Which of the following are implemented in the Do phase of the PDCA model?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Network Security Administrator for uCertify Inc. He is responsible for securing and analyzing the network of the organization. Mark is concerned about the current network security, as individuals can access the network with bypass authentication, thus allowing them to get more permissions than allotted. Which of the following is responsible for this type of privilege escalation?
Which of the following statements is true about single loss expectancy?
In which of the following social engineering attacks does an attacker first damage any part of the target's equipment and then advertise himself as an authorized person who can help fix the problem.
You work as an Information Security Manager for uCertify Inc. The company has made a contract with a third party software company to make a software program for personal use. You have been assigned the task to share organization's personal requirements regarding the tool to the third party using a non disclosure agreement (NDA). Which of the following is the purpose of using NDA?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following is an intangible asset?
Mark is the project manager of the NHQ project in StarTech Inc. The project has an asset valued at $195,000 and is subjected to an exposure factor of 35 percent. What will be the Single Loss Expectancy of the project?
You work as an Information Security Manager for uCertify Inc. You are implementing an asset management strategy. Which of the following should you include in your strategy to make it effective?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is the prime concern of ISO 27005?
David works as the Network Administrator for uCertify Inc. He has been assigned the task to analyze and manage risks in the computer network of the organization. Which of the following are the stages of the CRAMM review that David will go through?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Administrator for uCertify Inc. You have made a plan to increase the security of the organization and you want to show this to the CEO of the organization. But, you do not want to share this information with others. Therefore, you want to classify this information.
Which of the following will be the suitable classification to accomplish the task?
How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?
Which of the following is used for improving the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation?
Which of the following identifies a company's exposure to threats and provides effective prevention and recovery for the company?
The System Management department has the pass to enter the computer room. The access to that computer room is closed off using the pass reader. Which of the following categories of security defines the above scenario?
You work as an Information Security Manager for uCertify Inc. You have been assigned the task to create the documentation on control A.7.1.3. Which of the following is the chief concern of control A.7.1.3?
Which of the following are the elements of Information Security Management System framework?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Administrator for uCertify Inc. You have installed ten separate applications for your employees to work. All the applications require users to log in before working on them; however, this takes a lot of time. Therefore, you decide to use SSO to resolve this issue. Which of the following
are the other benefits of Single Sign-On (SSO)?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are the various domains in the ISO/IEC 27002?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following paragraphs of the Turnbull Guidance provide clear description of the principles of a risk treatment plan?
Each correct answer represents a complete solution. Choose all that apply.
By gaining full control of a router, hackers often acquire full control of the network. Which of the following methods are commonly used to attack routers?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following indicates that the project team has decided not to change the project management plan to deal with a risk?
Which of the following is the method of hiding data within another media type such as graphic or document?
Which of the following statements is true about pattern matching IDS?
Which of the following are the primary rules defined for RBAC?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following activities are performed by the 'Do' cycle component of PDCA (plan-docheck- act)?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Network Security Administrator for uCertify Inc. Your organization has set up a new Internet connection in place of the previous one. It is your responsibility to ensure that employees use the Internet only for official purposes. While reviewing Internet usages, you find that a few people have traversed and downloaded some inappropriate and illegal information. You want to make a policy to stop all these activities in the future. Which of the following policies will you implement to accomplish the task?
Which of the following is a list of specific actions being taken to deal with specific risks associated with the threats?
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?
Mark works as a Security Administrator for uCertify Inc. Somehow Mark comes to know that an employee is keeping illegal software on his workstation. After investigating, Mark finds that this is indeed true. Therefore, Mark decides to file a law suit against the organization, as it is against organization's norms to store illegal information. Now, the organization decides to call the police and suspend Mark from work till further internal inquiries. Which of the following practices has been implemented in this scenario?
Which of the following statements about incremental backup are true?
Each correct answer represents a complete solution. Choose two.
Which of the following statements are true about Regulation of Investigatory Powers Act 2000?
Each correct answer represents a complete solution. Choose all that apply.
A helpdesk technician received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account on UNIX servers and asked for it. Although the technician didn't know any administrator at the branch office, the guy sounded really friendly and since he knew the root password himself, he supplied the caller with the password.
