You are consulting with a small budget conscious accounting firm. Each accountant keeps individual records on their PC and checks them in and out of a server. They are concerned about losing data should the server hard drive crash. Which of the following RAID levels would you recommend?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to create a document following the Business Model of information security to provide guidelines for information assets. Which of the following are the elements of the Business Model for information security?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Data Center Manager for TechNet Inc. A few days ago, he published a blog about himself during his working hours. However, as per the organization's policy, any member of the organization cannot use any resources of the organization for his personal use. Since Mark has violated the policy, he should go to an internal committee and be informed of his rights in the matter. Which of the following practices is being implemented?
Which of the following should be considered while calculating the costs of the outage?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following terms refers to the time duration during which a system or service is unavailable?
John, a novice web user, makes a new e-mail account and keeps his password as "apple", his favorite fruit. John's password is vulnerable to which of the following password cracking attacks?
Each correct answer represents a complete solution. Choose all that apply.
An audit trail is an example of which of the following types of control?
Which of the following are computer clusters that are implemented primarily for the purpose of providing high availability of services which the cluster provides?
Mark works as a Network Security Administrator for uCertify Inc. He wants to implement a firewall technique over the network to inspect each packet passing through the network and to accept or reject it, based on user-defined rules. Which of the following types of firewall techniques is implemented by Mark to accomplish the task?
You work as an HR Manager for uCertify Inc. You are working on a checklist to develop an orderly exit process for the employees leaving your company. Which of the following actions should be included in that checklist?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are the valid reasons for the occurrence of Drive-by download?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following policies defines the goals and elements of an organization's computer systems?
The usage of pre-numbered forms for initiating a transaction is an example of which of the following types of control?
Which of the following phases of the PDCA model is the controlling and maintaining phase of the Information Security Management System (ISMS)?
You work as a Security Administrator for uCertify Inc. You have been assigned the task to apply a data availability solution based on a striped disk array without redundancy. Which of the following will you use to accomplish the task?
Which of the following statements is related to residual risks?
Which of the following statements is true about annualized rate of occurrence?
You work as a Security Administrator for uCertify Inc. You have been assigned the task to apply a data availability solution based on a striped disk array without redundancy. Which of the following will you use to accomplish the task?
Sam works as a Project Manager for Blue Well Inc. He is working on a new project. He wants to access high level risks for the project. Which of the following steps should Sam take in order to accomplish the task?
You work as a Security Professional for uCertify Inc. You have been assigned the task to calculate the Recovery Time Objective for particular outage duration. Which of the following should be included in the Recovery Time Objective?
Each correct answer represents a complete solution. Choose all that apply.
David works as the Manager for Tech Mart Inc. An incident had occurred ten months ago due to which the company suffered too much losses. David has been assigned the task to submit a report on the losses incurred by the company in a year. Which of the following should David calculate in order to
submit the report containing annualized loss expectancy?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Network Security Administrator for uCertify Inc. Your organization has set up a new Internet connection in place of the previous one. It is your responsibility to ensure that employees use the Internet only for official purposes. While reviewing Internet usages, you find that a few people have traversed and downloaded some inappropriate and illegal information. You want to make a policy to stop all these activities in the future. Which of the following policies will you implement to accomplish the task?
Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?
You work as a Security Professional for uCertify Inc. You have been assigned the task to calculate the Recovery Time Objective for particular outage duration. Which of the following should be included in the Recovery Time Objective?
Each correct answer represents a complete solution. Choose all that apply.
David works as the Chief Information Security Officer for uCertify Inc. Which of the following are the responsibilities that should be handled by David?
Each correct answer represents a complete solution. Choose all that apply.
Mark works as a Software Developer for TechNet Inc. He has recently been fired, as he was caught doing some illegal work in the organization. Before leaving the organization, he decided to retaliate against the organization. He deleted some of the system files and made some changes in the registry files created by him. Which of the following types of attacks has Mark performed?
Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:
1. Smoothening and decreasing contrast by averaging the pixels of the area where
significant color transitions occurs.
2. Reducing noise by adjusting color and averaging pixel value.
3. Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?
Which of the following statements is true about pattern matching IDS?
Fill in the blank with the appropriate term.
______is a prime example of a high-interaction honeypot.
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?
