Which of the following can be protected by the RAID implementation?
You work as a Security Administrator for uCertify Inc. You observe that an employee is spreading personal data of your organization. Which of the following standards of information security deals with the employees handling personal data in an organization?
You work as an HR Manager for uCertify Inc. You are working on a checklist to develop an orderly exit process for the employees leaving your company. Which of the following actions should be included in that checklist?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements is true about Return On Investment?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You are making the documentation on control A.7.2. Which of the following are the main objectives of control A.7.2?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following refers to the process of adjusting the capacity of a company to meet the changed or predicted demands?
Who of the following receive reports after the Check phase of the PDCA model is completed?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. You need to make the documentation on change management. What are the advantages of change management?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is used to align and realign IT Services to changing business needs by identifying and implementing improvements to IT services?
Sam is one of the four network administrators in Blue Well Inc. They have been assigned together the task to implement PDCA on the project. Sam has to work on the Plan stage of the project. Which of the following tasks should be performed by Sam?
Each correct answer represents a complete solution. Choose all that apply.
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?
Each correct answer represents a part of the solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. The company is releasing the documentation about a software product. You have been assigned the task to include information about the company in a legal disclaimer before releasing the documentation. What is the purpose of using the legal disclaimer?
You work as a Security Administrator for uCertify Inc. You have installed ten separate applications for your employees to work. All the applications require users to log in before working on them; however, this takes a lot of time. Therefore, you decide to use SSO to resolve this issue. Which of the following are the other benefits of Single Sign-On (SSO)?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to create a document following the Business Model of information security to provide guidelines for information assets. Which of the following are the elements of the Business Model for information security?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following are steps of vulnerability management programs?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Administrator for uCertify Inc. You have been assigned a task to provide a solution that has a striped set with distributed parity or interleave parity. Which of the following will help you to meet the organizational requirements?
In which of the following categories can a computer security policy be categorized?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Security Administrator for uCertify Inc. You are working on the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. Which of the following should you include in your plan?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following tools can be used for steganography?
Each correct answer represents a complete solution. Choose all that apply.
You work as an Information Security Manager for uCertify Inc. You are working on a software asset management plan to provide backup for Active Directory. Which of the following data is required to be backed up for this purpose?
David works as the Manager for Tech Mart Inc. An incident had occurred ten months ago due to which the company suffered too much losses. David has been assigned the task to submit a report on the losses incurred by the company in a year. Which of the following should David calculate in order to
submit the report containing annualized loss expectancy?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Network Security Administrator for uCertify Inc. You feel that someone has accessed your computer and used your e-mail account. To check whether there is any virus installed into your computer, you scan your computer but do not find any illegal software. Which of the following types of security attacks generally runs behind the scenes on your computer?
Which of the following are features of protocol and spectrum analyzers?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements is true about annualized rate of occurrence?
Which formula will you use to calculate the estimated average cost of 1 hour of downtime?
Which of the following are the primary rules defined for RBAC?
Each correct answer represents a complete solution. Choose all that apply.
A helpdesk technician received a phone call from an administrator at a remote branch office. The administrator claimed to have forgotten the password for the root account on UNIX servers and asked for it. Although the technician didn't know any administrator at the branch office, the guy sounded really friendly and since he knew the root password himself, he supplied the caller with the password.
What type of attack has just occurred?
Which of the following is a list of specific actions being taken to deal with specific risks associated with the threats?
Which of the following indicates that the project team has decided not to change the project management plan to deal with a risk?
You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005 computer. The company asks you to implement a RAID system to provide fault tolerance to a database. You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the task?
Mark works as a Software Developer for TechNet Inc. He has recently been fired, as he was caught doing some illegal work in the organization. Before leaving the organization, he decided to retaliate against the organization. He deleted some of the system files and made some changes in the registry files created by him. Which of the following types of attacks has Mark performed?
Which of the following paragraphs of the Turnbull Guidance provide clear description of the principles of a risk treatment plan?
Each correct answer represents a complete solution. Choose all that apply.
You work as the Network Security Administrator for uCertify Inc. You are responsible for protecting your network from unauthorized access from both inside and outside the organization. For outside attacks, you have installed a number of security tools that protect your network. For internal security, employees are using passwords more than 8 characters; however, a few of them having the same designation often exchange their passwords, making it possible for others to access their accounts. There is already a policy to stop this practice, but still employees are doing so. Now, you want to stop this and ensure that this never happens again. Which of the following will be the best step to stop this practice?