What type of attack has just occurred?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following is an intangible asset?
You work as a Network Administrator for uCertify Inc. The organization has constructed a cafeteria for their employees and you are responsible to select the access control method for the cafeteria.
There are a few conditions for giving access to the employees, which are as follows:
1. Top level management can get access any time.
2. Staff members can get access during the specified hours.
3. Guests can get access only in working hours.
Which of the following access control methods is suitable to accomplish the task?
You work as an Information Security Manager for uCertify Inc. You are working on a document regarding the PDCA methodology. Which of the following elements of the PDCA (Plan-Do-Check- Act) methodology is used to continually improve the process performance?
You work as a Security Administrator for uCertify Inc. You have been assigned a task to implement information classification levels. You want to put the highly sensitive documents that should only be accessed by few people of the organization. In which of the following information classification levels should you put those documents?
Which of the following should be considered while calculating the costs of the outage?
Each correct answer represents a complete solution. Choose all that apply.
Fill in the blank with the appropriate term.
___________is the built-in file encryption tool for Windows file systems. It protects encrypted files from those who have physical possession of the computer where the encrypted files are stored.
Which of the following types of attack can be used to break the best physical and logical security mechanism to gain access to a system?
Which of the following documents is developed along the risk management processes to monitor and control risks?
Which of the following are the basics of Business Continuity Management?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is a formal state transition model of computer security policy that is used to describe a set of access control rules which use security labels on objects and clearances for subjects?
Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials?
Which of the following are the major tasks of risk management?
Each correct answer represents a complete solution. Choose two.
Andrew is the CEO of uCertify Inc. He wants to improve the resources and revenue of the company. He uses the PDCA methodology to accomplish the task. Which of the following are the phases of the PDCA methodology?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is a list of specific actions being taken to deal with specific risks associated with the threats?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You have been assigned the task to secure information labeling and handling within the organization. Which of the following controls of the ISO standard is concerned with information labeling and handling?
Which of the following states that a user should never be given more privileges than are required to carry out a task?
You work as a Network Administrator for Net Perfect Inc. The company has a TCP/IP-based Windows NT network. You are configuring a computer that will be used as a file server on the network. You have to decide the disk configuration for the computer to obtain better performance.
A fault tolerant disk configuration is not a requirement. Which of the following RAID levels will you choose to fulfil the requirement?
David works as the Chief Information Security Officer for uCertify Inc. Which of the following are the responsibilities that should be handled by David?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following should be considered while calculating the costs of the outage?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following specifies value of each asset?
You are consulting with a small budget conscious accounting firm. Each accountant keeps individual records on their PC and checks them in and out of a server. They are concerned about losing data should the server hard drive crash. Which of the following RAID levels would you recommend?
Sam uses Monte Carlo simulation to quantitatively assess cost and schedule risks of his project during planning processes. During risk monitoring and control, Sam repeats the technique, but it leads to different results. Which of the following cannot be the reason for the difference in results?
Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the following formulas best describes the Single Loss Expectancy (SLE)?
John, a novice web user, makes a new e-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements is related to residual risks?
You work as a Security Administrator for uCertify Inc. You observe that an employee is spreading personal data of your organization. Human resource security deals with the employees handling personal data in an organization. Which section of ISO 27002 describes human resource security?
You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of the lack of space, casting is highly dangerous. High technical skill will be required for casting that column. You decide to hire a local expert team for casting that column. Which of the following types of risk response are you following?
You work as an Information Security Manager for uCertify Inc. You need to make the documentation on change management. What are the advantages of change management?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following protects original works of authorship including literary, dramatic, musical, artistic, and other intellectual works?
Which of the following are computer clusters that are implemented primarily for the purpose of providing high availability of services which the cluster provides?
Which of the following is a measure taken by a program to protect the system against misuse of itself?
What does CRAMM stand for?
Which of the following policies defines the goals and elements of an organization's computer systems?
Which of the following is NOT a module of FaultTree+?
Copyright © 2021-2024 CertsTopics. All Rights Reserved
