Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ECCouncil 312-76 Disaster Recovery Professional Practice Test Exam Practice Test

Demo: 43 questions
Total 290 questions

Disaster Recovery Professional Practice Test Questions and Answers

Question 1

Which of the following systems helps to detect the "abuse of privileges" attack that does not

actually involve exploiting any security vulnerability?

Options:

A.

Signature-Based ID system

B.

Network-Based ID system

C.

Statistical Anomaly-Based ID system

D.

Host-Based ID system

Question 2

You work as a Network administrator for Infonet Inc. The company has 135 Windows XP Professional computers and twenty Windows 2003 Server computers. You want to specify the number of invalid logon attempts allowed before a user account is locked out. What will you do to accomplish the task?

Options:

A.

Reset Account Lockout Counter After policy.

B.

Set Account Lockout Threshold policy.

C.

Set Account Lockout Duration policy.

D.

Enforce Password Must Meet Complexity Requirements policy.

Question 3

Which of the following workforces works to handle the incidents in an enterprise?

Options:

A.

Z force

B.

IEEE Software Development Team

C.

Computer Emergency Response Team

D.

Computer Forensics Team

Question 4

You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?

Options:

A.

RAID-5

B.

RAID-0

C.

RAID-1

D.

RAID-10

Question 5

Which of the following systems commonly resides on a discrete network segment and monitors the traffic on that network segment?

Options:

A.

Host-Based ID system

B.

Statistical Anomaly-Based ID system

C.

Signature-Based ID system

D.

Network-Based ID system

Question 6

Which of the following components in a TCB acts as the boundary that separates the TCB from the remainder of the system?

Options:

A.

Abstraction

B.

Trusted path

C.

Trusted computer system

D.

Security perimeter

Question 7

Which of the following actions can be performed by using the principle of separation of duties?

Options:

A.

Conducting background investigation

B.

Developing job descriptions

C.

Reducing the opportunity for fraud

D.

Identifying critical positions

Question 8

Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?

Options:

A.

Differential phase

B.

Identification phase

C.

Preparation phase

D.

Eradication phase

Question 9

Fill the measurement of SFX form factor style power supply in the blank space.

The SFX form factor style power supply is ___________mm wide, mm deep, and mm in height.

Options:

A.

100

Question 10

Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?

Options:

A.

Emergency action team

B.

Emergency-management team

C.

Damage-assessment team

D.

Off-site storage team

Question 11

Which of the following processes helps to quantify the impact of potential threats to put a price or value on the cost of lost business functionality?

Options:

A.

Risk Reassessment

B.

Risk Identification

C.

Risk Analysis

D.

Risk Avoidance

Question 12

Which of the following plans provides procedures for recovering business operations immediately following a disaster?

Options:

A.

Business recovery plan

B.

Continuity of operation plan

C.

Business continuity plan

D.

Disaster recovery plan

Question 13

Software Development Life Cycle (SDLC) is a logical process used by the programmers to develop software. Which SDLC phase meets the following audit objectives? l System and data are validated. l System meets all user requirements.

l System meets all control requirements.

Options:

A.

Definition

B.

Initiation

C.

Programming and training

D.

Evaluation and acceptance

Question 14

Mark works as a Network Administrator for NetTech Inc. Mark is testing the disaster recovery plan of the company. During the testing of the recovery plan, he finds that some servers have been restored with another server's data. What will Mark do to improve the disaster recovery plan?

Options:

A.

Maintain a hard copy of the data stored on the server.

B.

Remember which tape drive stores which server's data.

C.

Implement the cluster server.

D.

Maintain a printed tape backup report.

Question 15

Which of the following terms describes the determination of the effect of changes to the

information system on the security of the information system?

Options:

A.

Verification

B.

Authentication

C.

Impact analysis

D.

Validation analysis

Question 16

Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of the following techniques will he use to fulfill this requirement?

Options:

A.

AES

B.

DES

C.

IDEA

D.

PGP

Question 17

Fill in the blank with the appropriate phrase.

__________________ is the process of obtaining access using legitimate credentials, and then attempting to leverage that into access to unauthorized system resources.

Options:

A.

Privilege escalation

Question 18

Which of the following individuals incorporates risk assessment in training programs for the

organization's personnel?

Options:

A.

Chief information officer

B.

Information system security officer

C.

Functional manager

D.

Security awareness trainer

Question 19

In which of the following managing styles does the manager supervise subordinates very closely and give detail directions?

Options:

A.

The coaching style

B.

The supporting style

C.

The delegating style

D.

The directing style

Question 20

Which of the following cryptographic system services ensures that the information will not be disclosed to any unauthorized person on a local network?

Options:

A.

Non-repudiation

B.

Confidentiality

C.

Integrity

D.

Authentication

Question 21

Which of the following features of the Cisco MDS 9000 SAN Extension over IP Package help in implementing efficient FCIP-based business-continuity and disaster-recovery solutions?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

FCIP write acceleration

B.

