objective is zero. Which approach BEST ensures the requirement is met?
A. RAID 6 with a hot site alternative
B. RAID 0 with a warm site alternative
C. RAID 0 with a cold site alternative
D. RAID 6 with a reciprocal agreement
A

A

144
Q

The (ISC)2 code of ethics resolves conflicts between canons by:
A. there can never be conflicts between canons
B. Working through adjuducation
C. The order of the canons
D. Vetting all canon conflicts through the board of directives

A

C