Each correct answer represents a part of the solution. Choose all that apply.
Which of the following statements about incremental backup are true?
Each correct answer represents a complete solution. Choose two.
You work as a Security Administrator for uCertify Inc. You observe that an employee is spreading personal data of your organization. Which of the following standards of information security deals with the employees handling personal data in an organization?
You work as a Security Administrator for uCertify Inc. You have been assigned a task for helping employees in determining appropriate technical security measures available for electronic information that is deemed sensitive. Which of the following policies will you apply to accomplish the task?
Andrew is the CEO of uCertify Inc. He wants to improve the resources and revenue of the company. He uses the PDCA methodology to accomplish the task. Which of the following are the phases of the PDCA methodology?
Each correct answer represents a complete solution. Choose all that apply.
A business impact analysis should be reviewed at a minimum annually but there are a few events in which it should be reviewed more frequently. Which of the following are these events?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to classify different information assets used in your organization. Which of the following should be the basis of your classification?
You work as a Security Administrator for uCertify Inc. You are responsible for securing the network of the organization. While checking your network log files, you find that someone is sending too many data packets over a long period of time. These data packets are difficult to be detected by IDS. Which of the following types of attacks is this?
Which of the following groupings is correct regarding security measures?
Which of the following is the method of hiding data within another media type such as graphic or document?
NIST Special Publication 800-50 is a security awareness program. It is designed for those people who are currently working in the information technology field and want information on security policies. Which of the following are some of its critical steps?
Each correct answer represents a complete solution. Choose two.
You are the Network Administrator for a school. You are concerned that end users' might accidentally have access to resources they do not require. What concept should you implement in your network security management to best address this concern?
You work as a Security Administrator for uCertify Inc. You have been assigned a task for helping employees in determining appropriate technical security measures available for electronic information that is deemed sensitive. Which of the following policies will you apply to accomplish the task?
Which of the following formulas is used to represent the annualized loss expectancy (ALE)?
Which of the following represents the software component of IT asset management?
Mark is the project manager of the HAR Project. The project is scheduled to last for eighteen months and six months already passed. Management asks Mark that how often the project team is participating in the risk reassessment of this project. What should Mark tell management if he is following the best practices for risk management?
Sam works as the Network Administrator for uCertify Inc. The information of a sensitive nature is processed. The highest-level security measures are to be implemented by management. What is this kind of risk strategy called?
David works as the Network Administrator for Blue Well Inc. He has been asked to perform risk analysis. He decides to perform it by using CRAMM. The CEO of the company wants to know the stronger points of CRAMM that is going to be used by David. Which of the following points will David tell the CEO of the organization?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following Acts is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals?
Which of the following groupings is correct regarding security measures?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following is an intangible asset?
Which of the following are the variables on which the structure of Service Level Agreement depends?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Administrator for uCertify Inc. You have been assigned a task to implement information classification levels. You want to put the highly sensitive documents that should only be accessed by few people of the organization. In which of the following information classification levels should you put those documents?
Which of the following is also known as the 'Code for Information Security'?
Which of the following provides secure online payment services?
Fill in the blank with the appropriate term.
___________is the built-in file encryption tool for Windows file systems. It protects encrypted files from those who have physical possession of the computer where the encrypted files are stored.
Which of the following are the things included by sensitive system isolation?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. You have been assigned the task to create the documentation on control A.7.2 of the ISO standard. Which of the following is the chief concern of control A.7.2?
You work as an Information Security Manager for uCertify Inc. You are working on communication and organization management. You need to create the documentation on change management.
Which of the following are the main objectives of change management?
Each correct answer represents a complete solution. Choose all that apply.
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?
Each correct answer represents a part of the solution. Choose all that apply.
Which of the following is expressly set up to attract and trap people who attempt to penetrate other people's computer systems?
Which of the following documents is developed along the risk management processes to monitor and control risks?
The Information Security Officer (ISO) of Blue Well Inc. wants to have a list of security measures put together. What should be done before security measures are selected by the Information Security Officer?
Which of the following Acts enacted in the United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?
Which of the following statements is true about Return On Investment?
Which of the following statements describes the purpose of information security policy?
Which of the following is the designing phase of the ISMS?