Mark is the project manager of the NHQ project in StarTech Inc. The project has an asset valued at $195,000 and is subjected to an exposure factor of 35 percent. What will be the Single Loss Expectancy of the project?
Which of the following are the sub-elements of environmental security?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is also known as the 'Code for Information Security'?
Which of the following is the correct formula of single loss expectancy?
Qualitative risk analysis includes judgment, intuition, and experience. Which of the following methods are used to perform qualitative risk analysis?
Each correct answer represents a complete solution. Choose all that apply.
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?
Each correct answer represents a part of the solution. Choose all that apply.
Mark works as a Network Security Administrator for uCertify Inc. An employee of the organization comes to Mark and tells him that a few months ago, the employee had filled an online bank form due to some account related work. Today, when again visiting the site, the employee finds that some of his personal information is still being displayed in the webpage. Which of the following types of cookies should be disabled by Mark to resolve the issue?
Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials?
You work as an Information Security Manager for uCertify Inc. The company has made a contract with a third party software company to make a software program for personal use. You have been assigned the task to share the organization's personal requirements regarding the tool to the third party. Which of the following documents should be first signed by the third party?
Which of the following are the perspectives considered to ensure the confidentiality, integrity, and availability of an organization's assets, information, data, and IT services?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements is true about Return On Investment?
Which of the following is expressly set up to attract and trap people who attempt to penetrate other people's computer systems?
Which of the following are features of protocol and spectrum analyzers?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following controls are administrative in nature?
You work as an Information Security Manager for uCertify Inc. You are working on asset management. You need to differentiate various assets of your organization. Which of the following are information assets?
Each correct answer represents a complete solution. Choose all that apply.
You work as a Network Administrator for uCertify Inc. The organization has constructed a cafeteria for their employees and you are responsible to select the access control method for the cafeteria.
There are a few conditions for giving access to the employees, which are as follows:
1. Top level management can get access any time.
2. Staff members can get access during the specified hours.
3. Guests can get access only in working hours.
Which of the following access control methods is suitable to accomplish the task?
Which of the following are the major tasks of risk management?
Each correct answer represents a complete solution. Choose two.
You are working with a company that depends on real time data being available to employees, thus performance is an issue. They are trying to select the best method for handing the situation of a hard drive crashing. Which of the following would you recommend to them?
Which of the following paragraphs of the Turnbull Report stated that a company's internal control system encompasses the policies, processes, tasks, behaviors, and other aspects of the company?
David has identified a technical risk in his project and has been assigned a contingency for that. Which part of the risk response strategy does planning contingency reserves come under?
The System Management department has the pass to enter the computer room. The access to that computer room is closed off using the pass reader. Which of the following categories of security defines the above scenario?
Which of the following is the basic requirement to install WinDump on a Windows computer system?
Which of the following are elements of an information security policy document?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements about incremental backup are true?
Each correct answer represents a complete solution. Choose two.
You want to use PGP files for steganography. Which of the following tools will you use to accomplish the task?
Which of the following is used for improving the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation?
Which of the following is a technical measure?
Which of the following methods can be helpful to eliminate social engineering threat?
Each correct answer represents a complete solution. Choose three.
You work as a Security Professional for uCertify Inc. You are working on a Disaster Recovery Plan (DRP). Which of the following are basic functions of DRP?
Each correct answer represents a complete solution. Choose all that apply.
Fill in the blank with the appropriate term.
______is the process of managing user authorizations based on the ITU-T Recommendation X.509.
Mark works as a Network Security Administrator for uCertify Inc. He is responsible for securing and analyzing the network of the organization. Mark is concerned about the current network security, as individuals can access the network with bypass authentication, thus allowing them to get more permissions than allotted. Which of the following is responsible for this type of privilege escalation?
Which of the following types of software is used by organizations to arrange for different passwords on different systems to have the same value when they belong to the same person?
Which of the following elements of the PDCA (Plan-Do-Check-Act) methodology describes the objectives and processes required to deliver results according to the customer requirements and the organization's policies?
You work as a Security Administrator for uCertify Inc. You need to define security controls regarding the network of the organization. Which of the following information security standards deals with the management of technical security controls in systems and networks?