True/False
Indicate whether the sentence or statement is true
or false.
|
|
|
1.
|
A
disaster recovery plan defines the resources, actions, and data required to reinstate critical
business processes that have been damaged or disabled because of a disaster.
|
|
|
2.
|
Organizations with extensive business-critical data processing and storage
requirements should also asses the need for off-site storage.
|
|
|
3.
|
A
reciprocal backup agreement is a very expensive way to keep data safe and in separate
locations.
|
|
|
4.
|
Software errors cannot be a cause for erroneous data to be added or removed from a
database.
|
|
|
5.
|
The
company will want to increase the level of trust it places on one person for high-risk
activities.
|
Multiple Choice
Identify the
letter of the choice that best completes the statement or answers the question.
|
|
|
6.
|
A
very cost-effective way to keep data safe and in separate locations by agreeing with another company
to backup and store each other's data is called a(n): a. | need-to-know | c. | SLA | b. | reciprocal backup agreement | d. | None of the above | | | | |
|
|
|
7.
|
What
protects the confidentiality of information and the integrity of systems by keeping unauthorized
users out of computer systems? a. | incident response policy | c. | password management | b. | due
care | d. | data
backup | | | | |
|
|
|
8.
|
A
method for establishing information dissemination in which users should only have access to
information and resources they need to know about is called the: a. | need-to-know | c. | due
care | b. | incident
response policy | d. | SLA | | | | |
|
|
|
9.
|
What
inspects all inbound and outbound network activity and identifies suspicious patterns that may
indicate a network or system attack from someone attempting to break into or compromise a
system? a. | code of
ethics | c. | due
care | b. | data
backups | d. | intrusion
detection systems | | | | |
|
|
|
10.
|
A
written policy that covers how to deal with a security incident after it has already transpired is
called a(n): a. | code of
ethics | c. | due
care | b. | incident
response policy | d. | reciprocal
backup agreement | | | | |
|
|
|
11.
|
What
do you call reasonable precautions that are being taken that indicate an organization is being
responsible? a. | need-to-know | c. | due
care | b. | code of
ethics | d. | None of the
above | | | | |
|
|
|
12.
|
What
does SLA stand for? a. | Service Level Agreements | c. | Support Level Agreements | b. | System Linking
Attributes | d. | System Level
Agreement | | | | |
|
|
|
13.
|
What
does IDS stand for? a. | internal detection systems | c. | internal detection sniffer | b. | inbound
detection systems | d. | intrusion
detection systems | | | | |
|
|
|
14.
|
What
does MAC stand for? a. | modem access control | c. | medium access computer | b. | media access
control | d. | media
accountability control | | | | |
|
|
|
15.
|
Which
of the following are access control lists? a. | discretion access control | c. | role-based access control | b. | system access
control | d. | All of the
above | | | | |
|
|
|
16.
|
Which
of the following events can cause outages? a. | hardware failure | c. | malicious attack | b. | software
failure | d. | All of the
above | | | | |
|
|
|
17.
|
Which
of the following are a main type of backup facility? a. | neutral
site | c. | warm
site | b. | closed
site | d. | None of the
above | | | | |
|
|
|
18.
|
Which
of the following is a step in a disaster recovery plan? a. | business impact
statement | c. | stop using
compromised equipment | b. | documenting the server | d. | All of the above | | | | |
|
|
|
19.
|
Which
of the following should be included in an effective backup strategy? a. | backup
medium | c. | backup
storage | b. | backup verify | d. | All of the above | | | | |
|
|
|
20.
|
Which
of the following are potential disaster threat categories? a. | natural | c. | internal | b. | external | d. | All of the above | | | | |
|
Matching
|
|
|
Please match the best term from the list below to the most appropriate
concept. a. | data
backup | e. | need-to-know | b. | incident response policy | f. | due care | c. | code of
ethics | g. | intrusion
detection systems | d. | reciprocal backup agreement | h. | password management | | | | |
|
|
|
21.
|
Reasonable precautions are being taken indicating responsibility.
|
|
|
22.
|
Cost-effective way to keep data safe by agreement with another company.
|
|
|
23.
|
HR
policy that defines the company's stance on security and resources.
|
|
|
24.
|
Information dissemination in which users only have access if they need to know about
it.
|
|
|
25.
|
Backing up al mission-critical data.
|
|
|
Please match the best term from the list below to the most appropriate
concept. a. | RBAC | e. | password
management | b. | DAC | f. | preparation | c. | intrusion
detection system | g. | incident
response policy | d. | code of ethics | h. | incident response policy | | | | |
|
|
|
26.
|
Policy that covers how to deal with a security incident after it has
transpired.
|
|
|
27.
|
Protects the confidentiality of information and system integrity.
|
|
|
28.
|
Inspects all inbound and outbound network activity and identifies suspicious
patterns.
|
|
|
29.
|
Control list which allows users access to files, services or resources based on the
user's role in the organization.
|
|
|
30.
|
Being
ready before an incident occurs.
|