NEW QUESTION 1
Which of the following options is an approach to restricting system access to authorized users?

• A. DAC
• B. MIC
• C. RBAC
• D. MAC

Answer: C

NEW QUESTION 2
Which of the following plans provides procedures for recovering business operations immediately following a disaster?

• A. Disaster recovery plan
• B. Business continuity plan
• C. Continuity of operation plan
• D. Business recovery plan

Answer: D

NEW QUESTION 3
Which of the following is the default port for Simple Network Management Protocol (SNMP)?

• A. TCP port 80
• B. TCP port 25
• C. UDP port 161
• D. TCP port 110

Answer: C

NEW QUESTION 4
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue. Which of the following is most appropriate for this client?

• A. Cold site
• B. Off site
• C. Hot site
• D. Warm site

Answer: A

NEW QUESTION 5
Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites?

• A. Child Pornography Prevention Act (CPPA)
• B. USA PATRIOT Act
• C. Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act)
• D. Sexual Predators Act

Answer: D

NEW QUESTION 6
Which of the following policies helps reduce the potential damage from the actions of one person?

• A. CSA
• B. Risk assessment
• C. Separation of duties
• D. Internal audit

Answer: C

NEW QUESTION 7
You work as a security manager for SoftTech Inc. You along with your team are doing the disaster recovery for your project. Which of the following steps are performed by you for secure recovery based on the extent of the disaster and the organization's recovery ability? Each correct answer represents a part of the solution. Choose three.

• A. Recover to an alternate site for critical functions
• B. Restore full system at an alternate operating site
• C. Restore full system after a catastrophic loss
• D. Recover at the primary operating site

Answer: ACD

NEW QUESTION 8
Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

• A. Yes, the ZAS Corporation did not choose to terminate the contract work.
• B. It depends on what the outcome of a lawsuit will determine.
• C. It dependson what the termination clause of the contract stipulates.
• D. No, the ZAS Corporation did not complete all of the wor

Answer: C

NEW QUESTION 9
What are the steps related to the vulnerability management program? Each correct answer represents a complete solution. Choose all that apply.

• A. Maintain and Monitor
• B. Organization Vulnerability
• C. Define Policy
• D. Baseline the Environment

Answer: ACD

NEW QUESTION 10
Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

• A. It uses TCP port 80 as the default port.
• B. It is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site.
• C. It uses TCP port 443 as the default port.
• D. It is a protocol used to provide security for a database server in an internal networ

Answer: BC

NEW QUESTION 11
Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.

• A. It ensures that unauthorized modifications are not made to data by authorized personnel orprocesses.
• B. It determines the actions and behaviors of a single individual within a system
• C. It ensures that modifications are not made to data by unauthorized personnel or processes.
• D. It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

Answer: ACD

NEW QUESTION 12
Which of the following statements best describes the consequences of the disaster recovery plan test?

• A. If no deficiencies were found during the test, then the test was probably flawed.
• B. The plan should not be changed no matter what the results of the test would be.
• C. The results of the test should be kept secret.
• D. If no deficiencies were found during the test, then the plan is probably perfec

Answer: A

NEW QUESTION 13
Which of the following types of evidence is considered as the best evidence?

• A. A copy of the original document
• B. Information gathered through the witness's senses
• C. The original document
• D. A computer-generated record

Answer: C

NEW QUESTION 14
Which of the following architecturally related vulnerabilities is a hardware or software mechanism, which was installed to permit system maintenance and to bypass the system's security protections?

• A. Maintenance hook
• B. Lack of parameter checking
• C. Time of Check to Time of Use (TOC/TOU) attack
• D. Covert channel

Answer: A

NEW QUESTION 15
Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems?

• A. Gramm-Leach-Bliley Act
• B. Computer Fraud and Abuse Act
• C. Computer Security Act
• D. Digital Millennium Copyright Act

Answer: B

NEW QUESTION 16
Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution. Choose all that apply.

• A. Editor
• B. Custodian
• C. Owner
• D. Security auditor
• E. User

Answer: BCDE

NEW QUESTION 17
Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.

• A. Ifyou don't know the threat, how do you know what to protect?
• B. If you don't know what to protect, how do you know you are protecting it?
• C. If you are not protecting it (the critical and sensitive information), the adversary wins!
• D. If you don't knowabout your security resources you cannot protect your networ

Answer: ABC

NEW QUESTION 18
Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

• A. The Service Level Manager
• B. The Configuration Manager
• C. The IT Security Manager
• D. The Change Manager

Answer: C

NEW QUESTION 19
Which of the following processes is used by remote users to make a secure connection to internal resources after establishing an Internet connection?

• A. Packet filtering
• B. Tunneling
• C. Packet sniffing
• D. Spoofing

Answer: B

NEW QUESTION 20
Which of the following is used to back up forensic evidences or data folders from the network or locally attached hard disk drives?

• A. WinHex
• B. Vedit
• C. Device Seizure
• D. FAR system

Answer: D

NEW QUESTION 21
Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

• A. Non-repudiation
• B. Confidentiality
• C. Authentication
• D. Integrity

Answer: A

NEW QUESTION 22
Which of the following processes will you involve to perform the active analysis of the system for any potential vulnerabilities that may result from poor or improper system configuration, known
and/or unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures?

• A. Penetration testing
• B. Risk analysis
• C. Baselining
• D. Compliance checking

Answer: A

NEW QUESTION 23
A contract cannot have provisions for which one of the following?

• A. Subcontracting the work
• B. Penalties and fines for disclosure of intellectual rights
• C. A deadline for the completion of the work
• D. Illegal activities

Answer: D

NEW QUESTION 24
Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

• A. Data custodian
• B. Auditor
• C. User
• D. Data owner

Answer: B

NEW QUESTION 25
Which of the following security models dictates that subjects can only access objects through applications?

• A. Biba-Clark model
• B. Bell-LaPadula
• C. Clark-Wilson
• D. Biba model

Answer: C

NEW QUESTION 26
Which of the following are the process steps of OPSEC? Each correct answer represents a part of the solution. Choose all that apply.

• A. Analysis of Vulnerabilities
• B. Display of associated vulnerability components
• C. Assessment of Risk
• D. Identification of Critical Information

Answer: ACD

NEW QUESTION 27
How many change control systems are there in project management?

• A. 3
• B. 4
• C. 2
• D. 1

Answer: B

NEW QUESTION 28
Mark is the project manager of the NHQ project in Spartech Inc. The project has an asset valued at $195,000 and is subjected to an exposure factor of 35 percent. What will be the Single Loss Expectancy of the project?

• A. $92,600
• B. $67,250
• C. $68,250
• D. $72,650

Answer: C

NEW QUESTION 29
......