IVR

C.

FCIP compression

D.

SAN extension tuner

Question 22

Della works as a security manager for SoftTech Inc. She is training some of the newly recruited personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited personnel in SoftTech Inc, what will be your answer for her question?

Each correct answer represents a part of the solution. Choose three.

Options:

A.

Guarantee the reliability of standby systems through testing and simulation.

B.

Protect an organization from major computer services failure.

C.

Minimize the risk to the organization from delays in providing services.

D.

Maximize the decision-making required by personnel during a disaster.

Question 23

You work as the project manager for Bluewell Inc. Your project has several risks that will affect several stakeholder requirements. Which project management plan will define who will be available to share information on the project risks?

Options:

A.

Communications Management Plan

B.

Resource Management Plan

C.

Risk Management Plan

D.

Stakeholder management strategy

Question 24

Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

Options:

A.

Business impact assessment

B.

Scope and plan initiation

C.

Plan approval and implementation

D.

Business continuity plan development

Question 25

Which of the following subphases are defined in the maintenance phase of the life cycle models?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Change control

B.

Request control

C.

Release control

D.

Configuration control

Question 26

Which of the following processes involves taking measures to alter or improve the risk position of an asset throughout the company?

Options:

A.

Risk transference

B.

Risk avoidance

C.

Risk reduction

D.

Risk acceptance

Question 27

Which of the following terms best describes the presence of any potential event that causes an undesirable impact on the organization?

Options:

A.

Threat

B.

Risk

C.

Vulnerability

D.

Asset

Question 28

Which of the following SSE-CMM security engineering Process Areas (PA) specifies the security needs?

Options:

A.

PA10

B.

PA06

C.

PA09

D.

PA07

Question 29

Which of the following documents is necessary to continue the business in the event of disaster or emergency?

Options:

A.

Legal value

B.

Recourse record

C.

Fiscal value

D.

Vital record

Question 30

Which of the following concepts represent the three fundamental principles of information security?

Each correct answer represents a complete solution. Choose three.

Options:

A.

Privacy

B.

Availability

C.

Integrity

D.

Confidentiality

Question 31

Which of the following acts of information security governance affects the financial institutions?

Options:

A.

Sarbanes-Oxley Act of 2002

B.

Health Insurance Privacy and Accountability Act (HIPAA)

C.

California Database Security Breach Information Act

D.

Gramm-Leach-Bliley Act of 1999

Question 32

You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses of the disaster. In which of the following disaster recovery tests can this task be performed?

Options:

A.

Simulation test

B.

Parallel test

C.

Full-interruption test

D.

Structured walk-through test

Question 33

Joseph is a merchant. He lives in an area that is prone to natural disasters. What will he do to save his data from a disaster?

Options:

A.

Restore the data.

B.

E-mail the data.

C.

Print the data.

D.

Backup the data.

Question 34

Which of the following classification schemes is considered to be of a personal nature and is

intended for company use only?

Options:

A.

Sensitive information

B.

Private information

C.

Public information

D.

Confidential information

Question 35

Which of the following Tier 1 policies will identify who is responsible for what?

Options:

A.

Responsibilities

B.

Compliance or Consequences

C.

Scope

D.

Topic

Question 36

Which of the following is a duplicate of the original site of an organization, with fully working

systems as well as near-complete backups of user data?

Options:

A.

Hot site

B.

Cold site

C.

Warm site

D.

Data site

Question 37

Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large?

Options:

A.

CERT

B.

CSIRT

C.

FedCIRC

D.

FIRST

Question 38

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Options:

A.

Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

B.

Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

C.

Volatile data, file slack, registry, memory dumps, file system, system state backup, internet traces

D.

Volatile data, file slack, file system, registry, memory dumps, system state backup, internet traces

Question 39

You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?

Options:

A.

RAID-5

B.

RAID-0

C.

RAID-1

D.

RAID-10

Question 40

Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

Options:

A.

The custodian makes the initial information classification assignments and the operations manager implements the scheme.

B.

The custodian implements the information classification scheme after the initial assignment by the operations manager.

C.

The data custodian implements the information classification scheme after the initial assignment by the data owner.

D.

The data owner implements the information classification scheme after the initial assignment by the custodian.

Question 41

Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?

Options:

A.

Differential phase

B.

Identification phase

C.

Preparation phase

D.

Eradication phase

Question 42

Which of the following sites is a non-mainstream alternative to a traditional recovery site?

Options:

A.

Warm site

B.

Hot site

C.

Mobile site

D.

Cold site

Question 43

ISO 17799 has two parts. The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO 17799. What are the ISO 17799 domains?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Business continuity management

B.

Information security policy for the organization

C.

Personnel security

D.

System architecture management

E.

System development and maintenance

Demo: 43 questions
Total 290 questions